|
Cybersecurity Risk Management, Strategy, and Governance
|12 Months Ended
Dec. 31, 2024
|Cybersecurity Risk Management, Strategy, and Governance [Line Items]
|Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]
|
Item 1C. Cybersecurity.
Risk Management and Strategy
We have established policies and processes for assessing, identifying, and managing material risk from cybersecurity threats, and have integrated these processes into our overall risk management systems and processes. We routinely assess material risks from cybersecurity threats, including any potential unauthorized occurrence on or conducted through our information systems that may result in adverse effects on the confidentiality, integrity, or availability of our information systems or any information residing therein.
We conduct periodic risk assessments to identify cybersecurity threats. These risk assessments include identification of reasonably foreseeable internal and external risks, the likelihood and potential damage that could result from such risks, and the sufficiency of existing policies, procedures, systems, and safeguards in place to manage such risks.
Following these risk assessments, we evaluate whether and how to re-design, implement, and maintain reasonable safeguards to minimize identified risks; reasonably address any identified gaps in existing safeguards; and regularly monitor the effectiveness of our safeguards. We devote significant resources and designate personnel, including our Vice President, Information Technology, who reports to our Executive Vice President, Chief Technology Officer, and Head of Operations, to manage the risk assessment and mitigation process.
As part of our overall risk management system, we monitor and test our safeguards and train relevant personnel on these safeguards. These efforts are led by our Information Security function. All personnel are expected to engage in security awareness training. We engage third parties to perform security assessments to test our safeguards and, when appropriate, implement modifications to or add new safeguards based on the results of such assessments.
We generally require each of our relevant third-party service providers to implement and maintain appropriate security measures and to promptly notify us of any suspected breach of security that may affect our company. For additional information regarding whether any risks from cybersecurity threats, including as a result of any previous cybersecurity incidents, have materially affected or are reasonably likely to materially affect our company, including our business strategy, results of operations, or financial condition, please refer to Item 1A, “Risk Factors,” in this Annual Report.
Governance
One of the key functions of our board of directors is informed oversight of our risk management process, including risks from cybersecurity threats. Our board of directors is responsible for monitoring and assessing strategic risk exposure, and our executive officers and other members of senior management are responsible for the day-to-day management of the material risks we face. Our board of directors administers its cybersecurity risk oversight function directly as well as through our audit committee.
In connection with our November 2024 portfolio prioritization, our Vice President, Information Technology assumed from our former Head of Information Security responsibility for assessing and managing our material risks from cybersecurity threats. He has worked in various roles pertaining to Information Technology for more than fifteen years. The processes by which he is informed about and monitors the prevention, detection, mitigation, and remediation of cybersecurity incidents include the following: vulnerability management, third party risk management, data security management, security awareness training, systems management, operations security, security incident and event management, and incident response management. We use third parties for managed detection and active response to cybersecurity incidents.
Our Vice President, Information Technology provides quarterly briefings to our audit committee regarding our cybersecurity risks and activities, such as any recent cybersecurity incidents and related responses (including those of third parties), if any, and cybersecurity systems testing. Our audit committee provides periodic updates to the board of directors that include any material information included in such briefings. In addition, our Vice President, Information Technology provides annual briefings to our board of directors on cybersecurity risks and activities.
|Cybersecurity Risk Management Processes Integrated [Flag]
|true
|Cybersecurity Risk Management Processes Integrated [Text Block]
|
Risk Management and Strategy
We have established policies and processes for assessing, identifying, and managing material risk from cybersecurity threats, and have integrated these processes into our overall risk management systems and processes. We routinely assess material risks from cybersecurity threats, including any potential unauthorized occurrence on or conducted through our information systems that may result in adverse effects on the confidentiality, integrity, or availability of our information systems or any information residing therein.
We conduct periodic risk assessments to identify cybersecurity threats. These risk assessments include identification of reasonably foreseeable internal and external risks, the likelihood and potential damage that could result from such risks, and the sufficiency of existing policies, procedures, systems, and safeguards in place to manage such risks.
Following these risk assessments, we evaluate whether and how to re-design, implement, and maintain reasonable safeguards to minimize identified risks; reasonably address any identified gaps in existing safeguards; and regularly monitor the effectiveness of our safeguards. We devote significant resources and designate personnel, including our Vice President, Information Technology, who reports to our Executive Vice President, Chief Technology Officer, and Head of Operations, to manage the risk assessment and mitigation process.
As part of our overall risk management system, we monitor and test our safeguards and train relevant personnel on these safeguards. These efforts are led by our Information Security function. All personnel are expected to engage in security awareness training. We engage third parties to perform security assessments to test our safeguards and, when appropriate, implement modifications to or add new safeguards based on the results of such assessments.
We generally require each of our relevant third-party service providers to implement and maintain appropriate security measures and to promptly notify us of any suspected breach of security that may affect our company. For additional information regarding whether any risks from cybersecurity threats, including as a result of any previous cybersecurity incidents, have materially affected or are reasonably likely to materially affect our company, including our business strategy, results of operations, or financial condition, please refer to Item 1A, “Risk Factors,” in this Annual Report.
|Cybersecurity Risk Management Third Party Engaged [Flag]
|true
|Cybersecurity Risk Third Party Oversight and Identification Processes [Flag]
|true
|Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag]
|true
|Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Text Block]
|For additional information regarding whether any risks from cybersecurity threats, including as a result of any previous cybersecurity incidents, have materially affected or are reasonably likely to materially affect our company, including our business strategy, results of operations, or financial condition, please refer to Item 1A, “Risk Factors,” in this Annual Report.
|Cybersecurity Risk Board of Directors Oversight [Text Block]
|
Governance
One of the key functions of our board of directors is informed oversight of our risk management process, including risks from cybersecurity threats. Our board of directors is responsible for monitoring and assessing strategic risk exposure, and our executive officers and other members of senior management are responsible for the day-to-day management of the material risks we face. Our board of directors administers its cybersecurity risk oversight function directly as well as through our audit committee.
In connection with our November 2024 portfolio prioritization, our Vice President, Information Technology assumed from our former Head of Information Security responsibility for assessing and managing our material risks from cybersecurity threats. He has worked in various roles pertaining to Information Technology for more than fifteen years. The processes by which he is informed about and monitors the prevention, detection, mitigation, and remediation of cybersecurity incidents include the following: vulnerability management, third party risk management, data security management, security awareness training, systems management, operations security, security incident and event management, and incident response management. We use third parties for managed detection and active response to cybersecurity incidents.
Our Vice President, Information Technology provides quarterly briefings to our audit committee regarding our cybersecurity risks and activities, such as any recent cybersecurity incidents and related responses (including those of third parties), if any, and cybersecurity systems testing. Our audit committee provides periodic updates to the board of directors that include any material information included in such briefings. In addition, our Vice President, Information Technology provides annual briefings to our board of directors on cybersecurity risks and activities.
|Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block]
|Our board of directors is responsible for monitoring and assessing strategic risk exposure, and our executive officers and other members of senior management are responsible for the day-to-day management of the material risks we face. Our board of directors administers its cybersecurity risk oversight function directly as well as through our audit committee.
|Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block]
|In addition, our Vice President, Information Technology provides annual briefings to our board of directors on cybersecurity risks and activities.
|Cybersecurity Risk Role of Management [Text Block]
|
One of the key functions of our board of directors is informed oversight of our risk management process, including risks from cybersecurity threats. Our board of directors is responsible for monitoring and assessing strategic risk exposure, and our executive officers and other members of senior management are responsible for the day-to-day management of the material risks we face. Our board of directors administers its cybersecurity risk oversight function directly as well as through our audit committee.
In connection with our November 2024 portfolio prioritization, our Vice President, Information Technology assumed from our former Head of Information Security responsibility for assessing and managing our material risks from cybersecurity threats. He has worked in various roles pertaining to Information Technology for more than fifteen years. The processes by which he is informed about and monitors the prevention, detection, mitigation, and remediation of cybersecurity incidents include the following: vulnerability management, third party risk management, data security management, security awareness training, systems management, operations security, security incident and event management, and incident response management. We use third parties for managed detection and active response to cybersecurity incidents.
Our Vice President, Information Technology provides quarterly briefings to our audit committee regarding our cybersecurity risks and activities, such as any recent cybersecurity incidents and related responses (including those of third parties), if any, and cybersecurity systems testing. Our audit committee provides periodic updates to the board of directors that include any material information included in such briefings. In addition, our Vice President, Information Technology provides annual briefings to our board of directors on cybersecurity risks and activities.
|Cybersecurity Risk Management Positions or Committees Responsible [Flag]
|true
|Cybersecurity Risk Management Positions or Committees Responsible [Text Block]
|In connection with our November 2024 portfolio prioritization, our Vice President, Information Technology assumed from our former Head of Information Security responsibility for assessing and managing our material risks from cybersecurity threats.
|Cybersecurity Risk Management Expertise of Management Responsible [Text Block]
|He has worked in various roles pertaining to Information Technology for more than fifteen years.
|Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block]
|The processes by which he is informed about and monitors the prevention, detection, mitigation, and remediation of cybersecurity incidents include the following: vulnerability management, third party risk management, data security management, security awareness training, systems management, operations security, security incident and event management, and incident response management.
|Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag]
|true
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef