v3.25.2
Cybersecurity Risk Management and Strategy Disclosure
 12 Months Ended
Jun. 30, 2025
Cybersecurity Risk Management, Strategy, and Governance [Line Items]  
Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]

ITEM 1C. CYBERSECURITY

 

Risk Management and Strategy

 

We have policies, procedures and processes in place to identify, assess and monitor material risks from cybersecurity threats. These plans are part of our overall enterprise risk management strategy and are part of our operating procedures, internal controls, and information systems. Cybersecurity risks include, among other things, fraud, extortion, harm to employees or customers, violation of privacy or security laws and other litigation and legal risks, and reputational risks. We have developed and implemented a cybersecurity framework intended to assess, identify and manage risks from threats to the security of our information, systems, and network using a risk-based approach. The framework is informed in part by the National Institute of Standards and Technology (“NIST”) Cybersecurity Framework, although this does not imply that we meet all technical standards, specifications or requirements under the NIST.

 

 

Our key cybersecurity processes include the following:

 

 

Risk-based controls for information systems and information on our networks: We seek to maintain an information technology infrastructure that implements physical, administrative and technical controls that are calibrated based on risk and designed to protect the confidentiality, integrity and availability of our information systems and information stored on our networks, including customer and employee information.

 

 

Cybersecurity incident response plan and testing: We have a cybersecurity incident response plan and dedicated teams to respond to cybersecurity incidents. When a cybersecurity incident occurs or we identify a vulnerability, we have cross-functional teams that are responsible for leading the initial assessment of priority and severity, and external experts may also be engaged as appropriate. Our cybersecurity teams assist in responding to incidents depending on severity levels and seek to improve our cybersecurity incident management plan through periodic tabletops or simulations. Our Vice President of Information Technology and other members of his team oversee the implementation of this plan and are made aware of ongoing risks and incidents.

 

 

Training: We provide security awareness training to our employees so they may better understand their information protection and cybersecurity responsibilities. We also provide additional training to certain employees based on their roles.

 

 

Supplier risk assessments: Our processes also address cybersecurity threat risks associated with our use of third-party service providers, including those in our supply-chain or who have access to our customer and employee data on our systems. Third-party risks are included within our enterprise risk management assessment program, as well as our cybersecurity-specific risk identification program. These considerations affect the selection and access to our systems, data, or facilities. We also seek contractual commitments from key suppliers to appropriately secure and maintain their information technology systems and protect our information that is processed on their systems.

 

 

Third-party assessments: We have engaged third-party vendors to periodically assess our cybersecurity posture, to assist in identifying and remediating risks from cybersecurity threats. We also regularly engage with consultants, auditors, and other third-parties to help identify areas for continued focus, improvement and compliance.

 

While the Company has experienced cybersecurity incidents, we are not aware of any cybersecurity incidents to date, including as a result of any previous cybersecurity incidents, that has materially affected or is reasonably likely to materially affect us, including our business strategy, results of operations, or financial condition. However, the sophistication of and risks from cybersecurity threats and incidents continue to increase and the preventative actions we have taken and continue to take to reduce these risks and protect our systems and information may not successfully protect against all cybersecurity threats and incidents in the future. For more information, see Item 1A. Risk Factors under the heading of “Technology and Data Security Risks”, of this Annual Report on Form 10-K.
Cybersecurity Risk Management Processes Integrated [Flag] false
Cybersecurity Risk Management Processes Integrated [Text Block] We have policies, procedures and processes in place to identify, assess and monitor material risks from cybersecurity threats. These plans are part of our overall enterprise risk management strategy and are part of our operating procedures, internal controls, and information systems. Cybersecurity risks include, among other things, fraud, extortion, harm to employees or customers, violation of privacy or security laws and other litigation and legal risks, and reputational risks. We have developed and implemented a cybersecurity framework intended to assess, identify and manage risks from threats to the security of our information, systems, and network using a risk-based approach. The framework is informed in part by the National Institute of Standards and Technology (“NIST”) Cybersecurity Framework, although this does not imply that we meet all technical standards, specifications or requirements under the NIST.
Cybersecurity Risk Management Third Party Engaged [Flag] false
Cybersecurity Risk Third Party Oversight and Identification Processes [Flag] false
Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag] false
Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Text Block] While the Company has experienced cybersecurity incidents, we are not aware of any cybersecurity incidents to date, including as a result of any previous cybersecurity incidents, that has materially affected or is reasonably likely to materially affect us, including our business strategy, results of operations, or financial condition. However, the sophistication of and risks from cybersecurity threats and incidents continue to increase and the preventative actions we have taken and continue to take to reduce these risks and protect our systems and information may not successfully protect against all cybersecurity threats and incidents in the future. For more information, see Item 1A. Risk Factors under the heading of “Technology and Data Security Risks”, of this Annual Report on Form 10-K.
Cybersecurity Risk Board of Directors Oversight [Text Block]

Governance

 

The Company’s Board of Directors (the “Board”), as a whole, has oversight responsibility for our strategic and operational risks. The Board regularly reviews and discusses with management the strategies, processes and controls pertaining to the management of our information technology operations, including updates on the internal and external cybersecurity threat landscape, incident response, assessment and training activities, and relevant legislative, regulatory, and technical developments. Our Vice President of Information Technology presents, at least annually, to the Board, an overview of our cybersecurity threat risk management and strategy as well as provides reports regarding the evolving cybersecurity landscape, including emerging risk. Our Vice President of Information Technology and other members of his team remain informed about cybersecurity threats through the reporting framework as described above under Cybersecurity Risk Management and Security Cybersecurity incident response plan and testing.

 

The Information Technology team is responsible for the day-to-day assessment and management of cybersecurity risks. Our cybersecurity risk management and strategy are led by our Vice President of Information Technology, and our Manager of Security. Such individuals have over 50 years of work experience, collectively, in various roles managing information security, developing cybersecurity strategy, and implementing effective information and cybersecurity programs, as well as relevant degrees and certifications.
Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block] The Company’s Board of Directors (the “Board”), as a whole, has oversight responsibility for our strategic and operational risks. The Board regularly reviews and discusses with management the strategies, processes and controls pertaining to the management of our information technology operations, including updates on the internal and external cybersecurity threat landscape, incident response, assessment and training activities, and relevant legislative, regulatory, and technical developments. Our Vice President of Information Technology presents, at least annually, to the Board, an overview of our cybersecurity threat risk management and strategy as well as provides reports regarding the evolving cybersecurity landscape, including emerging risk. Our Vice President of Information Technology and other members of his team remain informed about cybersecurity threats through the reporting framework as described above under
Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block] The Company’s Board of Directors (the “Board”), as a whole, has oversight responsibility for our strategic and operational risks. The Board regularly reviews and discusses with management the strategies, processes and controls pertaining to the management of our information technology operations, including updates on the internal and external cybersecurity threat landscape, incident response, assessment and training activities, and relevant legislative, regulatory, and technical developments. Our Vice President of Information Technology presents, at least annually, to the Board, an overview of our cybersecurity threat risk management and strategy as well as provides reports regarding the evolving cybersecurity landscape, including emerging risk. Our Vice President of Information Technology and other members of his team remain informed about cybersecurity threats through the reporting framework as described above under
Cybersecurity Risk Role of Management [Text Block] The Company’s Board of Directors (the “Board”), as a whole, has oversight responsibility for our strategic and operational risks. The Board regularly reviews and discusses with management the strategies, processes and controls pertaining to the management of our information technology operations, including updates on the internal and external cybersecurity threat landscape, incident response, assessment and training activities, and relevant legislative, regulatory, and technical developments. Our Vice President of Information Technology presents, at least annually, to the Board, an overview of our cybersecurity threat risk management and strategy as well as provides reports regarding the evolving cybersecurity landscape, including emerging risk. Our Vice President of Information Technology and other members of his team remain informed about cybersecurity threats through the reporting framework as described above under
Cybersecurity Risk Management Positions or Committees Responsible [Flag] false
Cybersecurity Risk Management Positions or Committees Responsible [Text Block] The Information Technology team is responsible for the day-to-day assessment and management of cybersecurity risks. Our cybersecurity risk management and strategy are led by our Vice President of Information Technology, and our Manager of Security. Such individuals have over 50 years of work experience, collectively, in various roles managing information security, developing cybersecurity strategy, and implementing effective information and cybersecurity programs, as well as relevant degrees and certifications.
Cybersecurity Risk Management Expertise of Management Responsible [Text Block] The Information Technology team is responsible for the day-to-day assessment and management of cybersecurity risks. Our cybersecurity risk management and strategy are led by our Vice President of Information Technology, and our Manager of Security. Such individuals have over 50 years of work experience, collectively, in various roles managing information security, developing cybersecurity strategy, and implementing effective information and cybersecurity programs, as well as relevant degrees and certifications.
Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block] The Information Technology team is responsible for the day-to-day assessment and management of cybersecurity risks. Our cybersecurity risk management and strategy are led by our Vice President of Information Technology, and our Manager of Security. Such individuals have over 50 years of work experience, collectively, in various roles managing information security, developing cybersecurity strategy, and implementing effective information and cybersecurity programs, as well as relevant degrees and certifications.
Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag] false