|
Cybersecurity Risk Management and Strategy Disclosure
|12 Months Ended
Dec. 31, 2024
|Cybersecurity Risk Management, Strategy, and Governance [Line Items]
|Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]
|
Cybersecurity Risk Management and Strategy
The Company’s risk management program for cybersecurity is integrated into our risk management and general compliance programs and processes. Our cybersecurity program utilizes a layered, defense-in-depth strategy to identify and mitigate cybersecurity threats. Our Information Security Officer ("ISO") is responsible for the day-to-day management of the Company’s global information security program, which includes defining policies and procedures to safeguard our information systems and data, conducting vulnerability, threat and third-party information security assessments, information security event management (i.e., responding to ransomware and other cyber-attacks, business continuity and recovery), evaluating external cyber intelligence, supporting industry cybersecurity efforts and working with governmental agencies. The information security team also develops training for employees to support adherence to the Company’s policies and procedures, along with increasing awareness of cyber-related risk. The personnel training includes, but is not limited to, mandatory onboarding training, phishing simulations with automated remediation training, table-top incident response exercises, and educational intranet posting and email campaigns.
The Company leverages the U.S. Department of Commerce’s National Institute of Standards and Technology Cybersecurity Framework ("the NIST Framework") as the foundation of its global information security program. The NIST Framework provides standards, guidelines, and practices for organizations to better manage and reduce cybersecurity risk and is designed to foster risk and cybersecurity management communications amongst both internal and external organizational stakeholders. The Company’s ISO works with independent, third-party consultants to assess the maturity of the Company’s cybersecurity program within the NIST Framework and to develop strategic areas of focus for the Company’s program commensurate with the Company’s business objectives.
As part of the Company’s information security program, we leverage both internal and external assessments and partnerships with industry leaders to help approach information security company-wide. Additionally, we maintain a comprehensive program that defines standards for the planning, sourcing, management, and oversight of third-party relationships and third-party access to our system, facilities, and/or confidential or proprietary data.Cybersecurity incidents may create risk to the Company that may impact its reputation, financial performance, ability to operate safely or at all, and the value of its intellectual property. Like most corporations, the Company is the target of industrial espionage, including cyberattacks, from time to time. The Company has determined that these incidents have resulted, and could result in the future, in unauthorized parties gaining access to certain confidential business information. However, to date, the Company has not experienced any known cybersecurity incidents that have materially affected the Company, including the Company's results of operations and financial condition, changes in the competitive environment, business operations and strategy. Although management does not believe that the Company has experienced any material losses to date related to cybersecurity incidents, there can be no assurance that the Company will not suffer such losses in the future.
|Cybersecurity Risk Management Processes Integrated [Flag]
|true
|Cybersecurity Risk Management Processes Integrated [Text Block]
|
The Company’s risk management program for cybersecurity is integrated into our risk management and general compliance programs and processes. Our cybersecurity program utilizes a layered, defense-in-depth strategy to identify and mitigate cybersecurity threats. Our Information Security Officer ("ISO") is responsible for the day-to-day management of the Company’s global information security program, which includes defining policies and procedures to safeguard our information systems and data, conducting vulnerability, threat and third-party information security assessments, information security event management (i.e., responding to ransomware and other cyber-attacks, business continuity and recovery), evaluating external cyber intelligence, supporting industry cybersecurity efforts and working with governmental agencies. The information security team also develops training for employees to support adherence to the Company’s policies and procedures, along with increasing awareness of cyber-related risk. The personnel training includes, but is not limited to, mandatory onboarding training, phishing simulations with automated remediation training, table-top incident response exercises, and educational intranet posting and email campaigns.
|Cybersecurity Risk Management Third Party Engaged [Flag]
|true
|Cybersecurity Risk Third Party Oversight and Identification Processes [Flag]
|true
|Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag]
|false
|Cybersecurity Risk Board of Directors Oversight [Text Block]
|
Cybersecurity Governance
The Audit Committee and Risk Committee of the Board of Directors provide oversight of Company cybersecurity risks. The Risk Committee conducts a minimum of one cybersecurity program update per year, including a review of capital spend, budget, and staffing, as well as periodic reports on cybersecurity threats, awareness training, and key risk indicators related to the Company’s progress on risk mitigation activities. Annually, the Audit Committee reviews and recommends to the Board approval of management's recommendations on cybersecurity insurance. The Risk Committee reviews the Company’s oversight related to cybersecurity risks, to ensure that Board oversight of such risks remains appropriate and that risks are appropriately managed.
The Company’s Chief Information Officer ("CIO") oversees the Company’s information technology programs and investments. The Company’s CIO has over 20 years of information technology experience, including ten years in various information technology leadership roles. Our CIO holds a Bachelor of Science in Information Technology. The Company’s Chief Security Officer ("CSO") reports to the Chief Risk Officer and oversees the Company’s information security programs. The CSO possesses over 20 years of Information Security and Technology experience.
Our Risk Management Committee, which includes the Company’s Chief Risk Officer (Chair), Director of Risk Management and CSO, assesses and monitors the effectiveness of the Company’s cybersecurity risk management program. The Company’s internal audit function also performs independent reviews and validation of the program, including policies and procedures as determined by their annual risk assessment.
Both the CIO and CSO regularly report to the Board's Risk Committee on the Company’s identification, prevention, detection, mitigation and remediation of cybersecurity risks and incidents. In 2024, the Risk Committee reviewed the Company’s cybersecurity program and maturity assessment, provided regular oversight of cybersecurity risks, with cybersecurity discussions and dashboard reviews of key performance indicators and risks during the course of the year. With respect to specific incidents, the Company leverages an incident response framework to elevate and evaluate specific incidents to the CIO and CSO, along with the Company’s senior leadership, including the finance, compliance, and legal functions. In the event of a potentially material cybersecurity incident, the Risk Committee would be immediately notified and briefed.
In January 2025, the Company hired a Chief Technology Officer ("CTO"), who oversees the Company’s information technology programs and investments. The CTO now encompasses the responsibilities previously held by the Chief Information Officer.
|Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block]
|The Audit Committee and Risk Committee of the Board of Directors provide oversight of Company cybersecurity risks.
|Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block]
|The Risk Committee conducts a minimum of one cybersecurity program update per year
|Cybersecurity Risk Role of Management [Text Block]
|
The Company’s Chief Information Officer ("CIO") oversees the Company’s information technology programs and investments. The Company’s CIO has over 20 years of information technology experience, including ten years in various information technology leadership roles. Our CIO holds a Bachelor of Science in Information Technology. The Company’s Chief Security Officer ("CSO") reports to the Chief Risk Officer and oversees the Company’s information security programs. The CSO possesses over 20 years of Information Security and Technology experience.
Our Risk Management Committee, which includes the Company’s Chief Risk Officer (Chair), Director of Risk Management and CSO, assesses and monitors the effectiveness of the Company’s cybersecurity risk management program. The Company’s internal audit function also performs independent reviews and validation of the program, including policies and procedures as determined by their annual risk assessment.
|Cybersecurity Risk Management Positions or Committees Responsible [Flag]
|true
|Cybersecurity Risk Management Positions or Committees Responsible [Text Block]
|
The Audit Committee and Risk Committee of the Board of Directors provide oversight of Company cybersecurity risks. The Risk Committee conducts a minimum of one cybersecurity program update per year, including a review of capital spend, budget, and staffing, as well as periodic reports on cybersecurity threats, awareness training, and key risk indicators related to the Company’s progress on risk mitigation activities. Annually, the Audit Committee reviews and recommends to the Board approval of management's recommendations on cybersecurity insurance. The Risk Committee reviews the Company’s oversight related to cybersecurity risks, to ensure that Board oversight of such risks remains appropriate and that risks are appropriately managed.
The Company’s Chief Information Officer ("CIO") oversees the Company’s information technology programs and investments. The Company’s CIO has over 20 years of information technology experience, including ten years in various information technology leadership roles. Our CIO holds a Bachelor of Science in Information Technology. The Company’s Chief Security Officer ("CSO") reports to the Chief Risk Officer and oversees the Company’s information security programs. The CSO possesses over 20 years of Information Security and Technology experience.
Our Risk Management Committee, which includes the Company’s Chief Risk Officer (Chair), Director of Risk Management and CSO, assesses and monitors the effectiveness of the Company’s cybersecurity risk management program. The Company’s internal audit function also performs independent reviews and validation of the program, including policies and procedures as determined by their annual risk assessment.
|Cybersecurity Risk Management Expertise of Management Responsible [Text Block]
|The Company’s Chief Information Officer ("CIO") oversees the Company’s information technology programs and investments. The Company’s CIO has over 20 years of information technology experience, including ten years in various information technology leadership roles. Our CIO holds a Bachelor of Science in Information Technology. The Company’s Chief Security Officer ("CSO") reports to the Chief Risk Officer and oversees the Company’s information security programs. The CSO possesses over 20 years of Information Security and Technology experience.
|Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block]
|The Risk Committee conducts a minimum of one cybersecurity program update per year, including a review of capital spend, budget, and staffing, as well as periodic reports on cybersecurity threats, awareness training, and key risk indicators related to the Company’s progress on risk mitigation activities. Annually, the Audit Committee reviews and recommends to the Board approval of management's recommendations on cybersecurity insurance. The Risk Committee reviews the Company’s oversight related to cybersecurity risks, to ensure that Board oversight of such risks remains appropriate and that risks are appropriately managed.
|Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag]
|true
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef