Cybersecurity Risk Management and Strategy Disclosure |
12 Months Ended |
|---|---|
Dec. 31, 2025 | |
| Cybersecurity Risk Management, Strategy, and Governance [Line Items] | |
| Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block] | Our management recognizes the impact that cybersecurity threats could have on our business operations, our compliance with regulations, and our reputation. We have identified cybersecurity as a critical business risk as part of our overall risk management strategy, which our board of directors oversees. We have implemented an information security management system in accordance with our risk profile and business that is designed to protect the Company, our employees, and our customers from cybersecurity threats. This system, which is informed by the National Institute of Standards and Technology (NIST) Cybersecurity Framework, includes, among other things, written policies, technical controls, and employee training. We have also developed an incident response policy and procedure designed to facilitate the handling of cybersecurity incidents. Our cybersecurity risk management program, which is part of our enterprise risk management program, aims to identify risks from cybersecurity threats. Our cybersecurity risk management program includes a number of components, including informal self-assessments, penetration testing, and vulnerability assessments. Our managed security services provider helps us implement additional security controls, including malware protection and network security tools. We take a risk-based approach to the evaluation of third-party vendors, and apply mitigations and processes based on our evaluation of the sensitivity of the data accessed by the vendor and the maturity of the vendor’s programs. Where our risk-based evaluation indicates the need, we use a third-party tool to assess the degree of risk posed by the vendor and use a vendor security questionnaire as part of our assessment of third-parties. We have been subject to cybersecurity incidents in the past, including the publicly disclosed April 2024 security incident. We do not believe that risks from cybersecurity threats, including as a result of any previous cybersecurity incidents have materially affected our operations, financial systems, or financial condition. However, there is no guarantee that past security incidents and any future incidents will not have a material impact on our operations, financial systems, or financial condition in the future. For more information, see Item 1A. Risk Factors.
|
| Cybersecurity Risk Management Processes Integrated [Flag] | true |
| Cybersecurity Risk Management Processes Integrated [Text Block] | We have implemented an information security management system in accordance with our risk profile and business that is designed to protect the Company, our employees, and our customers from cybersecurity threats. This system, which is informed by the National Institute of Standards and Technology (NIST) Cybersecurity Framework, includes, among other things, written policies, technical controls, and employee training. We have also developed an incident response policy and procedure designed to facilitate the handling of cybersecurity incidents. Our cybersecurity risk management program, which is part of our enterprise risk management program, aims to identify risks from cybersecurity threats. Our cybersecurity risk management program includes a number of components, including informal self-assessments, penetration testing, and vulnerability assessments. Our managed security services provider helps us implement additional security controls, including malware protection and network security tools.
|
| Cybersecurity Risk Management Third Party Engaged [Flag] | true |
| Cybersecurity Risk Third Party Oversight and Identification Processes [Flag] | true |
| Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag] | false |
| Cybersecurity Risk Board of Directors Oversight [Text Block] | Our management recognizes the impact that cybersecurity threats could have on our business operations, our compliance with regulations, and our reputation. We have identified cybersecurity as a critical business risk as part of our overall risk management strategy, which our board of directors oversees. |
| Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block] | The board and Audit Committee oversee the management of risks by the Company’s executives. |
| Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block] | The Audit Committee, pursuant to its charter, is responsible for reviewing the Company’s cybersecurity program and risks, as identified by Company management, and the steps that Company management has taken to protect against threats to the Company’s assets including information systems and data security. The VP of IT provides updates to the Audit Committee approximately annually, which include, as appropriate, a description of risks from cybersecurity threats. |
| Cybersecurity Risk Role of Management [Text Block] | Our vice president of information technology (“VP of IT”) is responsible for the strategic leadership and direction of the Company’s information security management system. Our VP of IT has over 25 years experience managing IT teams, including 10 years managing IT security teams. Led by the VP of IT, along with our Director of IT Security, the IT leadership team reviews the Company’s cybersecurity objectives at least annually, and more frequently as needed, and takes steps to further the suitability and effectiveness of the Company’s information security program. The output from these reviews are reported periodically to senior management. We have also established a cybersecurity management committee comprised of IT, communications, finance, legal and product personnel.
|
| Cybersecurity Risk Management Positions or Committees Responsible [Flag] | true |
| Cybersecurity Risk Management Positions or Committees Responsible [Text Block] | Our vice president of information technology (“VP of IT”) is responsible for the strategic leadership and direction of the Company’s information security management system. |
| Cybersecurity Risk Management Expertise of Management Responsible [Text Block] | Our VP of IT has over 25 years experience managing IT teams, including 10 years managing IT security teams. |
| Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block] | Led by the VP of IT, along with our Director of IT Security, the IT leadership team reviews the Company’s cybersecurity objectives at least annually, and more frequently as needed, and takes steps to further the suitability and effectiveness of the Company’s information security program. |
| Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag] | true |