XML 99 R25.htm IDEA: XBRL DOCUMENT v3.26.1
Cybersecurity Risk Management and Strategy Disclosure
 12 Months Ended
Dec. 31, 2025
Cybersecurity Risk Management, Strategy, and Governance [Abstract]  
Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]

Overall, our approach to cybersecurity risk management includes the following key elements:

(i)
Continuous monitoring of cybersecurity threats, both internal and external, through the use of data analytics and network monitoring systems.
(ii)
Engagement of third-party consultants and other advisors to assist in assessing points of vulnerability of our information security systems.
(iii)
Overall assessment of cybersecurity incidents materiality and potential impact on the Company’s operations and financial condition by our senior management team and our Board of Directors, in cooperation, if considered necessary, with specialized external consultants.
(iv)
Oversight responsibility of cybersecurity risks and compliance with relevant disclosure requirements lies with our senior management team and our Board of Directors.
(v)
Training and Awareness—we have various information technology policies relating to cybersecurity. We also provide employee training that is administered on periodic and on case-by-case bases that reinforces our information technology policies, standards and practices, as well as the expectation that employees comply with these policies and identify and report potential cybersecurity risks.


We continue to invest in our cybersecurity systems and to enhance our internal controls and processes. Our business strategy, results of operations and financial condition have not been materially affected by risks from cybersecurity threats, including as a result of previously identified cybersecurity incidents, but we cannot provide assurance that they will not be materially affected in the future by such risks or any future material incidents. While we have dedicated appropriate resources to identifying, assessing and managing material risks from cybersecurity threats, our efforts may not be adequate, may fail to accurately assess the severity of an incident, may not be sufficient to prevent or limit harm, or may fail to sufficiently remediate an incident in a timely fashion, any of which could harm our business, reputation, results of operations and financial condition. For more information certain risks associated with cybersecurity, see “Item 3. Key Information—D. Risk Factors Risks—We rely on our information systems to conduct our business, and failure to protect these systems against security breaches could adversely affect our business and results of operations. Additionally, if these systems fail or become unavailable for any significant period of time, our business could be harmed.”
Cybersecurity Risk Management Processes Integrated [Flag] true
Cybersecurity Risk Management Processes Integrated [Text Block] Our cybersecurity risk management strategy prioritizes detection, analysis and response to known, anticipated or unexpected threats; effective management of security risks; and resiliency against incidents. With the ever-changing cybersecurity landscape and continual emergence of new cybersecurity threats, our Board of Directors and senior management team ensure that adequate resources are devoted to cybersecurity risk management and the technologies, processes and people that support it. We implement risk-based controls to protect our information, the information of our customers, suppliers and other third parties, our information systems, our business operations and our vessels.
Cybersecurity Risk Management Third Party Engaged [Flag] true
Cybersecurity Risk Third Party Oversight and Identification Processes [Flag] true
Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag] false
Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Text Block] Our business strategy, results of operations and financial condition have not been materially affected by risks from cybersecurity threats, including as a result of previously identified cybersecurity incidents, but we cannot provide assurance that they will not be materially affected in the future by such risks or any future material incidents. While we have dedicated appropriate resources to identifying, assessing and managing material risks from cybersecurity threats, our efforts may not be adequate, may fail to accurately assess the severity of an incident, may not be sufficient to prevent or limit harm, or may fail to sufficiently remediate an incident in a timely fashion, any of which could harm our business, reputation, results of operations and financial condition. For more information certain risks associated with cybersecurity, see “Item 3. Key Information—D. Risk Factors Risks—We rely on our information systems to conduct our business, and failure to protect these systems against security breaches could adversely affect our business and results of operations. Additionally, if these systems fail or become unavailable for any significant period of time, our business could be harmed.”
Cybersecurity Risk Board of Directors Oversight [Text Block]

We believe that cybersecurity is fundamental in our operations and, as such, we are committed to maintaining robust governance and oversight of cybersecurity risks and to implementing comprehensive processes and procedures for identifying, assessing and managing material risks from cybersecurity threats as part of our broader risk management system and processes. Our cybersecurity risk management strategy prioritizes detection, analysis and response to known, anticipated or unexpected threats; effective management of security risks; and resiliency against incidents. With the ever-changing cybersecurity landscape and continual emergence of new cybersecurity threats, our Board of Directors and senior management team ensure that adequate resources are devoted to cybersecurity risk management and the technologies, processes and people that support it. We implement risk-based controls to protect our information, the information of our customers, suppliers and other third parties, our information systems, our business operations and our vessels.


As part of our cybersecurity risk management system, our information & technology management team, led by our senior IT manager with extensive experience managing information & technology systems, tracks and logs privacy and security incidents across our Company, our vessels, our customers, suppliers and other third-party service providers to remediate and resolve any such incidents. Significant incidents are reviewed regularly by our information & technology management team to determine whether further escalation is appropriate. We also engage third parties, such as specialized assessors and consultants to audit our information security systems, whose findings are reported to our senior management team. Any identified incident assessed as potentially being or potentially becoming material is immediately escalated for further assessment, and then reported to our senior management team who is responsible to assess its overall materiality in due time and decide whether further reference to our Board of Directors is necessary. We further consult with outside counsel as appropriate, including on materiality analysis and disclosure requirements’ matters, and our senior management, in cooperation if required with our Board of Directors, makes the final materiality determinations and disclosure and other compliance decisions.


As we do not have a dedicated board committee solely focused on cybersecurity, our senior management team has oversight responsibility for risks and incidents relating to cybersecurity threats, including compliance with disclosure requirements, cooperation with law enforcement, and related effects on financial and other risks, and it reports any material findings and recommendations, as appropriate, to our Board of Directors for consideration.
Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block]

As we do not have a dedicated board committee solely focused on cybersecurity, our senior management team has oversight responsibility for risks and incidents relating to cybersecurity threats, including compliance with disclosure requirements, cooperation with law enforcement, and related effects on financial and other risks, and it reports any material findings and recommendations, as appropriate, to our Board of Directors for consideration.
Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block]

As we do not have a dedicated board committee solely focused on cybersecurity, our senior management team has oversight responsibility for risks and incidents relating to cybersecurity threats, including compliance with disclosure requirements, cooperation with law enforcement, and related effects on financial and other risks, and it reports any material findings and recommendations, as appropriate, to our Board of Directors for consideration.
Cybersecurity Risk Role of Management [Text Block]

As part of our cybersecurity risk management system, our information & technology management team, led by our senior IT manager with extensive experience managing information & technology systems, tracks and logs privacy and security incidents across our Company, our vessels, our customers, suppliers and other third-party service providers to remediate and resolve any such incidents. Significant incidents are reviewed regularly by our information & technology management team to determine whether further escalation is appropriate. We also engage third parties, such as specialized assessors and consultants to audit our information security systems, whose findings are reported to our senior management team. Any identified incident assessed as potentially being or potentially becoming material is immediately escalated for further assessment, and then reported to our senior management team who is responsible to assess its overall materiality in due time and decide whether further reference to our Board of Directors is necessary. We further consult with outside counsel as appropriate, including on materiality analysis and disclosure requirements’ matters, and our senior management, in cooperation if required with our Board of Directors, makes the final materiality determinations and disclosure and other compliance decisions.
Cybersecurity Risk Management Positions or Committees Responsible [Flag] true
Cybersecurity Risk Management Positions or Committees Responsible [Text Block]

As we do not have a dedicated board committee solely focused on cybersecurity, our senior management team has oversight responsibility for risks and incidents relating to cybersecurity threats, including compliance with disclosure requirements, cooperation with law enforcement, and related effects on financial and other risks, and it reports any material findings and recommendations, as appropriate, to our Board of Directors for consideration.
Cybersecurity Risk Management Expertise of Management Responsible [Text Block] As part of our cybersecurity risk management system, our information & technology management team, led by our senior IT manager with extensive experience managing information & technology systems, tracks and logs privacy and security incidents across our Company, our vessels, our customers, suppliers and other third-party service providers to remediate and resolve any such incidents.
Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block] Any identified incident assessed as potentially being or potentially becoming material is immediately escalated for further assessment, and then reported to our senior management team who is responsible to assess its overall materiality in due time and decide whether further reference to our Board of Directors is necessary.
Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag] true