XML 45 R29.htm IDEA: XBRL DOCUMENT v3.25.0.1
Cybersecurity Risk Management and Strategy Disclosure
 12 Months Ended
Dec. 31, 2024
Cybersecurity Risk Management, Strategy, and Governance [Line Items]  
Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]

Cybersecurity Risk Management

 

Cybersecurity risk management is an integral part of our overall enterprise risk management program. Our cybersecurity risk management program is designed to provide a framework for handling cybersecurity threats and incidents, including threats and incidents associated with the use of services provided by third-party service providers, and to facilitate coordination across different departments of our company. Our processes include steps for assessing the severity of a cybersecurity threat, identifying the source of a cybersecurity threat including whether the cybersecurity threat is associated with a third-party service provider, implementing cybersecurity countermeasures and mitigation strategies and informing management and our board of directors of material cybersecurity threats and incidents. Our cybersecurity team also engages third-party security experts for risk assessment and system enhancements. In addition, our cybersecurity team provides training to employees, based on their role.

 

Our board of directors has overall oversight responsibility for our risk management, and delegates cybersecurity risk management oversight to the audit committee of the board of directors. The audit committee is responsible for ensuring that management has processes in place designed to identify and evaluate cybersecurity risks to which the company is exposed and implement processes and programs to manage cybersecurity risks and mitigate cybersecurity incidents. The audit committee also reports material cybersecurity risks to our full board of directors. Management is responsible for identifying, considering and assessing material cybersecurity risks on an ongoing basis, establishing processes designed to ensure that such potential cybersecurity risk exposures are monitored, putting in place mitigation measures and maintaining cybersecurity programs. Our cybersecurity programs are under the direction of our Vice President of Information Services (VP-IS) who receives reports from our cybersecurity team and monitors the prevention, detection, mitigation, and remediation of cybersecurity incidents. Our VP-IS and dedicated personnel are information system security professionals and information security managers with many years of experience. Management, including the VP-IS and our cybersecurity team, regularly update the audit committee on the company's cybersecurity programs, material cybersecurity risks and mitigation strategies and provide cybersecurity reports annually that cover, among other topics, third-party assessments of the company's cybersecurity programs, developments in cybersecurity and updates to the company's cybersecurity programs and mitigation strategies.

 

In 2024, we did not identify any cybersecurity incidents that have materially affected or are reasonably likely to materially affect our business strategy, results of operations, or financial condition. However, despite our efforts, we cannot eliminate all risks from cybersecurity threats, or provide assurances that we have not experienced an undetected cybersecurity incident.  For more information about these risks, please see "Risk Factors - Risks Related to our Business" in this Annual Report on Form 10-k.
Cybersecurity Risk Management Processes Integrated [Flag] true
Cybersecurity Risk Management Third Party Engaged [Flag] true
Cybersecurity Risk Third Party Oversight and Identification Processes [Flag] true
Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag] false
Cybersecurity Risk Board of Directors Oversight [Text Block]

Cybersecurity Risk Management

 

Cybersecurity risk management is an integral part of our overall enterprise risk management program. Our cybersecurity risk management program is designed to provide a framework for handling cybersecurity threats and incidents, including threats and incidents associated with the use of services provided by third-party service providers, and to facilitate coordination across different departments of our company. Our processes include steps for assessing the severity of a cybersecurity threat, identifying the source of a cybersecurity threat including whether the cybersecurity threat is associated with a third-party service provider, implementing cybersecurity countermeasures and mitigation strategies and informing management and our board of directors of material cybersecurity threats and incidents. Our cybersecurity team also engages third-party security experts for risk assessment and system enhancements. In addition, our cybersecurity team provides training to employees, based on their role.

 

Our board of directors has overall oversight responsibility for our risk management, and delegates cybersecurity risk management oversight to the audit committee of the board of directors. The audit committee is responsible for ensuring that management has processes in place designed to identify and evaluate cybersecurity risks to which the company is exposed and implement processes and programs to manage cybersecurity risks and mitigate cybersecurity incidents. The audit committee also reports material cybersecurity risks to our full board of directors. Management is responsible for identifying, considering and assessing material cybersecurity risks on an ongoing basis, establishing processes designed to ensure that such potential cybersecurity risk exposures are monitored, putting in place mitigation measures and maintaining cybersecurity programs. Our cybersecurity programs are under the direction of our Vice President of Information Services (VP-IS) who receives reports from our cybersecurity team and monitors the prevention, detection, mitigation, and remediation of cybersecurity incidents. Our VP-IS and dedicated personnel are information system security professionals and information security managers with many years of experience. Management, including the VP-IS and our cybersecurity team, regularly update the audit committee on the company's cybersecurity programs, material cybersecurity risks and mitigation strategies and provide cybersecurity reports annually that cover, among other topics, third-party assessments of the company's cybersecurity programs, developments in cybersecurity and updates to the company's cybersecurity programs and mitigation strategies.

 

In 2024, we did not identify any cybersecurity incidents that have materially affected or are reasonably likely to materially affect our business strategy, results of operations, or financial condition. However, despite our efforts, we cannot eliminate all risks from cybersecurity threats, or provide assurances that we have not experienced an undetected cybersecurity incident.  For more information about these risks, please see "Risk Factors - Risks Related to our Business" in this Annual Report on Form 10-k.
Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block] Our board of directors has overall oversight responsibility for our risk management, and delegates cybersecurity risk management oversight to the audit committee of the board of directors. The audit committee is responsible for ensuring that management has processes in place designed to identify and evaluate cybersecurity risks to which the company is exposed and implement processes and programs to manage cybersecurity risks and mitigate cybersecurity incidents. The audit committee also reports material cybersecurity risks to our full board of directors. Management is responsible for identifying, considering and assessing material cybersecurity risks on an ongoing basis, establishing processes designed to ensure that such potential cybersecurity risk exposures are monitored, putting in place mitigation measures and maintaining cybersecurity programs. Our cybersecurity programs are under the direction of our Vice President of Information Services (VP-IS) who receives reports from our cybersecurity team and monitors the prevention, detection, mitigation, and remediation of cybersecurity incidents. Our VP-IS and dedicated personnel are information system security professionals and information security managers with many years of experience. Management, including the VP-IS and our cybersecurity team, regularly update the audit committee on the company's cybersecurity programs, material cybersecurity risks and mitigation strategies and provide cybersecurity reports annually that cover, among other topics, third-party assessments of the company's cybersecurity programs, developments in cybersecurity and updates to the company's cybersecurity programs and mitigation strategies.
Cybersecurity Risk Management Positions or Committees Responsible [Flag] true
Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag] true