|
Cybersecurity Risk Management and Strategy Disclosure
|12 Months Ended
Dec. 31, 2024
|Cybersecurity Risk Management, Strategy, and Governance [Line Items]
|Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]
|
Risk management and strategy
The Company’s enterprise risk management (“ERM”) program includes assessing, identifying and managing material risks from various sources, including those related to cybersecurity. The Company uses information from incident history, threat intelligence, formal and informal security networks, government information sharing and recognized information security frameworks to inform its cybersecurity risk management approach.
The Company’s cybersecurity risk management processes incorporate multiple layers of security to help identify and protect against cybersecurity threats including a dedicated cybersecurity team, technical security controls, policy enforcement, monitoring systems, employee training, contractual arrangements and management oversight. Given the dynamic nature of the cyber-threat environment, the Company engages with third-party assessors, consultants and others from time to time on various cyber-related matters, including assessing, enhancing, advising and monitoring the Company's cybersecurity risk management process.
The Company maintains a vendor risk management program designed to help identify and manage risks associated with third-party service providers, including a risk-based approach to identifying and monitoring cybersecurity threats presented by certain third-party service providers, with management retaining responsibility for oversight of cybersecurity threats. The Company maintains an incident response plan that includes escalation criteria and preliminary materiality assessments to guide reporting and disclosure objectives.
The Company describes risks related to cybersecurity threats that could materially impact its business strategy, results of operations or financial condition in Item 1A. “Risk Factors” of this Annual Report on Form 10-K.
|Cybersecurity Risk Management Processes Integrated [Flag]
|true
|Cybersecurity Risk Management Processes Integrated [Text Block]
|
The Company’s enterprise risk management (“ERM”) program includes assessing, identifying and managing material risks from various sources, including those related to cybersecurity. The Company uses information from incident history, threat intelligence, formal and informal security networks, government information sharing and recognized information security frameworks to inform its cybersecurity risk management approach.
The Company’s cybersecurity risk management processes incorporate multiple layers of security to help identify and protect against cybersecurity threats including a dedicated cybersecurity team, technical security controls, policy enforcement, monitoring systems, employee training, contractual arrangements and management oversight. Given the dynamic nature of the cyber-threat environment, the Company engages with third-party assessors, consultants and others from time to time on various cyber-related matters, including assessing, enhancing, advising and monitoring the Company's cybersecurity risk management process.
|Cybersecurity Risk Management Third Party Engaged [Flag]
|true
|Cybersecurity Risk Third Party Oversight and Identification Processes [Flag]
|true
|Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag]
|false
|Cybersecurity Risk Board of Directors Oversight [Text Block]
|
Governance
Management is responsible for assessing and managing risk at the Company, including communicating key risks to the Board of Directors and its committees. The Board of Directors has primary responsibility for risk oversight, with a focus on the most significant risks facing the Company. With respect to cybersecurity risks, the Audit Committee of the Board of Directors (“Audit Committee”) provides oversight for matters specifically relating to cybersecurity and other risks related to information technology systems and procedures, including but not limited to data security and privacy.
Management leverages the collective expertise of the Company’s information security function which reports to the Chief Financial Officer through the Company’s Chief Information Security Officer (“CISO”). The CISO has served in this position for the Company since 2017, holds various relevant credentials including CISSP (Certified Information Systems Security Professional), and has extensive cybersecurity and privacy experience having served in information technology roles for over 35 years and cybersecurity leadership roles for 15 years. The CISO reports to the Audit Committee quarterly on information security matters, including, among other things, the Company’s cyber risks and threats, any incidents or events, the status of projects to further strengthen the Company’s information security systems, assessments of the Company’s security program and the emerging regulatory and threat landscape. The CISO also briefs the full Board of Directors on cybersecurity matters at least annually.
As described above, management informs the Audit Committee about prevention, detection, mitigation, resolution, and remediation of cybersecurity incidents quarterly and monitors such matters continuously. The Audit Committee reviews and discusses with management the quality and effectiveness of the Company’s efforts to mitigate such risks and reports such findings to the Board of Directors.
|Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block]
|With respect to cybersecurity risks, the Audit Committee of the Board of Directors (“Audit Committee”) provides oversight for matters specifically relating to cybersecurity and other risks related to information technology systems and procedures, including but not limited to data security and privacy.
|Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block]
|The CISO reports to the Audit Committee quarterly on information security matters, including, among other things, the Company’s cyber risks and threats, any incidents or events, the status of projects to further strengthen the Company’s information security systems, assessments of the Company’s security program and the emerging regulatory and threat landscape. The CISO also briefs the full Board of Directors on cybersecurity matters at least annually.As described above, management informs the Audit Committee about prevention, detection, mitigation, resolution, and remediation of cybersecurity incidents quarterly and monitors such matters continuously. The Audit Committee reviews and discusses with management the quality and effectiveness of the Company’s efforts to mitigate such risks and reports such findings to the Board of Directors
|Cybersecurity Risk Role of Management [Text Block]
|
Management is responsible for assessing and managing risk at the Company, including communicating key risks to the Board of Directors and its committees. The Board of Directors has primary responsibility for risk oversight, with a focus on the most significant risks facing the Company. With respect to cybersecurity risks, the Audit Committee of the Board of Directors (“Audit Committee”) provides oversight for matters specifically relating to cybersecurity and other risks related to information technology systems and procedures, including but not limited to data security and privacy.
Management leverages the collective expertise of the Company’s information security function which reports to the Chief Financial Officer through the Company’s Chief Information Security Officer (“CISO”). The CISO has served in this position for the Company since 2017, holds various relevant credentials including CISSP (Certified Information Systems Security Professional), and has extensive cybersecurity and privacy experience having served in information technology roles for over 35 years and cybersecurity leadership roles for 15 years. The CISO reports to the Audit Committee quarterly on information security matters, including, among other things, the Company’s cyber risks and threats, any incidents or events, the status of projects to further strengthen the Company’s information security systems, assessments of the Company’s security program and the emerging regulatory and threat landscape. The CISO also briefs the full Board of Directors on cybersecurity matters at least annually.
|Cybersecurity Risk Management Positions or Committees Responsible [Flag]
|true
|Cybersecurity Risk Management Positions or Committees Responsible [Text Block]
|With respect to cybersecurity risks, the Audit Committee of the Board of Directors (“Audit Committee”) provides oversight for matters specifically relating to cybersecurity and other risks related to information technology systems and procedures, including but not limited to data security and privacy.Management leverages the collective expertise of the Company’s information security function which reports to the Chief Financial Officer through the Company’s Chief Information Security Officer (“CISO”).
|Cybersecurity Risk Management Expertise of Management Responsible [Text Block]
|Management leverages the collective expertise of the Company’s information security function which reports to the Chief Financial Officer through the Company’s Chief Information Security Officer (“CISO”). The CISO has served in this position for the Company since 2017, holds various relevant credentials including CISSP (Certified Information Systems Security Professional), and has extensive cybersecurity and privacy experience having served in information technology roles for over 35 years and cybersecurity leadership roles for 15 years.
|Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block]
|The CISO reports to the Audit Committee quarterly on information security matters, including, among other things, the Company’s cyber risks and threats, any incidents or events, the status of projects to further strengthen the Company’s information security systems, assessments of the Company’s security program and the emerging regulatory and threat landscape. The CISO also briefs the full Board of Directors on cybersecurity matters at least annually.As described above, management informs the Audit Committee about prevention, detection, mitigation, resolution, and remediation of cybersecurity incidents quarterly and monitors such matters continuously.
|Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag]
|true
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef