Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]

Risk Management and Strategy

LeMaitre Vascular recognizes the critical importance of developing, implementing, and maintaining robust cybersecurity measures to safeguard our information systems and protect the confidentiality, integrity, and availability of our data.

Managing Material Risks & Integrated Overall Risk Management

We have strategically integrated cybersecurity risk management into our broader risk management framework to promote a company-wide culture of cybersecurity risk management, with the goal of ensuring that cybersecurity considerations are an integral part of our decision-making processes. Our IT department continuously evaluates and addresses cybersecurity risks during our risk assessment process, in alignment with our business objectives and operational needs.

Engage Third-Parties on Risk Management

Recognizing the complexity and evolving nature of cybersecurity threats, we engage with external experts, including cybersecurity assessors and consultants, to evaluate and test our risk management systems. Our collaboration with third-parties includes periodic audits, threat assessments, and consultation on security enhancements.

Oversight of Third-party Risk

Using a risk-based approach, we review third-party service providers as part of our IT general controls, particularly focusing on financial risk and the third-party applications and controls around that risk.

Risks from Cybersecurity Threats

Although we are not aware of having experienced any prior material data breaches, regulatory non-compliance incidents, or cyber security incidents, we may in the future be impacted by such an event, exposing our clients and us to a risk of someone obtaining access to our information, to information of our clients or their customers, or to our intellectual property; disabling or degrading service; or sabotaging systems or information. Any such security breach could result in a loss of confidence in the security of our services, damage our reputation, disrupt our business, require us to incur significant costs of investigation, remediation, or payment of a ransom, lead to legal liability, negatively impact our future sales, and result in a substantial financial loss.

Cybersecurity Risk Management Processes Integrated [Text Block]

We have strategically integrated cybersecurity risk management into our broader risk management framework to promote a company-wide culture of cybersecurity risk management, with the goal of ensuring that cybersecurity considerations are an integral part of our decision-making processes. Our IT department continuously evaluates and addresses cybersecurity risks during our risk assessment process, in alignment with our business objectives and operational needs.

Cybersecurity Risk Third Party Oversight and Identification Processes [Flag]

true

Cybersecurity Risk Board of Directors Oversight [Text Block]

Governance

Our Board of Directors is aware of the critical nature of managing risks associated with cybersecurity threats. The Board has established oversight mechanisms to ensure effective governance in managing risks associated with cybersecurity threats because we recognize the significance of these threats to our operational integrity and stakeholder confidence.

Board of Directors Oversight

The Audit Committee is central to our Board’s oversight of cybersecurity risks and bears the primary responsibility for this domain. On a periodic basis, our Audit Committee reviews the adequacy of our computer systems controls, cybersecurity risk management, and related governance and incident disclosures.

Management’s Role Managing Risk

Our Senior Vice President, Information Technology and our Chief Financial Officer, or CFO, play a pivotal role in informing the Audit Committee on cybersecurity risks. They provide comprehensive briefings to the Audit Committee on a regular basis, with a minimum frequency of once per year. These briefings encompass a broad range of topics, including:

	●	current cybersecurity landscape and emerging threats;
	●	status of ongoing cybersecurity initiatives and strategies;
	●	incident reports and learnings from any cybersecurity events; and
	●	compliance with regulatory requirements and industry standards.

In addition to our scheduled meetings, the Audit Committee, our Senior Vice President, Information Technology, and our CFO maintain an ongoing dialogue regarding emerging or potential cybersecurity risks.

Risk Management Personnel

Primary responsibility for assessing, monitoring and managing our cybersecurity risks rests with our Senior Vice President, Information Technology, who has over 25 years of experience in the field. As each relates to cybersecurity, our Senior Vice President, Information Technology, leads testing of our compliance with standards, remediation of known risks, and our employee training program.

Monitor Cybersecurity Incidents

Our Senior Vice President, Information Technology, leads our implementation and oversight of processes for the regular monitoring of our information systems. We have developed a cybersecurity incident response plan that is overseen by our Senior Vice President, Information Technology, and that includes immediate actions to mitigate the impact and longer-term strategies for remediation and prevention of future incidents.

Reporting to Board of Directors

Our Senior Vice President, Information Technology, regularly informs the CFO about matters related to cybersecurity risks and incidents. Together, our Senior Vice President, Information Technology, and CFO then update our Audit Committee and Board on significant cybersecurity matters, and strategic risk management.

Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block]

The Audit Committee is central to our Board’s oversight of cybersecurity risks and bears the primary responsibility for this domain. On a periodic basis, our Audit Committee reviews the adequacy of our computer systems controls, cybersecurity risk management, and related governance and incident disclosures.

Cybersecurity Risk Management Positions or Committees Responsible [Flag]

true

Cybersecurity Risk Management Expertise of Management Responsible [Text Block]

Primary responsibility for assessing, monitoring and managing our cybersecurity risks rests with our Senior Vice President, Information Technology, who has over 25 years of experience in the field. As each relates to cybersecurity, our Senior Vice President, Information Technology, leads testing of our compliance with standards, remediation of known risks, and our employee training program.

Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag]

true