|
Cybersecurity Risk Management, Strategy, and Governance
|12 Months Ended
Dec. 31, 2024
|Cybersecurity Risk Management, Strategy, and Governance [Line Items]
|Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]
|
Item 1C. Cybersecurity.
The Company prioritizes the security of its information systems and data integrity. We have developed a cybersecurity strategy, underpinned by our Cybersecurity Incident Response Plan, to manage and mitigate potential cybersecurity risks. Our strategy is designed to safeguard our systems and data.
Cybersecurity Risk Management and Strategy
The Company’s cybersecurity framework encompasses a proactive approach towards potential threats, focusing on prevention, detection, response, and recovery. Our cybersecurity risk management program is integrated into our overall risk management framework and shares common reporting channels and governance processes that apply across the risk management framework to other legal, compliance, strategic, operational, and financial risk areas. Our cybersecurity risk management program includes:
•
Risk assessments designed to help identify material cybersecurity risks to our critical systems, information, products, services, and our broader enterprise IT environment;
•
a cybersecurity team principally responsible for managing (1) our cybersecurity risk assessment processes, (2) our security controls, and (3) our response to cybersecurity incidents;
•
the use of external service providers and software, where appropriate, to monitor, assess, test or otherwise assist with aspects of our security controls;
•
cybersecurity awareness training for our employees; and
•
a global incident response plan that includes procedures for responding to cybersecurity incidents.
Our Incident Response Team (“IRT”), which includes members from various functional areas within the Company, including our data center operations, software, internal information systems, customer support, legal, and marketing departments, which are responsible for managing and mitigating any cybersecurity incidents at the Company. This team operates under the policy procedures that are outlined in our Cybersecurity Incident Response Plan. This process includes notifying executive management when a cybersecurity breach or incident takes place, and taking necessary containment and mitigation steps to address the incident. Our comprehensive approach is designed to provide minimal impact on our operations and maintain the confidentiality and integrity of the personal information we handle.
Regular penetration testing, conducted by independent firms, forms a crucial part of our risk assessment process. These tests help us identify and mitigate potential vulnerabilities in our network security and data handling practices. Additionally, the Company monitors alerts and advisory statements from the Cybersecurity and Infrastructure Security Agency to keep abreast of relevant threats, vulnerabilities or alerts from actual incidents.
Our information technology management team has over two decades of experience in the technology industry in developing security strategies, playing a pivotal role in incident identification, leading security teams, and managing risks across various industries.
Governance and Oversight
Cybersecurity governance at the Company involves executive and Board oversight. Our Board of Directors considers cybersecurity risks as part of its risk oversight function and has delegated to the Audit Committee oversight of cybersecurity and other information technology risks. The Audit Committee regularly receives updates from management on our cybersecurity risks. In addition, management updates the Audit Committee, as necessary, regarding any material cybersecurity incidents, as well as any incidents with less impact potential. The Audit Committee reports to the full Board of Directors regarding its activities, including those related to cybersecurity.
As part of the escalation procedures stated in our Cybersecurity Incident Response Plan, if we become aware that a cybersecurity incident has occurred, our information technology professionals shall notify the CEO and CFO immediately upon recognition of the breach or event, to help ensure high-level involvement and decision-making. The CEO and CFO shall assess the overall impact of the event and its potential impact on the Company’s business operations. If deemed significant, the Audit Committee and full Board of Directors shall be informed of the incident.
Our cybersecurity policies and practices are regularly reviewed and updated in order to align with evolving threats and regulatory requirements to help ensure the Company complies with relevant laws and regulations and proactively manages cybersecurity risks.
Employee Training and Awareness
Recognizing the importance of human factors in cybersecurity, the Company invests in employee training and awareness programs. Our efforts are particularly focused on common threats, such as phishing attacks, and we require all employees to complete annual cybersecurity training to stay informed about emerging and evolving cybersecurity threats.
Third-Party Service Providers
We work with third parties that help us identify, assess, and manage cybersecurity risks, including professional services firms, consulting firms, threat intelligence service providers, and penetration testing firms.
To operate our business, we utilize certain third-party service providers to perform a variety of functions. We seek to engage reliable, reputable service providers that maintain cybersecurity programs. Depending on the nature of the services provided, the sensitivity and quantity of information processed, and the identity of the service provider, our vendor management process may include reviewing the cybersecurity practices of such provider, contractually imposing obligations on the provider, conducting security assessments, and conducting periodic reassessments during their engagement.
Additional Information
We have not identified any known cybersecurity threats, including as a result of prior cybersecurity incidents, that have materially affected or are reasonably likely to materially affect us, including our operations, business strategy, results of operations, or financial condition. However, there can be no assurance that our cybersecurity risk management program and processes, including our policies, controls, or procedures, will be fully implemented, complied with or effective in protecting our systems and information. Refer to “Item 1A. Risk Factors”, including the risk factors that are described under the heading “Cybersecurity and Information Technology Risks,” for more information regarding the risks we face from cybersecurity incidents that could adversely impact our business and operations, harm our reputation and subject us to claims or litigation.
|Cybersecurity Risk Management Processes Integrated [Flag]
|true
|Cybersecurity Risk Management Processes Integrated [Text Block]
|Our cybersecurity risk management program is integrated into our overall risk management framework and shares common reporting channels and governance processes that apply across the risk management framework to other legal, compliance, strategic, operational, and financial risk areas.
|Cybersecurity Risk Management Third Party Engaged [Flag]
|true
|Cybersecurity Risk Third Party Oversight and Identification Processes [Flag]
|true
|Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag]
|false
|Cybersecurity Risk Board of Directors Oversight [Text Block]
|
Governance and Oversight
Cybersecurity governance at the Company involves executive and Board oversight. Our Board of Directors considers cybersecurity risks as part of its risk oversight function and has delegated to the Audit Committee oversight of cybersecurity and other information technology risks. The Audit Committee regularly receives updates from management on our cybersecurity risks. In addition, management updates the Audit Committee, as necessary, regarding any material cybersecurity incidents, as well as any incidents with less impact potential. The Audit Committee reports to the full Board of Directors regarding its activities, including those related to cybersecurity.
As part of the escalation procedures stated in our Cybersecurity Incident Response Plan, if we become aware that a cybersecurity incident has occurred, our information technology professionals shall notify the CEO and CFO immediately upon recognition of the breach or event, to help ensure high-level involvement and decision-making. The CEO and CFO shall assess the overall impact of the event and its potential impact on the Company’s business operations. If deemed significant, the Audit Committee and full Board of Directors shall be informed of the incident.
Our cybersecurity policies and practices are regularly reviewed and updated in order to align with evolving threats and regulatory requirements to help ensure the Company complies with relevant laws and regulations and proactively manages cybersecurity risks.
Employee Training and Awareness
Recognizing the importance of human factors in cybersecurity, the Company invests in employee training and awareness programs. Our efforts are particularly focused on common threats, such as phishing attacks, and we require all employees to complete annual cybersecurity training to stay informed about emerging and evolving cybersecurity threats.
|Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block]
|Cybersecurity governance at the Company involves executive and Board oversight. Our Board of Directors considers cybersecurity risks as part of its risk oversight function and has delegated to the Audit Committee oversight of cybersecurity and other information technology risks. The Audit Committee regularly receives updates from management on our cybersecurity risks. In addition, management updates the Audit Committee, as necessary, regarding any material cybersecurity incidents, as well as any incidents with less impact potential.
|Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block]
|The Audit Committee reports to the full Board of Directors regarding its activities, including those related to cybersecurity.
|Cybersecurity Risk Role of Management [Text Block]
|
Cybersecurity Risk Management and Strategy
The Company’s cybersecurity framework encompasses a proactive approach towards potential threats, focusing on prevention, detection, response, and recovery. Our cybersecurity risk management program is integrated into our overall risk management framework and shares common reporting channels and governance processes that apply across the risk management framework to other legal, compliance, strategic, operational, and financial risk areas. Our cybersecurity risk management program includes:
•
Risk assessments designed to help identify material cybersecurity risks to our critical systems, information, products, services, and our broader enterprise IT environment;
•
a cybersecurity team principally responsible for managing (1) our cybersecurity risk assessment processes, (2) our security controls, and (3) our response to cybersecurity incidents;
•
the use of external service providers and software, where appropriate, to monitor, assess, test or otherwise assist with aspects of our security controls;
•
cybersecurity awareness training for our employees; and
•
a global incident response plan that includes procedures for responding to cybersecurity incidents.
Our Incident Response Team (“IRT”), which includes members from various functional areas within the Company, including our data center operations, software, internal information systems, customer support, legal, and marketing departments, which are responsible for managing and mitigating any cybersecurity incidents at the Company. This team operates under the policy procedures that are outlined in our Cybersecurity Incident Response Plan. This process includes notifying executive management when a cybersecurity breach or incident takes place, and taking necessary containment and mitigation steps to address the incident. Our comprehensive approach is designed to provide minimal impact on our operations and maintain the confidentiality and integrity of the personal information we handle.
Regular penetration testing, conducted by independent firms, forms a crucial part of our risk assessment process. These tests help us identify and mitigate potential vulnerabilities in our network security and data handling practices. Additionally, the Company monitors alerts and advisory statements from the Cybersecurity and Infrastructure Security Agency to keep abreast of relevant threats, vulnerabilities or alerts from actual incidents.
Our information technology management team has over two decades of experience in the technology industry in developing security strategies, playing a pivotal role in incident identification, leading security teams, and managing risks across various industries.
|Cybersecurity Risk Management Positions or Committees Responsible [Flag]
|true
|Cybersecurity Risk Management Positions or Committees Responsible [Text Block]
|
As part of the escalation procedures stated in our Cybersecurity Incident Response Plan, if we become aware that a cybersecurity incident has occurred, our information technology professionals shall notify the CEO and CFO immediately upon recognition of the breach or event, to help ensure high-level involvement and decision-making. The CEO and CFO shall assess the overall impact of the event and its potential impact on the Company’s business operations. If deemed significant, the Audit Committee and full Board of Directors shall be informed of the incident.
|Cybersecurity Risk Management Expertise of Management Responsible [Text Block]
|
Our information technology management team has over two decades of experience in the technology industry in developing security strategies, playing a pivotal role in incident identification, leading security teams, and managing risks across various industries.
|Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block]
|Our Incident Response Team (“IRT”), which includes members from various functional areas within the Company, including our data center operations, software, internal information systems, customer support, legal, and marketing departments, which are responsible for managing and mitigating any cybersecurity incidents at the Company. This team operates under the policy procedures that are outlined in our Cybersecurity Incident Response Plan. This process includes notifying executive management when a cybersecurity breach or incident takes place, and taking necessary containment and mitigation steps to address the incident.
|Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag]
|true
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef