XML 56 R26.htm IDEA: XBRL DOCUMENT v3.25.0.1
Cybersecurity Risk Management and Strategy Disclosure
12 Months Ended
Dec. 31, 2024
Cybersecurity Risk Management, Strategy, and Governance [Line Items]  
Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]

Risk Management and Strategy

We regularly assess risks from cybersecurity threats, monitor our information systems for potential vulnerabilities and test those systems pursuant to our cybersecurity policies and procedures, which are integrated into the Company’s overall risk management framework. To protect our information systems from cybersecurity threats, we use various security tools that help us identify, escalate, investigate, resolve, and recover from security incidents in a timely manner. We also conduct annual risk-based penetration testing and provide cybersecurity training for applicable employees. Where appropriate, we engage external advisors and consultants to assist with various aspects of our cybersecurity program and processes.

We rely on our systems and networks to support our business activities. As some of these networks and systems are managed by third parties, our cybersecurity program also includes evaluation and monitoring of cybersecurity risks associated with our use of third-party service providers. Based on their risk profiles, we contractually require certain third parties with access to our information systems or data to maintain cybersecurity programs and to report actual or suspected security incidents to us. Additionally, we monitor and identify cybersecurity risks posed by third-party vendors based on their criticality and risk profile, who provide software and/or hardware to the Company or otherwise have access to our Company systems and have a cyber review process that is part of vendor onboarding.

Additionally, the management team of the Company has developed a cyber incident response plan to deploy in the event of a cyber incident. This plan is reviewed at least annually and tested from time to time through tabletop exercises involving management and other key personnel, and may also include participation from the Board and outside experts. As part of regular business continuity planning, department heads are required to consider key technology systems used by their respective teams and the impact to the Company and other stakeholders in the event that such systems become compromised or unavailable.

To date, we have not identified any risks from cybersecurity threats, including as a result of previous cybersecurity incidents, that have materially affected or that we believe are reasonably likely to materially affect the Company, including our business strategy, results of operations or financial condition. Refer to the risk factor captioned “Cybersecurity risks and incidents, such as a breach of the Company’s privacy or information security systems, or those of our vendors or other third parties, could compromise our information and expose us to liability, which would cause our business and reputation to suffer.” in Part I, ITEM 1A. “Risk Factors” for additional description of cybersecurity risks and potential related impacts on the Company.

Cybersecurity Risk Management Processes Integrated [Flag] true
Cybersecurity Risk Management Processes Integrated [Text Block]

We regularly assess risks from cybersecurity threats, monitor our information systems for potential vulnerabilities and test those systems pursuant to our cybersecurity policies and procedures, which are integrated into the Company’s overall risk management framework. To protect our information systems from cybersecurity threats, we use various security tools that help us identify, escalate, investigate, resolve, and recover from security incidents in a timely manner. We also conduct annual risk-based penetration testing and provide cybersecurity training for applicable employees. Where appropriate, we engage external advisors and consultants to assist with various aspects of our cybersecurity program and processes.

Cybersecurity Risk Management Third Party Engaged [Flag] true
Cybersecurity Risk Third Party Oversight and Identification Processes [Flag] true
Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag] false
Cybersecurity Risk Board of Directors Oversight [Text Block]

Governance

Our Board of Directors oversees our risk management process, including with respect to cybersecurity risks, directly and through its committees. The Audit Committee of the Board oversees our risk management program, which focuses on the most significant risks we face in the short-, intermediate-, and long-term timeframe. Audit Committee meetings include discussions of specific risk areas throughout the year, including, among others, those relating to cybersecurity, and reports on our enterprise risk profile. Our SVP of Technology, who reports directly to the Chief Financial Officer and has over 25 years of experience managing information technology and cybersecurity matters, is primarily responsible for leading the assessment and management of cybersecurity risks and reports periodically to the Audit Committee on cybersecurity strategy and risks. Our SVP of Technology stays informed about and monitors the prevention, detection, mitigation and remediation of security incidents through various channels, including but not limited to briefings from the operational team members, threat intelligence sources, and alerts from security tools deployed in our IT environment.

Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block] The Audit Committee
Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block] Our SVP of Technology, who reports directly to the Chief Financial Officer and has over 25 years of experience managing information technology and cybersecurity matters, is primarily responsible for leading the assessment and management of cybersecurity risks and reports periodically to the Audit Committee on cybersecurity strategy and risks.
Cybersecurity Risk Role of Management [Text Block] Our SVP of Technology, who reports directly to the Chief Financial Officer and has over 25 years of experience managing information technology and cybersecurity matters, is primarily responsible for leading the assessment and management of cybersecurity risks and reports periodically to the Audit Committee on cybersecurity strategy and risks. Our SVP of Technology stays informed about and monitors the prevention, detection, mitigation and remediation of security incidents through various channels, including but not limited to briefings from the operational team members, threat intelligence sources, and alerts from security tools deployed in our IT environment.
Cybersecurity Risk Management Positions or Committees Responsible [Flag] true
Cybersecurity Risk Management Positions or Committees Responsible [Text Block] SVP of Technology
Cybersecurity Risk Management Expertise of Management Responsible [Text Block] Our SVP of Technology, who reports directly to the Chief Financial Officer and has over 25 years of experience managing information technology and cybersecurity matters
Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block] Our SVP of Technology, who reports directly to the Chief Financial OfficerOur SVP of Technology stays informed about and monitors the prevention, detection, mitigation and remediation of security incidents through various channels, including but not limited to briefings from the operational team members, threat intelligence sources, and alerts from security tools deployed in our IT environment
Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag] true