Cybersecurity Risk Management and Strategy Disclosure

12 Months Ended

Dec. 31, 2024

Cybersecurity Risk Management, Strategy, and Governance [Line Items]

Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]

Item 1C.       Cybersecurity

Cybersecurity Risk Management and Strategy

We recognize the increasing volume and sophistication of cyber threats and take our responsibility to protect the information and systems under our purview seriously. We consider cybersecurity threat risks alongside other Company risks as part of our overall risk assessment process. Our cybersecurity processes aim to provide a comprehensive approach to assess, identify, manage, mitigate, and respond to cybersecurity threats.

We maintain a cybersecurity risk program predicated on a risk-based approach. We use cost-effective controls that are commensurate with the risk and sensitivity of our specific information systems, control systems and enterprise data. Our cybersecurity program incorporates best practices and industry standards from multiple sources and is designed to comply with applicable regulations. The cybersecurity program includes, but is not limited to, the following elements: risk assessment, policies and procedures, training and awareness, auditing, log collection and analysis, threat hunting and intelligence surveillance, compliance monitoring and testing, and incident response.

Our internal professionals collaborate with external subject matter specialists, as necessary. All third parties engaged for such matters are subjected to scrutiny to ensure they satisfy our security standards. We periodically review our third party engagements to ensure that the providers maintain the necessary levels of protection and competency, as well as to oversee and identify potential cybersecurity risks and/or threats from such engagements.

We describe how risks from cybersecurity threats could materially affect us, including our business strategy, results of operations, or financial condition, as part of our risk factor disclosures at Part I, Item 1A, “Risk Factors” of this Annual Report on Form 10-K.

Cybersecurity Risk Management Processes Integrated [Flag]

true

Cybersecurity Risk Management Processes Integrated [Text Block]

We maintain a cybersecurity risk program predicated on a risk-based approach. We use cost-effective controls that are commensurate with the risk and sensitivity of our specific information systems, control systems and enterprise data. Our cybersecurity program incorporates best practices and industry standards from multiple sources and is designed to comply with applicable regulations. The cybersecurity program includes, but is not limited to, the following elements: risk assessment, policies and procedures, training and awareness, auditing, log collection and analysis, threat hunting and intelligence surveillance, compliance monitoring and testing, and incident response.

Cybersecurity Risk Management Third Party Engaged [Flag]

true

Cybersecurity Risk Third Party Oversight and Identification Processes [Flag]

true

Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag]

false

Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Text Block]

We describe how risks from cybersecurity threats could materially affect us, including our business strategy, results of operations, or financial condition, as part of our risk factor disclosures at Part I, Item 1A, “Risk Factors” of this Annual Report on Form 10-K.

Cybersecurity Risk Board of Directors Oversight [Text Block]

Cybersecurity Governance

Cybersecurity is an important part of our risk management processes and an area of focus for our Board and management. Our Board and its Corporate Governance, Nominating and Ethics Committee are responsible for oversight of our cybersecurity risk, including the effectiveness of cybersecurity risk management policies and protocols, while our Chief Information Officer (CIO) is responsible for our cybersecurity strategy and execution.

As part of the Board’s oversight, its Corporate Governance, Nominating and Ethics Committee, which is comprised entirely of independent directors, receives quarterly reports from executive management about the prevention, detection, mitigation, and remediation of cybersecurity incidents. The Board receives at least an annual report from executive management. Additionally, we have processes by which a cybersecurity incident would be escalated internally and, when appropriate, reported to the Board (or appropriate committee), as well as for updating the Board regarding such incident until it has been resolved.

Our CIO has more than 25 years of technology and information systems leadership experience, including as CIO of multiple consumer-focused companies. Our CIO reports to our chief executive officer.

Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block]

Cybersecurity is an important part of our risk management processes and an area of focus for our Board and management. Our Board and its Corporate Governance, Nominating and Ethics Committee are responsible for oversight of our cybersecurity risk, including the effectiveness of cybersecurity risk management policies and protocols, while our Chief Information Officer (CIO) is responsible for our cybersecurity strategy and execution.

Cybersecurity Risk Management Positions or Committees Responsible [Flag]

true

Cybersecurity Risk Management Expertise of Management Responsible [Text Block]

Our CIO has more than 25 years of technology and information systems leadership experience, including as CIO of multiple consumer-focused companies. Our CIO reports to our chief executive officer.

Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block]

As part of the Board’s oversight, its Corporate Governance, Nominating and Ethics Committee, which is comprised entirely of independent directors, receives quarterly reports from executive management about the prevention, detection, mitigation, and remediation of cybersecurity incidents. The Board receives at least an annual report from executive management. Additionally, we have processes by which a cybersecurity incident would be escalated internally and, when appropriate, reported to the Board (or appropriate committee), as well as for updating the Board regarding such incident until it has been resolved.

Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag]

true