|
Cybersecurity Risk Management, Strategy and Governance
|12 Months Ended
Dec. 31, 2024
|Cybersecurity Risk Management, Strategy, and Governance [Line Items]
|Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]
|
Item 1C. Cybersecurity
The Company is committed to maintaining robust governance and oversight of cybersecurity risks and to implementing processes, controls and technologies designed to help assess, identify, and manage material risks from cybersecurity threats. The Company’s Board of Directors has ultimate oversight of cybersecurity risks, which it manages as part of the Company’s enterprise risk management program. The Audit Committee assists the Board in reviewing the Company’s information security programs, including review of cybersecurity processes, procedures and safeguards. To more effectively prevent, detect and respond to information security threats, the Company maintains a cyber risk management program, which is aligned with the National Institute of Standards and Technology (“NIST”) Cybersecurity Framework. The Cyber Risk Management program is supervised by the Company’s executive officer, the Vice President and Chief Information Officer, who is responsible for leading company-wide cybersecurity strategy, policy, standards, architecture and processes. The Vice President and Chief Information Officer has extensive experience assessing and managing cybersecurity programs and risks and has served in this position since 2019. The team includes the Senior Director of IT Operations & Security, who is a Certified Information Security Manager reporting directly to the Vice President and Chief Information Officer. The Audit Committee receives regular reports from the Vice President and Chief Information Officer on, among other things, the Company’s cyber risks and threats, the status of projects to strengthen the Company’s information security systems, assessments of the Company’s security program and the emerging threat landscape. Additionally, the Vice President and Chief Information Officer chairs the Company’s Cybersecurity Risk Oversight working group, which drives awareness, ownership and alignment across broad governance and risk stakeholder groups for effective cybersecurity risk management and reporting. Upon the occurrence of a cybersecurity incident, a documented process is followed to escalate notifications to the Company’s CEO and Board, as appropriate.
The Company annually engages third parties such as assessors, consultants and auditors (as well as its internal audit department) to audit the Company’s information security programs, whose findings are reported to the Audit Committee. The Company also actively engage with key vendors, industry participants, and the U.S. Coast Guard as part of its efforts, which are reported to the Audit Committee.
The Company’s approach to cybersecurity risk management includes the following key elements:
•
Continuous monitoring – The Company actively searches for cybersecurity threats, including those associated with its use of third-party vendors, through the use of data analytics and network vulnerability monitoring systems and threat intelligence.
•
Third party risk assessments – From time to time, the Company engages third party consultants or other advisors to assist in assessing points of vulnerability in its information security systems.
•
Internal threats – The Company maintains a program designed to monitor and address risk from within the Company.
•
Vendor engagement – The Company assesses the risk of vendors who are critical digital partners in order to support the resiliency of the supply chain and seeks to include risk appropriate terms and conditions in its vendor contracts.
•
Training and Awareness – The Company has various information technology policies, including an Information Security Awareness Training Policy, that relate to cybersecurity. The Company provides employee education and training that reinforces its information technology policies, standards and practices, as well as the expectation that employees comply with these policies. This training empowers employees to identify and report potential cybersecurity risks and protect the Company’s resources and information. This training is mandatory for all employees globally and is administered on an annual basis, and it is supplemented by Company-wide testing initiatives, including periodic phishing tests. Further education is provided at operations meetings to raise awareness and educate on current topics. The Company provides specialized security training for certain employee roles. The Company also requires employees to sign confidentiality agreements, where appropriate to their role. The Company has also recently adopted an Artificial Intelligence Use Policy to mitigate cybersecurity and other risks associated with use of artificial intelligence technology.
The Company continues to invest in its cybersecurity systems and to enhance its internal controls and processes. While the Company has not, as of the date of this Form 10-K, identified a cybersecurity threat or incident that resulted in a material adverse impact to its business, results of operations or financial condition, there can be no guarantee that the Company will not experience such an incident in the future. For more information regarding the risks the Company faces from cybersecurity threats, please see Item 1A-Risk Factors.
|Cybersecurity Risk Management Third Party Engaged [Flag]
|true
|Cybersecurity Risk Third Party Oversight and Identification Processes [Flag]
|true
|Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag]
|false
|Cybersecurity Risk Board of Directors Oversight [Text Block]
|
The Company is committed to maintaining robust governance and oversight of cybersecurity risks and to implementing processes, controls and technologies designed to help assess, identify, and manage material risks from cybersecurity threats. The Company’s Board of Directors has ultimate oversight of cybersecurity risks, which it manages as part of the Company’s enterprise risk management program. The Audit Committee assists the Board in reviewing the Company’s information security programs, including review of cybersecurity processes, procedures and safeguards. To more effectively prevent, detect and respond to information security threats, the Company maintains a cyber risk management program, which is aligned with the National Institute of Standards and Technology (“NIST”) Cybersecurity Framework. The Cyber Risk Management program is supervised by the Company’s executive officer, the Vice President and Chief Information Officer, who is responsible for leading company-wide cybersecurity strategy, policy, standards, architecture and processes. The Vice President and Chief Information Officer has extensive experience assessing and managing cybersecurity programs and risks and has served in this position since 2019. The team includes the Senior Director of IT Operations & Security, who is a Certified Information Security Manager reporting directly to the Vice President and Chief Information Officer. The Audit Committee receives regular reports from the Vice President and Chief Information Officer on, among other things, the Company’s cyber risks and threats, the status of projects to strengthen the Company’s information security systems, assessments of the Company’s security program and the emerging threat landscape. Additionally, the Vice President and Chief Information Officer chairs the Company’s Cybersecurity Risk Oversight working group, which drives awareness, ownership and alignment across broad governance and risk stakeholder groups for effective cybersecurity risk management and reporting. Upon the occurrence of a cybersecurity incident, a documented process is followed to escalate notifications to the Company’s CEO and Board, as appropriate.
|Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block]
|The Audit Committee assists the Board in reviewing the Company’s information security programs, including review of cybersecurity processes, procedures and safeguards. To more effectively prevent, detect and respond to information security threats, the Company maintains a cyber risk management program, which is aligned with the National Institute of Standards and Technology (“NIST”) Cybersecurity Framework. The Cyber Risk Management program is supervised by the Company’s executive officer, the Vice President and Chief Information Officer, who is responsible for leading company-wide cybersecurity strategy, policy, standards, architecture and processes.
|Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block]
|The Audit Committee assists the Board in reviewing the Company’s information security programs, including review of cybersecurity processes, procedures and safeguards.
|Cybersecurity Risk Role of Management [Text Block]
|
The Company is committed to maintaining robust governance and oversight of cybersecurity risks and to implementing processes, controls and technologies designed to help assess, identify, and manage material risks from cybersecurity threats. The Company’s Board of Directors has ultimate oversight of cybersecurity risks, which it manages as part of the Company’s enterprise risk management program. The Audit Committee assists the Board in reviewing the Company’s information security programs, including review of cybersecurity processes, procedures and safeguards. To more effectively prevent, detect and respond to information security threats, the Company maintains a cyber risk management program, which is aligned with the National Institute of Standards and Technology (“NIST”) Cybersecurity Framework. The Cyber Risk Management program is supervised by the Company’s executive officer, the Vice President and Chief Information Officer, who is responsible for leading company-wide cybersecurity strategy, policy, standards, architecture and processes. The Vice President and Chief Information Officer has extensive experience assessing and managing cybersecurity programs and risks and has served in this position since 2019. The team includes the Senior Director of IT Operations & Security, who is a Certified Information Security Manager reporting directly to the Vice President and Chief Information Officer. The Audit Committee receives regular reports from the Vice President and Chief Information Officer on, among other things, the Company’s cyber risks and threats, the status of projects to strengthen the Company’s information security systems, assessments of the Company’s security program and the emerging threat landscape. Additionally, the Vice President and Chief Information Officer chairs the Company’s Cybersecurity Risk Oversight working group, which drives awareness, ownership and alignment across broad governance and risk stakeholder groups for effective cybersecurity risk management and reporting. Upon the occurrence of a cybersecurity incident, a documented process is followed to escalate notifications to the Company’s CEO and Board, as appropriate.
|Cybersecurity Risk Management Positions or Committees Responsible [Flag]
|true
|Cybersecurity Risk Management Positions or Committees Responsible [Text Block]
|To more effectively prevent, detect and respond to information security threats, the Company maintains a cyber risk management program, which is aligned with the National Institute of Standards and Technology (“NIST”) Cybersecurity Framework. The Cyber Risk Management program is supervised by the Company’s executive officer, the Vice President and Chief Information Officer, who is responsible for leading company-wide cybersecurity strategy, policy, standards, architecture and processes.
|Cybersecurity Risk Management Expertise of Management Responsible [Text Block]
|The Vice President and Chief Information Officer has extensive experience assessing and managing cybersecurity programs and risks and has served in this position since 2019. The team includes the Senior Director of IT Operations & Security, who is a Certified Information Security Manager reporting directly to the Vice President and Chief Information Officer.
|Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block]
|To more effectively prevent, detect and respond to information security threats, the Company maintains a cyber risk management program, which is aligned with the National Institute of Standards and Technology (“NIST”) Cybersecurity Framework. The Cyber Risk Management program is supervised by the Company’s executive officer, the Vice President and Chief Information Officer, who is responsible for leading company-wide cybersecurity strategy, policy, standards, architecture and processes.
|Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag]
|true
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef