Cybersecurity Risk Management, Strategy, and Governance |
12 Months Ended |
|---|---|
Dec. 31, 2024 | |
| Cybersecurity Risk Management, Strategy, and Governance [Line Items] | |
| Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block] |
Item 1C. Cybersecurity. We have implemented a cybersecurity program to assess, identify, and manage risks from cybersecurity threats that may result in material adverse effects on the confidentiality, integrity, and availability of our information systems. Primary responsibility for our cybersecurity program rests with our Vice President of Information Technology, who has extensive cybersecurity and information technology knowledge and skills gained from over 30 years of work experience at the Company and elsewhere. The Vice President of Information Technology is responsible for implementing, monitoring and maintaining cybersecurity and data protection practices across our business and reports directly to our Chief Financial Officer. The Vice President of Information Technology at times attends meetings of the Board to report on any material developments and risk management practices. The Vice President of Information Technology meets regularly with members of our information technology team, which includes a security architect whose responsibilities are dedicated solely to cybersecurity matters, a network engineer, and infrastructure director to discuss the risk management measures implemented by the Company to identify and mitigate data protection and cybersecurity risks. Our cybersecurity team also works with our Chief Legal Officer to oversee compliance with legal, regulatory and contractual security requirements. Our cybersecurity processes include automated tools and technical safeguards managed and monitored by our cybersecurity team. We regularly conduct penetration and vulnerability testing and security audits. We also employ systems and processes designed to oversee, identify, and reduce the potential impact of a security incident at a third-party vendor, service provider or customer or otherwise implicating the third-party technology and systems we use. In addition to our internal cybersecurity capabilities, we also at times engage assessors, auditors, or other third parties to assist with the assessment, identification, and management of cybersecurity risks. Our Board has delegated the primary responsibility to oversee cybersecurity matters to our Audit Committee, but retains overall oversight responsibility for cybersecurity matters. The Board and Audit Committee periodically review the measures implemented by the Company to identify and mitigate risks from cybersecurity threats. As part of such reviews, the Board and Audit Committee receive reports from members of our team responsible for overseeing the Company’s cybersecurity risk management, which may address a wide range of topics including recent developments, evolving standards, vulnerability assessments, third-party and independent reviews, the threat environment, technological trends and information security considerations arising with respect to the Company’s peers and third parties. The Audit Committee discusses with such members of our management team our information technology systems and procedures and will report to the Board on any material cybersecurity risks identified. We have protocols by which certain cybersecurity incidents are escalated within the Company and, where appropriate, reported to the Board and Audit Committee in a timely manner. We have adopted an Information Security Incident Response Policy that applies in the event of a cybersecurity threat or incident (the “ISIRP”) to provide a standardized framework for responding to security incidents. The ISIRP sets out a coordinated approach to investigating, containing, documenting and mitigating incidents, including reporting findings and keeping senior management and other key stakeholders informed and involved as appropriate. The ISIRP applies to all Company personnel (including third-party contractors, vendors and partners) that perform functions or services that require access to secure Company information, and to all devices and network services that are owned or managed by the Company. As an additional measure to facilitate our timely and comprehensive response to any security incident, we engage a third party vendor on retainer to assist in such incidents. As detailed elsewhere herein, we also rely on information technology and third party vendors to support our operations, including our secure processing of personal, confidential, sensitive, proprietary and other types of information. Despite ongoing efforts to continue improvement of our and our vendors’ ability to protect against cyber incidents, we may not be able to protect all information systems, and such incidents may lead to reputational harm, revenue and client loss, legal actions, statutory penalties, among other consequences. Risks from cybersecurity threats, including as a result of any previous cybersecurity incidents, have not materially affected us, including our business strategy, results of operations or financial condition, and we do not believe that such risks are reasonably likely to have such an effect over the long term. |
| Cybersecurity Risk Management Third Party Engaged [Flag] | true |
| Cybersecurity Risk Third Party Oversight and Identification Processes [Flag] | true |
| Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag] | false |
| Cybersecurity Risk Board of Directors Oversight [Text Block] |
Our Board has delegated the primary responsibility to oversee cybersecurity matters to our Audit Committee, but retains overall oversight responsibility for cybersecurity matters. The Board and Audit Committee periodically review the measures implemented by the Company to identify and mitigate risks from cybersecurity threats. As part of such reviews, the Board and Audit Committee receive reports from members of our team responsible for overseeing the Company’s cybersecurity risk management, which may address a wide range of topics including recent developments, evolving standards, vulnerability assessments, third-party and independent reviews, the threat environment, technological trends and information security considerations arising with respect to the Company’s peers and third parties. The Audit Committee discusses with such members of our management team our information technology systems and procedures and will report to the Board on any material cybersecurity risks identified. We have protocols by which certain cybersecurity incidents are escalated within the Company and, where appropriate, reported to the Board and Audit Committee in a timely manner. |
| Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block] | The Board and Audit Committee periodically review the measures implemented by the Company to identify and mitigate risks from cybersecurity threats. |
| Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block] | As part of such reviews, the Board and Audit Committee receive reports from members of our team responsible for overseeing the Company’s cybersecurity risk management, which may address a wide range of topics including recent developments, evolving standards, vulnerability assessments, third-party and independent reviews, the threat environment, technological trends and information security considerations arising with respect to the Company’s peers and third parties. The Audit Committee discusses with such members of our management team our information technology systems and procedures and will report to the Board on any material cybersecurity risks identified. |
| Cybersecurity Risk Role of Management [Text Block] |
Primary responsibility for our cybersecurity program rests with our Vice President of Information Technology, who has extensive cybersecurity and information technology knowledge and skills gained from over 30 years of work experience at the Company and elsewhere. The Vice President of Information Technology is responsible for implementing, monitoring and maintaining cybersecurity and data protection practices across our business and reports directly to our Chief Financial Officer. The Vice President of Information Technology at times attends meetings of the Board to report on any material developments and risk management practices. The Vice President of Information Technology meets regularly with members of our information technology team, which includes a security architect whose responsibilities are dedicated solely to cybersecurity matters, a network engineer, and infrastructure director to discuss the risk management measures implemented by the Company to identify and mitigate data protection and cybersecurity risks. Our cybersecurity team also works with our Chief Legal Officer to oversee compliance with legal, regulatory and contractual security requirements. |
| Cybersecurity Risk Management Positions or Committees Responsible [Flag] | true |
| Cybersecurity Risk Management Positions or Committees Responsible [Text Block] | The Vice President of Information Technology is responsible for implementing, monitoring and maintaining cybersecurity and data protection practices across our business and reports directly to our Chief Financial Officer. |
| Cybersecurity Risk Management Expertise of Management Responsible [Text Block] | Primary responsibility for our cybersecurity program rests with our Vice President of Information Technology, who has extensive cybersecurity and information technology knowledge and skills gained from over 30 years of work experience at the Company and elsewhere. |
| Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block] | The Vice President of Information Technology is responsible for implementing, monitoring and maintaining cybersecurity and data protection practices across our business and reports directly to our Chief Financial Officer. |
| Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag] | true |