Cybersecurity Risk Management and Strategy Disclosure |
12 Months Ended |
|---|---|
Dec. 31, 2024 | |
| Cybersecurity Risk Management, Strategy, and Governance [Line Items] | |
| Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block] |
We have an information security process integrated into our overall enterprise risk management (ERM) process that is designed to identify, assess, and manage material risks and threats from cybersecurity. To protect our information systems against cybersecurity threats, we employ a range of security processes designed to identify, prevent, detect, respond to, and recover from identified vulnerabilities and cybersecurity incidents in a timely manner. These include internal reporting mechanisms, monitoring solutions, and detection tools. We also leverage the expertise and support of key cybersecurity third-party partners and tools. Our protective measures include technical and organizational safeguards, employee training, incident response capability assessments, cybersecurity insurance, and business continuity mechanisms. We perform employee training as part of our information security processes for all employees. We regularly assess cybersecurity risks and technology threats, utilizing a qualitative risk model to identify, measure, and prioritize certain risks, and develop related security controls and safeguards.
Risk assessments are conducted when we onboard certain new services and new vendors, including third-party vendors, applications, and other technology services, and when there are significant changes to IT or security architecture. Further, we monitor key vendors to understand how such vendors manage cybersecurity risks and threats during the term of their provision services or products to us. As part of our cybersecurity incident response framework, our incident response team focuses on responding to, containing, and recovering from a cybersecurity threat and minimizing any business impact. In the event of a cybersecurity incident, the cybersecurity team assesses, among other factors, data and personal information loss, business operations disruption, projected cost and potential for reputational harm, with support from business stakeholders and external technical, legal and law enforcement support.
|
| Cybersecurity Risk Management Processes Integrated [Flag] | true |
| Cybersecurity Risk Management Processes Integrated [Text Block] | We have an information security process integrated into our overall enterprise risk management (ERM) process that is designed to identify, assess, and manage material risks and threats from cybersecurity. To protect our information systems against cybersecurity threats, we employ a range of security processes designed to identify, prevent, detect, respond to, and recover from identified vulnerabilities and cybersecurity incidents in a timely manner. These include internal reporting mechanisms, monitoring solutions, and detection tools. We also leverage the expertise and support of key cybersecurity third-party partners and tools. Our protective measures include technical and organizational safeguards, employee training, incident response capability assessments, cybersecurity insurance, and business continuity mechanisms. We perform employee training as part of our information security processes for all employees. We regularly assess cybersecurity risks and technology threats, utilizing a qualitative risk model to identify, measure, and prioritize certain risks, and develop related security controls and safeguards. |
| Cybersecurity Risk Management Third Party Engaged [Flag] | true |
| Cybersecurity Risk Third Party Oversight and Identification Processes [Flag] | true |
| Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag] | false |
| Cybersecurity Risk Board of Directors Oversight [Text Block] |
Our Board of Directors ("Board") and Audit Committee have oversight responsibility for cybersecurity risks and incidents, including compliance with disclosure requirements, collaboration with law enforcement, and related effects on financial and other risks. Findings and recommendations are reported, as deemed appropriate, to the Board. Senior management including our Chief Information Security Officer ("CISO") engages in regular discussions with the Board regarding cybersecurity risks,
trends, and any material incidents that may arise. Furthermore, the Board receives briefings on cybersecurity matters from the CISO on our cybersecurity and information security.
|
| Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block] |
Our CISO has served in various roles in information technology and information security for over 20 years, with experience in technology risk management, cybersecurity, compliance, network engineering, information systems, and business resiliency. He is a Certified Information Systems Security Professional. Our CISO manages the Company's information security and oversees our data security personnel and our incident response and business continuity management programs to assess and manage the cybersecurity element of our risk management program, including policies, cybersecurity training, security operations and engineering, cyber threat detection and incident response. Our CISO promptly informs and updates the Board about any information regarding security incidents that may pose a significant risk to the Company.
|
| Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block] |
Our CISO has served in various roles in information technology and information security for over 20 years, with experience in technology risk management, cybersecurity, compliance, network engineering, information systems, and business resiliency. He is a Certified Information Systems Security Professional. Our CISO manages the Company's information security and oversees our data security personnel and our incident response and business continuity management programs to assess and manage the cybersecurity element of our risk management program, including policies, cybersecurity training, security operations and engineering, cyber threat detection and incident response. Our CISO promptly informs and updates the Board about any information regarding security incidents that may pose a significant risk to the Company.
|
| Cybersecurity Risk Role of Management [Text Block] |
Our CISO has served in various roles in information technology and information security for over 20 years, with experience in technology risk management, cybersecurity, compliance, network engineering, information systems, and business resiliency. He is a Certified Information Systems Security Professional. Our CISO manages the Company's information security and oversees our data security personnel and our incident response and business continuity management programs to assess and manage the cybersecurity element of our risk management program, including policies, cybersecurity training, security operations and engineering, cyber threat detection and incident response. Our CISO promptly informs and updates the Board about any information regarding security incidents that may pose a significant risk to the Company.
|
| Cybersecurity Risk Management Positions or Committees Responsible [Flag] | true |
| Cybersecurity Risk Management Positions or Committees Responsible [Text Block] | Senior management including our Chief Information Security Officer ("CISO") engages in regular discussions with the Board regarding cybersecurity risks, trends, and any material incidents that may arise. Furthermore, the Board receives briefings on cybersecurity matters from the CISO on our cybersecurity and information security.
|
| Cybersecurity Risk Management Expertise of Management Responsible [Text Block] | Our CISO has served in various roles in information technology and information security for over 20 years, with experience in technology risk management, cybersecurity, compliance, network engineering, information systems, and business resiliency. He is a Certified Information Systems Security Professional. |
| Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block] | Senior management including our Chief Information Security Officer ("CISO") engages in regular discussions with the Board regarding cybersecurity risks, trends, and any material incidents that may arise. Furthermore, the Board receives briefings on cybersecurity matters from the CISO on our cybersecurity and information security.
Our CISO has served in various roles in information technology and information security for over 20 years, with experience in technology risk management, cybersecurity, compliance, network engineering, information systems, and business resiliency. He is a Certified Information Systems Security Professional. Our CISO manages the Company's information security and oversees our data security personnel and our incident response and business continuity management programs to assess and manage the cybersecurity element of our risk management program, including policies, cybersecurity training, security operations and engineering, cyber threat detection and incident response. Our CISO promptly informs and updates the Board about any information regarding security incidents that may pose a significant risk to the Company.
|
| Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag] | true |