Cybersecurity Risk Management and Strategy Disclosure |
12 Months Ended |
|---|---|
Dec. 31, 2024 | |
| Cybersecurity Risk Management, Strategy, and Governance [Line Items] | |
| Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block] |
We have established policies and processes for assessing, identifying, and managing material risk from cybersecurity threats, and have integrated these processes into our overall risk management systems and processes. We routinely assess material risks from cybersecurity threats, including any potential unauthorized occurrence on or conducted through our information systems that may result in adverse effects on the confidentiality, integrity, or availability of our information systems or any information residing therein.
We conduct quarterly risk assessments to identify cybersecurity threats. These risk assessments include identifying reasonably foreseeable potential internal and external risks, the likelihood of occurrence and any potential damage that could result from such risks, and the sufficiency of existing policies, procedures, systems, controls, and other safeguards in place to manage such risks. As part of our risk management process, we may engage third party experts to help identify and assess risks from cybersecurity threats. Our risk management process also encompasses cybersecurity risks associated with our use of third-party service providers. This process involves evaluating their infrastructure security policies and controls to ensure high levels of code quality. Following these risk assessments, we design, implement, and maintain reasonable safeguards to minimize the identified risks; reasonably address any identified gaps in existing safeguards; update existing safeguards as necessary; and monitor the effectiveness of our safeguards. We follow the Critical Security Controls, or CIS, guidance to defend our systems and networks against the most prevalent cyber-attacks. We have allocated adequate resources and have designated executives and IT management personnel to manage the cybersecurity risk assessment and mitigation process. We track quarterly Risk Register scores, which are derived from assessments of impact and likelihood, and monitor adoption rates of CIS controls to gauge our progress. These metrics are systematically tracked and reported to the board on a quarterly basis. As part of our overall risk management program, we regularly provide required training to employees at all levels and in all departments on cybersecurity.
Our Cyber Security Operations Control center integrates feeds from all key areas of our infrastructure (email, network, endpoint, identity, firewall) into a centralized security information event management, or SIEM, system. This system is integrated with our Incident Response Plan, or IRP, which provides a process for responding to different types of cybersecurity incidents and designates responsibilities and actions to be taken in responding to such incidents. The IRP aims to eradicate problems as quickly as possible, while gathering actionable intelligence, restoring business functions, improving detection, and preventing reoccurrence. It includes guidelines for determining incident type, severity, roles and responsibilities, and escalation points.
Furthermore, we perform regular third-party security penetration testing and cyber tabletop exercises with key stakeholders to simulate responding to a hypothetical cybersecurity incident.
We contract with third-party security monitoring services, performing active, automated searches of indexed darknet databases. Additionally, we perform quarterly vulnerability scans against our network infrastructure and systems exposed to the Internet.
The Company also participates in a cybersecurity risk insurance policy.
For additional information regarding whether any risks from cybersecurity threats, including as a result of any previous cybersecurity incidents, have materially affected or are reasonably likely to materially affect our company, including our business strategy, results of operations, or financial condition, please refer to Item 1A, “Risk Factors,” in this annual report on Form 10-K , including the risk factors entitled “We have been and may in the future be subject to information technology failures, including security breaches, cyber-attacks, design defects or system failures, that could disrupt our operations, damage our reputation and adversely affect our business, operations, and financial results,” “We are subject to governmental laws, regulations and other legal obligations related to privacy, data protection, and cybersecurity,” and “We face risks related to security vulnerabilities in our products.”
|
| Cybersecurity Risk Management Processes Integrated [Flag] | true |
| Cybersecurity Risk Management Processes Integrated [Text Block] |
We have established policies and processes for assessing, identifying, and managing material risk from cybersecurity threats, and have integrated these processes into our overall risk management systems and processes. We routinely assess material risks from cybersecurity threats, including any potential unauthorized occurrence on or conducted through our information systems that may result in adverse effects on the confidentiality, integrity, or availability of our information systems or any information residing therein.
|
| Cybersecurity Risk Management Third Party Engaged [Flag] | true |
| Cybersecurity Risk Third Party Oversight and Identification Processes [Flag] | true |
| Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag] | false |
| Cybersecurity Risk Board of Directors Oversight [Text Block] | One of the key functions of our Board of Directors is informed oversight of our risk management process, including risks from cybersecurity threats. Our Board of Directors is responsible for monitoring and assessing strategic risk exposure, and our executive officers are responsible for the day-to-day management of the material risks we face. Members of the Cybersecurity Committee are appointed by, and serve at the discretion of, the Board. The Cybersecurity Committee consists of at least three members of the Board, all of whom are independent. Each member has a working familiarity and/or experience with cybersecurity, IT strategy, IT development and deployment, or IT risk assessment and management, including information security management. |
| Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block] | Members of the Cybersecurity Committee are appointed by, and serve at the discretion of, the Board. The Cybersecurity Committee consists of at least three members of the Board, all of whom are independent. Each member has a working familiarity and/or experience with cybersecurity, IT strategy, IT development and deployment, or IT risk assessment and management, including information security management. |
| Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block] | Our executives and IT management and representatives from the Cybersecurity Committee provide quarterly briefings to the Audit Committee of the Board regarding our company’s cybersecurity risks and activities, including but not limited to any recent cybersecurity incidents and related responses, and any cybersecurity systems testing. |
| Cybersecurity Risk Role of Management [Text Block] |
Our executives and IT management and the Cybersecurity Committee are primarily responsible to assess and manage material risks from cybersecurity threats. Our executives and IT management and the Cybersecurity Committee oversee key cybersecurity policies and processes, including those described in “Risk Management and Strategy” above. Our executives and IT management and the Cybersecurity Committee are informed about policies and processes to monitor the prevention, detection, mitigation, and remediation of cybersecurity incidents. Our cybersecurity risk management is overseen by a senior IT executive with ten years of cybersecurity experience, which includes both Fortune 500 and large semiconductor companies, and thirty-five years of experience in various technology domains, such as IT Infrastructure, Cloud, Cybersecurity, and Application Development.
Our executives and IT management and representatives from the Cybersecurity Committee provide quarterly briefings to the Audit Committee of the Board regarding our company’s cybersecurity risks and activities, including but not limited to any recent cybersecurity incidents and related responses, and any cybersecurity systems testing. The Audit Committee provides regular updates to the Board on relevant information regarding cybersecurity. In addition, our executives and IT management and representatives from the Cybersecurity Committee provide annual briefings to the Board on cybersecurity risks, related mitigation, and other related responses and activities.
|
| Cybersecurity Risk Management Positions or Committees Responsible [Flag] | true |
| Cybersecurity Risk Management Positions or Committees Responsible [Text Block] |
One of the key functions of our Board of Directors is informed oversight of our risk management process, including risks from cybersecurity threats. Our Board of Directors is responsible for monitoring and assessing strategic risk exposure, and our executive officers are responsible for the day-to-day management of the material risks we face. Members of the Cybersecurity Committee are appointed by, and serve at the discretion of, the Board. The Cybersecurity Committee consists of at least three members of the Board, all of whom are independent. Each member has a working familiarity and/or experience with cybersecurity, IT strategy, IT development and deployment, or IT risk assessment and management, including information security management.
Our executives and IT management and the Cybersecurity Committee are primarily responsible to assess and manage material risks from cybersecurity threats. Our executives and IT management and the Cybersecurity Committee oversee key cybersecurity policies and processes, including those described in “Risk Management and Strategy” above. Our executives and IT management and the Cybersecurity Committee are informed about policies and processes to monitor the prevention, detection, mitigation, and remediation of cybersecurity incidents. Our cybersecurity risk management is overseen by a senior IT executive with ten years of cybersecurity experience, which includes both Fortune 500 and large semiconductor companies, and thirty-five years of experience in various technology domains, such as IT Infrastructure, Cloud, Cybersecurity, and Application Development.
Our executives and IT management and representatives from the Cybersecurity Committee provide quarterly briefings to the Audit Committee of the Board regarding our company’s cybersecurity risks and activities, including but not limited to any recent cybersecurity incidents and related responses, and any cybersecurity systems testing. The Audit Committee provides regular updates to the Board on relevant information regarding cybersecurity. In addition, our executives and IT management and representatives from the Cybersecurity Committee provide annual briefings to the Board on cybersecurity risks, related mitigation, and other related responses and activities.
|
| Cybersecurity Risk Management Expertise of Management Responsible [Text Block] | Our cybersecurity risk management is overseen by a senior IT executive with ten years of cybersecurity experience, which includes both Fortune 500 and large semiconductor companies, and thirty-five years of experience in various technology domains, such as IT Infrastructure, Cloud, Cybersecurity, and Application Development. |
| Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block] | Our executives and IT management and the Cybersecurity Committee are primarily responsible to assess and manage material risks from cybersecurity threats. Our executives and IT management and the Cybersecurity Committee oversee key cybersecurity policies and processes, including those described in “Risk Management and Strategy” above. Our executives and IT management and the Cybersecurity Committee are informed about policies and processes to monitor the prevention, detection, mitigation, and remediation of cybersecurity incidents. |
| Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag] | true |