|
Cybersecurity Risk Management and Strategy Disclosure
|12 Months Ended
Dec. 31, 2024
|Cybersecurity Risk Management, Strategy, and Governance [Line Items]
|Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]
|
We rely on IT systems to conduct business, including but not limited to, interacting with customers and suppliers, fulfilling orders, generating invoices, collecting and making payments, fulfilling contractual obligations, communicating with internal and external stakeholders, and maintaining our business and financial records. In addition, we rely on networks and services, including internet sites, cloud and software-as-a-service solutions, data hosting and processing facilities and tools and other hardware, software and technical applications and platforms, some of which are managed, hosted, provided and/or used by third-parties or their vendors. As a result, the Company is subject to various risks related to vulnerabilities, threats and attacks on these IT systems. See Item 1A, “Risks Related to the Company–“Our business may be subject to system interruptions, cybersecurity incidents and unauthorized data disclosures.” under Item 1A. Risk Factors for additional discussion of these risks.
Cybersecurity Risk Management and Strategy
The Company has an enterprise risk management (“ERM”) program that includes the processes used to identify assess, and manage our most significant enterprise risks and uncertainties that could materially impact the long-term health of the Company or prevent the achievement of strategic objectives. These risks are identified, measured, monitored, and managed across key risk categories, which include the consideration of cybersecurity risks. The Company develops and maintains cybersecurity processes that protect the confidentiality, integrity and availability of Company, employee, customer and partner information against a growing number of cybersecurity threats and threat actors. Our cybersecurity program is designed to protect our infrastructure from potential threats, including threats associated with our third party business partners, to allow us to assess, identify and manage material risks from cybersecurity threats and to endeavor to secure the integrity of our data and IT systems using techniques, hardware, and software typical of companies of our size and scope, which are described further below. For example, we leverage the National Institute of Standards and Technology Cybersecurity Framework’s (“NIST CSF”) principles in developing our cybersecurity program to monitor our security environment and manage risk. However, this does not mean
that we meet any particular technical standards, specifications, or requirements, but rather that we use the NIST CSF as a guide to help us identify, assess, and manage cybersecurity risks and threats relevant to our business.
The Company has adopted a risk-based strategy designed to achieve a targeted and cost-effective approach to managing cybersecurity risks that strengthens our abilities to prevent, detect, and respond to cybersecurity incidents. The Company has configured its IT environment, where possible, to restrict access using a least privileged methodology. We use various technologies and monitoring capabilities to detect anomalies and track information and assets. We have implemented a cybersecurity awareness program consisting of frequent training, phishing exercises, and bulletins regarding pertinent cybersecurity developments. We maintain and regularly update incident response, disaster recovery and business continuity plans and procedures. Our IT specialists subscribe to threat intelligence feeds and are members of cybersecurity-related associations such as the Information Systems Audit and Control Association, the Computing Technology Industry Association and the Cloud Security Alliance. We also maintain insurance coverage for cyber and data security risks of an amount and subject to conditions and exceptions that we believe are customary for companies like ours, but there can be no assurance that our levels of coverage are adequate or that we will be able to continue to maintain our existing insurance or obtain comparable insurance at a reasonable cost or at all.
As of the date of this filing, we do not believe that any risks from cybersecurity threats, including as a result of past cybersecurity incidents have had, or are reasonably likely to have, a material effect on our business strategy, results of operations or financial condition, but we cannot assure that our business strategy, results of operations and financial condition will not be materially affected in the future by cybersecurity risks or future cybersecurity incidents. Although we have taken and will continue to take significant steps to protect the security and integrity of our information and although we have implemented policies and procedures to enhance data privacy and security, there can be no assurance that our efforts will prevent breakdowns, system failures, breaches of our systems or other cybersecurity incidents or otherwise be fully effective. Any such breakdown, breach or cybersecurity incident could adversely affect our business strategy, prospects, financial condition or results of operations, and any insurance that we may have for cybersecurity incidents may not cover such risks or be sufficient to compensate us for losses that may occur.
|Cybersecurity Risk Management Processes Integrated [Flag]
|true
|Cybersecurity Risk Management Processes Integrated [Text Block]
|
The Company has an enterprise risk management (“ERM”) program that includes the processes used to identify assess, and manage our most significant enterprise risks and uncertainties that could materially impact the long-term health of the Company or prevent the achievement of strategic objectives. These risks are identified, measured, monitored, and managed across key risk categories, which include the consideration of cybersecurity risks. The Company develops and maintains cybersecurity processes that protect the confidentiality, integrity and availability of Company, employee, customer and partner information against a growing number of cybersecurity threats and threat actors. Our cybersecurity program is designed to protect our infrastructure from potential threats, including threats associated with our third party business partners, to allow us to assess, identify and manage material risks from cybersecurity threats and to endeavor to secure the integrity of our data and IT systems using techniques, hardware, and software typical of companies of our size and scope, which are described further below. For example, we leverage the National Institute of Standards and Technology Cybersecurity Framework’s (“NIST CSF”) principles in developing our cybersecurity program to monitor our security environment and manage risk. However, this does not mean
that we meet any particular technical standards, specifications, or requirements, but rather that we use the NIST CSF as a guide to help us identify, assess, and manage cybersecurity risks and threats relevant to our business.
|Cybersecurity Risk Management Third Party Engaged [Flag]
|true
|Cybersecurity Risk Third Party Oversight and Identification Processes [Flag]
|true
|Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag]
|false
|Cybersecurity Risk Board of Directors Oversight [Text Block]
|
When detected, suspected cybersecurity threats are escalated to the CIO and incident response team. The CIO then creates a Cybersecurity Incident Response Team (“CSIRT”) which, depending on the incident, comprises the incident coordinator, cybersecurity staff, legal counsel and other stakeholders as appropriate. The CSIRT investigates and manages the impact of cybersecurity incidents in accordance with our security incident response procedures.
Our board of directors and its audit committee oversee the Company’s ERM program, and the steps management has taken to monitor and mitigate such risks, including the Company’s procedures and any related policies with respect to enterprise risk assessment and risk management. The board of directors bears principal responsibility for overseeing the Company’s principal current and future risk exposures, and, on an annual basis, the board of directors reviews them, including cybersecurity risks and exposures. The board of directors’ review includes an annual session with our CIO on the Company’s procedures and policies for assessing and managing cybersecurity risks and disclosing any material cybersecurity incidents. In performing these oversight functions, the board of directors relies on advice, reports and opinions of management, counsel and our internal and external auditors, including mid-year and year-end cybersecurity inquiries by our external auditors on various aspects of the Company’s cybersecurity program, processes and training.
|Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block]
|Our board of directors and its audit committee oversee the Company’s ERM program, and the steps management has taken to monitor and mitigate such risks, including the Company’s procedures and any related policies with respect to enterprise risk assessment and risk management. The board of directors bears principal responsibility
|Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block]
|In performing these oversight functions, the board of directors relies on advice, reports and opinions of management, counsel and our internal and external auditors, including mid-year and year-end cybersecurity inquiries by our external auditors on various aspects of the Company’s cybersecurity program, processes and training.
|Cybersecurity Risk Role of Management [Text Block]
|
Our board of directors and its audit committee oversee the Company’s ERM program, and the steps management has taken to monitor and mitigate such risks, including the Company’s procedures and any related policies with respect to enterprise risk assessment and risk management. The board of directors bears principal responsibility for overseeing the Company’s principal current and future risk exposures, and, on an annual basis, the board of directors reviews them, including cybersecurity risks and exposures. The board of directors’ review includes an annual session with our CIO on the Company’s procedures and policies for assessing and managing cybersecurity risks and disclosing any material cybersecurity incidents. In performing these oversight functions, the board of directors relies on advice, reports and opinions of management, counsel and our internal and external auditors, including mid-year and year-end cybersecurity inquiries by our external auditors on various aspects of the Company’s cybersecurity program, processes and training.
|Cybersecurity Risk Management Positions or Committees Responsible [Flag]
|true
|Cybersecurity Risk Management Positions or Committees Responsible [Text Block]
|Our board of directors and its audit committee oversee the Company’s ERM program, and the steps management has taken to monitor and mitigate such risks, including the Company’s procedures and any related policies with respect to enterprise risk assessment and risk management. The board of directors bears principal responsibility
|Cybersecurity Risk Management Expertise of Management Responsible [Text Block]
|Our CIO has over 12 years of professional experience in various roles involving managing information security, developing cybersecurity strategy, implementing cybersecurity programs, and managing multiple industry and regulatory compliance environments. Our CIO also holds a certificate in Cyber-Risk Oversight issued by the National Association of Corporate Directors. Our Senior Director of IT Governance, Security, and Service Delivery has over 15 years of professional experience in various roles involving managing information security, developing cybersecurity strategy, implementing cybersecurity programs, and managing industry and regulatory compliance environments. Our Senior Information Security Architect has over 20 years of professional experience designing secure architecture, conducting threat and risk assessments, incident response, cyber forensics, and teaching college and university level cybersecurity program courses. Our Senior Information Security Architect also holds a diverse set of certifications, including CISSP, CISCO Security +, CISA, CEH, CompTIA Sec +, and others.
|Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block]
|The CIO is supported by the Senior Director of IT Governance, Security, and Service Delivery and the Senior Director of Global Infrastructure, and Senior Information Security Architect, who manage our day-to-day cybersecurity-related matters and keep abreast of cybersecurity news, events and incidents through regular course monitoring and updates.
|Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag]
|true
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef