XML 18 R8.htm IDEA: XBRL DOCUMENT v3.25.0.1
Cybersecurity Risk Management, Strategy and Governance
 12 Months Ended
Dec. 31, 2024
Cybersecurity Risk Management, Strategy, and Governance [Line Items]  
Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]

Item 1C. Cybersecurity

Risk management and strategy

We recognize the critical importance of developing, implementing, and maintaining robust cybersecurity measures to safeguard our information systems and protect the confidentiality, integrity, and availability of our data.

Managing Material Risks & Integrated Overall Risk Management

We have integrated cybersecurity risk management into our broader risk management framework to promote a company-wide culture of cybersecurity risk management. This integration ensures that cybersecurity considerations are a part of our decision-making processes at every level. Our risk management team works closely with our Information Technology (IT) team including our IT and cybersecurity vendors to continuously evaluate and address cybersecurity risks in alignment with our business objectives and operational needs.

Engage Third Parties on Risk Management

Recognizing the complexity and evolving nature of cybersecurity threats, we engage with a range of external experts in evaluating and testing our risk management systems. These partnerships enable us to leverage specialized knowledge and

insights, ensuring our cybersecurity strategies and processes remain at the forefront of industry best practices. Our collaboration with these third parties includes regular audits, threat assessments, and consultation on security enhancements.

Oversee Third Party Risk

Because we are aware of the risks associated with third party service providers, we implement stringent processes to oversee and manage these risks. We conduct thorough security assessments of all third party providers before engagement and maintain ongoing monitoring to ensure compliance with our cybersecurity standards. The monitoring includes quarterly assessments by our Chief Legal and Compliance Officer (CLCO) and our Chief Operating Officer (COO) and on an ongoing basis by our IT professionals. This approach is designed to mitigate risks related to data breaches or other security incidents originating from third parties.

Risks from Cybersecurity Threats

We have not encountered, to date, cybersecurity challenges that have materially impaired our operations or financial standing.

Governance

The Board of Directors is acutely aware of the critical nature of managing risks associated with cybersecurity threats. The Board has established robust oversight mechanisms to ensure effective governance in managing risks associated with cybersecurity threats because we recognize the significance of these threats to our operational integrity and stakeholder confidence.

Risk Management Personnel

Primary responsibility for assessing, monitoring and managing our cybersecurity risks rests with our CLCO, our COO, and our IT personnel. In their time with our company, our CLCO and our COO have become increasingly involved in investigating, responding to, and mitigating cybersecurity incidents and intrusion attempts. Their in-depth knowledge and experience are instrumental in developing and executing our cybersecurity strategies. Our CLCO and our COO oversee our governance programs, test our compliance with standards, remediate known risks, and oversee or lead our employee training program.

The CLCO and the COO regularly inform our CEO and CFO of all aspects related to cybersecurity risks and incidents. This ensures that the highest levels of management are kept abreast of the cybersecurity posture and potential risks facing our company. Furthermore, significant cybersecurity matters, and strategic risk management decisions are escalated to the Board of Directors, ensuring that they have comprehensive oversight and can provide guidance on critical cybersecurity issues.

Monitor Cybersecurity Incidents

Our CLCO, our COO, and our IT personnel are periodically informed about the latest developments in cybersecurity, including potential threats and innovative risk management techniques. This ongoing knowledge acquisition is crucial for the effective prevention, detection, mitigation, and remediation of cybersecurity incidents. Our CLCO and COO implement and oversee processes for the regular monitoring of our information systems. This includes the deployment of advanced security measures and regular system audits to identify potential vulnerabilities. In the event of a cybersecurity incident, the CLCO and COO, along with our IT personnel, are equipped with a well-defined incident response plan. This plan includes immediate actions to mitigate the impact and long-term strategies for remediation and prevention of future incidents.

Management’s Role Managing Risk

The CLCO and the COO play a pivotal role in informing the Board of Directors about cybersecurity risks. They provide comprehensive briefings to the Board of Directors, with a minimum frequency of not less than once per year. These briefings encompass a broad range of topics, including:

● Current cybersecurity landscape and emerging threats;

● Status of ongoing cybersecurity initiatives and strategies;

● Incident reports and learnings from any cybersecurity events; and

● Compliance with regulatory requirements and industry standards.

In addition, at regular meetings of the Board, the Board members, including the CEO, and the CLCO and COO maintain an ongoing dialogue regarding emerging or potential cybersecurity risks. Together, they receive updates on any significant developments in the cybersecurity domain, ensuring the Board’s oversight is proactive and responsive. The Board members actively participate in strategic decisions related to cybersecurity, offering guidance and approval for major initiatives. This involvement ensures that cybersecurity considerations are integrated into our broader strategic objectives. The Board of Directors conducts an annual review of the company’s cybersecurity posture and the effectiveness of its risk management strategies. This review helps in identifying areas for improvement and ensuring the alignment of cybersecurity efforts with the overall risk management framework.

Board of Directors Oversight

The Board of Directors as a group is responsible for oversight of cybersecurity risks and bears the primary responsibility for oversight of this domain. The Board has delegated to the Audit Committee the primary responsibility of overseeing risk management relating to cybersecurity. The Board of Directors is composed of board members with diverse expertise including, risk management, technology, and finance, equipping them to oversee cybersecurity risks effectively.
Cybersecurity Risk Management Processes Integrated [Flag] true
Cybersecurity Risk Management Processes Integrated [Text Block]

We recognize the critical importance of developing, implementing, and maintaining robust cybersecurity measures to safeguard our information systems and protect the confidentiality, integrity, and availability of our data.

Managing Material Risks & Integrated Overall Risk Management

We have integrated cybersecurity risk management into our broader risk management framework to promote a company-wide culture of cybersecurity risk management. This integration ensures that cybersecurity considerations are a part of our decision-making processes at every level. Our risk management team works closely with our Information Technology (IT) team including our IT and cybersecurity vendors to continuously evaluate and address cybersecurity risks in alignment with our business objectives and operational needs.

Engage Third Parties on Risk Management

Recognizing the complexity and evolving nature of cybersecurity threats, we engage with a range of external experts in evaluating and testing our risk management systems. These partnerships enable us to leverage specialized knowledge and

insights, ensuring our cybersecurity strategies and processes remain at the forefront of industry best practices. Our collaboration with these third parties includes regular audits, threat assessments, and consultation on security enhancements.

Oversee Third Party Risk

Because we are aware of the risks associated with third party service providers, we implement stringent processes to oversee and manage these risks. We conduct thorough security assessments of all third party providers before engagement and maintain ongoing monitoring to ensure compliance with our cybersecurity standards. The monitoring includes quarterly assessments by our Chief Legal and Compliance Officer (CLCO) and our Chief Operating Officer (COO) and on an ongoing basis by our IT professionals. This approach is designed to mitigate risks related to data breaches or other security incidents originating from third parties.

Risks from Cybersecurity Threats

We have not encountered, to date, cybersecurity challenges that have materially impaired our operations or financial standing.
Cybersecurity Risk Management Third Party Engaged [Flag] true
Cybersecurity Risk Third Party Oversight and Identification Processes [Flag] true
Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag] false
Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Text Block]

Risks from Cybersecurity Threats

We have not encountered, to date, cybersecurity challenges that have materially impaired our operations or financial standing.
Cybersecurity Risk Board of Directors Oversight [Text Block]

Board of Directors Oversight

The Board of Directors as a group is responsible for oversight of cybersecurity risks and bears the primary responsibility for oversight of this domain. The Board has delegated to the Audit Committee the primary responsibility of overseeing risk management relating to cybersecurity. The Board of Directors is composed of board members with diverse expertise including, risk management, technology, and finance, equipping them to oversee cybersecurity risks effectively.
Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block] The Board of Directors as a group is responsible for oversight of cybersecurity risks and bears the primary responsibility for oversight of this domain.
Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block] The Board of Directors is composed of board members with diverse expertise including, risk management, technology, and finance, equipping them to oversee cybersecurity risks effectively.
Cybersecurity Risk Role of Management [Text Block]

Management’s Role Managing Risk

The CLCO and the COO play a pivotal role in informing the Board of Directors about cybersecurity risks. They provide comprehensive briefings to the Board of Directors, with a minimum frequency of not less than once per year. These briefings encompass a broad range of topics, including:

● Current cybersecurity landscape and emerging threats;

● Status of ongoing cybersecurity initiatives and strategies;

● Incident reports and learnings from any cybersecurity events; and

● Compliance with regulatory requirements and industry standards.

In addition, at regular meetings of the Board, the Board members, including the CEO, and the CLCO and COO maintain an ongoing dialogue regarding emerging or potential cybersecurity risks. Together, they receive updates on any significant developments in the cybersecurity domain, ensuring the Board’s oversight is proactive and responsive. The Board members actively participate in strategic decisions related to cybersecurity, offering guidance and approval for major initiatives. This involvement ensures that cybersecurity considerations are integrated into our broader strategic objectives. The Board of Directors conducts an annual review of the company’s cybersecurity posture and the effectiveness of its risk management strategies. This review helps in identifying areas for improvement and ensuring the alignment of cybersecurity efforts with the overall risk management framework.

Cybersecurity Risk Management Positions or Committees Responsible [Flag] true
Cybersecurity Risk Management Positions or Committees Responsible [Text Block] The CLCO and the COO play a pivotal role in informing the Board of Directors about cybersecurity risks. They provide comprehensive briefings to the Board of Directors, with a minimum frequency of not less than once per year.
Cybersecurity Risk Management Expertise of Management Responsible [Text Block]

Primary responsibility for assessing, monitoring and managing our cybersecurity risks rests with our CLCO, our COO, and our IT personnel. In their time with our company, our CLCO and our COO have become increasingly involved in investigating, responding to, and mitigating cybersecurity incidents and intrusion attempts. Their in-depth knowledge and experience are instrumental in developing and executing our cybersecurity strategies. Our CLCO and our COO oversee our governance programs, test our compliance with standards, remediate known risks, and oversee or lead our employee training program.

Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block]

Our CLCO, our COO, and our IT personnel are periodically informed about the latest developments in cybersecurity, including potential threats and innovative risk management techniques. This ongoing knowledge acquisition is crucial for the effective prevention, detection, mitigation, and remediation of cybersecurity incidents. Our CLCO and COO implement and oversee processes for the regular monitoring of our information systems. This includes the deployment of advanced security measures and regular system audits to identify potential vulnerabilities. In the event of a cybersecurity incident, the CLCO and COO, along with our IT personnel, are equipped with a well-defined incident response plan. This plan includes immediate actions to mitigate the impact and long-term strategies for remediation and prevention of future incidents.
Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag] true