|
Cybersecurity Risk Management and Strategy Disclosure
|12 Months Ended
Dec. 31, 2024
|Cybersecurity Risk Management, Strategy, and Governance [Abstract]
|Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]
|
Item 1C. Cybersecurity
Risk management and strategy
Managing Material Risks & Integrated Overall Risk Management
We have developed and continue to develop processes, including those intended to follow an internal Information Technology (IT) Security Policy, which seek to assess, identify, and manage material risks from cybersecurity threats to the IT systems and information that we create, use, transmit, receive, and maintain. We also maintain an evolving cybersecurity roadmap for our future cybersecurity plans. The processes for assessing, identifying, and managing material risks from cybersecurity threats, including threats associated with our use of third-party service providers, include our efforts to identify the relevant assets that could be affected, determine possible threat sources and threat events, assess threats based on their potential likelihood and impact, and identify controls that are in place or necessary to manage and/or mitigate such risks. In furtherance of our cybersecurity policies and procedures, our IT team has a monthly IT Steering committee meeting, chaired by our Chief Financial Officer (“CFO”) and Chief Strategy Officer, where all new IT projects include a cybersecurity component.
Engage Third-parties on Risk Management
, including consultants, auditors, and cybersecurity assessors, who assist us in evaluating and testing our cybersecurity systems and processes. These partnerships are intended to give us access to specialized knowledge and insights that can inform our cybersecurity strategies and processes, including as to industry-standard control frameworks and applicable regulations, laws, and standards.
Oversee Third-party Risk
Risks from Cybersecurity Threats
and the expenses we have incurred from any security incidents were immaterial. As a result, we do not believe that risks from cybersecurity threats, including as a result of any previous cybersecurity incidents, have materially affected us, our results of operations and financial condition. However, as discussed under “Risk Factors” in Part I, Item 1A of this Annual Report, cybersecurity threats pose multiple and potentially material risks to us, including potentially to our results of operations and financial condition. See also “Risk Factors — Failure to protect our information technology infrastructure against cyber-based attacks, network security breaches, service interruptions, or data corruption could significantly disrupt our operations and adversely affect our business strategy and operating results.” As cybersecurity threats become more frequent, sophisticated, and coordinated, it is reasonably likely that we may expend greater resources to continue to modify and enhance protective measures against such security risks.
|Cybersecurity Risk Management Processes Integrated [Flag]
|true
|Cybersecurity Risk Management Processes Integrated [Text Block]
|We also seek to integrate these processes and policies into our overall enterprise risk management system and processes.
|Cybersecurity Risk Management Third Party Engaged [Flag]
|true
|Cybersecurity Risk Third Party Oversight and Identification Processes [Flag]
|true
|Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag]
|false
|Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Text Block]
|
and the expenses we have incurred from any security incidents were immaterial. As a result, we do not believe that risks from cybersecurity threats, including as a result of any previous cybersecurity incidents, have materially affected us, our results of operations and financial condition. However, as discussed under “Risk Factors” in Part I, Item 1A of this Annual Report, cybersecurity threats pose multiple and potentially material risks to us, including potentially to our results of operations and financial condition. See also “Risk Factors — Failure to protect our information technology infrastructure against cyber-based attacks, network security breaches, service interruptions, or data corruption could significantly disrupt our operations and adversely affect our business strategy and operating results.” As cybersecurity threats become more frequent, sophisticated, and coordinated, it is reasonably likely that we may expend greater resources to continue to modify and enhance protective measures against such security risks.
|Cybersecurity Risk Board of Directors Oversight [Text Block]
|
Governance
Board of Directors Oversight
Our Board of Directors is responsible for exercising oversight of management’s identification and management of, and planning for, risks from cybersecurity threats. While the full Board has overall responsibility for risk oversight, the Board has delegated oversight responsibility related to risks from cybersecurity threats to the Board’s Audit Committee. The Audit Committee discusses with management not less than annually our major financial risk exposures, including those related to data privacy, data security and network security, and management's program to monitor, assess and control such exposures, including our risk assessment and risk management policies. The Audit Committee reports to the Board as necessary with respect to its activities, including making such reports and recommendations to the Board as it deems necessary and appropriate.
Risk Management Personnel
The CISO manages vendor work related to cybersecurity, and has primary responsibility for the evolving cybersecurity roadmap, remediating known risks, and leading our employee training program, pursuant to which we provide annual privacy and security training for all employees. Our security training incorporates awareness of cyber threats (including but not limited to malware, ransomware and social engineering attacks), password hygiene, incident reporting process, as well as physical security best practices. Our management has also developed security policies and processes which include regular system updates and patches, employee training on cybersecurity and privacy requirements, incident reporting, and the use of encryption to secure sensitive information. In addition, we also regularly perform phishing tests of our employees and update our training plan at least annually. We maintain business continuity and disaster recovery capabilities to mitigate interruptions to critical information systems and/or the loss of data and services from the effects of natural or man-made disasters to our physical operations.
Monitor Cybersecurity Incidents
The CISO implements and oversees processes for the regular monitoring of our IT systems. This includes the deployment of security measures to identify potential vulnerabilities. In the event of a cybersecurity incident, the CISO runs an incident response plan. This plan includes actions to mitigate the impact and long-term strategies for remediation and prevention of future incidents.
Reporting to Board of Directors
Furthermore, significant cybersecurity matters, and strategic risk management decisions are escalated to the Board of Directors, which has oversight and may provide guidance on critical cybersecurity issues.
Management’s Role Managing Risk
The role of the Chief Information Security Officer (CISO) has been assigned to our VP, Information Technology, who has more than 20 years of IT experience and reports to the CFO. The CISO and the CFO inform the Audit Committee on cybersecurity risks. They provide briefings to the Audit Committee on no less than an annual basis or on an ad hoc basis when needed. These briefings encompass:
|Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block]
|While the full Board has overall responsibility for risk oversight, the Board has delegated oversight responsibility related to risks from cybersecurity threats to the Board’s Audit Committee.
|Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block]
|While the full Board has overall responsibility for risk oversight, the Board has delegated oversight responsibility related to risks from cybersecurity threats to the Board’s Audit Committee. The Audit Committee discusses with management not less than annually our major financial risk exposures, including those related to data privacy, data security and network security, and management's program to monitor, assess and control such exposures, including our risk assessment and risk management policies. The Audit Committee reports to the Board as necessary with respect to its activities, including making such reports and recommendations to the Board as it deems necessary and appropriate.
|Cybersecurity Risk Role of Management [Text Block]
|
The role of the Chief Information Security Officer (CISO) has been assigned to our VP, Information Technology, who has more than 20 years of IT experience and reports to the CFO. The CISO and the CFO inform the Audit Committee on cybersecurity risks. They provide briefings to the Audit Committee on no less than an annual basis or on an ad hoc basis when needed. These briefings encompass:
|Cybersecurity Risk Management Positions or Committees Responsible [Flag]
|true
|Cybersecurity Risk Management Positions or Committees Responsible [Text Block]
|Management’s role in assessing, monitoring and managing our material cybersecurity risks is primarily the responsibility of our CISO, reporting to our CFO. Both the CISO and CFO rely on third party experts, including consultants, auditors, and cybersecurity assessors regarding cybersecurity strategies and processes.
|Cybersecurity Risk Management Expertise of Management Responsible [Text Block]
|The role of the Chief Information Security Officer (CISO) has been assigned to our VP, Information Technology, who has more than 20 years of IT experience and reports to the CFO.
|Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block]
|Furthermore, significant cybersecurity matters, and strategic risk management decisions are escalated to the Board of Directors, which has oversight and may provide guidance on critical cybersecurity issues.
|Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag]
|true
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef