ITEM 1C. CYBERSECURITY

Our business is highly dependent on the availability, integrity, and security of our information systems. These systems support, among other things, our manufacturing operations, retail and e‑commerce activity, point‑of‑sale data flows, influencer marketing infrastructure, and our expanding international operations, including Byrna Technologies Canada. As our digital footprint and reliance on cloud‑based platforms continue to grow, our exposure to cybersecurity threats increases. We must protect the confidentiality, integrity, and availability of data related to our business, employees, customers, and third parties. Our operations involve the collection, processing, storage, and transmission of personally identifiable information and other sensitive or confidential data.

The Company’s cybersecurity risk‑management program is overseen by our Chief Executive Officer and senior management team, including leaders responsible for information technology, operations, finance, and compliance. These individuals have experience overseeing the implementation of IT controls, evaluating security frameworks, and managing third‑party vendors. Our Audit Committee oversees cybersecurity as part of its general risk‑oversight responsibilities and receives periodic updates on cybersecurity risks, incidents, and mitigation activities, as appropriate.

Our cybersecurity posture is designed to support compliance with applicable global data‑protection laws and cybersecurity regulations in the jurisdictions in which we operate. The program incorporates preventive, detective, and responsive measures intended to maintain the availability of critical systems, reduce exposure to material risks, and enhance resiliency. Key activities include:

Cybersecurity Risk Assessment Program

We do not maintain a standalone third-party cybersecurity risk management program. However, we assess cybersecurity risks associated with third-party service providers through a combination of contractual requirements, reliance on SOC 1 Type 2 or SOC 2 Type 2 reports for materially in-scope applications, internal reviews, and ongoing monitoring where appropriate based on the nature and criticality of the services provided.

Policies and Procedures for Third-Party Service Providers

We do not maintain a standalone third-party cybersecurity risk management program. However, we assess cybersecurity risks associated with third-party service providers through a combination of contractual requirements, reliance on SOC 1 Type 2 reports for materially in-scope applications, internal reviews, and ongoing monitoring where appropriate based on the nature and criticality of the services provided.

Activities to Prevent, Detect, and Minimize Cybersecurity Incidents

We undertake various activities to prevent, detect, and minimize the effects of cybersecurity incidents. These activities include:

Cybersecurity Incident Response and Materiality Assessment

We maintain incident response processes designed to enable timely identification, escalation, investigation, and remediation of cybersecurity incidents. In the event of a cybersecurity incident, management evaluates the materiality of the incident, including its potential impact on our operations, financial condition, results of operations, and reputation, as well as applicable disclosure obligations under federal securities laws.

Impact of Previous Cybersecurity Incidents

To date, we have not identified any known cybersecurity incidents that have materially affected, or are reasonably likely to materially affect, our business, results of operations, or financial condition. However, we face certain ongoing risks from cybersecurity threats that, if realized, are reasonably likely to materially affect us. To date, we have not identified any known cybersecurity incidents that have materially affected the Company. However, we face ongoing cybersecurity risks that, if realized, could materially affect our business, results of operations, or financial condition.

Consideration of Cybersecurity Risks in Business Strategy, Financial Planning, and Capital Allocation

Cybersecurity risks are considered as part of our business strategy, financial planning, and capital allocation. We regularly review and update our cybersecurity posture to address emerging threats and ensure the protection of our information systems. However, cybersecurity risks are subject to rapid technological change, evolving threat landscapes, and increasing regulatory scrutiny, and there can be no assurance that our controls and processes will prevent all cybersecurity incidents.