|
Cybersecurity Risk Management and Strategy Disclosure
|12 Months Ended
Dec. 31, 2024
|Cybersecurity Risk Management, Strategy, and Governance [Line Items]
|Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]
|
We maintain a cybersecurity risk management program as part of the Company's overall risk management framework and related policies and processes to identify, assess and manage material risks from cybersecurity threats.
Our Information Security Policy is designed to align with certain best practices, including GDPR. This policy promotes the management and execution of our information security framework for preserving the confidentiality, integrity, availability and
privacy of our information assets, including by helping enable us to better oversee, monitor and identify certain risks related to the processing of information by authorized third-party service providers. We also have an Information Technology ("IT") Steering Committee to help ensure security and compliance across our IT services. We have in the past, and may in the future, engage third parties to assess the effectiveness of our cybersecurity prevention and response systems and processes. We implement a layered strategy for overseeing and identifying material risks from cybersecurity threats associated with our use of third party service providers, including: (i) the use of a suite of Microsoft tools (including Microsoft Defender); (ii) a cloud IT strategy that eliminates any central platform; (iii) engaging a cybersecurity firm that monitors our systems 24/7 and provides daily alerts and updates; (iv) regular cybersecurity training for all employees and contractors; and (v) policies and procedures that govern employee activities along with technical controls in place to enforce those policies and procedures.
During 2024, we refreshed our business continuity program to assess the resilience of our processes and systems against potential threats, including cyber-attacks. Our refreshed crisis management and business continuity program establishes crisis management instructions with a detailed plan for each business department outlining critical processes, internal and external dependencies and recovery strategies. In addition, routine information security training and updates are regularly rolled out to our employees, and we track certain metrics that we believe help ensure we have a strong security posture.
To date, cybersecurity threats, including those resulting from any previous cybersecurity incidents, have not materially affected our Company, including our business strategy, results of operations or financial condition. We do not believe that cybersecurity threats resulting from any previous cybersecurity incidents of which we are aware are reasonably likely to materially affect our Company. See “We rely significantly on information technology and any failure, inadequacy, or security lapse of that technology, including any cybersecurity incidents, could harm us” in the “Risk Factors” section of this Annual Report for further information.
|Cybersecurity Risk Management Processes Integrated [Flag]
|true
|Cybersecurity Risk Management Processes Integrated [Text Block]
|
We maintain a cybersecurity risk management program as part of the Company's overall risk management framework and related policies and processes to identify, assess and manage material risks from cybersecurity threats.
|Cybersecurity Risk Management Third Party Engaged [Flag]
|true
|Cybersecurity Risk Third Party Oversight and Identification Processes [Flag]
|true
|Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag]
|false
|Cybersecurity Risk Board of Directors Oversight [Text Block]
|
One of the key functions of our Board is informed oversight of our risk management process. Our Board administers the risk oversight function directly through the Board, as well as through various standing committees of our Board that address risks inherent in their respective areas of oversight. The Board at least annually reviews management's annual enterprise risk assessment, business continuity process and cybersecurity posture. Our Audit Committee is responsible for overseeing the management of risks associated with our financial reporting, accounting and auditing matters, as well as business-related risks (such as leadership, continuity, cybersecurity and matters relating to our commercial activities), reviewing as required our processes around the management and monitoring of such risks, as well as conducting a risk assessment review. Our Audit Committee charter sets forth the responsibilities of the Audit Committee consistent with applicable SEC and Nasdaq rules, including reviewing our approach to risk mitigation with respect to IT and cybersecurity. An information security update is provided quarterly, or as needed, to the Audit Committee, with a detailed review provided at least annually, or as needed.In addition, our Chief Information Officer ("CIO") is responsible for leading the assessment and management of cybersecurity risks. Our CIO, who has held this position since 2021, has over 20 years of experience in information security and holds an MBA from The George B. Delaplaine School of Business and Economics. He was previously CIO at Autolus Therapeutics from 2018 to 2021, and CIO at Sucampo Pharmaceuticals from 2015 to 2018. Prior to that, he was a Director, IT at AstraZeneca from 2008 to 2015. Our CIO regularly receives reports from our Head of Enterprise Technology along with our cybersecurity partners on cybersecurity threats and incidents, as applicable.
|Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block]
|Our Audit Committee is responsible for overseeing the management of risks associated with our financial reporting, accounting and auditing matters, as well as business-related risks (such as leadership, continuity, cybersecurity and matters relating to our commercial activities), reviewing as required our processes around the management and monitoring of such risks, as well as conducting a risk assessment review.
|Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block]
|Our Audit Committee is responsible for overseeing the management of risks associated with our financial reporting, accounting and auditing matters, as well as business-related risks (such as leadership, continuity, cybersecurity and matters relating to our commercial activities), reviewing as required our processes around the management and monitoring of such risks, as well as conducting a risk assessment review. Our Audit Committee charter sets forth the responsibilities of the Audit Committee consistent with applicable SEC and Nasdaq rules, including reviewing our approach to risk mitigation with respect to IT and cybersecurity. An information security update is provided quarterly, or as needed, to the Audit Committee, with a detailed review provided at least annually, or as needed.
|Cybersecurity Risk Role of Management [Text Block]
|In addition, our Chief Information Officer ("CIO") is responsible for leading the assessment and management of cybersecurity risks. Our CIO, who has held this position since 2021, has over 20 years of experience in information security and holds an MBA from The George B. Delaplaine School of Business and Economics. He was previously CIO at Autolus Therapeutics from 2018 to 2021, and CIO at Sucampo Pharmaceuticals from 2015 to 2018. Prior to that, he was a Director, IT at AstraZeneca from 2008 to 2015. Our CIO regularly receives reports from our Head of Enterprise Technology along with our cybersecurity partners on cybersecurity threats and incidents, as applicable.
|Cybersecurity Risk Management Positions or Committees Responsible [Flag]
|true
|Cybersecurity Risk Management Positions or Committees Responsible [Text Block]
|Our Audit Committee is responsible for overseeing the management of risks associated with our financial reporting, accounting and auditing matters, as well as business-related risks (such as leadership, continuity, cybersecurity and matters relating to our commercial activities), reviewing as required our processes around the management and monitoring of such risks, as well as conducting a risk assessment review.
|Cybersecurity Risk Management Expertise of Management Responsible [Text Block]
|Our CIO, who has held this position since 2021, has over 20 years of experience in information security and holds an MBA from The George B. Delaplaine School of Business and Economics.
|Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block]
|In addition, our Chief Information Officer ("CIO") is responsible for leading the assessment and management of cybersecurity risks. Our CIO, who has held this position since 2021, has over 20 years of experience in information security and holds an MBA from The George B. Delaplaine School of Business and Economics. He was previously CIO at Autolus Therapeutics from 2018 to 2021, and CIO at Sucampo Pharmaceuticals from 2015 to 2018. Prior to that, he was a Director, IT at AstraZeneca from 2008 to 2015. Our CIO regularly receives reports from our Head of Enterprise Technology along with our cybersecurity partners on cybersecurity threats and incidents, as applicable.
|Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag]
|true
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef