Cybersecurity Risk Management and Strategy Disclosure

12 Months Ended

Dec. 31, 2024

Cybersecurity Risk Management, Strategy, and Governance [Line Items]

Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]

Cybersecurity Risk Management and Strategy

We recognize it is imperative to diligently manage cybersecurity risks as defined in Item 106(a) of Regulation S-K. Such risks include operational risks of ransomware, phishing, fraud, extortion, harm to employees or customers and violation of data privacy or security laws.

We address cybersecurity risks in our business, technical operations, privacy and compliance operations and programs through a diversified approach including threat-monitoring and assessments by third-parties, adopting IT security ISO standards/governance, and proactive risk and compliance reviews. In order to defend against cybersecurity incidents, we carry out real-time cybersecurity threat monitoring of IT assets, perform penetration testing, audit applicable data policies and conduct directed employee training. We also monitor new technologies and existing and emerging laws and regulations related to data protection and information security and implement changes that help to mitigate risk. We maintain an insurance policy that provides certain coverage for losses we incur due to data breaches and other cybersecurity incidents.

We implemented incident response and breach management processes consisting of four stages: 1) monitor for and identify cybersecurity incidents, 2) carry out security incident analysis, 3) contain and recover, and 4) improve with post-incident analysis. Such incident responses are governed by the Cybersecurity Steering Committee.

We regularly engage external auditors to assess our internal cybersecurity programs and compliance and have been certified to conform to the requirements of ISO/IEC 27001.

There are no identified cybersecurity threats that have materially affected or are reasonably likely to materially affect our results of operations, or financial condition as of the date of this Annual Report on Form 10-K. To date, we do not believe we have experienced any material information security breaches and have not incurred significant operating expenses related to information security breaches.

See “Risk Factors” for more information on our cybersecurity risks.

Cybersecurity Risk Management Processes Integrated [Flag]

true

Cybersecurity Risk Management Processes Integrated [Text Block]

We implemented incident response and breach management processes consisting of four stages: 1) monitor for and identify cybersecurity incidents, 2) carry out security incident analysis, 3) contain and recover, and 4) improve with post-incident analysis. Such incident responses are governed by the Cybersecurity Steering Committee.

Cybersecurity Risk Management Third Party Engaged [Flag]

true

Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag]

false

Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Text Block]

There are no identified cybersecurity threats that have materially affected or are reasonably likely to materially affect our results of operations, or financial condition as of the date of this Annual Report on Form 10-K. To date, we do not believe we have experienced any material information security breaches and have not incurred significant operating expenses related to information security breaches.

Cybersecurity Risk Board of Directors Oversight [Text Block]

Cybersecurity Governance

As an important part of our risk management processes, cybersecurity is a focus area for our Board and management. Our Nominating and Corporate Governance Committee (the “NCG Committee”), which consists of independent members of the Board of Directors, is responsible for the oversight of risks from cybersecurity threats. The NCG Committee receives quarterly updates from the Cybersecurity Steering Committee. These updates include existing and emerging cybersecurity threats, risks, cybersecurity incident management and key information security initiatives. The NCG Committee also provides updates to our cybersecurity risk management and strategy programs to the Board of Directors on a quarterly basis.

Our cybersecurity risk management and strategy processes are overseen by the Cybersecurity Steering Committee, which includes individuals with an average of over 18 years of prior work experience in various roles involving IT governance and management, cybersecurity, auditing, and compliance. The Cybersecurity Steering Committee actively participates in the cybersecurity risk management and strategy processes as described above, and regularly reports to senior management and the NCG Committee. 

Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block]

As an important part of our risk management processes, cybersecurity is a focus area for our Board and management. Our Nominating and Corporate Governance Committee (the “NCG Committee”), which consists of independent members of the Board of Directors, is responsible for the oversight of risks from cybersecurity threats. The NCG Committee receives quarterly updates from the Cybersecurity Steering Committee. These updates include existing and emerging cybersecurity threats, risks, cybersecurity incident management and key information security initiatives. The NCG Committee also provides updates to our cybersecurity risk management and strategy programs to the Board of Directors on a quarterly basis.

Cybersecurity Risk Management Positions or Committees Responsible [Flag]

true

Cybersecurity Risk Management Positions or Committees Responsible [Text Block]

Our cybersecurity risk management and strategy processes are overseen by the Cybersecurity Steering Committee, which includes individuals with an average of over 18 years of prior work experience in various roles involving IT governance and management, cybersecurity, auditing, and compliance. The Cybersecurity Steering Committee actively participates in the cybersecurity risk management and strategy processes as described above, and regularly reports to senior management and the NCG Committee.

Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag]

true