Our management recognizes the importance of assessing, identifying, and managing material risks associated with cybersecurity threats, and manages those risks with a risk-management cybersecurity program. Among other things, these risks include operational risks, financial system risks, physical security risks, intellectual property theft, fraud, extortion, violation of data privacy and security laws, and harm to employees, drivers, site hosts, and property owners. Our capabilities and data, as well as those of our customers, suppliers, partners, and service providers, are critical to our operations and may contain confidential personal information, sensitive business-related information, or intellectual property. These capabilities are also susceptible to interruptions (including those caused by systems failures, cyber-attacks, and other natural or man-made incidents or disasters), which may be prolonged or go undetected. For additional information regarding risks from cybersecurity threats, please refer to Item 1A, “Risk Factors,” in this Annual Report

Risk Management and Strategy

We aim to incorporate industry best practices throughout our cybersecurity program and have live data recovery and breach policies in place. Our cybersecurity strategy focuses on implementing effective and efficient controls, technologies, and other processes to assess, identify, and manage material cybersecurity risks. Our cybersecurity program is designed to be aligned with applicable industry standards and is evaluated annually as a part of our Sarbanes-Oxley information technology control testing procedures. We carry cybersecurity insurance coverage intended to help mitigate certain financial exposures that could arise from cybersecurity incidents. Such coverage is intended to supplement, and not replace, our cybersecurity controls and risk management practices. Our cybersecurity insurance policies are designed to provide coverage for certain costs associated with incident response, forensic investigation, data restoration, notification obligations, regulatory defense, legal expenses, and certain third-party liabilities arising from data breaches or other cybersecurity events.

The Company periodically evaluates its cybersecurity insurance coverage in light of evolving cybersecurity risks, changes in the threat landscape, and developments in our business operations. While we believe that our cybersecurity insurance coverage is consistent with that maintained by similarly situated companies, such coverage is subject to policy limits, deductibles, exclusions, and other terms, and may not be sufficient to cover all losses or liabilities that may arise from a cybersecurity incident.

Our cybersecurity insurance program is one component of our broader cybersecurity risk management framework, which also includes administrative, technical, and physical safeguards designed to identify, assess, and mitigate cybersecurity risks affecting our systems, data, and operations.

We have processes to assess, identify, manage, and address material cybersecurity threats and incidents. These include annual and ongoing security awareness training for employees, vulnerability scanning, and code reviews, among others. We actively engage with industry groups for benchmarking and best practices awareness. While we are unaware of having been subjected to or impacted by a significant cybersecurity threat to date, we monitor internally discovered or externally reported issues that may affect our products and services and have processes to assess those issues for potential cybersecurity impact or risk.

We also have a process to manage cybersecurity risks associated with third-party service providers. We impose industry-standard security requirements upon our suppliers, including that they maintain an effective security management program; abide by information handling and asset management requirements; and notify us of any known or suspected cyber incident, among others. We obtain and review our third-party service providers’ SOC 1 Type II reports for appropriate information technology controls, including security, to ensure that they adhere to these standards, when available.

 Cybersecurity is an integral part of our risk management processes and a significant area of focus for the Board of Directors and management team. The Audit Committee is responsible for the cybersecurity component of our IT operations.