Cybersecurity Risk Management and Strategy Disclosure |
12 Months Ended |
|---|---|
Dec. 31, 2024 | |
| Cybersecurity Risk Management, Strategy, and Governance [Abstract] | |
| Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block] |
Cybersecurity
Management and StrategyIn
the ordinary course of our business, we collect, use, store, and transmit confidential, financial, sensitive, proprietary, personal,
and health-related information. The secure maintenance of this information and our information technology systems is important to our
operations and business strategy. To this end, we consider cybersecurity, along with other significant risks that we face, within our
overall enterprise risk management framework, and have implemented processes designed to assess, identify, and manage risks from potential
unauthorized occurrences on or through our information technology systems that may result in adverse effects on the confidentiality,
integrity, and availability of these systems and the data residing therein. These processes are managed and monitored by a dedicated
Director of Information Technology and an Information Technology Security and Risk Manager. We have developed a cybersecurity program
following the National Institute of Standards and Technology (“NIST”) cybersecurity framework that include mechanisms, controls,
technologies, and systems designed to prevent or mitigate data loss, theft, misuse, or other security incidents or vulnerabilities affecting
the data and maintain a stable information technology environment. For example, we conduct penetration and vulnerability testing, and
data recovery testing on a periodic basis. In addition, we consult with outside advisors and experts, when appropriate, to assist with
assessing, identifying, and managing cybersecurity risks, including to anticipate future threats and trends, and their impact on the
Company’s risk environment.
Third-Party Risk Management
We have processes to evaluate third-party service providers and vendors that have access to sensitive systems and company data, which may include due diligence procedures such as assessments of that service provider’s cybersecurity posture or a recommendation of specific mitigation controls. Following an assessment, we determine and prioritize service provider risk based on potential threat impact and likelihood, and such risk determinations drive the level of due diligence and ongoing compliance monitoring required for each service provider.
Education and Awareness
We also provide cybersecurity training to our employees and are formalizing an ongoing information security training program for active employees and relevant consultants to address matters such as phishing, email security, social engineering and training on data privacy. Current Cybersecurity Risk PostureWe have not identified any cybersecurity incidents or threats that have materially affected us or are reasonably likely to materially affect us. However, like other companies in our industry, we and our third-party vendors have from time-to-time experienced threats to and security incidents relating to information systems. Additional information on cybersecurity risks we face is discussed in Part I, Item 1A, “Risk Factors,” under the heading “Risks related to cybersecurity.” |
| Cybersecurity Risk Management Processes Integrated [Flag] | true |
| Cybersecurity Risk Management Processes Integrated [Text Block] | The secure maintenance of this information and our information technology systems is important to our operations and business strategy. To this end, we consider cybersecurity, along with other significant risks that we face, within our overall enterprise risk management framework, and have implemented processes designed to assess, identify, and manage risks from potential unauthorized occurrences on or through our information technology systems that may result in adverse effects on the confidentiality, integrity, and availability of these systems and the data residing therein. These processes are managed and monitored by a dedicated Director of Information Technology and an Information Technology Security and Risk Manager. We have developed a cybersecurity program following the National Institute of Standards and Technology (“NIST”) cybersecurity framework that include mechanisms, controls, technologies, and systems designed to prevent or mitigate data loss, theft, misuse, or other security incidents or vulnerabilities affecting the data and maintain a stable information technology environment. For example, we conduct penetration and vulnerability testing, and data recovery testing on a periodic basis. In addition, we consult with outside advisors and experts, when appropriate, to assist with assessing, identifying, and managing cybersecurity risks, including to anticipate future threats and trends, and their impact on the Company’s risk environment. |
| Cybersecurity Risk Management Third Party Engaged [Flag] | true |
| Cybersecurity Risk Third Party Oversight and Identification Processes [Flag] | true |
| Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag] | false |
| Cybersecurity Risk Board of Directors Oversight [Text Block] |
Governance Our Director of Information Technology, who reports to our CFO, and the Information Technology Security and Risk Manager are responsible for assessing and managing cybersecurity risks. Our Director of Information Technology has over 25 years of experience managing information technology and cybersecurity. He has a bachelor’s degree in electrical engineering from Wright State University as well as a master’s degree in business administration from Ashland University. He has certifications from various information technology vendors as well as experience in implementing security frameworks such as International Organization for Standardization (“ISO”) 27001 and NIST. Our Information Technology Security and Risk Manager has a PhD in a scientific field and various information security certifications such as Certified Ethical Hacker (“CEH”) and Holistic Information Security Practitioner (“HISP”). She also has decades of experience in managing information technology environments and information security such as security architecture, security operations and governance risk and compliance.
We report on our information security program, including the results of periodic testing, to the Audit Committee of the Board of Directors on a quarterly basis. Our Board’s Audit Committee is responsible for overseeing our cybersecurity and information security procedures. The Audit Committee reviews management presentations concerning cybersecurity-related issues, including information security, technology risks, policies, and risk mitigation programs. The Audit Committee reports matters to the Board of Directors as needed. Our CFO, with the support of our Director of Information Technology, Information Technology Security and Risk Manager and third-party consultants, assesses and manages cybersecurity risk, including preventing, mitigating, detecting, and addressing cybersecurity incidents, if any. Our CFO also works closely with other management positions and external legal counsel to ensure that we understand our cybersecurity risk management responsibilities. In case of a cybersecurity incident or breach, our incident response plan defines in detail reporting and escalation processes to management and the Board of Directors. |
| Cybersecurity Risk Management Positions or Committees Responsible [Flag] | true |
| Cybersecurity Risk Management Positions or Committees Responsible [Text Block] | The Audit Committee reviews management presentations concerning cybersecurity-related issues, including information security, technology risks, policies, and risk mitigation programs. |
| Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block] | The Audit Committee reports matters to the Board of Directors as needed. |