Cybersecurity Risk Management, Strategy, and Governance |
12 Months Ended |
|---|---|
Dec. 31, 2024 | |
| Cybersecurity Risk Management, Strategy, and Governance [Line Items] | |
| Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block] |
Item 1C. Cybersecurity CYBERSECURITY RISK MANAGEMENT AND STRATEGY We recognize the critical importance of maintaining the safety and security of our systems and data and have a holistic process for overseeing and managing cybersecurity and related risks. This process is supported by both management and our Board of Directors. We have developed and implemented a Cybersecurity Risk Management Program intended to protect the confidentiality, integrity, and availability of our critical systems and information. Our cybersecurity risk management program includes a cybersecurity incident response plan. We leverage industry standard frameworks such as the National Institute of Standards and Technology Cybersecurity Framework (“NIST CSF”) and Center for Internet Security (“CIS”) framework to inform how we identify, assess and manage cybersecurity risks relevant to our business. Our Cybersecurity Risk Management Program includes:
•
risk assessments designed to help identify material cybersecurity risks to our critical systems, information, products, services, and our broader enterprise IT environment;
•
a security team principally responsible for managing (1) our cybersecurity risk assessment processes, (2) our security controls, and (3) our response to cybersecurity incidents;
•
cybersecurity awareness training of our employees, and incident response personnel;
•
a cybersecurity incident response plan that includes procedures for responding to cybersecurity incidents;
•
a third-party risk management process for service providers, suppliers, and vendors; and
•
engagement of third parties for our 24/7 monitoring, detection, and response; regular penetration testing, program controls assessment, and proactive incident preparedness activities.
We have not identified risks from known cybersecurity threats, including as a result of any prior cybersecurity incidents, that have materially affected or are reasonably likely to materially affect us, including our operations, business strategy, results of operations, or financial condition. Cybersecurity Governance Our Board of Directors is responsible for overseeing our enterprise risk management activities in general, and each of our Board committees assists the Board in the role of risk oversight. Our Senior Vice President (“SVP”) of Information Technology and the Vice President ("VP") of Information Security have overall responsibility for assessing and managing our material risks from cybersecurity threats. To help ensure effective oversight, the Audit Committee receives reports on information security and cybersecurity at least annually, and receives an update quarterly on information security and cybersecurity from materials provided by the VP of Information Security. The VP of Information Security oversees the Information Security Steering Committee (“Steering Committee”), which provides education on the Company’s cybersecurity programs and controls to key members of the Company. The Steering Committee meets quarterly and is comprised of members from the Executive Leadership Team, including the Chief Financial Officer and Executive Vice President of Business Affairs, as well as the SVP of Information Technology, VP of Information Security, VP of Corporate Communications, SVP of Digital Innovation, and Head of Global Human Resources. Cybersecurity risk management is led by our VP of Information Security and our SVP of Information Technology, who reports to our Chief Operating Officer, who are generally responsible for management of cybersecurity risk and the protection and defense of our networks, systems and data. The VP of Information Security manages a team of cybersecurity professionals with broad experience, including in cybersecurity threat assessments and detection, mitigation technologies, cybersecurity training, incident response, cyber forensics, digital security and regulatory compliance. Our VP of Information Security has over 15 years of experience in technology and information security, serves on the board of directors of the Retail & Hospitality Information Sharing and Analysis Center ("RH-ISAC") and holds several cybersecurity and risk management certifications. Our SVP of Information Technology has over 30 years of information technology management and cybersecurity experience and has held leadership roles overseeing all aspects of information technology operations for multiple Fortune 500 and Fortune 50 global companies, particularly in the retail and media & entertainment sectors. We continue to invest in cybersecurity and resiliency of our networks and adapt our internal controls and processes, which are designed to help protect our systems and infrastructure, and the information they contain. For more information regarding the risks we face from cybersecurity threats, please see Item 1A "Risk Factors." |
| Cybersecurity Risk Management Third Party Engaged [Flag] | true |
| Cybersecurity Risk Third Party Oversight and Identification Processes [Flag] | true |
| Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag] | false |
| Cybersecurity Risk Board of Directors Oversight [Text Block] |
Our Board of Directors is responsible for overseeing our enterprise risk management activities in general, and each of our Board committees assists the Board in the role of risk oversight. Our Senior Vice President (“SVP”) of Information Technology and the Vice President ("VP") of Information Security have overall responsibility for assessing and managing our material risks from cybersecurity threats. To help ensure effective oversight, the Audit Committee receives reports on information security and cybersecurity at least annually, and receives an update quarterly on information security and cybersecurity from materials provided by the VP of Information Security. |
| Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block] |
The VP of Information Security oversees the Information Security Steering Committee (“Steering Committee”), which provides education on the Company’s cybersecurity programs and controls to key members of the Company. The Steering Committee meets quarterly and is comprised of members from the Executive Leadership Team, including the Chief Financial Officer and Executive Vice President of Business Affairs, as well as the SVP of Information Technology, VP of Information Security, VP of Corporate Communications, SVP of Digital Innovation, and Head of Global Human Resources. |
| Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block] | To help ensure effective oversight, the Audit Committee receives reports on information security and cybersecurity at least annually, and receives an update quarterly on information security and cybersecurity from materials provided by the VP of Information Security. |
| Cybersecurity Risk Role of Management [Text Block] |
The VP of Information Security oversees the Information Security Steering Committee (“Steering Committee”), which provides education on the Company’s cybersecurity programs and controls to key members of the Company. The Steering Committee meets quarterly and is comprised of members from the Executive Leadership Team, including the Chief Financial Officer and Executive Vice President of Business Affairs, as well as the SVP of Information Technology, VP of Information Security, VP of Corporate Communications, SVP of Digital Innovation, and Head of Global Human Resources. Cybersecurity risk management is led by our VP of Information Security and our SVP of Information Technology, who reports to our Chief Operating Officer, who are generally responsible for management of cybersecurity risk and the protection and defense of our networks, systems and data. The VP of Information Security manages a team of cybersecurity professionals with broad experience, including in cybersecurity threat assessments and detection, mitigation technologies, cybersecurity training, incident response, cyber forensics, digital security and regulatory compliance. Our VP of Information Security has over 15 years of experience in technology and information security, serves on the board of directors of the Retail & Hospitality Information Sharing and Analysis Center ("RH-ISAC") and holds several cybersecurity and risk management certifications. Our SVP of Information Technology has over 30 years of information technology management and cybersecurity experience and has held leadership roles overseeing all aspects of information technology operations for multiple Fortune 500 and Fortune 50 global companies, particularly in the retail and media & entertainment sectors. |
| Cybersecurity Risk Management Positions or Committees Responsible [Flag] | true |
| Cybersecurity Risk Management Positions or Committees Responsible [Text Block] | The Steering Committee meets quarterly and is comprised of members from the Executive Leadership Team, including the Chief Financial Officer and Executive Vice President of Business Affairs, as well as the SVP of Information Technology, VP of Information Security, VP of Corporate Communications, SVP of Digital Innovation, and Head of Global Human Resources.Cybersecurity risk management is led by our VP of Information Security and our SVP of Information Technology, who reports to our Chief Operating Officer, who are generally responsible for management of cybersecurity risk and the protection and defense of our networks, systems and data. |
| Cybersecurity Risk Management Expertise of Management Responsible [Text Block] |
The VP of Information Security manages a team of cybersecurity professionals with broad experience, including in cybersecurity threat assessments and detection, mitigation technologies, cybersecurity training, incident response, cyber forensics, digital security and regulatory compliance. Our VP of Information Security has over 15 years of experience in technology and information security, serves on the board of directors of the Retail & Hospitality Information Sharing and Analysis Center ("RH-ISAC") and holds several cybersecurity and risk management certifications. Our SVP of Information Technology has over 30 years of information technology management and cybersecurity experience and has held leadership roles overseeing all aspects of information technology operations for multiple Fortune 500 and Fortune 50 global companies, particularly in the retail and media & entertainment sectors. |
| Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block] | Our Senior Vice President (“SVP”) of Information Technology and the Vice President ("VP") of Information Security have overall responsibility for assessing and managing our material risks from cybersecurity threats. To help ensure effective oversight, the Audit Committee receives reports on information security and cybersecurity at least annually, and receives an update quarterly on information security and cybersecurity from materials provided by the VP of Information Security. |
| Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag] | true |