|
Cybersecurity Risk Management and Strategy Disclosure
|12 Months Ended
Dec. 31, 2024
|Cybersecurity Risk Management, Strategy, and Governance [Line Items]
|Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]
|
The Company has developed and implemented a comprehensive cybersecurity risk management program that is intended to protect the secure processing, transmission and storage of confidential information in its computer systems and networks. The Company’s cybersecurity risk management program, a component of the Company’s Enterprise Risk Management (“ERM”) Program, is based on the National Institute of Standards and Technology (“NIST”) Cybersecurity Framework, regulatory guidance and other industry standards. The Company’s process for identifying, assessing, managing and prioritizing cybersecurity risks throughout the Company includes:
•A third party risk assessment program for the Company’s third party vendors that access the Company’s data (each, a “Vendor”) to ensure that all Vendors meet the Company’s cybersecurity requirements, including, periodic risk assessments of Vendors, monitoring Vendor compliance with the Company’s cybersecurity requirements, and a requirement that all contracts with Vendors include provisions requiring the Vendor to notify the Company of any cyber incident, and/or to maintain minimum levels of cybersecurity insurance;
•A security awareness program that includes training employees on best practices for securing the Company’s data, as well as regular social engineering testing to keep employees informed of cybersecurity threats and to train them to look for malicious emails and other potential cybersecurity threats;
•A dedicated information security team that monitors threats and vulnerabilities that arise, and regularly performs threat intelligence and vulnerability management;
•The Company’s engagement of a third party to conduct periodic independent testing of the Company’s cybersecurity defenses to confirm that the defenses are effective;
•A Managed Detection and Response (“MDR”) service that continuously monitors the Company’s systems and alerts the Company’s information security team of any detected anomalies or suspicious activity and stops any event that is deemed dangerous to the Company’s systems or networks;
•An Incident Response Plan (“IRP”) and Business Continuity Plan (“BCP”) which outline steps to be taken during a cyber incident and to recover systems and continue business operations following a cyber incident; and
•A Cybersecurity Incident Response Team (“CSIRT”) that tracks cyber incidents, including those that affect third parties that are handling the Company’s data.
Cybersecurity ThreatsDuring the fiscal year ended December 31, 2024, the Company did not identify any risks from cybersecurity threats, including as a result of any previous cybersecurity incidents, that have materially affected, or that are reasonably likely to materially affect the Company, including its business strategy, results of operations, or financial condition other than the risks described in Item 1A. “Risk Factors”
|Cybersecurity Risk Management Processes Integrated [Flag]
|true
|Cybersecurity Risk Management Processes Integrated [Text Block]
|The Company has developed and implemented a comprehensive cybersecurity risk management program that is intended to protect the secure processing, transmission and storage of confidential information in its computer systems and networks. The Company’s cybersecurity risk management program, a component of the Company’s Enterprise Risk Management (“ERM”) Program, is based on the National Institute of Standards and Technology (“NIST”) Cybersecurity Framework, regulatory guidance and other industry standards.
|Cybersecurity Risk Management Third Party Engaged [Flag]
|true
|Cybersecurity Risk Third Party Oversight and Identification Processes [Flag]
|true
|Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag]
|false
|Cybersecurity Risk Board of Directors Oversight [Text Block]
|
Board of Directors’ Oversight. The Company’s Board of Directors oversees the Company’s cybersecurity program, including the oversight of risks related to cybersecurity through various committees that are responsible for monitoring and testing the Company's information security. The Board of Directors conducts an annual review of the Company’s cybersecurity- related policies. Quarterly, the Company’s Senior Vice President, Director of Information Security (“DIS”) presents reports to the Audit Committee on vulnerability management and cybersecurity testing effectiveness, emerging threats and industry and regulatory changes that affect cybersecurity, and responds to inquiries from the Audit Committee. In addition, the Technology Committee receives and evaluates quarterly updates from the DIS on cybersecurity performance and on cybersecurity trends and strategies. The Board of Directors receives quarterly updates from the EVP, Chief Risk Officer (“CRO”) on cybersecurity metrics and the cybersecurity risk management program’s performance.
|Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block]
|
Board of Directors’ Oversight. The Company’s Board of Directors oversees the Company’s cybersecurity program, including the oversight of risks related to cybersecurity through various committees that are responsible for monitoring and testing the Company's information security. The Board of Directors conducts an annual review of the Company’s cybersecurity- related policies. Quarterly, the Company’s Senior Vice President, Director of Information Security (“DIS”) presents reports to the Audit Committee on vulnerability management and cybersecurity testing effectiveness, emerging threats and industry and regulatory changes that affect cybersecurity, and responds to inquiries from the Audit Committee. In addition, the Technology Committee receives and evaluates quarterly updates from the DIS on cybersecurity performance and on cybersecurity trends and strategies. The Board of Directors receives quarterly updates from the EVP, Chief Risk Officer (“CRO”) on cybersecurity metrics and the cybersecurity risk management program’s performance.
Management Oversight. While the Board of Directors and its Audit and Technology Committees oversee management’s processes related to cybersecurity risks, management is responsible for identifying, monitoring and mitigating the material cybersecurity risks that face the Company. The Company’s CRO is directly responsible for the overall cybersecurity risk management program which is a part of the Company's ERM Program. The CRO and the DIS oversee the information security department’s implementation and maintenance of the cybersecurity risk management program, including oversight of Vendors and regular reporting to the Board of Directors and its Audit and Technology Committees on the effectiveness of the
cybersecurity risk management program. The DIS updates the CRO as appropriate, including as new developments or information related to cyber incidents arise.
The Company’s CRO has over 27 years of experience in cybersecurity and information technology. The CRO joined the Company in 2011 and became CRO in July 2023. Prior to becoming CRO, he served as SVP and Director of Information Security & ERM for six years and prior to that served five years as Vice President and Senior Information Security Officer of the Company. Prior to joining the Company, the CRO had a ten year career in information technology and began his career serving with the U.S. Air Force, specializing in information technology, cybersecurity, risk mitigation, and encrypted communications.
The Company’s DIS joined the Company in 2023 and has over 20 years of experience in information technology and cybersecurity. The DIS has held senior management positions in information security for the past ten years. The DIS holds several industry certifications including Certified Information Systems Security Professional (“CISSP”), Certified Information Systems Auditor (“CISA”), Certified in Risk and Management Systems Controls (“CRISC”) and Certified Data Privacy Solutions Engineer (“CDPSE”).
|Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block]
|
Management Oversight. While the Board of Directors and its Audit and Technology Committees oversee management’s processes related to cybersecurity risks, management is responsible for identifying, monitoring and mitigating the material cybersecurity risks that face the Company. The Company’s CRO is directly responsible for the overall cybersecurity risk management program which is a part of the Company's ERM Program. The CRO and the DIS oversee the information security department’s implementation and maintenance of the cybersecurity risk management program, including oversight of Vendors and regular reporting to the Board of Directors and its Audit and Technology Committees on the effectiveness of the
cybersecurity risk management program. The DIS updates the CRO as appropriate, including as new developments or information related to cyber incidents arise.
The Company’s CRO has over 27 years of experience in cybersecurity and information technology. The CRO joined the Company in 2011 and became CRO in July 2023. Prior to becoming CRO, he served as SVP and Director of Information Security & ERM for six years and prior to that served five years as Vice President and Senior Information Security Officer of the Company. Prior to joining the Company, the CRO had a ten year career in information technology and began his career serving with the U.S. Air Force, specializing in information technology, cybersecurity, risk mitigation, and encrypted communications.
The Company’s DIS joined the Company in 2023 and has over 20 years of experience in information technology and cybersecurity. The DIS has held senior management positions in information security for the past ten years. The DIS holds several industry certifications including Certified Information Systems Security Professional (“CISSP”), Certified Information Systems Auditor (“CISA”), Certified in Risk and Management Systems Controls (“CRISC”) and Certified Data Privacy Solutions Engineer (“CDPSE”).
|Cybersecurity Risk Role of Management [Text Block]
|
Board of Directors’ Oversight. The Company’s Board of Directors oversees the Company’s cybersecurity program, including the oversight of risks related to cybersecurity through various committees that are responsible for monitoring and testing the Company's information security. The Board of Directors conducts an annual review of the Company’s cybersecurity- related policies. Quarterly, the Company’s Senior Vice President, Director of Information Security (“DIS”) presents reports to the Audit Committee on vulnerability management and cybersecurity testing effectiveness, emerging threats and industry and regulatory changes that affect cybersecurity, and responds to inquiries from the Audit Committee. In addition, the Technology Committee receives and evaluates quarterly updates from the DIS on cybersecurity performance and on cybersecurity trends and strategies. The Board of Directors receives quarterly updates from the EVP, Chief Risk Officer (“CRO”) on cybersecurity metrics and the cybersecurity risk management program’s performance.
Management Oversight. While the Board of Directors and its Audit and Technology Committees oversee management’s processes related to cybersecurity risks, management is responsible for identifying, monitoring and mitigating the material cybersecurity risks that face the Company. The Company’s CRO is directly responsible for the overall cybersecurity risk management program which is a part of the Company's ERM Program. The CRO and the DIS oversee the information security department’s implementation and maintenance of the cybersecurity risk management program, including oversight of Vendors and regular reporting to the Board of Directors and its Audit and Technology Committees on the effectiveness of the
cybersecurity risk management program. The DIS updates the CRO as appropriate, including as new developments or information related to cyber incidents arise.
|Cybersecurity Risk Management Positions or Committees Responsible [Flag]
|true
|Cybersecurity Risk Management Positions or Committees Responsible [Text Block]
|
Management Oversight. While the Board of Directors and its Audit and Technology Committees oversee management’s processes related to cybersecurity risks, management is responsible for identifying, monitoring and mitigating the material cybersecurity risks that face the Company. The Company’s CRO is directly responsible for the overall cybersecurity risk management program which is a part of the Company's ERM Program. The CRO and the DIS oversee the information security department’s implementation and maintenance of the cybersecurity risk management program, including oversight of Vendors and regular reporting to the Board of Directors and its Audit and Technology Committees on the effectiveness of the
cybersecurity risk management program. The DIS updates the CRO as appropriate, including as new developments or information related to cyber incidents arise.
The Company’s CRO has over 27 years of experience in cybersecurity and information technology. The CRO joined the Company in 2011 and became CRO in July 2023. Prior to becoming CRO, he served as SVP and Director of Information Security & ERM for six years and prior to that served five years as Vice President and Senior Information Security Officer of the Company. Prior to joining the Company, the CRO had a ten year career in information technology and began his career serving with the U.S. Air Force, specializing in information technology, cybersecurity, risk mitigation, and encrypted communications.
The Company’s DIS joined the Company in 2023 and has over 20 years of experience in information technology and cybersecurity. The DIS has held senior management positions in information security for the past ten years. The DIS holds several industry certifications including Certified Information Systems Security Professional (“CISSP”), Certified Information Systems Auditor (“CISA”), Certified in Risk and Management Systems Controls (“CRISC”) and Certified Data Privacy Solutions Engineer (“CDPSE”).
|Cybersecurity Risk Management Expertise of Management Responsible [Text Block]
|
The Company’s CRO has over 27 years of experience in cybersecurity and information technology. The CRO joined the Company in 2011 and became CRO in July 2023. Prior to becoming CRO, he served as SVP and Director of Information Security & ERM for six years and prior to that served five years as Vice President and Senior Information Security Officer of the Company. Prior to joining the Company, the CRO had a ten year career in information technology and began his career serving with the U.S. Air Force, specializing in information technology, cybersecurity, risk mitigation, and encrypted communications.
The Company’s DIS joined the Company in 2023 and has over 20 years of experience in information technology and cybersecurity. The DIS has held senior management positions in information security for the past ten years. The DIS holds several industry certifications including Certified Information Systems Security Professional (“CISSP”), Certified Information Systems Auditor (“CISA”), Certified in Risk and Management Systems Controls (“CRISC”) and Certified Data Privacy Solutions Engineer (“CDPSE”).
|Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block]
|
Board of Directors’ Oversight. The Company’s Board of Directors oversees the Company’s cybersecurity program, including the oversight of risks related to cybersecurity through various committees that are responsible for monitoring and testing the Company's information security. The Board of Directors conducts an annual review of the Company’s cybersecurity- related policies. Quarterly, the Company’s Senior Vice President, Director of Information Security (“DIS”) presents reports to the Audit Committee on vulnerability management and cybersecurity testing effectiveness, emerging threats and industry and regulatory changes that affect cybersecurity, and responds to inquiries from the Audit Committee. In addition, the Technology Committee receives and evaluates quarterly updates from the DIS on cybersecurity performance and on cybersecurity trends and strategies. The Board of Directors receives quarterly updates from the EVP, Chief Risk Officer (“CRO”) on cybersecurity metrics and the cybersecurity risk management program’s performance.
Management Oversight. While the Board of Directors and its Audit and Technology Committees oversee management’s processes related to cybersecurity risks, management is responsible for identifying, monitoring and mitigating the material cybersecurity risks that face the Company. The Company’s CRO is directly responsible for the overall cybersecurity risk management program which is a part of the Company's ERM Program. The CRO and the DIS oversee the information security department’s implementation and maintenance of the cybersecurity risk management program, including oversight of Vendors and regular reporting to the Board of Directors and its Audit and Technology Committees on the effectiveness of the
cybersecurity risk management program. The DIS updates the CRO as appropriate, including as new developments or information related to cyber incidents arise.
|Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag]
|true
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef