|
Cybersecurity Risk Management and Strategy Disclosure
|12 Months Ended
Dec. 31, 2024
|Cybersecurity Risk Management, Strategy, and Governance [Line Items]
|Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]
|
Cybersecurity Risk Management Program and Strategy
Cybersecurity Threats
In today’s digitally interconnected workspace, we are increasingly vulnerable to cybersecurity threats that can disrupt operations, and compromise sensitive information. Cybersecurity threats are continuously evolving and can vary widely, but some common types of material cyber threats include:
We maintain a comprehensive process for assessing, identifying, and managing material risks from cybersecurity threats as part of our overall risk management system and processes, including risks relating to disruption of business operations or financial reporting systems, intellectual property theft; fraud; extortion; harm to employees or customers; violation of privacy laws and other litigation and legal risk; and reputation risk.
Cybersecurity is a critical component of the Company’s Enterprise Risk Management program. The Company has established an information security framework to help safeguard the confidentiality and integrity of, and access to its information assets and to ensure regulatory, contractual, and operational compliance.
Our cybersecurity risk management strategy includes the following:
The plan is regularly updated, reviewed by management, and tested yearly involving relevant stakeholders so that all are familiar with their roles and responsibilities in case of a cyber incident.
We routinely review the effectiveness of our cybersecurity program using the applicable CIS Critical Security Controls and take necessary actions.
We employ external independent experts to review and test the effectiveness of our cybersecurity processes, and protection and detection mechanisms. The findings are reviewed by management and approved changes are prioritized and implemented.
We have a retainer agreement with a reputable cyber incident response team, who assists the Company in reviewing the cyber incident response plan and conducting yearly tabletop drills. The experts on the cyber incident response team are available on a priority basis to assist the Company with forensics and other sophisticated analyses and investigations in case of a cyber incident for quick response and efficient recovery.
We have insurance coverage for losses and expenses related to liability, privacy and regulatory actions, incident response, business interruption, data recovery, hardware replacement, extortion, and reputational harm arising from potential cybersecurity incidents.
Cybersecurity Incidents
Our business strategy, results of operations and financial condition have not been materially affected by risks from cybersecurity threats, including as a result of previous cybersecurity incidents, but we cannot provide assurance that they will not be materially affected in the future by such risks and any future material incidents. In the last three fiscal years, we have not experienced any material information security breach incidences and the expenses we have incurred from information security breach incidences were immaterial. This includes penalties and settlements, of which there were none.
See “Risk Factors” in Item 1A of this Annual Report on Form 10-K for more information on our cybersecurity-related risks.
|Cybersecurity Risk Management Processes Integrated [Flag]
|true
|Cybersecurity Risk Management Processes Integrated [Text Block]
|
We maintain a comprehensive process for assessing, identifying, and managing material risks from cybersecurity threats as part of our overall risk management system and processes, including risks relating to disruption of business operations or financial reporting systems, intellectual property theft; fraud; extortion; harm to employees or customers; violation of privacy laws and other litigation and legal risk; and reputation risk.
Cybersecurity is a critical component of the Company’s Enterprise Risk Management program. The Company has established an information security framework to help safeguard the confidentiality and integrity of, and access to its information assets and to ensure regulatory, contractual, and operational compliance.
Our cybersecurity risk management strategy includes the following:
The plan is regularly updated, reviewed by management, and tested yearly involving relevant stakeholders so that all are familiar with their roles and responsibilities in case of a cyber incident.
We routinely review the effectiveness of our cybersecurity program using the applicable CIS Critical Security Controls and take necessary actions.
We employ external independent experts to review and test the effectiveness of our cybersecurity processes, and protection and detection mechanisms. The findings are reviewed by management and approved changes are prioritized and implemented.
We have a retainer agreement with a reputable cyber incident response team, who assists the Company in reviewing the cyber incident response plan and conducting yearly tabletop drills. The experts on the cyber incident response team are available on a priority basis to assist the Company with forensics and other sophisticated analyses and investigations in case of a cyber incident for quick response and efficient recovery.
We have insurance coverage for losses and expenses related to liability, privacy and regulatory actions, incident response, business interruption, data recovery, hardware replacement, extortion, and reputational harm arising from potential cybersecurity incidents.
|Cybersecurity Risk Management Third Party Engaged [Flag]
|true
|Cybersecurity Risk Third Party Oversight and Identification Processes [Flag]
|true
|Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag]
|false
|Cybersecurity Risk Board of Directors Oversight [Text Block]
|
Cybersecurity Governance
Management
Our cybersecurity risk management program is managed by the Chief Information Security Officer (the “CISO”) and overseen by the Chief Executive Officer and the Chief Administrative Officer. Our CISO has over 25 years of experience in maritime IT. He holds an MBA and a Master of Science degree in Information Management and is a Certified Information Security Manager from the Information Systems Audit and Control Association, certified in Cybersecurity Risk Management by Harvard University, Cybersecurity Oversight by Carnegie Mellon, and Maritime Cybersecurity by Lloyds Maritime.
The CISO and other members of the IT security team actively participate in maritime-specific as well as other broader cybersecurity groups for collaboration on cyber resilience, threat intelligence sharing, and best practices exchange. All the members of the IT security team regularly undergo new training/certifications on cybersecurity and attend seminars/conferences related to cybersecurity to keep their knowledge and expertise current. The CISO meets with the Chief Executive Officer of the Company monthly, and more frequently if warranted, to provide updates on cybersecurity programs, threats, and incidents.
Board of Directors
The Corporate Governance and Risk Assessment Committee (the “Governance Committee”) of the Board of Directors is primarily responsible for the oversight of risks from cybersecurity threats. To fulfill this responsibility, the Governance Committee receives regular updates, at least quarterly about the Company’s cybersecurity risks and mitigation program from management, specifically the CISO. The Chairman of the Governance Committee provides quarterly reports of such updates to the full Board of Directors. The CISO’s quarterly report to the Governance Committee contains updates to the cybersecurity risk register, summaries of any material cybersecurity threats or incidents and responses thereto, updates on cybersecurity trends and the results of any assessments performed. The quarterly reports also include changes to cybersecurity processes, products and third-party service providers, third-party cybersecurity risk reviews, and regulatory changes.
|Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block]
|Governance Committee
|Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block]
|The Corporate Governance and Risk Assessment Committee (the “Governance Committee”) of the Board of Directors is primarily responsible for the oversight of risks from cybersecurity threats. To fulfill this responsibility, the Governance Committee receives regular updates, at least quarterly about the Company’s cybersecurity risks and mitigation program from management, specifically the CISO. The Chairman of the Governance Committee provides quarterly reports of such updates to the full Board of Directors
|Cybersecurity Risk Role of Management [Text Block]
|
The CISO and other members of the IT security team actively participate in maritime-specific as well as other broader cybersecurity groups for collaboration on cyber resilience, threat intelligence sharing, and best practices exchange. All the members of the IT security team regularly undergo new training/certifications on cybersecurity and attend seminars/conferences related to cybersecurity to keep their knowledge and expertise current. The CISO meets with the Chief Executive Officer of the Company monthly, and more frequently if warranted, to provide updates on cybersecurity programs, threats, and incidents.
|Cybersecurity Risk Management Positions or Committees Responsible [Flag]
|true
|Cybersecurity Risk Management Positions or Committees Responsible [Text Block]
|Chief Information Security Officer
|Cybersecurity Risk Management Expertise of Management Responsible [Text Block]
|Our CISO has over 25 years of experience in maritime IT. He holds an MBA and a Master of Science degree in Information Management and is a Certified Information Security Manager from the Information Systems Audit and Control Association, certified in Cybersecurity Risk Management by Harvard University, Cybersecurity Oversight by Carnegie Mellon, and Maritime Cybersecurity by Lloyds Maritime.
|Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block]
|The CISO’s quarterly report to the Governance Committee contains updates to the cybersecurity risk register, summaries of any material cybersecurity threats or incidents and responses thereto, updates on cybersecurity trends and the results of any assessments performed. The quarterly reports also include changes to cybersecurity processes, products and third-party service providers, third-party cybersecurity risk reviews, and regulatory changes.
|Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag]
|true
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef