|
Cybersecurity Risk Management, Strategy and Governance
|12 Months Ended
Dec. 31, 2024
|Cybersecurity Risk Management, Strategy, and Governance [Line Items]
|Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]
|
Item 16K. Cybersecurity
Risk Management and Strategy
We believe an effective cybersecurity program is critical to guard the confidentiality, integrity, and availability of our information systems and data residing in those systems. We have built and continue to evolve processes for assessing, identifying, and managing material risks from cybersecurity threats. We have embedded the oversight and management of cybersecurity risk within our enterprise risk management framework to help drive a company-wide culture of cybersecurity risk management, and we have established policies and procedures as well as a reporting line of governance that guide our cybersecurity risk management program.
The Company’s Information Technology Department uses cybersecurity risk assessments, security monitoring tools, phishing testing, security training, system scanning, and penetration testing, among other technology and human resources, to monitor and identify cybersecurity threats and incidents. We engage a third party to perform a 24/7 cybersecurity monitoring, detection and response service. With the third party’s assistance, our Information Technology Department track metrics that demonstrate our cybersecurity risk posture, including identified cybersecurity threats and risks, security awareness proficiency of employees, and system vulnerabilities and patching requirements.
We require all third-party vendors that may have access to Company, employee, customer, or other third-party data to undergo a vetting process prior to being approved and onboarded. The vetting process includes a review of the vendor’s relevant policies and procedures, technology architecture, business practices and cybersecurity profile. Third-party vendor agreements include confidentiality obligations and specify data elements that the third party has access to, how the third party protects the data, and procedures for the return or destruction of protected data. The vendor also must report all cybersecurity incidents immediately to the Company’s responsible functional manager and to the Director of Information Technology.
In addition to the above processes and resources, we maintain a cybersecurity incident response process. Within the Information Technology department, we have an Incident Response Team, which maintains and is responsible for communicating any cybersecurity incidents in accordance with a written incident response plan (the “Incident Response Plan”). The Incident Response Plan defines responsibilities and immediate actions necessary to mitigate risk, report on the incident to management, and identify necessary steps to remediate the incident and prevent future incidents. The Incident Response Team is responsible for identifying and assessing the impact of several factors, including duration of the breach or other incident, the number of systems and users affected, the actual or potential system downtime and associated financial impact, as well as the cost and timing of system and data recovery. Our Director of Information Technology is responsible for reporting cybersecurity incidents immediately to our senior management team. Depending on the nature and severity of an incident, the incident may also need to be reported to our Management Disclosure Committee to determine whether the incident is or is reasonably likely to become material and whether the Company must disclose the incident publicly, as well as to the Audit and Risk Management Committee and the Board of Directors.
Governance
Our Board of Directors recognizes the importance of managing the risk of cybersecurity threats to the Company. The Board is responsible for overseeing our enterprise risk management activities in general, and each of our Board committees assists the Board in the role of risk oversight. The Audit and Risk Management Committee is responsible for, among other things, overseeing our compliance with internal controls and our management of enterprise risks, including cybersecurity risks and risk mitigation framework.
The Audit and Risk Management Committee meets at least twice each year and as often as necessary to fulfill its responsibilities. Our senior management team, which includes our CEO, CFO, Chief Legal and Administrative Officer, and our Chief Operating Officer, together with the Director of Information Technology, reports on a regular basis to the Audit and Risk Management Committee on cybersecurity risks and trends and other information necessary to assess such risks and oversee the development and performance of our risk mitigation processes.
The Director of Information Technology leads our Information Technology Department and is responsible for overseeing our information security program. Reporting to our Chief Operating Officer, the Director of Information Technology has over 30 years of industry experience, including serving in similar roles leading and overseeing information and data security at other public companies. The Director of Information Technology is responsible for assessing and managing cybersecurity risks, as well as communicating cybersecurity incidents, matters and trends to Company management, the Audit and Risk Management Committee, and the Board of Directors. Team members who support our information security program have relevant educational and industry experience and regularly report to the Director of Information Technology. Our Information Technology Department regularly reports to senior management and other relevant teams on various cybersecurity threats, assessments, and findings.
We face risks from cybersecurity threats that could have a material adverse effect on our business, strategy, financial condition, results of operations, cash flows or reputation. However, to date, we have not experienced any cybersecurity incidents that have had or are reasonably likely to have such a material adverse effect. See Item 3. Key Information—D. Risk Factors (“Our systems and data may be subject to disruptions or other security incidents, and we may face alleged violations of laws, regulations, or other obligations relating to handling our employees' personal data or confidential data of our customers and other business partners that could result in liability and adversely impact our reputation and future sales.”).
|Cybersecurity Risk Management Third Party Engaged [Flag]
|true
|Cybersecurity Risk Third Party Oversight and Identification Processes [Flag]
|true
|Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag]
|false
|Cybersecurity Risk Board of Directors Oversight [Text Block]
|
Governance
Our Board of Directors recognizes the importance of managing the risk of cybersecurity threats to the Company. The Board is responsible for overseeing our enterprise risk management activities in general, and each of our Board committees assists the Board in the role of risk oversight. The Audit and Risk Management Committee is responsible for, among other things, overseeing our compliance with internal controls and our management of enterprise risks, including cybersecurity risks and risk mitigation framework.
The Audit and Risk Management Committee meets at least twice each year and as often as necessary to fulfill its responsibilities. Our senior management team, which includes our CEO, CFO, Chief Legal and Administrative Officer, and our Chief Operating Officer, together with the Director of Information Technology, reports on a regular basis to the Audit and Risk Management Committee on cybersecurity risks and trends and other information necessary to assess such risks and oversee the development and performance of our risk mitigation processes.
The Director of Information Technology leads our Information Technology Department and is responsible for overseeing our information security program. Reporting to our Chief Operating Officer, the Director of Information Technology has over 30 years of industry experience, including serving in similar roles leading and overseeing information and data security at other public companies. The Director of Information Technology is responsible for assessing and managing cybersecurity risks, as well as communicating cybersecurity incidents, matters and trends to Company management, the Audit and Risk Management Committee, and the Board of Directors. Team members who support our information security program have relevant educational and industry experience and regularly report to the Director of Information Technology. Our Information Technology Department regularly reports to senior management and other relevant teams on various cybersecurity threats, assessments, and findings.
We face risks from cybersecurity threats that could have a material adverse effect on our business, strategy, financial condition, results of operations, cash flows or reputation. However, to date, we have not experienced any cybersecurity incidents that have had or are reasonably likely to have such a material adverse effect. See Item 3. Key Information—D. Risk Factors (“Our systems and data may be subject to disruptions or other security incidents, and we may face alleged violations of laws, regulations, or other obligations relating to handling our employees' personal data or confidential data of our customers and other business partners that could result in liability and adversely impact our reputation and future sales.”).
|Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block]
|. The Board is responsible for overseeing our enterprise risk management activities in general, and each of our Board committees assists the Board in the role of risk oversight. The Audit and Risk Management Committee is responsible for, among other things, overseeing our compliance with internal controls and our management of enterprise risks, including cybersecurity risks and risk mitigation framework.
|Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block]
|
The Audit and Risk Management Committee meets at least twice each year and as often as necessary to fulfill its responsibilities. Our senior management team, which includes our CEO, CFO, Chief Legal and Administrative Officer, and our Chief Operating Officer, together with the Director of Information Technology, reports on a regular basis to the Audit and Risk Management Committee on cybersecurity risks and trends and other information necessary to assess such risks and oversee the development and performance of our risk mitigation processes.
|Cybersecurity Risk Role of Management [Text Block]
|
The Director of Information Technology leads our Information Technology Department and is responsible for overseeing our information security program. Reporting to our Chief Operating Officer, the Director of Information Technology has over 30 years of industry experience, including serving in similar roles leading and overseeing information and data security at other public companies. The Director of Information Technology is responsible for assessing and managing cybersecurity risks, as well as communicating cybersecurity incidents, matters and trends to Company management, the Audit and Risk Management Committee, and the Board of Directors. Team members who support our information security program have relevant educational and industry experience and regularly report to the Director of Information Technology. Our Information Technology Department regularly reports to senior management and other relevant teams on various cybersecurity threats, assessments, and findings.
|Cybersecurity Risk Management Positions or Committees Responsible [Flag]
|true
|Cybersecurity Risk Management Positions or Committees Responsible [Text Block]
|Our senior management team, which includes our CEO, CFO, Chief Legal and Administrative Officer, and our Chief Operating Officer, together with the Director of Information Technology, reports on a regular basis to the Audit and Risk Management Committee on cybersecurity risks and trends and other information necessary to assess such risks and oversee the development and performance of our risk mitigation processes.
|Cybersecurity Risk Management Expertise of Management Responsible [Text Block]
|. Reporting to our Chief Operating Officer, the Director of Information Technology has over 30 years of industry experience, including serving in similar roles leading and overseeing information and data security at other public companies. The Director of Information Technology is responsible for assessing and managing cybersecurity risks, as well as communicating cybersecurity incidents, matters and trends to Company management, the Audit and Risk Management Committee, and the Board of Directors. Team members who support our information security program have relevant educational and industry experience and regularly report to the Director of Information Technology. Our Information Technology Department regularly reports to senior management and other relevant teams on various cybersecurity threats, assessments, and findings.
|Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag]
|true
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef