XML 22 R9.htm IDEA: XBRL DOCUMENT v3.25.0.1
Cybersecurity Risk Management, Strategy, and Governance Disclosure
 12 Months Ended
Dec. 31, 2024
Cybersecurity Risk Management, Strategy, and Governance [Line Items]  
Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]

ITEM 1C. CYBERSECURITY.

The Company maintains a comprehensive cybersecurity management and governance program. The Company’s information security management system is based upon the National Institute of Standards and Technology Cybersecurity Framework (NIST CSF). The Company engages internal and third-party auditors and other professional parties when necessary, as part of its cybersecurity management program. The Company conducts penetration and compromise assessment tests, implements detection and prevention tools, monitors cyber events and has active disaster recovery plans. For third-party IT services, the Company conducts an architectural, privacy and security analysis of their solution. If any gaps are identified, the third-party remediates or mitigates the risk to an acceptable level. The Company simulates potential cyber-attacks and performs incident responses to test preparedness. These exercises are used to train and update the Company’s Incident Response plan, including any gaps identified. The Company conducts yearly information security training for employees and conducts ongoing phishing tests.

The Company’s Security Risk Council, including the Chief Information Security Officer, meets regularly to cover risks, plans and updates to the security program. It briefs the Board of Directors and/or the Audit Committee of the Board of Directors on technology and information security matters. Management and the Board of Directors also receive periodic updates on the status of cybersecurity investments to guard against such events. In the event of a security breach, the Company’s Security Risk Council evaluates its significance and briefs the Board on the event.

The Company has not experienced any notable security incidents that would have a material impact on the results of operations and financial condition of the Company. Certain dealers and suppliers have reported they have experienced cyberattacks and those have not caused any material impact to the Company.
Cybersecurity Risk Management Third Party Engaged [Flag] true
Cybersecurity Risk Third Party Oversight and Identification Processes [Flag] true
Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag] false
Cybersecurity Risk Board of Directors Oversight [Text Block] The Company’s Security Risk Council, including the Chief Information Security Officer, meets regularly to cover risks, plans and updates to the security program. It briefs the Board of Directors and/or the Audit Committee of the Board of Directors on technology and information security matters. Management and the Board of Directors also receive periodic updates on the status of cybersecurity investments to guard against such events. In the event of a security breach, the Company’s Security Risk Council evaluates its significance and briefs the Board on the event.
Cybersecurity Risk Role of Management [Text Block] The Company’s Security Risk Council, including the Chief Information Security Officer, meets regularly to cover risks, plans and updates to the security program. It briefs the Board of Directors and/or the Audit Committee of the Board of Directors on technology and information security matters. Management and the Board of Directors also receive periodic updates on the status of cybersecurity investments to guard against such events. In the event of a security breach, the Company’s Security Risk Council evaluates its significance and briefs the Board on the event.
Cybersecurity Risk Management Positions or Committees Responsible [Flag] true
Cybersecurity Risk Management Positions or Committees Responsible [Text Block] It briefs the Board of Directors and/or the Audit Committee of the Board of Directors on technology and information security matters. Management and the Board of Directors also receive periodic updates on the status of cybersecurity investments to guard against such events. In the event of a security breach, the Company’s Security Risk Council evaluates its significance and briefs the Board on the event.
Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block] The Company conducts penetration and compromise assessment tests, implements detection and prevention tools, monitors cyber events and has active disaster recovery plans.
Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag] true