Cybersecurity Risk Management and Strateg਀茀 We have established a cybersecurity program, informed by the National Institute of Standards and Technology Cybersecurity Framework (NIST CSF), that is designed to safeguard our information systems against cybersecurity threats. This program incorporates a variety of processes and cybersecurity tools designed to assess, identify and manage material risks from cybersecurity threats਀㠀 Those processes include automated and manual testing of our systems for vulnerabilities as well as monitoring and responding to suspicious activity. We use established cybersecurity risk frameworks to identify, measure and prioritize cybersecurity risks and develop corresponding cybersecurity controls and safeguards, and we have implemented a cybersecurity incident response plan that includes procedures for responding to cybersecurity incidents. Leveraging both internal and external resources, we conduct regular reviews and tests, including penetration testing as well as tabletop and red team exercises, to evaluate the e昀昀ectiveness of our cybersecurity program, enhance our cybersecurity measures, and inform our planning. We periodically engage external auditors and consultants to assess our cybersecurity programs. We also maintain a risk-based approach to identifying and overseeing risks from cybersecurity threats associated with our use of third party service providers. 2024 ESG REPORT 17