XML 48 R32.htm IDEA: XBRL DOCUMENT v3.25.0.1
Cybersecurity Risk Management and Strategy Disclosure
 12 Months Ended
Dec. 31, 2024
Cybersecurity Risk Management, Strategy, and Governance [Line Items]  
Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]
All companies utilizing technology are subject to threats of breaches of their cybersecurity programs. We understand the importance of securing our data and information technology systems and networks, as well as the data customers and other stakeholders entrust to us. We have established policies, processes and practices for assessing, identifying, and managing material risks from cybersecurity threats which are integrated into our overall risk management program and based on frameworks established by the National Institute of Standards and Technology (“NIST”), the International Organization for Standardization (“ISO”) and other applicable industry standards. Despite this, there can be no guarantee that our policies and procedures will be effective. Refer to “Risk Factors” for additional detail about the material cybersecurity risks we face. Our cybersecurity program includes the following:
Collaboration, Education, Incident Response and Recovery Planning

Our key security, risk, and compliance personnel meet regularly and, together with our cybersecurity consultants, develop strategies for preserving the confidentiality, integrity and availability of data and our information technology systems and networks. We have established incident response and recovery plans to address potential cybersecurity incidents, including assessing the severity of a cyber incident, which are regularly evaluated for their effectiveness. Management maintains controls and procedures and periodically conducts tabletop exercises that are designed to ensure prompt escalation of material cybersecurity incidents so that decisions regarding public disclosure and reporting of such incidents can be made by management and the Board of Directors (our “Board”) in a timely manner. In addition, we regularly educate employees on the importance of maintaining the security of our information technology systems and networks and over handling and protecting customer and employee data, including through regular phishing awareness campaigns, security awareness communications, and recurring privacy and security training.
Cybersecurity Risk Management Processes Integrated [Flag] true
Cybersecurity Risk Management Processes Integrated [Text Block] On an ongoing basis, we assess cybersecurity risk, including the review of our policies, standards, processes and practices. These assessments include a variety of activities including third party security penetration testing and independent reviews of our information security control environment and operating effectiveness. The results of these assessment activities are presented to our Board, Audit Committee, and members of management.
Cybersecurity Risk Management Third Party Engaged [Flag] true
Cybersecurity Risk Third Party Oversight and Identification Processes [Flag] true
Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag] false
Cybersecurity Risk Board of Directors Oversight [Text Block] Our chief information officer (“CIO”) and chief information security officer (“CISO”) have primary responsibility for assessing and managing material cybersecurity risks. Quarterly cybersecurity updates are provided to executive leadership to review security key performance indicators, identify security risks, and assess the status of approved security enhancements, and risk mitigation strategies. Our CIO has served in various roles in information technology and information security for over 30 years, including serving as the CIO of three other companies. Our CIO holds an undergraduate degree in computer science. Our CISO holds 11 industry security, risk, and/or privacy certifications and has served in various roles in information technology and information security for 25 years, including serving as the Director, Global Security, Privacy & Data Governance for one of the world's largest privately held transport corporations. Our Board, in coordination with the Audit Committee, oversees our management of cybersecurity risk. The Audit Committee receives regular cybersecurity risk reports from management and, at least annually, our Board receives reports from management, including our CIO and CISO about the prevention, detection, mitigation, and remediation of cybersecurity incidents, including material security risks and information security vulnerabilities.
Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block] Our chief information officer (“CIO”) and chief information security officer (“CISO”) have primary responsibility for assessing and managing material cybersecurity risks. Quarterly cybersecurity updates are provided to executive leadership to review security key performance indicators, identify security risks, and assess the status of approved security enhancements, and risk mitigation strategies.
Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block] Our chief information officer (“CIO”) and chief information security officer (“CISO”) have primary responsibility for assessing and managing material cybersecurity risks. Quarterly cybersecurity updates are provided to executive leadership to review security key performance indicators, identify security risks, and assess the status of approved security enhancements, and risk mitigation strategies.
Cybersecurity Risk Role of Management [Text Block] Our chief information officer (“CIO”) and chief information security officer (“CISO”) have primary responsibility for assessing and managing material cybersecurity risks. Quarterly cybersecurity updates are provided to executive leadership to review security key performance indicators, identify security risks, and assess the status of approved security enhancements, and risk mitigation strategies.
Cybersecurity Risk Management Positions or Committees Responsible [Flag] true
Cybersecurity Risk Management Positions or Committees Responsible [Text Block] Our chief information officer (“CIO”) and chief information security officer (“CISO”) have primary responsibility for assessing and managing material cybersecurity risks. Quarterly cybersecurity updates are provided to executive leadership to review security key performance indicators, identify security risks, and assess the status of approved security enhancements, and risk mitigation strategies.
Cybersecurity Risk Management Expertise of Management Responsible [Text Block] Our CIO has served in various roles in information technology and information security for over 30 years, including serving as the CIO of three other companies. Our CIO holds an undergraduate degree in computer science. Our CISO holds 11 industry security, risk, and/or privacy certifications and has served in various roles in information technology and information security for 25 years, including serving as the Director, Global Security, Privacy & Data Governance for one of the world's largest privately held transport corporations.
Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block] The Audit Committee receives regular cybersecurity risk reports from management and, at least annually, our Board receives reports from management, including our CIO and CISO about the prevention, detection, mitigation, and remediation of cybersecurity incidents, including material security risks and information security vulnerabilities.
Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag] true