XML 52 R34.htm IDEA: XBRL DOCUMENT v3.25.4
Cybersecurity Risk Management and Strategy Disclosure
 12 Months Ended
Dec. 31, 2025
Cybersecurity Risk Management, Strategy, and Governance [Line Items]  
Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]

We engage subject matter experts such as consultants to assist us in establishing processes to assess, identify, and manage potential and actual cybersecurity threats, to actively monitor our systems internally using widely accepted digital applications, processes, and controls, and to provide forensic assistance to facilitate system recovery in the case of an incident. The Enterprise Incident Response Team oversees and establishes the parameters of our engagement with these experts to ensure we obtain the supplement assistance needed in this area, if any.

Cybersecurity Risk Management Processes Integrated [Flag] true
Cybersecurity Risk Management Processes Integrated [Text Block] Our Enterprise Risk Management Committee receives reports on the Company’s cybersecurity program and developments from our Vice President of Information Technology. Our Enterprise Risk Management Committee and our Vice President of Information Technology report to the Company’s Board of Directors at each of the regularly scheduled quarterly meetings. These reports include analyses of recent cybersecurity threats and incidents across the industry, as well as a review of our own security controls, assessments and program maturity, and risk mitigation status;
Cybersecurity Risk Management Third Party Engaged [Flag] true
Cybersecurity Risk Third Party Oversight and Identification Processes [Flag] true
Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag] false
Cybersecurity Risk Board of Directors Oversight [Text Block]

The Board’s active engagement in the oversight of our cybersecurity program includes:

1.Our Enterprise Risk Management Committee receives reports on the Company’s cybersecurity program and developments from our Vice President of Information Technology. Our Enterprise Risk Management Committee and our Vice President of Information Technology report to the Company’s Board of Directors at each of the regularly scheduled quarterly meetings. These reports include analyses of recent cybersecurity threats and incidents across the industry, as well as a review of our own security controls, assessments and program maturity, and risk mitigation status;

2.We have a cross-functional approach to addressing cybersecurity risk, with digital technology, legal, and the corporate audit functions presenting to the Enterprise Risk Management Committee on key cybersecurity topics; and

3.On at least an annual basis, the full Board of Directors receives a comprehensive cybersecurity review, including director education from third-party cybersecurity experts.
Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block] The Enterprise Incident Response Team
Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block] Our Enterprise Risk Management Committee and our Vice President of Information Technology report to the Company’s Board of Directors at each of the regularly scheduled quarterly meetings. These reports include analyses of recent cybersecurity threats and incidents across the industry, as well as a review of our own security controls, assessments and program maturity, and risk mitigation status
Cybersecurity Risk Role of Management [Text Block] The Technology and Safety Committee of the Board of Directors reviews the integrity of information technology systems, including the potential for cybersecurity threats. In addition, the Risk Oversight Committee monitors management’s identification and evaluation of major strategic, operational, regulatory, information technology, cyber security and other external risks inherent in the Company’s business
Cybersecurity Risk Management Positions or Committees Responsible [Flag] true
Cybersecurity Risk Management Positions or Committees Responsible [Text Block] Vice President of Information Technology
Cybersecurity Risk Management Expertise of Management Responsible [Text Block] Our Vice President of Information Technology, reporting to our Chief Administrative Officer, has principal responsibility for assessing and managing cybersecurity risks and threats, implementing the systems necessary to address such risks and threats and preparing updates for the Risk Oversight Committee and the Board of Directors. Our Vice President of Information Technology has over 20 years of experience in the cybersecurity field, including with implementing advanced cybersecurity and risk management strategies, audits, compliance with regulatory requirements and applying various security frameworks such as ISO 27001 and NIST. Our Senior Director of Cybersecurity Governance reports to our Vice President of Information Technology and is responsible for the operation of our cybersecurity program and management of our cybersecurity team. Our Senior Director of Cybersecurity Governance has over 15 years of experience in the cybersecurity field including experience with risk assessments, implementing of industry-leading security tools, conducting security reviews of system implementations and cyber risk management strategies.
Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block] Activities include mandatory training for all employees, technical security controls, enhanced data protection, the maintenance of backup and protective systems, policy review and implementation, the evaluation of cybersecurity insurance, periodic assessments of third-party service providers to assess cyber preparedness of key vendors, and running simulated cybersecurity drills, including vulnerability scanning, penetration testing and disaster recovery exercises, throughout the organization.
Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag] true