|
Cybersecurity Risk Management and Strategy Disclosure
|12 Months Ended
Dec. 31, 2024
|Cybersecurity Risk Management, Strategy, and Governance [Line Items]
|Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]
|
We utilize an internal cross-departmental approach to addressing cybersecurity risk, including input from employees, Senior Management, and our Board of Directors. A cross functional Senior Management Cybersecurity Steering Committee devotes resources to cybersecurity and risk management to adapt to the changing cybersecurity landscape and respond to emerging threats in a timely and effective manner. Our cybersecurity risk management program is based on the National Institute of Standards and Technology (“NIST”) framework, which organizes cybersecurity risks into five categories: identify, protect, detect, respond, and recover. We regularly assess the threat landscape and take a holistic view of cybersecurity risks, with a layered cybersecurity strategy based on prevention, detection, and mitigation. Our information technology (“IT”) team reviews enterprise risk management-level cybersecurity risks annually, and risks are incorporated into the Enterprise Risk Management Committee framework. In addition, we have a set of Company-wide policies and procedures concerning cybersecurity matters, which include several IT Security policies as well as other policies that directly or indirectly relate to cybersecurity, which address topics related to encryption standards, antivirus protection, remote access, multifactor authentication, confidential information and the use of the internet, social media, email, and networked devices. These policies go through an internal review process and are approved by appropriate members of management.
Our Director of Cybersecurity in cooperation with the Chief Information Officer is responsible for developing and implementing our information security program and reporting on cybersecurity matters to our internal Cybersecurity Steering Committee. Our Director of Cybersecurity has over 20 years of experience leading cybersecurity oversight and holds cybersecurity certifications such as the CISSP (“Certified Information Systems Security Professional”).
We periodically perform simulations to test employees and provide any necessary remedial training. All employees are required to complete cybersecurity training at least once a year and have access to more frequent cybersecurity training online. We may also require employees in certain roles to complete additional role-based, specialized cybersecurity training. We continue to expand investments in IT security, taking a multi-layered security approach, which includes additional end-user training, improving security defenses, network segmentation, identifying and protecting critical assets, strengthening monitoring, and alerting, and leveraging industry experts where available.
We regularly test defenses by performing simulations and drills at both a technical level (including through penetration tests) and by reviewing our operational policies and procedures with third-party experts. At the management level, our IT security team monitors alerts and meets to discuss threat levels, trends, and remediation. Our IT team also regularly collects data on cybersecurity threats and risk areas and conducts a periodic risk assessment. Further, we conduct external penetration tests and maturity testing to assess our processes and procedures and the threat landscape. These tests and assessments are useful tools for maintaining a robust cybersecurity program to protect our investors, customers, employees, vendors, and intellectual property.In addition to assessing our own cybersecurity preparedness, we also consider and evaluate cybersecurity risks associated with the use of third-party service providers. Our internal business owners of the hosted applications are required to document user access reviews at least annually and provide from the vendor a System and Organization Controls (“SOC”) 1 or SOC 2 report.
|Cybersecurity Risk Management Processes Integrated [Flag]
|true
|Cybersecurity Risk Management Processes Integrated [Text Block]
|We utilize an internal cross-departmental approach to addressing cybersecurity risk, including input from employees, Senior Management, and our Board of Directors. A cross functional Senior Management Cybersecurity Steering Committee devotes resources to cybersecurity and risk management to adapt to the changing cybersecurity landscape and respond to emerging threats in a timely and effective manner. Our cybersecurity risk management program is based on the National Institute of Standards and Technology (“NIST”) framework, which organizes cybersecurity risks into five categories: identify, protect, detect, respond, and recover. We regularly assess the threat landscape and take a holistic view of cybersecurity risks, with a layered cybersecurity strategy based on prevention, detection, and mitigation.
|Cybersecurity Risk Management Third Party Engaged [Flag]
|true
|Cybersecurity Risk Third Party Oversight and Identification Processes [Flag]
|true
|Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag]
|false
|Cybersecurity Risk Board of Directors Oversight [Text Block]
|The Audit Committee and the Board actively participate in discussions with management and amongst themselves regarding cybersecurity risks. The Audit Committee’s semi-annual cybersecurity review also includes review of recent enhancements to the Company’s defenses and management’s progress on its cybersecurity strategic roadmap. In addition, the Cybersecurity Steering Committee receives quarterly cybersecurity reports, which include a review of key performance indicators, test results and related remediation, and may discuss recent threats and how the Company is managing those threats.
|Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block]
|The Audit Committee and the Board actively participate in discussions with management and amongst themselves regarding cybersecurity risks. The Audit Committee’s semi-annual cybersecurity review also includes review of recent enhancements to the Company’s defenses and management’s progress on its cybersecurity strategic roadmap. In addition, the Cybersecurity Steering Committee receives quarterly cybersecurity reports, which include a review of key performance indicators, test results and related remediation, and may discuss recent threats and how the Company is managing those threats.
|Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block]
|The Audit Committee and the Board actively participate in discussions with management and amongst themselves regarding cybersecurity risks. The Audit Committee’s semi-annual cybersecurity review also includes review of recent enhancements to the Company’s defenses and management’s progress on its cybersecurity strategic roadmap. In addition, the Cybersecurity Steering Committee receives quarterly cybersecurity reports, which include a review of key performance indicators, test results and related remediation, and may discuss recent threats and how the Company is managing those threats.
|Cybersecurity Risk Role of Management [Text Block]
|
We utilize an internal cross-departmental approach to addressing cybersecurity risk, including input from employees, Senior Management, and our Board of Directors. A cross functional Senior Management Cybersecurity Steering Committee devotes resources to cybersecurity and risk management to adapt to the changing cybersecurity landscape and respond to emerging threats in a timely and effective manner. Our cybersecurity risk management program is based on the National Institute of Standards and Technology (“NIST”) framework, which organizes cybersecurity risks into five categories: identify, protect, detect, respond, and recover. We regularly assess the threat landscape and take a holistic view of cybersecurity risks, with a layered cybersecurity strategy based on prevention, detection, and mitigation. Our information technology (“IT”) team reviews enterprise risk management-level cybersecurity risks annually, and risks are incorporated into the Enterprise Risk Management Committee framework. In addition, we have a set of Company-wide policies and procedures concerning cybersecurity matters, which include several IT Security policies as well as other policies that directly or indirectly relate to cybersecurity, which address topics related to encryption standards, antivirus protection, remote access, multifactor authentication, confidential information and the use of the internet, social media, email, and networked devices. These policies go through an internal review process and are approved by appropriate members of management.
Our Director of Cybersecurity in cooperation with the Chief Information Officer is responsible for developing and implementing our information security program and reporting on cybersecurity matters to our internal Cybersecurity Steering Committee. Our Director of Cybersecurity has over 20 years of experience leading cybersecurity oversight and holds cybersecurity certifications such as the CISSP (“Certified Information Systems Security Professional”).
We periodically perform simulations to test employees and provide any necessary remedial training. All employees are required to complete cybersecurity training at least once a year and have access to more frequent cybersecurity training online. We may also require employees in certain roles to complete additional role-based, specialized cybersecurity training. We continue to expand investments in IT security, taking a multi-layered security approach, which includes additional end-user training, improving security defenses, network segmentation, identifying and protecting critical assets, strengthening monitoring, and alerting, and leveraging industry experts where available.We regularly test defenses by performing simulations and drills at both a technical level (including through penetration tests) and by reviewing our operational policies and procedures with third-party experts. At the management level, our IT security team monitors alerts and meets to discuss threat levels, trends, and remediation. Our IT team also regularly collects data on cybersecurity threats and risk areas and conducts a periodic risk assessment. Further, we conduct external penetration tests and maturity testing to assess our processes and procedures and the threat landscape. These tests and assessments are useful tools for maintaining a robust cybersecurity program to protect our investors, customers, employees, vendors, and intellectual property.
|Cybersecurity Risk Management Positions or Committees Responsible [Flag]
|true
|Cybersecurity Risk Management Positions or Committees Responsible [Text Block]
|
Our Director of Cybersecurity in cooperation with the Chief Information Officer is responsible for developing and implementing our information security program and reporting on cybersecurity matters to our internal Cybersecurity Steering Committee. Our Director of Cybersecurity has over 20 years of experience leading cybersecurity oversight and holds cybersecurity certifications such as the CISSP (“Certified Information Systems Security Professional”).
We periodically perform simulations to test employees and provide any necessary remedial training. All employees are required to complete cybersecurity training at least once a year and have access to more frequent cybersecurity training online. We may also require employees in certain roles to complete additional role-based, specialized cybersecurity training. We continue to expand investments in IT security, taking a multi-layered security approach, which includes additional end-user training, improving security defenses, network segmentation, identifying and protecting critical assets, strengthening monitoring, and alerting, and leveraging industry experts where available.We regularly test defenses by performing simulations and drills at both a technical level (including through penetration tests) and by reviewing our operational policies and procedures with third-party experts. At the management level, our IT security team monitors alerts and meets to discuss threat levels, trends, and remediation. Our IT team also regularly collects data on cybersecurity threats and risk areas and conducts a periodic risk assessment. Further, we conduct external penetration tests and maturity testing to assess our processes and procedures and the threat landscape. These tests and assessments are useful tools for maintaining a robust cybersecurity program to protect our investors, customers, employees, vendors, and intellectual property.
|Cybersecurity Risk Management Expertise of Management Responsible [Text Block]
|
Our Director of Cybersecurity in cooperation with the Chief Information Officer is responsible for developing and implementing our information security program and reporting on cybersecurity matters to our internal Cybersecurity Steering Committee. Our Director of Cybersecurity has over 20 years of experience leading cybersecurity oversight and holds cybersecurity certifications such as the CISSP (“Certified Information Systems Security Professional”).
|Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block]
|The Audit Committee and the Board actively participate in discussions with management and amongst themselves regarding cybersecurity risks. The Audit Committee’s semi-annual cybersecurity review also includes review of recent enhancements to the Company’s defenses and management’s progress on its cybersecurity strategic roadmap. In addition, the Cybersecurity Steering Committee receives quarterly cybersecurity reports, which include a review of key performance indicators, test results and related remediation, and may discuss recent threats and how the Company is managing those threats.
|Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag]
|true
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef