|
Cybersecurity Risk Management, Strategy, and Governance
|12 Months Ended
Dec. 31, 2024
|Cybersecurity Risk Management, Strategy, and Governance [Line Items]
|Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]
|
Item 1C. Cybersecurity
Risk Management and Strategy
As is the case for similar companies of our size and industry, we may be the target of cyber attacks and other cyber incidents and, therefore, cybersecurity is an important element of our overall enterprise risk management program. We have certain processes to systematically evaluate, identify, address, and manage cybersecurity risks, which are built into our overall risk management program and are designed to help safeguard our information assets and operational integrity from internal and external cyber threats, protect employee information from unauthorized access or attack, as well as secure our networks and systems. Such processes include physical, procedural, and technical safeguards, response plans, and continuity exercises on our systems. We also routinely review our policies and procedures to identify risks and refine our practices. By prioritizing cyber risk comprehension and management, we aim to enhance business resiliency, protect information from unauthorized access or attacks, and secure our digital footprint.
We engage certain external parties, including cybersecurity and privacy firms, to enhance our cybersecurity oversight and risk reduction abilities. We also perform an annual cybersecurity assessment designed to help align our cybersecurity program with industry best practices. In addition, we regularly consult with industry groups, peer organizations, and external executives to assess the cybersecurity threat landscape throughout the year.
Our cybersecurity policies, standards, and procedures include cyber and data breach response plans benchmarked against multiple cybersecurity risk frameworks. Our incident response plan is designed to help coordinate the response to and recovery from cybersecurity incidents and includes processes to identify, investigate, triage, assess the severity of, escalate, contain, and remediate incidents and comply with applicable legal or regulatory obligations. We also regularly perform technical reviews of our systems to help secure our digital environment and confirm software patches are appropriately up-to-date.
To oversee and identify risks from cybersecurity threats associated with our use of third-party service providers, we have implemented a third-party risk management program designed to help protect against information misuse and assess the information technology security measures of potential third parties and business partners. We perform a third-party risk assessment before starting a relationship with certain service providers and utilize a third-party risk intelligence program to monitor the activity of critical vendors following engagement. In addition, we maintain cyber insurance coverage as part of our overall risk mitigation strategy. This cyber insurance coverage may not be sufficient to cover against all claims.
We do not believe that there are currently any risks from cybersecurity threats that are reasonably likely to materially affect us or our business strategy, results of operations or financial condition.
Governance
Our Audit Committee of the Board of Directors provides direct oversight over cybersecurity risk. The Audit Committee receives annual updates from management regarding cybersecurity matters and is notified between such updates regarding significant new cybersecurity threats or incidents, if applicable.
We also have a cybersecurity steering committee responsible for assisting with our overall day-to-day cybersecurity responsibilities and implementing our cybersecurity programs. The cybersecurity steering committee is currently comprised of members of our digital and enterprise capabilities team and is chaired by our executive director of cybersecurity. Among other things, the cybersecurity steering committee:
•
reviews our internal controls to help protect our information assets;
•
assists with developing practices, procedures, and controls designed to identify, assess, and manage critical cybersecurity programs and risks; and
•
works to align our risk governance structure, including policies and procedures, with our business objectives.
The chair of the cybersecurity steering committee, our executive director of cybersecurity, has over 25 years of information technology industry experience, including 20 years focused on cybersecurity, and master’s degrees in a cybersecurity discipline and in business administration, in addition to multiple certifications related to information technology and cybersecurity.
In addition, to help prevent and detect cybersecurity threats, we provide all employees, including part-time and temporary employees, with monthly cybersecurity and privacy training, which covers timely and relevant cybersecurity topics, including social engineering, phishing, password protection, confidential data protection, asset use, and mobile security.
|Cybersecurity Risk Management Processes Integrated [Flag]
|true
|Cybersecurity Risk Management Processes Integrated [Text Block]
|
As is the case for similar companies of our size and industry, we may be the target of cyber attacks and other cyber incidents and, therefore, cybersecurity is an important element of our overall enterprise risk management program. We have certain processes to systematically evaluate, identify, address, and manage cybersecurity risks, which are built into our overall risk management program and are designed to help safeguard our information assets and operational integrity from internal and external cyber threats, protect employee information from unauthorized access or attack, as well as secure our networks and systems. Such processes include physical, procedural, and technical safeguards, response plans, and continuity exercises on our systems. We also routinely review our policies and procedures to identify risks and refine our practices. By prioritizing cyber risk comprehension and management, we aim to enhance business resiliency, protect information from unauthorized access or attacks, and secure our digital footprint.
|Cybersecurity Risk Management Third Party Engaged [Flag]
|true
|Cybersecurity Risk Third Party Oversight and Identification Processes [Flag]
|true
|Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag]
|false
|Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Text Block]
|
We do not believe that there are currently any risks from cybersecurity threats that are reasonably likely to materially affect us or our business strategy, results of operations or financial condition.
|Cybersecurity Risk Board of Directors Oversight [Text Block]
|
Our Audit Committee of the Board of Directors provides direct oversight over cybersecurity risk. The Audit Committee receives annual updates from management regarding cybersecurity matters and is notified between such updates regarding significant new cybersecurity threats or incidents, if applicable.
|Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block]
|Our Audit Committee of the Board of Directors provides direct oversight over cybersecurity risk.
|Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block]
|The Audit Committee receives annual updates from management regarding cybersecurity matters and is notified between such updates regarding significant new cybersecurity threats or incidents, if applicable.
|Cybersecurity Risk Role of Management [Text Block]
|
We also have a cybersecurity steering committee responsible for assisting with our overall day-to-day cybersecurity responsibilities and implementing our cybersecurity programs. The cybersecurity steering committee is currently comprised of members of our digital and enterprise capabilities team and is chaired by our executive director of cybersecurity. Among other things, the cybersecurity steering committee:
•
reviews our internal controls to help protect our information assets;
•
assists with developing practices, procedures, and controls designed to identify, assess, and manage critical cybersecurity programs and risks; and
•
works to align our risk governance structure, including policies and procedures, with our business objectives.
The chair of the cybersecurity steering committee, our executive director of cybersecurity, has over 25 years of information technology industry experience, including 20 years focused on cybersecurity, and master’s degrees in a cybersecurity discipline and in business administration, in addition to multiple certifications related to information technology and cybersecurity.
In addition, to help prevent and detect cybersecurity threats, we provide all employees, including part-time and temporary employees, with monthly cybersecurity and privacy training, which covers timely and relevant cybersecurity topics, including social engineering, phishing, password protection, confidential data protection, asset use, and mobile security.
|Cybersecurity Risk Management Positions or Committees Responsible [Flag]
|true
|Cybersecurity Risk Management Positions or Committees Responsible [Text Block]
|We also have a cybersecurity steering committee responsible for assisting with our overall day-to-day cybersecurity responsibilities and implementing our cybersecurity programs. The cybersecurity steering committee is currently comprised of members of our digital and enterprise capabilities team and is chaired by our executive director of cybersecurity.
|Cybersecurity Risk Management Expertise of Management Responsible [Text Block]
|The chair of the cybersecurity steering committee, our executive director of cybersecurity, has over 25 years of information technology industry experience, including 20 years focused on cybersecurity, and master’s degrees in a cybersecurity discipline and in business administration, in addition to multiple certifications related to information technology and cybersecurity.
|Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block]
|In addition, to help prevent and detect cybersecurity threats, we provide all employees, including part-time and temporary employees, with monthly cybersecurity and privacy training, which covers timely and relevant cybersecurity topics, including social engineering, phishing, password protection, confidential data protection, asset use, and mobile security
|Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag]
|true
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef