Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]

Cybersecurity Risk Management and Strategy

We have developed and implemented a cybersecurity risk management program intended to protect the confidentiality, integrity, and availability of our critical systems, information, and our customers’ data. Our cybersecurity policies, standards, processes, and practices are part of our information security management program, which is aligned to ISO 27001, an international standard to manage information security. This does not imply that we meet any particular technical standards, specifications, or requirements, only that we use ISO 27001 as a framework to help us identify, assess, and manage cybersecurity risks relevant to our business.

Our cybersecurity risk management program includes a secure software development program intended to reduce the introduction of risks into our software, a software vulnerability and patch management program, and cybersecurity incident detection, response, and recovery programs, among others. Our cybersecurity risk team aims to integrate cybersecurity risks into our overall company’s risk management system and processes on an ongoing basis.

Key elements of our cybersecurity risk management program include, but are not limited to the following:

•	a cybersecurity incident response plan that includes procedures for responding to cybersecurity incidents and risk assessments designed to help identify material cybersecurity risks to our critical systems, information, products, services, and our broader enterprise IT environment;

•	a security team principally responsible for managing (1) our cybersecurity risk assessment processes, (2) our security controls, and (3) our response to cybersecurity incidents;

•	the use of external service providers, where appropriate, to assess, test or otherwise assist with aspects of our security processes; and

•	a third-party risk management process for key service providers based on our assessment of their criticality to our operations and respective risk profile.

We have not identified risks from known cybersecurity threats, including as a result of any prior cybersecurity incidents, that have materially affected us, including our operations, business strategy, results of operations, or financial condition.

Cybersecurity risks and threats continuously evolve, and we face risks from cybersecurity threats that, if realized, are reasonably likely to materially affect us, including our operations, business strategy, results of operations, or financial condition. See “Risk Factor—Our reputation and business could be harmed based on real or perceived shortcomings, defects or vulnerabilities in our solutions or if our end-users experience security breaches, which could have a material adverse effect on our business, reputation and operating results,” “Risk Factor—As a security provider, if our information technology systems and data, or those of our service providers and other contractors, are compromised by cyber-attackers or other malicious actors, or by a critical system failure, our reputation, financial condition and operating results could be materially adversely affected,” and “Risk Factor—We rely on information technology systems to conduct our businesses, and failure to protect these systems against security breaches and otherwise to implement, integrate, upgrade and maintain such systems in working order could have a material adverse effect on our results of operations, cash flows or financial condition.”

Cybersecurity Risk Management Processes Integrated [Text Block]

We have developed and implemented a cybersecurity risk management program intended to protect the confidentiality, integrity, and availability of our critical systems, information, and our customers’ data. Our cybersecurity policies, standards, processes, and practices are part of our information security management program, which is aligned to ISO 27001, an international standard to manage information security.

Cybersecurity Risk Third Party Oversight and Identification Processes [Flag]

true

Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Text Block]

Cybersecurity risks and threats continuously evolve, and we face risks from cybersecurity threats that, if realized, are reasonably likely to materially affect us, including our operations, business strategy, results of operations, or financial condition. See “Risk Factor—Our reputation and business could be harmed based on real or perceived shortcomings, defects or vulnerabilities in our solutions or if our end-users experience security breaches, which could have a material adverse effect on our business, reputation and operating results,” “Risk Factor—As a security provider, if our information technology systems and data, or those of our service providers and other contractors, are compromised by cyber-attackers or other malicious actors, or by a critical system failure, our reputation, financial condition and operating results could be materially adversely affected,” and “Risk Factor—We rely on information technology systems to conduct our businesses, and failure to protect these systems against security breaches and otherwise to implement, integrate, upgrade and maintain such systems in working order could have a material adverse effect on our results of operations, cash flows or financial condition.”

Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block]

Our Board of Directors considers cybersecurity risk as part of its risk oversight function and has delegated to the Audit Committee oversight of cybersecurity and other information technology risks. The Audit Committee oversees management’s implementation of our cybersecurity risk management program.

Cybersecurity Risk Role of Management [Text Block]

Our cybersecurity management team, including our CEO, Chief Financial Officer, Chief Operating Officer, Chief Marketing Officer, Chief Information Officer, Chief Information Security Officer (CISO) and General Counsel, is responsible for assessing and managing our material risks from cybersecurity threats. The team is primarily responsible for our overall cybersecurity risk management program and supervises both our internal cybersecurity personnel and our retained external cybersecurity consultants. By the nature of our business, our management team gained expertise in cybersecurity, each member bringing years of experience and strategic leadership in cybersecurity. Our CISO, who holds a B.S. in Computer Science, and has over 30 years of cybersecurity experience, actively participates in formal courses and conferences to stay current with evolving threats.

Our cybersecurity management team is informed about and monitors the prevention, detection, mitigation, and remediation of cybersecurity risks and incidents through various means, which may include briefings from internal security personnel; threat intelligence and other information obtained from governmental, public or private sources, including external consultants engaged by us; and alerts and reports produced by security tools deployed in the IT environment.

Cybersecurity Risk Management Positions or Committees Responsible [Text Block]

Our cybersecurity management team, including our CEO, Chief Financial Officer, Chief Operating Officer, Chief Marketing Officer, Chief Information Officer, Chief Information Security Officer (CISO) and General Counsel, is responsible for assessing and managing our material risks from cybersecurity threats.

Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block]

The team is primarily responsible for our overall cybersecurity risk management program and supervises both our internal cybersecurity personnel and our retained external cybersecurity consultants.