Cybersecurity Risk Management and Strategy Disclosure |
12 Months Ended |
|---|---|
Dec. 31, 2024 | |
| Cybersecurity Risk Management, Strategy, and Governance [Line Items] | |
| Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block] |
Risk Management & Strategy
We have established a risk-based process for assessing, identifying and managing material cybersecurity threats. Our security program utilizes various tools, including physical, administrative and technical safeguards designed to help prevent and respond to cybersecurity threats and incidents. As risks are identified, we implement a variety of measures to manage and mitigate these risks such as firewalls, intrusion detection processes/systems, and vulnerability management. We have a Cyber Defense Center that utilizes incident response plans and various tools such as Splunk and Crowdstrike to respond and recover from cyber incidents. We also have an outside firm on retainer should the need arise to obtain additional assistance.
In addition, we have established an Information Security Awareness Program focused of several areas:
•Formal training on topics such as phishing each month;
•During Cyber Security Awareness month we provide additional training on topics like IT Policy, access management, and effective password management;
•Company-wide informal training through lunch & learn sessions and department meetings;
•Tabletop exercises with key personnel during which we simulate cybersecurity threats to test our capabilities and continually improve our response protocols.
We are actively engaged with the Aviation Information Sharing and Analysis Center (ISAC) which gathers, analyzes and shares information to combat cyber-related threats and weaknesses. We use this information to ensure we are aware of possible threats that could occur within our industry. During the last three fiscal years, our business strategy, results of operations and financial condition have not been materially affected by risks from cybersecurity threats. For more information on our cybersecurity related risks, see Item 1A “Risk Factors” in this Annual Report.
|
| Cybersecurity Risk Management Processes Integrated [Flag] | true |
| Cybersecurity Risk Management Processes Integrated [Text Block] |
We have established a risk-based process for assessing, identifying and managing material cybersecurity threats. Our security program utilizes various tools, including physical, administrative and technical safeguards designed to help prevent and respond to cybersecurity threats and incidents. As risks are identified, we implement a variety of measures to manage and mitigate these risks such as firewalls, intrusion detection processes/systems, and vulnerability management. We have a Cyber Defense Center that utilizes incident response plans and various tools such as Splunk and Crowdstrike to respond and recover from cyber incidents. We also have an outside firm on retainer should the need arise to obtain additional assistance.
In addition, we have established an Information Security Awareness Program focused of several areas:
•Formal training on topics such as phishing each month;
•During Cyber Security Awareness month we provide additional training on topics like IT Policy, access management, and effective password management;
•Company-wide informal training through lunch & learn sessions and department meetings;
•Tabletop exercises with key personnel during which we simulate cybersecurity threats to test our capabilities and continually improve our response protocols.
|
| Cybersecurity Risk Management Third Party Engaged [Flag] | true |
| Cybersecurity Risk Third Party Oversight and Identification Processes [Flag] | true |
| Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag] | false |
| Cybersecurity Risk Board of Directors Oversight [Text Block] | The Audit Committee of our Board of Directors is primarily responsible for oversight of the Company’s risk assessment and risk management, including cybersecurity risks. |
| Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block] | The Audit Committee of our Board of Directors is primarily responsible for oversight of the Company’s risk assessment and risk management, including cybersecurity risks. |
| Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block] | The committee meets at least annually with our Head of Information Technology, who provides a report on the Company’s current risk assessment as well as mitigation efforts. The Audit Committee also periodically updates the Board of Directors on risk matters. |
| Cybersecurity Risk Role of Management [Text Block] | . The committee meets at least annually with our Head of Information Technology, who provides a report on the Company’s current risk assessment as well as mitigation efforts. The Audit Committee also periodically updates the Board of Directors on risk matters. Keith Moss, our Head of Information Technology, oversees our cybersecurity and information security program. He has over 30 years of experience in various CISO and information technology roles, and was previously the IT Director at Ford Motor Company North America. He holds a Master of Science in Computer Engineering and a Bachelor of Science in Computer Science from the University of Michigan and an MBA from Bowling Green State University.
|
| Cybersecurity Risk Management Positions or Committees Responsible [Flag] | true |
| Cybersecurity Risk Management Positions or Committees Responsible [Text Block] |
Keith Moss, our Head of Information Technology, oversees our cybersecurity and information security program. He has over 30 years of experience in various CISO and information technology roles, and was previously the IT Director at Ford Motor Company North America. He holds a Master of Science in Computer Engineering and a Bachelor of Science in Computer Science from the University of Michigan and an MBA from Bowling Green State University.
|
| Cybersecurity Risk Management Expertise of Management Responsible [Text Block] | He has over 30 years of experience in various CISO and information technology roles, and was previously the IT Director at Ford Motor Company North America. He holds a Master of Science in Computer Engineering and a Bachelor of Science in Computer Science from the University of Michigan and an MBA from Bowling Green State University. |
| Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block] | The Audit Committee of our Board of Directors is primarily responsible for oversight of the Company’s risk assessment and risk management, including cybersecurity risks. The committee meets at least annually with our Head of Information Technology, who provides a report on the Company’s current risk assessment as well as mitigation efforts. The Audit Committee also periodically updates the Board of Directors on risk matters. |
| Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag] | true |