Cybersecurity Risk Management and Strategy Disclosure |
12 Months Ended |
|---|---|
Dec. 31, 2025 | |
| Cybersecurity Risk Management, Strategy, and Governance [Line Items] | |
| Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block] |
Material Effects from Cybersecurity Incidents
Our business is subject to risk from cybersecurity threats and incidents, including attempts to gain unauthorized access to our systems or networks, or those of our managers, employees, and third-party vendors and service providers, to disrupt operations, corrupt data or steal confidential or personal information and other cybersecurity breaches. We consider cybersecurity risk a serious threat to our assets and our people and have put processes in place designed to mitigate the risk and impact of any such cybersecurity threat or incident.
Our operations rely on the secure, accurate and timely receipt, storage, transmission, use, disclosure, and other processing of confidential and other information (including personal information) in our systems and networks. We also rely on the secure, accurate and timely receipt, storage, transmission, use, disclosure, and other processing of confidential and other information in the systems and networks of our customers and third parties, including suppliers, sellers and servicers, financial market utilities, and other third parties. Cybersecurity risks for companies like ours continue to increase. Like many companies and government entities, from time to time we have been, and expect to continue to be, the target of attempted cybersecurity incidents and other information security threats, including those from nation-state and nation-state supported actors.
As of the date of this report, we have not experienced or aware of any cybersecurity incidents resulting, or reasonably likely to result in, a material impact to us, including to our business, financial condition, and results of operations. There is no assurance that our cybersecurity risk management program will prevent cybersecurity incidents from having such impacts in the future.
Additionally, insider threats also remain a risk given our workforce diversification to include contractors, remote workers, part-time employees, and full-time employees. As referenced above, our third-party vendors and service providers and their supply chain connections remain a potential source of risk.
For additional information, see Risk Factors – Risks Related to Our Business. Potential cybersecurity threats are changing rapidly and advancing in sophistication. We may not be able to protect our systems and networks, or the confidentiality of our confidential or other information (including personal information), from cybersecurity incidents and other unauthorized access, disclosure, and disruption.
Cybersecurity Risk Management and Strategy
Our cybersecurity program is built upon the National Institute for Standards and Technology and other best practice frameworks. We employ processes for assessing, identifying, and managing material risks from cybersecurity threats, including engaging an independent cybersecurity consultant to audit our systems and procedures, make recommendations for improvement and monitor remediation of any identified risks. We also conduct random vulnerability testing including network penetration testing, phishing, and social engineering tests. In addition, we also require Systems and Organization Control type reports from our service providers for our payroll and human resources system and stock administrator.
Although we maintain systems and controls designed to prevent cybersecurity breaches from occurring, and we have processes to identify and mitigate threats, the development and maintenance of these systems, controls and processes is costly and requires ongoing monitoring and updating as technologies change and efforts to overcome security measures become increasingly sophisticated. Moreover, despite our efforts, the possibility of a breach occurring cannot be eliminated entirely. As we engage in more electronic transactions with service customers and vendors, and rely more on cloud-based information systems, the related security risks will increase, and we will need to expend additional resources to protect our technology and information systems. In addition, there can be no assurance that our internal information technology systems or those of our third-party contractors, or our consultants’ efforts to implement adequate security and control measures, will be sufficient to protect us against breakdowns, service disruption, data deterioration or loss in the event of a system malfunction, or prevent data from being stolen or corrupted in the event of a cyberattack, security breach, industrial espionage attacks or insider threat attacks which could result in financial, legal, business or reputational harm. |
| Cybersecurity Risk Management Processes Integrated [Flag] | true |
| Cybersecurity Risk Management Processes Integrated [Text Block] | Our business is subject to risk from cybersecurity threats and incidents, including attempts to gain unauthorized access to our systems or networks, or those of our managers, employees, and third-party vendors and service providers, to disrupt operations, corrupt data or steal confidential or personal information and other cybersecurity breaches. We consider cybersecurity risk a serious threat to our assets and our people and have put processes in place designed to mitigate the risk and impact of any such cybersecurity threat or incident. |
| Cybersecurity Risk Management Third Party Engaged [Flag] | true |
| Cybersecurity Risk Third Party Oversight and Identification Processes [Flag] | true |
| Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag] | false |
| Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Text Block] | As of the date of this report, we have not experienced or aware of any cybersecurity incidents resulting, or reasonably likely to result in, a material impact to us, including to our business, financial condition, and results of operations. There is no assurance that our cybersecurity risk management program will prevent cybersecurity incidents from having such impacts in the future. |
| Cybersecurity Risk Board of Directors Oversight [Text Block] |
Cybersecurity Governance
All employees of the Company have ownership in managing cybersecurity and data privacy risks; however, oversight responsibility is shared by our BOD, Audit Committee, and cybersecurity management team. The Audit Committee is responsible for implementing our cybersecurity policies and provides regularly updates to the BOD Our cybersecurity management team, in conjunction with our third-party chief information security officer (“CISO”), conduct regular assessment and management of material risks from cybersecurity threats, including review with our internal cybersecurity management team. All employees and consultants are directed to report to our cybersecurity management team any irregular or suspicious activity that could indicate a cybersecurity threat or incident.
Nuvera’s Senior Security and Corporate Information Technology manager and his staff have primary responsibility for identifying, assessing, and managing our exposure to cybersecurity threats and incidents, subject to oversight by the Audit Committee of the BOD of the processes we establish to assess, monitor, and mitigate that exposure. As members of Nuvera’s Cybersecurity Committee, the Senior Security and Corporate Information Technology manager and his team bring a combined sixty years of information technology experience at Nuvera in security, incident response, and local and external network architecture. Senior Management, Finance and Compliance members of Nuvera’s Cybersecurity Committee bring over twenty-five years of experience in risk management, regulatory and compliance. Nuvera relies on their CISO from FRSecure for recommendations and direction on strategy, policy, and process. FRSecure has a team with a combined three hundred years of experience in information security with thirty difference certifications.
If a potentially material cybersecurity threat or incident is identified or discovered, the Company’s Cybersecurity Management Team will trigger our incidence response plan, including notifying our CEO, CFO, and other relevant business executives. Our Cybersecurity Management Team, along with our CISO, will work with the appropriate leaders and employees in any impacted business groups, as well as appropriate personnel in our finance, legal and other impacted departments, to assess the risks to the Company and potential impact while determining appropriate remediation steps. If executive management determines that a cybersecurity threat or incident could be material to the Company, our management will notify the Audit Committee, who will escalate the risk to our full BOD, depending on an assessment of the risk. |
| Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block] | All employees of the Company have ownership in managing cybersecurity and data privacy risks; however, oversight responsibility is shared by our BOD, Audit Committee, and cybersecurity management team. The Audit Committee is responsible for implementing our cybersecurity policies and provides regularly updates to the BOD Our cybersecurity management team, in conjunction with our third-party chief information security officer (“CISO”), conduct regular assessment and management of material risks from cybersecurity threats, including review with our internal cybersecurity management team. All employees and consultants are directed to report to our cybersecurity management team any irregular or suspicious activity that could indicate a cybersecurity threat or incident. |
| Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block] | If a potentially material cybersecurity threat or incident is identified or discovered, the Company’s Cybersecurity Management Team will trigger our incidence response plan, including notifying our CEO, CFO, and other relevant business executives. Our Cybersecurity Management Team, along with our CISO, will work with the appropriate leaders and employees in any impacted business groups, as well as appropriate personnel in our finance, legal and other impacted departments, to assess the risks to the Company and potential impact while determining appropriate remediation steps. If executive management determines that a cybersecurity threat or incident could be material to the Company, our management will notify the Audit Committee, who will escalate the risk to our full BOD, depending on an assessment of the risk. |
| Cybersecurity Risk Role of Management [Text Block] | Nuvera’s Senior Security and Corporate Information Technology manager and his staff have primary responsibility for identifying, assessing, and managing our exposure to cybersecurity threats and incidents, subject to oversight by the Audit Committee of the BOD of the processes we establish to assess, monitor, and mitigate that exposure. As members of Nuvera’s Cybersecurity Committee, the Senior Security and Corporate Information Technology manager and his team bring a combined sixty years of information technology experience at Nuvera in security, incident response, and local and external network architecture. Senior Management, Finance and Compliance members of Nuvera’s Cybersecurity Committee bring over twenty-five years of experience in risk management, regulatory and compliance. Nuvera relies on their CISO from FRSecure for recommendations and direction on strategy, policy, and process. FRSecure has a team with a combined three hundred years of experience in information security with thirty difference certifications. |
| Cybersecurity Risk Management Positions or Committees Responsible [Flag] | true |
| Cybersecurity Risk Management Positions or Committees Responsible [Text Block] | Nuvera’s Senior Security and Corporate Information Technology manager and his staff have primary responsibility for identifying, assessing, and managing our exposure to cybersecurity threats and incidents, subject to oversight by the Audit Committee of the BOD of the processes we establish to assess, monitor, and mitigate that exposure. As members of Nuvera’s Cybersecurity Committee, the Senior Security and Corporate Information Technology manager and his team bring a combined sixty years of information technology experience at Nuvera in security, incident response, and local and external network architecture. Senior Management, Finance and Compliance members of Nuvera’s Cybersecurity Committee bring over twenty-five years of experience in risk management, regulatory and compliance. Nuvera relies on their CISO from FRSecure for recommendations and direction on strategy, policy, and process. FRSecure has a team with a combined three hundred years of experience in information security with thirty difference certifications. |
| Cybersecurity Risk Management Expertise of Management Responsible [Text Block] | Nuvera’s Senior Security and Corporate Information Technology manager and his staff have primary responsibility for identifying, assessing, and managing our exposure to cybersecurity threats and incidents, subject to oversight by the Audit Committee of the BOD of the processes we establish to assess, monitor, and mitigate that exposure. As members of Nuvera’s Cybersecurity Committee, the Senior Security and Corporate Information Technology manager and his team bring a combined sixty years of information technology experience at Nuvera in security, incident response, and local and external network architecture. Senior Management, Finance and Compliance members of Nuvera’s Cybersecurity Committee bring over twenty-five years of experience in risk management, regulatory and compliance. Nuvera relies on their CISO from FRSecure for recommendations and direction on strategy, policy, and process. FRSecure has a team with a combined three hundred years of experience in information security with thirty difference certifications. |
| Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block] | If a potentially material cybersecurity threat or incident is identified or discovered, the Company’s Cybersecurity Management Team will trigger our incidence response plan, including notifying our CEO, CFO, and other relevant business executives. Our Cybersecurity Management Team, along with our CISO, will work with the appropriate leaders and employees in any impacted business groups, as well as appropriate personnel in our finance, legal and other impacted departments, to assess the risks to the Company and potential impact while determining appropriate remediation steps. If executive management determines that a cybersecurity threat or incident could be material to the Company, our management will notify the Audit Committee, who will escalate the risk to our full BOD, depending on an assessment of the risk. |
| Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag] | true |