XML 53 R33.htm IDEA: XBRL DOCUMENT v3.25.0.1
Cybersecurity Risk Management and Strategy Disclosure
 12 Months Ended
Dec. 31, 2024
Cybersecurity Risk Management, Strategy, and Governance [Line Items]  
Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]

Our Board recognizes the importance of maintaining the trust and confidence of our customers, consumers, employees and other stakeholders and oversees cybersecurity matters. Management plays a central role in our information security program, which is a critical component of our enterprise risk management and includes the implementation of controls generally aligned with industry best practices and applicable frameworks to identify threats, deter attacks and protect our Company assets. We also include cybersecurity training as part of our mandatory, periodic employee training program. In addition, we engage a range of cybersecurity experts, including cybersecurity auditors, assessors, and consultants, in evaluating and testing our risk management systems. These partnerships enable us to leverage specialized knowledge and insights to help ensure that our cybersecurity strategies and processes remain in line with industry best practices. Our collaboration with these third parties includes regular audits, threat assessments, and consultations on security enhancements.
Cybersecurity Risk Management Processes Integrated [Flag] true
Cybersecurity Risk Management Processes Integrated [Text Block] Management plays a central role in our information security program, which is a critical component of our enterprise risk management and includes the implementation of controls generally aligned with industry best practices and applicable frameworks to identify threats, deter attacks and protect our Company assets. We also include cybersecurity training as part of our mandatory, periodic employee training program. In addition, we engage a range of cybersecurity experts, including cybersecurity auditors, assessors, and consultants, in evaluating and testing our risk management systems. These partnerships enable us to leverage specialized knowledge and insights to help ensure that our cybersecurity strategies and processes remain in line with industry best practices. Our collaboration with these third parties includes regular audits, threat assessments, and consultations on security enhancements.
Cybersecurity Risk Management Third Party Engaged [Flag] true
Cybersecurity Risk Third Party Oversight and Identification Processes [Flag] true
Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag] false
Cybersecurity Risk Board of Directors Oversight [Text Block]

Our Chief Information Officer and his team are responsible for leading our cybersecurity strategy, policy, standards, architecture, and processes. Our information security leadership team has more than 20 years of combined experience in cyber and information security matters. Our information security program is also supported by our Chief Compliance Officer and other members of senior management. We conduct periodic reviews of our program by internal and external experts with the results of those reviews reported to senior management and the Board. Moreover, the Audit Committee of our Board (the “Audit Committee”) reviews our cybersecurity matters with our Chief Information Officer at each of its quarterly meetings. We have procedures in place for selecting and managing our relationships with third-party service providers and other business partners. For example, we require certain third-party service providers and other business partners to provide us with SOC II reports that demonstrate alignment with security standards. We also actively engage with industry participants as part of our continuing efforts to evolve our cybersecurity governance.

Our information security team promptly informs our Incident Response Team of potentially material cybersecurity incidents, including with respect to our third-party service providers. The Chief Information Officer briefs our Co-Chief Executive Officers and reports to the Audit Committee. The Audit Committee, in turn and if appropriate, briefs the Board on, among other matters, our cyber risks and threats, the status of projects to strengthen our information security systems (such as employee cybersecurity training), an assessment of the information security program, and the emerging threat landscape. The Cybersecurity and Compliance Steering Committee, comprised of senior members of management, convenes on a quarterly basis to review all matters related to strengthening our cybersecurity posture and providing governance.

For a discussion regarding risks from cybersecurity threats that are reasonably likely to affect the Company, see “Part I, Item 1A – Risk Factors – Our use of information technology exposes us to cybersecurity attacks and other interruptions that could disrupt our business operations and adversely impact our reputation and results of operations,” “Cybersecurity attacks, business interruptions, and compliance issues experienced by third parties could materially and adversely affect our financial condition, results of operation and cash flows” and “If we fail to comply with data privacy and personal data protection laws, we could be subject to adverse publicity, government enforcement actions and/or private litigation, which may negatively impact our business and operating results.
Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block] Audit Committee
Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block] Our information security team promptly informs our Incident Response Team of potentially material cybersecurity incidents, including with respect to our third-party service providers. The Chief Information Officer briefs our Co-Chief Executive Officers and reports to the Audit Committee. The Audit Committee, in turn and if appropriate, briefs the Board on, among other matters, our cyber risks and threats, the status of projects to strengthen our information security systems (such as employee cybersecurity training), an assessment of the information security program, and the emerging threat landscape.
Cybersecurity Risk Role of Management [Text Block]

Our Chief Information Officer and his team are responsible for leading our cybersecurity strategy, policy, standards, architecture, and processes. Our information security leadership team has more than 20 years of combined experience in cyber and information security matters. Our information security program is also supported by our Chief Compliance Officer and other members of senior management. We conduct periodic reviews of our program by internal and external experts with the results of those reviews reported to senior management and the Board. Moreover, the Audit Committee of our Board (the “Audit Committee”) reviews our cybersecurity matters with our Chief Information Officer at each of its quarterly meetings. We have procedures in place for selecting and managing our relationships with third-party service providers and other business partners. For example, we require certain third-party service providers and other business partners to provide us with SOC II reports that demonstrate alignment with security standards. We also actively engage with industry participants as part of our continuing efforts to evolve our cybersecurity governance.

Our information security team promptly informs our Incident Response Team of potentially material cybersecurity incidents, including with respect to our third-party service providers. The Chief Information Officer briefs our Co-Chief Executive Officers and reports to the Audit Committee. The Audit Committee, in turn and if appropriate, briefs the Board on, among other matters, our cyber risks and threats, the status of projects to strengthen our information security systems (such as employee cybersecurity training), an assessment of the information security program, and the emerging threat landscape. The Cybersecurity and Compliance Steering Committee, comprised of senior members of management, convenes on a quarterly basis to review all matters related to strengthening our cybersecurity posture and providing governance.
Cybersecurity Risk Management Positions or Committees Responsible [Flag] true
Cybersecurity Risk Management Positions or Committees Responsible [Text Block] Chief Information Officer
Cybersecurity Risk Management Expertise of Management Responsible [Text Block] Our information security leadership team has more than 20 years of combined experience in cyber and information security matters.
Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block] We conduct periodic reviews of our program by internal and external experts with the results of those reviews reported to senior management and the Board.
Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag] true