XML 39 R26.htm IDEA: XBRL DOCUMENT v3.25.1
Cybersecurity Risk Management and Strategy Disclosure
 12 Months Ended
Dec. 31, 2024
Cybersecurity Risk Management, Strategy, and Governance [Line Items]  
Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]

Risk Management and Strategy

We recognize the importance of assessing, identifying, and managing risks associated with cybersecurity threats. Accordingly, we address these risks by implementing and maintaining processes, and technologies designed to prevent, detect, and mitigate incidents that could pose cybersecurity risk. We are equally subject to various cybersecurity risks that could adversely affect our business, financial condition, and results of operations, including: intellectual property theft; fraud; extortion; harm to employees or customers; interruption of business activities and activities of our customers; violation of privacy laws; litigation and legal risk; and reputational risk. In adopting our risk assessment and management program, we are committed to safeguarding our systems and data.

We have implemented a risk-based approach, guided by Federal Information Processing Standards Publication 199, to identify, classify, and appropriately assess the range of cybersecurity threats that could affect our business and information systems. We also rely on information technology and third-party vendors to support our operations, including our secure processing of personal, confidential, sensitive, proprietary, and other types of information. Our cybersecurity risk management program is integrated into our overall enterprise risk management program, and shares common methodologies, reporting channels, and governance processes that apply across the enterprise risk management program to other legal, compliance, strategic, operational, and financial risk areas.

Additionally, we monitor emerging laws, industry standards, and regulations related to information security and data protection. Although we have not experienced any cybersecurity incidents or threats that have materially affected or are reasonably likely to materially affect our business strategy, results of operations, or financial condition to date, and though we are actively monitoring our networks and access points by implementing security updates regularly, we cannot provide any assurance that there will not be incidents or threats in the future that may materially affect us, including our business strategy, results of operations, or financial condition.

Our cybersecurity policies, standards, processes, and practices are regularly assessed and these assessments incorporate various activities including information security assessments and independent reviews of our information security control environment and operating effectiveness. We utilize managed detection and response systems, endpoint protection, content filtering aimed at blocking malware and software to eliminate phishing, ransomware, and fraud. We also utilize multi-factor authentication on all sensitive applications and information entry-points, review access to data regularly, and have failover-protected business disaster recovery and backup storage systems. The Company conducts cybersecurity training and testing programs regularly.
Cybersecurity Risk Third Party Oversight and Identification Processes [Flag] true
Cybersecurity Risk Management Processes Integrated [Text Block] Our cybersecurity risk management program is integrated into our overall enterprise risk management program, and shares common methodologies, reporting channels, and governance processes that apply across the enterprise risk management program to other legal, compliance, strategic, operational, and financial risk areas.
Cybersecurity Risk Management Processes Integrated [Flag] true
Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Text Block]

Additionally, we monitor emerging laws, industry standards, and regulations related to information security and data protection. Although we have not experienced any cybersecurity incidents or threats that have materially affected or are reasonably likely to materially affect our business strategy, results of operations, or financial condition to date, and though we are actively monitoring our networks and access points by implementing security updates regularly, we cannot provide any assurance that there will not be incidents or threats in the future that may materially affect us, including our business strategy, results of operations, or financial condition.
Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag] true
Cybersecurity Risk Management Positions or Committees Responsible [Text Block]

Governance

Pursuant to our risk management policy, responsibility for the implementation of our risk management policy resides with the Chief Financial Officer. Management performs a periodic assessment (at least annual) of compliance, financial, IT, and fraud risks. Responses are consolidated and reviewed with management and the Audit Committee. The result of the risk assessment effort is leveraged to formalize management’s operating effectiveness testing plan for the next year. The Audit Committee receives an update on the Company’s risk management process, risk trends and any incidents at least annually from the management team. In the event of any incident, the Company expects to notify the Audit Committee immediately, or as soon as possible.

For additional information regarding cybersecurity risks, see Item 1A “Risk Factors.”
Cybersecurity Risk Management Positions or Committees Responsible [Flag] true