Cybersecurity Risk Management and Strategy Disclosure |
12 Months Ended |
|---|---|
Dec. 31, 2025 | |
| Cybersecurity Risk Management, Strategy, and Governance [Line Items] | |
| Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block] |
The Company maintains a governance structure to address cybersecurity risk, which involves the Board, the Audit Committee, the Company’s Senior Manager of Information Technology, and a dedicated Incident Response Team.
The Company utilizes a cross-functional, multilayered approach to risk management in its cybersecurity to identify, prevent, and mitigate cybersecurity threats to the Company designed to preserve the confidentiality, security, and integrity of the Company’s information and data. The Company conducts periodic tests to assess the Company’s processes and procedures and the threat landscape. The Board and the Audit Committee receive regular presentations on cybersecurity-related topics ranging from the results of penetration testing, recent developments, evolving standards, the threat environment, technological trends, and information security considerations facing the Company and its peers. At least annually, the Board discusses the Company’s approach to cybersecurity risk management with the Company’s Senior Manager of Information Technology, and at least annually, or more frequently as necessary, the Company’s Senior Manager of Information Technology meets with the Audit Committee to discuss cybersecurity risk management. The Company’s security program and IT-related controls are regularly examined by internal auditors and various regulators.
The Company's Incident Response Team is led by our Senior Manager of Information Technology and also comprised of various cross-functional members of management. The team is responsible for identifying, assessing, mitigating, and reporting on material cybersecurity risks and will present regular reports to the Audit Committee and the Board. The Board and the Audit Committee are also informed of any cybersecurity incident that meets established reporting thresholds, as well as ongoing updates regarding such incident until it has been addressed.
The Company maintains an operational Incident Response Plan (“IRP”) that defines how the Company handles cyber incidents, including escalation, reporting and remediation procedures. The IRP is reviewed annually both internally and by third parties during regular audits. In addition, the Company retains a third-party consultant with expertise in cyber risks and incidents to advise on cybersecurity related matters. The Company’s consultant is also part of the Company’s IRP procedures and provides independent analysis and advice during cybersecurity investigations. The Company also provides annual trainings for all employees designed to reinforce the Company’s information technology risk and security management policies, standards and practices, as well as the expectation that all employees comply with these policies. These trainings are supplemented by Company-wide assessment initiatives, including periodic testing. The Company provides specialized security training for certain employee roles.
The Company maintains a comprehensive, risk-based approach to identifying and overseeing cybersecurity risks presented by parties, including vendors, service providers, as well as the systems of third parties that could adversely impact our business in the event of a cybersecurity incident affecting those third-party systems.
Although we have designed our cybersecurity program and governance procedures above to mitigate cybersecurity risks, we face unknown and changing cybersecurity risks, threats and attacks. To date, these risks, threats or attacks have not had a material impact on our operations, business strategy, or financial results, but we cannot provide assurance that they will not have a material impact in the future. See the section entitled “Risk Factors” included elsewhere in this Annual Report for further information. |
| Cybersecurity Risk Management Processes Integrated [Flag] | true |
| Cybersecurity Risk Management Processes Integrated [Text Block] | The Company utilizes a cross-functional, multilayered approach to risk management in its cybersecurity to identify, prevent, and mitigate cybersecurity threats to the Company designed to preserve the confidentiality, security, and integrity of the Company’s information and data. The Company conducts periodic tests to assess the Company’s processes and procedures and the threat landscape. The Board and the Audit Committee receive regular presentations on cybersecurity-related topics ranging from the results of penetration testing, recent developments, evolving standards, the threat environment, technological trends, and information security considerations facing the Company and its peers. At least annually, the Board discusses the Company’s approach to cybersecurity risk management with the Company’s Senior Manager of Information Technology, and at least annually, or more frequently as necessary, the Company’s Senior Manager of Information Technology meets with the Audit Committee to discuss cybersecurity risk management. The Company’s security program and IT-related controls are regularly examined by internal auditors and various regulators. |
| Cybersecurity Risk Management Third Party Engaged [Flag] | true |
| Cybersecurity Risk Third Party Oversight and Identification Processes [Flag] | true |
| Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag] | false |
| Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Text Block] | Although we have designed our cybersecurity program and governance procedures above to mitigate cybersecurity risks, we face unknown and changing cybersecurity risks, threats and attacks. To date, these risks, threats or attacks have not had a material impact on our operations, business strategy, or financial results, but we cannot provide assurance that they will not have a material impact in the future. See the section entitled “Risk Factors” included elsewhere in this Annual Report for further information. |
| Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block] | The Company utilizes a cross-functional, multilayered approach to risk management in its cybersecurity to identify, prevent, and mitigate cybersecurity threats to the Company designed to preserve the confidentiality, security, and integrity of the Company’s information and data. The Company conducts periodic tests to assess the Company’s processes and procedures and the threat landscape. The Board and the Audit Committee receive regular presentations on cybersecurity-related topics ranging from the results of penetration testing, recent developments, evolving standards, the threat environment, technological trends, and information security considerations facing the Company and its peers. At least annually, the Board discusses the Company’s approach to cybersecurity risk management with the Company’s Senior Manager of Information Technology, and at least annually, or more frequently as necessary, the Company’s Senior Manager of Information Technology meets with the Audit Committee to discuss cybersecurity risk management. The Company’s security program and IT-related controls are regularly examined by internal auditors and various regulators. |
| Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block] | The Company utilizes a cross-functional, multilayered approach to risk management in its cybersecurity to identify, prevent, and mitigate cybersecurity threats to the Company designed to preserve the confidentiality, security, and integrity of the Company’s information and data. The Company conducts periodic tests to assess the Company’s processes and procedures and the threat landscape. The Board and the Audit Committee receive regular presentations on cybersecurity-related topics ranging from the results of penetration testing, recent developments, evolving standards, the threat environment, technological trends, and information security considerations facing the Company and its peers. At least annually, the Board discusses the Company’s approach to cybersecurity risk management with the Company’s Senior Manager of Information Technology, and at least annually, or more frequently as necessary, the Company’s Senior Manager of Information Technology meets with the Audit Committee to discuss cybersecurity risk management. The Company’s security program and IT-related controls are regularly examined by internal auditors and various regulators. |
| Cybersecurity Risk Role of Management [Text Block] | The Company utilizes a cross-functional, multilayered approach to risk management in its cybersecurity to identify, prevent, and mitigate cybersecurity threats to the Company designed to preserve the confidentiality, security, and integrity of the Company’s information and data. The Company conducts periodic tests to assess the Company’s processes and procedures and the threat landscape. The Board and the Audit Committee receive regular presentations on cybersecurity-related topics ranging from the results of penetration testing, recent developments, evolving standards, the threat environment, technological trends, and information security considerations facing the Company and its peers. At least annually, the Board discusses the Company’s approach to cybersecurity risk management with the Company’s Senior Manager of Information Technology, and at least annually, or more frequently as necessary, the Company’s Senior Manager of Information Technology meets with the Audit Committee to discuss cybersecurity risk management. The Company’s security program and IT-related controls are regularly examined by internal auditors and various regulators. |
| Cybersecurity Risk Management Positions or Committees Responsible [Flag] | true |
| Cybersecurity Risk Management Positions or Committees Responsible [Text Block] | The Company's Incident Response Team is led by our Senior Manager of Information Technology and also comprised of various cross-functional members of management. The team is responsible for identifying, assessing, mitigating, and reporting on material cybersecurity risks and will present regular reports to the Audit Committee and the Board. The Board and the Audit Committee are also informed of any cybersecurity incident that meets established reporting thresholds, as well as ongoing updates regarding such incident until it has been addressed. |
| Cybersecurity Risk Management Expertise of Management Responsible [Text Block] | The Company's Incident Response Team is led by our Senior Manager of Information Technology and also comprised of various cross-functional members of management. The team is responsible for identifying, assessing, mitigating, and reporting on material cybersecurity risks and will present regular reports to the Audit Committee and the Board. The Board and the Audit Committee are also informed of any cybersecurity incident that meets established reporting thresholds, as well as ongoing updates regarding such incident until it has been addressed. |
| Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block] | The Company maintains an operational Incident Response Plan (“IRP”) that defines how the Company handles cyber incidents, including escalation, reporting and remediation procedures. The IRP is reviewed annually both internally and by third parties during regular audits. In addition, the Company retains a third-party consultant with expertise in cyber risks and incidents to advise on cybersecurity related matters. The Company’s consultant is also part of the Company’s IRP procedures and provides independent analysis and advice during cybersecurity investigations. The Company also provides annual trainings for all employees designed to reinforce the Company’s information technology risk and security management policies, standards and practices, as well as the expectation that all employees comply with these policies. These trainings are supplemented by Company-wide assessment initiatives, including periodic testing. The Company provides specialized security training for certain employee roles. |