XML 108 R91.htm IDEA: XBRL DOCUMENT v3.25.0.1
Cybersecurity Risk Management and Strategy
 12 Months Ended
Dec. 31, 2024
Cybersecurity Risk Management, Strategy, and Governance [Abstract]  
Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block] As part of our overall risk management framework, our cybersecurity program is designed to identify, assess, and manage cyber risks. The program involves risk assessments, implementation of security measures, and ongoing monitoring of systems and networks. We continually evaluate the current threat landscape to identify material risks arising from new and evolving cybersecurity threats.
Cybersecurity Risk Management Processes Integrated [Flag] true
Cybersecurity Risk Management Processes Integrated [Text Block] If a cybersecurity incident occurs, incident response procedures are in place to ensure that the occurrence is appropriately reported to the CISO and senior management.
Cybersecurity Risk Management Third Party Engaged [Flag] true
Cybersecurity Risk Third Party Oversight and Identification Processes [Flag] true
Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag] true
Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Text Block] Assessment of Cybersecurity Risk

The potential impact of risks from cybersecurity threats to the Company is assessed on an ongoing basis. During the reporting period and through the issuance of this Annual Report on Form 10-K, the Company has not identified any risks from cybersecurity threats, including as a result of previous cybersecurity incidents, that the Company believes have materially affected, or are reasonably likely to materially affect the Company, including its business strategy, operational results, and financial condition. For additional information about cybersecurity risks, see Part I, Item 1A, “Risk Factors” in this Annual Report on Form 10-K.
Cybersecurity Risk Board of Directors Oversight [Text Block]

Our Board of Directors receives periodic updates on cybersecurity matters and the overall state of our cybersecurity program from our CEO (based on consultation with our CISO and other senior members of our Information Security and/or Technology teams).

Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block] The Company has established the Cyber Materiality Committee (“CMC”), whose purpose is to review cybersecurity incidents escalated to it by our Threat & Incident Management Team and determine whether they are material and thus require a disclosure on Form 8-K. CMC’s membership includes the Chief Executive Officer (“CEO”), the Chief Financial Officer, the Executive Vice President of Technology, the CISO, and other senior leaders.
Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block] Our Board of Directors receives periodic updates on cybersecurity matters and the overall state of our cybersecurity program from our CEO (based on consultation with our CISO and other senior members of our Information Security and/or Technology teams).
Cybersecurity Risk Role of Management [Text Block] Management and Board Oversight of Cybersecurity Risks

The Company’s management, including the Company’s Executive Vice President of Technology and Chief Information Security Officer (“CISO”), are responsible for assessing and managing material risks from cybersecurity threats. Members of Company management possess relevant expertise in various disciplines that are key to effectively managing such risks.

The Company’s management, including through its oversight of the Company’s policies and procedures regarding cybersecurity, is actively involved in the prevention, detection, mitigation, and remediation of cybersecurity incidents impacting or with the potential to impact the Company. Management’s oversight is augmented through the Company’s Enterprise Risk Management Framework, which includes risk and control assessments related to the Company’s cybersecurity program. Additionally, the Company’s Internal Audit Group periodically audits aspects of the Company’s cybersecurity program and reports the results of such audits to the Board’s Audit Committee, and an external audit firm conducts an annual SOC 2 attestation of the Company’s information security controls.

If a cybersecurity incident occurs, incident response procedures are in place to ensure that the occurrence is appropriately reported to the CISO and senior management. Where necessary, business continuity plans are mobilized to minimize disruption to business operations. The Company has established the Cyber Materiality Committee (“CMC”), whose purpose is to review cybersecurity incidents escalated to it by our Threat & Incident Management Team and determine whether they are material and thus require a disclosure on Form 8-K. CMC’s membership includes the Chief Executive Officer (“CEO”), the Chief Financial Officer, the Executive Vice President of Technology, the CISO, and other senior leaders.

Our Board of Directors receives periodic updates on cybersecurity matters and the overall state of our cybersecurity program from our CEO (based on consultation with our CISO and other senior members of our Information Security and/or Technology teams).

Cybersecurity Risk Management Positions or Committees Responsible [Flag] false
Cybersecurity Risk Management Positions or Committees Responsible [Text Block] The Company’s management, including the Company’s Executive Vice President of Technology and Chief Information Security Officer (“CISO”), are responsible for assessing and managing material risks from cybersecurity threats.
Cybersecurity Risk Management Expertise of Management Responsible [Text Block] Members of Company management possess relevant expertise in various disciplines that are key to effectively managing such risks.
Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block] Additionally, the Company’s Internal Audit Group periodically audits aspects of the Company’s cybersecurity program and reports the results of such audits to the Board’s Audit Committee, and an external audit firm conducts an annual SOC 2 attestation of the Company’s information security controls.
Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag] true