XML 50 R31.htm IDEA: XBRL DOCUMENT v3.25.0.1
Cybersecurity Risk Management and Strategy Disclosure
 12 Months Ended
Dec. 31, 2024
Cybersecurity Risk Management, Strategy, and Governance [Abstract]  
Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]
Our company is exposed to a variety of evolving cybersecurity risks. We invest in our cybersecurity program to manage and mitigate these risks. On an annual basis, we utilize our Enterprise Risk Management (“ERM”) program to estimate our annual loss potential based on our defined control framework and its overall effectiveness. In conjunction with our ERM program, the cybersecurity program references the CIS Critical Security Controls and the NIST Cybersecurity Framework (CSF) to guide our organization’s risk identification and mitigation procedures. In addition, we undergo an annual third-party external PCI penetration test, as well as third-party attack-surface monitoring to understand our potential vulnerabilities, threat vectors, and additional impacts to critical assets and operations. In addition, our cybersecurity team performs procedures to identify risks that inform our annual security roadmap. We also periodically review our cybersecurity policies and require cybersecurity training for our employees.

We periodically engage third-party cybersecurity experts to provide independent assessments of our cybersecurity readiness and control effectiveness. Our goal in collaborating with external cybersecurity firms is to gain insights and knowledge into emerging threats and vulnerabilities, industry trends and best practices to inform our risk remediation efforts. Additionally, we engage with our internal teams to perform tabletop exercises that inform our cybersecurity response capabilities and resilience.

We also enact a process to perform a risk assessment of new third-parties, inclusive of new third-party contracts, which provides an additional layer of oversight in identifying material risks associated with the use of particular external service providers.

At this time, we have not identified risks from known cybersecurity threats, including as a result of any previous cybersecurity incidents, that have materially affected our business strategy, results of operations or financial condition, but we cannot provide assurance that such risks or future material incidents will not materially affect us in the future. For more information regarding the risks we face from cybersecurity threats, please see Item 1A. Risk Factors.
Cybersecurity Risk Management Processes Integrated [Flag] true
Cybersecurity Risk Management Processes Integrated [Text Block] In conjunction with our ERM program, the cybersecurity program references the CIS Critical Security Controls and the NIST Cybersecurity Framework (CSF) to guide our organization’s risk identification and mitigation procedures.
Cybersecurity Risk Management Third Party Engaged [Flag] true
Cybersecurity Risk Third Party Oversight and Identification Processes [Flag] true
Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag] false
Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Text Block] we cannot provide assurance that such risks or future material incidents will not materially affect us in the future. For more information regarding the risks we face from cybersecurity threats, please see Item 1A. Risk Factors.
Cybersecurity Risk Board of Directors Oversight [Text Block]
Our management plays a pivotal role in assessing and managing material risks from cybersecurity threats. Our management has implemented a broad and continuous process for cyber event monitoring, analysis of emerging threats, and the development and implementation of risk mitigation strategies. Led by our Chief Technology Officer (“CTO”) and Chief Information Security Officer (“CISO”), we implement cybersecurity policies, procedures and strategies, including employee training programs, security assessments and attack detection alerts designed to address the constantly evolving threat landscape. Our CTO has over 20 years of technology experience, including roles at Amazon Web Services, Dell EMC, and Ball Aerospace. Our CISO has over 30 years of cybersecurity and IT leadership experience.

At the Board of Directors level, our Audit Committee oversees our risks related to information security and privacy. To accomplish this responsibility, the Audit Committee meets quarterly with our CTO and CISO to receive and discuss updates on our cybersecurity program. Top risks, key initiatives, any material cyber incidents, remediation activity and security metrics are shared to report the overall loss potential, program effectiveness, risk management conditions and current threat landscape. Our Board of Directors is committed to maintaining a well-informed and security-aware business by regularly engaging through updates on the organization’s roadmap and evolving threat landscape.
Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block] At the Board of Directors level, our Audit Committee oversees our risks related to information security and privacy.
Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block]
At the Board of Directors level, our Audit Committee oversees our risks related to information security and privacy. To accomplish this responsibility, the Audit Committee meets quarterly with our CTO and CISO to receive and discuss updates on our cybersecurity program. Top risks, key initiatives, any material cyber incidents, remediation activity and security metrics are shared to report the overall loss potential, program effectiveness, risk management conditions and current threat landscape. Our Board of Directors is committed to maintaining a well-informed and security-aware business by regularly engaging through updates on the organization’s roadmap and evolving threat landscape.
Cybersecurity Risk Role of Management [Text Block] Our management plays a pivotal role in assessing and managing material risks from cybersecurity threats. Our management has implemented a broad and continuous process for cyber event monitoring, analysis of emerging threats, and the development and implementation of risk mitigation strategies. Led by our Chief Technology Officer (“CTO”) and Chief Information Security Officer (“CISO”), we implement cybersecurity policies, procedures and strategies, including employee training programs, security assessments and attack detection alerts designed to address the constantly evolving threat landscape.
Cybersecurity Risk Management Positions or Committees Responsible [Flag] true
Cybersecurity Risk Management Positions or Committees Responsible [Text Block] Led by our Chief Technology Officer (“CTO”) and Chief Information Security Officer (“CISO”),
Cybersecurity Risk Management Expertise of Management Responsible [Text Block] Our CTO has over 20 years of technology experience, including roles at Amazon Web Services, Dell EMC, and Ball Aerospace. Our CISO has over 30 years of cybersecurity and IT leadership experience.
Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block] To accomplish this responsibility, the Audit Committee meets quarterly with our CTO and CISO to receive and discuss updates on our cybersecurity program. Top risks, key initiatives, any material cyber incidents, remediation activity and security metrics are shared to report the overall loss potential, program effectiveness, risk management conditions and current threat landscape.
Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag] true