XML 59 R26.htm IDEA: XBRL DOCUMENT v3.25.1
Cybersecurity Risk Management and Strategy Disclosure
 12 Months Ended
Dec. 31, 2024
Cybersecurity Risk Management, Strategy, and Governance [Line Items]  
Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]
To mitigate cybersecurity risks, we continuously assess and enhance our security processes and procedures. We collaborate with industry-leading managed security service providers to strengthen our ability to identify, assess, prevent, and respond to cybersecurity threats. Our information technology operations and security processes are being aligned with the National Institute of Standards and Technology (NIST) framework to further standardize and improve our security posture.

As part of our commitment to a cloud-first strategy, we prioritize the use of SaaS-based solutions for critical business functions. These third-party providers conduct annual Statement on Standards for Attestation Engagements ("SSAE") audits, ensuring compliance with industry best practices.

We have adopted a cybersecurity risk management framework designed to identify and mitigate potential cybersecurity risks, which is being integrated into our overall enterprise risk management program. Our risk assessments are informed by third-party cybersecurity experts, who conduct annual internal penetration tests and monthly vulnerability scans to continuously evaluate and strengthen our security posture.

Cybersecurity risks are categorized using a Critical, High, Medium, and Low risk scoring methodology. These assessments are performed through a combination of automated tools, manual audits, and expert evaluations, allowing us to implement effective controls that enhance our security framework. In addition, we have introduced annual cybersecurity awareness training, phishing simulations, and ongoing communication initiatives to strengthen organizational awareness of cybersecurity risks and threat prevention.

To date, we and our subsidiaries have not experienced any material cybersecurity incidents.
Cybersecurity Risk Management Processes Integrated [Flag] true
Cybersecurity Risk Management Processes Integrated [Text Block]
We have adopted a cybersecurity risk management framework designed to identify and mitigate potential cybersecurity risks, which is being integrated into our overall enterprise risk management program. Our risk assessments are informed by third-party cybersecurity experts, who conduct annual internal penetration tests and monthly vulnerability scans to continuously evaluate and strengthen our security posture.
Cybersecurity Risk Management Third Party Engaged [Flag] true
Cybersecurity Risk Third Party Oversight and Identification Processes [Flag] true
Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag] false
Cybersecurity Risk Board of Directors Oversight [Text Block] Cybersecurity is a key component of our enterprise risk oversight framework, with our Board of Directors actively engaged in overseeing cybersecurity risk management.
Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block] While management is responsible for day-to-day cybersecurity operations, the Board ensures that our cybersecurity risk management strategies are effectively implemented.
Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block] The Board is briefed on material cybersecurity incidents as necessary to maintain transparency and informed decision-making.
Cybersecurity Risk Role of Management [Text Block]
Our Vice President of Information Technology leads our cybersecurity strategy, programs, and risk management processes. With over 30 years of experience in IT, including 15+ years in cybersecurity, the Vice President provides strategic oversight and ensures alignment with industry best practices. This role is supported by a team of cybersecurity professionals with formal training and specialized expertise, as well as partnerships with managed security service providers focused on proactive threat detection, incident response, and risk mitigation.

As part of our annual enterprise risk assessment, cybersecurity risks are ranked and reviewed by executive management. In the event of a cybersecurity incident, the Vice President of Information Technology, in collaboration with our cybersecurity partners, would conduct a comprehensive impact assessment. This assessment would outline both potential and actual risks, along with
necessary remediation steps. If an incident is deemed material, the Vice President would escalate the matter to the Board of Directors, who would determine whether disclosure to customers or investors is required.
Cybersecurity Risk Management Positions or Committees Responsible [Flag] true
Cybersecurity Risk Management Positions or Committees Responsible [Text Block]
Our Vice President of Information Technology leads our cybersecurity strategy, programs, and risk management processes. With over 30 years of experience in IT, including 15+ years in cybersecurity, the Vice President provides strategic oversight and ensures alignment with industry best practices. This role is supported by a team of cybersecurity professionals with formal training and specialized expertise, as well as partnerships with managed security service providers focused on proactive threat detection, incident response, and risk mitigation.
Cybersecurity Risk Management Expertise of Management Responsible [Text Block] With over 30 years of experience in IT, including 15+ years in cybersecurity,
Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block] As part of our annual enterprise risk assessment, cybersecurity risks are ranked and reviewed by executive management. In the event of a cybersecurity incident, the Vice President of Information Technology, in collaboration with our cybersecurity partners, would conduct a comprehensive impact assessment.
Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag] true