|
Cybersecurity Risk Management, Strategy, and Governance
|12 Months Ended
Dec. 31, 2024
|Cybersecurity Risk Management, Strategy, and Governance [Line Items]
|Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]
|
Item 1C. Cybersecurity
We rely on both internal information technology systems and networks, and those of third-party vendors and contractors, to acquire, transmit, store and otherwise process information in connection with our business activities. Our ability to effectively manage our business depends on the security, reliability and adequacy of our and our third-party contractors’ and vendors’ technology systems. As such, we have implemented an information security program designed to identify, assess, and manage risks from cybersecurity threats.
We perform risk assessments relating to cybersecurity and technology risks at least annually. Our cybersecurity risk management program has been developed based on industry standards, including those published by the National Institute of Standards and Technology (“NIST”). Highlights of the program include:
•
Corporate policies and procedures that guide our use of information systems, confidentiality and security strategy;
•
Identifying critical assets and high-risk threats, and implementing technical prevention and detection controls and response and recovery practices;
•
A third-party risk management process to assist in making risk-informed technology product and services decisions on third parties who provide, manage, store or have access to material data or information, including the completion of security questionnaires and independent assessments of controls, audits and/or contract terms;
•
Defined data loss prevention standards in place to detect and prevent data loss, including requiring third-party service providers with access to personal, confidential or proprietary information to implement and maintain comprehensive cybersecurity practices consistent with applicable legal standards and industry best practices;
•
Security awareness training for employees to identify cybersecurity concerns and take appropriate actions; and
•
Evaluating our program’s effectiveness by performing regular internal and third-party assessments of our controls, including external penetration testing and consultation on security enhancements.
Risks identified through our cybersecurity program are assessed to determine the potential impact and likelihood of occurrence and mitigation plans are developed and implemented accordingly.
The Audit Committee of our Board of Directors bears the primary responsibility for oversight of cybersecurity risks. The Audit Committee is composed of board members with diverse expertise, including risk management, technology and finance, equipping them to oversee cybersecurity risks effectively. Management’s oversight is performed through an IT Strategy Committee, a subset of executive management including our Chief Financial Officer, or CFO, and Chief Legal Officer, and relevant functional expertise, including our Senior Vice President, Information Systems, or SVP, IS. Our SVP, IS, is the primary member of the IT Steering Committee charged with responsibility for assessing, monitoring and managing our cybersecurity risks. With over 20 years of experience in information technology strategy and operations, his background includes extensive experience as an IT executive at various companies. At least annually, the SVP, IS, and the CFO provide a comprehensive report to the Audit Committee regarding cybersecurity risk assessments, planned enhancements to our cyber security program, and incident reports and remediation, if any.
The SVP, IS, oversees processes for the regular monitoring of our information systems, including potential vulnerabilities. In the event of a cybersecurity incident, the IT organization and designated members of executive management follow an established Cybersecurity Incident Response Plan. This plan includes immediate actions to contain the threat, mitigate the impact and assess materiality, and requires retrospective review and identification of corrective actions to reduce future risk.
During the fiscal year ended December 31, 2024, we did not experience any material impact to our business, financial position or operations resulting from previously identified cyberattacks or other information security incidents, but we cannot provide assurance that they will not be materially affected in the future by such risks or any future material breaches. For a discussion of these risks, see “Item 1A—Risk Factors—Risk Related to Our Business and Industry—Our business and operations could suffer in the event of an actual or perceived information security incident such as a cybersecurity breach, system failure, or other compromise of our systems and/or information, including information held by a third-party contractor or vendor.”
|Cybersecurity Risk Management Third Party Engaged [Flag]
|true
|Cybersecurity Risk Third Party Oversight and Identification Processes [Flag]
|true
|Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag]
|false
|Cybersecurity Risk Board of Directors Oversight [Text Block]
|
The Audit Committee of our Board of Directors bears the primary responsibility for oversight of cybersecurity risks. The Audit Committee is composed of board members with diverse expertise, including risk management, technology and finance, equipping them to oversee cybersecurity risks effectively. Management’s oversight is performed through an IT Strategy Committee, a subset of executive management including our Chief Financial Officer, or CFO, and Chief Legal Officer, and relevant functional expertise, including our Senior Vice President, Information Systems, or SVP, IS. Our SVP, IS, is the primary member of the IT Steering Committee charged with responsibility for assessing, monitoring and managing our cybersecurity risks. With over 20 years of experience in information technology strategy and operations, his background includes extensive experience as an IT executive at various companies. At least annually, the SVP, IS, and the CFO provide a comprehensive report to the Audit Committee regarding cybersecurity risk assessments, planned enhancements to our cyber security program, and incident reports and remediation, if any.
|Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block]
|The Audit Committee is composed of board members with diverse expertise, including risk management, technology and finance, equipping them to oversee cybersecurity risks effectively.
|Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block]
|At least annually, the SVP, IS, and the CFO provide a comprehensive report to the Audit Committee regarding cybersecurity risk assessments, planned enhancements to our cyber security program, and incident reports and remediation, if any
|Cybersecurity Risk Role of Management [Text Block]
|Management’s oversight is performed through an IT Strategy Committee, a subset of executive management including our Chief Financial Officer, or CFO, and Chief Legal Officer, and relevant functional expertise, including our Senior Vice President, Information Systems, or SVP, IS. Our SVP, IS, is the primary member of the IT Steering Committee charged with responsibility for assessing, monitoring and managing our cybersecurity risks. With over 20 years of experience in information technology strategy and operations, his background includes extensive experience as an IT executive at various companies. At least annually, the SVP, IS, and the CFO provide a comprehensive report to the Audit Committee regarding cybersecurity risk assessments, planned enhancements to our cyber security program, and incident reports and remediation, if any.
|Cybersecurity Risk Management Positions or Committees Responsible [Flag]
|true
|Cybersecurity Risk Management Positions or Committees Responsible [Text Block]
|Management’s oversight is performed through an IT Strategy Committee, a subset of executive management including our Chief Financial Officer, or CFO, and Chief Legal Officer, and relevant functional expertise, including our Senior Vice President, Information Systems, or SVP, IS. Our SVP, IS, is the primary member of the IT Steering Committee charged with responsibility for assessing, monitoring and managing our cybersecurity risks.
|Cybersecurity Risk Management Expertise of Management Responsible [Text Block]
|With over 20 years of experience in information technology strategy and operations, his background includes extensive experience as an IT executive at various companies.
|Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag]
|true
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef