|
Cybersecurity Risk Management and Strategy Disclosure
|12 Months Ended
Dec. 31, 2024
|Cybersecurity Risk Management Strategy And Governance [Abstract]
|Cybersecurity Risk Management Processes For Assessing Identifying And Managing Threats [Text Block]
|
Risk Management and Strategy
The company maintains a multi-layered approach to cybersecurity risk management which leverages technology and human oversight. The company uses active and passive methods designed to continuously monitor information systems and assess, identify, and manage potential vulnerabilities and threats. This digital-security management process is integrated into the company’s broader enterprise risk management framework.
The company utilizes active monitoring techniques (e.g., penetration testing), designed to leverage multiple sources of threat intelligence and vulnerability scanning complemented by endpoint protection and network systems. The company has a rapid-response protocol designed to investigate system alerts of potential cybersecurity threats, and the company’s incident response plan provides a structured approach to inter-departmental assessment, mitigation, and resolution of cybersecurity threats. The company conducts regular tabletop exercises to test and fortify the controls of its cybersecurity incident response program.
The company maintains strategic relationships with third-party cybersecurity experts and coordinates with various law-enforcement partners, each of whom may be engaged to provide additional investigative and remediation support. The company’s senior security leadership conducts periodic, in-depth reviews with the company’s enterprise risk management team and internal and external auditors to evaluate the effectiveness of the company’s cybersecurity systems, controls, and management processes.
The company conducts a security assessment for potential suppliers and service providers, which includes detailed interviews, questionnaires, and cyber-risk scoring. This process extends beyond initial engagement, with ongoing monitoring to identify emerging security risks or changes in suppliers’ risk profiles.
The company describes whether and how risks from identified cybersecurity threats have materially affected or are reasonably likely to materially affect the company under the heading “Cybersecurity incidents may hurt the company’s business, damage its reputation, increase its costs, and cause losses,” included as part of the company’s risk factor disclosures in Item 1A of this Annual Report on Form 10-K. To date, the company is not aware of any cybersecurity threats or incidents that have materially affected, or are reasonably likely to materially affect, the company, including its financial condition, results of operations, or business strategies.
|Cybersecurity Risk Management Processes Integrated [Flag]
|true
|Cybersecurity Risk Management Processes Integrated [Text Block]
|
The company maintains a multi-layered approach to cybersecurity risk management which leverages technology and human oversight. The company uses active and passive methods designed to continuously monitor information systems and assess, identify, and manage potential vulnerabilities and threats. This digital-security management process is integrated into the company’s broader enterprise risk management framework.
The company utilizes active monitoring techniques (e.g., penetration testing), designed to leverage multiple sources of threat intelligence and vulnerability scanning complemented by endpoint protection and network systems. The company has a rapid-response protocol designed to investigate system alerts of potential cybersecurity threats, and the company’s incident response plan provides a structured approach to inter-departmental assessment, mitigation, and resolution of cybersecurity threats. The company conducts regular tabletop exercises to test and fortify the controls of its cybersecurity incident response program.
|Cybersecurity Risk Management Third Party Engaged [Flag]
|true
|Cybersecurity Risk Third Party Oversight And Identification Processes [Flag]
|true
|Cybersecurity Risk Materially Affected Or Reasonably Likely To Materially Affect Registrant [Flag]
|false
|Cybersecurity Risk Board Of Directors Oversight [Text Block]
|
Governance
The Board of Directors of the company (the “Board”), primarily through its Audit Committee, oversees the company’s cybersecurity program. The company’s CIO and CSO regularly report to the Audit Committee on the current state of the company’s cybersecurity program (including the current threat landscape, cybersecurity risks, and any significant incidents). The Audit Committee may provide updates to the Board on the substance of these reports and any recommendations for enhancements that the Audit Committee deems appropriate.
The CIO and CSO receive regular reports from the company’s cybersecurity department, both historical and real-time, about the company’s global cybersecurity status. The company believes this approach enables the CIO and CSO to monitor the company's global security status and to identify and assess potential threats. The company has established written policies and procedures to ensure that cybersecurity incidents are immediately investigated, addressed through the coordination of various internal departments, and publicly reported (to the extent required by applicable law). The company’s security organization assesses the severity and priority of incidents on a rolling basis, with escalations of
cybersecurity incidents provided to the management team. If management determines a cybersecurity incident is material, the company’s incident response plan and its disclosure controls and procedures set forth the process for any required disclosures and require management to promptly inform the Board.
Under the direction of the CIO, the CSO is responsible for global cybersecurity and business continuity, which includes security architecture, security operations, incident response, IT risk and compliance, physical security, fraud and security awareness and training. The CSO has over 20 years of security experience and holds a degree in IT and cybersecurity, along with maintaining certifications in risk, information security, data privacy, legal investigations, and audit, among other disciplines. The other members of the company’s security organization also have extensive cybersecurity, business, and technology experience and all hold certifications in their area of expertise.
|Cybersecurity Risk Board Committee Or Subcommittee Responsible For Oversight [Text Block]
|Audit Committee
|Cybersecurity Risk Process For Informing Board Committee Or Subcommittee Responsible For Oversight [Text Block]
|
The Board of Directors of the company (the “Board”), primarily through its Audit Committee, oversees the company’s cybersecurity program. The company’s CIO and CSO regularly report to the Audit Committee on the current state of the company’s cybersecurity program (including the current threat landscape, cybersecurity risks, and any significant incidents). The Audit Committee may provide updates to the Board on the substance of these reports and any recommendations for enhancements that the Audit Committee deems appropriate.
|Cybersecurity Risk Role Of Management [Text Block]
|The company’s CIO and CSO regularly report to the Audit Committee on the current state of the company’s cybersecurity program (including the current threat landscape, cybersecurity risks, and any significant incidents). The Audit Committee may provide updates to the Board on the substance of these reports and any recommendations for enhancements that the Audit Committee deems appropriate.
|Cybersecurity Risk Management Positions Or Committees Responsible [Flag]
|true
|Cybersecurity Risk Management Positions Or Committees Responsible [Text Block]
|The company’s CIO and CSO
|Cybersecurity Risk Management Expertise Of Management Responsible [Text Block]
|
Under the direction of the CIO, the CSO is responsible for global cybersecurity and business continuity, which includes security architecture, security operations, incident response, IT risk and compliance, physical security, fraud and security awareness and training. The CSO has over 20 years of security experience and holds a degree in IT and cybersecurity, along with maintaining certifications in risk, information security, data privacy, legal investigations, and audit, among other disciplines. The other members of the company’s security organization also have extensive cybersecurity, business, and technology experience and all hold certifications in their area of expertise.
|Cybersecurity Risk Process For Informing Management Or Committees Responsible [Text Block]
|
The CIO and CSO receive regular reports from the company’s cybersecurity department, both historical and real-time, about the company’s global cybersecurity status. The company believes this approach enables the CIO and CSO to monitor the company's global security status and to identify and assess potential threats. The company has established written policies and procedures to ensure that cybersecurity incidents are immediately investigated, addressed through the coordination of various internal departments, and publicly reported (to the extent required by applicable law). The company’s security organization assesses the severity and priority of incidents on a rolling basis, with escalations of
cybersecurity incidents provided to the management team. If management determines a cybersecurity incident is material, the company’s incident response plan and its disclosure controls and procedures set forth the process for any required disclosures and require management to promptly inform the Board.
|Cybersecurity Risk Management Positions Or Committees Responsible Report To Board [Flag]
|true
|X
- References
+ Details
No definition available.
|X
- References
+ Details
No definition available.
|X
- References
+ Details
No definition available.
|X
- References
+ Details
No definition available.
|X
- References
+ Details
No definition available.
|X
- References
+ Details
No definition available.
|X
- References
+ Details
No definition available.
|X
- References
+ Details
No definition available.
|X
- References
+ Details
No definition available.
|X
- References
+ Details
No definition available.
|X
- References
+ Details
No definition available.
|X
- References
+ Details
No definition available.
|X
- References
+ Details
No definition available.
|X
- References
+ Details
No definition available.
|X
- References
+ Details
No definition available.
|X
- References
+ Details
No definition available.