XML 61 R38.htm IDEA: XBRL DOCUMENT v3.25.1
Cybersecurity Risk Management and Strategy Disclosure
 12 Months Ended
Dec. 31, 2024
Cybersecurity Risk Management, Strategy, and Governance [Line Items]  
Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]

Cybersecurity Risk Management and Strategy

We have developed and implemented a cybersecurity risk management program designed to protect the confidentiality, integrity, and availability of our critical systems and information. Our cybersecurity risk management program is integrated into our overall enterprise risk management program and shares common methodologies, reporting channels and governance processes that apply across the risk management program to other risk areas.

Key elements of our cybersecurity risk management program include the following:

risk assessments designed to help identify material cybersecurity risks to our IT systems and information;
an information security office, supported by security teams of business units, principally responsible for managing (1) our cybersecurity risk assessment processes, (2) our security controls, and (3) our response to cybersecurity incidents;
the use of external service providers, where appropriate, to assess, test or otherwise assist with aspects of our security processes;
cybersecurity awareness training of our employees, including incident response personnel and senior management;
an information security incident management policy that includes procedures for responding to cybersecurity incidents; and
a security review process, where appropriate, to assess the risks associated with the use of key third-party service providers, suppliers, and vendors based on our assessment of their criticality to our operations and respective risk profile.

As of the date of the filing of this annual report, we have not experienced any material cybersecurity incidents or identified any material cybersecurity threats that have affected or are reasonably likely to materially affect us, our business strategy, results of operations or financial condition. We face certain ongoing risks from cybersecurity threats that, if realized, could potentially materially affect us. See Item 3.D. “Key Information—Risk Factor—Risks Related to Our Operations Overall—Cybersecurity and the threat environment remain a dynamic and ever-changing landscape with new threats and increasingly sophisticated attacks continually emerging. Successful security breaches can lead to unauthorized access to our network, systems and, in turn, Confidential Information which may include personal and sensitive information. This could materially adversely affect our business, results of operations and financial condition and expose us to liability claims.”
Cybersecurity Risk Management Processes Integrated [Flag] true
Cybersecurity Risk Management Processes Integrated [Text Block]

We have developed and implemented a cybersecurity risk management program designed to protect the confidentiality, integrity, and availability of our critical systems and information. Our cybersecurity risk management program is integrated into our overall enterprise risk management program and shares common methodologies, reporting channels and governance processes that apply across the risk management program to other risk areas.

Key elements of our cybersecurity risk management program include the following:

risk assessments designed to help identify material cybersecurity risks to our IT systems and information;
an information security office, supported by security teams of business units, principally responsible for managing (1) our cybersecurity risk assessment processes, (2) our security controls, and (3) our response to cybersecurity incidents;
the use of external service providers, where appropriate, to assess, test or otherwise assist with aspects of our security processes;
cybersecurity awareness training of our employees, including incident response personnel and senior management;
an information security incident management policy that includes procedures for responding to cybersecurity incidents; and
a security review process, where appropriate, to assess the risks associated with the use of key third-party service providers, suppliers, and vendors based on our assessment of their criticality to our operations and respective risk profile.
Cybersecurity Risk Management Third Party Engaged [Flag] true
Cybersecurity Risk Third Party Oversight and Identification Processes [Flag] true
Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag] false
Cybersecurity Risk Board of Directors Oversight [Text Block]

Our board of directors considers cybersecurity risk as part of its risk oversight function and has also designated the audit committee to oversee cybersecurity and other information security risks. The audit committee reviews our cybersecurity management and strategy periodically and receives regular reports from the management on our cybersecurity risks. In addition, our management updates the audit committee, where it deems appropriate, regarding cybersecurity incidents it considers to be significant.

Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block] audit committee
Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block] The audit committee reviews our cybersecurity management and strategy periodically and receives regular reports from the management on our cybersecurity risks. In addition, our management updates the audit committee, where it deems appropriate, regarding cybersecurity incidents it considers to be significant.
Cybersecurity Risk Role of Management [Text Block] At the management level, we have established an information security committee that is responsible for implementing a global information security program which is aligned with our strategy, establishing and promoting the corresponding policies and procedures, and, as necessary, assisting in ensuring adequate and timely disclosure of information security incidents and certain threats to our company’s management and board of directors, in accordance with our information security incident management policy.

Our information security committee is comprised of members of senior management and senior personnel, including our chief executive officer, the head of our information security office, and other members of management, leaders of business units and the legal, IT and other departments. The head of our information security office, who reports to our chief executive officer and leads our cybersecurity efforts, has over 15 years of experience in information technology and cybersecurity, with a career that includes various cybersecurity roles at several technology companies.

Our information security committee reports to the audit committee on the state of information security risks on periodic basis, as well as on an as-needed basis in the case of information security incidents it deems significant.
Cybersecurity Risk Management Positions or Committees Responsible [Flag] true
Cybersecurity Risk Management Positions or Committees Responsible [Text Block] Our information security committee
Cybersecurity Risk Management Expertise of Management Responsible [Text Block] The head of our information security office, who reports to our chief executive officer and leads our cybersecurity efforts, has over 15 years of experience in information technology and cybersecurity, with a career that includes various cybersecurity roles at several technology companies.
Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block] The head of our information security office, who reports to our chief executive officer and leads our cybersecurity efforts
Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag] true