XML 29 R10.htm IDEA: XBRL DOCUMENT

Cybersecurity Risk Management and Strategy Disclosure

12 Months Ended

Dec. 31, 2024

Cybersecurity Risk Management, Strategy, and Governance [Abstract]

Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]

Cybersecurity Risk Management and Strategy

We have developed and implemented a cybersecurity risk management program intended to protect the confidentiality, integrity, and availability of our critical systems and information.

We design and assess our program based on the National Institute of Standards and Technology Cybersecurity Framework Special Publication 800-53, 800-61, rev 2 (“NIST CSF). This does not imply that we meet any particular technical standards, specifications, or requirements. We use the NIST CSF as a guide to help us identify, assess, and manage cybersecurity risks relevant to our business.

Our cybersecurity risk management program is integrated into our overall enterprise risk management program and shares common methodologies, reporting channels, and governance processes that apply across the enterprise risk management program to other legal, compliance, strategic, operational, and financial risk areas.

Our cybersecurity risk management program includes the following:

●

risk assessments designed to help identify material cybersecurity risks to our critical systems, information, products, services, and our broader enterprise IT environment;

●

a security team principally responsible for managing (1) our cybersecurity risk assessment processes, (2) our security controls, and (3) our response to cybersecurity incidents;

	●	the use of external service providers, where appropriate, to assess, test, or otherwise assist with aspects of our security controls;

	●	cybersecurity awareness training of our employees, incident response personnel, and senior management; and

	●	a cybersecurity incident response plan that includes procedures for responding to cybersecurity incidents.

There can be no assurance that our cybersecurity risk management program and processes, including our policies, controls or procedures, will be fully implemented, complied with or effective in protecting our systems and information.

We have not identified risks from known cybersecurity threats, including as a result of any prior cybersecurity incidents, that have materially affected or are reasonably likely to materially affect us, including our operations, business strategy, results of operations, or financial condition. For more information, please refer to Item 1A: Risk Factors for further insights into cyber attack-related risks.

Cybersecurity Risk Management Processes Integrated [Flag]

true

Cybersecurity Risk Management Third Party Engaged [Flag]

true

Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag]

false

Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Text Block]

Cybersecurity Risk Board of Directors Oversight [Text Block]

Cybersecurity Governance

Our Board considers cybersecurity risks as part of its risk oversight function of cybersecurity and other information technology risks.

The Audit Committee oversees management’s implementation of our cybersecurity risk management program and receives updates on the cybersecurity risk management program from management at least annually. In addition, management updates the Audit Committee regarding any material or significant cybersecurity incidents, as well as incidents with lesser impact potential as necessary.

The Audit Committee reports to the full Board annually regarding cybersecurity. The full Board also receives annual briefings from external experts on cybersecurity as part of the Board’s continuing education on topics that impact public companies.

Ongoing Risks

We have not experienced any material cybersecurity incidents. We have not identified risks from known cybersecurity threats, including as a result of any prior cybersecurity incidents, that have materially affected us, including our operations, business strategy, results of operations, or financial condition. For more information on our cybersecurity related risks, see Item 1A Risk Factors of this Annual Report on Form 10-K.

Risk Management and Strategy

The Company recognizes the critical importance of cybersecurity in safeguarding sensitive information, maintaining operational resilience, and protecting stakeholders’ interests. This cybersecurity policy is designed to establish a comprehensive framework for identifying, assessing, mitigating, and responding to cybersecurity risks across the organization.

The Company is in the process of establishing a cybersecurity policy which implement protocols to evaluate, recognize, and address significant risks, including those posed by cybersecurity threats. This strategy encompasses the utilization of standard traffic monitoring tools, educating personnel to identify and report abnormal activities, and partnering with reputable service providers capable of upholding security standards equivalent to or exceeding our own.

These measures are to be seamlessly integrated into our broader operational risk management framework aimed at minimizing exposure to unnecessary risks across our operations. For cybersecurity, we collaborate with expert consultants and third-party service providers to implement industry-standard strategies aimed at identifying and mitigating potential threats or vulnerabilities within our systems. Additionally, the policy strategy will have a comprehensive cyber crisis response plan to manage high severity security incidents, ensuring efficient coordination across the organization. We are aware of the risks associated with third-party service providers and have implemented policies and processes to oversee and assist with managing these risks. Our management team evaluates third-party providers before engagement and monitors these providers on an ongoing basis commensurate with the level of risk and complexity of the relationship with, and the activities performed by, such providers. This approach is designed to help identify and mitigate risks related to data breaches or other cybersecurity incidents originating from third-parties in order to better protect our assets and data.

Cybersecurity threats haven’t significantly impacted our operations, and we don’t anticipate such risks materially affecting our business, strategy, financial condition, or results of operations. However, given the escalating sophistication of cyber threats, our preventive measures may not always suffice. Despite well-designed controls, we acknowledge the inability to foresee all security breaches, including those stemming from third-party misuse of AI technologies, and the potential challenges in implementing timely preventive measures. Please refer to Item 1A: Risk Factors for further insights into cyber attack-related risks.

The Chief Operating Officer oversees our information security programs, including cybersecurity initiatives, and is integrated into our Cybersecurity Incident response process. The Audit committee oversees cybersecurity risk management activities, supported by Company management, the Board of Directors, and external consultants. We assess and prioritize risks based on potential impact, implement technical controls, and monitor third-party vendors’ security practices.

Cybersecurity Risk Role of Management [Text Block]

Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block]

Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag]

true