ITEM 1A. RISK FACTORS.

Risks Related to Our Business

We have a history of losses; we may continue to incur losses and not achieve profitability in the near term; and we may need to raise additional funds.

We may continue incurring losses for the foreseeable future and not achieve sustained profitability in the near term. We must generate sufficient cash flow or raise additional capital to pursue our product development initiatives and penetrate markets for the sale of our products. We believe that for the time being we have adequate access to capital resources, however, if in the future we are unable to secure adequate additional capital when needed, we may be required to curtail our research and development initiatives and take additional measures to reduce costs to conserve our cash in amounts sufficient to sustain operations and meet our obligations.

We depend on the availability of certain key supplies and services that are available from only a few sources, and we may experience difficulty with certain suppliers due to national and global economic supply-chain factors and we may have difficulty finding alternative sources of these supplies or services.

We source certain key supplies to develop and manufacture our products, particularly our precision grade optical glass components and CMOS image sensors, which are available from only a few sources, some of which are located in China. Our business could be affected if we become unable to procure these essential materials and services in adequate quantities and at acceptable prices. We continuously evaluate our suppliers and alternative sources. We are always evaluating our suppliers and alternative sources. If we experience a shortage of certain supplies and are unable to find an alternative source, our financial condition and results of operations could be adversely affected.

We rely on a small number of customers who may not consistently purchase our products in the future and if we lose any one of these customers, our revenues may decline.

A small number of customers may continue to represent a significant portion of our total revenues in any given period. These customers may not consistently purchase our products at a particular rate over any subsequent period. A loss of any of these customers could adversely affect our revenues.

We could suffer unrecoverable losses on our customers’ accounts receivable, which would adversely affect our financial results.

While we believe we have a varied customer base and have experienced strong collections in the past, we may experience changes in our customer base, including reductions in purchasing commitments, which could also have a material adverse effect on our revenues and liquidity. Additionally, our customers could become unable or unwilling to pay amounts owed to us. Over the past three years, we have not had significant accounts receivable write-offs or significant additions to our accounts receivable reserve and. we have not purchased insurance on our accounts receivable balances. Nonetheless, large uncollectible accounts receivable balances could arise in the future and could have a material adverse effect on our financial condition.

We rely heavily upon the talents of our Chief Executive Officer and other senior officers, the loss of whom could damage our business.

Our performance depends on a small number of key scientific, technical, managerial and manufacturing personnel. In particular, we believe our success is highly dependent upon the services and reputation of our Chief Executive Officer, Dr. Joseph N. Forkey. Forkey or Mr. The loss of Dr. Forkey’s services could damage our business. Dr. Forkey provides highly valuable contributions to our capabilities in optical instrument development, in management of new technology and in potentially significant longer-term Company initiatives.

We must continue to be able to attract and retain employees with the scientific and technical skills that our business requires and if we are unable to attract and retain such individuals, our business could be severely damaged.

Our ability to attract and retain employees with a high degree of scientific and technical talent is crucial to the success of our business. There is intense competition for the services of such persons, and we cannot guarantee that we will be able to attract and retain individuals possessing the necessary qualifications. If we cannot attract and retain such individuals, we may not be able to perform the necessary design services for our customers or produce our products causing damage to our business or an inability to meet customer demand or increase revenues. If we cannot attract such individuals, we may not be able to perform the necessary design services for our customers or produce our products causing damage to our business or an inability to meet customer demand or increase revenues.

We are subject to a high degree of regulatory oversight and, if we do not continue to receive the necessary regulatory approvals, our revenues may decline.

The FDA has granted us the clearance to manufacture and market the medical products we currently produce or sell in the United States. However, prior FDA approval may be required before we can market additional medical products that we may develop in the future. We may also seek to sell current or future medical products in a manner that requires us to obtain FDA permission to market such products. We may also require the regulatory approval or license of other federal, state or local agencies or comparable agencies in other countries.

We may lose the FDA’s permission to manufacture and market our current products or may not obtain the necessary regulatory permission, approvals or licenses for the manufacturing or marketing of any of our future products, as may our customers. Also, we cannot predict the impact on our business of FDA regulations or determinations arising from future legislation or administrative action. If we or key customers lose the FDA’s permission to manufacture and market our current products or fail to obtain regulatory permission to manufacture and market future products, our revenues may decline, and our business may be harmed. If we lose the FDA’s permission to manufacture and market our current products or we do not obtain regulatory permission to manufacture and market our future products, our revenues may decline and our business may be harmed.

We face risks inherent in product development and production under fixed-price purchase orders and these purchase orders may not be profitable over time.

A portion of our business has been devoted to research, development and production under fixed-price purchase orders. For our purposes, a fixed-price purchase order is any purchase order under which we will provide products or services for a fixed-price over an extended period of time, usually six months or longer. We expect that revenues from fixed-price purchase orders will continue to represent a significant portion of our total revenues in future fiscal years.

Because they involve performance over time, we cannot predict with certainty the expenses involved in meeting our obligations under fixed-price purchase orders. Therefore, we can never be sure at the time we enter into any single fixed-price purchase order that such purchase order will continue to be profitable for us throughout the fixed-price period.

We perform engineering and manufacturing services for our customers who could decide to use another vendor for these services in the future.

A significant portion of our revenues are derived from engineering and manufacturing services that we perform to design and fabricate medical device products or sub-assemblies of medical device products for our customers who in turn sell the products to the end users. Our customers typically own the proprietary rights to and control commercial distribution of the final products. Therefore, in many of these cases we do not own the proprietary rights to the medical device products that we manufacture or that our sub-assemblies are made a part of. Our customers could decide to use other suppliers for these services based on cost, quality, delivery time, production capacities, competitive and regulatory considerations or other factors. Thus, revenues from our customers and the products and services we provide them are subject to significant fluctuation on a product-to-product basis from period to period.

We resell products we purchase from third parties and our customers could decide to use another supplier to acquire those products.

Our division Ross Optical primarily acquires specialized optical components and assemblies from third parties pursuant to specifications provided from its customers, inspects and sometimes further processes those products before reselling them to its customers. Because Ross Optical does not manufacture the optical components and assemblies and does not own the intellectual property rights to the products, its customers could choose to obtain those products and services from other sources or could apply pressure to Ross Optical to lower its prices resulting in reduced future gross margins and operating results. Because Ross Optical does not manufacture the optical components and assemblies or owns the intellectual property rights to the products its customers could choose to obtain those products and services from other sources or could apply pressure to Ross Optical to lower its prices resulting in reduced future gross margins and operating results.

We depend on the availability of certain key supplies and services that are available from only a few sources and if we experience difficulty with a supplier, we may have difficulty finding alternative sources of these supplies or services.

We require certain key supplies to develop and manufacture our products, particularly our precision grade optical glass, which is available from only a few sources, most which are located outside of the United States. Additionally, we rely on outside vendors to grind and polish certain of our lenses and other optical components, such as prisms and windows. We also rely on a limited number of suppliers for specialized CMOS sensors and the electronic wiring of those sensors. Based upon our ordering experience to date, we believe the materials and services required for the production of our products are currently available in sufficient quantities to meet our needs. Our requirements are small relative to the total supply, and we are not currently encountering problems with availability. However, this does not mean that we will continue to have timely access to adequate supplies of essential materials and services in the future or that supplies of these materials and services will be available on satisfactory terms when the need arises. Our business could be severely damaged if we become unable to procure these essential materials and services in adequate quantities and at acceptable prices.

From time to time, subcontractors may produce some of our products for us, and our business is subject to the risk that these subcontractors fail to make timely delivery. Our products and services are also used as components of the products and services of other manufacturers. We are therefore subject to the risk that manufacturers who integrate our products or services into their own products or services are unable to acquire essential supplies and services from third parties in a timely fashion. If this occurs, we may not be able to deliver our products on a timely basis and our revenues may decline.

Our customers may claim that the products we sold them were defective and if our insurance is not sufficient to cover such a claim, we would be liable for the excess.

Like any manufacturer, we are and always have been exposed to liability claims resulting from the use of products we assist in developing, manufacture and supply to our customers. Additionally, the products we supply could be used in conjunction with other products in medical device applications, such as certain endoscope products claimed to be associated with surgical suite contamination resulting from their intended re-use and re-sterilization. We maintain product liability insurance to cover us in the event of liability claims, and no such claims have been asserted or threatened against us to date. We maintain product liability insurance to cover us in the event of liability claims, and as of September 24, 2021, no such claims have been asserted or threatened against us. However, our insurance may not be sufficient to cover all possible future product claims, costs and any resulting liabilities.

We would be liable if our business operations harmed the environment and a failure to maintain compliance with environmental laws could severely damage our business.

Our operations are subject to a variety of federal, state and local laws and regulations relating to the protection of the environment. From time to time, we use hazardous materials in our operations. Although we believe that we have suitable practices and policies in place to address applicable environmental laws and regulations, our business could be severely damaged by any failure to maintain such compliance. Although we believe that we comply with all applicable environmental laws and regulations, our business could be severely damaged by any failure to maintain such compliance.

Many of our competitors are large, well-financed companies who have research and marketing capabilities that are superior to ours.

The industries in which we operate are highly competitive. Many of our existing and potential competitors have greater financial resources and manufacturing capabilities, more established and larger marketing and sales organizations and larger technical staffs than we have. Other companies, some with greater experience in the optics, semiconductor or medical products industries, are seeking to produce products and services that compete with our products and services.

Ross Optical is subject to tariffs and regulatory scrutiny, and it faces the risk of changes to this regulatory environment and business in the future.

Ross Optical is ISO and ITAR registered and currently imports, exports, and manufactures optical products for the defense industry, some of which are controlled by regulations promulgated by the U.S. Departments of State and Commerce. If we fail to comply with the terms of these regulations and registrations, it may lose its ITAR registration or suffer other consequences, such as the withdrawal or suspension of approvals, suspension of imports, exports or production, or the imposition of fines or other penalties. If Ross Optical fails to comply with the terms of these regulations and registrations, it may lose its ITAR registration or suffer other consequences, such as the withdrawal or suspension of approvals, suspension of imports, exports or production, or the imposition of fines or other penalties.

There is also the risk that new laws or regulations or changes in enforcement practices applicable to our business could be imposed, which may adversely affect our ability to compete effectively with other institutions that are not affected in the same way, or which may impact its supplier and customers. In addition, regulations imposed on market participants such as foreign tariff increases could negatively affect the overall profitability of Ross Optical’ s international business. In addition, regulation imposed on market participants generally, such as foreign tariff increases could negatively affect the overall profitability of Ross Optical’s international business.

Our business and financial performance may be adversely affected by cyber-attacks on information technology infrastructure and products, as well as changes in cybersecurity and if our information technology security systems were infiltrated and confidential and/or proprietary information were taken, we could be subject to fines, lawsuits and loss of customers.

We rely on information technology (IT) systems, including third-party “cloud based” service providers and rely on our electronic information systems to perform routine transactions to run our business. We transact business over the Internet with customers and suppliers and have implemented security measures to protect against unauthorized access to this information. We have also implemented security policies that limit access via the Internet to the Company’s systems through geofencing. We routinely receive security patches from software providers for the software we use. Our primary concerns are inappropriate access to personnel information, information covered under the International Traffic in Arms Regulation, product designs and manufacturing information, financial information and our intellectual property, trade secrets and know-how. Our business may be impacted by disruptions to our own or third-party information technology infrastructure, which could result from, among other causes, cyberattacks on or failures of such infrastructure or compromises to its physical security. Cybersecurity threats are continuously evolving and include, but are not limited to, both attacks on our IT infrastructure and attacks on the IT infrastructure of our customers, suppliers, subcontractors and other third parties with whom we do business routinely, attempting to gain unauthorized access to our confidential, proprietary, or otherwise protected information, classified information, or information relating to our employees, customers and other third parties, or to disrupt our systems or the systems of third parties. We are also exposed to the risk of insider threat attacks. Any such attacks could disrupt our systems or those of third parties, impact business operations, result in unauthorized release of confidential, proprietary, or otherwise protected information, and corrupt our data or that of third parties. The threats we face are continuous and evolving and vary in degree of severity and sophistication. In addition, as a result of the rapid pace of technological change, we and our customers, suppliers, subcontractors and other third parties with whom we conduct business continue to rely on legacy systems and software, which can be more vulnerable to cyber threats and attacks. The sophistication, availability and use of artificial intelligence by threat actors present an increased level of risk. Due to the evolving threat landscape, we expect to experience more frequent and increasingly advanced cyber-attacks. In addition, changes in domestic and international cybersecurity-related laws and regulations have expanded cybersecurity-related compliance requirements, and cybersecurity regulatory enforcement activity has grown. We expect the regulatory environment to continue to evolve, and staying apace with these regulatory changes could increase our operational and compliance expenditures and those of our suppliers, and lead to new or additional information technology and product development expenses. We also face reputational, litigation and financial risks in relation to potential required disclosures and increased risk of enforcement. We continue to make investments and adopt measures designed to enhance our protection, detection, response, and recovery capabilities, and to mitigate potential risks to our technology, products, services and operations from potential cybersecurity threats, as well as to comply with evolving regulations. However, given the unpredictability, nature and scope of cyber-attacks, it is possible that we are unable to defend against all cyber-attacks, that potential vulnerabilities could go undetected and persist in the environment for an extended period, or that we may otherwise be unable to mitigate customer losses and other potential consequences of these attacks. In some cases, we must rely on the safeguards put in place by our customers, suppliers, subcontractors and other third parties to protect against and report cyber threats and attacks. We could potentially be subject to production downtimes, operational delays, other detrimental impacts on our operations or ability to provide products and services to our customers, the compromise of confidential information, intellectual property or otherwise protected information, misappropriation, destruction or corruption of data, security breaches, other manipulation or improper use of our or third-party systems, networks or products, financial losses from remedial actions, loss of business, or potential liability, penalties, fines and/or damage to our reputation. Any of these could have a material adverse effect on our competitive position, results of operations, financial condition or liquidity. Due to the evolving nature of such risks, the impact of any potential incident cannot be predicted.

Risks Related to Our Intellectual Property

Third parties may infringe on our intellectual property and, as a result, we could incur significant expense in protecting our patents or not have sufficient resources to protect them.

We utilize numerous licensed patents that are important to our business. Although we are not currently aware of any past or present infringements of these patents, we would expect to protect these patents from infringement. Protecting and obtaining patents, however, is both time consuming and expensive. We therefore may not have the resources necessary to assert all potential patent infringement claims or pursue all patents that might be available to us. If our competitors or other third parties infringe on our patents, our business may be harmed.

Third parties may claim that we have infringed on their patents and, as a result, we could be prohibited from using all or part of any technology used in our products.

Should third parties claim a proprietary right to all or part of any technology that we use in our products, such a claim, regardless of its merit, could involve us in costly litigation. If successful, such a claim could also result in us being unable to freely use the technology that was the subject of the claim or sell products embodying such technology. If we engage in litigation, our expenses may increase, and our business may be harmed. If we are prohibited from using a particular technology in our products, our revenues may decline, and our business may be harmed.

We may be subject to claims that our employees have wrongfully used or disclosed alleged trade secrets of their former employers.

As is common in the technology industry, we employ individuals who were previously employed at other technology companies, including our competitors or potential competitors. We may be subject to claims that these employees, or we, have used or disclosed trade secrets or other proprietary information of their former employers. Litigation may be necessary to defend against these claims. Even if we are successful in defending against these claims, litigation could result in substantial costs and be a distraction to management.

If we are not able to adequately prevent disclosure of trade secrets and other proprietary information, the value of our technology and products could be significantly diminished.

We rely on trade secrets to protect our proprietary technologies, especially where we do not believe patent protection is appropriate or obtainable. However, trade secrets are difficult to protect. We rely in part on confidentiality agreements with our employees, consultants, outside scientific collaborators, and other advisors to protect our trade secrets and other proprietary information. These agreements may not effectively prevent disclosure of confidential information and may not provide an adequate remedy in the event of unauthorized disclosure of confidential information. In addition, others may independently discover our trade secrets and proprietary information. Costly and time-consuming litigation could be necessary to enforce and determine the scope of our proprietary rights, and failure to obtain or maintain trade secret protection could adversely affect our competitive business position.

We will not be able to protect our intellectual property rights throughout the world.

Our business relies on our patents. Filing, prosecuting and defending patents in all countries throughout the world would be prohibitively expensive, and we do not have patent protection outside of the United States. In addition, the laws of some foreign countries do not protect intellectual property rights to the same extent as federal and state laws in the United States. Consequently, we may not be able to prevent third parties from practicing our inventions in all countries outside the United States or from selling or importing products made using our inventions in and into the United States or other jurisdictions. Competitors may use our technologies in jurisdictions where we have not obtained patent protection to develop their own products and, further, may export otherwise infringing products to territories where we have patent protection, but enforcement is not as strong as that in the United States. These infringing products may compete with the product we develop, without any available recourse.

The laws of some other countries do not protect intellectual property rights to the same extent as the laws of the United States. Patent protection must ultimately be sought on a country-by-country basis, which is an expensive and time-consuming process with uncertain outcomes. Accordingly, we may choose not to seek patent protection in certain countries, and we will not have the benefit of patent protection in such countries. In addition, the legal systems of some countries, particularly developing countries, do not favor the enforcement of patents and other intellectual property protection. As a result, many companies have encountered significant problems in protecting and defending intellectual property rights in foreign jurisdictions. Because the legal systems of many foreign countries do not favor the enforcement of patents and other intellectual property protection, it could be difficult for us to stop the infringement, misappropriation or violation of our patents or marketing of competing products in violation of our proprietary rights. Proceedings to enforce our intellectual property and other proprietary rights in foreign jurisdictions could result in substantial costs and divert our efforts and attention from other aspects of our business, could put our patents at risk of being invalidated or interpreted narrowly, could put our patent applications at risk of not issuing and could provoke third parties to assert claims against us. We may not prevail in any lawsuits that we initiate, and the damages or other remedies awarded, if any, may not be commercially meaningful. Accordingly, our efforts to enforce our intellectual property rights around the world may be inadequate to obtain a significant commercial advantage from the intellectual property that we develop or license.

Risks Related to our Stock

Trading in our common stock may be subject to substantial volatility.

Our common stock is quoted on the Nasdaq Stock Market under the symbol POCI. The price of our common stock may be volatile as a result of a number of factors, including, but not limited to, the following:

Our quarterly financial results vary quarter to quarter and depend on many factors. As a result, we cannot predict with a high degree of certainty our operating results in any particular fiscal quarter.

Our quarterly operating results may vary significantly depending upon factors such as:

We may not be able to grow or sustain revenues or achieve or maintain profitability on a quarterly or annual basis and levels of revenue and/or profitability may vary from one such period to another.

We are contractually obligated to issue shares in the future, diluting your percentage interest in us.

We have reserved shares for future issuance under all currently outstanding stock options, we expect to issue additional shares and stock options from time to time to compensate employees, consultants and directors, and we may in the future issue additional shares to raise capital. Any such issuances will have the effect of diluting the percentage interests of other holders of our common stock. Any such issuances will have the effect of further diluting the interest of the holders of our securities.

Failure to remediate and then maintain our internal control over our financial reporting could cause our financial reports to be inaccurate.

We are required to maintain internal control over financial reporting and to assess and report on the effectiveness of those controls. This assessment includes disclosure of any material weaknesses identified by our management in our internal control over financial reporting. Our management concluded that our internal control over financial reporting was ineffective as of June 30, 2024, and identified certain material weaknesses in our internal controls. While management is working to remediate the material weaknesses, there is no assurance that such changes will remediate the identified material weaknesses or that the controls will prevent or detect future material weaknesses. If we are not able to maintain effective internal control over financial reporting, our financial statements, including related disclosures, may be inaccurate, which could have a material adverse effect on our business

Failure to maintain our accounting systems and controls could impair our ability to comply with the financial reporting and internal controls requirements for publicly traded companies.

As a public company, we operate in an increasingly demanding regulatory environment, which requires us to comply with the Sarbanes-Oxley Act of 2002, and the related rules and regulations of the SEC. Company responsibilities required by the Sarbanes-Oxley Act include establishing corporate oversight and adequate internal control over financial reporting and disclosure controls and procedures. Effective internal controls are necessary for us to produce reliable financial reports and are important to help prevent financial fraud.

Because we are a smaller reporting company and a non-accelerated filer, we are not required to comply with the auditor attestation requirements of Section 404 of the Sarbanes-Oxley Act. However, we must perform system and process evaluation and testing of our internal control over financial reporting to allow management to report on the effectiveness of our internal control over financial reporting in this report and future annual reports on Form 10-K, as required by Section 404 of the Sarbanes-Oxley Act. This requires that we incur substantial additional professional fees and internal costs to expand our accounting and finance functions and that we expend significant management efforts.

As of June 30, 2024, we discovered weaknesses in our system of internal financial and accounting controls and procedures that could result in a material misstatement of our financial statements. Our internal control over financial reporting will not prevent or detect all errors and all fraud. A control system, no matter how well designed and operated, can provide only reasonable, not absolute, assurance that the control system’s objectives will be met. Because of the inherent limitations in all control systems, no evaluation of controls can provide absolute assurance that misstatements due to error or fraud will not occur or that all control issues and instances of fraud will be detected.

If we are not able to comply with the requirements of Section 404 of the Sarbanes-Oxley Act, or if we are unable to remediate or maintain proper and effective internal controls, we may not be able to produce timely and accurate financial statements. If we cannot provide reliable financial reports or prevent fraud, our business and results of operations could be harmed, and investors could lose confidence in our reported financial information.

Certain provisions in our organizational documents could enable our board of directors to prevent or delay a change of control .

Our organizational documents contain provisions that may have the effect of discouraging, delaying or preventing a change of control of, or unsolicited acquisition proposals, that a stockholder might consider favorable. These include provisions:

In addition, we are subject to the provisions of Chapter 110F of the MBCA. In general, Chapter 110F prohibits a publicly held Massachusetts corporation from engaging in a “business combination” with an “interested stockholder” for a three-year period following the time that the stockholder becomes an interested stockholder, unless the business combination is approved in a prescribed manner. A “business combination” includes, among other things, a merger, asset or stock sale or other transaction resulting in a financial benefit to the interested stockholder. An “interested stockholder” is a person who, together with affiliates and associates, owns, or did own within three years prior to the determination of interested stockholder status, five percent or more of the corporation’s voting stock.

A Massachusetts corporation may “opt out” of these provisions with an express provision in its original articles of organization or an express provision in its articles of organization or bylaws resulting from a stockholders’ amendment approved by at least a majority of the outstanding voting shares. We have not opted out of these provisions. The restrictions contained in Chapter 110F are also not applicable, among other certain exclusions, if the corporation does not have two hundred or more stockholders of record. As of September 20, 2024, we had 118 stockholders of record. As a result, if Chapter 110F is applicable, mergers or other takeover or change in control attempts of us may be discouraged or prevented.

General Risk Factors

Your ownership may be diluted if additional capital stock is issued to raise capital, to finance acquisitions or in connection with strategic transactions.

We intend to seek to raise additional funds, finance acquisitions or develop strategic relationships by issuing equity or convertible debt securities, which would reduce the percentage ownership of our existing stockholders. Our board of directors has the authority, without action or vote of the stockholders, to issue all or any part of our authorized but unissued shares of common stock. Our articles of organization authorize us to issue up to 50,000,000 shares of common stock. Future issuances of common stock would reduce your influence over matters on which stockholders vote and would be dilutive to earnings per share.

Negative research about our business published by analysts or journalists could cause our stock price to decline. A lack of regularly published research about our business could cause trading volume or our stock price to decline.

The trading market for our common stock depends in part on the research and reports that analysts and journalists publish about us or our business. If analysts or journalists publish inaccurate or unfavorable research about our business, our stock price would likely decline. If we fail to meet the expectations of analysts for our operating results, or if the analysts who covers us downgrade our stock, our stock price would likely decline. If one or more of these analysts ceases coverage of us or fails to publish reports on us regularly, demand for our stock could decrease, which could cause our stock price and trading volume to decline.

Claims for indemnification by our directors and officers may reduce our available funds to satisfy successful third-party claims against us and may reduce the amount of money available to us.

Our bylaws contain provisions that eliminate, to the maximum extent permitted by the MBCA, the personal liability of our directors and executive officers for monetary damages for breach of their fiduciary duties as a director or officer. Our bylaws also provide that we will indemnify our directors and executive officers and may indemnify our employees and other agents to the fullest extent permitted by the MBCA. Any claims for indemnification made by our directors or officers could impact our cash resources and our ability to fund the business.

We have no intention of declaring dividends in the foreseeable future.

The decision to pay cash dividends on our common stock rests with our board of directors and will depend on our earnings, unencumbered cash, capital requirements and financial condition. We do not anticipate declaring any dividends in the foreseeable future, as we intend to use any excess cash to fund our operations. Investors in our common stock should not expect to receive dividend income on their investment, and investors will be dependent on the appreciation of our common stock to earn a return on their investment.

Artificial intelligence presents risks and challenges that can impact our business, including by posing security risks to our confidential information, proprietary information and personal data.

Issues in the development and use of artificial intelligence, combined with an uncertain regulatory environment, may result in reputational harm, liability, or other adverse consequences to our business operations. As with many technological innovations, artificial intelligence presents risks and challenges that could impact our business. We may adopt and integrate generative artificial intelligence tools into our systems for specific use cases reviewed by legal and information security. Our vendors may incorporate generative artificial intelligence tools into their offerings without disclosing this use to us, and the providers of these generative artificial intelligence tools may not meet existing or rapidly evolving regulatory or industry standards with respect to privacy and data protection and may inhibit our or our vendors’ ability to maintain an adequate level of service and experience. If we, our vendors, or our third-party partners experience an actual or perceived breach or privacy or security incident because of the use of generative artificial intelligence, we may lose valuable intellectual property and confidential information and our reputation and the public perception of the effectiveness of our security measures could be harmed. Further, bad actors around the world use increasingly sophisticated methods, including the use of artificial intelligence, to engage in illegal activities involving the theft and misuse of personal information, confidential information, and intellectual property. Any of these outcomes could damage our reputation, result in the loss of valuable property and information, and adversely impact our business.

ITEM 1B. UNRESOLVED STAFF COMMENTS.

None.

ITEM 1C. CYBERSECURITY.

As a company selling products, including those for defense applications, we may be the target of cyber-attacks from a variety of threat actors. Cybersecurity threats include attacks on, or other attempts to infiltrate, our information technology (IT) infrastructure and the IT infrastructure of our customers, suppliers, subcontractors and other third parties, attempting to gain unauthorized access to our confidential or other proprietary information, classified information, or information relating to our employees, customers, and other third parties, or to disrupt our systems or the systems of our customers, suppliers, subcontractors, and other third parties. Cybersecurity threats also include attempts to infiltrate our products or services, including attacks targeting the security, confidentiality, integrity and/or availability of the hardware, software and information installed, stored or transmitted in our products, including after the purchase of those products and when they are incorporated into third-party products, facilities, or infrastructure.

Our Cybersecurity Program.

Our products and services are normally classified as EAR 99 by the U.S. government, but our defense customers generally require compliance with the International Traffic in Arms Regulation (“ITAR”). Moreover, our products sold for defense applications are integrated with our customers’ products and these customers may provide us with Controlled Unclassified Information (CUI) that requires, safeguarding and dissemination controls in accordance with laws, regulations, or Government-wide policies. Given the nature of our business and the cybersecurity risks we face, we have instituted cybersecurity measures for identifying, assessing, and managing cybersecurity risks, which include material risks from cybersecurity threats to our internal systems, our products, services and programs for customers, and our supply chain.

The goals of our enterprise cybersecurity program align with the National Institute of Standards and Technology (NIST) standards, among others. The program includes processes and controls for the deployment of new IT systems by the Company and controls over new and existing system operations. We, or third parties we contract with, monitor and conduct regular testing of these controls and systems, including vulnerability management through active discovery and testing to regularly assess patching and configuration status. In addition, we require our employees to complete data security training, and we regularly conduct simulated phishing and cyber-related communications.

Incident Response.

Our cybersecurity program includes monitoring for potential security threats that may lead to vulnerabilities. We evaluate and assign severity levels to incidents, escalate and engage an incident response team based on severity, and manage and mitigate the related risks. Incidents are reported internally to members of senior management and/or the Board of Directors as appropriate based on severity and incident type and are also analyzed for external reporting requirements. Our incident response process is also designed to coordinate functions to enable continuity of essential business operation in the event of a cyber crisis.

Third Party Service Providers.

We engage third party service providers to expand the capabilities and capacity of our cybersecurity program, including for design, monitoring and testing of the program’s risk prevention and protection measures, and process execution including incident detection, investigation, analysis and response, eradication, and recovery. Our Chief Financial Officer and Vice President of Engineering meet regularly with third party service providers to review their performance and progress towards our cybersecurity initiatives.

Program Assessment.

We continuously evaluate and seek to improve and mature our cybersecurity processes against government standards. Our cybersecurity program is regularly assessed through management self-evaluation and ongoing monitoring procedures to evaluate our program effectiveness, including assessments associated with internal controls over financial reporting as well as vulnerability management through active discovery and testing to validate patching and configuration. As cybersecurity threats are continuously evolving, we also periodically engage with third parties to perform maturity assessments of our program to identify potential risk areas and improvement opportunities. This includes assessment of our overall program, policies and processes, compliance with regulatory requirements and an overall assessment of key vulnerabilities. We use these assessments to supplement our own evaluation of the overall health of our program and target improvement areas.

Board Oversight and Management’s Role

Our Board of Directors has primary oversight responsibility for enterprise cybersecurity risks. The Audit Committee also considers enterprise cybersecurity risks in connection with its financial and compliance risk oversight role. The Chief Financial Officer regularly reports to the Board of Directors on the status of the Company’s cybersecurity program and provides the Board with the annual assessment by a third party on the Company’s cybersecurity program.

For more information on risks related to cybersecurity, see Item IA. “Risk Factors” of this Form 10-K.