XML 69 R45.htm IDEA: XBRL DOCUMENT v3.25.0.1
Cybersecurity Risk Management and Strategy Disclosure
 12 Months Ended
Dec. 31, 2024
Cybersecurity Risk Management, Strategy, and Governance [Line Items]  
Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]
Cybersecurity Risk Management and Strategy

We have developed and implemented a cybersecurity risk management program intended to protect the confidentiality, integrity, and availability of our critical systems and information. Our cybersecurity risk management program is integrated with our overall enterprise risk management program and shares common methodologies, reporting channels, and governance processes that apply across the enterprise risk management program to other legal, compliance, strategic, operational, and financial risk areas.

Our overall cybersecurity program includes, amongst other things:

security tools, technologies and processes, control reviews, policy reviews, penetration tests, and investments in our security infrastructure;
cybersecurity awareness training exercises for our employees, including phishing simulations to raise awareness of spoofed or manipulated electronic communications, and other critical security threats;
annual review of System and Organization (“SOC”) reports for our core third-party providers based on our assessment of their respective criticality and risk profile; and
a Cybersecurity Incident Response Plan that provides a framework and guidelines for responding to cybersecurity incidents that may compromise the confidentiality, integrity, and availability of our critical systems and information.

Our Board has delegated to the Audit Committee oversight of cybersecurity and other information technology risks. The Audit Committee receives periodic reports from management on our cybersecurity risks.

We have not identified known risks, including as a result of prior cybersecurity incidents, that have materially affected us, including our operations, business strategy, results of operations, or financial condition. We face certain ongoing risks from cybersecurity threats that, if realized, are reasonably likely to materially affect us, including our operations, business strategy, results of operations, or financial condition. See “Risk Factors – We face risks associated with perceived or actual security breaches through cyberattacks, cyber intrusions or otherwise, as well as other significant disruptions of our information technology (IT) networks and related systems or those of our critical service providers.”
Cybersecurity Risk Management Processes Integrated [Flag] true
Cybersecurity Risk Management Processes Integrated [Text Block] We have developed and implemented a cybersecurity risk management program intended to protect the confidentiality, integrity, and availability of our critical systems and information. Our cybersecurity risk management program is integrated with our overall enterprise risk management program and shares common methodologies, reporting channels, and governance processes that apply across the enterprise risk management program to other legal, compliance, strategic, operational, and financial risk areas.
Cybersecurity Risk Management Third Party Engaged [Flag] true
Cybersecurity Risk Third Party Oversight and Identification Processes [Flag] true
Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag] false
Cybersecurity Risk Board of Directors Oversight [Text Block]
Our Board considers cybersecurity risk as critical to the enterprise and delegates the cybersecurity risk oversight function to the Audit Committee. The Audit Committee oversees management’s design, implementation, and enforcement of our cybersecurity risk management program.

The Audit Committee reports to the full Board regarding its activities, including those related to cybersecurity risk oversight. The full Board also receives briefings from management on our cyber risk management program. Board members receive presentations on cybersecurity topics from our Executive Vice President, Chief Administrative Officer, Executive Vice President, General Counsel and Secretary, and Vice President, Enterprise Applications as part of the Board’s continuing education.

Our cybersecurity risk management team - including our Executive Vice President, Chief Financial Officer and Treasurer, Executive Vice President, Chief Administrative Officer, Executive Vice President, General Counsel and Secretary, Senior Vice President, Chief Accounting Officer and Controller, Senior Vice President, Information Technology, and the Vice President, Enterprise Applications - is responsible for assessing and managing our material risks from cybersecurity threats. The team has primary responsibility for our overall cybersecurity risk management program and supervises our internal cybersecurity personnel, our retained external cybersecurity consultants, and the simulated tabletop exercises of our Cybersecurity Incident Response Plan, conducted at least
annually to ensure our team is prepared to respond to any future cybersecurity incidents. The team is informed about and monitors the prevention, detection, mitigation, and remediation of cybersecurity incidents through briefings with internal and external personnel, publicly available information about cybersecurity risks and threats, and through alerts from security tools deployed in our IT environment.

Our Vice President, Enterprise Application’s experience includes a Certified Information Systems Security Professional (“CISSP”) certification, which is designed for security professionals with extensive knowledge in contemporary cybersecurity and information security practices. In addition, our Chief Executive Officer has broad expertise in overseeing cybersecurity programs, incident response teams, and information technology departments.
Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block]
Our Board considers cybersecurity risk as critical to the enterprise and delegates the cybersecurity risk oversight function to the Audit Committee. The Audit Committee oversees management’s design, implementation, and enforcement of our cybersecurity risk management program.
Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block] The full Board also receives briefings from management on our cyber risk management program. Board members receive presentations on cybersecurity topics from our Executive Vice President, Chief Administrative Officer, Executive Vice President, General Counsel and Secretary, and Vice President, Enterprise Applications as part of the Board’s continuing education.
Cybersecurity Risk Role of Management [Text Block]
Our cybersecurity risk management team - including our Executive Vice President, Chief Financial Officer and Treasurer, Executive Vice President, Chief Administrative Officer, Executive Vice President, General Counsel and Secretary, Senior Vice President, Chief Accounting Officer and Controller, Senior Vice President, Information Technology, and the Vice President, Enterprise Applications - is responsible for assessing and managing our material risks from cybersecurity threats. The team has primary responsibility for our overall cybersecurity risk management program and supervises our internal cybersecurity personnel, our retained external cybersecurity consultants, and the simulated tabletop exercises of our Cybersecurity Incident Response Plan, conducted at least
annually to ensure our team is prepared to respond to any future cybersecurity incidents. The team is informed about and monitors the prevention, detection, mitigation, and remediation of cybersecurity incidents through briefings with internal and external personnel, publicly available information about cybersecurity risks and threats, and through alerts from security tools deployed in our IT environment.

Our Vice President, Enterprise Application’s experience includes a Certified Information Systems Security Professional (“CISSP”) certification, which is designed for security professionals with extensive knowledge in contemporary cybersecurity and information security practices. In addition, our Chief Executive Officer has broad expertise in overseeing cybersecurity programs, incident response teams, and information technology departments.
Cybersecurity Risk Management Positions or Committees Responsible [Flag] true
Cybersecurity Risk Management Positions or Committees Responsible [Text Block] Our Board has delegated to the Audit Committee oversight of cybersecurity and other information technology risks. The Audit Committee receives periodic reports from management on our cybersecurity risks.
Cybersecurity Risk Management Expertise of Management Responsible [Text Block]
Our Vice President, Enterprise Application’s experience includes a Certified Information Systems Security Professional (“CISSP”) certification, which is designed for security professionals with extensive knowledge in contemporary cybersecurity and information security practices. In addition, our Chief Executive Officer has broad expertise in overseeing cybersecurity programs, incident response teams, and information technology departments.
Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block]
The Audit Committee reports to the full Board regarding its activities, including those related to cybersecurity risk oversight. The full Board also receives briefings from management on our cyber risk management program. Board members receive presentations on cybersecurity topics from our Executive Vice President, Chief Administrative Officer, Executive Vice President, General Counsel and Secretary, and Vice President, Enterprise Applications as part of the Board’s continuing education.
Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag] true