Cybersecurity Risk Management and Strategy Disclosure

12 Months Ended

Mar. 31, 2026

Cybersecurity Risk Management, Strategy, and Governance [Line Items]

Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]

We maintain a comprehensive cybersecurity program, recognizing the critical importance of safeguarding our

operations, employees, customers, and other business partners from cybersecurity risks, which continue to evolve

in frequency and sophistication. These risks include, among others, operational, financial, reputational, legal, and

regulatory risks.

As a part of this program, we have developed an incident response plan (IRP) designed to quickly respond to,

mitigate, and recover from cybersecurity incidents. The IRP includes procedures for incident detection and

reporting, initial assessment, containment, eradication, recovery, post-incident activities, and continuous

improvement.

We also integrate cybersecurity risk management into our overall risk management framework to ensure that

cybersecurity risks are considered in all aspects of our business. Our management team works closely with our

Chief Digital & Data Officer (CDDO) and Chief Information Security Officer (CISO), and is designed to align our

cybersecurity efforts with our business objectives and operational needs. Key components of our cybersecurity

approach include, among other things:

•establishing a dedicated action team, led by our CDDO and CISO, to oversee and manage

cybersecurity risks;

•implementing a comprehensive cybersecurity risk assessment process and strategy based on

industry standards and established frameworks such as the National Institute of Standards and

Technology (NIST);

•implementing a third-party and vendor risk management program, which includes evaluating risk

levels such that third parties and vendors with access to our systems or data are subject to

cybersecurity onboarding and review, along with cybersecurity and data privacy audits and ongoing

risk monitoring and mitigation efforts;

•conducting penetration tests and security maturity assessments throughout the year;

•periodically engaging independent third-party assessors to audit our cybersecurity and information

system programs to evaluate their effectiveness;

•implementing industry-standard technologies and processes to protect our system and data and to

help detect potential unauthorized activity;

•maintaining access controls to safeguard data and systems;

•providing annual trainings to employees on responsible information security, data security and

cybersecurity practices including appropriate action to take against cybersecurity threats;

•conducting periodic phishing simulations to our employees;

•engaging in cybersecurity incident tabletop exercises and scenario planning exercises;

•maintaining a cybersecurity and information security risk insurance policy, which insures for data

incidents or breaches and other technology related exposures; and

•periodically reviewing and updating our IRP, privacy policy, and other relevant policies/procedures.

We continuously evaluate and enhance our cybersecurity risk management practices in response to evolving

threats and business needs.

In the three-year period ended March 31, 2026, our business, results of operations and financial condition have not

been materially affected by risks from cybersecurity threats, including as a result of any prior cybersecurity incidents

experienced by either us or third parties, but we cannot provide assurance that they will not be materially affected in

the future by such risks or any future material incidents. Refer to Part I, Item 1A, “Risk Factors - Risks Related to

Technology, Data Security and Privacy” within this Annual Report for further information.

Cybersecurity Risk Management Processes Integrated [Flag]

true

Cybersecurity Risk Management Processes Integrated [Text Block]

We also integrate cybersecurity risk management into our overall risk management framework to ensure that cybersecurity risks are considered in all aspects of our business.

Cybersecurity Risk Management Third Party Engaged [Flag]

true

Cybersecurity Risk Third Party Oversight and Identification Processes [Flag]

true

Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag]

false

Cybersecurity Risk Board of Directors Oversight [Text Block]

Our Board has delegated to the Audit Committee primary responsibility for oversight of enterprise risk assessment

and risk management, including risks related to cybersecurity and information security. Our CDDO and CISO, who

head our cybersecurity and information security initiatives, provide quarterly updates to the Audit Committee, and

annual updates to the full Board.

Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block]

Our Board has delegated to the Audit Committee primary responsibility for oversight of enterprise risk assessment and risk management, including risks related to cybersecurity and information security.

Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block]

Our CDDO and CISO, who

head our cybersecurity and information security initiatives, provide quarterly updates to the Audit Committee, and

annual updates to the full Board. These updates cover various topics, such as efforts to enhance our cybersecurity

posture, operational and incident metrics, mitigation actions, and key performance indicators such as cybersecurity

maturity, program health, and audit and compliance activities. The Audit Committee reviews and monitors these

updates as part of its oversight of our cybersecurity risk management program. The Audit Committee also engages

in regular dialogue with management, including our CDDO and CISO, regarding cybersecurity and technology risks

and related initiatives. In addition, the Audit Committee reviews relevant internal audit findings and key metrics used

to assess our capabilities to manage cybersecurity, information security, and technology risks.

In addition to these regular updates, significant cybersecurity incidents and updates are escalated on an as-needed

basis in accordance with our IRP, and the Audit Committee discusses with management the nature and potential

impact of material cybersecurity incidents on our business, financial condition, and results of operations.

Cybersecurity Risk Role of Management [Text Block]

Our Board has delegated to the Audit Committee primary responsibility for oversight of enterprise risk assessment

and risk management, including risks related to cybersecurity and information security. Our CDDO and CISO, who

head our cybersecurity and information security initiatives, provide quarterly updates to the Audit Committee, and

annual updates to the full Board. These updates cover various topics, such as efforts to enhance our cybersecurity

posture, operational and incident metrics, mitigation actions, and key performance indicators such as cybersecurity

maturity, program health, and audit and compliance activities. The Audit Committee reviews and monitors these

updates as part of its oversight of our cybersecurity risk management program. The Audit Committee also engages

in regular dialogue with management, including our CDDO and CISO, regarding cybersecurity and technology risks

and related initiatives. In addition, the Audit Committee reviews relevant internal audit findings and key metrics used

to assess our capabilities to manage cybersecurity, information security, and technology risks.

In addition to these regular updates, significant cybersecurity incidents and updates are escalated on an as-needed

basis in accordance with our IRP, and the Audit Committee discusses with management the nature and potential

impact of material cybersecurity incidents on our business, financial condition, and results of operations.

Our CDDO and CISO have extensive experience in cybersecurity. Our CDDO has served in his role since

September 2024. He has over 15 years of experience in digital transformations, enterprise technology, artificial

intelligence, and data management. Our CISO has served in various roles in information technology for over 25

years, including 15 years in information security. He holds a B.S. in Cybersecurity and Information Assurance, along

with industry certifications including ISACA’s Certified in Risk and Information Systems Control, ISACA’s Certified

Information Security Manager, and ISC2’s Certified Information Systems Security Professional certifications.

Cybersecurity Risk Management Positions or Committees Responsible [Flag]

true

Cybersecurity Risk Management Positions or Committees Responsible [Text Block]

Our CDDO and CISO, who

head our cybersecurity and information security initiatives, provide quarterly updates to the Audit Committee, and

annual updates to the full Board. These updates cover various topics, such as efforts to enhance our cybersecurity

posture, operational and incident metrics, mitigation actions, and key performance indicators such as cybersecurity

maturity, program health, and audit and compliance activities.

Cybersecurity Risk Management Expertise of Management Responsible [Text Block]

Our CDDO and CISO have extensive experience in cybersecurity. Our CDDO has served in his role since

September 2024. He has over 15 years of experience in digital transformations, enterprise technology, artificial

intelligence, and data management. Our CISO has served in various roles in information technology for over 25

years, including 15 years in information security. He holds a B.S. in Cybersecurity and Information Assurance, along

with industry certifications including ISACA’s Certified in Risk and Information Systems Control, ISACA’s Certified

Information Security Manager, and ISC2’s Certified Information Systems Security Professional certifications.

Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block]

Our Board has delegated to the Audit Committee primary responsibility for oversight of enterprise risk assessment

and risk management, including risks related to cybersecurity and information security. Our CDDO and CISO, who

head our cybersecurity and information security initiatives, provide quarterly updates to the Audit Committee, and

annual updates to the full Board. These updates cover various topics, such as efforts to enhance our cybersecurity

posture, operational and incident metrics, mitigation actions, and key performance indicators such as cybersecurity

maturity, program health, and audit and compliance activities. The Audit Committee reviews and monitors these

updates as part of its oversight of our cybersecurity risk management program. The Audit Committee also engages

in regular dialogue with management, including our CDDO and CISO, regarding cybersecurity and technology risks

and related initiatives. In addition, the Audit Committee reviews relevant internal audit findings and key metrics used

to assess our capabilities to manage cybersecurity, information security, and technology risks.

In addition to these regular updates, significant cybersecurity incidents and updates are escalated on an as-needed

basis in accordance with our IRP, and the Audit Committee discusses with management the nature and potential

impact of material cybersecurity incidents on our business, financial condition, and results of operations.

Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag]

true