Cybersecurity Risk Management and Strategy Disclosure |
12 Months Ended |
|---|---|
Dec. 31, 2024 | |
| Cybersecurity Risk Management, Strategy, and Governance [Line Items] | |
| Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block] |
We are committed to protecting our IT assets and the data stored within these assets. This commitment includes the protection of cyber assets relevant to our operations, stakeholder data (including employee, customer and supplier data), intellectual property and our products.
Cybersecurity Risk Management and Strategy
We have an Enterprise Cybersecurity Management Review Group (Enterprise Cybersecurity MRG), which functions as a steering committee to provide oversight and strategic direction for the enterprise cybersecurity program. The Enterprise Cybersecurity MRG is comprised of senior leaders with cross-functional experience and responsibilities. This MRG meets regularly with our Chief Information Security Officer to review the enterprise cybersecurity program and related risks. The MRG receives updates on the status of key cybersecurity initiatives and is responsible for our response to material cybersecurity incidents. For material cybersecurity incidents, our process is to escalate through the MRG to the Audit Committee and Board.
We have a Product Cybersecurity Management Review Group (Product Cybersecurity MRG), which functions as a steering committee to provide oversight and strategic direction for the product cybersecurity program. The Product Cybersecurity MRG is comprised of senior leaders with cross-functional experience and responsibilities. The Product Cybersecurity MRG meets regularly with the Principal Engineer – Product Cybersecurity to review the product cybersecurity program, including risks and the status of key initiatives.
Both the Enterprise and Product Cybersecurity functions administer policies related to cybersecurity in consultation with other stakeholders at the company. Our risk-based cybersecurity program is designed to protect, detect, and respond to cybersecurity threats and incidents. This program, developed alongside the National Institute of Standards and Technology Cybersecurity Framework, aims to protect the confidentiality, integrity, and availability of our IT assets and the data stored thereon. We also have a third-party risk management process, which is designed to assess and manage cybersecurity risks posed by third parties. This process is administered by the Enterprise Cybersecurity function, and through this program, the company evaluates the type of data that is shared with certain vendors with the goal of conducting risk-informed assessments. These assessments provide insights which the Enterprise Cybersecurity function uses to better manage third-party risks.
We engage outside experts where appropriate to aid in maturing, implementing and testing the cybersecurity program and to review our cybersecurity operations. This includes incident response testing through tabletop exercises facilitated by external consultants. We have implemented training and awareness programs to educate our employees on cybersecurity risks, which includes regular educational phishing campaigns, and our Internal Audit function performs regular assessments of the design and operational effectiveness of the program’s key processes and controls. We will continue to develop and mature our cybersecurity operations to respond to the dynamic cybersecurity landscape.
|
| Cybersecurity Risk Management Processes Integrated [Flag] | true |
| Cybersecurity Risk Management Processes Integrated [Text Block] | Our processes for oversight of cybersecurity risks are integrated into our Enterprise Risk Management (ERM) program, which is led by the Executive Director, Global Risk. |
| Cybersecurity Risk Management Third Party Engaged [Flag] | true |
| Cybersecurity Risk Third Party Oversight and Identification Processes [Flag] | true |
| Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag] | false |
| Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Text Block] |
To date, risks from cybersecurity threats, including as a result of any previous cybersecurity incidents, have not materially affected and are not reasonably likely to materially affect us, including our business strategy, results of operations or financial condition. Additional information on cybersecurity risks we face is discussed in Part I, Item 1A "Risk Factors" under the heading "General," which should be read in conjunction with the foregoing information.
|
| Cybersecurity Risk Board of Directors Oversight [Text Block] | Our Board and its committees are engaged in the oversight of our most significant enterprise risks, including cybersecurity risks. We assign a member of our executive management team to report material information to our Board regarding these risks. |
| Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block] | The Audit Committee, working with the Chief Information Officer, provides oversight of the enterprise cybersecurity program. The SET Committee, working with the Chief Technical Officer, provides oversight of the product cybersecurity program. |
| Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block] | These leaders provide regular updates to the Audit Committee of the Board on cybersecurity risks. Through these updates, the Audit Committee receives a cybersecurity dashboard illustrating cybersecurity priorities and the status of key initiatives.These leaders provide regular updates to the SET Committee of the Board on product related cybersecurity risks. Through these updates, the SET Committee receives a report discussing product level vulnerability management, product level incident management and the status of relevant product cybersecurity activities. Our Board, Audit Committee and SET Committee receive reports and information from our senior leaders who have functional responsibility for the mitigation of enterprise cybersecurity and product cybersecurity risks. These leaders meet with the committees on a regular basis and provide dashboards or reports, which summarize cybersecurity risks and action plans. The committees elevate matters to the Board as appropriate.
|
| Cybersecurity Risk Role of Management [Text Block] | To govern the ERM program, we established an Executive Risk Council that meets regularly to review and monitor our most significant enterprise risks, and our prevention, detection and mitigation plans, including with respect to cybersecurity. The Executive Risk Council is comprised of senior leaders with cross-functional experience and responsibilities. |
| Cybersecurity Risk Management Positions or Committees Responsible [Text Block] | The Enterprise Cybersecurity function, which is responsible for the administration of our enterprise cybersecurity program, The Product Cybersecurity function, which is responsible for the administration of our product cybersecurity program, |
| Cybersecurity Risk Management Expertise of Management Responsible [Text Block] | is led by the Chief Information Security Officer, who holds a degree in Management Information Systems (MIS) and a Certified Information Security Manager (CISM) designation, and has more than 20 years of IT, cybersecurity, audit and risk management experience in the industrial manufacturing industry. The Chief Information Security Officer reports to our Chief Information Officer.is led by the Principal Engineer – Product Cybersecurity, who has more than 35 years of embedded electronic systems design experience. The Principal Engineer – Product Cybersecurity works directly with the Chief Technical Officer. |
| Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block] |
A cybersecurity operations team is in place to regularly monitor the environment for cybersecurity threats and incidents. We have incident response plans to assess and manage cybersecurity incidents. These plans include escalation procedures based on the nature and severity of the incident. The most critical incidents, which could be material to us, are escalated to executive management and the Enterprise Cybersecurity MRG. In addition, cyber insurance is in place, which may mitigate the impact of cybersecurity incidents.
|
| Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag] | true |