Cybersecurity Risk Management, Strategy, and Governance |
12 Months Ended |
|---|---|
Dec. 31, 2025 | |
| Cybersecurity Risk Management, Strategy, and Governance [Line Items] | |
| Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block] |
Item 1C. Cybersecurity. Risk Management and Strategy We recognize the importance of developing, implementing and maintaining cybersecurity measures to safeguard our information systems and protect the confidentiality, integrity, and availability of data. We have integrated cybersecurity risk management into our broader risk management framework. Our digital and technology organization outside the Company continually addresses cybersecurity risk in alignment with our business objectives and operational needs. Our cybersecurity program is focused on the following areas:
•
Governance: We leverage multiple cybersecurity frameworks, primarily NIST CSF 2.0 and regulatory requirements to inform our externally managed information technology (“IT”) infrastructure. The Company maintains an active IT security program that performs annual risk assessments, technical reviews, evaluation and implementation of IT controls, collects results and evidence of compliance and develops IT policies.
•
Technical Safeguards: The Company does not use a centralized server where all information is stored and therefore where all information is placed at risk. Instead, we deploy technical and procedural measures using a distributed model so that no one location or machine could cripple the company’s IT infrastructure. Protection measures include, but are not limited to, network intrusion detection and prevention, vulnerability assessments and monthly risk assessments and management, threat intelligence, anti-malware and access controls. The Company has implemented a Managed Detection and Response (MDR) program that provides a single pane of glass visibility to our security activities through a unified dashboard monitored by our security team. The Company collects threat intelligence data from endpoints and network data flows and send logs for analysis and storage to our cloud-based log collector. The Company's security team, along with our 24x7 security operations center (SOC) provides breach detection, monitoring, and remediation of identified risks.
•
Security Awareness / Training: All employees are required to adhere to our Standards of Business Conduct, which identifies an employee's responsibility for information security. We also disseminate security awareness information periodically throughout the year. All employees can be required to complete yearly cybersecurity awareness training based on internal testing.
•
Third-Party Suppliers and Service Providers: We manage our IT infrastructure with an external vendor who maintains and evaluates risk exposure in real-time and conducts monthly risk assessments and adjustments to preclude cyberattacks. Vendor security reviews evaluate numerous key security controls and the outputs of these reviews are used as part of business decisions regarding storage and dissemination of virtual data and to assess a vendor's overall security posture.
Risks from Cybersecurity Threats While we are subject to ongoing cybersecurity threats, the risks from these threats have not materially affected, or are reasonably likely to materially affect the company, including our business strategy, results of operations or financial condition. For additional information regarding risks from cybersecurity threats, see "Item 1A. Risk Factors-Risks Related to Our Operations" in this Annual Report.
Board Oversight of Cybersecurity Risks Our management is responsible for assessing and managing cybersecurity risks as part of its overall risk management process. The Board of Directors maintains oversight of our risk management framework and considers cybersecurity risks as part of its oversight of operational and information technology matters. Board is responsible for the oversight of our risk management program and regularly reviews information regarding our most significant strategic, operational, financial, legal and compliance risks, including cybersecurity risks. The Board reviews mitigation plans through discussions with management, which includes regular Board reports and findings from management’s monthly discussions with our outside IT group. Our Board of Directors also reviews and approves our cybersecurity policies, strategies, and budgets on an annual basis. Management's Role in Assessing and Managing Cybersecurity Risks The Company's CEO in conjunction with our external IT team are responsible for setting the strategy and communicating cybersecurity risks. With the Company’s distributed model of data storage, risks have been limited and the Company has not experienced a cybersecurity breach. The Company’s security measures and monthly system audits are designed to identify potential vulnerabilities and remediate deficiencies in real time. |
| Cybersecurity Risk Management Processes Integrated [Flag] | true |
| Cybersecurity Risk Management Processes Integrated [Text Block] |
We have integrated cybersecurity risk management into our broader risk management framework. Our digital and technology organization outside the Company continually addresses cybersecurity risk in alignment with our business objectives and operational needs. Our cybersecurity program is focused on the following areas:
•
Governance: We leverage multiple cybersecurity frameworks, primarily NIST CSF 2.0 and regulatory requirements to inform our externally managed information technology (“IT”) infrastructure. The Company maintains an active IT security program that performs annual risk assessments, technical reviews, evaluation and implementation of IT controls, collects results and evidence of compliance and develops IT policies.
•
Technical Safeguards: The Company does not use a centralized server where all information is stored and therefore where all information is placed at risk. Instead, we deploy technical and procedural measures using a distributed model so that no one location or machine could cripple the company’s IT infrastructure. Protection measures include, but are not limited to, network intrusion detection and prevention, vulnerability assessments and monthly risk assessments and management, threat intelligence, anti-malware and access controls. The Company has implemented a Managed Detection and Response (MDR) program that provides a single pane of glass visibility to our security activities through a unified dashboard monitored by our security team. The Company collects threat intelligence data from endpoints and network data flows and send logs for analysis and storage to our cloud-based log collector. The Company's security team, along with our 24x7 security operations center (SOC) provides breach detection, monitoring, and remediation of identified risks.
•
Security Awareness / Training: All employees are required to adhere to our Standards of Business Conduct, which identifies an employee's responsibility for information security. We also disseminate security awareness information periodically throughout the year. All employees can be required to complete yearly cybersecurity awareness training based on internal testing.
•
Third-Party Suppliers and Service Providers: We manage our IT infrastructure with an external vendor who maintains and evaluates risk exposure in real-time and conducts monthly risk assessments and adjustments to preclude cyberattacks. Vendor security reviews evaluate numerous key security controls and the outputs of these reviews are used as part of business decisions regarding storage and dissemination of virtual data and to assess a vendor's overall security posture.
|
| Cybersecurity Risk Third Party Oversight and Identification Processes [Flag] | true |
| Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag] | false |
| Cybersecurity Risk Board of Directors Oversight [Text Block] |
Our management is responsible for assessing and managing cybersecurity risks as part of its overall risk management process. The Board of Directors maintains oversight of our risk management framework and considers cybersecurity risks as part of its oversight of operational and information technology matters. Board is responsible for the oversight of our risk management program and regularly reviews information regarding our most significant strategic, operational, financial, legal and compliance risks, including cybersecurity risks. The Board reviews mitigation plans through discussions with management, which includes regular Board reports and findings from management’s monthly discussions with our outside IT group. Our Board of Directors also reviews and approves our cybersecurity policies, strategies, and budgets on an annual basis. |
| Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block] |
Our management is responsible for assessing and managing cybersecurity risks as part of its overall risk management process. The Board of Directors maintains oversight of our risk management framework and considers cybersecurity risks as part of its oversight of operational and information technology matters. |
| Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block] | Our Board of Directors also reviews and approves our cybersecurity policies, strategies, and budgets on an annual basis. |
| Cybersecurity Risk Role of Management [Text Block] | CEO in conjunction with our external IT team are responsible for setting the strategy and communicating cybersecurity risks. With the Company’s distributed model of data storage, risks have been limited and the Company has not experienced a cybersecurity breach. The Company’s security measures and monthly system audits are designed to identify potential vulnerabilities and remediate deficiencies in real time. |
| Cybersecurity Risk Management Positions or Committees Responsible [Flag] | true |
| Cybersecurity Risk Management Positions or Committees Responsible [Text Block] | CEO in conjunction with our external IT team are responsible for setting the strategy and communicating cybersecurity risks. |
| Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block] | The Board reviews mitigation plans through discussions with management, which includes regular Board reports and findings from management’s monthly discussions with our outside IT group |