Cybersecurity Risk Management and Strategy Disclosure |
12 Months Ended |
|---|---|
Dec. 31, 2025 | |
| Cybersecurity Risk Management, Strategy, and Governance [Line Items] | |
| Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block] |
We maintain a cybersecurity risk management program designed to protect the confidentiality, integrity, and availability of our information systems and the data we process in support of our business operations. Our cybersecurity program is risk-based and is designed to evolve in response to changes in our operating environment, technology infrastructure, regulatory obligations, and the cybersecurity threat landscape.
Our approach to cybersecurity focuses on managing risks that could materially affect our operations, financial condition, or reputation. Key components of our program include identity and access management; data protection and encryption; secure software development and change management practices; business continuity and disaster recovery planning; endpoint and network security; vulnerability and patch management; monitoring, logging, and alerting; incident response preparedness; employee cybersecurity training; and the use of cyber insurance as a risk transfer mechanism.
Risk Management & Strategy
Our cybersecurity risk management program is designed to identify, assess, manage, mitigate, and respond to cybersecurity risks that may arise from internal or external threats. Cybersecurity risks are evaluated as part of our broader enterprise risk management processes and are prioritized based on the potential impact to business operations, financial results, legal and regulatory compliance, and reputation.
We maintain policies, procedures, and technical safeguards that are informed by recognized cybersecurity frameworks and best practices, including those published by the National Institute of Standards and Technology ("NIST"), which we use as a reference to assess and enhance our controls over time. We periodically evaluate cybersecurity risks and control effectiveness through risk assessments, testing activities, and internal reviews, and we use the results of these activities to inform remediation efforts and cybersecurity investment decisions.
Certain information technology and cybersecurity controls are subject to review by internal audit and external auditors as part of their respective audit activities, including reviews related to internal control over financial reporting and information security practices, as applicable. |
| Cybersecurity Risk Management Processes Integrated [Flag] | true |
| Cybersecurity Risk Management Processes Integrated [Text Block] | We maintain a cybersecurity risk management program designed to protect the confidentiality, integrity, and availability of our information systems and the data we process in support of our business operations. Our cybersecurity program is risk-based and is designed to evolve in response to changes in our operating environment, technology infrastructure, regulatory obligations, and the cybersecurity threat landscape. |
| Cybersecurity Risk Management Third Party Engaged [Flag] | true |
| Cybersecurity Risk Third Party Oversight and Identification Processes [Flag] | true |
| Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag] | false |
| Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Text Block] | While we did not experience a material cybersecurity incident during the year ended December 31, 2025, cybersecurity incidents are inherently unpredictable, and the effectiveness of preventive controls cannot be assured. A future cybersecurity incident could have a material adverse effect on our business, results of operations, or financial condition. See Item 1A. "Risk Factors" for additional discussion of cybersecurity-related risks. |
| Cybersecurity Risk Board of Directors Oversight [Text Block] |
Governance
Oversight of cybersecurity risk is managed through a cross-functional governance structure involving our information technology, compliance, and legal functions. These teams are responsible for the day-to-day management of our cybersecurity program, including risk assessments, control implementation, and incident response preparedness. Corporate counsel and external legal advisors work closely with management on data security, privacy, and regulatory compliance matters.
Day-to-day responsibility for cybersecurity operations is delegated to senior information technology leadership, with cross-functional coordination among compliance and legal teams. Management provides quarterly updates to the Audit Committee of the Board of Directors regarding cybersecurity risks, initiatives, and incidents, if any. The Audit Committee oversees cybersecurity risk as part of its broader oversight of enterprise risk management and receives information designed to enable informed oversight, including updates on significant cybersecurity initiatives, risk trends, and any material incidents.
Incident Disclosure and Materiality
While we did not experience a material cybersecurity incident during the year ended December 31, 2025, cybersecurity incidents are inherently unpredictable, and the effectiveness of preventive controls cannot be assured. A future cybersecurity incident could have a material adverse effect on our business, results of operations, or financial condition. See Item 1A. "Risk Factors" for additional discussion of cybersecurity-related risks. |
| Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block] | Oversight of cybersecurity risk is managed through a cross-functional governance structure involving our information technology, compliance, and legal functions. These teams are responsible for the day-to-day management of our cybersecurity program, including risk assessments, control implementation, and incident response preparedness. Corporate counsel and external legal advisors work closely with management on data security, privacy, and regulatory compliance matters. |
| Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block] | Day-to-day responsibility for cybersecurity operations is delegated to senior information technology leadership, with cross-functional coordination among compliance and legal teams. Management provides quarterly updates to the Audit Committee of the Board of Directors regarding cybersecurity risks, initiatives, and incidents, if any. The Audit Committee oversees cybersecurity risk as part of its broader oversight of enterprise risk management and receives information designed to enable informed oversight, including updates on significant cybersecurity initiatives, risk trends, and any material incidents. |
| Cybersecurity Risk Role of Management [Text Block] | Oversight of cybersecurity risk is managed through a cross-functional governance structure involving our information technology, compliance, and legal functions. These teams are responsible for the day-to-day management of our cybersecurity program, including risk assessments, control implementation, and incident response preparedness. Corporate counsel and external legal advisors work closely with management on data security, privacy, and regulatory compliance matters. |
| Cybersecurity Risk Management Positions or Committees Responsible [Flag] | true |
| Cybersecurity Risk Management Positions or Committees Responsible [Text Block] | Day-to-day responsibility for cybersecurity operations is delegated to senior information technology leadership, with cross-functional coordination among compliance and legal teams. Management provides quarterly updates to the Audit Committee of the Board of Directors regarding cybersecurity risks, initiatives, and incidents, if any. The Audit Committee oversees cybersecurity risk as part of its broader oversight of enterprise risk management and receives information designed to enable informed oversight, including updates on significant cybersecurity initiatives, risk trends, and any material incidents. |
| Cybersecurity Risk Management Expertise of Management Responsible [Text Block] | Day-to-day responsibility for cybersecurity operations is delegated to senior information technology leadership, with cross-functional coordination among compliance and legal teams. Management provides quarterly updates to the Audit Committee of the Board of Directors regarding cybersecurity risks, initiatives, and incidents, if any. The Audit Committee oversees cybersecurity risk as part of its broader oversight of enterprise risk management and receives information designed to enable informed oversight, including updates on significant cybersecurity initiatives, risk trends, and any material incidents. |
| Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block] | We maintain incident response and escalation procedures designed to enable timely identification, assessment, containment, and remediation of cybersecurity incidents. The determination of whether a cybersecurity incident is material for disclosure purposes is made by management based on a cross-functional assessment that includes representatives from information technology, compliance, corporate counsel, executive leadership, and external advisors, as appropriate. Materiality determinations are based on applicable legal and regulatory standards and consider both quantitative and qualitative factors, including the potential impact on our operations, financial condition, customers, and reputation. |
| Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag] | true |