|
Cybersecurity Risk Management, Strategy, and Governance
|12 Months Ended
Dec. 31, 2024
|Cybersecurity Risk Management, Strategy, and Governance [Line Items]
|Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]
|
Item 1C. Cybersecurity.
Overview
We are cognizant of the evolving risks associated with cybersecurity and recognize a material cybersecurity incident could adversely impact our financial results and condition. We further recognize the importance of maintaining processes to identify, mitigate, and manage those cybersecurity threats. No cybersecurity threats occurred during the year ended December 31, 2024 that have had, or are reasonably likely to have had, a material impact on our business strategy, results of operations, or financial condition. However, if as a result of any future attacks, our information technology systems are significantly damaged, cease to function properly or are subject to a significant cybersecurity breach, we may suffer an interruption in our ability to manage and operate our business, and our business strategy, results of operations or financial condition could be adversely affected. Such attacks, whether or not successful, could result in significant costs related to, for example, repairing or replacing our IT systems; the loss of critical data; and interruptions or delays in our ability to perform critical functions. In addition, the volume, frequency and sophistication of these threats (including through the use of artificial intelligence) continues to grow and the complexity and scale of the systems to be protected continues to increase.
We utilize the National Institute of Standards and Technology (“NIST”) framework with our security program to identify, mitigate, and manage cybersecurity risks. We have implemented controls and a formal security policy following this framework. This security policy functions in conjunction with other policies, such as our acceptable use policy and our mobile device policy. We also maintain a specific incident response policy and procedure document including notification and participation of key workforce personnel and external stakeholders to contain, eradicate, and recover from any security incidents.
The Company emphasizes the importance of security awareness to our workforce through the administration of third-party cybersecurity training and prioritizes the monitoring and prevention of unauthorized access to Company information technology (“IT”) assets such as networks, computers, mobile devices, applications, and stored information. Our internal IT team considers
cybersecurity capabilities of third-party service providers prior to engaging them and on an ongoing basis. Our key external IT vendors provide the Company with system and organizational control reports that are reviewed by our internal IT team and may reveal potential security risks.
A third-party managed security services provider (“MSSP”) works in tandem with our internal IT team to implement and maintain processes and procedures to detect and handle identified security incidents, including the performance of phishing simulations to evaluate our workforce’s ability to recognize malicious emails. Our MSSP team leaders have significant experience working in cybersecurity and employ a trained workforce designed to provide proactive and comprehensive cybersecurity care. Together with our MSSP, we also monitor the frequency and extent of cybersecurity threats and update our processes and procedures as necessary. On an annual basis, our internal auditors conduct penetration testing and other assessments.
Governance
Our Board of Directors considers cybersecurity risk as part of its risk oversight function and has delegated to the Audit Committee primary responsibility for oversight of our risk management programs, including processes and procedures related to cybersecurity threats and incidents. The Audit Committee oversees management’s implementation of our cybersecurity risk management program.
The Company’s cybersecurity risk management program is under the direction of our Director of IT, who reports directly to our Chief Financial Officer and has over two decades of experience in the field of information technology and security. Our Director of IT drives collective focus and central coordination of our cybersecurity risk management program internally and oversees our retained external MSSP personnel. Management reports to the Audit Committee, at least quarterly, and more frequently if needed, on the Company’s cybersecurity risk management program, including periodic assessments and tests addressing cybersecurity threats and incidents.
|Cybersecurity Risk Management Processes Integrated [Flag]
|true
|Cybersecurity Risk Management Processes Integrated [Text Block]
|
We utilize the National Institute of Standards and Technology (“NIST”) framework with our security program to identify, mitigate, and manage cybersecurity risks. We have implemented controls and a formal security policy following this framework. This security policy functions in conjunction with other policies, such as our acceptable use policy and our mobile device policy. We also maintain a specific incident response policy and procedure document including notification and participation of key workforce personnel and external stakeholders to contain, eradicate, and recover from any security incidents.
|Cybersecurity Risk Management Third Party Engaged [Flag]
|true
|Cybersecurity Risk Third Party Oversight and Identification Processes [Flag]
|true
|Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag]
|false
|Cybersecurity Risk Board of Directors Oversight [Text Block]
|
Our Board of Directors considers cybersecurity risk as part of its risk oversight function and has delegated to the Audit Committee primary responsibility for oversight of our risk management programs, including processes and procedures related to cybersecurity threats and incidents. The Audit Committee oversees management’s implementation of our cybersecurity risk management program.
The Company’s cybersecurity risk management program is under the direction of our Director of IT, who reports directly to our Chief Financial Officer and has over two decades of experience in the field of information technology and security. Our Director of IT drives collective focus and central coordination of our cybersecurity risk management program internally and oversees our retained external MSSP personnel. Management reports to the Audit Committee, at least quarterly, and more frequently if needed, on the Company’s cybersecurity risk management program, including periodic assessments and tests addressing cybersecurity threats and incidents.
|Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block]
|the Audit Committee primary responsibility for oversight of our risk management programs, including processes and procedures related to cybersecurity threats and incidents
|Cybersecurity Risk Role of Management [Text Block]
|
The Company’s cybersecurity risk management program is under the direction of our Director of IT, who reports directly to our Chief Financial Officer and has over two decades of experience in the field of information technology and security. Our Director of IT drives collective focus and central coordination of our cybersecurity risk management program internally and oversees our retained external MSSP personnel. Management reports to the Audit Committee, at least quarterly, and more frequently if needed, on the Company’s cybersecurity risk management program, including periodic assessments and tests addressing cybersecurity threats and incidents.
|Cybersecurity Risk Management Positions or Committees Responsible [Flag]
|true
|Cybersecurity Risk Management Positions or Committees Responsible [Text Block]
|Our Director of IT drives collective focus and central coordination of our cybersecurity risk management program internally and oversees our retained external MSSP personnel
|Cybersecurity Risk Management Expertise of Management Responsible [Text Block]
|over two decades of experience in the field of information technology and security
|Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block]
|Management reports to the Audit Committee, at least quarterly, and more frequently if needed, on the Company’s cybersecurity risk management program, including periodic assessments and tests addressing cybersecurity threats and incidents.
|Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag]
|true
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef