Item 1A. Risk Factors” and under the heading “Critical Accounting Policies and Estimates” within “Management’s Discussion and Analysis of Financial Condition and Results of Operations.” All forward-looking statements attributable to us are expressly qualified in their entirety by the factors that may cause actual results to differ materially from anticipated results. Readers are cautioned not to place undue reliance on these forward-looking statements, which reflect management’s opinion only as of the date hereof. We undertake no duty or obligation to revise or publicly release the results of any revision to these forward-looking statements. Readers should carefully review the risk factors described in Item 1A of this document as well as in other documents we file from time to time with the SEC for an understanding of the variables that can affect our business and results of operations.

Note Regarding Reverse Stock Split

The Company effected a reverse stock split of its outstanding common stock at a ratio of 1-for-20, effective as of December 23, 2024, for the purpose of complying with Nasdaq Listing Rule 5550(a)(2) and satisfying the bid price requirements. We have reflected the reverse stock splits herein, unless otherwise indicated.

PART I

Item 1. Business.

Overview

Company History

iCoreConnect Inc., (the “Company”), a Delaware Corporation, is a cloud-based software and technology company focused on increasing workflow productivity and customer profitability through its enterprise platform of applications and services., (the “Company”), a Nevada Corporation, is a market leading cloud-based software and technology company focused on increasing workflow productivity and customer profitability through its enterprise platform of applications and services.

Business Combination

On January 5, 2023, the Company entered into a Merger Agreement and Plan of Reorganization (the “Merger Agreement”), by and among the Company, iCoreConnect, Inc.., a Nevada corporation (“Old iCore”), and FG Merger Sub Inc., a Nevada corporation and a direct, wholly-owned subsidiary of the Company (“Merger Sub”). The Merger Agreement provided that, among other things, at the closing (the “Closing”) of the transactions contemplated by the Merger Agreement, Merger Sub will merge with and into Old iCore (the “Merger”), with Old iCore surviving as a wholly-owned subsidiary of the Company. In connection with the Merger, the Company changed its name from FG Merger Corp. to “iCoreConnect Inc.” The Merger and the other transactions contemplated by the Merger Agreement are hereinafter referred to as the “Business Combination.” On August 25, 2023, Old iCore and FGMC consummated the Business Combination, with Old iCore surviving as a wholly owned subsidiary of FGMC.

On October 1, 2024, the Company sold the assets of its Managed IT Services (MSP and MSaaS).

Software as a Service (SaaS) Offerings

The Company currently markets secure Health Insurance Portability and Accountability Act (HIPAA) compliant cloud-based software as a service (SaaS) offerings under the names of iCoreRx, iCorePDMP, iCoreEPCS, iCoreVerify, iCoreVerify+, iCoreHuddle+, iCoreCodeGenius, iCoreExchange, iCoreCloud, iCorePay, iCoreSecure, iCoreClaims and iCoreIT. The Company’s software is sold under annual recurring revenue subscriptions.

iCoreRx - iCoreRx is a HIPAA compliant electronic prescription SaaS solution that integrates with popular practice management and electronic health record systems. It saves time by selecting exact medications at available doses with built-in support from a drug directory and provides full support for Electronic Prescriptions for Controlled Substances (iCoreEPCS). Additional functionality to iCoreRx to extend your electronic prescribing capabilities to include controlled substances as defined by the DEA schedule. iCorePDMP is an add-on for iCoreRx that seamlessly integrates with state databases to automate prescription drug monitoring. Providers in many states are required to check the patient’s Prescription Drug Monitoring Program (PDMP) history before prescribing controlled substances. This service provides one-click real-time access to the state databases without the need to manually enter data. This service provides a one-click real-time access to the state databases without the need to manually enter data. This tool also generates patient risk scores and an interactive visualization of usage patterns to help the prescriber identify potential risk factors. The prescriber can then use this report to make decisions on objective insight into potential drug misuse or abuse which will ultimately lead to improved patient safety and better patient outcomes.

iCoreVerify and iCoreVerify+ - iCoreVerify is a HIPAA compliant SaaS solution that automatically retrieves a patients insurance eligibility breakdown to verify their benefits seven (7) days in advance of their appointment and on-demand using iCoreConnect’s real time technology. Automation runs daily to verify insurance for every patient on the schedule a full week in advance of their appointment date. The system returns results typically in less than one second for most responses. This substantially reduces the phone calls and labor hours for the practice. This tool integrates with most popular practice management systems. iCoreVerify+ adds a unique add-on service that augments iCoreConnect’s automation with a concierge service that turns around requests traditionally in less than 24 hours. It includes all carriers including non-digital ones and is customized to the client's specialty.

iCoreClaims - iCoreClaims is responsible for processing and managing claims submitted by policyholders or dental care providers and typically involves: (a) Claim Submission: Dental care providers (such as dentists or orthodontists) submit claims to the insurance company on behalf of patients after providing dental services. The claim includes details such as the type of treatment provided, codes for procedures performed, patient information, and provider details; (b) Verification and Eligibility: iCoreClaims service verifies the patient's eligibility for coverage based on the terms of their insurance policy. This involves checking if the patient's policy covers the specific dental treatment or procedure being claimed; (c) Adjudication: Once the claim is submitted and eligibility is confirmed, iCoreClaims processes the claim by reviewing it against the terms of the policy. This includes checking for any exclusions or limitations on coverage, ensuring the services rendered are medically necessary, and determining the applicable co-pays, deductibles, and coverage limits; (d) Communication: Throughout the claims process, iCoreClaims communicates with both the dental care provider and the policyholder to resolve any issues, provide explanations of benefits (EOBs), and answer any questions related to the claim; (e) Record Keeping: iCoreClaims maintains records of all claims processed, payments made, and communications related to each claim for auditing, reporting, and customer service purposes; (f) iCoreClaims service plays a crucial role in facilitating the reimbursement process for dental care services covered under insurance policies, ensuring that policyholders receive the benefits they are entitled to and that dental care providers are appropriately compensated for their services; (g) From a technology standpoint, the use of cloud software for documentation and U.S.-based billing specialists highlights iCoreConnect's strategy to combine advanced software with expert human intervention. This hybrid approach can be particularly appealing to healthcare providers who are seeking technological solutions without completely forgoing the human touch that is often necessary for complex billing and coding scenarios.

iCoreHuddle and iCoreHuddle+ - iCoreHuddle is a powerful HIPAA compliant SaaS solution to instantly reveal the revenue potential of each patient. This product is currently limited to dental practices. The service connects to most popular practice management and electronic health record systems to optimize revenue realization. It provides the practice with a dashboard containing various metrics, analytics, and key performance indicators (“KPIs”). iCoreHuddle provides a daily view of patient schedules, including their outstanding balances, unscheduled treatment plans, recall information, procedure information and the amount of remaining insurance benefits. The software also provides one-click access to each patient’s insurance eligibility, including a detailed benefits and deductibles report. This tool aims to increase the workflow efficiency of the dentist’s practice by reducing the number of required lookups and clicks for each patient. iCoreHuddle+ offers enhanced analytical tools for practices to optimize their revenue generation process and workflows.

iCoreCodeGenius - iCoreCodeGenius is a medical coding reference SaaS solution that provides the coding standards for the 10th revision of the International Classification of Diseases and Related Health Problems (ICD-10), a medical classification list published by the World Health Organization (WHO). It contains codes for diseases, signs and symptoms, abnormal findings, complaints, social circumstances, and external causes of injury and diseases. This year the company added CPT codes to the software. CPT Codes (Current Procedural Terminology Codes) are a set of medical codes used by healthcare providers to describe medical, surgical, and diagnostic services and procedures. They are maintained by the American Medical Association (AMA) and are essential for billing and documentation in the healthcare system, iCoreCodeGenius includes a full ICD-10 code lookup and guidance, automatic prompting of comorbidities and Hierarchical Condition Category’s (HCC) to aid in obtaining the appropriate reimbursement with a high degree of accuracy, and the ability to reduce or eliminate queries and denials.

iCoreExchange - iCoreExchange provides a secure, HIPAA compliant SaaS email solution using the direct protocol that allows doctors to send and receive secure email with attachments to and from other healthcare professionals in the network. iCoreExchange also provides a secure email mechanism to communicate with users outside the exchange e.g., patients and referrals. Users can build a community, access other communities and increase referrals and collaboration. Users have the ability to build a community, access other communities and increase referrals and collaboration. Users can email standard office documents, JPEG, PDF as well as patient files with discrete data, which can then be imported and accessed on most Electronic Health Record (EHR) and Practice Management (PM) systems in a HIPAA compliant manner.

iCoreCloud - iCoreCloud offers customers the ability to back up their on-premise servers and computers to the cloud. iCoreCloud is a fully HIPAA compliant and automated backup solution. The data backed up is encrypted both in transit and while at rest. In case of full data loss, the mirrored data in the cloud can be seamlessly restored back to the practice on a new computer or a server. The data is stored encrypted in HIPAA compliant data centers with multiple layers of redundancy. The data centers are physically secure with restricted personnel and biometric access. The locations are also guarded by security 24 hours a day, 365 days a year.

iCorePay - iCorePay is a cloud-based financial technology (FinTech) solution designed to streamline the billing and payment processes for healthcare providers, offering a modern and efficient way to manage patient payments. The platform integrates with existing healthcare management systems, allowing for easy creation and sending of HIPAA-compliant billing statements, as well as accepting various digital payment methods like Apple Pay, Google Pay, and PayPal. This system aims to improve patient experience by making payments easier and more convenient, while also boosting revenue collection for healthcare providers. Additionally, iCorePay helps reduce costs and administrative burdens by automating much of the billing process.

iCoreSecure -We used our expertise and development capabilities from our HIPAA compliant iCoreExchange and developed iCoreSecure, an encrypted email solution for anyone that needs encrypted email to protect personal and financial data. iCoreSecure is a secure SaaS solution that solves privacy concerns in insurance, real estate, financial and many other industry sectors that have a need for secure encrypted email. iCoreSecure is a secure SaaS solution that solves privacy concerns in the insurance, real estate, financial and many other industry sectors that have a need for secure encrypted email.

Competition - The Company experiences competition from a variety of sources with respect to virtually all of its products and services. The Company knows of no single entity that competes with it across the full range of its products and services; however, each of the lines of business in which the Company is engaged is highly competitive. Competition in the markets served is based on several considerations, which may include price, technology, applications, experience, know-how, reputation, service, and distribution. While we believe we offer a unique combination of products and services, a few competitors offer one or more similar products and services in one or more of our niche markets.

Competitive Strengths

The key advantages of our products and services include:

1. Secure, private, scalable, and reliable.

Our services have been designed to provide our customers with privacy and high levels of performance, reliability, and security. We have built, and continue to invest in, a comprehensive security infrastructure, including firewalls, intrusion detection systems, and encryption for transmission over the Internet, which we monitor and test on a regular basis. We have designed, built, and continue to maintain a multi-tenant application architecture that has been designed to enable our service to scale securely, reliably and cost effectively. Our multi-tenant application architecture maintains the integrity and separation of customer data while still permitting all customers to use the same application functionality simultaneously.

2. Rapid deployment and lower total cost of ownership.

Our services can be deployed rapidly since our customers do not have to spend time procuring, installing, or maintaining the servers, storage, networking equipment, security products or other hardware and software. We enable customers to achieve up-front savings relative to the traditional enterprise software model. Customers benefit from the predictability of their future costs since they generally pay for the service on a per subscriber basis for the term of the subscription contract.

3. High levels of user adoption.

We have designed our products and services to be intuitive and easy to use. Our products and services contain many tools and features recognizable to users of popular consumer web services, so users have a more familiar user experience than typical EHR applications. As a result, our users can often use and gain benefit from our solutions with minimal training. We have also designed our products and services to be used on popular mobile devices, making it possible for people to conduct business from their smartphones or tablets.

Competitive Strategy

Key elements of our strategy include:

1. Extending existing service offerings. We continue to innovate based on customer feedback and have designed our solutions to easily accommodate new features and functionality, especially in underserved areas of compliance and improved workflow/profitability for dental and physician practices. We continually look to improve our products and services by adding new features, functions and increased security through our own development, acquisitions, and partnerships.

2. Expanding existing customer relationships. We see significant opportunities to deepen our relationships with our existing customers. As our customers realize the benefits of our products and services, we aim to provide additional value-added products and services.

3. Expanding into new horizontal markets. As part of our growth strategy, we are delivering innovative solutions in new categories, including analytics, claims, coding, billing processing, and electronic prescribing. We drive innovation both organically and through acquisitions.

4. Extending go to market capabilities. We believe that our offerings provide significant value for businesses of any size. We continue to pursue businesses of all sizes and industries through our direct sales force and partnerships. In the past several years we have competed and won over 100 major healthcare association endorsements in 33 states. We plan to increase the number of direct sales professionals we employ and intend to develop additional distribution channels for our products and services.

In addition to the key elements of our business strategy described above, from time to time, we evaluate opportunities to acquire or invest in complementary businesses, services and technologies, and intellectual property rights.

Customers

We had no significant customers (greater than 10% of total revenue) for the years ended December 31, 2024 and 2023, respectively. Customer concentration is not significant as the Company has a large number of individual customers. In addition, concentration is reduced by the number of new customers generated through the acquisitions we completed during 2024 and 2023 respectively, as well as through organic growth in both the number of customers and number of services being purchased by new and existing customers. We had accounts receivable concentration with one customer representing 26% of total accounts receivables outstanding as of December 31, 2024 and one customer that represented 25% of accounts receivable outstanding as of December 31, 2023.

Intellectual Property

Our success depends, at least in part, on our ability to protect our core technology and intellectual property. To accomplish this, we currently rely on a combination of trade secrets, including know-how, employee and third-party nondisclosure agreements, and other contractual rights to establish and protect our proprietary rights in our technology. We do not currently own any patents or trademarks.

Government Regulations

We are not currently subject to direct regulation by any government agency, other than regulations applicable to businesses generally, and there are currently few laws or regulations directly applicable to the access of or commerce on the Internet. However, it is possible that a number of laws and regulations will be adopted with respect to the Internet, covering issues such as user privacy, pricing, characteristics, e-mail marketing and quality of products and services. Such laws and regulations could dampen the growth and use of the Internet generally and decrease the acceptance of the Internet as a communication and commercial medium and could thereby have a material adverse effect on our business, results of operations and financial condition.

EMPLOYEES

As of December 31, 2024 the Company had 72 employees of which 68 were full-time employees.

AVAILABLE INFORMATION

Our Annual Reports on Form 10-K, Quarterly Reports on Form 10-Q, Current Reports on Form 8-K, and amendments to reports are filed with the SEC pursuant to Sections 13(a) and 15(d) of the Securities Exchange Act of 1934, as amended (the “Exchange Act”), are filed with the SEC. Such reports and other information that we file with the SEC are available free of charge on our website at https://www.icoreconnect.com/sec-filings when such reports are available on the SEC website. The SEC maintains an Internet site that contains reports, proxy and information statements and other information regarding issuers that file electronically with the SEC at http://www.sec.gov. The contents of these websites are not incorporated into this filing. Further, the foregoing references to the URLs for these websites are intended to be textual references only.

Item 1A. Risk Factors.

Investing in our common stock involves a high degree of risk. Before purchasing our common stock, you should carefully consider the following risk factors as well as all other information contained in this Report, including our financial statements and the related notes. The risks and uncertainties described below are not the only ones facing us. Additional risks and uncertainties that we are unaware of, or that we currently deem immaterial, also may become important factors that affect us. If any of the following risks occur, our business, financial condition or results of operations could be materially and adversely affected. In that case, the trading price of our common stock could decline, and you may lose some or all of your investment.

Risks Related to Our Business

Our business is difficult to evaluate because we have a limited operating history.

Because we have a limited operating and revenue generating history, we do not have significant historical financial information on which to base planned revenues and operating expenses. Revenues for the years ended December 31, 2024 and December 31, 2023, were $10,746,466 and $8,151,587, respectively. We expect to experience fluctuations in future quarterly and annual operating results that may be caused by many factors, including: merger and acquisition activity; our ability to achieve significant sales for our products and services; the cost of technology, software and other costs associated with the production and distribution of our products and services; the size and rate of growth of the market for Internet products and online content and services; the potential introduction by others of products that are competitive with our products; the unpredictable nature of online businesses and e-commerce in general; and the general economic conditions in the United States and worldwide.

Investors should evaluate us considering the delays, expenses, problems and uncertainties frequently encountered by companies developing markets for new products, services and technologies. We may never overcome these obstacles.

Our board of directors recently concluded that we needed to restate previously issued financial statements as a result of a change in accounting for debt with embedded derivatives.

Our audit committee concluded, after consultation with management, that our previously issued unaudited financial statements for the periods ended September 30, 2024, included in the Company’s Quarterly Reports of Form 10-Q for the period ended September 30, 2024, should no longer be relied upon as a result of the change in accounting for debt with embedded derivatives. The Company valued the warrant and conversion features using a Black Scholes model and recognized the value of the warrants as equity and expense over the term of the loan and had expensed the value of the conversion feature and increased the value of its debt over the term of the loan. The Company concluded that conversion features and warrants should have been recognized as embedded derivatives, bifurcated from the host instruments and presented and valued at fair value. The adjustments resulting therein, change to current liabilities, paid-in-capital, other expenses – finance fee, other expenses – change in fair value of warrants, other expenses – change in fair value of embedded derivatives, net loss, and net loss attributable to common stockholders that we previously reported, but has no impact on previously reported cash.

One of our secured creditors has commenced an auction of substantially all of our assets in order to satisfy a debt obligation and we if are unable to satisfy the obligations subject to the auction and prevent the auction for being completed, our business will be irreparably harmed.

On March 10, 2025, we received notice from PIGI Solutions, LLC (“PIGI”) that PIGI was exercising its purported right as a secured creditor under the Uniform Commercial Code (Del. UCC § 9-613) to conduct a public auction of substantially all of our personal property. PIGI has indicated that the closing of the auction is to occur on or after May 9, 2025. PIGI claims the Company owes $2,434,243 in principal and interest, which we dispute. The disputed amounts arise out of a finder’s fee agreement discussed below.

On April 4, 2025, we and our wholly-owned subsidiary, iCore Midco Inc., a Nevada corporation (“Midco”) filed a complaint in the United States District Court Middle District of Florida initiating a civil action against PIGI and John Schneller (the “Defendants”). In the complaint, we and Midco assert, among other claims, that the Defendants fraudulently induced Midco into a finder’s fee agreement, under which PIGI allegedly acted as an unregistered broker-dealer, and that the finder’s fee agreement is voidable under Section 29(b) of the Securities Exchange Act of 1934. The relief requested includes, among other things, rescission of the finder’s fee agreement and related loan documents, injunctive relief against PIGI taking any further action to enforce the finder’s fee agreement, and monetary damages.

On May 6, 2025, the Company, Midco, the Defendants, and the bidder of the assets entered into a Settlement and Mutual Release Agreement (the “Settlement Agreement”) pursuant to which the parties agreed that the Company will have the right until May 30, 2025, to effectively terminate the auction and retain control of the Company’s assets by making a payment of $3,099,747, which includes the satisfaction of amounts owed to PIGI and the payment of certain expenses related to the auction, and a payment of $50,000 to the bidder of the assets. Upon the payment of the foregoing amounts, the Company and Midco have agreed to dismiss the above lawsuit with prejudice and the parties have agreed to mutual releases. The Company expects to satisfy the payment obligations pursuant to the Settlement Agreement prior to May 30, 2025. However, if we are unsuccessful in preventing the sale of our assets, our business will be irreparably harmed.

Under the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”), we could face potential liability related to the privacy of health information we obtain.

Most health care providers, from which we may obtain patient information, are subject to privacy regulations promulgated under the Health Insurance Portability and Accountability Act of 1996, or HIPAA. Although we are not directly regulated by HIPAA, we could face substantial criminal penalties if we knowingly receive individually identifiable health information from a health care provider that has not satisfied HIPAA’s disclosure standards. Further, we may face civil liability if our HIPAA compliant system fails to satisfy its disclosure standards. Claims that we have violated individuals’ privacy rights or breached our contractual obligations, even if we are not found liable, could be expensive and time consuming to defend and could result in adverse publicity that could harm our business.

We believe that we meet the HIPAA requirements currently in effect that are applicable to our internal operations and our clients. However, if we are unable to deliver application solutions that achieve or maintain compliance with the applicable HIPAA rules in effect, or as they may be modified or implemented in the future, then customers may move their businesses to application solution providers whose systems are, or will be, HIPAA compliant. As a result, our business could suffer.

If our security measures or those of our third-party data center hosting facilities, cloud computing platform providers, or third-party service partners, are breached, and unauthorized access is obtained to a customer’s data, our data or our IT systems, our services may be perceived as not being secure, customers may curtail or stop using our services, and we may incur significant legal and financial exposure and liabilities.

Our services involve the storage and transmission of our customers’ patient’s health and other sensitive data, including personally identifiable information. Security breaches could expose us to a risk of loss of this information, litigation and possible liability. While we have security measures in place, they may be breached as a result of third-party action, including intentional misconduct by computer hackers, employee error, malfeasance or otherwise and result in someone obtaining unauthorized access to our IT systems, our customers’ data or our data, including our intellectual property and other confidential business information. Additionally, third parties may attempt to fraudulently induce employees or customers into disclosing sensitive information such as usernames, passwords or other information in order to gain access to our customers’ data, our data or our IT systems. Because the techniques used to obtain unauthorized access, or to sabotage systems, change frequently and generally are not recognized until launched against a target, we may be unable to anticipate these techniques or to implement adequate preventative measures. In addition, our customers may authorize third-party technology providers to access their customer data, and some of our customers may not have adequate security measures in place to protect their data that is stored on our services. Because we do not control our customers or third-party technology providers, or the processing of such data by third-party technology providers, we cannot ensure the integrity or security of such transmissions or processing. Malicious third parties may also conduct attacks designed to temporarily deny customers access to our systems and supporting services. Any security breach could result in a loss of confidence in the security of our software, damage our reputation, negatively impact our future sales, disrupt our business and lead to legal liability.

Our ability to deliver our software is dependent on the development and maintenance of the infrastructure of the Internet by third parties.

The Internet’s infrastructure is comprised of many different networks and services that are highly fragmented and distributed by design. This infrastructure is run by a series of independent third-party organizations that work together to provide the infrastructure and supporting services of the Internet under the governance of the Internet Corporation for Assigned Numbers and Names (ICANN) and the Internet Assigned Numbers Authority (IANA), now under the stewardship of ICANN.

Even though the Internet has never experienced an outage, some providers to portions of its infrastructure have experienced outages and other delays as a result of damages, denial of service attacks or related cyber incidents, and it could face outages and delays in the future. These outages and delays could reduce the level of Internet usage or result in fragmentation of the Internet, resulting in multiple separate Internets. These scenarios are not under our control and could reduce the availability of the Internet to us or our customers for delivery of our Internet-based services. Any resulting interruptions in our services or the ability of our customers to access our services could result in a loss of potential or existing customers and harm our business.

Our business may not succeed if we are unable to keep pace with rapid technological changes.

Our services and products are impacted by rapidly changing technology, evolving industry standards, emerging competition and frequent new use, software and other product introductions. There can be no assurance that we can successfully identify new business opportunities or develop and bring new services or products to market in a timely and cost-effective manner, or those services, products or technologies developed by others will not render our services or products non-competitive or obsolete. In addition, there can be no assurance that our services, products or enhancements will achieve or sustain market acceptance or be able to address compatibility, interoperability or other issues raised by technological changes or new industry standards.

If we suffer system failures or overloading of computer systems, our business and prospects could be harmed. The success of our online offerings is highly dependent on the efficient and uninterrupted operation of our computer and communications hardware systems. Fire, floods, earthquakes, power fluctuations, telecommunications failures, hardware “crashes,” software failures caused by “bugs” or other causes, and similar events could damage or cause interruptions in our systems. Computer viruses, electronic break-ins or other similar disruptive problems could also adversely affect our websites. If our systems, or the systems of any of the websites on which we advertise or with which we have material marketing agreements, are affected by any of these occurrences, our business, results of operations and financial condition could be materially and adversely affected.

The establishment of our brand is important to our future success.

Establishing and maintaining a brand name and recognition is critical for attracting and expanding our client base. The promotion and enhancement of our name depends on the effectiveness of our marketing and advertising efforts and on our success in continuing to provide high-quality services, neither of which can be assured. If our brand marketing efforts are unsuccessful, our business could fail.

Our business could suffer if we are unable to protect our intellectual property rights or are liable for infringing the intellectual property rights of others.

We have certain trade secrets and other similar intellectual property which are significant to our success, and we rely upon related law, trade secret protection, and other confidentiality and license agreements with our employees, strategic partners, and others to protect our proprietary rights to the extent such protection is available and enforceable. Such protection has only limited effectiveness. The development of the Internet has also increased the ease with which third parties can distribute our copyrighted material without our authorization.

We may seek to pursue the registration of trademarks, trade dress and trade secrets in the United States and, based upon anticipated use, in certain other countries. We may not be entitled to the benefits of any such registration for an extended period due to the cost and delay in effecting such registration. In addition, effective trademark and trade secret protection may not be available in every country in which our products are available. We expect that we may license, in the future, elements of our trademarks, trade dress and other similar proprietary rights to third parties. Further, we may be subject to claims in the ordinary course of our business, including claims of alleged infringement of the trademarks and intellectual property rights of third parties by us and our licensees.

Other parties may assert claims of infringement of intellectual property or other proprietary rights against us. These claims, even if without merit, could require us to expend significant financial and managerial resources. Furthermore, if claims like this were successful, we might be required to change our trademarks, alter our content or pay financial damages, any of which could substantially increase our operating expenses. We also may be required to obtain licenses from others to refine, develop, market and deliver new services. We may be unable to obtain any needed license on commercially reasonable terms or at all, and rights granted under any licenses may not be valid and enforceable.

Our success will be limited if we are unable to attract, retain and motivate highly skilled personnel.

Our future success will depend on our ability to attract, retain and motivate highly skilled programming, management, sales and other key personnel. Competition for such personnel is intense in the Internet industry, and we may be unable to successfully attract, integrate or retain sufficiently qualified personnel. In addition, our ability to generate revenues relates directly to our personnel in terms of both the numbers and expertise of the personnel we have available to work on our projects. Moreover, competition for qualified employees may require us to increase our cash or equity compensation, which may have an adverse effect on earnings.

We are also dependent on the services of our executive officers and key consultants and independent agents. There can be no assurance, however, that we can obtain executives of comparable expertise and commitment in the event of death, or that our business would not suffer material adverse effects as the result of a death, disability or voluntary departure of any such executive officer. Further, the loss of the services of any one or more of our key employees or consultants could have a materially adverse effect on our business and our financial condition. In addition, we will also need to attract and retain other highly skilled technical and managerial personnel for whom competition is intense. If we are unable to do so, our business, results of operations and financial condition could be materially adversely affected.

Any system failure or slowdown could significantly harm our reputation and damage our business.

System failures would harm our reputation and reduce our attractiveness to customers. In addition, the users of the services we maintain for our customers depend on Internet service providers, online service providers and other web site operators for access to our web sites. Some of these providers and operators have experienced significant outages in the past, and they could experience outages, delays and other difficulties due to system failures unrelated to our systems.

We compete in a highly competitive market and many of our competitors have greater financial resources and established relationships with major corporate customers.

Our future profitability depends on our ability to compete successfully by continuing to differentiate our products and services from the products and services of our competitors. If one or more of our competitors begins to offer integrated, Internet Based, HIPAA Compliant healthcare information collaboration solutions, there may be a material adverse effect on our business, financial condition or operating results. We believe that our ability to compete successfully depends on a number of factors, including: our ability to produce products that are superior in quality to that of our competitors and get those products and services to market quickly; our ability to deliver our products and services at a price that remains competitive with that of our competitors; our ability to respond promptly and effectively to the challenges of technological change, evolving standards, and our competitors’ innovations; the scope of our products and services and the rate at which we and our competitors introduce them; customer service and satisfaction; and industry and general economic trends.

Regulatory developments in the future related to the Internet could create a legal uncertainty; such developments could materially harm our business.

We are not currently subject to direct regulation by any government agency, other than regulations applicable to businesses generally, and there are currently few laws or regulations directly applicable to the access of or commerce on the Internet. However, it is possible that a number of laws and regulations will be adopted with respect to the Internet, covering issues such as user privacy, pricing, characteristics, e-mail marketing and quality of products and services. Such laws and regulations could dampen the growth and use of the Internet generally and decrease the acceptance of the Internet as a communication and commercial medium and could thereby have a material adverse effect on our business, results of operations and financial condition.

We are vulnerable to changes in general economic conditions.

We are affected by certain economic factors that are beyond our control, including changes in the overall economic environment and systemic events such as the Covid-19 Pandemic which impact our operations as well as our customers.

Legal proceedings could lead to unexpected losses.

From time to time during the normal course of carrying on our business, we may be a party to various legal proceedings through private actions, class actions, administrative proceedings, regulatory actions or other litigations or proceedings. The outcome of litigation, particularly class action lawsuits and regulatory actions, is difficult to assess or quantify. In the event that management determines that the likelihood of an adverse judgment in a pending litigation is probable and that the exposure can be reasonably estimated, appropriate reserves are recorded at that time pursuant to the Financial Accounting Standards Board’s (“FASB”) Accounting Standards Codification (“ASC”) Topic 450, “Contingencies.” The final outcome of any litigation could adversely affect operating results if the actual settlement amount exceeds established reserves and insurance coverage.

Our results of operations could vary as a result of the methods, estimates, and judgments that we use in applying accounting policies.

The methods, estimates, and judgments that we use in applying accounting policies have a large impact on our results of operations. For further information, see “Critical Accounting Estimates” in Part II, Item 7 of this Form 10-K. These methods, estimates, and judgments are subject to large risks, uncertainties, and assumptions, and changes could affect our results of operations

We have identified material weaknesses in internal control over financial reporting. If we fail to maintain effective internal controls over financial reporting, the price of our common stock may be adversely affected.

We are required to establish and maintain appropriate internal controls over financial reporting. Failure to establish those controls, or any failure of those controls once established, could adversely impact our public disclosures regarding our business, financial condition or results of operations. Any failure of these controls could also prevent us from maintaining accurate accounting records and discovering accounting errors and financial fraud.

As of December 31, 2024, our principal executive officer and principal financial and accounting officer concluded that our disclosure controls and procedures were not effective as of December 31, 2024 due to a material weaknesses as follows:

To address these material weaknesses, management has devoted, and plans to continue to devote, significant effort and resources to the remediation and improvement of its internal control over financial reporting. While we have processes to identify and appropriately apply applicable accounting requirements, we plan to enhance these processes to better evaluate its research and understanding of the nuances of the complex accounting standards that apply to its financial statements. We plan to include providing enhanced access to accounting literature, research materials and documents and increased communication among its personnel and third-party professionals with whom it consults regarding complex accounting applications and we also plan to hire additional personnel to help provide adequate segregation of duties in the financial reporting process.

We may engage in merger and acquisition activity from time to time and may not achieve the contemplated benefits from such activity.

We have engaged in recent merger and acquisition activity. Achieving the contemplated benefits from such activity may be subject to a number of significant challenges and uncertainties, including integration issues, coordination between geographically separate organizations, and competitive factors in the marketplace. We could also encounter unforeseen transaction and integration-related costs or other circumstances such as unforeseen liabilities or other issues. Any of these circumstances could result in increased costs, decreased revenue, decreased synergies and the diversion of management time and attention. If we are unable to achieve our objectives within the anticipated time frame, or at all, the expected benefits may not be realized fully or at all, or may take longer to realize than expected, which could have an adverse effect on our business, financial condition and results of operations, or cash flows. Any of these risks could harm our business. In addition, to facilitate these acquisitions or investments, we may seek additional equity or debt financing, which may not be available on terms favorable to us or at all, which may affect our ability to complete subsequent acquisitions or investments, and which may affect the risks of owning our common stock.

A system failure or breach of system or network security could delay or interrupt services to our customers or subject us to significant liability.

We have implemented security measures such as firewalls, virus protection, intrusion detection and access controls to address the risk of computer viruses and unauthorized access. However, there can be no assurances that any of these efforts will be adequate to prevent a system failure, accident or security breach, any of which could result in a material disruption to our business. In addition, substantial costs may be incurred to remedy the damages caused by any such disruptions.

Our software may not operate properly, which could damage our reputation, give rise to claims against us, or divert application of our resources from other purposes, any of which could harm our business and operating results.

Software development is time-consuming, expensive, and complex. Unforeseen difficulties can arise. We may encounter technical obstacles, and it is possible that we discover additional problems that prevent our applications from operating properly. If our systems do not function reliably or fail to achieve client expectations in terms of performance, clients could assert liability claims against us or attempt to cancel their contracts with us. This could damage our reputation and impair its ability to attract or retain clients.

Information services as complex as those we offer have in the past contained, and may in the future develop or contain, undetected defects, vulnerabilities, or errors. We cannot assure that material performance problems or defects in our services will not arise in the future. Errors may result from sources beyond our control, including the receipt, entry, or interpretation of patient information; interface of our services with legacy systems that we did not develop; or errors in data provided by third parties. It is challenging for us to test our software for all potential problems because it is difficult to simulate the wide variety of computing environments or treatment methodologies that its clients may deploy or rely upon. Therefore, despite testing, defects or errors may arise in our existing or new software or service processes following introduction to the market.

In light of this, defects, vulnerabilities, and errors and any failure by us to identify and address them could result in loss of revenue or market share; liability to clients, their patients, or others; failure to achieve market acceptance or expansion; diversion of development and management resources; delays in the introduction of new services; injury to our reputation; and increased service and maintenance costs. Defects, vulnerabilities, or errors in our software and service processes might discourage existing or potential clients from purchasing services from us. Correction of defects, vulnerabilities, or errors could prove to be impossible or impracticable. The costs incurred in correcting any defects, vulnerabilities, or errors or in responding to resulting claims or liability may be substantial and could adversely affect our operating results.

If our services fail to provide accurate and timely information, or if its content or any other element of any of its services is associated with faulty clinical decisions or treatment, we could have liability to clients, clinicians, or patients, which could adversely affect its results of operations.

Some of our software, content, and services are used to support clinical decision-making by providers and deliver information about patient medical histories, treatment plans, medical conditions, and the use of particular medications. If our software, content, or services fail to provide accurate and timely information or it is associated with faulty clinical decisions or treatment, then clients, clinicians, or their patients could assert claims against it that could result in substantial costs to us, harm our reputation in the industry, and cause demand for our services to decline.

Our iCoreRX service provide healthcare professionals with access to clinical information, including information regarding particular medical conditions and the use of particular medications. If our content, or content we obtain from third parties, contains inaccuracies, or we introduce inaccuracies in the process of implementing third-party content, it is possible that patients, physicians, consumers, the providers of the third-party content, or others may sue us if they are harmed as a result of such inaccuracies. We cannot assure that our quality control procedures will be sufficient to ensure that there are no errors or omissions in particular content.

The assertion of such claims and ensuing litigation, regardless of its outcome, could result in substantial cost to us, divert management’s attention from operations, damage our reputation, and decrease market acceptance of our services. We attempt to limit by contract our liability for damages and requires that our clients assume responsibility for medical care. Despite these precautions, the allocations of responsibility and limitations of liability set forth in our contracts may not be enforceable, be binding upon patients, or otherwise protect us from liability for damages. Furthermore, general liability and errors and omissions insurance coverage may not continue to be available on acceptable terms or may not be available in sufficient amounts to cover one or more large claims against us. In addition, the insurer might disclaim coverage as to any future claim. One or more large claims could exceed our available insurance coverage. If any of these risks occur, they could materially adversely affect our business, financial condition, or results of operations. If any of the following risks occur, our business, financial condition or results of operations could be materially and adversely affected.

Because we generally recognize revenues from our subscription service over the subscription term, a decrease in new subscriptions or renewals during a reporting period may not be immediately reflected in our operating results for that period.

We generally recognize revenues from customers ratably over the terms of their subscriptions. Net new annual contract value from new subscriptions, expanded contracts and contract renewals entered into during a period can generally be expected to generate revenues for the duration of the subscription term. As a result, a small portion of the revenues we report in each period are derived from the recognition of deferred revenues relating to subscriptions entered into during previous periods. Consequently, a decrease in new or renewed subscriptions in any single reporting period will have a limited impact on our revenues for that period. In addition, our ability to adjust our cost structure in the event of a decrease in new or renewed subscriptions may be limited.

Further, a decline in new subscriptions, expanded contracts or renewals in a given period may not be fully reflected in our revenues for that period, but they will negatively affect our revenues in future periods. Accordingly, the effect of significant downturns in sales and market acceptance of our services, and changes in our rate of renewals, may not be fully reflected in our results of operations until future periods. Our subscription model also makes it difficult for us to rapidly increase our revenues through additional sales in any period, as revenues from new customers are generally recognized over the applicable subscription term. Additionally, due to the complexity of certain customer contracts, the actual revenue recognition treatment required under Accounting Standard Codification Topic 606, “Revenue from Contracts with Customers (“Topic 606”)” depends on contract-specific terms and may result in greater variability in revenues from period to period. In addition, a decrease in new subscriptions, expansion contracts or renewals in a reporting period may not have an immediate impact on billings for that period due to factors that may offset the decrease, such as an increase in billings duration, the dollar value of contracts with future start dates, or the dollar value of collections in the current period related to contracts with future start dates.

Risks Related to Our Common Stock

The price of our common stock may be volatile.

The price of our common stock has been and is likely to continue to be volatile. Since our common stock began trading as iCoreConnect on August 28, 2023, our common stock has traded from a low price of $0.24 to a high price of $414.00. The market price for our common stock may be influenced by many factors, including the other risks described in this section of the prospectus. In addition, the stock markets in general, and the markets for former special purpose acquisition companies post-business combination businesses in particular, have experienced extreme volatility. This volatility can often be unrelated to the operating performance of the underlying business. These broad market and industry factors may seriously harm the market price of our common stock, regardless of our operating performance.

We may incur significant costs from class action litigation due to the expected stock volatility.

The price of our common stock may fluctuate for many reasons, including as a result of public announcements regarding the progress of our business. When the market price of a stock has been volatile as our common stock, holders of that stock have occasionally brought securities class action litigation against the company that issued the stock. Additionally, there has recently been a general increase in litigation against companies that have recently completed a business combination with a special purpose acquisition company alleging fraud and other claims based on inaccurate or misleading disclosures. If any of our stockholders were to bring a lawsuit of this type against us, even if the lawsuit is without merit, we could incur substantial costs defending the lawsuit. Any such lawsuit could also divert the time and attention of management.

On May 20, 2025, we received a determination letter from the Nasdaq Hearings Panel that the Panel has determined to delist our common stock from Nasdaq. Suspension of trading of the common stock occurred at the opening of business on May 22, 2025.

As previously disclosed, we were notified by the Listing Qualifications Department of Nasdaq that we were not in compliance with certain listing requirements, including Listing Rule 5250(c)(1) since we had not yet filed our Form 10-K for the period ended December 31, 2024.

We requested a hearing with a Nasdaq Hearings Panel (“Panel”), which had the effect of staying any suspension or delisting action pending the conclusion of the hearings process. On April 24, 2025, we received notification from the Panel that it had granted an extension until May 15, 2025 to file our Form 10-K for the period ended December 31, 2024, and until June 30, 2025, to demonstrate compliance with all continued listing requirements for the Nasdaq Capital Market.

On May 20, 2025, we received a determination letter from the Panel informing us that the Panel has determined to delist our common stock from Nasdaq for failure by the Company to timely file its Form 10-K for the year ended December 31, 2024 and Form 10-Q for the quarter ended March 31, 2025. Suspension of trading of the common stock occurred at the opening of business on May 22, 2025.

The notification indicates that Nasdaq will effect the delisting by filing a Form 25 Notification of Delisting with the Securities and Exchange Commission after the applicable Nasdaq appeal and review periods have expired. We may appeal the delisting determination to the Nasdaq Listing and Hearing Review Council within the required 15 days from the date of the Panel’s decision. However, an appeal would not stay the suspension of the trading of our securities on Nasdaq.

Delisting from Nasdaq will adversely affect our ability to raise additional financing through the public or private sale of equity securities, may significantly affect the ability of investors to trade our securities and may negatively affect the value and liquidity of our common stock. Delisting can have other negative results, including the potential loss of employee confidence, the loss of institutional investors and general investors that will consider investing in our common stock, a reduction in the number of market makers in our common stock, a reduction in the availability of information concerning the trading prices and volume of our common stock, a reduction in the number of broker-dealers willing to execute trades in shares of our common stock or interest in business development opportunities. Further, we may become a “penny stock” in the future, which would make trading of our common stock more difficult.

We are an “emerging growth company” and it cannot be certain if the reduced disclosure requirements applicable to emerging growth companies will make our common stock less attractive to investors, which may make it more difficult to compare our performance with other public companies.

We are an emerging growth company as defined in the JOBS Act, and we intend to take advantage of certain exemptions from various reporting requirements that are applicable to other public companies that are not emerging growth companies, including not being required to comply with the auditor attestation requirements of Section 404 of the Sarbanes-Oxley Act, reduced disclosure obligations regarding executive compensation in periodic reports and proxy statements and exemptions from the requirements of holding a nonbinding advisory vote on executive compensation and stockholder approval of any golden parachute payments not previously approved. To the extent we continue to take advantage of any of these exemptions, the information that we provide stockholders may be different than what is available with respect to other public companies. Investors may find our common stock less attractive because we will continue to rely on these exemptions. If some investors find our common stock less attractive as a result, there may be a less active trading market for the common stock, and the stock price may be more volatile.

An emerging growth company may elect to delay the adoption of new or revised accounting standards. Because we have made this election, Section 102(b)(2) of the JOBS Act allows us to delay adoption of new or revised accounting standards until those standards apply to non-public business entities. As a result, the financial statements contained in this prospectus and those that we will file in the future may not be comparable to companies that comply with public business entities revised accounting standards effective dates.

We are also a “smaller reporting company” as such term is defined in the Rule 12b-2 of the Exchange Act, meaning that the market value of our common stock held by non-affiliates plus any proposed aggregate amount of gross proceeds to us as a result of an offering is less than $700 million and our annual revenue is less than $100 million during the most recently completed fiscal year. Even after we no longer qualify as an emerging growth company, we may still qualify as a “smaller reporting company” which would allow us to take advantage of many of the same exemptions from disclosure requirements, including exemption from compliance with the auditor attestation requirements of Section 404 and reduced disclosure obligations regarding executive compensation in periodic reports and proxy statements. Investors could find our common stock less attractive because it may rely on these exemptions. If some investors find our common stock less attractive as a result, there may be a less active trading market for our common stock and the trading price may be more volatile.

Reports published by analysts, including projections in those reports that differ from our actual results, could adversely affect the price and trading volume of our common stock.

We currently expect that securities research analysts will establish and publish their own periodic financial projections for our business. These projections may vary widely and may not accurately predict our results. Our stock price may decline if our actual results do not match the projections of these securities research analysts. Similarly, if one or more of the analysts who write reports on us downgrade our stock or publishes inaccurate or unfavorable research about our business, our stock price could decline. If one or more of these analysts ceases coverage of us or fails to publish reports on us regularly, our stock price or trading volume could decline. While we expect research analyst coverage, if no analysts commence coverage of us, the trading price and volume for our common stock could be adversely affected.

Delaware law and provisions in our certificate of incorporation and bylaws could make a takeover proposal more difficult.

Our organizational documents are governed by Delaware law. Certain provisions of Delaware law and of our certificate of incorporation and bylaws could discourage, delay, defer or prevent a merger, tender offer, proxy contest or other change of control transaction that a stockholder might consider in its best interest, including those attempts that might result in a premium over the market price for the shares of the common stock held by our stockholders. These provisions include the ability of the Board to designate the terms of and issue new series of preference shares, supermajority voting requirements to amend certain provisions of our certificate of incorporation, and a prohibition on stockholder actions by written consent, which may make more difficult the removal of management and may discourage transactions that otherwise could involve payment of a premium over prevailing market prices for our securities.

These anti-takeover provisions as well as certain provisions of Delaware law could make it more difficult for a third party to acquire us, even if the third party’s offer may be considered beneficial by many of our stockholders. As a result, our stockholders may be limited in their ability to obtain a premium for their shares. If prospective takeovers are not consummated for any reason, we may experience negative reactions from the financial markets, including negative impacts on the price of the common stock. These provisions could also discourage proxy contests and make it more difficult for stockholders to elect directors of their choosing and to cause us to take other corporate actions that our stockholders desire.

Our certificate of incorporation designates the Court of Chancery of the State of Delaware as the sole and exclusive forum for certain types of actions and proceedings and the federal district courts as the sole and exclusive forum for other types of actions and proceedings, in each case, that may be initiated by our stockholders, which could limit our stockholders’ ability to obtain what such stockholders believe to be a favorable judicial forum for disputes with us or our directors, officers or other employees or increase our stockholders’ costs in bringing such a claim.

Our certificate of incorporation provides that, unless we consents to the selection of an alternative forum, the Court of Chancery of the State of Delaware will be the sole and exclusive forum for (i) any derivative action or proceeding brought on behalf of the Company; (ii) any action asserting a claim of breach of a fiduciary duty owed by any director, officer or employee of the Company to the Company or its stockholders; (iii) any action asserting a claim against the Company or any director, officer or employee arising pursuant to any provision of the DGCL or our certificate of incorporation or bylaws; or (iv) any action asserting a claim against the Company or any director, officer or employee of the Company governed by the internal affairs doctrine, and, if brought outside of Delaware, the stockholder bringing the suit will be deemed to have consented to (A) the personal jurisdiction of the state and federal courts within Delaware and (B) service of process on such stockholder’s counsel. The provision described in the immediately preceding sentence will not apply to (i) suits brought to enforce a duty or liability created by the Exchange Act or any other claim for which the federal courts have exclusive jurisdiction and (ii) any complaint asserting a cause of action arising under the Securities Act of 1933, as amended, or the rules and regulations promulgated thereunder, for which the federal courts will be the exclusive forum. Any person or entity purchasing or otherwise acquiring an interest in any shares of our capital stock will be deemed to have notice of and to have consented to the forum provisions in our certificate of incorporation. These choice-of-forum provisions may limit a stockholder’s ability to bring a claim in a judicial forum that he, she or it believes to be favorable for disputes with us or our directors, officers or other employees, which may discourage such lawsuits against us and our directors, officers, or other employees and may result in increased litigation costs for our stockholders. We note that there is uncertainty as to whether a court would enforce these provisions and that investors cannot waive compliance with the federal securities laws and the rules and regulations thereunder. Section 22 of the Securities Act creates concurrent jurisdiction for state and federal courts over all suits brought to enforce any duty or liability created by the Securities Act or the rules and regulations thereunder.

Alternatively, if a court were to find these provisions of our certificate of incorporation inapplicable or unenforceable with respect to one or more of the specified types of actions or proceedings, we may incur additional costs associated with resolving such matters in other jurisdictions, which could materially adversely affect our business, financial condition and results of operations and result in a diversion of the time and resources of our management and the Board.

The terms of the convertible notes we have issued may impose additional challenges on our ability to raise capital.

As of December 31, 2024, we have outstanding convertible notes in aggregate principal and interest amounts of $5,797,850 that are convertible into common stock at an average conversion price of $13.56. The additional shares of common stock issued upon the conversion of the convertible notes will result in dilution to the then existing holders of our common stock and increase the number of shares eligible for resale in the public market. Sales of a substantial number of such shares in the public market could adversely affect the market price of our common stock.

Item 1B. Unresolved Staff Comments.

None.

Item 1C. Cybersecurity.

Risk Management and Strategy

We utilize a Cloud-only architecture which enables us to reduce risk by leveraging the scalability, high availability, and advanced security features of cloud platforms, thereby minimizing the potential for system downtime and data breaches while ensuring seamless disaster recovery options.

All 3rd party vendors' security policies are reviewed and updated as part of our annual Security Risk Assessment. Access to sensitive data is strictly regulated and provided on a need to know basis. Access is granted for the express purpose of assisting our customers with technical and training issues related to the use of our SaaS products; or for the purpose of research, design and development of product related features and bugfixes.

Risk management in software development involves identifying, assessing, and mitigating risks that could impact the project's success. This strategy begins with a thorough risk identification process, where potential issues such as technical challenges, project scope changes, and resource constraints are recognized early. Each risk is then assessed for its probability of occurrence and potential impact on the project. Based on this assessment, risk mitigation strategies are developed and implemented. These strategies might include adopting flexible project management methodologies like Agile, investing in training for team members, implementing robust testing and quality assurance processes, and maintaining open communication channels with all stakeholders. Additionally, regular risk reviews are conducted throughout the project lifecycle to ensure that new risks are identified and managed promptly.

The Company’s’ Cybersecurity Policies are updated annually and reviewed by Independent 3rd Party Vendors to certify compliance. The Company requires Cybersecurity Awareness training for all new hires and a minimum of an annual review of such policies for all employees. The Company created and deployed an extensive Learning Management System that tracks employee adherence to Cyber Security Awareness, HIPAA and other related content. The Company’s’ Cybersecurity Incident Response Policy provides specific steps for any employee that detects an attack to take to help stop the propagation of the threat and report the incident to their Superiors, the IT Team and the Security Manager.

While there are significant threats of all types in the modern connected world, studies show that phishing attacks and social engineering through email and other electronic means are of high concern. With the vast majority (some say as high as 95%) of such attacks originating via email, employee education on how to identify and handle suspicious email and other forms of communication is critical in protecting the data and infrastructure.

To date, we have not experienced any cybersecurity incidents that have materially affected our business strategy, results of operations or financial condition.

Governance

The Board is responsible for general risk oversight. The Board reviews and evaluates management's evaluation and mitigation of cyber risks as part of its oversight of the Company's Risk Management program. Management periodically reviews cyber risks, incidents, and risk mitigation plans and activities with the Board.

We engaged an outside consulting firm to conduct a review of our information systems environment and make recommendations to improve security where appropriate. Management shared the report's findings with the Board and periodically updates the Board regarding our progress on implementing the report's recommendations.