|
Cybersecurity Risk Management and Strategy Disclosure
|12 Months Ended
Dec. 31, 2024
|Cybersecurity Risk Management, Strategy, and Governance [Line Items]
|Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]
|
Risk Management and Strategy
We recognize the importance of safeguarding the security of our computer systems, software, networks, and other technology assets. Accordingly, we have implemented processes for identifying, assessing, and mitigating cybersecurity risks as part of our Enterprise Risk Management (ERM) process. In line with recognized industry standards - including, but not limited to, the National Institute of Standards and Technology (NIST) Cybersecurity Framework, the General Data Protection Regulation (GDPR), and the Network & Information Systems Directive 2022 (NIS2) - we maintain a comprehensive cybersecurity risk management program. Our IT infrastructure and information security management systems have also been ISO 27001:2022 certified, underscoring our commitment to integrity, transparency, and data safety.
Our cybersecurity program integrates several key components, including information security policies and operating procedures, periodic risk assessments and other vulnerability analyses, and ongoing monitoring of critical cybersecurity risks using automated tools. In addition, all employees undergo cybersecurity training both during onboarding and periodically throughout the year. We also conduct regular phishing simulations to heighten employees’ awareness of spoofed or manipulated electronic communications and other cyber threats.
We maintain a Cybersecurity Incident Response Plan, or CIRP designed to guide our response to incidents, including measures to mitigate and contain potential cybersecurity incidents that could affect our systems, networks, or data. The CIRP identifies specific individuals responsible for developing, maintaining, and following incident-response procedures (including escalation processes). We also engage external third-party consultants to perform annual penetration testing and periodic vulnerability assessments, and we conduct annual assessments of our cybersecurity program for alignment with the NIST Cybersecurity Framework and the International Maritime Organization’s (IMO) guidelines, among others.
To date, risks from cybersecurity threats have not materially affected us, and we do not believe they are reasonably likely to materially affect our business strategy, results of operations, or financial condition. Nevertheless, we may occasionally experience threats to, and security incidents affecting, our data and systems. We will promptly disclose any material cybersecurity incident in accordance with applicable SEC requirements. For more information, please see the risk factor entitled “We rely on our information systems to conduct our business, and failure to protect these systems against security breaches could adversely affect our business and results of operations. Additionally, if these systems fail or become unavailable for any significant period of time, our business could be harmed.” under “Item 3—Key Information—Risk Factors” in this annual report.
|Cybersecurity Risk Management Processes Integrated [Flag]
|true
|Cybersecurity Risk Management Processes Integrated [Text Block]
|
We recognize the importance of safeguarding the security of our computer systems, software, networks, and other technology assets. Accordingly, we have implemented processes for identifying, assessing, and mitigating cybersecurity risks as part of our Enterprise Risk Management (ERM) process. In line with recognized industry standards - including, but not limited to, the National Institute of Standards and Technology (NIST) Cybersecurity Framework, the General Data Protection Regulation (GDPR), and the Network & Information Systems Directive 2022 (NIS2) - we maintain a comprehensive cybersecurity risk management program. Our IT infrastructure and information security management systems have also been ISO 27001:2022 certified, underscoring our commitment to integrity, transparency, and data safety.
Our cybersecurity program integrates several key components, including information security policies and operating procedures, periodic risk assessments and other vulnerability analyses, and ongoing monitoring of critical cybersecurity risks using automated tools. In addition, all employees undergo cybersecurity training both during onboarding and periodically throughout the year. We also conduct regular phishing simulations to heighten employees’ awareness of spoofed or manipulated electronic communications and other cyber threats.
|Cybersecurity Risk Management Third Party Engaged [Flag]
|true
|Cybersecurity Risk Third Party Oversight and Identification Processes [Flag]
|true
|Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag]
|false
|Cybersecurity Risk Board of Directors Oversight [Text Block]
|
Governance
To oversee our cybersecurity risk management program and policies, the role and responsibilities of the Chief Information Security Officer have been assigned to an external IT advisory company. The Chief Information Security Officer has primary responsibility for strategy, governance, and risk oversight of our cybersecurity measures, working in cooperation with our Head of IT and under the guidance of our Chief Operating Officer. The IT Department, led by the Head of IT—who has approximately 30 years of experience in information technology and cybersecurity risk management—implements the technical controls and processes designed to mitigate cybersecurity risks, as well as regularly monitoring and updating these measures to adapt to evolving threats. In addition, the IT Department oversees a Security Operations Center (SOC) that is operated by an external provider, employing specialized technology professionals who continuously monitor our systems for potential cybersecurity risks.
We also maintain processes to oversee and identify material cybersecurity risks arising from our use of third-party service providers. These processes include comprehensive vendor evaluations prior to engagement, ongoing audits and testing to verify adherence to our security policies, and contractual provisions requiring vendors to meet our cybersecurity standards. By proactively assessing potential vulnerabilities within our supply chain and continuously monitoring vendor performance, we seek to mitigate any cybersecurity threats that could significantly impact our operations.
As part of our Board of Directors’ ERM process, the Board has ultimate responsibility for overseeing cybersecurity risk management. The Audit Committee, which receives updates on cybersecurity at least quarterly (and more frequently if circumstances warrant), has day-to-day oversight of our cybersecurity program. Pursuant to its charter, the Audit Committee reviews our cybersecurity and other information technology risks, controls, and procedures, including our plans for cybersecurity risk mitigation and incident response. The Compliance Officer, alongside the Chief Operating Officer, provides periodic reports to the Audit Committee on cybersecurity and other IT risks. In the event of a cybersecurity incident that presents a critical risk to the Company, the Chief Operating Officer (and/or the Compliance Officer) would promptly report such incident to our Board of Directors, consistent with our escalation process.
|Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block]
|Chief Information Security Officer
|Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block]
|
As part of our Board of Directors’ ERM process, the Board has ultimate responsibility for overseeing cybersecurity risk management. The Audit Committee, which receives updates on cybersecurity at least quarterly (and more frequently if circumstances warrant), has day-to-day oversight of our cybersecurity program. Pursuant to its charter, the Audit Committee reviews our cybersecurity and other information technology risks, controls, and procedures, including our plans for cybersecurity risk mitigation and incident response. The Compliance Officer, alongside the Chief Operating Officer, provides periodic reports to the Audit Committee on cybersecurity and other IT risks. In the event of a cybersecurity incident that presents a critical risk to the Company, the Chief Operating Officer (and/or the Compliance Officer) would promptly report such incident to our Board of Directors, consistent with our escalation process.
|Cybersecurity Risk Role of Management [Text Block]
|
To oversee our cybersecurity risk management program and policies, the role and responsibilities of the Chief Information Security Officer have been assigned to an external IT advisory company. The Chief Information Security Officer has primary responsibility for strategy, governance, and risk oversight of our cybersecurity measures, working in cooperation with our Head of IT and under the guidance of our Chief Operating Officer. The IT Department, led by the Head of IT—who has approximately 30 years of experience in information technology and cybersecurity risk management—implements the technical controls and processes designed to mitigate cybersecurity risks, as well as regularly monitoring and updating these measures to adapt to evolving threats. In addition, the IT Department oversees a Security Operations Center (SOC) that is operated by an external provider, employing specialized technology professionals who continuously monitor our systems for potential cybersecurity risks.
|Cybersecurity Risk Management Positions or Committees Responsible [Flag]
|true
|Cybersecurity Risk Management Positions or Committees Responsible [Text Block]
|The IT Department, led by the Head of IT
|Cybersecurity Risk Management Expertise of Management Responsible [Text Block]
|The IT Department, led by the Head of IT—who has approximately 30 years of experience in information technology and cybersecurity risk management—implements the technical controls and processes designed to mitigate cybersecurity risks, as well as regularly monitoring and updating these measures to adapt to evolving threats.
|Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block]
|
To oversee our cybersecurity risk management program and policies, the role and responsibilities of the Chief Information Security Officer have been assigned to an external IT advisory company. The Chief Information Security Officer has primary responsibility for strategy, governance, and risk oversight of our cybersecurity measures, working in cooperation with our Head of IT and under the guidance of our Chief Operating Officer. The IT Department, led by the Head of IT—who has approximately 30 years of experience in information technology and cybersecurity risk management—implements the technical controls and processes designed to mitigate cybersecurity risks, as well as regularly monitoring and updating these measures to adapt to evolving threats. In addition, the IT Department oversees a Security Operations Center (SOC) that is operated by an external provider, employing specialized technology professionals who continuously monitor our systems for potential cybersecurity risks.
As part of our Board of Directors’ ERM process, the Board has ultimate responsibility for overseeing cybersecurity risk management. The Audit Committee, which receives updates on cybersecurity at least quarterly (and more frequently if circumstances warrant), has day-to-day oversight of our cybersecurity program. Pursuant to its charter, the Audit Committee reviews our cybersecurity and other information technology risks, controls, and procedures, including our plans for cybersecurity risk mitigation and incident response. The Compliance Officer, alongside the Chief Operating Officer, provides periodic reports to the Audit Committee on cybersecurity and other IT risks. In the event of a cybersecurity incident that presents a critical risk to the Company, the Chief Operating Officer (and/or the Compliance Officer) would promptly report such incident to our Board of Directors, consistent with our escalation process.
|Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag]
|true
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef