Cybersecurity Risk Management and Strategy Disclosure |
12 Months Ended |
|---|---|
Dec. 31, 2024 | |
| Cybersecurity Risk Management, Strategy, and Governance [Line Items] | |
| Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block] |
Risk Management and Strategy The Company has processes for assessing, identifying, and managing material risks from cybersecurity threats. These processes are integrated into the Company’s overall risk management systems, as overseen by the Company’s board of directors (the “Board”), primarily through its audit committee of the Board (the “Audit Committee”). These processes also include overseeing and identifying risks from cybersecurity threats associated with the use of third-party service providers. The Company conducts security assessments of certain third-party providers before engagement and has established monitoring procedures in its effort to mitigate risks related to data breaches or other security incidents originating from third parties. As of the date of this Annual Report on Form 10-K, the Company is not aware of any cybersecurity incidents that have materially affected or are reasonably likely to materially affect the Company, including its business strategy, results of operations, or financial condition and that are required to be reported in this Annual Report on Form 10-K. For further discussion of the risks associated with cybersecurity incidents, see the cybersecurity risk factors in Item 1A. Risk Factors, “We are reliant on information technology systems and may be subject to damaging cyber-attacks or security breaches” and “We are subject to data privacy laws, rules and regulations and any non-compliance with such laws, rules and regulations, could adversely affect our business, financial condition and operating results” in this Annual Report on Form 10-K. |
| Cybersecurity Risk Management Processes Integrated [Flag] | true |
| Cybersecurity Risk Management Processes Integrated [Text Block] | The Company has processes for assessing, identifying, and managing material risks from cybersecurity threats. These processes are integrated into the Company’s overall risk management systems, as overseen by the Company’s board of directors (the “Board”), primarily through its audit committee of the Board (the “Audit Committee”). These processes also include overseeing and identifying risks from cybersecurity threats associated with the use of third-party service providers. The Company conducts security assessments of certain third-party providers before engagement and has established monitoring procedures in its effort to mitigate risks related to data breaches or other security incidents originating from third parties. |
| Cybersecurity Risk Management Third Party Engaged [Flag] | true |
| Cybersecurity Risk Third Party Oversight and Identification Processes [Flag] | true |
| Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag] | false |
| Cybersecurity Risk Board of Directors Oversight [Text Block] |
Board of Directors The Audit Committee oversees, among other things, the adequacy and effectiveness of the Company’s internal controls, including internal controls designed to assess, identify, and manage material risks from cybersecurity threats. The Audit Committee is informed of material risks from cybersecurity threats pursuant to the escalation criteria as set forth in the Company’s disclosure controls and procedures. The Company’s Head of Information Technology (“Head of IT”) provides reports on cybersecurity matters, including material risks and threats, annually or more frequently as appropriate to the Board, including to the Audit Committee. |
| Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block] | Audit Committee |
| Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block] | The Audit Committee is informed of material risks from cybersecurity threats pursuant to the escalation criteria as set forth in the Company’s disclosure controls and procedures. The Company’s Head of Information Technology (“Head of IT”) provides reports on cybersecurity matters, including material risks and threats, annually or more frequently as appropriate to the Board, including to the Audit Committee. |
| Cybersecurity Risk Role of Management [Text Block] |
Under the oversight of the Audit Committee, and as directed by the Head of IT, Company management is primarily responsible for the assessment and management of material cybersecurity risks. The Head of IT brings over a decade of extensive experience in global technology organizations spanning various industries. With a background encompassing more than a decade of expertise in information security, risk management, and compliance, The Head of IT has successfully led cyber security initiatives and ensured compliance with regulatory standards such as the Health Insurance Portability and Accountability Act and The Telephone Consumer Protection Act. The Head of IT is also supported by an Incident Response Team Security Officer (“IRT Security Officer”) who provides cross-functional support for cybersecurity risk management and facilitates the response to any cybersecurity incidents. The Company’s IRT Security Officer has completed rigorous cybersecurity awareness and threat response training and has the skills to develop effective incident response plans and swiftly mitigate emerging cyber threats. The IRT Security Officer enhances the Company’s cybersecurity posture and readiness with expertise in threat detection, incident coordination, and remediation.
The Head of IT oversees the Company’s cybersecurity incident response plan and related processes designed to assess and manage material risks from cybersecurity threats. The Head of IT also coordinates with the Company’s General Counsel and interim Chief Financial Officer (the “Interim CFO”) to assess and manage material risks from cybersecurity threats. The Head of IT is informed about and monitors the prevention, detection, mitigation, and remediation of cybersecurity incidents pursuant to criteria set forth in the Company’s incident response plan and related processes. The Company’s Disclosure Committee, with the assistance of its Cybersecurity Subcommittee, is responsible for overseeing the establishment and effectiveness of controls and other procedures, including controls and procedures related to the public disclosure of material cybersecurity matters. The Company’s Disclosure Committee is comprised of, among others, the Interim CFO, General Counsel, Vice President of Investor Relations and Communications, Corporate Controller, and Financial Reporting Manager. The Cybersecurity Subcommittee of the Company’s Disclosure Committee is comprised of, among others, the Company’s Interim CFO, Head of IT, General Counsel, Corporate Controller, and IRT Security Officer. The Head of IT, or a delegate, informs the Cybersecurity Subcommittee of certain cybersecurity incidents that may potentially be determined to be material pursuant to escalation criteria set forth in the Company’s incident response plan and related processes. The Cybersecurity Subcommittee is also primarily responsible for advising the Disclosure Committee and the Company’s CEO and Interim CFO regarding cybersecurity disclosures in public filings. The Head of IT, with the General Counsel in attendance, also notifies the Audit Committee chair of any material cybersecurity incidents. |
| Cybersecurity Risk Management Positions or Committees Responsible [Flag] | true |
| Cybersecurity Risk Management Positions or Committees Responsible [Text Block] | true |
| Cybersecurity Risk Management Expertise of Management Responsible [Text Block] |
The Head of IT brings over a decade of extensive experience in global technology organizations spanning various industries. With a background encompassing more than a decade of expertise in information security, risk management, and compliance, The Head of IT has successfully led cyber security initiatives and ensured compliance with regulatory standards such as the Health Insurance Portability and Accountability Act and The Telephone Consumer Protection Act. The Head of IT is also supported by an Incident Response Team Security Officer (“IRT Security Officer”) who provides cross-functional support for cybersecurity risk management and facilitates the response to any cybersecurity incidents. The Company’s IRT Security Officer has completed rigorous cybersecurity awareness and threat response training and has the skills to develop effective incident response plans and swiftly mitigate emerging cyber threats. The IRT Security Officer enhances the Company’s cybersecurity posture and readiness with expertise in threat detection, incident coordination, and remediation. |
| Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block] | The Head of IT is informed about and monitors the prevention, detection, mitigation, and remediation of cybersecurity incidents pursuant to criteria set forth in the Company’s incident response plan and related processes.The Head of IT, or a delegate, informs the Cybersecurity Subcommittee of certain cybersecurity incidents that may potentially be determined to be material pursuant to escalation criteria set forth in the Company’s incident response plan and related processes. |
| Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag] | true |