|
Cybersecurity Risk Management and Strategy Disclosure
|12 Months Ended
Dec. 31, 2024
|Cybersecurity Risk Management, Strategy, and Governance [Line Items]
|Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]
|
The Company maintains a cybersecurity program designed to detect, identify, classify and mitigate cybersecurity and other data security threats, as part of its efforts to protect and maintain the confidentiality and security of customer, employee and vendor information, and non-public information about the Company. This cybersecurity program is based in-part on, and its maturity is measured using, the U.S. Department of Commerce’s National Institute of Standards and Technology (NIST) Cybersecurity Framework.
In furtherance of detecting, identifying, classifying and mitigating cybersecurity and other data security threats, the Company also:
•adopted and maintains information security and privacy policies;
•conducts targeted audits and penetration tests throughout the year, using both internal and external resources;
•engages nationally-known third party cybersecurity consultants to independently evaluate the Company's information security maturity on a regular basis;
•maintains a vendor risk management program, which includes receiving the results of cybersecurity audits conducted on vendors, for a portion of our vendors, and conducting cyber related risk assessments on other vendors;
•provides mandatory security and privacy training and awareness to all of its employees so that employees understand the behaviors and requirements necessary to safeguard information resources at the Company;
•maintains cyber liability insurance; and
•complies with the Payment Card Industry Data Security Standard.
The Company has a dedicated team of employees overseeing its cybersecurity program and initiatives, led by the Company's Chief Information Security Officer (who has over twenty years' experience working in cyber and information security roles with large companies, including multiple senior executive positions), and works directly in consultation with internal and external advisors in connection with these efforts. Pursuant to the Company's cybersecurity program, potential cybersecurity threats are classified by risk levels and threat mitigation efforts are typically prioritized based on those risk classifications, while focus also remains on maintaining the resiliency of the Company's information systems. In the event the Company identifies a potential cybersecurity issue, the Company has defined procedures for responding to such issues, including procedures that address when and how to engage with Company management, the Board of Directors, other stakeholders and law enforcement. In addition, the Company's Chief Information Security Officer and other Information Security Department managers meet with executives and other employees from various departments on a regular basis to discuss cybersecurity risk mitigation and the Company's cybersecurity program and initiatives.
|Cybersecurity Risk Management Processes Integrated [Flag]
|true
|Cybersecurity Risk Management Processes Integrated [Text Block]
|The Company maintains a cybersecurity program designed to detect, identify, classify and mitigate cybersecurity and other data security threats, as part of its efforts to protect and maintain the confidentiality and security of customer, employee and vendor information, and non-public information about the Company. This cybersecurity program is based in-part on, and its maturity is measured using, the U.S. Department of Commerce’s National Institute of Standards and Technology (NIST) Cybersecurity Framework
|Cybersecurity Risk Management Third Party Engaged [Flag]
|true
|Cybersecurity Risk Third Party Oversight and Identification Processes [Flag]
|true
|Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag]
|false
|Cybersecurity Risk Board of Directors Oversight [Text Block]
|
The Company's Board of Directors has ultimate oversight responsibility for risks relating to the Company's cybersecurity program. In addition, the Audit Committee assists the Board of Directors in monitoring the Company's cybersecurity investments, initiatives, key benchmarks and risk mitigation plans, and regularly receives updates about such matters from the Company's Chief Information Security Officer, and makes inquiries of the Company's management team, internal auditors and independent auditors in connection therewith. In addition, the Company's Enterprise Risk Management Committee, which is comprised of members of the Company's executive leadership team, is informed on a regular basis about, and monitors, the Company's efforts and initiatives to prevent, detect, mitigate and remediate cybersecurity-related risks, and to further improve the Company's cybersecurity maturity, including through presentations it receives from the Company's Chief Information Security Officer.
|Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block]
|In addition, the Audit Committee assists the Board of Directors in monitoring the Company's cybersecurity investments, initiatives, key benchmarks and risk mitigation plans, and regularly receives updates about such matters from the Company's Chief Information Security Officer, and makes inquiries of the Company's management team, internal auditors and independent auditors in connection therewith
|Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block]
|In addition, the Company's Enterprise Risk Management Committee, which is comprised of members of the Company's executive leadership team, is informed on a regular basis about, and monitors, the Company's efforts and initiatives to prevent, detect, mitigate and remediate cybersecurity-related risks, and to further improve the Company's cybersecurity maturity, including through presentations it receives from the Company's Chief Information Security Officer.
|Cybersecurity Risk Role of Management [Text Block]
|In addition, the Company's Enterprise Risk Management Committee, which is comprised of members of the Company's executive leadership team, is informed on a regular basis about, and monitors, the Company's efforts and initiatives to prevent, detect, mitigate and remediate cybersecurity-related risks, and to further improve the Company's cybersecurity maturity, including through presentations it receives from the Company's Chief Information Security Officer.
|Cybersecurity Risk Management Positions or Committees Responsible [Flag]
|true
|Cybersecurity Risk Management Positions or Committees Responsible [Text Block]
|In addition, the Company's Enterprise Risk Management Committee, which is comprised of members of the Company's executive leadership team, is informed on a regular basis about, and monitors, the Company's efforts and initiatives to prevent, detect, mitigate and remediate cybersecurity-related risks, and to further improve the Company's cybersecurity maturity, including through presentations it receives from the Company's Chief Information Security Officer.
|Cybersecurity Risk Management Expertise of Management Responsible [Text Block]
|The Company has a dedicated team of employees overseeing its cybersecurity program and initiatives, led by the Company's Chief Information Security Officer (who has over twenty years' experience working in cyber and information security roles with large companies, including multiple senior executive positions)
|Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block]
|In addition, the Audit Committee assists the Board of Directors in monitoring the Company's cybersecurity investments, initiatives, key benchmarks and risk mitigation plans, and regularly receives updates about such matters from the Company's Chief Information Security Officer, and makes inquiries of the Company's management team, internal auditors and independent auditors in connection therewith. In addition, the Company's Enterprise Risk Management Committee, which is comprised of members of the Company's executive leadership team, is informed on a regular basis about, and monitors, the Company's efforts and initiatives to prevent, detect, mitigate and remediate cybersecurity-related risks, and to further improve the Company's cybersecurity maturity, including through presentations it receives from the Company's Chief Information Security Officer.
|Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag]
|true
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef