Annual report [Section 13 and 15(d), not S-K Item 405]

Cybersecurity Risk Management and Strategy Disclosure

v3.25.1
Cybersecurity Risk Management and Strategy Disclosure
12 Months Ended
Dec. 31, 2024
Cybersecurity Risk Management, Strategy, and Governance [Line Items]  
Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]
Our business is dependent upon our information technology (“IT”) systems, devices and networks to collect, process and store the data necessary to conduct our business and record and report our business and financial information. We recognize the importance of developing, implementing, and maintaining effective cybersecurity measures to safeguard our IT systems and protect the confidentiality, integrity, and availability of our confidential and personal data, including with respect to our customers, suppliers, and employees, as well as our intellectual property.
We maintain a cybersecurity risk management program to identify, assess, manage, mitigate, and respond to cybersecurity threats. Our cybersecurity risk management program incorporates various mechanisms to detect and monitor unusual network activity, as well as containment and incident response tools. We monitor issues that are internally discovered or externally reported that may affect our business and have processes to assess those issues for potential cybersecurity impact or risk.
We have integrated our cybersecurity risk management program into our broader enterprise risk management program. This integration is designed to make cybersecurity considerations an integral part of our decision-making processes at every level and we believe that this integration allows cybersecurity risks to be evaluated and addressed in alignment with our business objectives and operational needs. While we work to maintain our information security program and risk management efforts, there can be no assurance that such actions will be sufficient to prevent cybersecurity incidents or mitigate all potential risks to our systems, networks, and data or those of our third-party providers.
We rely on suppliers that are also exposed to ransomware and other malicious attacks that can disrupt business operations. Although we take steps to secure confidential information that is provided to or accessible by third parties, such measures may not always be effective and losses or unauthorized access to, or releases of, confidential information occur. Such incidents and other malicious attacks could materially adversely affect our business, reputation, results of operations and financial condition.
We have experienced malicious attacks and other attempts to gain unauthorized access to our systems, including a ransomware attack on our computer network which occurred on April 28, 2023. Following remediation, our network returned to full operation on May 1, 2023.
We have engaged a third-party consultant in connection with our risk management and assessment processes. Our consultant assists us in the design and implementation of our cybersecurity policies and procedures, as well as the monitoring and testing of our safeguards. In the event of a cybersecurity incident, our incident response plan outlines the steps to be followed from incident detection to mitigation, recovery and notification, and involves notifying senior management, our legal department, and the board of directors and/or our audit committee, if appropriate, and mitigation and remediation steps by our third-party consultant.
Cybersecurity Risk Management Processes Integrated [Flag] true
Cybersecurity Risk Management Processes Integrated [Text Block]
Our cybersecurity risk management and strategy processes are jointly led by our embedded software engineer and Chief Executive Officer, in conjunction with a third-party consultant we have engaged to assist with cybersecurity risks assessment and monitoring. Our embedded software engineer is informed about and monitors the prevention, mitigation, detection, and remediation of cybersecurity incidents through their management of the cybersecurity risk management and strategy processes described above, including our incident response plan. Together with the General Counsel, Chief Executive Officer and outside consultant that comprise our cybersecurity management team, we collectively possess significant experience in evaluating, managing, and mitigating security and other risks, including cybersecurity risks.
Cybersecurity Risk Management Third Party Engaged [Flag] true
Cybersecurity Risk Third Party Oversight and Identification Processes [Flag] true
Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag] false
Cybersecurity Risk Board of Directors Oversight [Text Block] Our board of directors has overall responsibility for informed oversight of our risk management process, including risks from cybersecurity threats.
Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block] Our board of directors has delegated to our audit committee its cybersecurity risk oversight processes, including oversight and mitigation of risks from cybersecurity threats.
Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block] Our audit committee receives periodic reports from management regarding our cybersecurity risks and is notified of any significant cybersecurity threat or incident.
Cybersecurity Risk Role of Management [Text Block] Our executive officers are responsible for the day-to-day management of the material risks we face. Our board of directors has delegated to our audit committee its cybersecurity risk oversight processes, including oversight and mitigation of risks from cybersecurity threats.
Our audit committee receives periodic reports from management regarding our cybersecurity risks and is notified of any significant cybersecurity threat or incident. The audit committee reports to the board of directors regarding its activities, including with respect to cybersecurity matters and the occurrence of any material cybersecurity incident, if appropriate.
We have engaged a third-party consultant to manage risks associated with network protection and workstation management. Our consultant performs an annual assessment of our cybersecurity risk policies and procedures.
Our cybersecurity risk management and strategy processes are jointly led by our embedded software engineer and Chief Executive Officer, in conjunction with a third-party consultant we have engaged to assist with cybersecurity risks assessment and monitoring. Our embedded software engineer is informed about and monitors the prevention, mitigation, detection, and remediation of cybersecurity incidents through their management of the cybersecurity risk management and strategy processes described above, including our incident response plan. Together with the General Counsel, Chief Executive Officer and outside consultant that comprise our cybersecurity management team, we collectively possess significant experience in evaluating, managing, and mitigating security and other risks, including cybersecurity risks.
Cybersecurity Risk Management Positions or Committees Responsible [Flag] true
Cybersecurity Risk Management Positions or Committees Responsible [Text Block] Our cybersecurity risk management and strategy processes are jointly led by our embedded software engineer and Chief Executive Officer, in conjunction with a third-party consultant we have engaged to assist with cybersecurity risks assessment and monitoring.
Cybersecurity Risk Management Expertise of Management Responsible [Text Block] Together with the General Counsel, Chief Executive Officer and outside consultant that comprise our cybersecurity management team, we collectively possess significant experience in evaluating, managing, and mitigating security and other risks, including cybersecurity risks.
Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block] Our embedded software engineer is informed about and monitors the prevention, mitigation, detection, and remediation of cybersecurity incidents through their management of the cybersecurity risk management and strategy processes described above, including our incident response plan. Together with the General Counsel, Chief Executive Officer and outside consultant that comprise our cybersecurity management team, we collectively possess significant experience in evaluating, managing, and mitigating security and other risks, including cybersecurity risks.
Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag] true