XML 41 R25.htm IDEA: XBRL DOCUMENT v3.25.1
Cybersecurity Risk Management and Strategy Disclosure
 12 Months Ended
Dec. 31, 2024
Cybersecurity Risk Management, Strategy, and Governance [Line Items]  
Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]

Risk Management and Strategy

We engage a third-party Managed Service Provider (“MSP”) to implement technology infrastructure and oversee its tactical operations. Our MSP employs multiple people with experience in technical leadership, system architecture, network infrastructure and cybersecurity. We believe using an MSP provides economies of scale for a smaller-sized company such as ours, by allowing us access to a broad range of experience and tool sets that would otherwise be difficult to acquire in-house. Our MSP uses specialized third-party services and tool sets for identifying, protecting against, and detecting cyber incidents. Through these services and tools, our detection capabilities include, but are not limited to, near real-time monitoring, intrusion detection systems, and advanced analytics to identify abnormal patterns of behavior. These third-party detection tools provide near real-time alerts, log aggregation, and threat intelligence feeds.

In addition, we have engaged cybersecurity consultants, unaffiliated with our MSP, to advise management, assess our technology tools and review our cybersecurity practices. Our consultants utilized the National Institute of Standards and Technology (“NIST”) Cybersecurity Framework to assess our cybersecurity risk and governance practices. The NIST Cybersecurity Framework enables organizations, regardless of size, to apply principles and best practices of risk management to improve security and resilience.

Material Impact of Cybersecurity Threats

While to date we are not aware of any material information security breaches and have not incurred significant operating expenses related to information security breaches, we acknowledge the persistent and evolving nature of these threats, which have the potential to materially impact our business strategy, operations, and financial standing adversely. See Item 1A, “Risk Factors” under the risks related to our business section for more information. Our incident response practices require incident assessments to be conducted in concert with our Chief Executive Officer, Chief Financial Officer and MSP. This enables faster response and effective communication, including public disclosure if a material cybersecurity event were to occur.
Cybersecurity Risk Management Processes Integrated [Flag] true
Cybersecurity Risk Management Processes Integrated [Text Block]

We recognize the critical importance of developing, implementing, and maintaining robust cybersecurity measures to safeguard our information systems and protect the confidentiality, integrity, and availability of our data.

We engage a third-party Managed Service Provider (“MSP”) to implement technology infrastructure and oversee its tactical operations. Our MSP employs multiple people with experience in technical leadership, system architecture, network infrastructure and cybersecurity. We believe using an MSP provides economies of scale for a smaller-sized company such as ours, by allowing us access to a broad range of experience and tool sets that would otherwise be difficult to acquire in-house. Our MSP uses specialized third-party services and tool sets for identifying, protecting against, and detecting cyber incidents. Through these services and tools, our detection capabilities include, but are not limited to, near real-time monitoring, intrusion detection systems, and advanced analytics to identify abnormal patterns of behavior. These third-party detection tools provide near real-time alerts, log aggregation, and threat intelligence feeds.
Cybersecurity Risk Management Third Party Engaged [Flag] true
Cybersecurity Risk Third Party Oversight and Identification Processes [Flag] true
Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag] false
Cybersecurity Risk Board of Directors Oversight [Text Block]

The audit and risk committee of our Board (the “Audit Committee”) oversees risks related to cybersecurity, including the security of corporate information and the steps management takes to monitor and control these risks. Management regularly briefs the audit committee on our cybersecurity risk profile, potential threats, and continuous improvement initiatives. Our approach to managing cybersecurity risks is part of a continuous improvement process, both in the context of cybersecurity and broader operational risk management. This ongoing process, which includes employee training, is aimed at routinely reviewing and, as necessary, enhancing our oversight processes and tools to ensure they remain effective and resilient in their management of cybersecurity risk.
Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block] The audit and risk committee of our Board
Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block] Management regularly briefs the audit committee on our cybersecurity risk profile, potential threats, and continuous improvement initiatives.
Cybersecurity Risk Role of Management [Text Block] Our approach to managing cybersecurity risks is part of a continuous improvement process, both in the context of cybersecurity and broader operational risk management. This ongoing process, which includes employee training, is aimed at routinely reviewing and, as necessary, enhancing our oversight processes and tools to ensure they remain effective and resilient in their management of cybersecurity risk.
Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag] true