XML 27 R10.htm IDEA: XBRL DOCUMENT v3.25.0.1
Cybersecurity Risk Management, Strategy and Governance
 12 Months Ended
Dec. 31, 2024
Cybersecurity Risk Management, Strategy, and Governance [Abstract]  
Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]

Cybersecurity Risk Management and Strategy

We have developed and implemented a cybersecurity risk management program intended to protect the confidentiality, integrity, and availability of our critical systems and information.

We use the NIST Cybersecurity Framework and CIS Critical Security Controls as a guide to help us identify, assess, and manage cybersecurity risks relevant to our business. This does not imply that we meet any particular technical standards, specifications, or requirements.

Our cybersecurity risk management program is integrated with our overall enterprise risk management program, and shares common methodologies, reporting channels and governance processes that apply across the enterprise risk management program to other legal, compliance, strategic, operational, and financial risk areas.

Our cybersecurity risk management program includes the following key elements:

risk assessments designed to help identify material cybersecurity risks to our critical systems, information, services, and our broader enterprise IT environment;
a team comprised of IT personnel principally responsible for directing (1) our cybersecurity risk assessment processes, (2) our security processes, and (3) our response to cybersecurity incidents;
the use of external cybersecurity service providers, where appropriate, to monitor, assess, test or otherwise assist with aspects of our security processes;
cybersecurity awareness training of employees with access to our IT systems;
a cybersecurity incident response plan and Security Operations Center (SOC) to respond to cybersecurity incidents; and
a third-party risk management process for service providers.

There can be no assurance that our cybersecurity risk management program, including our controls, procedures and processes, will be fully complied with or that our program will be fully effective in protecting the confidentiality, integrity and availability of our information systems, product and network.

We have not identified risks from known cybersecurity threats, including as a result of any prior cybersecurity incidents, that have materially affected us, including our operations, business strategy, results of operations, or financial condition. We face certain ongoing risks from cybersecurity threats that, if realized and material, are reasonably likely to materially affect us, including our operations, business strategy, results of operations, or financial condition. These and other risks related to cybersecurity matters are described in more detail in Item 1A. Risk Factors.

Cybersecurity Governance

Our Board considers cybersecurity risk as critical to the enterprise and delegates the cybersecurity risk oversight function to the Audit Committee. The Audit Committee oversees management’s design, implementation, and enforcement of our cybersecurity risk management program.

Our Chief Information Officer (CIO) reports to the Chief Administrative Officer & General Counsel and leads the Company’s overall cybersecurity function. The Audit Committee receives regular reports from our CIO on our cybersecurity risks, including briefings on our cyber risk management program and cybersecurity incidents. Audit Committee members also receive periodic presentations on cybersecurity topics from our CIO, supported by our internal security staff, or external experts as part of the Board’s continuing education on topics that impact public companies.

Our CIO supervises efforts to prevent, detect, mitigate, and remediate cybersecurity risks and incidents through various means, which include briefings from internal security personnel; threat intelligence and other information obtained from governmental, public or private sources, including external cybersecurity service providers; and alerts and reports produced by security tools deployed in the IT environment.

Our CIO is responsible for assessing and managing our material risks from cybersecurity threats. Our CIO has primary responsibility for leading our overall cybersecurity risk management program and supervises both our internal cybersecurity personnel and our external cybersecurity service providers. Our CIO has been publicly recognized as a cybersecurity thought leader by leading industry analysts. Our CIO has over 25 years of technical leadership and industry experience, which is inclusive of global experience in managing and leading IT and cybersecurity teams. Our cybersecurity team holds industry standard certifications and participates in routine training.
Cybersecurity Risk Management Processes Integrated [Flag] true
Cybersecurity Risk Management Processes Integrated [Text Block] Our cybersecurity risk management program is integrated with our overall enterprise risk management program, and shares common methodologies, reporting channels and governance processes that apply across the enterprise risk management program to other legal, compliance, strategic, operational, and financial risk areas.
Cybersecurity Risk Management Third Party Engaged [Flag] true
Cybersecurity Risk Third Party Oversight and Identification Processes [Flag] true
Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag] false
Cybersecurity Risk Board of Directors Oversight [Text Block]

Our Board considers cybersecurity risk as critical to the enterprise and delegates the cybersecurity risk oversight function to the Audit Committee. The Audit Committee oversees management’s design, implementation, and enforcement of our cybersecurity risk management program.

Our Chief Information Officer (CIO) reports to the Chief Administrative Officer & General Counsel and leads the Company’s overall cybersecurity function. The Audit Committee receives regular reports from our CIO on our cybersecurity risks, including briefings on our cyber risk management program and cybersecurity incidents. Audit Committee members also receive periodic presentations on cybersecurity topics from our CIO, supported by our internal security staff, or external experts as part of the Board’s continuing education on topics that impact public companies.

Our CIO supervises efforts to prevent, detect, mitigate, and remediate cybersecurity risks and incidents through various means, which include briefings from internal security personnel; threat intelligence and other information obtained from governmental, public or private sources, including external cybersecurity service providers; and alerts and reports produced by security tools deployed in the IT environment.

Our CIO is responsible for assessing and managing our material risks from cybersecurity threats. Our CIO has primary responsibility for leading our overall cybersecurity risk management program and supervises both our internal cybersecurity personnel and our external cybersecurity service providers. Our CIO has been publicly recognized as a cybersecurity thought leader by leading industry analysts. Our CIO has over 25 years of technical leadership and industry experience, which is inclusive of global experience in managing and leading IT and cybersecurity teams. Our cybersecurity team holds industry standard certifications and participates in routine training.
Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block] Our Board considers cybersecurity risk as critical to the enterprise and delegates the cybersecurity risk oversight function to the Audit Committee.
Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block] The Audit Committee receives regular reports from our CIO on our cybersecurity risks, including briefings on our cyber risk management program and cybersecurity incidents.
Cybersecurity Risk Role of Management [Text Block]

Our Chief Information Officer (CIO) reports to the Chief Administrative Officer & General Counsel and leads the Company’s overall cybersecurity function. The Audit Committee receives regular reports from our CIO on our cybersecurity risks, including briefings on our cyber risk management program and cybersecurity incidents. Audit Committee members also receive periodic presentations on cybersecurity topics from our CIO, supported by our internal security staff, or external experts as part of the Board’s continuing education on topics that impact public companies.

Our CIO supervises efforts to prevent, detect, mitigate, and remediate cybersecurity risks and incidents through various means, which include briefings from internal security personnel; threat intelligence and other information obtained from governmental, public or private sources, including external cybersecurity service providers; and alerts and reports produced by security tools deployed in the IT environment.

Our CIO is responsible for assessing and managing our material risks from cybersecurity threats. Our CIO has primary responsibility for leading our overall cybersecurity risk management program and supervises both our internal cybersecurity personnel and our external cybersecurity service providers
Cybersecurity Risk Management Positions or Committees Responsible [Flag] true
Cybersecurity Risk Management Positions or Committees Responsible [Text Block] Our CIO is responsible for assessing and managing our material risks from cybersecurity threats. Our CIO has primary responsibility for leading our overall cybersecurity risk management program and supervises both our internal cybersecurity personnel and our external cybersecurity service providers.
Cybersecurity Risk Management Expertise of Management Responsible [Text Block] Our CIO has been publicly recognized as a cybersecurity thought leader by leading industry analysts. Our CIO has over 25 years of technical leadership and industry experience, which is inclusive of global experience in managing and leading IT and cybersecurity teams. Our cybersecurity team holds industry standard certifications and participates in routine training.
Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block] The Audit Committee receives regular reports from our CIO on our cybersecurity risks, including briefings on our cyber risk management program and cybersecurity incidents. Audit Committee members also receive periodic presentations on cybersecurity topics from our CIO, supported by our internal security staff, or external experts as part of the Board’s continuing education on topics that impact public companies.

Our CIO supervises efforts to prevent, detect, mitigate, and remediate cybersecurity risks and incidents through various means, which include briefings from internal security personnel; threat intelligence and other information obtained from governmental, public or private sources, including external cybersecurity service providers; and alerts and reports produced by security tools deployed in the IT environment.
Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag] true