XML 56 R32.htm IDEA: XBRL DOCUMENT v3.25.0.1
Cybersecurity Risk Management and Strategy Disclosure
 12 Months Ended
Dec. 31, 2024
Cybersecurity Risk Management, Strategy, and Governance [Line Items]  
Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]
Risk Management and Strategy
Cyber risk management is a critical component of our risk management framework. Processes for assessing, identifying, and managing material risks arising from cybersecurity threats are integrated in our policies and procedures, including our enterprise risk appetite, risk assessment, risk treatment, risk acceptance or exceptions, and third party risk management policies.
Our cybersecurity program (“Cybersecurity Program”) provides a framework for compliance with applicable cybersecurity and data protection laws. Our program is designed to ensure the security and confidentiality of customer information, protect against known or evolving threats to the security or integrity of customer records and personal information and protect against unauthorized access to or use of such information. We work with our regulators to ensure that these policies are adequately designed to appropriately safeguard personal information. We use a variety of processes and technologies to monitor for and identify cybersecurity threats, including vulnerabilities scans, endpoint and network monitoring software, and email scanning software. We also have a Cyber Incident Response Policy and detailed plans. We conduct annual cybersecurity risk assessments which drive strategic decisions. Employees are required to abide by our cybersecurity and data protection policies. We maintain a corporate cyber risk insurance policy as part of our cybersecurity risk strategy that is reviewed annually.
To date, the Company has not experienced a material cybersecurity incident.
Cybersecurity Risk Management Processes Integrated [Flag] true
Cybersecurity Risk Management Processes Integrated [Text Block]
Cyber risk management is a critical component of our risk management framework. Processes for assessing, identifying, and managing material risks arising from cybersecurity threats are integrated in our policies and procedures, including our enterprise risk appetite, risk assessment, risk treatment, risk acceptance or exceptions, and third party risk management policies.
Cybersecurity Risk Management Third Party Engaged [Flag] false
Cybersecurity Risk Third Party Oversight and Identification Processes [Flag] true
Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag] false
Cybersecurity Risk Board of Directors Oversight [Text Block]
Cybersecurity and data protection are important for the Company to maintain the trust of our customers, team members and stakeholders. Overseen by the Board of Directors and its Risk Committee, we regularly review, and as appropriate, adapt our Cybersecurity Program to an evolving landscape of emerging threats, evaluate effectiveness of key security controls, and assess cybersecurity best practices.
The Chief Information Security Officer (“CISO”) and the Chief Technology Officer (“CTO”) are key management roles responsible for assessing and managing material risks from cybersecurity threats. The CISO reports to the Risk Committee and is responsible for implementing and maintaining our enterprise cybersecurity organization. The CISO will maintain an Incident Response Plan. The CISO ensures that the Incident Response Plan is tested annually and will present testing results to the Risk Committee. The CISO and/or its delegate will share applicable threat information to ensure Board members and staff are informed on the evolving threat environment. The CISO is responsible for ensuring the Board of Directors and staff are trained annually on cybersecurity and information security awareness. Additionally, the CISO ensures staff is adequately trained on Incident Response Plan procedures. The CISO will ensure security incidents are logged and maintained. The CTO provides our Cybersecurity Program with the technical and functional resources to achieve its strategic goals and objectives, and partners and collaborates with the CISO.
The Risk Committee is responsible for overseeing the Company’s management of cybersecurity risk, including oversight into appropriate risk mitigation, strategies, processes, systems, and controls. The CISO has regular and direct communication with the Risk Committee, providing a written cybersecurity report to the Risk Committee and a written cybersecurity report and briefing to the full Board on an annual basis (more frequently as necessary), in order to inform the Risk Committee of the state of the Company’s Cybersecurity Program. These reports cover, but are not limited to, the Company’s cybersecurity posture, overall status of the Company’s compliance with the Cybersecurity Program, threat environment, material cybersecurity risks and events, Cybersecurity Program improvements and effectiveness, and other material matters related to the Cybersecurity Program.
Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block] The Chief Information Security Officer (“CISO”) and the Chief Technology Officer (“CTO”) are key management roles responsible for assessing and managing material risks from cybersecurity threats.
Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block]
The Chief Information Security Officer (“CISO”) and the Chief Technology Officer (“CTO”) are key management roles responsible for assessing and managing material risks from cybersecurity threats. The CISO reports to the Risk Committee and is responsible for implementing and maintaining our enterprise cybersecurity organization. The CISO will maintain an Incident Response Plan. The CISO ensures that the Incident Response Plan is tested annually and will present testing results to the Risk Committee. The CISO and/or its delegate will share applicable threat information to ensure Board members and staff are informed on the evolving threat environment. The CISO is responsible for ensuring the Board of Directors and staff are trained annually on cybersecurity and information security awareness. Additionally, the CISO ensures staff is adequately trained on Incident Response Plan procedures. The CISO will ensure security incidents are logged and maintained. The CTO provides our Cybersecurity Program with the technical and functional resources to achieve its strategic goals and objectives, and partners and collaborates with the CISO.
The Risk Committee is responsible for overseeing the Company’s management of cybersecurity risk, including oversight into appropriate risk mitigation, strategies, processes, systems, and controls. The CISO has regular and direct communication with the Risk Committee, providing a written cybersecurity report to the Risk Committee and a written cybersecurity report and briefing to the full Board on an annual basis (more frequently as necessary), in order to inform the Risk Committee of the state of the Company’s Cybersecurity Program. These reports cover, but are not limited to, the Company’s cybersecurity posture, overall status of the Company’s compliance with the Cybersecurity Program, threat environment, material cybersecurity risks and events, Cybersecurity Program improvements and effectiveness, and other material matters related to the Cybersecurity Program.
Cybersecurity Risk Role of Management [Text Block] The CISO reports to the Risk Committee and is responsible for implementing and maintaining our enterprise cybersecurity organization. The CISO will maintain an Incident Response Plan. The CISO ensures that the Incident Response Plan is tested annually and will present testing results to the Risk Committee. The CISO and/or its delegate will share applicable threat information to ensure Board members and staff are informed on the evolving threat environment. The CISO is responsible for ensuring the Board of Directors and staff are trained annually on cybersecurity and information security awareness. Additionally, the CISO ensures staff is adequately trained on Incident Response Plan procedures. The CISO will ensure security incidents are logged and maintained. The CTO provides our Cybersecurity Program with the technical and functional resources to achieve its strategic goals and objectives, and partners and collaborates with the CISO.
The Risk Committee is responsible for overseeing the Company’s management of cybersecurity risk, including oversight into appropriate risk mitigation, strategies, processes, systems, and controls. The CISO has regular and direct communication with the Risk Committee, providing a written cybersecurity report to the Risk Committee and a written cybersecurity report and briefing to the full Board on an annual basis (more frequently as necessary), in order to inform the Risk Committee of the state of the Company’s Cybersecurity Program. These reports cover, but are not limited to, the Company’s cybersecurity posture, overall status of the Company’s compliance with the Cybersecurity Program, threat environment, material cybersecurity risks and events, Cybersecurity Program improvements and effectiveness, and other material matters related to the Cybersecurity Program.
Cybersecurity Risk Management Positions or Committees Responsible [Flag] true
Cybersecurity Risk Management Positions or Committees Responsible [Text Block] The Chief Information Security Officer (“CISO”) and the Chief Technology Officer (“CTO”) are key management roles responsible for assessing and managing material risks from cybersecurity threats. The CISO reports to the Risk Committee and is responsible for implementing and maintaining our enterprise cybersecurity organization. The CISO will maintain an Incident Response Plan.
Cybersecurity Risk Management Expertise of Management Responsible [Text Block] The Chief Information Security Officer (“CISO”) and the Chief Technology Officer (“CTO”) are key management roles responsible for assessing and managing material risks from cybersecurity threats. The CISO reports to the Risk Committee and is responsible for implementing and maintaining our enterprise cybersecurity organization. The CISO will maintain an Incident Response Plan. The CISO ensures that the Incident Response Plan is tested annually and will present testing results to the Risk Committee. The CISO and/or its delegate will share applicable threat information to ensure Board members and staff are informed on the evolving threat environment. The CISO is responsible for ensuring the Board of Directors and staff are trained annually on cybersecurity and information security awareness. Additionally, the CISO ensures staff is adequately trained on Incident Response Plan procedures. The CISO will ensure security incidents are logged and maintained. The CTO provides our Cybersecurity Program with the technical and functional resources to achieve its strategic goals and objectives, and partners and collaborates with the CISO.
Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block]
The Chief Information Security Officer (“CISO”) and the Chief Technology Officer (“CTO”) are key management roles responsible for assessing and managing material risks from cybersecurity threats. The CISO reports to the Risk Committee and is responsible for implementing and maintaining our enterprise cybersecurity organization. The CISO will maintain an Incident Response Plan. The CISO ensures that the Incident Response Plan is tested annually and will present testing results to the Risk Committee. The CISO and/or its delegate will share applicable threat information to ensure Board members and staff are informed on the evolving threat environment. The CISO is responsible for ensuring the Board of Directors and staff are trained annually on cybersecurity and information security awareness. Additionally, the CISO ensures staff is adequately trained on Incident Response Plan procedures. The CISO will ensure security incidents are logged and maintained. The CTO provides our Cybersecurity Program with the technical and functional resources to achieve its strategic goals and objectives, and partners and collaborates with the CISO.
The Risk Committee is responsible for overseeing the Company’s management of cybersecurity risk, including oversight into appropriate risk mitigation, strategies, processes, systems, and controls. The CISO has regular and direct communication with the Risk Committee, providing a written cybersecurity report to the Risk Committee and a written cybersecurity report and briefing to the full Board on an annual basis (more frequently as necessary), in order to inform the Risk Committee of the state of the Company’s Cybersecurity Program. These reports cover, but are not limited to, the Company’s cybersecurity posture, overall status of the Company’s compliance with the Cybersecurity Program, threat environment, material cybersecurity risks and events, Cybersecurity Program improvements and effectiveness, and other material matters related to the Cybersecurity Program.
Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag] true