XML 52 R35.htm IDEA: XBRL DOCUMENT v3.25.0.1
Cybersecurity Risk Management and Strategy Disclosure
 12 Months Ended
Dec. 31, 2024
Cybersecurity Risk Management, Strategy, and Governance [Line Items]  
Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]
Our Board is actively engaged in the oversight of the Company’s cybersecurity, information security, data protection, and technology programs (“cybersecurity”) . The Audit Committee of the Board, acting through its written charter, serves as the principal agent of the Board in fulfilling its oversight and review of the Company’s policies and procedures with respect to cybersecurity risk assessment and risk management. The Company’s Chief Information Officer (CIO) leads the Company’s cybersecurity risk assessment and risk management program. Our CIO, with over 25 years of experience leading cybersecurity
oversight, brings a wealth of expertise and in-depth knowledge that is instrumental in developing and executing our cybersecurity program.

Our cybersecurity program is fully integrated into the Company’s overall enterprise risk management program. Our Vice President, Risk and Compliance (VP of Risk) facilitates the enterprise risk management program, and helps ensure that risk management is integrated into our strategic and operating planning process. The VP of Risk works closely with the CIO and his information technology security team to continuously evaluate and address cybersecurity risks in alignment with our business objectives and operational needs. This integration ensures that cybersecurity considerations are an integral part of our decision-making processes at every level.

The CIO continually assesses industry best practices, frameworks, and standards, and leverages them to advance our cybersecurity program. This ongoing knowledge acquisition is crucial for the effective prevention, detection, mitigation, and remediation of cybersecurity incidents. Our cybersecurity risk management program includes the deployment of tools and activities designed to prevent, detect, and analyze current and emerging cybersecurity threats, and plans and strategies to address threats and incidents. Program highlights include:

a.Employing a multi-layer strategy of defense designed to ensure the safety, security, and responsible use of information and data.
b.Monitoring of all IT assets, resources, and data 24-hours per day, 7-days per week, 365-days per year by security operations center (SOC).
c.Performing annual testing of the Company’s incident response plan and cybersecurity posture by a third party.
d.Incorporating external expertise to manage the SOC, perform penetration tests, cyber-attack simulation exercises, and log management to review anomalies indicating a possible breach.
e.Maintaining a business continuity program and cyber insurance.
f.Performing periodic employee simulated phishing campaigns.
g.Conducting annual cybersecurity and insider threat training for all employees.
In addition to assessing our own cybersecurity preparedness, we also consider and evaluate cybersecurity risks associated with use of third-party service providers. Our Internal Audit team conducts an annual review of third-party hosted applications with a specific focus on any sensitive data shared with third parties. The internal business owners of the hosted applications are required to provide a System and Organization Controls (SOC) 1 or SOC 2 report. If a third-party vendor is not able to provide a SOC 1 or SOC 2 report, we take additional steps to assess their cybersecurity preparedness and assess our relationship on that basis.
Cybersecurity Risk Management Processes Integrated [Flag] true
Cybersecurity Risk Management Processes Integrated [Text Block] Our cybersecurity program is fully integrated into the Company’s overall enterprise risk management program. Our Vice President, Risk and Compliance (VP of Risk) facilitates the enterprise risk management program, and helps ensure that risk management is integrated into our strategic and operating planning process. The VP of Risk works closely with the CIO and his information technology security team to continuously evaluate and address cybersecurity risks in alignment with our business objectives and operational needs. This integration ensures that cybersecurity considerations are an integral part of our decision-making processes at every level.
Cybersecurity Risk Management Third Party Engaged [Flag] true
Cybersecurity Risk Third Party Oversight and Identification Processes [Flag] true
Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag] false
Cybersecurity Risk Board of Directors Oversight [Text Block] Our Board is actively engaged in the oversight of the Company’s cybersecurity, information security, data protection, and technology programs (“cybersecurity”) . The Audit Committee of the Board, acting through its written charter, serves as the principal agent of the Board in fulfilling its oversight and review of the Company’s policies and procedures with respect to cybersecurity risk assessment and risk management.
Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block] The Audit Committee of the Board, acting through its written charter, serves as the principal agent of the Board in fulfilling its oversight and review of the Company’s policies and procedures with respect to cybersecurity risk assessment and risk management
Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block] The CIO plays a pivotal role in informing the Audit Committee, as well as our CEO and other members of our senior management team, including our Chief Financial Officer (CFO), COO, and General Counsel, on cybersecurity risks. The CIO provides comprehensive briefings to the Audit Committee on a periodic basis, which the CEO and other members of our senior management team attend. This report includes discussions of rapidly evolving cybersecurity threats, cybersecurity incidents, cybersecurity technologies and solutions deployed, major cybersecurity risk areas, and policies and procedures to address those risks and cybersecurity incidents. The report also includes third-party assessments of our cybersecurity program, which are conducted regularly. The CIO also informs the CEO and other members of our senior management team on a more informal basis of all aspects related to cybersecurity risks and incidents. This ensures that the highest levels of management are kept abreast of the cybersecurity posture and potential risks facing us. Any significant cybersecurity matters and strategic risk management decisions related thereto are escalated to the Board of Directors, ensuring that they have comprehensive oversight and can provide guidance on significant cybersecurity issues.
Cybersecurity Risk Role of Management [Text Block] The Company’s Chief Information Officer (CIO) leads the Company’s cybersecurity risk assessment and risk management program. Our CIO, with over 25 years of experience leading cybersecurity
oversight, brings a wealth of expertise and in-depth knowledge that is instrumental in developing and executing our cybersecurity program.

Our cybersecurity program is fully integrated into the Company’s overall enterprise risk management program. Our Vice President, Risk and Compliance (VP of Risk) facilitates the enterprise risk management program, and helps ensure that risk management is integrated into our strategic and operating planning process. The VP of Risk works closely with the CIO and his information technology security team to continuously evaluate and address cybersecurity risks in alignment with our business objectives and operational needs. This integration ensures that cybersecurity considerations are an integral part of our decision-making processes at every level.

The CIO continually assesses industry best practices, frameworks, and standards, and leverages them to advance our cybersecurity program. This ongoing knowledge acquisition is crucial for the effective prevention, detection, mitigation, and remediation of cybersecurity incidents. Our cybersecurity risk management program includes the deployment of tools and activities designed to prevent, detect, and analyze current and emerging cybersecurity threats, and plans and strategies to address threats and incidents. Program highlights include:

a.Employing a multi-layer strategy of defense designed to ensure the safety, security, and responsible use of information and data.
b.Monitoring of all IT assets, resources, and data 24-hours per day, 7-days per week, 365-days per year by security operations center (SOC).
c.Performing annual testing of the Company’s incident response plan and cybersecurity posture by a third party.
d.Incorporating external expertise to manage the SOC, perform penetration tests, cyber-attack simulation exercises, and log management to review anomalies indicating a possible breach.
e.Maintaining a business continuity program and cyber insurance.
f.Performing periodic employee simulated phishing campaigns.
g.Conducting annual cybersecurity and insider threat training for all employees.

In addition to assessing our own cybersecurity preparedness, we also consider and evaluate cybersecurity risks associated with use of third-party service providers. Our Internal Audit team conducts an annual review of third-party hosted applications with a specific focus on any sensitive data shared with third parties. The internal business owners of the hosted applications are required to provide a System and Organization Controls (SOC) 1 or SOC 2 report. If a third-party vendor is not able to provide a SOC 1 or SOC 2 report, we take additional steps to assess their cybersecurity preparedness and assess our relationship on that basis.
The CIO plays a pivotal role in informing the Audit Committee, as well as our CEO and other members of our senior management team, including our Chief Financial Officer (CFO), COO, and General Counsel, on cybersecurity risks. The CIO provides comprehensive briefings to the Audit Committee on a periodic basis, which the CEO and other members of our senior management team attend. This report includes discussions of rapidly evolving cybersecurity threats, cybersecurity incidents, cybersecurity technologies and solutions deployed, major cybersecurity risk areas, and policies and procedures to address those risks and cybersecurity incidents. The report also includes third-party assessments of our cybersecurity program, which are conducted regularly. The CIO also informs the CEO and other members of our senior management team on a more informal basis of all aspects related to cybersecurity risks and incidents. This ensures that the highest levels of management are kept abreast of the cybersecurity posture and potential risks facing us. Any significant cybersecurity matters and strategic risk management decisions related thereto are escalated to the Board of Directors, ensuring that they have comprehensive oversight and can provide guidance on significant cybersecurity issues.
Cybersecurity Risk Management Positions or Committees Responsible [Flag] true
Cybersecurity Risk Management Positions or Committees Responsible [Text Block] The Company’s Chief Information Officer (CIO) leads the Company’s cybersecurity risk assessment and risk management program.
Cybersecurity Risk Management Expertise of Management Responsible [Text Block] Our CIO, with over 25 years of experience leading cybersecurity oversight, brings a wealth of expertise and in-depth knowledge that is instrumental in developing and executing our cybersecurity program.
Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block] The CIO plays a pivotal role in informing the Audit Committee, as well as our CEO and other members of our senior management team, including our Chief Financial Officer (CFO), COO, and General Counsel, on cybersecurity risks. The CIO provides comprehensive briefings to the Audit Committee on a periodic basis, which the CEO and other members of our senior management team attend. This report includes discussions of rapidly evolving cybersecurity threats, cybersecurity incidents, cybersecurity technologies and solutions deployed, major cybersecurity risk areas, and policies and procedures to address those risks and cybersecurity incidents. The report also includes third-party assessments of our cybersecurity program, which are conducted regularly. The CIO also informs the CEO and other members of our senior management team on a more informal basis of all aspects related to cybersecurity risks and incidents. This ensures that the highest levels of management are kept abreast of the cybersecurity posture and potential risks facing us. Any significant cybersecurity matters and strategic risk management decisions related thereto are escalated to the Board of Directors, ensuring that they have comprehensive oversight and can provide guidance on significant cybersecurity issues.
Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag] true
Cybersecurity Risk Management Expertise of Management, Years Of Experience 25 years