Cybersecurity Risk Management and Strategy Disclosure

12 Months Ended

Dec. 31, 2024

Cybersecurity Risk Management, Strategy, and Governance [Line Items]

Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]

We have an information security program designed to identify, protect, detect and respond to and manage reasonably foreseeable cybersecurity risks and threats. To protect our information systems from cybersecurity threats, we use various security tools that help prevent, identify, escalate, investigate, resolve and recover from identified vulnerabilities and security incidents in a timely manner. These include, but are not limited to, internal reporting, monitoring and detection tools.

We regularly assess risks from cybersecurity and technology threats and monitor our information systems for potential vulnerabilities. To evaluate and prioritize risks, we rely on industry-standard models such as widely adopted risk quantification frameworks like NIST, which help us to identify, measure and prioritize cybersecurity and technology risks and develop related security controls and safeguards. We conduct regular reviews and tests of our information security program and also leverage other exercises (e.g., penetration and vulnerability testing) to evaluate the effectiveness of our information security program and improve our security measures and planning.

While we have not, as of the date of this Form 10-K, experienced a cybersecurity threat or incident that resulted in a material adverse impact to our business or operations, there can be no guarantee that we will not experience such an incident in the future. Such incidents, whether or not successful, could result in our incurring significant costs related to, for example, rebuilding our internal systems, implementing additional threat protection measures, defending against litigation, responding to regulatory inquiries or actions, paying damages, providing customers with incentives to maintain a business relationship with us, or taking other remedial steps with respect to third parties, as well as incurring significant reputational harm. We also recognize that the dynamic and evolving nature of cybersecurity threats requires a proactive and adaptive approach to our defenses, continuously assessing and enhancing our tools and strategies.

Cybersecurity Risk Management Processes Integrated [Flag]

true

Cybersecurity Risk Management Processes Integrated [Text Block]

We have an information security program designed to identify, protect, detect and respond to and manage reasonably foreseeable cybersecurity risks and threats. To protect our information systems from cybersecurity threats, we use various security tools that help prevent, identify, escalate, investigate, resolve and recover from identified vulnerabilities and security incidents in a timely manner. These include, but are not limited to, internal reporting, monitoring and detection tools.

We regularly assess risks from cybersecurity and technology threats and monitor our information systems for potential vulnerabilities. To evaluate and prioritize risks, we rely on industry-standard models such as widely adopted risk quantification frameworks like NIST, which help us to identify, measure and prioritize cybersecurity and technology risks and develop related security controls and safeguards. We conduct regular reviews and tests of our information security program and also leverage other exercises (e.g., penetration and vulnerability testing) to evaluate the effectiveness of our information security program and improve our security measures and planning.

Cybersecurity Risk Management Third Party Engaged [Flag]

true

Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag]

false

Cybersecurity Risk Board of Directors Oversight [Text Block]

The Board oversees our enterprise risk assessment, where key risks within the company are assessed, including security and technology risks and cybersecurity threats. The Audit Committee oversees our cybersecurity risk, receives regular reports from our Chief People and IT Officer on various cybersecurity matters, including risk assessments, mitigation strategies, areas of emerging risks, incidents and industry trends, other areas of importance and provides further reporting on these topics to the Board.

Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block]

Audit Committee

Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block]

The Audit Committee oversees our cybersecurity risk, receives regular reports from our Chief People and IT Officer on various cybersecurity matters, including risk assessments, mitigation strategies, areas of emerging risks, incidents and industry trends, other areas of importance and provides further reporting on these topics to the Board

Cybersecurity Risk Role of Management [Text Block]

This dual focus on technology and organizational resilience leverages her expertise in managing complex, interconnected risks at the nexus of people and systems. Team members who support our information security program have relevant educational and industry experience. The team provides regular reports to senior management on various cybersecurity threats, assessments and findings.

Cybersecurity Risk Management Positions or Committees Responsible [Flag]

true

Cybersecurity Risk Management Positions or Committees Responsible [Text Block]

Chief People and IT Officer

Cybersecurity Risk Management Expertise of Management Responsible [Text Block]

Team members who support our information security program have relevant educational and industry experience.

Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block]

We regularly assess risks from cybersecurity and technology threats and monitor our information systems for potential vulnerabilities. To evaluate and prioritize risks, we rely on industry-standard models such as widely adopted risk quantification frameworks like NIST, which help us to identify, measure and prioritize cybersecurity and technology risks and develop related security controls and safeguards. We conduct regular reviews and tests of our information security program and also leverage other exercises (e.g., penetration and vulnerability testing) to evaluate the effectiveness of our information security program and improve our security measures and planning.

Our Chief People and IT Officer oversees our information security program, which provides greater alignment of IT initiative with enterprise-wide risk management strategies. This dual focus on technology and organizational resilience leverages her expertise in managing complex, interconnected risks at the nexus of people and systems. Team members who support our information security program have relevant educational and industry experience. The team provides regular reports to senior management on various cybersecurity threats, assessments and findings.

Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag]

true