XML 49 R27.htm IDEA: XBRL DOCUMENT v3.25.4
Cybersecurity Risk Management and Strategy Disclosure
12 Months Ended
Dec. 31, 2025
Cybersecurity Risk Management, Strategy, and Governance [Line Items]  
Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]
We have processes in place to identify, assess and monitor material risks from cybersecurity threats. These processes are part of our overall enterprise risk management process and are part of our operating procedures, internal controls, and information systems. These risks include, among other things, operational risks; fraud; extortion; harm to employees or customers; violation of privacy or security laws and other litigation and legal risk; and reputational risks. We have developed and implemented a cybersecurity framework intended to assess, identify and manage risks from threats to the security of our information, systems, and network using a risk-based approach. The framework is informed in part by the National Institute of Standards and Technology (NIST) Cybersecurity Framework, although this does not imply that we meet all technical standards, specifications, or requirements under the NIST.

Our key cybersecurity processes include the following:
Risk-based controls for information systems and information on our networks: We seek to maintain an information technology infrastructure that implements physical, administrative and technical controls that are calibrated based on risk and designed to protect the confidentiality, integrity and availability of our information systems and information stored on our networks, including customer and employee information.
Cybersecurity incident response plan and testing: We have a cybersecurity incident response plan and dedicated teams to respond to cybersecurity incidents. When a cybersecurity incident occurs or we identify a vulnerability, we have cross-functional teams that are responsible for leading the initial assessment of priority and severity, and external experts may also be engaged as appropriate. Our cybersecurity teams assist in responding to incidents depending on severity levels and seek to improve our cybersecurity incident management plan through periodic tabletops or simulations.
Training: We provide security awareness training to help our employees understand their information protection and cybersecurity responsibilities. We also provide additional training to some employees based their roles.
Supplier risk assessments: Our processes also address cybersecurity threat risks associated with our use of third-party service providers, including those in our supply-chain or who have access to our customer and employee data on our systems. Third-party risks are included within our risk management assessment program, as well as our cybersecurity-specific risk identification program. These considerations affect the selection and access to our systems, data, or facilities. We also seek contractual commitments from key suppliers to appropriately secure and maintain their information technology systems and protect our information that is processed on their systems.
Third-party assessments: We have third-party cybersecurity companies engaged to periodically assess our cybersecurity posture, to assist in identifying and remediating risks from cybersecurity threats. We have implemented several cybersecurity processes, technologies, and controls to aid in our efforts to assess, identify, and manage such risks.
As part of the above processes, we regularly engage with consultants, auditors, and other third-parties, including reviewing our cybersecurity program to help identify areas for continued focus, improvement and/or compliance.
To date, risks from cybersecurity threats or incidents have not materially affected the Company. However, the sophistication of and risks from cybersecurity threats and incidents continues to increase, and the preventative actions we have taken and continue to take to reduce these risks and protect our systems and information may not successfully protect against all cybersecurity threats and incidents. For more information on how cybersecurity risk could materially affect our business strategy, results of operations, or financial condition, please refer to Item 1A Risk Factors.
Cybersecurity Risk Management Processes Integrated [Flag] true
Cybersecurity Risk Management Processes Integrated [Text Block]
We have processes in place to identify, assess and monitor material risks from cybersecurity threats. These processes are part of our overall enterprise risk management process and are part of our operating procedures, internal controls, and information systems. These risks include, among other things, operational risks; fraud; extortion; harm to employees or customers; violation of privacy or security laws and other litigation and legal risk; and reputational risks. We have developed and implemented a cybersecurity framework intended to assess, identify and manage risks from threats to the security of our information, systems, and network using a risk-based approach. The framework is informed in part by the National Institute of Standards and Technology (NIST) Cybersecurity Framework, although this does not imply that we meet all technical standards, specifications, or requirements under the NIST.
Cybersecurity Risk Management Third Party Engaged [Flag] true
Cybersecurity Risk Third Party Oversight and Identification Processes [Flag] true
Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag] false
Cybersecurity Risk Board of Directors Oversight [Text Block]
The Board of Directors, as a whole, has oversight responsibility for our strategic and operational risks. The Audit Committee regularly reviews and discusses with management the strategies, processes, and controls pertaining to the management of our information technology operations, including cyber risks and cybersecurity. Our Chief Information Officer (CIO) and other internal members of our technology team provide regular reports to the Audit Committee regarding the evolving cybersecurity landscape, including emerging risks, as well as our processes, programs, and initiatives for managing these risks. The Audit Committee, in turn, periodically reports on its review with the Board of Directors.
Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block] The Board of Directors, as a whole, has oversight responsibility for our strategic and operational risks. The Audit Committee regularly reviews and discusses with management the strategies, processes, and controls pertaining to the management of our information technology operations, including cyber risks and cybersecurity.
Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block] Our Chief Information Officer (CIO) and other internal members of our technology team provide regular reports to the Audit Committee regarding the evolving cybersecurity landscape, including emerging risks, as well as our processes, programs, and initiatives for managing these risks. The Audit Committee, in turn, periodically reports on its review with the Board of Directors.
Cybersecurity Risk Role of Management [Text Block]
Management is responsible for day-to-day assessment and management of cybersecurity risks. Our cybersecurity risk management and strategy processes are led by our CIO and Assistant Vice President (AVP) of IT Infrastructure and Security. Such individuals have collectively over 50 years of work experience in various roles managing information security, developing cybersecurity strategy, and implementing effective information and cybersecurity programs.
Periodically, the CIO also presents to the Board an overview of our cybersecurity threat risk management and strategy processes covering topics such as data security posture, results of third-party assessments, our incident response plan, and cybersecurity threat risks or incidents and developments, as well as the steps management has taken to respond to such risks.
Cybersecurity Risk Management Positions or Committees Responsible [Flag] true
Cybersecurity Risk Management Positions or Committees Responsible [Text Block] Management is responsible for day-to-day assessment and management of cybersecurity risks. Our cybersecurity risk management and strategy processes are led by our CIO and Assistant Vice President (AVP) of IT Infrastructure and Security.
Cybersecurity Risk Management Expertise of Management Responsible [Text Block] Our cybersecurity risk management and strategy processes are led by our CIO and Assistant Vice President (AVP) of IT Infrastructure and Security. Such individuals have collectively over 50 years of work experience in various roles managing information security, developing cybersecurity strategy, and implementing effective information and cybersecurity programs.
Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block] Periodically, the CIO also presents to the Board an overview of our cybersecurity threat risk management and strategy processes covering topics such as data security posture, results of third-party assessments, our incident response plan, and cybersecurity threat risks or incidents and developments, as well as the steps management has taken to respond to such risks.
Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag] true