XML 52 R38.htm IDEA: XBRL DOCUMENT v3.25.1
Cybersecurity Risk Management and Strategy Disclosure
 12 Months Ended
Dec. 31, 2024
Cybersecurity Risk Management, Strategy, and Governance [Line Items]  
Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]
Our enterprise information security program is designed to detect, manage, mitigate, and respond to cybersecurity threats and is integrated into our overall risk management systems. The Company’s Chief Information Security Officer (“CISO”), in concert with a Data Security Committee, is responsible for developing and implementing our enterprise information security program and reporting cybersecurity matters to senior management. The company's enterprise information security program adheres to the National Institute of Standards and Technology (NIST) Cybersecurity Framework 2.0 and other relevant industry frameworks as necessary.

Our risk management strategy encompasses a range of policies, procedures, and controls designed to safeguard our information assets. Key elements of our risk management and control framework include Information Technology (“IT”) policies and procedures, employee training, annual disaster recovery tests, and penetration tests performed by third-party experts. The Company also employs systems and processes designed to oversee and identify cybersecurity threats associated with third-party vendors. The Company has established robust IT policies and procedures governing the use, access, and protection of our digital assets. These policies serve as a foundation for secure operations, outlining best practices and compliance standards for our employees. The Company recognizes the crucial role of employees in maintaining a secure environment and conducts regular cybersecurity training programs. These initiatives are designed to empower our staff with the knowledge and skills necessary to identify and respond to potential threats, reducing the risk of human error in cybersecurity matters. To test the preparedness of our operations in the face of unforeseen events, the Company conducts annual disaster recovery tests. These tests evaluate our ability to recover critical systems and data in the event of a disruption, contributing to our overall business continuity and risk mitigation efforts. As part of our commitment to maintaining a strong defense against cyber threats, the Company engages third-party experts to conduct regular penetration tests on our network. These tests are intended to simulate real-world cyber-attacks, allowing us to identify vulnerabilities and address them proactively.

The Company’s planned investments in cybersecurity include implementing advanced data loss prevention measures, encryption protocols, and continuous monitoring to safeguard sensitive information and mitigate the risk of unauthorized access or disclosure. As part of the Company’s risk management strategy, it has secured comprehensive cyber insurance coverage. The Company regularly reviews and updates its cyber insurance coverage to align with the evolving nature of cyber threats and industry standards.

The Company’s IT systems have been, and likely will continue to be, the target of computer viruses, cyberattacks, phishing attacks, and other malicious activity. While the Company has not experienced a known material breach to date, the occurrence or scope of such events is not always immediately apparent and there can be no assurance that the Company will not suffer additional attacks or incur serious financial consequences or expense in the future. Refer to “Item 1A. Risk Factors” of this Annual Report on Form 10-K for further discussion of cybersecurity risks.
Cybersecurity Risk Management Processes Integrated [Flag] true
Cybersecurity Risk Management Processes Integrated [Text Block] Our enterprise information security program is designed to detect, manage, mitigate, and respond to cybersecurity threats and is integrated into our overall risk management systems. The Company’s Chief Information Security Officer (“CISO”), in concert with a Data Security Committee, is responsible for developing and implementing our enterprise information security program and reporting cybersecurity matters to senior management. The company's enterprise information security program adheres to the National Institute of Standards and Technology (NIST) Cybersecurity Framework 2.0 and other relevant industry frameworks as necessary.
Cybersecurity Risk Management Third Party Engaged [Flag] true
Cybersecurity Risk Third Party Oversight and Identification Processes [Flag] true
Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag] false
Cybersecurity Risk Board of Directors Oversight [Text Block]
The Company’s Board of Directors oversees the processes for risk management, including cybersecurity risks, to help align risk exposure with strategic objectives. Senior management periodically briefs the Board of Directors on our cybersecurity framework and assessments of the information security program, key and emerging threats and risks, the status of projects to strengthen our information security systems, and any cybersecurity incidents that could potentially have a material business impact. In the event of an incident, the Company would follow a detailed incident response plan, which outlines the steps to be followed, including notification of senior management and the Board of Directors, as appropriate.
Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block]
The Company’s Board of Directors oversees the processes for risk management, including cybersecurity risks, to help align risk exposure with strategic objectives. Senior management periodically briefs the Board of Directors on our cybersecurity framework and assessments of the information security program, key and emerging threats and risks, the status of projects to strengthen our information security systems, and any cybersecurity incidents that could potentially have a material business impact. In the event of an incident, the Company would follow a detailed incident response plan, which outlines the steps to be followed, including notification of senior management and the Board of Directors, as appropriate.
Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block] Senior management periodically briefs the Board of Directors on our cybersecurity framework and assessments of the information security program, key and emerging threats and risks, the status of projects to strengthen our information security systems, and any cybersecurity incidents that could potentially have a material business impact. In the event of an incident, the Company would follow a detailed incident response plan, which outlines the steps to be followed, including notification of senior management and the Board of Directors, as appropriate.
Cybersecurity Risk Role of Management [Text Block]
Our enterprise information security program is designed to detect, manage, mitigate, and respond to cybersecurity threats and is integrated into our overall risk management systems. The Company’s Chief Information Security Officer (“CISO”), in concert with a Data Security Committee, is responsible for developing and implementing our enterprise information security program and reporting cybersecurity matters to senior management. The company's enterprise information security program adheres to the National Institute of Standards and Technology (NIST) Cybersecurity Framework 2.0 and other relevant industry frameworks as necessary.

Our risk management strategy encompasses a range of policies, procedures, and controls designed to safeguard our information assets. Key elements of our risk management and control framework include Information Technology (“IT”) policies and procedures, employee training, annual disaster recovery tests, and penetration tests performed by third-party experts. The Company also employs systems and processes designed to oversee and identify cybersecurity threats associated with third-party vendors. The Company has established robust IT policies and procedures governing the use, access, and protection of our digital assets. These policies serve as a foundation for secure operations, outlining best practices and compliance standards for our employees. The Company recognizes the crucial role of employees in maintaining a secure environment and conducts regular cybersecurity training programs. These initiatives are designed to empower our staff with the knowledge and skills necessary to identify and respond to potential threats, reducing the risk of human error in cybersecurity matters. To test the preparedness of our operations in the face of unforeseen events, the Company conducts annual disaster recovery tests. These tests evaluate our ability to recover critical systems and data in the event of a disruption, contributing to our overall business continuity and risk mitigation efforts. As part of our commitment to maintaining a strong defense against cyber threats, the Company engages third-party experts to conduct regular penetration tests on our network. These tests are intended to simulate real-world cyber-attacks, allowing us to identify vulnerabilities and address them proactively.
The Company’s planned investments in cybersecurity include implementing advanced data loss prevention measures, encryption protocols, and continuous monitoring to safeguard sensitive information and mitigate the risk of unauthorized access or disclosure. As part of the Company’s risk management strategy, it has secured comprehensive cyber insurance coverage. The Company regularly reviews and updates its cyber insurance coverage to align with the evolving nature of cyber threats and industry standards.
Cybersecurity Risk Management Positions or Committees Responsible [Flag] true
Cybersecurity Risk Management Positions or Committees Responsible [Text Block]
The Company’s Board of Directors oversees the processes for risk management, including cybersecurity risks, to help align risk exposure with strategic objectives. Senior management periodically briefs the Board of Directors on our cybersecurity framework and assessments of the information security program, key and emerging threats and risks, the status of projects to strengthen our information security systems, and any cybersecurity incidents that could potentially have a material business impact. In the event of an incident, the Company would follow a detailed incident response plan, which outlines the steps to be followed, including notification of senior management and the Board of Directors, as appropriate.
Cybersecurity Risk Management Expertise of Management Responsible [Text Block]
Our CISO has more than 25 years of experience in the cybersecurity and technology space. Our Data Security Committee is composed of key business and functional stakeholders including Risk, Legal, Finance, IT, Operations, and Business line leads.
Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block]
Our enterprise information security program is designed to detect, manage, mitigate, and respond to cybersecurity threats and is integrated into our overall risk management systems. The Company’s Chief Information Security Officer (“CISO”), in concert with a Data Security Committee, is responsible for developing and implementing our enterprise information security program and reporting cybersecurity matters to senior management. The company's enterprise information security program adheres to the National Institute of Standards and Technology (NIST) Cybersecurity Framework 2.0 and other relevant industry frameworks as necessary.

Our risk management strategy encompasses a range of policies, procedures, and controls designed to safeguard our information assets. Key elements of our risk management and control framework include Information Technology (“IT”) policies and procedures, employee training, annual disaster recovery tests, and penetration tests performed by third-party experts. The Company also employs systems and processes designed to oversee and identify cybersecurity threats associated with third-party vendors. The Company has established robust IT policies and procedures governing the use, access, and protection of our digital assets. These policies serve as a foundation for secure operations, outlining best practices and compliance standards for our employees. The Company recognizes the crucial role of employees in maintaining a secure environment and conducts regular cybersecurity training programs. These initiatives are designed to empower our staff with the knowledge and skills necessary to identify and respond to potential threats, reducing the risk of human error in cybersecurity matters. To test the preparedness of our operations in the face of unforeseen events, the Company conducts annual disaster recovery tests. These tests evaluate our ability to recover critical systems and data in the event of a disruption, contributing to our overall business continuity and risk mitigation efforts. As part of our commitment to maintaining a strong defense against cyber threats, the Company engages third-party experts to conduct regular penetration tests on our network. These tests are intended to simulate real-world cyber-attacks, allowing us to identify vulnerabilities and address them proactively.

The Company’s planned investments in cybersecurity include implementing advanced data loss prevention measures, encryption protocols, and continuous monitoring to safeguard sensitive information and mitigate the risk of unauthorized access or disclosure. As part of the Company’s risk management strategy, it has secured comprehensive cyber insurance coverage. The Company regularly reviews and updates its cyber insurance coverage to align with the evolving nature of cyber threats and industry standards.

The Company’s IT systems have been, and likely will continue to be, the target of computer viruses, cyberattacks, phishing attacks, and other malicious activity. While the Company has not experienced a known material breach to date, the occurrence or scope of such events is not always immediately apparent and there can be no assurance that the Company will not suffer additional attacks or incur serious financial consequences or expense in the future. Refer to “Item 1A. Risk Factors” of this Annual Report on Form 10-K for further discussion of cybersecurity risks.
Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag] true