Cybersecurity Risk Management and Strategy Disclosure |
12 Months Ended |
|---|---|
Dec. 31, 2025 | |
| Cybersecurity Risk Management, Strategy, and Governance [Line Items] | |
| Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block] |
We and our third-party vendors employ information technology, including networks, systems, and applications, to support our business processes and decision-making in our business. Our information technology infrastructure supports the flow of information throughout our business processes and is susceptible to cybersecurity threats. Accordingly, we have implemented and maintain various information security processes designed to identify, assess, and manage material risks from cybersecurity threats to our critical computer networks, third party hosted services, communications systems, hardware and software, and our critical data, including intellectual property, confidential information that is proprietary, strategic or competitive in nature, and data related to our customers and employees (“Information Systems and Data”). We maintain a risk-based cybersecurity program that is designed to align with industry-recognized frameworks and standards, including elements of the National Institute of Standards and Technology (“NIST”) Cybersecurity Framework. Our cybersecurity program includes policies and procedures designed to assess, identify, and manage material risks from cybersecurity threats, including controls relating to access management, network security, encryption, vulnerability management, incident detection and response, business continuity, and disaster recovery.
We have a cybersecurity leadership team comprised of our Chief Information Security Officer ("CISO"), our Global Head of Infrastructure, and other senior leaders on our Information Technology group (“Cybersecurity Leadership Team”). Our Cybersecurity Leadership Team works with third-party service providers to help identify, assess, and manage our cybersecurity threats and risks, including through the use of our cybersecurity risk assessment program. Our Cybersecurity Leadership Team identifies and assesses risks from cybersecurity threats by monitoring and evaluating our threat environment and our risk profile using various methods, including automated and manual tools, third-party threat feeds, internal audits, access control assessments, and evaluating threats reported to us by various third-party enterprise threat reporting services. The members of our Cybersecurity Leadership Team, including our CISO, have experience in information
security, infrastructure management, and cybersecurity risk management, including experience developing and implementing security programs, managing incident response, and overseeing data protection initiatives.
We maintain a formal cybersecurity incident response plan that sets forth procedures for identifying, escalating, investigating, containing, mitigating, and remediating cybersecurity incidents. The incident response process includes defined escalation protocols to senior management, including our Chief Financial Officer and General Counsel, as appropriate, to assess the potential materiality of an incident and determine disclosure obligations under applicable securities laws. Where appropriate, incidents are escalated to the Audit Committee of the Board of Directors.
Depending on the environment, we implement and maintain various technical, physical, and organizational measures, processes, standards, and policies designed to manage and mitigate material risks from cybersecurity threats to our Information Systems and Data. We also maintain business continuity and disaster recovery plans designed to support the resiliency of our critical Information Systems and Data, including backup and recovery procedures and periodic testing of recovery capabilities.
Our assessment and management of material risks from cybersecurity threats are integrated into our overall risk management processes. For example, cybersecurity risks are considered a part of our overall business strategy, financial planning, and capital allocation.
We engage third-party service providers to assist in identifying, assessing, monitoring, and managing cybersecurity risks, including through security assessments, penetration testing, managed detection and response services, and external threat intelligence. In addition, we maintain processes designed to evaluate and monitor cybersecurity risks associated with third-party service providers, including through due diligence reviews, contractual security requirements, and ongoing performance monitoring, as appropriate. Our Cybersecurity Leadership Team inventories and prioritizes information security risks and evaluates material risks from cybersecurity threats, and reports those periodically to the Audit Committee of our Board of Directors, which evaluates our overall enterprise risk.
|
| Cybersecurity Risk Management Processes Integrated [Flag] | true |
| Cybersecurity Risk Management Processes Integrated [Text Block] |
Our assessment and management of material risks from cybersecurity threats are integrated into our overall risk management processes. For example, cybersecurity risks are considered a part of our overall business strategy, financial planning, and capital allocation.
|
| Cybersecurity Risk Management Third Party Engaged [Flag] | true |
| Cybersecurity Risk Third Party Oversight and Identification Processes [Flag] | true |
| Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag] | false |
| Cybersecurity Risk Board of Directors Oversight [Text Block] |
Our Board of Directors has ultimate oversight responsibility over cybersecurity-related matters and has assigned oversight of cybersecurity risk management to the Audit Committee. The Audit Committee assists the Board in fulfilling its oversight responsibilities with respect to cybersecurity risk management and receives periodic reports, at least annually and more frequently as warranted, from senior management and the Cybersecurity Leadership Team regarding cybersecurity risk posture, significant threats, incident response readiness, and key risk mitigation initiatives. These reports are intended to highlight the state of our cybersecurity and data security programs, as well as our progress on key initiatives in this area. In addition, the Board receives reports addressing cybersecurity as part of our overall enterprise risk management program and to the extent cybersecurity matters are addressed in regular business updates. As appropriate, the Board also may receive information regarding specific cybersecurity incidents and resulting mitigation efforts.
|
| Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block] |
Our Board of Directors has ultimate oversight responsibility over cybersecurity-related matters and has assigned oversight of cybersecurity risk management to the Audit Committee. The Audit Committee assists the Board in fulfilling its oversight responsibilities with respect to cybersecurity risk management and receives periodic reports, at least annually and more frequently as warranted, from senior management and the Cybersecurity Leadership Team regarding cybersecurity risk posture, significant threats, incident response readiness, and key risk mitigation initiatives. These reports are intended to highlight the state of our cybersecurity and data security programs, as well as our progress on key initiatives in this area. In addition, the Board receives reports addressing cybersecurity as part of our overall enterprise risk management program and to the extent cybersecurity matters are addressed in regular business updates. As appropriate, the Board also may receive information regarding specific cybersecurity incidents and resulting mitigation efforts.
|
| Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block] | The Audit Committee assists the Board in fulfilling its oversight responsibilities with respect to cybersecurity risk management and receives periodic reports, at least annually and more frequently as warranted, from senior management and the Cybersecurity Leadership Team regarding cybersecurity risk posture, significant threats, incident response readiness, and key risk mitigation initiatives. These reports are intended to highlight the state of our cybersecurity and data security programs, as well as our progress on key initiatives in this area. In addition, the Board receives reports addressing cybersecurity as part of our overall enterprise risk management program and to the extent cybersecurity matters are addressed in regular business updates. As appropriate, the Board also may receive information regarding specific cybersecurity incidents and resulting mitigation efforts. |
| Cybersecurity Risk Role of Management [Text Block] |
We have a cybersecurity leadership team comprised of our Chief Information Security Officer ("CISO"), our Global Head of Infrastructure, and other senior leaders on our Information Technology group (“Cybersecurity Leadership Team”). Our Cybersecurity Leadership Team works with third-party service providers to help identify, assess, and manage our cybersecurity threats and risks, including through the use of our cybersecurity risk assessment program. Our Cybersecurity Leadership Team identifies and assesses risks from cybersecurity threats by monitoring and evaluating our threat environment and our risk profile using various methods, including automated and manual tools, third-party threat feeds, internal audits, access control assessments, and evaluating threats reported to us by various third-party enterprise threat reporting services. The members of our Cybersecurity Leadership Team, including our CISO, have experience in information
security, infrastructure management, and cybersecurity risk management, including experience developing and implementing security programs, managing incident response, and overseeing data protection initiatives.
We maintain a formal cybersecurity incident response plan that sets forth procedures for identifying, escalating, investigating, containing, mitigating, and remediating cybersecurity incidents. The incident response process includes defined escalation protocols to senior management, including our Chief Financial Officer and General Counsel, as appropriate, to assess the potential materiality of an incident and determine disclosure obligations under applicable securities laws. Where appropriate, incidents are escalated to the Audit Committee of the Board of Directors.
|
| Cybersecurity Risk Management Positions or Committees Responsible [Flag] | true |
| Cybersecurity Risk Management Positions or Committees Responsible [Text Block] |
We have a cybersecurity leadership team comprised of our Chief Information Security Officer ("CISO"), our Global Head of Infrastructure, and other senior leaders on our Information Technology group (“Cybersecurity Leadership Team”). Our Cybersecurity Leadership Team works with third-party service providers to help identify, assess, and manage our cybersecurity threats and risks, including through the use of our cybersecurity risk assessment program. Our Cybersecurity Leadership Team identifies and assesses risks from cybersecurity threats by monitoring and evaluating our threat environment and our risk profile using various methods, including automated and manual tools, third-party threat feeds, internal audits, access control assessments, and evaluating threats reported to us by various third-party enterprise threat reporting services. The members of our Cybersecurity Leadership Team, including our CISO, have experience in information
security, infrastructure management, and cybersecurity risk management, including experience developing and implementing security programs, managing incident response, and overseeing data protection initiatives.
We maintain a formal cybersecurity incident response plan that sets forth procedures for identifying, escalating, investigating, containing, mitigating, and remediating cybersecurity incidents. The incident response process includes defined escalation protocols to senior management, including our Chief Financial Officer and General Counsel, as appropriate, to assess the potential materiality of an incident and determine disclosure obligations under applicable securities laws. Where appropriate, incidents are escalated to the Audit Committee of the Board of Directors.
|
| Cybersecurity Risk Management Expertise of Management Responsible [Text Block] | The members of our Cybersecurity Leadership Team, including our CISO, have experience in information security, infrastructure management, and cybersecurity risk management, including experience developing and implementing security programs, managing incident response, and overseeing data protection initiatives. |
| Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block] | Our Cybersecurity Leadership Team inventories and prioritizes information security risks and evaluates material risks from cybersecurity threats, and reports those periodically to the Audit Committee of our Board of Directors, which evaluates our overall enterprise risk. |
| Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag] | true |