|
Cybersecurity Risk Management, Strategy, and Governance
|12 Months Ended
Dec. 31, 2024
|Cybersecurity Risk Management, Strategy, and Governance [Line Items]
|Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]
|
Item 1C. Cybersecurity.
Risk Management and Strategy
We have implemented and maintain a comprehensive information security program designed to protect the confidentiality, integrity, and availability of our critical systems and information, as well as to identify, assess, manage, mitigate, and respond to cybersecurity threats. Our systems and processes are assessed by independent third parties for compliance with: the International Standard Organization (“ISO”) 27001; System and Organization Controls (“SOC”) 2, Type 2; and Payment Card Industry Data Security Standards (“PCI DSS”) Level 1.
Our information security program includes the following key elements to help identify, manage, mitigate, and respond to cybersecurity threats:
•
Risk assessments—We conduct risk assessments designed to help identify material cybersecurity risks, quantify the impact and probability of each risk, develop mitigating controls, and periodically reassess previously identified risks.
•
Testing—We conduct regular testing of our systems and controls to help identify and address potential vulnerabilities.
•
Technical safeguards—We utilize various technical safeguards to help protect our information systems from cybersecurity threats. We regularly review our technical safeguards and update them in accordance with recognized best practices and standards.
•
Business continuity and disaster recovery planning—We maintain business continuity and disaster recovery plans and periodically test those plans.
•
A cybersecurity incident response plan—We maintain a policy governing actions required for reporting and managing cybersecurity incidents. We have designated an Incident Response Team with clearly defined roles and responsibilities for managing all material aspects of our reporting and response plan.
•
Employee training and awareness programs—We provide training to our employees to help identify, avoid, and mitigate cybersecurity threats. Our employees participate in annual training, including insider threat awareness, simulated phishing exercises, and other awareness training.
•
Third-party risk management—We maintain a third-party risk management program that is designed to help identify, assess, manage, mitigate, and respond to risks associated with the Company’s suppliers and other third parties.
We regularly review our information security program and associated policies, making periodic updates as we deem necessary and appropriate in accordance with recognized best practices and standards.
Governance
Our information security program and cyber risk management program is managed and overseen by Jeff Dell, our Chief Information Officer (“CIO”) and a team of information security personnel reporting to the CIO. Our CIO reports directly to the CEO and is responsible for the assessment and management of material risks for cybersecurity threats. Mr. Dell brings over 30 years of experience in information technology and information security, working as an executive within data-driven companies for the last 20 years, including serving as CIO since our formation in August 2017 and continuing through our Spin-off from cogint. Mr. Dell holds a Bachelor of Science in Business from Arizona State University and has earned GCIA, GCWN, GWAPT and CISSP certifications. For additional information regarding Mr. Dell’s business experience, see Part 1, Item 1 Business – Information About Our Executive Officers included in this Annual Report.
Management holds monthly Information Security Management System (ISMS) meetings which include members of the executive management team as well as the CIO and other key individuals reporting to the CIO. Cybersecurity risks, threats, and vulnerabilities, as well as existing mitigating controls, are discussed in ISMS meetings. Our CIO also provides quarterly reports of our information security program, as well as any material cybersecurity risks, to the Board of Directors.
We did not experience a material cybersecurity incident during the year ended December 31, 2024, which has materially affected or is reasonably likely to materially affect us, including our business strategy, results of operations, or financial condition. However, the possibility of future cybersecurity incidents, as well as cybersecurity and technology risks more generally, could have a material adverse effect on our business, financial condition, results of operations, cash flows or reputation. See “Item 1A. Risk Factors – Cybersecurity and Technology Risks” for more information.
|Cybersecurity Risk Management Processes Integrated [Flag]
|true
|Cybersecurity Risk Management Processes Integrated [Text Block]
|
We have implemented and maintain a comprehensive information security program designed to protect the confidentiality, integrity, and availability of our critical systems and information, as well as to identify, assess, manage, mitigate, and respond to cybersecurity threats. Our systems and processes are assessed by independent third parties for compliance with: the International Standard Organization (“ISO”) 27001; System and Organization Controls (“SOC”) 2, Type 2; and Payment Card Industry Data Security Standards (“PCI DSS”) Level 1.
|Cybersecurity Risk Management Third Party Engaged [Flag]
|true
|Cybersecurity Risk Third Party Oversight and Identification Processes [Flag]
|true
|Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag]
|false
|Cybersecurity Risk Board of Directors Oversight [Text Block]
|
Our information security program and cyber risk management program is managed and overseen by Jeff Dell, our Chief Information Officer (“CIO”) and a team of information security personnel reporting to the CIO. Our CIO reports directly to the CEO and is responsible for the assessment and management of material risks for cybersecurity threats. Mr. Dell brings over 30 years of experience in information technology and information security, working as an executive within data-driven companies for the last 20 years, including serving as CIO since our formation in August 2017 and continuing through our Spin-off from cogint. Mr. Dell holds a Bachelor of Science in Business from Arizona State University and has earned GCIA, GCWN, GWAPT and CISSP certifications. For additional information regarding Mr. Dell’s business experience, see Part 1, Item 1 Business – Information About Our Executive Officers included in this Annual Report.
Management holds monthly Information Security Management System (ISMS) meetings which include members of the executive management team as well as the CIO and other key individuals reporting to the CIO. Cybersecurity risks, threats, and vulnerabilities, as well as existing mitigating controls, are discussed in ISMS meetings. Our CIO also provides quarterly reports of our information security program, as well as any material cybersecurity risks, to the Board of Directors.
We did not experience a material cybersecurity incident during the year ended December 31, 2024, which has materially affected or is reasonably likely to materially affect us, including our business strategy, results of operations, or financial condition. However, the possibility of future cybersecurity incidents, as well as cybersecurity and technology risks more generally, could have a material adverse effect on our business, financial condition, results of operations, cash flows or reputation. See “Item 1A. Risk Factors – Cybersecurity and Technology Risks” for more information.
|Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block]
|Our CIO also provides quarterly reports of our information security program, as well as any material cybersecurity risks, to the Board of Directors.
|Cybersecurity Risk Role of Management [Text Block]
|Management holds monthly Information Security Management System (ISMS) meetings which include members of the executive management team as well as the CIO and other key individuals reporting to the CIO. Cybersecurity risks, threats, and vulnerabilities, as well as existing mitigating controls, are discussed in ISMS meetings. Our CIO also provides quarterly reports of our information security program, as well as any material cybersecurity risks, to the Board of Directors
|Cybersecurity Risk Management Positions or Committees Responsible [Flag]
|true
|Cybersecurity Risk Management Positions or Committees Responsible [Text Block]
|Our information security program and cyber risk management program is managed and overseen by Jeff Dell, our Chief Information Officer (“CIO”) and a team of information security personnel reporting to the CIO. Our CIO reports directly to the CEO and is responsible for the assessment and management of material risks for cybersecurity threats. Mr. Dell
|Cybersecurity Risk Management Expertise of Management Responsible [Text Block]
|brings over 30 years of experience in information technology and information security, working as an executive within data-driven companies for the last 20 years, including serving as CIO since our formation in August 2017 and continuing through our Spin-off from cogint. Mr. Dell holds a Bachelor of Science in Business from Arizona State University and has earned GCIA, GCWN, GWAPT and CISSP certifications. For additional information regarding Mr. Dell’s business experience, see Part 1, Item 1 Business – Information About Our Executive Officers included in this Annual Report.
|Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block]
|Our CIO also provides quarterly reports of our information security program, as well as any material cybersecurity risks, to the Board of Directors
|Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag]
|true
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef