XML 50 R35.htm IDEA: XBRL DOCUMENT v3.25.0.1
Cybersecurity Risk Management and Strategy Disclosure
 12 Months Ended
Dec. 31, 2024
Cybersecurity Risk Management, Strategy, and Governance [Line Items]  
Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block] As part of our overall risk management process, we have established a cybersecurity program and dedicated teams to manage and assess material risks from cybersecurity threats, direct the policies and procedures in place to protect our information systems, and respond to cybersecurity incidents if they occur. These teams and committees, which additionally monitor the prevention, detection, and remediation of cybersecurity incidents, include the following:
Our Cybersecurity Executive Council, which is comprised of executive leadership, including our Chief Executive Officer, General Counsel, Chief Information Security Officer, and senior leaders from our segments and key operating companies. The Cybersecurity Executive Council is responsible for reviewing policies and procedures related to cybersecurity and our cybersecurity program. Such policies and procedures, as well as our cybersecurity program generally, are discussed with the Board.
Our Cybersecurity Compliance Committee, which is made up of key cybersecurity and information technology personnel at the segment and operating company levels, receives regular updates and training with respect to cybersecurity in order to advise and assist management, including the Cybersecurity Executive Council, in implementing information systems security and incident response at our operating companies.
Our cybersecurity program is managed by our Chief Information Security Officer, who has more than 40 years of experience in information security, both in private industry and as an active-duty member of the United States Air Force. Such experience includes developing security practices, processes, and standards, leading security teams, managing incident response and implementing technologies to enhance security and compliance.
We have also implemented cybersecurity training. For example, key information technology and security personnel meet biweekly for training, updates on new cybersecurity threats, and implementation of new policies and all employees are required to undergo annual cybersecurity training, including email and password safety and phishing detection.
We engage third-party cybersecurity firms to support our in-house cybersecurity initiatives and provide additional expertise with respect to our cybersecurity programs. Such firms are overseen by our General Counsel and Chief Information Security Officer and provide the following services:
On an annual basis, conduct penetration testing to evaluate the susceptibility of our information systems to cybersecurity threats and the effectiveness of our cybersecurity program;
On a biennial basis, conduct a comprehensive “tabletop” exercise to evaluate our incident response policies and procedures and provide relevant experience for our employees tasked with executing such response; and
On a biennial basis, conduct a cybersecurity assessment based on the National Institute of Standards and Technology’s Cybersecurity Framework.
We have also established a process to evaluate third-party vendors and suppliers for cybersecurity risk and compliance with our security standards. As applicable, on an annual basis we review System and Organization Controls (SOC) 1 reports for all significant third-party vendors.
In addition to the efforts discussed above, we have developed and maintain an Incident Response Plan to establish a process for addressing cybersecurity incidents. The Incident Response Plan includes incident response teams in place at the corporate and operating company levels to respond to a potential cybersecurity incident, processes for internal and external reporting, and other procedures to facilitate response and coordination.
Cybersecurity Risk Management Processes Integrated [Flag] true
Cybersecurity Risk Management Processes Integrated [Text Block] As part of our overall risk management process, we have established a cybersecurity program and dedicated teams to manage and assess material risks from cybersecurity threats, direct the policies and procedures in place to protect our information systems, and respond to cybersecurity incidents if they occur.
Cybersecurity Risk Management Third Party Engaged [Flag] true
Cybersecurity Risk Third Party Oversight and Identification Processes [Flag] true
Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag] false
Cybersecurity Risk Board of Directors Oversight [Text Block] Our Board of Directors (the “Board”) oversees our policies, procedures, and processes related to risk management, including assessing, identifying, and managing risks from cybersecurity threats. This oversight is performed primarily through the Audit Committee. The Board has delegated to the Audit Committee responsibility for reviewing, with management, the guidelines and policies with respect to: (a) risk assessment and risk management, (b) our major risk exposures, and (c) the steps management has taken to monitor and control such exposures.The Audit Committee receives periodic reports relating to risk assessment and risk management, including cybersecurity threats, from our senior management, including our Chief Executive Officer, Chief Financial Officer, General Counsel, Chief Information Security Officer, the head of our Internal Audit Department, and our Vice President of Risk Management. A cybersecurity update is provided to the Audit Committee at least quarterly. Members of our Audit Committee, and certain of our executive officers, including our Chief Executive Officer, General Counsel, and Chief Information Security Officer, are participants in IANS, an industry leading cybersecurity education platform.
Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block] The Audit Committee receives periodic reports relating to risk assessment and risk management, including cybersecurity threats, from our senior management, including our Chief Executive Officer, Chief Financial Officer, General Counsel, Chief Information Security Officer, the head of our Internal Audit Department, and our Vice President of Risk Management. A cybersecurity update is provided to the Audit Committee at least quarterly. Members of our Audit Committee, and certain of our executive officers, including our Chief Executive Officer, General Counsel, and Chief Information Security Officer, are participants in IANS, an industry leading cybersecurity education platform.
Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block]
The Audit Committee receives periodic reports relating to risk assessment and risk management, including cybersecurity threats, from our senior management, including our Chief Executive Officer, Chief Financial Officer, General Counsel, Chief Information Security Officer, the head of our Internal Audit Department, and our Vice President of Risk Management. A cybersecurity update is provided to the Audit Committee at least quarterly. Members of our Audit Committee, and certain of our executive officers, including our Chief Executive Officer, General Counsel, and Chief Information Security Officer, are participants in IANS, an industry leading cybersecurity education platform.
Governance, Risk Management, and Strategy. As part of our overall risk management process, we have established a cybersecurity program and dedicated teams to manage and assess material risks from cybersecurity threats, direct the policies and procedures in place to protect our information systems, and respond to cybersecurity incidents if they occur. These teams and committees, which additionally monitor the prevention, detection, and remediation of cybersecurity incidents, include the following:
Our Cybersecurity Executive Council, which is comprised of executive leadership, including our Chief Executive Officer, General Counsel, Chief Information Security Officer, and senior leaders from our segments and key operating companies. The Cybersecurity Executive Council is responsible for reviewing policies and procedures related to cybersecurity and our cybersecurity program. Such policies and procedures, as well as our cybersecurity program generally, are discussed with the Board.
Cybersecurity Risk Role of Management [Text Block] As part of our overall risk management process, we have established a cybersecurity program and dedicated teams to manage and assess material risks from cybersecurity threats, direct the policies and procedures in place to protect our information systems, and respond to cybersecurity incidents if they occur. These teams and committees, which additionally monitor the prevention, detection, and remediation of cybersecurity incidents, include the following:
Our Cybersecurity Executive Council, which is comprised of executive leadership, including our Chief Executive Officer, General Counsel, Chief Information Security Officer, and senior leaders from our segments and key operating companies. The Cybersecurity Executive Council is responsible for reviewing policies and procedures related to cybersecurity and our cybersecurity program. Such policies and procedures, as well as our cybersecurity program generally, are discussed with the Board.
Our Cybersecurity Compliance Committee, which is made up of key cybersecurity and information technology personnel at the segment and operating company levels, receives regular updates and training with respect to cybersecurity in order to advise and assist management, including the Cybersecurity Executive Council, in implementing information systems security and incident response at our operating companies.
Our cybersecurity program is managed by our Chief Information Security Officer, who has more than 40 years of experience in information security, both in private industry and as an active-duty member of the United States Air Force. Such experience includes developing security practices, processes, and standards, leading security teams, managing incident response and implementing technologies to enhance security and compliance.
Cybersecurity Risk Management Positions or Committees Responsible [Flag] true
Cybersecurity Risk Management Positions or Committees Responsible [Text Block] Our Cybersecurity Executive Council, which is comprised of executive leadership, including our Chief Executive Officer, General Counsel, Chief Information Security Officer, and senior leaders from our segments and key operating companies. The Cybersecurity Executive Council is responsible for reviewing policies and procedures related to cybersecurity and our cybersecurity program. Such policies and procedures, as well as our cybersecurity program generally, are discussed with the Board.
Our Cybersecurity Compliance Committee, which is made up of key cybersecurity and information technology personnel at the segment and operating company levels, receives regular updates and training with respect to cybersecurity in order to advise and assist management, including the Cybersecurity Executive Council, in implementing information systems security and incident response at our operating companies.
Our cybersecurity program is managed by our Chief Information Security Officer, who has more than 40 years of experience in information security, both in private industry and as an active-duty member of the United States Air Force.
Cybersecurity Risk Management Expertise of Management Responsible [Text Block] Our cybersecurity program is managed by our Chief Information Security Officer, who has more than 40 years of experience in information security, both in private industry and as an active-duty member of the United States Air Force. Such experience includes developing security practices, processes, and standards, leading security teams, managing incident response and implementing technologies to enhance security and compliance.
Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block] As part of our overall risk management process, we have established a cybersecurity program and dedicated teams to manage and assess material risks from cybersecurity threats, direct the policies and procedures in place to protect our information systems, and respond to cybersecurity incidents if they occur. These teams and committees, which additionally monitor the prevention, detection, and remediation of cybersecurity incidents, include the following:
Our Cybersecurity Executive Council, which is comprised of executive leadership, including our Chief Executive Officer, General Counsel, Chief Information Security Officer, and senior leaders from our segments and key operating companies. The Cybersecurity Executive Council is responsible for reviewing policies and procedures related to cybersecurity and our cybersecurity program. Such policies and procedures, as well as our cybersecurity program generally, are discussed with the Board.
Our Cybersecurity Compliance Committee, which is made up of key cybersecurity and information technology personnel at the segment and operating company levels, receives regular updates and training with respect to cybersecurity in order to advise and assist management, including the Cybersecurity Executive Council, in implementing information systems security and incident response at our operating companies.
Our cybersecurity program is managed by our Chief Information Security Officer, who has more than 40 years of experience in information security, both in private industry and as an active-duty member of the United States Air Force. Such experience includes developing security practices, processes, and standards, leading security teams, managing incident response and implementing technologies to enhance security and compliance.
Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag] true