XML 44 R28.htm IDEA: XBRL DOCUMENT v3.25.0.1
Cybersecurity Risk Management and Strategy Disclosure
 12 Months Ended
Dec. 31, 2024
Cybersecurity Risk Management, Strategy, and Governance [Line Items]  
Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]

We recognize the importance of assessing, identifying, reviewing and managing material risks associated with cybersecurity threats, as such term is defined in Item 106(a) of Regulation S-K. These risks include, among other things: operational and legal risks including intellectual property theft or loss, fraud, extortion, harm to employees or customers and violation of data privacy or security laws. Our framework is informed in part by the National Institute of Standards and Technology (NIST) Cybersecurity Framework, although this does not imply that we meet all technical standards, specifications or requirements under NIST.

We have an enterprise-wide information security program designed to identify, protect against, detect, respond to and recover from cybersecurity risks, threats and events. Our cyber risk management system contributes significantly to the overall resilience and integrity of our business by, among other things, integrating the risk identification process in all major company initiatives and deployment processes, implementing a unified approach to managing both digital and traditional business risks, making continuous improvements and regularly reporting to management and the Board of Directors as a whole to ensure accountability.

We regularly assess risks from cybersecurity and technology threats and monitor our information systems for potential vulnerabilities. We and certain third parties conduct regular reviews and tests of our information security program and also leverage, among other things, audits, tabletop exercises, penetration and vulnerability testing, cybersecurity maturity assessments, simulations and other exercises to evaluate the effectiveness of our information security program and improve our security measures and planning. In addition, we evaluate third-party risks and perform third-party risk management to assess, identify and mitigate risks from third parties such as vendors, suppliers and other business partners.

We have experienced cyber-attacks or other malicious activities that disrupted our business in the past. Any future failure or disruption of our information technology infrastructure and communications systems or those of third parties that we use in our operations could harm our business in the future.

We describe whether and how risks from identified cybersecurity threats, including, but not limited to, as a result of any previous cybersecurity incidents, have materially affected or are reasonably likely to materially affect us, including our business strategy, results of operations or financial condition included as part of our risk factor disclosures at Item 1A of this Annual Report on Form 10-K.
Cybersecurity Risk Management Processes Integrated [Flag] true
Cybersecurity Risk Management Processes Integrated [Text Block]

We have an enterprise-wide information security program designed to identify, protect against, detect, respond to and recover from cybersecurity risks, threats and events. Our cyber risk management system contributes significantly to the overall resilience and integrity of our business by, among other things, integrating the risk identification process in all major company initiatives and deployment processes, implementing a unified approach to managing both digital and traditional business risks, making continuous improvements and regularly reporting to management and the Board of Directors as a whole to ensure accountability.
Cybersecurity Risk Management Third Party Engaged [Flag] true
Cybersecurity Risk Third Party Oversight and Identification Processes [Flag] true
Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag] false
Cybersecurity Risk Board of Directors Oversight [Text Block] In addition, the Board of Directors is regularly briefed, no less frequently than quarterly, on cybersecurity risks as part of its oversight functions and to ensure that cybersecurity practices align with the company’s overall risk management framework and business objectives.
Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block] Board of Directors
Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block] In addition, the Board of Directors is regularly briefed, no less frequently than quarterly, on cybersecurity risks as part of its oversight functions and to ensure that cybersecurity practices align with the company’s overall risk management framework and business objectives.
Cybersecurity Risk Role of Management [Text Block]

The Chief Information Security Officer (“CISO”) leads our information security organization responsible for overseeing our information security program. Our CISO has over 25 years of experience in various roles involving information security, including risk management and security leadership. Team members who support our information security program have relevant education, professional certifications and industry experience, including but not limited to, holding similar positions at large technology companies. The team provides regular reports, no less frequently than monthly, to senior management and other relevant teams, including, but not limited to, the Chief Executive Officer (“CEO”), Chief Operating Officer (“COO”), Chief Information Officer (“CIO”) and Chief Legal Officer (“CLO”).

Preparation for and, where possible prevention of cybersecurity incidents involves regular and structured briefings to key management on risk remediation measures that should be taken to decrease, among other things, the likelihood and severability of incidents and to mitigate and manage their effects. The CEO, COO, CIO, CLO and other members of management receive detailed updates on cybersecurity risks on a regular basis, no less frequently than monthly, or when significant risks or incidents are identified. These briefings enable the management team to, among other things, stay informed of the latest threats, assess the effectiveness of current security measures and make timely decisions on strategic security initiatives. In addition, the Board of Directors is regularly briefed, no less frequently than quarterly, on cybersecurity risks as part of its oversight functions and to ensure that cybersecurity practices align with the company’s overall risk management framework and business objectives.

Cybersecurity Risk Management Positions or Committees Responsible [Flag] true
Cybersecurity Risk Management Positions or Committees Responsible [Text Block] Chief Information Security Officer
Cybersecurity Risk Management Expertise of Management Responsible [Text Block] Our CISO has over 25 years of experience in various roles involving information security, including risk management and security leadership. Team members who support our information security program have relevant education, professional certifications and industry experience, including but not limited to, holding similar positions at large technology companies.
Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block] In addition, the Board of Directors is regularly briefed, no less frequently than quarterly, on cybersecurity risks as part of its oversight functions and to ensure that cybersecurity practices align with the company’s overall risk management framework and business objectives
Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag] true