Cybersecurity Risk Management, Strategy and Governance |
12 Months Ended |
|---|---|
Dec. 31, 2024 | |
| Cybersecurity Risk Management, Strategy, and Governance [Line Items] | |
| Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block] |
Item 1C. Cybersecurity. Risk Management and Strategy We continue to develop and implement a framework designed to safeguard our organization's digital assets from threats and vulnerabilities as part of our overall risk management system. It involves a systematic approach of identifying, assessing, and mitigating risks associated with our technology systems, data, and operations. Key components of this include:
•
Vulnerability assessments - initiating regular evaluations to identify potential weaknesses in our systems.
•
Security controls and policies - establishing robust security measures and formal company-wide policies.
•
Employee training - training programs to ensure all employees are equipped to prevent and respond to cyber threats effectively.
•
Incident response plan - designing and implementing a well-defined plan for addressing cybersecurity incidents.
•
Continuous monitoring - establishing mechanisms for proactive monitoring of our environment to detect and respond to anomalies.
To ensure alignment with industry best practices we engage consultants or other third parties in conducting periodic assessments and testing of our policies, standards, processes, and practices. Material risks are those that have the potential to cause substantial harm or financial loss. Our approach involves a targeted strategy to protect critical data, systems, and infrastructure against cybersecurity challenges including cyber threats, data breaches, or regulatory compliance issues. Third-party risk mitigation in cybersecurity is a crucial aspect of safeguarding our digital assets and ensuring data integrity and privacy. We monitor and manage the potential vulnerabilities and security gaps that can arise when working with external vendors, partners, or suppliers who have access to sensitive information or systems. We assess the cybersecurity practices of our third parties by evaluating their compliance with security standards. Evaluating third-party compliance helps us mitigate the risks of data breaches or security incidents originating from external sources, ultimately safeguarding our reputation, legal compliance, and overall cybersecurity posture. We believe that the risks from cybersecurity threats, including as a result of any previous cybersecurity events, have not materially affected our business to date. We can provide no assurance that there will not be incidents in the future or that they will not materially affect us, including our business, results of operations, cash flows and financial condition. Governance The audit committee of our board of directors has primary responsibility for overseeing our risk management process relating to cybersecurity, which includes risks arising from cybersecurity threats. The Chief Technology Officer works together with our board of directors, audit committee, and members of executive management (“Cybersecurity Team”) to set the strategic digital landscape. The Cybersecurity Team provides strategic guidance and oversight to ensure our cybersecurity posture is robust and aligned with our overall objectives. The Cybersecurity Team does this by establishing cybersecurity policies and setting risk tolerance levels, approving budgets for security initiatives, and ensuring compliance with relevant regulations and standards. The Cybersecurity Team engages in regular and ad hoc discussions regarding incident response strategies to assess the preparedness for cyber threats and continually evaluates our incident response plans. The Incident Response Team (“IRT”) is led by the Senior Vice President of Information Technology, who is the overall incident response coordinator. The IRT, under the guidance of the Chief Technology Officer, assesses risk and materiality of an incident and engages members of Cybersecurity Team as needed. Through ongoing communications with these teams, the Chief Technology Officer and the Cybersecurity Team are informed about and monitor the prevention, detection, mitigation and remediation of cybersecurity threats and incidents in real time and report such threats and incidents to the board of directors and the audit committee when appropriate. Our Chief Technology Officer’s experience includes various roles in information technology, data analytics, and information security at both public and private companies. Members of the Cybersecurity Team each hold undergraduate and, in some cases, graduate degrees in their respective fields, and each have experience managing risk at the Company or at similar companies, and assessing cybersecurity threats. |
| Cybersecurity Risk Management Third Party Engaged [Flag] | true |
| Cybersecurity Risk Third Party Oversight and Identification Processes [Flag] | true |
| Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag] | false |
| Cybersecurity Risk Board of Directors Oversight [Text Block] |
The Chief Technology Officer works together with our board of directors, audit committee, and members of executive management (“Cybersecurity Team”) to set the strategic digital landscape. The Cybersecurity Team provides strategic guidance and oversight to ensure our cybersecurity posture is robust and aligned with our overall objectives. The Cybersecurity Team does this by establishing cybersecurity policies and setting risk tolerance levels, approving budgets for security initiatives, and ensuring compliance with relevant regulations and standards. The Cybersecurity Team engages in regular and ad hoc discussions regarding incident response strategies to assess the preparedness for cyber threats and continually evaluates our incident response plans. The Incident Response Team (“IRT”) is led by the Senior Vice President of Information Technology, who is the overall incident response coordinator. The IRT, under the guidance of the Chief Technology Officer, assesses risk and materiality of an incident and engages members of Cybersecurity Team as needed. Through ongoing communications with these teams, the Chief Technology Officer and the Cybersecurity Team are informed about and monitor the prevention, detection, mitigation and remediation of cybersecurity threats and incidents in real time and report such threats and incidents to the board of directors and the audit committee when appropriate. |
| Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block] | The Chief Technology Officer works together with our board of directors, audit committee, and members of executive management (“Cybersecurity Team”) to set the strategic digital landscape. The Cybersecurity Team provides strategic guidance and oversight to ensure our cybersecurity posture is robust and aligned with our overall objectives. The Cybersecurity Team does this by establishing cybersecurity policies and setting risk tolerance levels, approving budgets for security initiatives, and ensuring compliance with relevant regulations and standards. The Cybersecurity Team engages in regular and ad hoc discussions regarding incident response strategies to assess the preparedness for cyber threats and continually evaluates our incident response plans. |
| Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block] |
Through ongoing communications with these teams, the Chief Technology Officer and the Cybersecurity Team are informed about and monitor the prevention, detection, mitigation and remediation of cybersecurity threats and incidents in real time and report such threats and incidents to the board of directors and the audit committee when appropriate. |
| Cybersecurity Risk Role of Management [Text Block] |
The Chief Technology Officer works together with our board of directors, audit committee, and members of executive management (“Cybersecurity Team”) to set the strategic digital landscape. The Cybersecurity Team provides strategic guidance and oversight to ensure our cybersecurity posture is robust and aligned with our overall objectives. The Cybersecurity Team does this by establishing cybersecurity policies and setting risk tolerance levels, approving budgets for security initiatives, and ensuring compliance with relevant regulations and standards. The Cybersecurity Team engages in regular and ad hoc discussions regarding incident response strategies to assess the preparedness for cyber threats and continually evaluates our incident response plans. The Incident Response Team (“IRT”) is led by the Senior Vice President of Information Technology, who is the overall incident response coordinator. The IRT, under the guidance of the Chief Technology Officer, assesses risk and materiality of an incident and engages members of Cybersecurity Team as needed. Through ongoing communications with these teams, the Chief Technology Officer and the Cybersecurity Team are informed about and monitor the prevention, detection, mitigation and remediation of cybersecurity threats and incidents in real time and report such threats and incidents to the board of directors and the audit committee when appropriate |
| Cybersecurity Risk Management Positions or Committees Responsible [Flag] | true |
| Cybersecurity Risk Management Positions or Committees Responsible [Text Block] | The Chief Technology Officer works together with our board of directors, audit committee, and members of executive management (“Cybersecurity Team”) to set the strategic digital landscape. The Cybersecurity Team provides strategic guidance and oversight to ensure our cybersecurity posture is robust and aligned with our overall objectives. The Cybersecurity Team does this by establishing cybersecurity policies and setting risk tolerance levels, approving budgets for security initiatives, and ensuring compliance with relevant regulations and standards. |
| Cybersecurity Risk Management Expertise of Management Responsible [Text Block] |
Our Chief Technology Officer’s experience includes various roles in information technology, data analytics, and information security at both public and private companies. Members of the Cybersecurity Team each hold undergraduate and, in some cases, graduate degrees in their respective fields, and each have experience managing risk at the Company or at similar companies, and assessing cybersecurity threats. |
| Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block] | The Cybersecurity Team engages in regular and ad hoc discussions regarding incident response strategies to assess the preparedness for cyber threats and continually evaluates our incident response plans. |
| Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag] | true |