|
Risk Management and Strategy
|12 Months Ended
Dec. 31, 2024
|Cybersecurity Risk Management, Strategy, and Governance [Abstract]
|Risk Management and Strategy
|
Risk Management and Strategy. Our cybersecurity program is built upon the National Institute for Standards and Technology (“NIST”), International Organization for Standardization (“ISO”) and other best practice frameworks. We employ processes for assessing, identifying, and managing material risks from cybersecurity threats, including engagement of an independent cybersecurity consultant to audit our systems and procedures, make recommendations for improvement and monitor remediation of any identified risks. We also conduct random vulnerability testing including network penetration, phishing and social engineering tests. In addition, we also request Systems and Organization Control (“SOC”) type reports from several of our service providers including our payroll and human resources system provider and stock administration provider. In addition, we provide awareness training to our employees to help identify, avoid and mitigate cybersecurity threats and to remind them of the importance of handling and protecting our information.
Although we develop and maintain systems and controls designed to prevent cybersecurity breaches from occurring, and we have a process to identify and mitigate threats, the development and maintenance of these systems, controls and processes is costly and requires ongoing monitoring and updating as technologies change and efforts to overcome security measures become increasingly sophisticated. Moreover, despite our efforts, the possibility of a breach occurring cannot be eliminated entirely. As we outsource more of our information systems to vendors, engage in more electronic transactions with service customers and vendors, and rely more on cloud-based information systems, the related security risks will increase and we will need to expend additional resources to protect our technology and information systems. In addition, there can be no assurance that our internal information technology systems or those of our third-party contractors, or our consultants’ efforts to implement adequate security and control measures, will be sufficient to protect us against breakdowns, service disruption, data deterioration or loss in the event of a system malfunction, or prevent data from being stolen or corrupted in the event of a cyberattack, security breach, industrial espionage attacks or insider threat attacks which could result in financial, legal, business or reputational harm.
As of the date of this report, we are not aware of cybersecurity threats, including as a result of any previous cybersecurity incidents, that have materially affected or are reasonably likely to materially affect us, including our business strategy, results of operations, or financial condition.
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef