XML 24 R11.htm IDEA: XBRL DOCUMENT v3.25.0.1
Cybersecurity Risk Management, Strategy, and Governance
 12 Months Ended
Dec. 31, 2024
Cybersecurity Risk Management, Strategy, and Governance [Line Items]  
Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]

ITEM 1C. CYBERSECURITY

Cybersecurity Risk Management and Strategy

We use the CIS benchmarks as a guideline to strengthen our cybersecurity practices. This is intended to protect the confidentiality, integrity, and availability of our critical systems and information. Our adoption of the CIS benchmarks is a helpful baseline for potential future alignment with internationally recognized frameworks such as NIST Cybersecurity Framework, or ISO 27001.

Integration with Enterprise Risk Management

Our cybersecurity risk management program is integrated into our enterprise risk management framework. It shares methodologies, reporting channels, and governance processes applied across other risk domains, including legal, compliance, strategic, operational, and financial risks.

Core Components of the Cybersecurity Risk Management Program

Our program includes the following:

Risk Assessments: Conducting risk capacity evaluations, pressure tests, and gap analyses while formalizing risk tolerance.
Security Team: A team dedicated to managing cybersecurity risks, implementing security controls, and responding to incidents.
External Expertise: Engaging third-party providers to evaluate, test, and enhance aspects of our security controls.
Cybersecurity Awareness Training: Ongoing training for employees, incident response personnel, and senior leadership.
Third-Party Risk Management: Assessing and monitoring vendors, suppliers, and service providers to mitigate risks to our organization.

Material Cybersecurity Risk Assessment

We have recently completed an IT Audit of our China Office as part of our broader cybersecurity risk management efforts. This audit identified certain gaps in our systems, processes, and controls specific to our operations in China. These gaps do not indicate the presence of any known cybersecurity threats or incidents, but they highlight areas for improvement to strengthen our overall cybersecurity posture.

We are actively and diligently working to address and mitigate these gaps by enhancing our security controls and aligning them with our enterprise-wide cybersecurity strategy. This proactive approach ensures that our systems remain resilient and secure in an evolving regulatory and operational environment.

At this time, no cybersecurity threats or incidents have been identified that have materially affected or are reasonably likely to materially affect our operations, business strategy, results, or financial condition.

Cybersecurity Governance

Our board of directors considers cybersecurity risk as part of its risk oversight function and has delegated to the audit committee of our board of directors (Audit Committee) oversight of cybersecurity and other information technology risks. The Audit Committee oversees management’s implementation of our cybersecurity risk management program.

Management updates the Audit Committee and executives as necessary, regarding any material cybersecurity incidents, as well as any incidents with lesser impact potential.

Our management team, including the CTO and IT Manager, is responsible for assessing and managing our material risks from cybersecurity threats. The team has primary responsibility for our overall cybersecurity risk management program and supervises both our internal cybersecurity personnel and our retained external cybersecurity consultants.

Our management team has several years of experience and has been trained for various roles in information technology and cybersecurity at numerous technology companies. The team supervises efforts to prevent, detect, mitigate, and remediate cybersecurity risks and incidents through various means, which may include:

Briefings from internal security personnel;
Threat intelligence and information obtained from governmental, public, or private sources, including external consultants engaged by us; and
Alerts and reports produced by security tools deployed in our IT environment.
Cybersecurity Risk Management Processes Integrated [Flag] true
Cybersecurity Risk Management Processes Integrated [Text Block]

Our cybersecurity risk management program is integrated into our enterprise risk management framework. It shares methodologies, reporting channels, and governance processes applied across other risk domains, including legal, compliance, strategic, operational, and financial risks.
Cybersecurity Risk Management Third Party Engaged [Flag] true
Cybersecurity Risk Third Party Oversight and Identification Processes [Flag] true
Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag] false
Cybersecurity Risk Board of Directors Oversight [Text Block]

Our board of directors considers cybersecurity risk as part of its risk oversight function and has delegated to the audit committee of our board of directors (Audit Committee) oversight of cybersecurity and other information technology risks. The Audit Committee oversees management’s implementation of our cybersecurity risk management program.

Management updates the Audit Committee and executives as necessary, regarding any material cybersecurity incidents, as well as any incidents with lesser impact potential.

Our management team, including the CTO and IT Manager, is responsible for assessing and managing our material risks from cybersecurity threats. The team has primary responsibility for our overall cybersecurity risk management program and supervises both our internal cybersecurity personnel and our retained external cybersecurity consultants.

Our management team has several years of experience and has been trained for various roles in information technology and cybersecurity at numerous technology companies. The team supervises efforts to prevent, detect, mitigate, and remediate cybersecurity risks and incidents through various means, which may include:

Briefings from internal security personnel;
Threat intelligence and information obtained from governmental, public, or private sources, including external consultants engaged by us; and
Alerts and reports produced by security tools deployed in our IT environment.
Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block]

Our board of directors considers cybersecurity risk as part of its risk oversight function and has delegated to the audit committee of our board of directors (Audit Committee) oversight of cybersecurity and other information technology risks. The Audit Committee oversees management’s implementation of our cybersecurity risk management program.
Cybersecurity Risk Role of Management [Text Block]

Management updates the Audit Committee and executives as necessary, regarding any material cybersecurity incidents, as well as any incidents with lesser impact potential.

Our management team, including the CTO and IT Manager, is responsible for assessing and managing our material risks from cybersecurity threats. The team has primary responsibility for our overall cybersecurity risk management program and supervises both our internal cybersecurity personnel and our retained external cybersecurity consultants.

Our management team has several years of experience and has been trained for various roles in information technology and cybersecurity at numerous technology companies. The team supervises efforts to prevent, detect, mitigate, and remediate cybersecurity risks and incidents through various means, which may include:

Briefings from internal security personnel;
Threat intelligence and information obtained from governmental, public, or private sources, including external consultants engaged by us; and
Alerts and reports produced by security tools deployed in our IT environment.
Cybersecurity Risk Management Positions or Committees Responsible [Flag] true
Cybersecurity Risk Management Positions or Committees Responsible [Text Block]

Our management team, including the CTO and IT Manager, is responsible for assessing and managing our material risks from cybersecurity threats. The team has primary responsibility for our overall cybersecurity risk management program and supervises both our internal cybersecurity personnel and our retained external cybersecurity consultants.
Cybersecurity Risk Management Expertise of Management Responsible [Text Block] Our management team has several years of experience and has been trained for various roles in information technology and cybersecurity at numerous technology companies.
Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block] The team supervises efforts to prevent, detect, mitigate, and remediate cybersecurity risks and incidents through various means, which may include:
Briefings from internal security personnel;
Threat intelligence and information obtained from governmental, public, or private sources, including external consultants engaged by us; and
Alerts and reports produced by security tools deployed in our IT environment.
Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag] true