|
Cybersecurity Risk Management, Strategy, and Governance
|12 Months Ended
Dec. 31, 2024
|Cybersecurity Risk Management, Strategy, and Governance [Line Items]
|Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]
|
Item 1C. Cybersecurity
Risk Management and Strategy
The Company’s cybersecurity risk management strategy is comprised of several key elements. We assess our information technology and data management/storage systems and related policies and practices to help guide and prioritize our cybersecurity and information technology-related investments, activities and risk management strategy. We leverage a variety of technologies to attempt to mitigate the risk of cybersecurity threats and incidents. The Company has a multi-layer approach to its technology solutions, including employing applications used for perimeter, network, end point and application security as well as for data recovery, in each case tailored to the Company’s systems, data, risk profile and mitigation strategy. From time to time, we use third-party service providers and software to augment and test our technology solutions and further support our risk mitigation strategy. Further, the Company maintains processes to oversee and identify material risks from cybersecurity threats associated with its use of third-party service providers.
CTS uses a managed security services provider (MSSP) and other technologies to collect alerts and security audit logs, monitor and assess cybersecurity threat intelligence, and take actions to help us prevent, detect, mitigate and remediate cybersecurity incidents.
We have a cybersecurity training program that covers a variety of topics designed to educate our employees about the importance of cybersecurity awareness, highlight typical cybersecurity-related risks and issues (such as phishing attacks and other methods used to attempt to infiltrate our systems) and test that awareness using knowledge assessments and simulations. The training is administered to employees on a rolling basis, and we use a third-party provider for the content and periodically update the training to incorporate new cybersecurity-related developments.
The oversight of our cybersecurity risk is integrated into our enterprise-wide risk management process. We annually review cybersecurity risk as part of our enterprise risk management process and evaluate whether to integrate those findings into our overall cybersecurity strategy. We have a Cybersecurity Strategy Committee, which is a cross-functional team of business representatives led by our Vice President of IT & Digitization, which is responsible for spearheading the ongoing development and execution of our cybersecurity strategy. The Cybersecurity Strategy Committee meets regularly and at other times as needed, and periodically updates the Company’s management on its progress and activities.
Like many other companies, from time to time, we detect attempts by third parties to gain access to our systems and networks, and the frequency of such attempts could increase in the future. We have in the past been subject to cybersecurity incidents which have not had a material impact on our business or financial condition and expect that we will be subject to additional cybersecurity incidents in the future. As of the date of this Annual Report on Form 10-K, we are not aware of any cybersecurity threats, including as a result of previous cybersecurity incidents, that have materially affected or are reasonably likely to materially affect the Company, including its business strategy, results of operations or financial condition. However, there can be no assurance that our efforts to prevent or mitigate cybersecurity incidents will be successful. Please see “Risks Related to Technology and Data Privacy” in “Risk Factors” in Section 1A of this Annual Report on Form 10-K.
Governance
Our cybersecurity program is overseen by our Vice President of IT & Digitization, who has over 14 years of experience working in various information technology roles and has managed and evolved the cybersecurity function at CTS for the past three years. Our Vice President of IT & Digitization is supported by a team of enterprise information system and security risk professionals (collectively, the “IT Team”), who are responsible for identifying, assessing, monitoring, managing and communicating the Company’s cybersecurity risks. The IT Team includes a cybersecurity leader with over 30 years of experience in IT infrastructure, IT operations and cybersecurity, and members who hold Certified Information Systems Security Professional (CISSP) and Certified Information System Auditor (CISA) certifications and have experience developing and implementing enterprise-wide cybersecurity strategies and initiatives, managing risks relating thereto, and evaluating industry standards and regulations.
While our Board has the ultimate oversight responsibility for the risk management process, the Audit Committee is responsible for oversight of our cybersecurity strategy and risks. The Vice President of IT & Digitization and other members of management provide the Audit Committee with quarterly and as needed updates on the Company’s cybersecurity strategy and risks. In addition, the Board
is provided with an annual cybersecurity update that addresses similar topics to those discussed with the Audit Committee on a quarterly basis.
In the event of a reported potential cybersecurity incident, our IT Team decides whether such an incident triggers our Cybersecurity Threat Evaluation and Response Plan (the “Response Plan”). If triggered, the Company’s cybersecurity response team, as needed under the circumstances (the “Cyber Response Team”), is convened. Members of the Cyber Response Team, as appropriate and as set forth in the Response Plan, are responsible for developing, recommending and implementing measures to address the cybersecurity incident, including when appropriate, assessing, containing and mitigating its impact, notifying members of the Company’s management, the Audit Committee and the full Board of the cybersecurity incident, and coordinating external communications, in each case as appropriate under the circumstances. The IT Team is responsible for implementing and monitoring the effectiveness of any remediation plan adopted as a result of a cybersecurity incident.
|Cybersecurity Risk Management Processes Integrated [Flag]
|true
|Cybersecurity Risk Management Processes Integrated [Text Block]
|The oversight of our cybersecurity risk is integrated into our enterprise-wide risk management process. We annually review cybersecurity risk as part of our enterprise risk management process and evaluate whether to integrate those findings into our overall cybersecurity strategy.
|Cybersecurity Risk Management Third Party Engaged [Flag]
|true
|Cybersecurity Risk Third Party Oversight and Identification Processes [Flag]
|true
|Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag]
|false
|Cybersecurity Risk Board of Directors Oversight [Text Block]
|
While our Board has the ultimate oversight responsibility for the risk management process, the Audit Committee is responsible for oversight of our cybersecurity strategy and risks. The Vice President of IT & Digitization and other members of management provide the Audit Committee with quarterly and as needed updates on the Company’s cybersecurity strategy and risks. In addition, the Board
is provided with an annual cybersecurity update that addresses similar topics to those discussed with the Audit Committee on a quarterly basis.
|Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block]
|While our Board has the ultimate oversight responsibility for the risk management process, the Audit Committee is responsible for oversight of our cybersecurity strategy and risks.
|Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block]
|he Audit Committee with quarterly and as needed updates on the Company’s cybersecurity strategy and risks. In addition, the Board
is provided with an annual cybersecurity update that addresses similar topics to those discussed with the Audit Committee on a quarterly basis.
|Cybersecurity Risk Role of Management [Text Block]
|Our cybersecurity program is overseen by our Vice President of IT & Digitization, who has over 14 years of experience working in various information technology roles and has managed and evolved the cybersecurity function at CTS for the past three years. Our Vice President of IT & Digitization is supported by a team of enterprise information system and security risk professionals (collectively, the “IT Team”), who are responsible for identifying, assessing, monitoring, managing and communicating the Company’s cybersecurity risks. The IT Team includes a cybersecurity leader with over 30 years of experience in IT infrastructure, IT operations and cybersecurity, and members who hold Certified Information Systems Security Professional (CISSP) and Certified Information System Auditor (CISA) certifications and have experience developing and implementing enterprise-wide cybersecurity strategies and initiatives, managing risks relating thereto, and evaluating industry standards and regulations.
|Cybersecurity Risk Management Positions or Committees Responsible [Flag]
|true
|Cybersecurity Risk Management Positions or Committees Responsible [Text Block]
|Our Vice President of IT & Digitization is supported by a team of enterprise information system and security risk professionals (collectively, the “IT Team”), who are responsible for identifying, assessing, monitoring, managing and communicating the Company’s cybersecurity risks.
|Cybersecurity Risk Management Expertise of Management Responsible [Text Block]
|our Vice President of IT & Digitization, who has over 14 years of experience working in various information technology roles and has managed and evolved the cybersecurity function at CTS for the past three years.The IT Team includes a cybersecurity leader with over 30 years of experience in IT infrastructure, IT operations and cybersecurity, and members who hold Certified Information Systems Security Professional (CISSP) and Certified Information System Auditor (CISA) certifications and have experience developing and implementing enterprise-wide cybersecurity strategies and initiatives, managing risks relating thereto, and evaluating industry standards and regulations.
|Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block]
|
In the event of a reported potential cybersecurity incident, our IT Team decides whether such an incident triggers our Cybersecurity Threat Evaluation and Response Plan (the “Response Plan”). If triggered, the Company’s cybersecurity response team, as needed under the circumstances (the “Cyber Response Team”), is convened. Members of the Cyber Response Team, as appropriate and as set forth in the Response Plan, are responsible for developing, recommending and implementing measures to address the cybersecurity incident, including when appropriate, assessing, containing and mitigating its impact, notifying members of the Company’s management, the Audit Committee and the full Board of the cybersecurity incident, and coordinating external communications, in each case as appropriate under the circumstances. The IT Team is responsible for implementing and monitoring the effectiveness of any remediation plan adopted as a result of a cybersecurity incident.
|Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag]
|true
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef