Cybersecurity Risk Management and Strategy Disclosure |
12 Months Ended |
|---|---|
Dec. 31, 2025 | |
| Cybersecurity Risk Management, Strategy, and Governance [Line Items] | |
| Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block] |
Cybersecurity risk management and strategy
Our cybersecurity risk management is based on recognized cybersecurity industry frameworks and standards, including those of the National Institute of Standards and Technology, the Center for Internet Security Controls, and the International Organization for Standardization. We use these frameworks, together with information collected from internal assessments, to develop policies for the use of our information assets (for example, IT business information and information resources such as mobile phones, computers and workstations), access to specific intellectual property or technologies, and protection of personal information. We protect these information assets through industry-standard techniques, such as multifactor authentication and malware defenses. We also work with internal stakeholders across the company to integrate foundational cybersecurity principles throughout our organization’s operations, including the employment of multiple layers of cybersecurity defenses, restricted access based on business needs, and integrity of our business information. Throughout the year, we also regularly train our employees on cybersecurity awareness, confidential information protection and simulated phishing attacks.
We regularly engage -party assessors to conduct penetration testing and measure our program to industry standard frameworks. We also have standing engagements with incident response experts and external counsel. We frequently collaborate with industry experts and cybersecurity practitioners at other companies to exchange information about potential cybersecurity threats, best practices and trends.
Our cybersecurity risk management extends to risks associated with our use of third-party service providers. For instance, we conduct risk and compliance assessments of third-party service providers that request access to our information assets.
Our cybersecurity risk management is an important part of our comprehensive business continuity program and enterprise risk management. Our global information security team periodically engages with a cross-functional group of subject matter experts and leaders to assess and refine our cybersecurity risk posture and preparedness. For example, we regularly evaluate and update contingency strategies for our business in the event that a portion of our information resources were to be unavailable due to a cybersecurity incident. We practice our response to potential cybersecurity incidents through regular tabletop exercises, threat hunting and red team exercises.
|
| Cybersecurity Risk Management Processes Integrated [Flag] | true |
| Cybersecurity Risk Management Processes Integrated [Text Block] | Our cybersecurity risk management is based on recognized cybersecurity industry frameworks and standards, including those of the National Institute of Standards and Technology, the Center for Internet Security Controls, and the International Organization for Standardization. We use these frameworks, together with information collected from internal assessments, to develop policies for the use of our information assets (for example, IT business information and information resources such as mobile phones, computers and workstations), access to specific intellectual property or technologies, and protection of personal information. We protect these information assets through industry-standard techniques, such as multifactor authentication and malware defenses. We also work with internal stakeholders across the company to integrate foundational cybersecurity principles throughout our organization’s operations, including the employment of multiple layers of cybersecurity defenses, restricted access based on business needs, and integrity of our business information. Throughout the year, we also regularly train our employees on cybersecurity awareness, confidential information protection and simulated phishing attacks. |
| Cybersecurity Risk Management Third Party Engaged [Flag] | true |
| Cybersecurity Risk Third Party Oversight and Identification Processes [Flag] | true |
| Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag] | false |
| Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Text Block] | Our cybersecurity risk management is an important part of our comprehensive business continuity program and enterprise risk management. Our global information security team periodically engages with a cross-functional group of subject matter experts and leaders to assess and refine our cybersecurity risk posture and preparedness. For example, we regularly evaluate and update contingency strategies for our business in the event that a portion of our information resources were to be unavailable due to a cybersecurity incident. We practice our response to potential cybersecurity incidents through regular tabletop exercises, threat hunting and red team exercises. |
| Cybersecurity Risk Board of Directors Oversight [Text Block] |
Governance of cybersecurity risk management
The board of directors, as a whole, has oversight responsibility for our strategic and operational risks. The audit committee assists the board of directors with this responsibility by reviewing and discussing our risk assessment and risk management practices, including cybersecurity risks, with members of management. The audit committee, in turn, periodically reports on its review with the board of directors.
Management is responsible for day-to-day assessment and management of cybersecurity risks and reports regularly to the audit committee.
|
| Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block] | The board of directors, as a whole, has oversight responsibility for our strategic and operational risks. The audit committee assists the board of directors with this responsibility by reviewing and discussing our risk assessment and risk management practices, including cybersecurity risks, with members of management. The audit committee, in turn, periodically reports on its review with the board of directors. |
| Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block] | Management is responsible for day-to-day assessment and management of cybersecurity risks and reports regularly to the audit committee. |
| Cybersecurity Risk Role of Management [Text Block] | Management is responsible for day-to-day assessment and management of cybersecurity risks and reports regularly to the audit committee. |
| Cybersecurity Risk Management Positions or Committees Responsible [Flag] | true |
| Cybersecurity Risk Management Positions or Committees Responsible [Text Block] | The board of directors, as a whole, has oversight responsibility for our strategic and operational risks. The audit committee assists the board of directors with this responsibility by reviewing and discussing our risk assessment and risk management practices, including cybersecurity risks, with members of management. The audit committee, in turn, periodically reports on its review with the board of directors. |
| Cybersecurity Risk Management Expertise of Management Responsible [Text Block] | The board of directors, as a whole, has oversight responsibility for our strategic and operational risks. The audit committee assists the board of directors with this responsibility by reviewing and discussing our risk assessment and risk management practices, including cybersecurity risks, with members of management. The audit committee, in turn, periodically reports on its review with the board of directors. |
| Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block] | Management is responsible for day-to-day assessment and management of cybersecurity risks and reports regularly to the audit committee. |
| Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag] | true |