Risk Factors - UG

-New additions in green
-Changes in blue
-Hover to see similar sentence in last filing

$UG Risk Factor changes from 00/03/23/22/2022 to 00/03/21/25/2025

Item 1A. Risk Factors. Risk Factors. The information to be reported under this item is not required of smaller reporting companies. The information to be reported under this item is not required of smaller reporting companies. Item 1B. Item 1B. Unresolved Staff Comments. Unresolved Staff Comments. None. Item 1C. Cybersecurity. We continue to augment the capabilities of our people, processes, and technologies to address our cybersecurity risks. Our cybersecurity risks, and the controls designed to mitigate those risks, are integrated into our overall risk management governance and are reviewed yearly by our Board of Directors. We take steps to protect our data and third-party data we receive through the implementation of technological and organizational measures designed to reduce the risk from cybersecurity threats, including data theft or destruction. We have undertaken a program of annual enterprise-wide cybersecurity risk assessments and have implemented policies, procedures, and programs designed to help manage the risks to which we are exposed in our business. As part of our risk management process, we have implemented a risk-based approach to identify and assess the cybersecurity threats that could affect our business and information systems, as well as the systems of third parties on whom we rely, such as any cloud hosting partners. Our cybersecurity program is designed to assess, identify, and manage material risks and vulnerabilities to our security posture, including prioritizing and remediating cybersecurity risks. Our program includes, among other things: • Incorporation of cybersecurity in our overall enterprise risk management processes, including periodic risk assessments and tools used to track and monitor risks. • Regular reviews of cybersecurity risks and mitigation efforts. • Use of software and hardware tools and services to help safeguard our systems, information, and data. • Assessments designed to help identify cybersecurity risks to our critical systems, information, products, services, and our broader enterprise IT environment. • An employee information security training program to educate employees on various cybersecurity risks and mitigation strategies. • Policies and processes governing our third-party security risks. 16 Risk Management and Strategy We have implemented a set of comprehensive cybersecurity and data protection policies and procedures. Risks from cybersecurity threats are regularly evaluated as a part of our broader risk management activities and as a fundamental component of our internal control system. Our employees receive ongoing cybersecurity awareness training, including specific topics related to social engineering and email fraud. We utilize an outsourced information technology firm and consultants with significant expertise in cybersecurity. We invest in advanced technologies for continuous cybersecurity monitoring across our information technology environment which are designed to prevent, detect, and minimize cybersecurity attacks, as well as alert management of such attacks. Our Information Technology General Controls are firmly established based on the National Institute of Standards and Technology (“NIST”) cybersecurity framework and cover areas such as risk management, data backup, and disaster recovery. We have utilized an outsourced information technology consultant to reduce and monitor security threats and vulnerabilities. As part of our gap analysis, identified vulnerabilities have been, and will continue to be, promptly addressed with our senior business leadership and our Board of Directors. Governance Our Board of Directors is responsible for overseeing our cybersecurity risk management and strategy. Our President regularly meets with and provides periodic briefings to our Board of Directors regarding our cybersecurity risks and activities, including any recent cybersecurity incidents and related responses, cybersecurity systems testing, activities of third parties, and the like. .