|
Cybersecurity Risk Management, Strategy, and Governance
|12 Months Ended
Dec. 31, 2024
|Cybersecurity Risk Management, Strategy, and Governance [Line Items]
|Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]
|
Risk Management and Strategy
We have established policies and processes for assessing, identifying, managing and disclosing, as necessary, risks from cybersecurity threats, and have integrated these processes into our overall risk management systems and processes as described below.
We routinely assess material risks from cybersecurity threats, including from any potential unauthorized occurrence on or conducted through our information systems that may result in adverse effects on the confidentiality, integrity, or availability of our information systems or any information residing therein. These risk assessments are designed to identify internal and external risks, the likelihood and potential damage that could result from such risks, and the sufficiency of existing policies, procedures, systems, and safeguards in place to manage such risks. Following these risk assessments, we evaluate whether and how to re-design, implement, and maintain safeguards intended to address and minimize identified risks and continue monitoring and testing the effectiveness of such safeguards.
We devote significant resources and have designated senior management to manage the cybersecurity and information security risk assessment and mitigation process. We have established an internal security committee that includes members of our information security/technology, internal audit/compliance, finance and accounting, people operations, and legal teams, to instill a thoughtful security culture across our Company. Our employees and contractors are made aware of our cybersecurity policies through mandatory trainings during onboarding and on an annual basis. We also engage and consult with third parties in connection with our risk assessment processes, including advisors, consultants and auditors. These service providers assist us to design and implement our cybersecurity policies and procedures, as well as to monitor and test our safeguards.
The Company deploys multiple tools and processes to monitor the prevention, detection, mitigation, and remediation of cybersecurity incidents, both internal and associated with the use of any third-party service provider.
We have not experienced a material security breach in our systems, and, to our knowledge, there have not been any material compromises of our confidential information in our third-parties’ systems, nor have we incurred any significant expenses or penalties to resolve or settle any security breach in the past three years. For additional information regarding whether any risks from cybersecurity threats are reasonably likely to materially affect our Company, including our business strategy, results of operations, or financial condition, please refer to Item 1A, “Risk Factors – Our Business Risks – Our ability to manage our business is highly dependent on IT systems and our website, systems, and data we maintain may be subject to intentional or inadvertent disruption, security incidents, or alleged violations of laws, regulations, or other obligations relating to data handling that could adversely impact our reputation and future sales,” in this Annual Report on Form 10-K.
Governance
One of the key functions of our board of directors is informed oversight of our risk management process, including risks from cybersecurity threats. Our board of directors is responsible for monitoring and assessing strategic risk exposure, and our executive officers are responsible for the day-to-day management of the material risks we face. Our board of directors administers its cybersecurity risk oversight function directly, as well as through the audit committee, which has been tasked with such oversight in the audit committee charter. The audit committee of our board of directors reviews cybersecurity and information security risks and mitigation strategies; the audit committee receives periodic updates on information security and privacy, and the full board receives at least an annual update.
Our information security team has many years of experience implementing cybersecurity at technology and research and development companies, and together with our internal information security committee, is primarily responsible for assessing and managing our material risks from cybersecurity threats.
Our head of information security periodically provides briefings to our internal security committee and to the audit committee and board of directors on an annual basis regarding our Company’s cybersecurity risks and activities, including, as applicable, any recent cybersecurity incidents and related responses and remediation efforts, cybersecurity systems testing, activities of third parties, policies and the like. We have internal guidelines governing our identification, assessment, communication, and escalation upon the occurrence of a cybersecurity incident. Depending on the nature and severity of an incident, this process provides for escalating notification to a special executive security committee and the chair of the audit committee, among others as needed, to manage the Company’s response.
|Cybersecurity Risk Management Processes Integrated [Flag]
|true
|Cybersecurity Risk Management Processes Integrated [Text Block]
|We routinely assess material risks from cybersecurity threats, including from any potential unauthorized occurrence on or conducted through our information systems that may result in adverse effects on the confidentiality, integrity, or availability of our information systems or any information residing therein. These risk assessments are designed to identify internal and external risks, the likelihood and potential damage that could result from such risks, and the sufficiency of existing policies, procedures, systems, and safeguards in place to manage such risks. Following these risk assessments, we evaluate whether and how to re-design, implement, and maintain safeguards intended to address and minimize identified risks and continue monitoring and testing the effectiveness of such safeguards.
|Cybersecurity Risk Management Third Party Engaged [Flag]
|true
|Cybersecurity Risk Third Party Oversight and Identification Processes [Flag]
|true
|Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag]
|false
|Cybersecurity Risk Board of Directors Oversight [Text Block]
|
Governance
One of the key functions of our board of directors is informed oversight of our risk management process, including risks from cybersecurity threats. Our board of directors is responsible for monitoring and assessing strategic risk exposure, and our executive officers are responsible for the day-to-day management of the material risks we face. Our board of directors administers its cybersecurity risk oversight function directly, as well as through the audit committee, which has been tasked with such oversight in the audit committee charter. The audit committee of our board of directors reviews cybersecurity and information security risks and mitigation strategies; the audit committee receives periodic updates on information security and privacy, and the full board receives at least an annual update.
Our information security team has many years of experience implementing cybersecurity at technology and research and development companies, and together with our internal information security committee, is primarily responsible for assessing and managing our material risks from cybersecurity threats.
Our head of information security periodically provides briefings to our internal security committee and to the audit committee and board of directors on an annual basis regarding our Company’s cybersecurity risks and activities, including, as applicable, any recent cybersecurity incidents and related responses and remediation efforts, cybersecurity systems testing, activities of third parties, policies and the like. We have internal guidelines governing our identification, assessment, communication, and escalation upon the occurrence of a cybersecurity incident. Depending on the nature and severity of an incident, this process provides for escalating notification to a special executive security committee and the chair of the audit committee, among others as needed, to manage the Company’s response.
|Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block]
|Our board of directors is responsible for monitoring and assessing strategic risk exposure, and our executive officers are responsible for the day-to-day management of the material risks we face. Our board of directors administers its cybersecurity risk oversight function directly, as well as through the audit committee, which has been tasked with such oversight in the audit committee charter.
|Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block]
|The audit committee of our board of directors reviews cybersecurity and information security risks and mitigation strategies; the audit committee receives periodic updates on information security and privacy, and the full board receives at least an annual update.
|Cybersecurity Risk Role of Management [Text Block]
|
Our information security team has many years of experience implementing cybersecurity at technology and research and development companies, and together with our internal information security committee, is primarily responsible for assessing and managing our material risks from cybersecurity threats.
Our head of information security periodically provides briefings to our internal security committee and to the audit committee and board of directors on an annual basis regarding our Company’s cybersecurity risks and activities, including, as applicable, any recent cybersecurity incidents and related responses and remediation efforts, cybersecurity systems testing, activities of third parties, policies and the like. We have internal guidelines governing our identification, assessment, communication, and escalation upon the occurrence of a cybersecurity incident. Depending on the nature and severity of an incident, this process provides for escalating notification to a special executive security committee and the chair of the audit committee, among others as needed, to manage the Company’s response.
|Cybersecurity Risk Management Positions or Committees Responsible [Flag]
|true
|Cybersecurity Risk Management Positions or Committees Responsible [Text Block]
|Our information security team has many years of experience implementing cybersecurity at technology and research and development companies, and together with our internal information security committee, is primarily responsible for assessing and managing our material risks from cybersecurity threats.
|Cybersecurity Risk Management Expertise of Management Responsible [Text Block]
|Our information security team has many years of experience implementing cybersecurity at technology and research and development companies, and together with our internal information security committee, is primarily responsible for assessing and managing our material risks from cybersecurity threats.
|Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block]
|
Our head of information security periodically provides briefings to our internal security committee and to the audit committee and board of directors on an annual basis regarding our Company’s cybersecurity risks and activities, including, as applicable, any recent cybersecurity incidents and related responses and remediation efforts, cybersecurity systems testing, activities of third parties, policies and the like. We have internal guidelines governing our identification, assessment, communication, and escalation upon the occurrence of a cybersecurity incident. Depending on the nature and severity of an incident, this process provides for escalating notification to a special executive security committee and the chair of the audit committee, among others as needed, to manage the Company’s response.
|Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag]
|true
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef