XML 44 R31.htm IDEA: XBRL DOCUMENT v3.25.4
Cybersecurity Risk Management and Strategy Disclosure
12 Months Ended
Dec. 31, 2025
Cybersecurity Risk Management, Strategy, and Governance [Line Items]  
Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]
Rapidly evolving threats to the cybersecurity landscape necessitate ongoing efforts to manage the risk of unauthorized access to the Company’s information systems and devices, including those of the Company and of third-party providers. The Company is subject to laws and rules issued by multiple government agencies concerning safeguarding and maintaining the confidentiality of its security, customer and business information. The Company employs various aspects of risk assessment regularly, and to the extent possible, continuously. Further, the Company uses a defense in depth, or layered, approach to strengthen the security environment and mitigate the impact of any potential threats. Cybersecurity risks are strategically managed under the leadership of the Vice President, IT Operations and Security, who has achieved preeminent certification as a Certified Information Security Manager (CISM) and Certified Cloud Security Professional (CCSP) and has served as the most senior IT resource in many different roles.
Management regularly assesses new and emerging risks by keeping apprised of current events and actual or anticipated threats within the industry and the overall security environment, which are used along with a risk-based approach to plan and implement changes or improvements to the security environment. The Company has engaged independent experts to assess the security environment for potential vulnerabilities or weaknesses and has plans for future engagements periodically to supplement the expertise and processes established within the Company. Thorough updates are provided to the board of directors quarterly by the Vice President, IT Operations and Security. The directors may ask questions or engage in further discussion related to the security environment.
Employees are one of our most valuable resources, and it is essential that education, particularly related to social engineering, is persistent and relevant. The Company requires ongoing cybersecurity awareness training for all employees, including weekly simulated emails to test the knowledge and reaction of employees. The training is customized based on actual events or anticipated emerging threats, keeping the education applicable and purposeful.
The Company utilizes various continuous monitoring methods for identification and notification of attempted unauthorized system access. Tools deployed throughout the Company track these attempts, allowing for trend analysis and strategic adaptation. The Company has also established an incident response policy that thoroughly and systematically documents the Company’s response and assigns responsibility to facilitate timely, organized and appropriate action during a security event or incident, including assessment of the impact and materiality of the event or incident. Incident management is led by the Security Incident Response Team, under the primary leadership of the Vice President, IT Operations and Security, in which the process is categorized by the detection, analysis, containment, eradication and recovery phases and is inclusive of post-incident activities.
Cybersecurity Risk Management Processes Integrated [Flag] true
Cybersecurity Risk Management Processes Integrated [Text Block] The Company employs various aspects of risk assessment regularly, and to the extent possible, continuously. Further, the Company uses a defense in depth, or layered, approach to strengthen the security environment and mitigate the impact of any potential threats.
Cybersecurity Risk Management Third Party Engaged [Flag] true
Cybersecurity Risk Third Party Oversight and Identification Processes [Flag] true
Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag] false
Cybersecurity Risk Board of Directors Oversight [Text Block] Thorough updates are provided to the board of directors quarterly by the Vice President, IT Operations and Security. The directors may ask questions or engage in further discussion related to the security environment.
Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block] Thorough updates are provided to the board of directors quarterly by the Vice President, IT Operations and Security. The directors may ask questions or engage in further discussion related to the security environment.
Cybersecurity Risk Role of Management [Text Block] Cybersecurity risks are strategically managed under the leadership of the Vice President, IT Operations and Security, who has achieved preeminent certification as a Certified Information Security Manager (CISM) and Certified Cloud Security Professional (CCSP) and has served as the most senior IT resource in many different roles. Management regularly assesses new and emerging risks by keeping apprised of current events and actual or anticipated threats within the industry and the overall security environment, which are used along with a risk-based approach to plan and implement changes or improvements to the security environment.
Cybersecurity Risk Management Positions or Committees Responsible [Flag] true
Cybersecurity Risk Management Positions or Committees Responsible [Text Block] Cybersecurity risks are strategically managed under the leadership of the Vice President, IT Operations and Security, who has achieved preeminent certification as a Certified Information Security Manager (CISM) and Certified Cloud Security Professional (CCSP) and has served as the most senior IT resource in many different roles.
Cybersecurity Risk Management Expertise of Management Responsible [Text Block] Cybersecurity risks are strategically managed under the leadership of the Vice President, IT Operations and Security, who has achieved preeminent certification as a Certified Information Security Manager (CISM) and Certified Cloud Security Professional (CCSP) and has served as the most senior IT resource in many different roles.
Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block] Management regularly assesses new and emerging risks by keeping apprised of current events and actual or anticipated threats within the industry and the overall security environment, which are used along with a risk-based approach to plan and implement changes or improvements to the security environment. The Company has also established an incident response policy that thoroughly and systematically documents the Company’s response and assigns responsibility to facilitate timely, organized and appropriate action during a security event or incident, including assessment of the impact and materiality of the event or incident. Incident management is led by the Security Incident Response Team, under the primary leadership of the Vice President, IT Operations and Security, in which the process is categorized by the detection, analysis, containment, eradication and recovery phases and is inclusive of post-incident activities
Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag] true