|
Cybersecurity Risk Management, Strategy and Governance
|12 Months Ended
Dec. 31, 2024
|Cybersecurity Risk Management, Strategy, and Governance [Abstract]
|Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]
|
Cybersecurity Risk Management and Strategy
Our cybersecurity risk management is integrated in our overall risk management program and is based on recognized cybersecurity industry frameworks and standards, including those from the National Institute of Standards and Technology, and the International Organization for Standardization. We use these frameworks, together with information collected from internal assessments, to develop policies and defined procedures for use of our information assets, access to specific intellectual property or technologies, and protection of personal information. We protect these information assets through industry-standard techniques, such as multifactor authentication, malware defenses and zero trust principles. We work with internal stakeholders across the Company to integrate foundational cybersecurity principles throughout our organization’s operations, including employment of multiple layers of cybersecurity defenses, restricted access based on business need, and integrity of our business information. Throughout the year, we regularly train our employees on cybersecurity awareness and, confidential information protection. We routinely test our employees using simulated phishing attacks. Risks from cybersecurity threats have not materially affected our company, business strategy, results of operations or financial condition; however, we remain subject to cybersecurity risks in the future. See Item 1A. Risk Factors – “Our systems, networks and business activities and those of third parties that we utilize in our operations are subject to cybersecurity and stability risks, including information technology system failures, and security breaches.”
We engage third-party assessors to conduct penetration testing and measure our program to industry standard frameworks. We also have standing engagements with incident response experts and external counsel. Our information technology team led by our Vice President of Information Technology (VP of IT) frequently collaborates with industry experts and cybersecurity practitioners at other companies to exchange information about potential cybersecurity threats, best practices, and industry trends.
Our cybersecurity risk management extends to risks associated with our use of third-party service providers. We routinely conduct risk and compliance assessments of third-party service providers that request access to our information assets. We re-assess our third-party vendors in an ongoing basis.
Our cybersecurity risk management is integrated into our comprehensive business continuity program and enterprise risk management. Our information technology team periodically engages with a cross-functional group of subject matter experts and leaders to assess and refine our cybersecurity risk posture and preparedness.
Governance of Cybersecurity Risk Management
The board of directors, as a whole, has oversight responsibility for our strategic and operational risks. The board of directors has delegated to the audit committee the responsibility of reviewing and discussing our risk assessment and risk management practices, including cybersecurity risks, with members of management. The audit committee, in turn, regularly reports on its review with the board of directors.
Management is responsible for day-to-day implementation of risk management strategies and recommends process improvements. Our VP of IT has primary oversight of material risks from cybersecurity threats. Our VP of IT has more than 25 years of experience across various engineering, business and management roles focused on information technology, including roles at global, public companies, as well as across multiple industries including fintech, research, and high tech. Our VP of IT regularly presents updates to the audit committee regarding Company cybersecurity matters and developing industry trends.
We have retained an outside cybersecurity firm for our managed security services, which reports to our VP of IT. The cybersecurity firm has professionals with more than 20 years of experience working in information technology-related roles and degrees in Information Technology, including cybersecurity, Certified in Risk and Information Systems Control (CRISC), and Global Information Assurance Certifications in Security Essentials (GSEC) as an Intrusion Analyst (GCIA). The cybersecurity firm has extensive experience is supporting firms in applied knowledge of information technology governance and security frameworks that include: ISO 27000, NIST, HITRUST, ISC2, ITIL, and COBIT.
Management assesses our cybersecurity readiness through internal assessment tools as well as third-party control tests, vulnerability assessments, audits and regular evaluation against industry standards. We have governance and compliance structures that are designed to elevate issues relating to cybersecurity to management and the audit committee, such as potential threats or vulnerabilities. We also employ various defensive and continuous monitoring techniques using recognized industry frameworks and cybersecurity standards.
Our VP of IT meets with the audit committee quarterly to review our information technology systems and discuss key cybersecurity risks, and these matters are also presented to the board of directors annually. In addition, our chief financial officer reviews with the audit committee, at least annually, our global enterprise risk management program, which includes cybersecurity risks, and is also reported to the board of directors.
|Cybersecurity Risk Management Processes Integrated [Flag]
|true
|Cybersecurity Risk Management Processes Integrated [Text Block]
|Our cybersecurity risk management is integrated in our overall risk management program and is based on recognized cybersecurity industry frameworks and standards, including those from the National Institute of Standards and Technology, and the International Organization for Standardization. We use these frameworks, together with information collected from internal assessments, to develop policies and defined procedures for use of our information assets, access to specific intellectual property or technologies, and protection of personal information. We protect these information assets through industry-standard techniques, such as multifactor authentication, malware defenses and zero trust principles. We work with internal stakeholders across the Company to integrate foundational cybersecurity principles throughout our organization’s operations, including employment of multiple layers of cybersecurity defenses, restricted access based on business need, and integrity of our business information.
Our cybersecurity risk management is integrated into our comprehensive business continuity program and enterprise risk management. Our information technology team periodically engages with a cross-functional group of subject matter experts and leaders to assess and refine our cybersecurity risk posture and preparedness.
|Cybersecurity Risk Management Third Party Engaged [Flag]
|true
|Cybersecurity Risk Third Party Oversight and Identification Processes [Flag]
|true
|Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag]
|false
|Cybersecurity Risk Board of Directors Oversight [Text Block]
|
The board of directors, as a whole, has oversight responsibility for our strategic and operational risks. The board of directors has delegated to the audit committee the responsibility of reviewing and discussing our risk assessment and risk management practices, including cybersecurity risks, with members of management. The audit committee, in turn, regularly reports on its review with the board of directors.
Management is responsible for day-to-day implementation of risk management strategies and recommends process improvements. Our VP of IT has primary oversight of material risks from cybersecurity threats. Our VP of IT has more than 25 years of experience across various engineering, business and management roles focused on information technology, including roles at global, public companies, as well as across multiple industries including fintech, research, and high tech. Our VP of IT regularly presents updates to the audit committee regarding Company cybersecurity matters and developing industry trends.
We have retained an outside cybersecurity firm for our managed security services, which reports to our VP of IT. The cybersecurity firm has professionals with more than 20 years of experience working in information technology-related roles and degrees in Information Technology, including cybersecurity, Certified in Risk and Information Systems Control (CRISC), and Global Information Assurance Certifications in Security Essentials (GSEC) as an Intrusion Analyst (GCIA). The cybersecurity firm has extensive experience is supporting firms in applied knowledge of information technology governance and security frameworks that include: ISO 27000, NIST, HITRUST, ISC2, ITIL, and COBIT.
Management assesses our cybersecurity readiness through internal assessment tools as well as third-party control tests, vulnerability assessments, audits and regular evaluation against industry standards. We have governance and compliance structures that are designed to elevate issues relating to cybersecurity to management and the audit committee, such as potential threats or vulnerabilities. We also employ various defensive and continuous monitoring techniques using recognized industry frameworks and cybersecurity standards.
Our VP of IT meets with the audit committee quarterly to review our information technology systems and discuss key cybersecurity risks, and these matters are also presented to the board of directors annually. In addition, our chief financial officer reviews with the audit committee, at least annually, our global enterprise risk management program, which includes cybersecurity risks, and is also reported to the board of directors.
|Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block]
|The board of directors, as a whole, has oversight responsibility for our strategic and operational risks.
|Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block]
|The board of directors has delegated to the audit committee the responsibility of reviewing and discussing our risk assessment and risk management practices, including cybersecurity risks, with members of management. The audit committee, in turn, regularly reports on its review with the board of directors
|Cybersecurity Risk Role of Management [Text Block]
|
Management is responsible for day-to-day implementation of risk management strategies and recommends process improvements. Our VP of IT has primary oversight of material risks from cybersecurity threats. Our VP of IT has more than 25 years of experience across various engineering, business and management roles focused on information technology, including roles at global, public companies, as well as across multiple industries including fintech, research, and high tech. Our VP of IT regularly presents updates to the audit committee regarding Company cybersecurity matters and developing industry trends.
|Cybersecurity Risk Management Positions or Committees Responsible [Flag]
|true
|Cybersecurity Risk Management Positions or Committees Responsible [Text Block]
|Management is responsible for day-to-day implementation of risk management strategies and recommends process improvements. Our VP of IT has primary oversight of material risks from cybersecurity threats.
|Cybersecurity Risk Management Expertise of Management Responsible [Text Block]
|Our VP of IT has more than 25 years of experience across various engineering, business and management roles focused on information technology, including roles at global, public companies, as well as across multiple industries including fintech, research, and high tech. Our VP of IT regularly presents updates to the audit committee regarding Company cybersecurity matters and developing industry trends. We have retained an outside cybersecurity firm for our managed security services, which reports to our VP of IT. The cybersecurity firm has professionals with more than 20 years of experience working in information technology-related roles and degrees in Information Technology, including cybersecurity, Certified in Risk and Information Systems Control (CRISC), and Global Information Assurance Certifications in Security Essentials (GSEC) as an Intrusion Analyst (GCIA). The cybersecurity firm has extensive experience is supporting firms in applied knowledge of information technology governance and security frameworks that include: ISO 27000, NIST, HITRUST, ISC2, ITIL, and COBIT.
|Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block]
|Our VP of IT regularly presents updates to the audit committee regarding Company cybersecurity matters and developing industry trends.Management assesses our cybersecurity readiness through internal assessment tools as well as third-party control tests, vulnerability assessments, audits and regular evaluation against industry standards. We have governance and compliance structures that are designed to elevate issues relating to cybersecurity to management and the audit committee, such as potential threats or vulnerabilities. We also employ various defensive and continuous monitoring techniques using recognized industry frameworks and cybersecurity standards.
|Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag]
|true
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef