XML 51 R29.htm IDEA: XBRL DOCUMENT v3.25.1
Cybersecurity Risk Management and Strategy Disclosure
 12 Months Ended
Dec. 31, 2024
Cybersecurity Risk Management, Strategy, and Governance [Line Items]  
Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]
Cybersecurity Risk Management and Strategy
We recognize the importance of assessing, identifying, and managing material risks associated with cybersecurity threats, as such term is defined in Item 106(a) of Regulation S-K. These risks include, among other things: operational risks, intellectual property theft, fraud, extortion, harm to employees or customers and violation of data privacy or security laws.
Identifying and assessing cybersecurity risk is integrated into our overall risk management systems and processes. Cybersecurity risks related to our business, technical operations, privacy and compliance issues are identified and addressed through a multi-faceted approach including third party assessments, internal IT Audit, IT security, governance, risk and compliance reviews. To defend, detect and respond to cybersecurity incidents, we, among other things: conduct proactive privacy and cybersecurity reviews of systems and applications, audit applicable data policies, perform penetration testing using external third-party tools and techniques to test security controls, conduct employee training, monitor emerging laws and regulations related to data protection and information security and implement appropriate changes.
Security events and data incidents are evaluated, ranked by severity and prioritized for response and remediation. Incidents are evaluated to determine materiality as well as operational and business impact, and reviewed for privacy impact.
Cybersecurity risks are evaluated when determining the selection and oversight of applicable third-party service provider risks when handling and/or processing our employee, business or customer data. In addition to new vendor onboarding, we perform risk management during third-party cybersecurity compromise incidents to identify and mitigate risks to us from third-party incidents.
We describe whether and how risks from identified cybersecurity threats, including as a result of any previous cybersecurity incidents, have materially affected or are reasonably likely to materially affect us, including our business strategy, results of
operations, or financial condition, under the heading “Security breaches and other disruptions could compromise our information systems and expose us to liability, which could cause our business and reputation to suffer” included as part of our risk factor disclosures at Item 1A of this Annual Report on Form 10-K.
Cybersecurity Risk Management Processes Integrated [Flag] true
Cybersecurity Risk Management Processes Integrated [Text Block] Identifying and assessing cybersecurity risk is integrated into our overall risk management systems and processes.
Cybersecurity Risk Management Third Party Engaged [Flag] true
Cybersecurity Risk Third Party Oversight and Identification Processes [Flag] true
Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag] false
Cybersecurity Risk Board of Directors Oversight [Text Block]
Cybersecurity Governance
Cybersecurity is an important part of our risk management processes and an area of focus for our Board and management. Our Audit Committee is responsible for the oversight of risks from cybersecurity threats. Members of the Audit Committee receive updates periodically from senior management regarding matters of cybersecurity. This includes existing and new cybersecurity risks, status on how management is addressing and/or mitigating those risks, cybersecurity and data privacy incidents (if any) and status on key information security initiatives. Our Board members also engage in ad hoc conversations with management on cybersecurity-related news events and discuss any updates to our cybersecurity risk management and strategy programs.
Our cybersecurity risk management and strategy processes are overseen by our CFO and CLO. These individuals are informed about, and monitor the prevention, mitigation, detection and remediation of cybersecurity incidents through their management of, and participation in, the cybersecurity risk management and strategy processes described above, including the operation of our incident response plan, and report to the Audit Committee on any appropriate items.
Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block] Our Audit Committee is responsible for the oversight of risks from cybersecurity threats.
Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block] Members of the Audit Committee receive updates periodically from senior management regarding matters of cybersecurity. This includes existing and new cybersecurity risks, status on how management is addressing and/or mitigating those risks, cybersecurity and data privacy incidents (if any) and status on key information security initiatives. Our Board members also engage in ad hoc conversations with management on cybersecurity-related news events and discuss any updates to our cybersecurity risk management and strategy programs.
Cybersecurity Risk Role of Management [Text Block]
Our cybersecurity risk management and strategy processes are overseen by our CFO and CLO. These individuals are informed about, and monitor the prevention, mitigation, detection and remediation of cybersecurity incidents through their management of, and participation in, the cybersecurity risk management and strategy processes described above, including the operation of our incident response plan, and report to the Audit Committee on any appropriate items.
Cybersecurity Risk Management Positions or Committees Responsible [Flag] true
Cybersecurity Risk Management Positions or Committees Responsible [Text Block] Our cybersecurity risk management and strategy processes are overseen by our CFO and CLO.
Cybersecurity Risk Management Expertise of Management Responsible [Text Block]
Our cybersecurity risk management and strategy processes are overseen by our CFO and CLO. These individuals are informed about, and monitor the prevention, mitigation, detection and remediation of cybersecurity incidents through their management of, and participation in, the cybersecurity risk management and strategy processes described above, including the operation of our incident response plan, and report to the Audit Committee on any appropriate items.
Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block] Members of the Audit Committee receive updates periodically from senior management regarding matters of cybersecurity. This includes existing and new cybersecurity risks, status on how management is addressing and/or mitigating those risks, cybersecurity and data privacy incidents (if any) and status on key information security initiatives. Our Board members also engage in ad hoc conversations with management on cybersecurity-related news events and discuss any updates to our cybersecurity risk management and strategy programs.
Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag] true