XML 30 R9.htm IDEA: XBRL DOCUMENT v3.25.1
Cybersecurity Risk Management and Strategy Disclosure
 12 Months Ended
Dec. 31, 2024
Cybersecurity Risk Management, Strategy, and Governance [Line Items]  
Cybersecurity Risk Management Processes Integrated [Flag] true
Cybersecurity Risk Management Processes Integrated [Text Block] The Company’s cybersecurity risk management program is integrated into our enterprise risk management program and is designed to expeditiously identify, analyze and protect against security threats to its computer systems, software, networks, storage devices and other technology assets. Our management team, with input from our Board of Directors, proactively manages the Company’s cybersecurity risks to avoid or minimize the impacts of attacks by unauthorized parties attempting to obtain access to confidential information, destroy data, disrupt service, sabotage systems or cause other damage. Specifically, the Company has appointed a Chief Information Officer (“CIO”) to maintain a comprehensive information security program. Our strategy includes a continuous improvement mindset along with a defense in depth approach to cybersecurity. Our layered security architecture consists of innovative technology to detect, prevent, and mitigate cybersecurity threats. Ongoing proactive analysis of cyber threat intelligence ensures that we are taking the appropriate counter measures to defend against the latest threats. We use monitoring and preventive controls to detect and respond swiftly to data breaches and cyber threats involving our systems. We regularly evaluate our systems and controls and implement upgrades as necessary. This includes regular consultation with external cybersecurity experts. In addition, we participate in external tabletop exercises on a regular basis in addition to conducting our own internal tests of our systems. We also attempt to reduce our exposure to our vendors' data privacy and cyber incidents by performing initial vendor due diligence that is updated periodically for critical vendors, negotiating service level standards with vendors, negotiating for indemnification from vendors for confidentiality and data breaches, and limiting third-party access to the least privileged level necessary to perform outsourced functions. The additional cost to us of data and cybersecurity monitoring and protection systems and controls includes the cost of hardware and software, third-party technology providers, consulting and testing firms, insurance premium costs, legal fees and the cost of personnel who focus a substantial portion of their responsibilities on data security and cybersecurity.
Cybersecurity Risk Management Third Party Engaged [Flag] true
Cybersecurity Risk Third Party Oversight and Identification Processes [Flag] true
Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag] false
Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Text Block] To our knowledge, previous cybersecurity incidents have not materially affected the Company, its business strategy, financial condition or results of operation. With regard to the possible impact of future cybersecurity threats or incidents, see "Item 1A. Risk Factors."
Cybersecurity Risk Board of Directors Oversight [Text Block]

Our Board of Directors provides direction and oversight over the Company’s enterprise-wide risk management program, including risks related to cybersecurity. The entire Board of Directors is provided regular updates regarding the Company’s information technology policies, procedures, risks and operating status. These updates include updates on the Company’s cyber risks and threats, the status of projects to strengthen our information security systems, assessments of the information security program, and the emerging threat landscape.

 

Cybersecurity incidents are managed through the Plan, and other appropriate response policies, which provide direction to management allowing for the timely transfer of information throughout the organization. Our policy requires material incidents to be reported within 36 hours after an incident is determined to be material with the materiality determination to be completed without unreasonable delay. The CMT has developed a plan to facilitate making timely determinations as to whether and when incidents should be disclosed. If a material incident occurs, the Company will describe in detail the material aspects and nature, scope and timing of the incident, along with the impact to its financial condition and results of operations via the timely filing of Form 8-K.

 

To our knowledge, previous cybersecurity incidents have not materially affected the Company, its business strategy, financial condition or results of operation. With regard to the possible impact of future cybersecurity threats or incidents, see "Item 1A. Risk Factors."
Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block] Our Board of Directors provides direction and oversight over the Company’s enterprise-wide risk management program, including risks related to cybersecurity. The entire Board of Directors is provided regular updates regarding the Company’s information technology policies, procedures, risks and operating status. These updates include updates on the Company’s cyber risks and threats, the status of projects to strengthen our information security systems, assessments of the information security program, and the emerging threat landscape.
Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block] Our Board of Directors provides direction and oversight over the Company’s enterprise-wide risk management program, including risks related to cybersecurity. The entire Board of Directors is provided regular updates regarding the Company’s information technology policies, procedures, risks and operating status. These updates include updates on the Company’s cyber risks and threats, the status of projects to strengthen our information security systems, assessments of the information security program, and the emerging threat landscape.
Cybersecurity Risk Role of Management [Text Block] Our Board of Directors provides direction and oversight over the Company’s enterprise-wide risk management program, including risks related to cybersecurity. The entire Board of Directors is provided regular updates regarding the Company’s information technology policies, procedures, risks and operating status. These updates include updates on the Company’s cyber risks and threats, the status of projects to strengthen our information security systems, assessments of the information security program, and the emerging threat landscape.
Cybersecurity Risk Management Positions or Committees Responsible [Flag] true
Cybersecurity Risk Management Positions or Committees Responsible [Text Block] Cybersecurity incidents are managed through the Plan, and other appropriate response policies, which provide direction to management allowing for the timely transfer of information throughout the organization. Our policy requires material incidents to be reported within 36 hours after an incident is determined to be material with the materiality determination to be completed without unreasonable delay. The CMT has developed a plan to facilitate making timely determinations as to whether and when incidents should be disclosed. If a material incident occurs, the Company will describe in detail the material aspects and nature, scope and timing of the incident, along with the impact to its financial condition and results of operations via the timely filing of Form 8-K.
Cybersecurity Risk Management Expertise of Management Responsible [Text Block] Our Board of Directors provides direction and oversight over the Company’s enterprise-wide risk management program, including risks related to cybersecurity. The entire Board of Directors is provided regular updates regarding the Company’s information technology policies, procedures, risks and operating status. These updates include updates on the Company’s cyber risks and threats, the status of projects to strengthen our information security systems, assessments of the information security program, and the emerging threat landscape.
Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block] Cybersecurity incidents are managed through the Plan, and other appropriate response policies, which provide direction to management allowing for the timely transfer of information throughout the organization. Our policy requires material incidents to be reported within 36 hours after an incident is determined to be material with the materiality determination to be completed without unreasonable delay. The CMT has developed a plan to facilitate making timely determinations as to whether and when incidents should be disclosed. If a material incident occurs, the Company will describe in detail the material aspects and nature, scope and timing of the incident, along with the impact to its financial condition and results of operations via the timely filing of Form 8-K.
Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag] true