XML 53 R28.htm IDEA: XBRL DOCUMENT v3.25.0.1
Cybersecurity Risk Management and Strategy Disclosure
 12 Months Ended
Dec. 31, 2024
Cybersecurity Risk Management, Strategy, and Governance [Line Items]  
Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]

We proactively address cybersecurity risk through a comprehensive cybersecurity program to identify, protect, detect, respond to, and manage any reasonably foreseeable cybersecurity risks and threats. We use a multi-faceted approach including, but not limited to, third-party assessments, internal cybersecurity audits, IT security, governance, risk, and compliance reviews. To defend, detect, and respond to cybersecurity incidents, we, among other things, require mandatory third-party cybersecurity training and testing for all employees, perform periodic user access reviews across the organization, perform penetration testing using external third-party tools and techniques to test security controls, employ multifactor authentication and biometrics login tools, take steps to verify whether vendors have appropriate cybersecurity programs, and conduct frequent security assessments to identify and remedy vulnerabilities.

We also employ the use of Secure Socket Layer inspection on our firewalls, which are able to decrypt and scan all network traffic entering and leaving our facilities. Recognizing the complexity and evolving nature of cybersecurity threats, we regularly engage external auditors and consultants to assess our internal cybersecurity programs and compliance with applicable practices and standards, including regularly reviewing and updating our incident response plan. These partnerships enable us to leverage specialized knowledge and insights, seeking to continue to improve upon our cybersecurity strategies and processes.

Based upon the information that we have as of the end of the year covered by this report, we do not believe that we have experienced any material cybersecurity incidents to date. However, the risks from cybersecurity threats and incidents continue to increase, and the preventative actions we have taken, and continue to take, to reduce the risk of cybersecurity threats and incidents may not successfully protect against all such threats and incidents, and, as a result, there can be no assurance that we or the third parties we interact with will not experience a cybersecurity event in the future that will materially affect us. As described in Item 1A – “Risk Factors”, any breach of data security could result in a disruption of our services or improper disclosure of personal data or confidential information, which could harm our reputation, require us to expend resources to remedy such a security breach or defend against further attacks, or subject us to liability under laws that protect personal data, resulting in increased operating costs or loss of revenue.
Cybersecurity Risk Management Processes Integrated [Flag] true
Cybersecurity Risk Management Processes Integrated [Text Block] We proactively address cybersecurity risk through a comprehensive cybersecurity program to identify, protect, detect, respond to, and manage any reasonably foreseeable cybersecurity risks and threats. We use a multi-faceted approach including, but not limited to, third-party assessments, internal cybersecurity audits, IT security, governance, risk, and compliance reviews. To defend, detect, and respond to cybersecurity incidents, we, among other things, require mandatory third-party cybersecurity training and testing for all employees, perform periodic user access reviews across the organization, perform penetration testing using external third-party tools and techniques to test security controls, employ multifactor authentication and biometrics login tools, take steps to verify whether vendors have appropriate cybersecurity programs, and conduct frequent security assessments to identify and remedy vulnerabilities.
Cybersecurity Risk Management Third Party Engaged [Flag] true
Cybersecurity Risk Third Party Oversight and Identification Processes [Flag] true
Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag] false
Cybersecurity Risk Board of Directors Oversight [Text Block]

Our Board understands the critical nature of managing risks associated with cybersecurity threats. Accordingly, our Board has established oversight mechanisms to ensure effective governance in managing risks associated with cybersecurity threats because we recognize the significance of these threats to our operational integrity and in maintaining shareholder confidence. The Audit Committee has been made primarily responsible for the Board’s oversight of cybersecurity risks. However, the entire Board of Directors reviews significant cybersecurity risks and works with the Audit Committee to address these issues. Our Chief Information Officer is responsible for overseeing cybersecurity and reports to the Audit Committee, as well as the Board at all its regular quarterly meetings regarding matters of cybersecurity. These reports include existing and new cybersecurity risks, status on how management is addressing and/or mitigating those risks, cybersecurity and data privacy incidents (if any), updating the status on defensive security measures and risk assessment, and key information security initiatives. Our Audit Committee and our other Board members also engage in ad hoc conversations with management on cybersecurity-related news events and discuss any updates to our cybersecurity risk management and strategy programs.

Our Chief Information Officer has been with the Company for more than 25 years, developing and overseeing our information systems and cybersecurity risk management program. Our Chief Information Officer and his team, which includes a cybersecurity professional, are informed about, and monitor the prevention, mitigation, detection, and remediation of cybersecurity incidents through their management of, and participation in, the cybersecurity risk management and strategy processes described above, including the operation of our incident response plan, and report to the Board and Audit Committee on any appropriate items.
Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block] The Audit Committee
Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block] Our Chief Information Officer is responsible for overseeing cybersecurity and reports to the Audit Committee, as well as the Board at all its regular quarterly meetings regarding matters of cybersecurity. These reports include existing and new cybersecurity risks, status on how management is addressing and/or mitigating those risks, cybersecurity and data privacy incidents (if any), updating the status on defensive security measures and risk assessment, and key information security initiatives.
Cybersecurity Risk Role of Management [Text Block] Our Chief Information Officer is responsible for overseeing cybersecurity and reports to the Audit Committee, as well as the Board at all its regular quarterly meetings regarding matters of cybersecurity. These reports include existing and new cybersecurity risks, status on how management is addressing and/or mitigating those risks, cybersecurity and data privacy incidents (if any), updating the status on defensive security measures and risk assessment, and key information security initiatives. Our Audit Committee and our other Board members also engage in ad hoc conversations with management on cybersecurity-related news events and discuss any updates to our cybersecurity risk management and strategy programs.

Our Chief Information Officer has been with the Company for more than 25 years, developing and overseeing our information systems and cybersecurity risk management program. Our Chief Information Officer and his team, which includes a cybersecurity professional, are informed about, and monitor the prevention, mitigation, detection, and remediation of cybersecurity incidents through their management of, and participation in, the cybersecurity risk management and strategy processes described above, including the operation of our incident response plan, and report to the Board and Audit Committee on any appropriate items.
Cybersecurity Risk Management Positions or Committees Responsible [Flag] true
Cybersecurity Risk Management Positions or Committees Responsible [Text Block] Chief Information Officer
Cybersecurity Risk Management Expertise of Management Responsible [Text Block] Our Chief Information Officer has been with the Company for more than 25 years, developing and overseeing our information systems and cybersecurity risk management program.
Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block] Our Chief Information Officer and his team, which includes a cybersecurity professional, are informed about, and monitor the prevention, mitigation, detection, and remediation of cybersecurity incidents through their management of, and participation in, the cybersecurity risk management and strategy processes described above, including the operation of our incident response plan, and report to the Board and Audit Committee on any appropriate items
Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag] true