|
Cybersecurity Risk Management and Strategy Disclosure
|12 Months Ended
Dec. 31, 2024
|Cybersecurity Risk Management, Strategy, and Governance [Line Items]
|Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]
|
Risk Management and Strategy
In the ordinary course of our business, we use, store and process data including data of our employees, partners, collaborators, and vendors. We have implemented a cybersecurity risk management program that is designed to identify, assess, and mitigate risks from cybersecurity threats to this data and our systems.
Our cybersecurity risk management program includes a number of components, including information security program assessments and continuous monitoring of critical risks from cybersecurity threats using automated tools. We periodically engage third parties to conduct risk assessments on our systems, including penetration testing on an annual basis. We also conduct cybersecurity simulation exercises, including in connection with our disaster recovery procedures.
We maintain policies and processes for assessing, identifying, and managing risks from cybersecurity threats, and have integrated these policies and processes into our overall risk management strategy. Our cybersecurity program is informed by standards established by the National Institute of Standards and Technology (NIST) and the Center for Internet Security (CIS).
We also engage assessors, consultants, auditors, or other third parties in connection with our risk assessment processes to assist us in our design and implementation of our cybersecurity policies and procedures and in our assessment and testing of our security safeguards. This includes a third-party managed detection and response team (MDR) to conduct ongoing network monitoring and to support incident management and threat assessment. Additionally, as a public company, we are subject to regulatory requirements and undergo audits of our financial statements, which include a review of related cybersecurity controls and information technology systems.
We maintain a cybersecurity awareness training program for employees, which is provided during onboarding and on an annual basis thereafter. Our training program includes simulated phishing campaigns, which are designed to increase awareness and detection and to equip our personnel with effective tools to identify and address cybersecurity threats.
Although risks from cybersecurity threats have not materially affected, and are not reasonably likely to materially affect our company, including our business strategy, results of operations, or financial condition, to date, we have, from time to time, experienced threats to and security incidents related to our and our third-party vendors’ information systems. For more information about the cybersecurity risks we face, please refer to Item 1A, “Risk Factors,” in this annual report on Form 10-K, including the risk factor titled “Cybersecurity incidents, data breaches, loss of data and other disruptions could compromise sensitive information related to our business or prevent us from accessing critical information and expose us to liability, which could adversely affect our business and our reputation.”
|Cybersecurity Risk Management Processes Integrated [Flag]
|true
|Cybersecurity Risk Management Processes Integrated [Text Block]
|
We maintain policies and processes for assessing, identifying, and managing risks from cybersecurity threats, and have integrated these policies and processes into our overall risk management strategy. Our cybersecurity program is informed by standards established by the National Institute of Standards and Technology (NIST) and the Center for Internet Security (CIS).
|Cybersecurity Risk Management Third Party Engaged [Flag]
|true
|Cybersecurity Risk Third Party Oversight and Identification Processes [Flag]
|true
|Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag]
|false
|Cybersecurity Risk Board of Directors Oversight [Text Block]
|
Under the ultimate direction of our chief executive officer, or CEO, and our executive management team (including our Chief Legal Officer who serves as our Chief Compliance Officer), with oversight from our audit committee of the board of directors (Audit Committee), our Head of Information Technology (Head of IT) has primary responsibility for assessing, operating and managing our cybersecurity threat management program. Our Head of IT meets periodically with our Chief Legal Officer to discuss current developments in the cybersecurity landscape and our cybersecurity risk management program, including providing updates regarding the sources and nature of critical risks we face and how the IT department assesses those risks, including the likelihood of such risks, the severity of impact, and progress on vulnerability remediation.
As we are in the process of hiring a new Director of Information Technology, our Chief Legal Officer is fulfilling these functions in the interim with assistance from third-party information technology and cybersecurity experts. Although our Chief Legal Officer does not have direct cybersecurity expertise obtained through certifications, her experience as a member of our company’s senior management team and overseeing enterprise risks, which includes consulting and coordinating as necessary with third-party information technology and cybersecurity experts, enables her to assess and manage material risks from cybersecurity threats. We maintain an established process to notify management of identified cybersecurity incidents and to provide an assessment of the potential criticality and impact of such incidents. We have also implemented procedures for response and containment efforts to address the actual or potential impact of identified cybersecurity incidents, as applicable.
As part of our board of directors’ enterprise risk management program, our board of directors has responsibility for oversight of cybersecurity risk management. Our board of directors has delegated to our Audit Committee oversight of our cybersecurity risk management program, including oversight of information security and cybersecurity threats and related compliance and disclosure requirements. On an annual basis, our Chief Legal Officer provides an update to our Audit Committee regarding our cybersecurity risk management program, including as relates to critical cybersecurity risks, ongoing cybersecurity initiatives and strategies, and applicable regulatory requirements and industry standards. The Audit Committee periodically reports on cybersecurity risk management to the full board of directors.
|Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block]
|Under the ultimate direction of our chief executive officer, or CEO, and our executive management team (including our Chief Legal Officer who serves as our Chief Compliance Officer), with oversight from our audit committee of the board of directors (Audit Committee), our Head of Information Technology (Head of IT) has primary responsibility for assessing, operating and managing our cybersecurity threat management program.
|Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block]
|
Under the ultimate direction of our chief executive officer, or CEO, and our executive management team (including our Chief Legal Officer who serves as our Chief Compliance Officer), with oversight from our audit committee of the board of directors (Audit Committee), our Head of Information Technology (Head of IT) has primary responsibility for assessing, operating and managing our cybersecurity threat management program. Our Head of IT meets periodically with our Chief Legal Officer to discuss current developments in the cybersecurity landscape and our cybersecurity risk management program, including providing updates regarding the sources and nature of critical risks we face and how the IT department assesses those risks, including the likelihood of such risks, the severity of impact, and progress on vulnerability remediation.
|Cybersecurity Risk Role of Management [Text Block]
|
As we are in the process of hiring a new Director of Information Technology, our Chief Legal Officer is fulfilling these functions in the interim with assistance from third-party information technology and cybersecurity experts. Although our Chief Legal Officer does not have direct cybersecurity expertise obtained through certifications, her experience as a member of our company’s senior management team and overseeing enterprise risks, which includes consulting and coordinating as necessary with third-party information technology and cybersecurity experts, enables her to assess and manage material risks from cybersecurity threats. We maintain an established process to notify management of identified cybersecurity incidents and to provide an assessment of the potential criticality and impact of such incidents. We have also implemented procedures for response and containment efforts to address the actual or potential impact of identified cybersecurity incidents, as applicable.
|Cybersecurity Risk Management Positions or Committees Responsible [Flag]
|true
|Cybersecurity Risk Management Positions or Committees Responsible [Text Block]
|
As we are in the process of hiring a new Director of Information Technology, our Chief Legal Officer is fulfilling these functions in the interim with assistance from third-party information technology and cybersecurity experts. Although our Chief Legal Officer does not have direct cybersecurity expertise obtained through certifications, her experience as a member of our company’s senior management team and overseeing enterprise risks, which includes consulting and coordinating as necessary with third-party information technology and cybersecurity experts, enables her to assess and manage material risks from cybersecurity threats. We maintain an established process to notify management of identified cybersecurity incidents and to provide an assessment of the potential criticality and impact of such incidents. We have also implemented procedures for response and containment efforts to address the actual or potential impact of identified cybersecurity incidents, as applicable.As part of our board of directors’ enterprise risk management program, our board of directors has responsibility for oversight of cybersecurity risk management.
|Cybersecurity Risk Management Expertise of Management Responsible [Text Block]
|Although our Chief Legal Officer does not have direct cybersecurity expertise obtained through certifications, her experience as a member of our company’s senior management team and overseeing enterprise risks, which includes consulting and coordinating as necessary with third-party information technology and cybersecurity experts, enables her to assess and manage material risks from cybersecurity threats.
|Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block]
|We maintain an established process to notify management of identified cybersecurity incidents and to provide an assessment of the potential criticality and impact of such incidents. We have also implemented procedures for response and containment efforts to address the actual or potential impact of identified cybersecurity incidents, as applicable.
|Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag]
|true
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef