Cybersecurity Risk Management and Strategy Disclosure |
12 Months Ended |
|---|---|
Dec. 31, 2025 | |
| Cybersecurity Risk Management, Strategy, and Governance [Line Items] | |
| Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block] | We recognize the critical importance of cybersecurity in protecting our business and our stakeholders’ information. We are committed to maintaining a robust cybersecurity risk management program and implementing a comprehensive strategy to mitigate cyber threats and vulnerabilities. Our cybersecurity policies, standards, processes and practices are fully integrated into our overall enterprise risk management program, as described below. This disclosure outlines our cybersecurity risk management approach, strategy, and governance structure. Our cybersecurity risk management program is focused on protecting critical assets, including data, systems and applications; minimizing the impact of cyberattacks; understanding and preparing for the evolving threat landscape and complying with applicable law. The program includes the following key areas: • Governance: As discussed in more detail under the heading “Governance,” the Board delegated oversight of cybersecurity risk management to the Audit Committee, which regularly interacts with our Chief Information Officer (“CIO”), Chief Information Security Officer (“CISO”), other members of management and relevant management committees and councils, including the Information Security Governance team. • Collaborative Approach: We have implemented a comprehensive, cross-functional approach to identifying, preventing and mitigating cybersecurity threats and incidents, while also continuously improving our cybersecurity program and maintaining a strong cybersecurity posture. Key to this approach is to broadly assess the potential impact of cybersecurity incidents on business operations and financial stability as well as any legal and regulatory requirements regarding cybersecurity. • Technical Safeguards: We deploy technical safeguards that are designed to protect our information systems from cybersecurity threats, including firewalls, intrusion detection and prevention systems, encryption, multi-factor authentication, privileged access management least privileged access controls, secure coding practices and other security controls, which are regularly evaluated and improved through vulnerability assessments and penetration testing designed to identify weaknesses in our systems and networks. • Incident Response and Recovery Planning: We have a dedicated Incident Response Team dedicated to responding to cybersecurity incidents. • Third-Party Risk Management: We maintain a comprehensive, risk-based approach to identifying and overseeing cybersecurity risks presented by third parties, including our vendors who handle our data and systems through due diligence and vendor assessments. • Education and Awareness: We provide regular training for all employees and contractors, which is designed to equip our personnel with effective tools to address cybersecurity threats, and to communicate our evolving information security policies, standards, processes and practices. The Board and the Audit Committee of the Board (“Audit Committee”) are actively involved in oversight of our cybersecurity risk management program. We seek to address cybersecurity risks through a comprehensive, cross-functional approach that is focused on protecting our security and the information that we collect as well as proactively identifying and preventing cybersecurity threats. Risk Management and Strategy We regularly identify and assess cybersecurity risks by applying our cybersecurity risk management program processes, including: •Vulnerability assessments and penetration testing: We conduct regular vulnerability assessments and penetration testing to identify and address weaknesses in our systems and networks. •Threat intelligence: We subscribe to threat intelligence feeds and maintain relationships with security partners to stay informed about emerging cyber threats. •Third-party risk assessments: We engage various outside consultants, including contractors, assessors, auditors, outside attorneys and other third parties to assist us in identifying, assessing and managing cybersecurity risks. We conduct initial and regular due diligence on third-party vendors who handle our data and systems. •Business impact analysis: We regularly assess the potential impact of cyberattacks on our business operations and financial stability. •Legal and regulatory risk assessment: We assess the legal and regulatory risks associated with cybersecurity incidents and ensure compliance with applicable laws and regulations.
|
| Cybersecurity Risk Management Processes Integrated [Flag] | true |
| Cybersecurity Risk Management Processes Integrated [Text Block] | We recognize the critical importance of cybersecurity in protecting our business and our stakeholders’ information. We are committed to maintaining a robust cybersecurity risk management program and implementing a comprehensive strategy to mitigate cyber threats and vulnerabilities. Our cybersecurity policies, standards, processes and practices are fully integrated into our overall enterprise risk management program, as described below. This disclosure outlines our cybersecurity risk management approach, strategy, and governance structure.
|
| Cybersecurity Risk Management Third Party Engaged [Flag] | true |
| Cybersecurity Risk Third Party Oversight and Identification Processes [Flag] | true |
| Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag] | false |
| Cybersecurity Risk Board of Directors Oversight [Text Block] | Our cybersecurity governance facilitates coordination between the necessary cybersecurity risk assessment and response personnel, including: • Board of Directors: The Board has ultimate oversight responsibility for our cybersecurity risk management program. The Board has delegated to the Audit Committee the responsibility for monitoring and overseeing our cybersecurity and other information technology risks, controls, strategies and procedures. • Audit Committee: The Audit Committee is responsible for monitoring the effectiveness of our information system controls and security, including a periodic review of our cybersecurity and other information technology risks, controls, initiatives and action plans. • Information Security Governance Team: The Information Security Governance Team is comprised of senior executives who oversee the development and implementation our cybersecurity strategy. •Chief Information Security Officer (CISO): The CISO is responsible for the day-to-day management of our cybersecurity program. • Incident Response Team: The Incident Response Team is responsible investigating potential cyber incidents and for responding to and recovering from any actual cyberattacks. The Information Security Governance Team reports to the Board on cybersecurity risk quarterly. Reports include: • Overall cybersecurity posture: Current state of our security controls and identified vulnerabilities. • Incident reports: Summary of recent cyber incidents, including their nature, impact, and mitigation efforts. • Risk assessments: Updated assessments of potential cyber threats and their potential impact on us. • Security budget and resource allocation: Plans and investments for maintaining and enhancing our cybersecurity program.
|
| Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block] | The Board has ultimate oversight responsibility for our cybersecurity risk management program. |
| Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block] | The Board has delegated to the Audit Committee the responsibility for monitoring and overseeing our cybersecurity and other information technology risks, controls, strategies and procedures. • Audit Committee: The Audit Committee is responsible for monitoring the effectiveness of our information system controls and security, including a periodic review of our cybersecurity and other information technology risks, controls, initiatives and action plans. • Information Security Governance Team: The Information Security Governance Team is comprised of senior executives who oversee the development and implementation our cybersecurity strategy. •Chief Information Security Officer (CISO): The CISO is responsible for the day-to-day management of our cybersecurity program. • Incident Response Team: The Incident Response Team is responsible investigating potential cyber incidents and for responding to and recovering from any actual cyberattacks. The Information Security Governance Team reports to the Board on cybersecurity risk quarterly. Reports include: • Overall cybersecurity posture: Current state of our security controls and identified vulnerabilities. • Incident reports: Summary of recent cyber incidents, including their nature, impact, and mitigation efforts. • Risk assessments: Updated assessments of potential cyber threats and their potential impact on us. • Security budget and resource allocation: Plans and investments for maintaining and enhancing our cybersecurity program.
|
| Cybersecurity Risk Role of Management [Text Block] | Board of Directors: The Board has ultimate oversight responsibility for our cybersecurity risk management program. The Board has delegated to the Audit Committee the responsibility for monitoring and overseeing our cybersecurity and other information technology risks, controls, strategies and procedures. • Audit Committee: The Audit Committee is responsible for monitoring the effectiveness of our information system controls and security, including a periodic review of our cybersecurity and other information technology risks, controls, initiatives and action plans. • Information Security Governance Team: The Information Security Governance Team is comprised of senior executives who oversee the development and implementation our cybersecurity strategy. •Chief Information Security Officer (CISO): The CISO is responsible for the day-to-day management of our cybersecurity program. • Incident Response Team: The Incident Response Team is responsible investigating potential cyber incidents and for responding to and recovering from any actual cyberattacks.
|
| Cybersecurity Risk Management Positions or Committees Responsible [Flag] | true |
| Cybersecurity Risk Management Positions or Committees Responsible [Text Block] | Information Security Governance Team: The Information Security Governance Team is comprised of senior executives who oversee the development and implementation our cybersecurity strategy. •Chief Information Security Officer (CISO): The CISO is responsible for the day-to-day management of our cybersecurity program. • Incident Response Team: The Incident Response Team is responsible investigating potential cyber incidents and for responding to and recovering from any actual cyberattacks.
|
| Cybersecurity Risk Management Expertise of Management Responsible [Text Block] | The Information Security Governance Team is comprised of senior executives who oversee the development and implementation our cybersecurity strategy. |
| Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block] | • Incident Response Team: The Incident Response Team is responsible investigating potential cyber incidents and for responding to and recovering from any actual cyberattacks. The Information Security Governance Team reports to the Board on cybersecurity risk quarterly. Reports include: • Overall cybersecurity posture: Current state of our security controls and identified vulnerabilities. • Incident reports: Summary of recent cyber incidents, including their nature, impact, and mitigation efforts. • Risk assessments: Updated assessments of potential cyber threats and their potential impact on us. • Security budget and resource allocation: Plans and investments for maintaining and enhancing our cybersecurity program.
|
| Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag] | true |