Cybersecurity Risk Management, Strategy, and Governance |
12 Months Ended |
---|---|
Dec. 31, 2024 | |
Cybersecurity Risk Management, Strategy, and Governance [Line Items] | |
Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block] |
Item 1C. Cybersecurity Governance Related to Cybersecurity Risks Our board of directors holds overall oversight responsibility for the Company’s strategy and risk management processes, including in relation to cybersecurity risks. Our board exercises its oversight function through the audit committee, which oversees the assessment and management of risk exposure across various areas, including cybersecurity. Our audit committee receives regular reports from our Chief Financial Officer on significant cybersecurity matters, including, where appropriate, whether any significant incidents have occurred. Our IT Security Steering Committee, which is led by our Chief Financial Officer, is composed of various members of our organization, including our VP of Software Engineering and Director of Information Systems and Security. The IT Security Steering Committee is involved in oversight of cybersecurity risk. The IT Steering Committee exercises this function through our IT Security Team, which includes our Director of Information Systems and Security and our VP of Software Engineering who collectively have over 40 years of experience. The IT Security Team is responsible for the administration of our cyber program and works with various vendors and external providers to test and monitor for vulnerabilities and threats. We also engage our employees in our cybersecurity efforts through a process for employees to complete annual security and awareness training. Cybersecurity Risk Management and Strategy Our cybersecurity program is informed by industry standards and includes processes for identification, assessment, and management of cybersecurity risks. With support from external vendors, we conduct internal and external risk assessments to assess our cyber program and develop strategies for the management of cyber risks. We also employ vendors and external partners to monitor for and manage threats, and we engage in testing to identify vulnerabilities and use third-party tools to scan for potential risks. Our IT Security Team is informed about and monitors the prevention, management, and remediation of cybersecurity risks through various means, including by leveraging a managed security service provider and other third-party security software and technology services. Our managed security service provider is also tasked with testing, auditing, and monitoring the performance of our cybersecurity processes. We also maintain processes for reviewing and assessing vendor security before new engagements as part of our Vendor Advisory Board’s function, which includes the administration of questionnaires and interviews. We maintain processes to inform and update management and, as needed, the audit committee, about security incidents that may pose a significant risk for the business, as applicable. In accordance with our incident response policies, our IT Security Team and Chief Financial Officer are responsible for establishing incident response teams to manage cybersecurity incidents, should any arise. Although risks from cybersecurity threats have to date not materially affected us, and we do not believe they are reasonably likely to materially affect us, our business strategy, results of operations or financial condition, we have, from time to time, experienced threats and security incidents relating to our and our third party vendors’ information systems. For more information, please see “Item 1A, Risk Factors.” |
Cybersecurity Risk Management Processes Integrated [Flag] | true |
Cybersecurity Risk Management Processes Integrated [Text Block] | Our cybersecurity program is informed by industry standards and includes processes for identification, assessment, and management of cybersecurity risks. |
Cybersecurity Risk Management Third Party Engaged [Flag] | true |
Cybersecurity Risk Third Party Oversight and Identification Processes [Flag] | true |
Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag] | false |
Cybersecurity Risk Board of Directors Oversight [Text Block] |
Our board of directors holds overall oversight responsibility for the Company’s strategy and risk management processes, including in relation to cybersecurity risks. Our board exercises its oversight function through the audit committee, which oversees the assessment and management of risk exposure across various areas, including cybersecurity. Our audit committee receives regular reports from our Chief Financial Officer on significant cybersecurity matters, including, where appropriate, whether any significant incidents have occurred. Our IT Security Steering Committee, which is led by our Chief Financial Officer, is composed of various members of our organization, including our VP of Software Engineering and Director of Information Systems and Security. The IT Security Steering Committee is involved in oversight of cybersecurity risk. The IT Steering Committee exercises this function through our IT Security Team, which includes our Director of Information Systems and Security and our VP of Software Engineering who collectively have over 40 years of experience. The IT Security Team is responsible for the administration of our cyber program and works with various vendors and external providers to test and monitor for vulnerabilities and threats. We also engage our employees in our cybersecurity efforts through a process for employees to complete annual security and awareness training. |
Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block] | Our board of directors holds overall oversight responsibility for the Company’s strategy and risk management processes, including in relation to cybersecurity risks. Our board exercises its oversight function through the audit committee, which oversees the assessment and management of risk exposure across various areas, including cybersecurity. |
Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block] | Our audit committee receives regular reports from our Chief Financial Officer on significant cybersecurity matters, including, where appropriate, whether any significant incidents have occurred. |
Cybersecurity Risk Role of Management [Text Block] |
Our IT Security Steering Committee, which is led by our Chief Financial Officer, is composed of various members of our organization, including our VP of Software Engineering and Director of Information Systems and Security. The IT Security Steering Committee is involved in oversight of cybersecurity risk. The IT Steering Committee exercises this function through our IT Security Team, which includes our Director of Information Systems and Security and our VP of Software Engineering who collectively have over 40 years of experience. The IT Security Team is responsible for the administration of our cyber program and works with various vendors and external providers to test and monitor for vulnerabilities and threats. We also engage our employees in our cybersecurity efforts through a process for employees to complete annual security and awareness training. |
Cybersecurity Risk Management Positions or Committees Responsible [Flag] | true |
Cybersecurity Risk Management Positions or Committees Responsible [Text Block] | Our IT Security Steering Committee, which is led by our Chief Financial Officer, is composed of various members of our organization, including our VP of Software Engineering and Director of Information Systems and Security. The IT Security Steering Committee is involved in oversight of cybersecurity risk. The IT Steering Committee exercises this function through our IT Security Team |
Cybersecurity Risk Management Expertise of Management Responsible [Text Block] | The IT Steering Committee exercises this function through our IT Security Team, which includes our Director of Information Systems and Security and our VP of Software Engineering who collectively have over 40 years of experience. |
Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block] | We also engage our employees in our cybersecurity efforts through a process for employees to complete annual security and awareness training.Our IT Security Team is informed about and monitors the prevention, management, and remediation of cybersecurity risks through various means, including by leveraging a managed security service provider and other third-party security software and technology services.We maintain processes to inform and update management and, as needed, the audit committee, about security incidents that may pose a significant risk for the business, as applicable. In accordance with our incident response policies, our IT Security Team and Chief Financial Officer are responsible for establishing incident response teams to manage cybersecurity incidents, should any arise. |