XML 46 R33.htm IDEA: XBRL DOCUMENT v3.25.4
Cybersecurity Risk Management and Strategy Disclosure
12 Months Ended
Dec. 31, 2025
Cybersecurity Risk Management, Strategy, and Governance [Line Items]  
Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]
Risk Management and Strategy
The Company employs a comprehensive, cross-departmental approach designed to continuously identify, assess, and mitigate potential cybersecurity risks. Our cybersecurity risk management program involves collaboration between our employees, the Information Technology (“IT”) team, and the Information Security (“InfoSec”) team, which is led by our Chief Information Security Officer (“CISO”). The Company’s cybersecurity policies, standards, and processes are integrated into the Company’s overall risk management program, and we regularly consider cybersecurity risks in the context of material risks to the Company.
Our cybersecurity risk management program categorizes cybersecurity risks into five distinct areas: identify, protect, detect, respond, and recover, as defined by the National Institute of Standards and Technology Cybersecurity Framework. We regularly assess the evolving cybersecurity threat landscape, employing a layered cybersecurity strategy that emphasizes prevention, detection, and mitigation through a variety of technical and operational measures. As part of our cybersecurity risk management program, our information security program is tailored to address identified risks, while aligning with pertinent business requirements.
Cybersecurity is a shared responsibility across the Company, and all our employees are subject to periodic email phishing simulation campaigns and mandatory quarterly cybersecurity training to enhance awareness and readiness against potential common cyber threats. Certain roles require additional role-based, specialized cybersecurity training, such as tabletop exercises to help ensure proactive preparation and effective coordination in the event of a security incident. We conduct tabletop exercises annually or as needed to review our incident response plan, as well as to identify and prioritize opportunities for improvement within our cybersecurity program and associated security controls. To help protect our data and information systems, we maintain Company-wide cybersecurity policies and procedures regarding encryption standards, antivirus protection, remote access, multifactor authentication, confidential information, and internet, social media, email, and wireless device usage. Our IT and InfoSec teams review and update such policies and procedures to adapt to the evolving cybersecurity threat landscape, industry best practices, and regulatory updates. Our CISO conducts thorough reviews of these updates on an annual basis or as needed to help ensure their continued relevance and effectiveness in safeguarding the Company’s assets and business interests.
We continually seek to update our cybersecurity posture, encompassing end-user awareness training, layered defenses, critical asset identification and protection, enhanced monitoring and alerting. We engage with third-party experts to evaluate the efficacy of our security measures which includes network penetration testing. We also regularly evaluate cybersecurity risks associated with our use of third-party service providers, conducting an annual review of hosted applications and assessing their cybersecurity readiness. In addition, we annually obtain Service Organization Control (“SOC”) reports on the suitability and operating effectiveness of the service providers’
controls, known as a SOC 1 Type 2 Report. The report is prepared by an independent service auditor. We review such reports to confirm the existence of effective security controls over unauthorized access at third party service providers.
To date, there have been no cybersecurity events in the past that have materially affected, or are reasonably likely to materially affect, the Company’s business strategy, results of operations, or financial condition. Although we believe our defenses against cyber-intrusions are sufficient, we continue to update our prevention programs to help respond to sophisticated and rapidly evolving threats that may try to circumvent our security measures.
Cybersecurity Risk Management Processes Integrated [Flag] true
Cybersecurity Risk Management Processes Integrated [Text Block]
The Company employs a comprehensive, cross-departmental approach designed to continuously identify, assess, and mitigate potential cybersecurity risks. Our cybersecurity risk management program involves collaboration between our employees, the Information Technology (“IT”) team, and the Information Security (“InfoSec”) team, which is led by our Chief Information Security Officer (“CISO”). The Company’s cybersecurity policies, standards, and processes are integrated into the Company’s overall risk management program, and we regularly consider cybersecurity risks in the context of material risks to the Company.
Cybersecurity Risk Management Third Party Engaged [Flag] true
Cybersecurity Risk Third Party Oversight and Identification Processes [Flag] true
Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag] true
Cybersecurity Risk Board of Directors Oversight [Text Block]
Our Board, with the assistance of our Audit Committee, oversees our cybersecurity efforts performed by senior management, which is responsible for the identification and assessment of materials risk from cybersecurity incidents. In particular, our CISO is responsible for leading the management and assessment of material cybersecurity threats, and works closely with our Head of IT, Head of IT Operations and General Counsel. Our CISO has over 20 years of industry experience, including serving in similar roles leading and overseeing cybersecurity programs at other public companies and managing information systems and protecting computer networks against cyber intrusions. Also, our IT Operations team meets regularly with the InfoSec and the Head of Internal Audit.
Our Board and our Audit Committee receive reports on the Company’s cyber security program, including an assessment of that our cybersecurity risk management program, annually or as needed. In addition, the Board and Audit Committee receive reports on the cybersecurity program, including any material cybersecurity risks, periodically or as needed.
Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block] Our Board, with the assistance of our Audit Committee, oversees our cybersecurity efforts performed by senior management, which is responsible for the identification and assessment of materials risk from cybersecurity incidents.
Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block] Our Board and our Audit Committee receive reports on the Company’s cyber security program, including an assessment of that our cybersecurity risk management program, annually or as needed. In addition, the Board and Audit Committee receive reports on the cybersecurity program, including any material cybersecurity risks, periodically or as needed.
Cybersecurity Risk Role of Management [Text Block]
Our Board, with the assistance of our Audit Committee, oversees our cybersecurity efforts performed by senior management, which is responsible for the identification and assessment of materials risk from cybersecurity incidents. In particular, our CISO is responsible for leading the management and assessment of material cybersecurity threats, and works closely with our Head of IT, Head of IT Operations and General Counsel. Our CISO has over 20 years of industry experience, including serving in similar roles leading and overseeing cybersecurity programs at other public companies and managing information systems and protecting computer networks against cyber intrusions. Also, our IT Operations team meets regularly with the InfoSec and the Head of Internal Audit.
Our Board and our Audit Committee receive reports on the Company’s cyber security program, including an assessment of that our cybersecurity risk management program, annually or as needed. In addition, the Board and Audit Committee receive reports on the cybersecurity program, including any material cybersecurity risks, periodically or as needed.
Cybersecurity Risk Management Positions or Committees Responsible [Flag] true
Cybersecurity Risk Management Positions or Committees Responsible [Text Block] Our cybersecurity risk management program involves collaboration between our employees, the Information Technology (“IT”) team, and the Information Security (“InfoSec”) team, which is led by our Chief Information Security Officer (“CISO”).
Cybersecurity Risk Management Expertise of Management Responsible [Text Block] Our CISO has over 20 years of industry experience, including serving in similar roles leading and overseeing cybersecurity programs at other public companies and managing information systems and protecting computer networks against cyber intrusions. Also, our IT Operations team meets regularly with the InfoSec and the Head of Internal Audit.
Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block] Our Board and our Audit Committee receive reports on the Company’s cyber security program, including an assessment of that our cybersecurity risk management program, annually or as needed. In addition, the Board and Audit Committee receive reports on the cybersecurity program, including any material cybersecurity risks, periodically or as needed.
Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag] true