Cybersecurity Governanc਀漀 Our Board has delegated authority to its Audit Committee to oversee risks associated with cybersecurity threats. Members of the Audit Committee receive updates periodically from our CISO regarding cybersecurity risks. These updates include, among other topics, reviews of existing and newly identified cybersecurity risks, status updates on how management is addressing and/or mitigating those risks, information about cybersecurity incidents (if any), as well as updates regarding the status of key cybersecurity initiatives. Our CISO is principally responsible for assessing and managing our cybersecurity risk management program, in partnership with leaders from our Technology, Information Security, Internal Audit, Legal and Compliance teams. Such individuals have an average of over 20 years of prior work experience in various roles involving technology, information security, auditing and compliance. These individuals, including the CISO, are informed about and monitor the prevention, mitigation, detection and remediation of cybersecurity incidents through their management of, and participation in, the cybersecurity risk management and strategy processes described above, including the operation of our incident response plan. As discussed above, our CISO then makes periodic reports to the Audit Committee regarding such matters. 2024 ESG REPORT 19