Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]

(2)

Leases

The Company determines if an arrangement is a lease at its inception. The Company has entered into operating leases for real estate. These leases have initial terms which range from 10 years to 11 years, and often include one or more options to renew. These renewal terms can extend the lease term by 5 years and will be included in the lease term when it is reasonably certain that the Company will exercise the option. The Company’s existing leases do not contain significant restrictive provisions; however, certain leases contain provisions for payment of real estate taxes, insurance and maintenance costs by the Company. The lease agreements do not contain any residual value guarantees. Some of the real estate lease agreements include periods of rent holidays and payments that escalate over the lease term by specified amounts. All operating lease expenses are recognized on a straight-line basis over the lease term. For finance leases, interest expense is recognized on the lease liability and the right-of-use asset is amortized over the lease term.

Some leases may require variable lease payments based on factors specific to the individual agreements. Variable lease payments for which we are typically responsible include real estate taxes, insurance and common area maintenance expenses based on the Company’s pro-rata share, which are excluded from the measurement of the lease liability. Additionally, one of the Company’s real estate leases has lease payments that adjust based on annual changes in the Consumer Price Index (“CPI”). The leases that are dependent upon CPI are initially measured using the index or rate at the commencement date and are included in the measurement of the lease liability. Incremental payments due to changes in the index are treated as variable lease costs and expensed as incurred.

These operating leases are included in “Operating lease right-of-use assets” on the Company’s consolidated balance sheets and represent the Company’s right to use the underlying asset for the lease term. The Company’s obligations to make lease payments are included in “Operating lease liabilities, current portion” and “Operating lease liabilities, net of current portion” on the Company’s consolidated balance sheets. Operating lease right-of-use assets and liabilities are recognized at the commencement date based on the present value of lease payments over the lease term. As of December 31, 2024, total right-of-use assets and operating lease liabilities were approximately $3,749,000 and $4,157,000, respectively. As of December 31, 2023, total right-of-use assets and operating lease liabilities were approximately $3,309,000 and $3,710,000, respectively.

We primarily use our incremental borrowing rate, which is updated quarterly, based on the information available at commencement date, in determining the present value of lease payments. If readily available, we would use the implicit rate in a new lease to determine the present value of lease payments. The Company has certain contracts for real estate which may contain lease and non-lease components which it has elected to treat as a single lease component.

The Company has entered into various short-term operating leases, primarily for office equipment with an initial term of twelve months or less. Lease payments associated with short-term leases are expensed as incurred and are not recorded on the Company’s balance sheet. The related lease expense for short-term leases was not material for the year ended December 31, 2024 and 2023.

The following table presents information related to lease expense for the year ended December 31, 2024 and 2023 (in thousands):

	December 31,
	2024		2023
Finance lease expense
Amortization expense	$	648	$	757
Interest expense		244		284
Operating lease expense		1,295		1,402
Variable lease expense		348		367
Total lease expense	$	2,535	$	2,810

The following table presents supplemental cash flow information related to leases (in thousands):

	December 31,
	2024		2023
Cash paid for amounts included in the measurement of lease liabilities:
Operating cash flows from operating leases	$	1,666	$	1,776
Operating cash flows from finance leases		244		284
Financing cash flows from finance leases		1,366		1,168

The annual future minimum lease payments as of December 31, 2024 are as follows (in thousands):

	Operating			Finance
	Leases			Leases
Next 12 months	$	1,212		$	1,645
12 to 24 months		1,124			614
24 to 36 months		1,113			127
36 to 48 months		277			60
48 to 60 months		284			0
Thereafter		1,304			0
Total lease payments		5,314			2,446
Less imputed interest		(1,157	)		(204	)
Total	$	4,157		$	2,242

The following table presents certain information related to lease terms and discount rates for leases as of December 31, 2024 and 2023:

	December 31,
	2024		2023
Weighted-average remaining lease term (years):
Operating leases		5.2		3.6
Finance leases		1.7		2.2

Weighted-average discount rate (percentage):
Operating leases		8.4		8.0
Finance leases		8.7		8.8

Cybersecurity Risk Management Processes Integrated [Text Block]

We maintain a cybersecurity and information security program, which leverages the National Institute of Standards and Technology (“NIST”) 800-171. Risks from cybersecurity threats are regularly evaluated as part of our broader risk management activities and as a fundamental component of our internal control system. The scope of our evaluation encompasses risks that may be associated with both our internally managed IT systems and key business functions and sensitive data operated or managed by third-party service providers.

Cybersecurity Risk Third Party Oversight and Identification Processes [Flag]

true

Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Text Block]

Cybersecurity threats, including as a result of any previous cybersecurity incidents, have not materially affected and we believe are not reasonably likely to affect us, including our business strategy, results of operations or financial condition. We and our third-party service providers have frequently been the target of cybersecurity threats and expect them to continue, and for an additional description of these cybersecurity risks and potential related impacts on us, see “Risk Factors” in Part I, Item 1A of this Annual Report on Form 10-K.

Cybersecurity Risk Role of Management [Text Block]

Management has implemented risk management structures, policies and procedures, and manages our risk exposure on a day-to-day basis. Accordingly, management assesses and responds to cybersecurity threats as part of our ongoing risk assessment and as an internal control over financial reporting. The VP of Administration directs our cybersecurity operations and risk responses. The CISO, who has 30 years of IT architecture, infrastructure and operations experience working directly with the MSP. The CISO reports to the VP of Administration who has 30 years of experience in all facets of IT, business process and controls. The VP of Administration reports to the President, CEO and Chairman of the Board of the Company and reports regularly to the Audit Committee and to the full Board of Directors, providing insights into our cybersecurity posture, incidents, and remediation efforts. VP of Administration meets with the MSP at least once every quarter to review and assess cybersecurity incidents and non-incident threats (and response measures undertaken) to determine if any adjustment to our cybersecurity managed services is required

Cybersecurity Risk Management Positions or Committees Responsible [Text Block]

In accordance with our Guidelines on Corporate Governance, the Board of Directors, both directly and through its committees, oversees the proper functioning of our risk management process. In particular, the Audit and Finance Committee assists the Board in its oversight of management’s responsibility to assess, manage and mitigate risks associated with the Company’s business and operational activities, including data privacy and cybersecurity concerns. The Board and Committee each meet at regularly scheduled and special meetings throughout the year at which meetings management reports to the Board concerning the results of its risk management activities, as well as external factors that may change the levels of business risk to which we are exposed. Specifically, the Audit and Finance Committee receives regular updates from the VP of Administration, as often as necessary but at least once per year, with respect to our cybersecurity threats and responses to any cybersecurity incidents

Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block]

In accordance with our Guidelines on Corporate Governance, the Board of Directors, both directly and through its committees, oversees the proper functioning of our risk management process. In particular, the Audit and Finance Committee assists the Board in its oversight of management’s responsibility to assess, manage and mitigate risks associated with the Company’s business and operational activities, including data privacy and cybersecurity concerns. The Board and Committee each meet at regularly scheduled and special meetings throughout the year at which meetings management reports to the Board concerning the results of its risk management activities, as well as external factors that may change the levels of business risk to which we are exposed. Specifically, the Audit and Finance Committee receives regular updates from the VP of Administration, as often as necessary but at least once per year, with respect to our cybersecurity threats and responses to any cybersecurity incidents