Cybersecurity Risk Management and Strategy Disclosure |
12 Months Ended |
|---|---|
Dec. 31, 2025 | |
| Cybersecurity Risk Management, Strategy, and Governance [Line Items] | |
| Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block] |
Our ability to conduct our business may be impaired, or our customer and employee personal information may be vulnerable, if our IT resources are compromised, degraded, damaged or fail. Such events may include, but are not limited to: a virus or other harmful circumstance; intentional penetration or disruption of our information technology resources by a third party; natural disaster; hardware or software corruption or failure or telecommunications system failure; service provider error or failure; intentional or unintentional personnel actions (including the failure to follow our security protocols); or lost connectivity to our networked resources.
We prioritize cybersecurity and data privacy. Our IT department is responsible for coordinating the protection of our information systems and the data they maintain.
Cybersecurity is an integral part of the Company's Enterprise Risk Management ("ERM"). In order to manage technology risk and secure technology ecosystems, our information security framework is based on the National Institute of Standards and Technology ("NIST") principles, which we execute through our adherence to the Center for Internet Security ("CIS18") control framework. The CIS18 framework provides us the ability to align measurable controls to actions and benchmark against recognized standards. Building on this framework, we have implemented processes to assess, identify, and manage risks from cybersecurity threats across the following domains:
•Identity & Access Controls: we enforce Zero Trust through Conditional Access, multi‑factor authentication, and apply least privilege principles through periodic entitlement reviews to ensure only authorized users and compliant devices can access company resources.
•Network & Device Security: we restrict network access to Company‑owned or managed devices and apply network segmentation and application‑aware firewalls to limit exposure and lateral movement.
•Threat Detection & Monitoring: we use real‑time detection tools, centralized logging, correlated telemetry, and a security operations center with integrated threat intelligence to identify and mitigate malicious activity.
•Email & Endpoint Security: we maintain layered email defenses and enforce endpoint security baselines including real‑time threat protection and behavioral detection to reduce phishing, malware, and ransomware risks.
•Vulnerability Management & Testing: we conduct continuous vulnerability scanning and annual independent evaluations, including penetration tests and assumed‑breach exercises.
•Data Protection, Privacy & Resilience: we maintain a privacy policy that limits the collection and storage of personal information, apply encryption and other privacy controls, and safeguard systems and data through comprehensive, immutable, and regularly tested backups of identity platforms, critical systems, and operational data.
•Incident Response & Escalation: we maintain documented incident‑response plans that are updated annually, conduct periodic cyber incident exercises, and follow defined escalation paths to senior leadership and the Board.
•Training & Human Risk Management: we provide mandatory cybersecurity education, conduct phishing simulation at least monthly, reinforce secure employee behaviors, and maintain channels for reporting suspicious activity.
•Program Governance & Continuous Improvement: we regularly update and enhance our cybersecurity program to address evolving threats, align with recognized frameworks, and maintain third‑party cybersecurity insurance to mitigate potential financial impacts of cyber incidents.
•Vendor Management: we review technology vendors for appropriate access controls, data protection, incident response capabilities, and disaster recovery. We also perform independent testing and review the annual System and Organization Controls ("SOC") Type 1 and/or SOC II Type 2 reports for vendors that host company data.
|
| Cybersecurity Risk Management Processes Integrated [Flag] | true |
| Cybersecurity Risk Management Processes Integrated [Text Block] | Cybersecurity is an integral part of the Company's Enterprise Risk Management ("ERM"). In order to manage technology risk and secure technology ecosystems, our information security framework is based on the National Institute of Standards and Technology ("NIST") principles, which we execute through our adherence to the Center for Internet Security ("CIS18") control framework. The |
| Cybersecurity Risk Management Third Party Engaged [Flag] | true |
| Cybersecurity Risk Third Party Oversight and Identification Processes [Flag] | true |
| Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag] | false |
| Cybersecurity Risk Board of Directors Oversight [Text Block] | Cybersecurity and data privacy risks related to our information technology resources are a key component of our Board's risk oversight. The Audit Committee assists the Board in evaluating our cybersecurity and data privacy risks and overseeing our efforts to mitigate these risks. Our Audit Committee is also responsible for reviewing and analyzing significant financial and operational risks and how management is managing and mitigating such risks through its internal controls and financial risk management processes and is regularly engaged in discussions with management regarding business risks, operational risks, transactional risks, cybersecurity, enterprise-level and financial risks. Our Chief Information Officer ("CIO") provides a formal update to our Audit Committee at least twice per year, reviewing cybersecurity risks, trends, plans for future actions and measurements against recognized external cybersecurity frameworks and benchmarks and our Vice President of Internal Audit/Compliance conducts an annual ERM survey, which includes cybersecurity risk, and provides the findings to the Board. |
| Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block] | Audit Committee |
| Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block] | The Audit Committee assists the Board in evaluating our cybersecurity and data privacy risks and overseeing our efforts to mitigate these risks. Our Audit Committee is also responsible for reviewing and analyzing significant financial and operational risks and how management is managing and mitigating such risks through its internal controls and financial risk management processes and is regularly engaged in discussions with management regarding business risks, operational risks, transactional risks, cybersecurity, enterprise-level and financial risks. Our Chief Information Officer ("CIO") provides a formal update to our Audit Committee at least twice per year, reviewing cybersecurity risks, trends, plans for future actions and measurements against recognized external cybersecurity frameworks and benchmarks and our Vice President of Internal Audit/Compliance conducts an annual ERM survey, which includes cybersecurity risk, and provides the findings to the Board. |
| Cybersecurity Risk Role of Management [Text Block] |
Cybersecurity and data privacy risks related to our information technology resources are a key component of our Board's risk oversight. The Audit Committee assists the Board in evaluating our cybersecurity and data privacy risks and overseeing our efforts to mitigate these risks. Our Audit Committee is also responsible for reviewing and analyzing significant financial and operational risks and how management is managing and mitigating such risks through its internal controls and financial risk management processes and is regularly engaged in discussions with management regarding business risks, operational risks, transactional risks, cybersecurity, enterprise-level and financial risks. Our Chief Information Officer ("CIO") provides a formal update to our Audit Committee at least twice per year, reviewing cybersecurity risks, trends, plans for future actions and measurements against recognized external cybersecurity frameworks and benchmarks and our Vice President of Internal Audit/Compliance conducts an annual ERM survey, which includes cybersecurity risk, and provides the findings to the Board.
Our cybersecurity program is led and managed by our CIO and driven by an experienced technology leadership team. Our CIO has more than 30 years of experience working in information technology including chief information officer roles in the financial services, banking, healthcare, and hospitality sectors. While in those roles, our CIO has led governance, risk, and compliance with technology programs and information security programs. Supporting the CIO is a dedicated cybersecurity team that designs and monitors cybersecurity control frameworks and data privacy procedures, as well as implements cybersecurity control systems and solutions.
|
| Cybersecurity Risk Management Positions or Committees Responsible [Flag] | true |
| Cybersecurity Risk Management Positions or Committees Responsible [Text Block] |
Our cybersecurity program is led and managed by our CIO and driven by an experienced technology leadership team. Our CIO has more than 30 years of experience working in information technology including chief information officer roles in the financial services, banking, healthcare, and hospitality sectors. While in those roles, our CIO has led governance, risk, and compliance with technology programs and information security programs. Supporting the CIO is a dedicated cybersecurity team that designs and monitors cybersecurity control frameworks and data privacy procedures, as well as implements cybersecurity control systems and solutions.
|
| Cybersecurity Risk Management Expertise of Management Responsible [Text Block] | Our CIO has more than 30 years of experience working in information technology including chief information officer roles in the financial services, banking, healthcare, and hospitality sectors. While in those roles, our CIO has led governance, risk, and compliance with technology programs and information security programs. Supporting the CIO is a dedicated cybersecurity team that designs and monitors cybersecurity control frameworks and data privacy procedures, as well as implements cybersecurity control systems and solutions. |
| Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block] |
Cybersecurity and data privacy risks related to our information technology resources are a key component of our Board's risk oversight. The Audit Committee assists the Board in evaluating our cybersecurity and data privacy risks and overseeing our efforts to mitigate these risks. Our Audit Committee is also responsible for reviewing and analyzing significant financial and operational risks and how management is managing and mitigating such risks through its internal controls and financial risk management processes and is regularly engaged in discussions with management regarding business risks, operational risks, transactional risks, cybersecurity, enterprise-level and financial risks. Our Chief Information Officer ("CIO") provides a formal update to our Audit Committee at least twice per year, reviewing cybersecurity risks, trends, plans for future actions and measurements against recognized external cybersecurity frameworks and benchmarks and our Vice President of Internal Audit/Compliance conducts an annual ERM survey, which includes cybersecurity risk, and provides the findings to the Board.
Our cybersecurity program is led and managed by our CIO and driven by an experienced technology leadership team. Our CIO has more than 30 years of experience working in information technology including chief information officer roles in the financial services, banking, healthcare, and hospitality sectors. While in those roles, our CIO has led governance, risk, and compliance with technology programs and information security programs. Supporting the CIO is a dedicated cybersecurity team that designs and monitors cybersecurity control frameworks and data privacy procedures, as well as implements cybersecurity control systems and solutions.
|
| Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag] | true |