|
Cybersecurity Risk Management and Strategy Disclosure
|12 Months Ended
Dec. 31, 2024
|Cybersecurity Risk Management, Strategy, and Governance [Line Items]
|Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]
|
The Company maintains an operational Incident Response Plan (“IRP”) that defines how the Company handles cybersecurity incidents, including escalation, reporting and remediation procedures. The IRP is reviewed annually both internally and by third parties during regular audits. In addition, the Company retains a preferred partner with expertise in cybersecurity risks and incidents to advise on cybersecurity related matters. The Company’s preferred partner is also part of the Company’s IRP procedures and provides independent analysis and advice during cybersecurity investigations. The Company also maintains a Security Awareness Program, which is designed, implemented, and maintained by the Company’s Chief Information Security Officer. The Company’s Security Awareness Program includes training that reinforces the Company’s information technology risk and security management policies, standards and practices, as well as the expectation that employees comply with these policies. The Security Awareness Program engages personnel through training on how to identify potential cybersecurity risks and protect the Company’s resources and information, as well as how to respond to unauthorized access to or use of Company information. The Security Awareness Program training is mandatory for all employees globally at least annually, and it is supplemented by Company-wide assessment initiatives, including periodic testing. The Company provides specialized security training for certain employee roles, such as application developers.
The Company conducts periodic tests to assess the Company’s processes and procedures and the threat landscape, which are designed with the goal of implementing and maintaining a robust cybersecurity program. Where appropriate, the Company takes additional and ongoing steps intended to strengthen the Company’s cybersecurity capabilities and mitigate the risk of a breach or incident. The Company’s security program and IT-related controls are regularly examined by internal auditors, external auditors and various regulators. For example, each year, the Company conducts various third-party audits, including SOC 2 Type2, PCI DSS, ISO 27001. The Company also engages third-party consultants for incident responses. These third-party consultants report directly to the Chief Information Security Officer and, depending on the nature of the incident, report directly to the Executive Security Steering Committee on various topics including, effects of the incident and recommendations
on how to strengthen the Company’s cybersecurity capabilities and mitigate the risk of a breach or incident. In addition to assessing the Company’s cybersecurity preparedness, the Company also considers and evaluates cybersecurity risks associated with its use of third-party service providers. The Company maintains a vendor onboarding program, pursuant to which the Company regularly reviews third-party hosted applications and, when available, requests its vendors to provide SOC2 and/or ISO 27001 certificates. The Company’s assessment of risks associated with use of third-party providers is part of the Company’s overall cybersecurity risk management program.
Although we have designed our cybersecurity program and governance procedures above to mitigate cybersecurity risks, we have experienced, and we may in the future experience cybersecurity risks, threats and attacks. To date, these risks, threats or attacks have not had a material impact on our operations, business strategy or financial results, but we cannot provide assurance that they will not have a material impact in the future. See the section entitled “Risk Factors” included elsewhere in this Annual Report for further information. We continuously work to enhance our cybersecurity risk management program.
|Cybersecurity Risk Management Processes Integrated [Flag]
|true
|Cybersecurity Risk Management Processes Integrated [Text Block]
|The Company maintains an operational Incident Response Plan (“IRP”) that defines how the Company handles cybersecurity incidents, including escalation, reporting and remediation procedures. The IRP is reviewed annually both internally and by third parties during regular audits. In addition, the Company retains a preferred partner with expertise in cybersecurity risks and incidents to advise on cybersecurity related matters. The Company’s preferred partner is also part of the Company’s IRP procedures and provides independent analysis and advice during cybersecurity investigations. The Company also maintains a Security Awareness Program, which is designed, implemented, and maintained by the Company’s Chief Information Security Officer. The Company’s Security Awareness Program includes training that reinforces the Company’s information technology risk and security management policies, standards and practices, as well as the expectation that employees comply with these policies. The Security Awareness Program engages personnel through training on how to identify potential cybersecurity risks and protect the Company’s resources and information, as well as how to respond to unauthorized access to or use of Company information. The Security Awareness Program training is mandatory for all employees globally at least annually, and it is supplemented by Company-wide assessment initiatives, including periodic testing. The Company provides specialized security training for certain employee roles, such as application developers.
|Cybersecurity Risk Management Third Party Engaged [Flag]
|true
|Cybersecurity Risk Third Party Oversight and Identification Processes [Flag]
|true
|Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag]
|false
|Cybersecurity Risk Board of Directors Oversight [Text Block]
|
The Company maintains a governance structure to address cybersecurity risk, which involves a dedicated Security Operations Team (the “Security Operations Team”), an executive security steering committee (the “Executive Security Steering Committee”), and the Compliance and Risk Committee of the Board and the Board.
|Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block]
|The Company’s Security Operations Team, led by our Chief Information Security Officer, is responsible for identifying, assessing, mitigating, and reporting on material cybersecurity risks to the Company’s Executive Security Steering Committee.
|Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block]
|The Company’s Security Operations Team, led by our Chief Information Security Officer, is responsible for identifying, assessing, mitigating, and reporting on material cybersecurity risks to the Company’s Executive Security Steering Committee. The Company’s Chief Information Security Officer holds high-level licenses and certifications relating to information security, including a Certified Information Security Manager from the Information Systems Audit and Control Association and a Certified Information Systems Security Professional and a Certified Cloud Security Professional from the International Information Security System Security Certification Consortium. The Company’s Executive Security Steering Committee, chaired by the Company’s Chief Information Security Officer and comprised of various cross-functional members of senior management, drives awareness and alignment across broad stakeholder groups for cybersecurity governance and risk management and reporting. The Executive Security Steering Committee receives quarterly reports from the Company’s Chief Information Security Officer. The Compliance and Risk Committee receives regular reports from the Company’s Chief Information Security Officer. The Compliance and Risk Committee periodically reports to the Board.
|Cybersecurity Risk Role of Management [Text Block]
|The Company’s Security Operations Team, led by our Chief Information Security Officer, is responsible for identifying, assessing, mitigating, and reporting on material cybersecurity risks to the Company’s Executive Security Steering Committee. The Company’s Chief Information Security Officer holds high-level licenses and certifications relating to information security, including a Certified Information Security Manager from the Information Systems Audit and Control Association and a Certified Information Systems Security Professional and a Certified Cloud Security Professional from the International Information Security System Security Certification Consortium. The Company’s Executive Security Steering Committee, chaired by the Company’s Chief Information Security Officer and comprised of various cross-functional members of senior management, drives awareness and alignment across broad stakeholder groups for cybersecurity governance and risk management and reporting. The Executive Security Steering Committee receives quarterly reports from the Company’s Chief Information Security Officer. The Compliance and Risk Committee receives regular reports from the Company’s Chief Information Security Officer. The Compliance and Risk Committee periodically reports to the Board.
|Cybersecurity Risk Management Positions or Committees Responsible [Flag]
|true
|Cybersecurity Risk Management Positions or Committees Responsible [Text Block]
|The Company’s Security Operations Team, led by our Chief Information Security Officer, is responsible for identifying, assessing, mitigating, and reporting on material cybersecurity risks to the Company’s Executive Security Steering Committee.
|Cybersecurity Risk Management Expertise of Management Responsible [Text Block]
|The Company’s Chief Information Security Officer holds high-level licenses and certifications relating to information security, including a Certified Information Security Manager from the Information Systems Audit and Control Association and a Certified Information Systems Security Professional and a Certified Cloud Security Professional from the International Information Security System Security Certification Consortium.
|Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block]
|The Company’s Security Operations Team, led by our Chief Information Security Officer, is responsible for identifying, assessing, mitigating, and reporting on material cybersecurity risks to the Company’s Executive Security Steering Committee. The Company’s Chief Information Security Officer holds high-level licenses and certifications relating to information security, including a Certified Information Security Manager from the Information Systems Audit and Control Association and a Certified Information Systems Security Professional and a Certified Cloud Security Professional from the International Information Security System Security Certification Consortium. The Company’s Executive Security Steering Committee, chaired by the Company’s Chief Information Security Officer and comprised of various cross-functional members of senior management, drives awareness and alignment across broad stakeholder groups for cybersecurity governance and risk management and reporting. The Executive Security Steering Committee receives quarterly reports from the Company’s Chief Information Security Officer. The Compliance and Risk Committee receives regular reports from the Company’s Chief Information Security Officer. The Compliance and Risk Committee periodically reports to the Board.
|Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag]
|true
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef