|
Cybersecurity Risk Management and Strategy Disclosure
|12 Months Ended
Dec. 31, 2024
|Cybersecurity Risk Management, Strategy, and Governance [Line Items]
|Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]
|
We regularly assess risks from cybersecurity threats, monitor our information systems for potential vulnerabilities and test those systems pursuant to the our cybersecurity policies, standards, processes and practices, which are integrated into our overall risk management system.
We take a risk-based approach to cybersecurity aligned with National Institute of Standards and Technology (NIST) Cybersecurity Framework principles and have implemented controls throughout our operations that are designed to address cybersecurity threats and incidents. To protect our information systems from cybersecurity threats, we use various security tools that are designed to help us identify, escalate, investigate, resolve and recover from security incidents in a timely manner.
Our cybersecurity program and policies articulate the expectations and requirements with respect to acceptable use, education and awareness, security incident management and reporting, identity and access management, vendor due diligence, security (with respect to physical assets, products, networks, and systems), security monitoring and vulnerability identification. Our cybersecurity program and policies are operated by a dedicated cybersecurity operations team in conjunction with our enterprise Risk Management and Compliance program.
Our cyber risk management program identifies, tracks, escalates, remediates, and reports cyber related risks throughout the Company. These risk areas include internal, product, vendor, supply chain, and external services utilized across the Company. These risks are assessed, prioritized, and both tactically and strategically addressed via process, technology, and personnel improvements to ensure ongoing mitigation and tracking. We utilize internal and external resources, including leading third party providers in the cybersecurity prevention, detection and monitoring space, to monitor for cybersecurity threats to our systems and networks and to understand the broader threat environment.
Our cybersecurity strategy is guided by prioritized risk, identified areas for improvement based on the NIST Cybersecurity Framework, and emerging business needs. Cybersecurity risks are continually monitored and shared with the executive leadership team on a quarterly basis. We maintain a global incident response plan, coupled with a global continuous monitoring program. This plan and program include incident alerting, comprehensive incident criticality assessments, and escalation processes designed to support our teams, our senior leadership, and the Board. This escalation process also includes cross-functional materiality determinations and applicable reporting requirements.
Our cybersecurity operations team manages all facets of cybersecurity monitoring, coordinating with managed services security providers and internal analysts across the Company. All employees are provided cybersecurity awareness training, which includes topics on our policies and procedures for reporting potential incidents. Our cybersecurity team regularly evaluates emerging risks, regulations, and compliance matters and updates applicable policies and procedures accordingly.
To date, cybersecurity threats, including as a result of any previous cybersecurity incidents, have not materially affected and we believe are not reasonably likely to materially affect the Company, including its business strategy, results
of operations or financial condition. Refer to “Part I, Item 1A. Risk Factors” for additional description of cybersecurity risks and potential related impacts on the Company, including the risk factor captioned “Cybersecurity attacks or security breaches or incidents impacting our systems or data could adversely affect our ability to operate, could result in personal information and our proprietary information being lost, stolen, made inaccessible, improperly disclosed or misappropriated and may cause us to be held liable or subject to regulatory penalties and sanctions and to litigation (including class action litigation), which could have a material adverse effect on our reputation and business.”
|Cybersecurity Risk Management Processes Integrated [Flag]
|true
|Cybersecurity Risk Management Processes Integrated [Text Block]
|
We regularly assess risks from cybersecurity threats, monitor our information systems for potential vulnerabilities and test those systems pursuant to the our cybersecurity policies, standards, processes and practices, which are integrated into our overall risk management system.
We take a risk-based approach to cybersecurity aligned with National Institute of Standards and Technology (NIST) Cybersecurity Framework principles and have implemented controls throughout our operations that are designed to address cybersecurity threats and incidents. To protect our information systems from cybersecurity threats, we use various security tools that are designed to help us identify, escalate, investigate, resolve and recover from security incidents in a timely manner.
|Cybersecurity Risk Management Third Party Engaged [Flag]
|true
|Cybersecurity Risk Third Party Oversight and Identification Processes [Flag]
|true
|Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag]
|true
|Cybersecurity Risk Board of Directors Oversight [Text Block]
|
The Board, directly and through its committees, oversees our risk management process, including cybersecurity risks and regularly receive presentations and reports from management. Pursuant to the Risk Management and Compliance Committee Charter, the Risk Management and Compliance Committee of the Board provides compliance oversight of our risk assessment and risk management policies, which include cybersecurity, and receives regular reports and updates on the steps management has taken to monitor and mitigate such exposures and risks.
|Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block]
|Pursuant to the Risk Management and Compliance Committee Charter, the Risk Management and Compliance Committee of the Board provides compliance oversight of our risk assessment and risk management policies, which include cybersecurity, and receives regular reports and updates on the steps management has taken to monitor and mitigate such exposures and risks.
|Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block]
|Our Chief Information Security Officer ("CISO"), in coordination with our Chief Technology Officer, is responsible for leading the assessment and management of cybersecurity risks. The current CISO has over 25 years of experience managing robust security programs, including in heavily regulated environments such as financial services. The CISO possesses extensive experience in information security, risk management, and technology governance, with a strong background in both strategic leadership and technical security operations. The CISO presents to the Risk Management and Compliance Committee on a bi-annual basis concerning our cybersecurity program.
|Cybersecurity Risk Role of Management [Text Block]
|
Our cybersecurity program and policies articulate the expectations and requirements with respect to acceptable use, education and awareness, security incident management and reporting, identity and access management, vendor due diligence, security (with respect to physical assets, products, networks, and systems), security monitoring and vulnerability identification. Our cybersecurity program and policies are operated by a dedicated cybersecurity operations team in conjunction with our enterprise Risk Management and Compliance program.
|Cybersecurity Risk Management Positions or Committees Responsible [Flag]
|true
|Cybersecurity Risk Management Positions or Committees Responsible [Text Block]
|The current CISO has over 25 years of experience managing robust security programs, including in heavily regulated environments such as financial services. The CISO possesses extensive experience in information security, risk management, and technology governance, with a strong background in both strategic leadership and technical security operations. The CISO presents to the Risk Management and Compliance Committee on a bi-annual basis concerning our cybersecurity program.
|Cybersecurity Risk Management Expertise of Management Responsible [Text Block]
|The current CISO has over 25 years of experience managing robust security programs, including in heavily regulated environments such as financial services. The CISO possesses extensive experience in information security, risk management, and technology governance, with a strong background in both strategic leadership and technical security operations. The CISO presents to the Risk Management and Compliance Committee on a bi-annual basis concerning our cybersecurity program.
|Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block]
|
The Board, directly and through its committees, oversees our risk management process, including cybersecurity risks and regularly receive presentations and reports from management. Pursuant to the Risk Management and Compliance Committee Charter, the Risk Management and Compliance Committee of the Board provides compliance oversight of our risk assessment and risk management policies, which include cybersecurity, and receives regular reports and updates on the steps management has taken to monitor and mitigate such exposures and risks.
|Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag]
|true
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef