Cybersecurity Risk Management, Strategy and Governance	12 Months Ended
Dec. 31, 2024
Cybersecurity Risk Management, Strategy, and Governance [Line Items]
Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]	Item 16K. CYBERSECURITY Risk Management and Strategy We maintain a comprehensive process for assessing, identifying and managing material risks from cybersecurity threats, including risks relating to disruption of business operations or financial reporting systems, intellectual property theft, fraud, extortion, harm to employees or customers, violation of privacy laws and other litigation and legal risk, and reputational risk, as part of our overall risk management system and processes. We utilize policies, software, training programs and hardware solutions to protect and monitor our environment, including multifactor authentication on all critical systems, firewalls, intrusion detection and prevention systems, vulnerability and penetration testing and identity management systems. Our cybersecurity risk management processes are part of our information security system designed in compliance with ISO 27001 standards and International Electrotechnical Commission (“IEC”) standards. Our certifications under such standards are valid for three years, and we are subject to an annual audit to maintain such certifications. In particular, we manage our cybersecurity risks by applying the four-step Plan-Do-Check-Act process, as recommended by and outlined in ISO 27001, to continually enhance our information security processes. We also maintain a robust crisis management system, which provides a framework for responding to cybersecurity incidents based on the severity of the incident and facilitates cross-functional coordination across security, IT infrastructure, legal and public relations departments. In addition, we operate a Security Operations Center that monitors and addresses day-to-day risks faced by our company. Additionally, we also utilize external independent control measures to improve and update our cybersecurity program, including independent third party assessments, penetration testing and scanning of our systems for vulnerabilities. For example, we engage an accredited third party agency to conduct annual audits of our cybersecurity system to verify the effectiveness, make recommendations for improvement and monitor remediation of any identified risks. Any updates that are deemed necessary are initially reported to and approved by our Chief Information Security Officer (“CISO”) prior to their implementation. We also provide annual information security awareness training for employees, participate in cybersecurity drills conducted by the Korea Internet & Security Agency as well as send out “phishing” email tests on a regular basis. Our cybersecurity risk management processes extend to the oversight and identification of threats associated with our use of third party service providers. When establishing a new data system that incorporates an external service, we review whether the third party providers’ information security programs meet the security standards required of our data systems, including whether the third party provider has obtained international certification for its services. We also carry limited insurance that provides protection against potential losses arising from cybersecurity incidents and annually review our policy and levels of coverage based on current risks. Our business strategy, results of operations and financial condition have not been materially affected by risks from cybersecurity threats, including as a result of previous cybersecurity incidents, but we cannot provide assurance that they will not be materially affected in the future by such risks and any future material incidents. See “Item 3.D. Risk Factors—Risks Relating to Our Company—If our cybersecurity is breached, we may incur significant legal and financial exposure, damage to our reputation and a loss of confidence of our customers” for more information on risks from cybersecurity threats that are reasonably likely to materially affect our business strategy, results of operations and financial condition. Governance The cybersecurity risk management processes described above are managed by our CISO, our Chief Information Officer (“CIO”) and our Chief Risk Officer (“CRO”). Our CISO is supported by three dedicated teams that respectively focus on establishing our cybersecurity goals and policies, examining security hazards and conducting security training. Our CIO oversees the operation of our IT systems, under which our Enterprise Architecture Team works to prevent cybersecurity breaches and performs control, response and recovery action in case of any cybersecurity breach. By dividing our cybersecurity roles from our IT system operation roles, we seek to prevent the abuse of and accidental or intentional misuse of data. In the event of a cybersecurity incident that would pose an organizational-level threat, our Emergency Response Committee, which is led by our CRO and includes a Cybersecurity Incident Subcommittee, would oversee response. Our CISO is appointed in accordance with the requirements set forth by the Act on Promotion of Information and Communications Network Utilization and Data Protection in Korea. Our current CISO holds a master’s degree in security convergence science, possesses cybersecurity-related certifications and has more than 20 years of information security-related work experience. Our day-to-day execution of cybersecurity processes are internally reported through email, phone, or formal reports on a monthly and as-needed basis. In the event of a cybersecurity incident, information including the date and time, name of breached system, cause and scale of damage, result of response, and classification of incident is reported to the appropriate members of the management. Our Board of Directors oversees all of our business, property and affairs, including cybersecurity risks, and our management provides reports to the Board of Directors on an as needed basis in the event of a material cybersecurity incident or for matters that require any material decision making.
Cybersecurity Risk Management Third Party Engaged [Flag]	true
Cybersecurity Risk Third Party Oversight and Identification Processes [Flag]	true
Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag]	false
Cybersecurity Risk Board of Directors Oversight [Text Block]	Governance The cybersecurity risk management processes described above are managed by our CISO, our Chief Information Officer (“CIO”) and our Chief Risk Officer (“CRO”). Our CISO is supported by three dedicated teams that respectively focus on establishing our cybersecurity goals and policies, examining security hazards and conducting security training. Our CIO oversees the operation of our IT systems, under which our Enterprise Architecture Team works to prevent cybersecurity breaches and performs control, response and recovery action in case of any cybersecurity breach. By dividing our cybersecurity roles from our IT system operation roles, we seek to prevent the abuse of and accidental or intentional misuse of data. In the event of a cybersecurity incident that would pose an organizational-level threat, our Emergency Response Committee, which is led by our CRO and includes a Cybersecurity Incident Subcommittee, would oversee response. Our CISO is appointed in accordance with the requirements set forth by the Act on Promotion of Information and Communications Network Utilization and Data Protection in Korea. Our current CISO holds a master’s degree in security convergence science, possesses cybersecurity-related certifications and has more than 20 years of information security-related work experience. Our day-to-day execution of cybersecurity processes are internally reported through email, phone, or formal reports on a monthly and as-needed basis. In the event of a cybersecurity incident, information including the date and time, name of breached system, cause and scale of damage, result of response, and classification of incident is reported to the appropriate members of the management. Our Board of Directors oversees all of our business, property and affairs, including cybersecurity risks, and our management provides reports to the Board of Directors on an as needed basis in the event of a material cybersecurity incident or for matters that require any material decision making.
Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block]	Our CIO oversees the operation of our IT systems, under which our Enterprise Architecture Team works to prevent cybersecurity breaches and performs control, response and recovery action in case of any cybersecurity breach. By dividing our cybersecurity roles from our IT system operation roles, we seek to prevent the abuse of and accidental or intentional misuse of data. In the event of a cybersecurity incident that would pose an organizational-level threat, our Emergency Response Committee, which is led by our CRO and includes a Cybersecurity Incident Subcommittee, would oversee response.
Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block]	Our CIO oversees the operation of our IT systems, under which our Enterprise Architecture Team works to prevent cybersecurity breaches and performs control, response and recovery action in case of any cybersecurity breach. By dividing our cybersecurity roles from our IT system operation roles, we seek to prevent the abuse of and accidental or intentional misuse of data. In the event of a cybersecurity incident that would pose an organizational-level threat, our Emergency Response Committee, which is led by our CRO and includes a Cybersecurity Incident Subcommittee, would oversee response.
Cybersecurity Risk Role of Management [Text Block]	The cybersecurity risk management processes described above are managed by our CISO, our Chief Information Officer (“CIO”) and our Chief Risk Officer (“CRO”). Our CISO is supported by three dedicated teams that respectively focus on establishing our cybersecurity goals and policies, examining security hazards and conducting security training. Our CIO oversees the operation of our IT systems, under which our Enterprise Architecture Team works to prevent cybersecurity breaches and performs control, response and recovery action in case of any cybersecurity breach.
Cybersecurity Risk Management Positions or Committees Responsible [Flag]	true
Cybersecurity Risk Management Positions or Committees Responsible [Text Block]	The cybersecurity risk management processes described above are managed by our CISO, our Chief Information Officer (“CIO”) and our Chief Risk Officer (“CRO”). Our CISO is supported by three dedicated teams that respectively focus on establishing our cybersecurity goals and policies, examining security hazards and conducting security training.
Cybersecurity Risk Management Expertise of Management Responsible [Text Block]	Our current CISO holds a master’s degree in security convergence science, possesses cybersecurity-related certifications and has more than 20 years of information security-related work experience.
Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block]	Our day-to-day execution of cybersecurity processes are internally reported through email, phone, or formal reports on a monthly and as-needed basis. In the event of a cybersecurity incident, information including the date and time, name of breached system, cause and scale of damage, result of response, and classification of incident is reported to the appropriate members of the management.
Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag]	true

Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]

Item 16K. CYBERSECURITY

Risk Management and Strategy

We maintain a comprehensive process for assessing, identifying and managing material risks from cybersecurity threats, including risks relating to disruption of business operations or financial reporting systems, intellectual property theft, fraud, extortion, harm to employees or customers, violation of privacy laws and other litigation and legal risk, and reputational risk, as part of our overall risk management system and processes. We utilize policies, software, training programs and hardware solutions to protect and monitor our environment, including multifactor authentication on all critical systems, firewalls, intrusion detection and prevention systems, vulnerability and penetration testing and identity management systems.

Our cybersecurity risk management processes are part of our information security system designed in compliance with ISO 27001 standards and International Electrotechnical Commission (“IEC”) standards. Our certifications under such standards are valid for three years, and we are subject to an annual audit to maintain such certifications. In particular, we manage our cybersecurity risks by applying the four-step Plan-Do-Check-Act process, as recommended by and outlined in ISO 27001, to continually enhance our information security processes.

We also maintain a robust crisis management system, which provides a framework for responding to cybersecurity incidents based on the severity of the incident and facilitates cross-functional coordination across security, IT infrastructure, legal and public relations departments. In addition, we operate a Security Operations Center that monitors and addresses day-to-day risks faced by our company.

Additionally, we also utilize external independent control measures to improve and update our cybersecurity program, including independent third party assessments, penetration testing and scanning of our systems for

vulnerabilities. For example, we engage an accredited third party agency to conduct annual audits of our cybersecurity system to verify the effectiveness, make recommendations for improvement and monitor remediation of any identified risks. Any updates that are deemed necessary are initially reported to and approved by our Chief Information Security Officer (“CISO”) prior to their implementation. We also provide annual information security awareness training for employees, participate in cybersecurity drills conducted by the Korea Internet & Security Agency as well as send out “phishing” email tests on a regular basis.

Our cybersecurity risk management processes extend to the oversight and identification of threats associated with our use of third party service providers. When establishing a new data system that incorporates an external service, we review whether the third party providers’ information security programs meet the security standards required of our data systems, including whether the third party provider has obtained international certification for its services.

We also carry limited insurance that provides protection against potential losses arising from cybersecurity incidents and annually review our policy and levels of coverage based on current risks.

Our business strategy, results of operations and financial condition have not been materially affected by risks from cybersecurity threats, including as a result of previous cybersecurity incidents, but we cannot provide assurance that they will not be materially affected in the future by such risks and any future material incidents. See “Item 3.D. Risk Factors—Risks Relating to Our Company—If our cybersecurity is breached, we may incur significant legal and financial exposure, damage to our reputation and a loss of confidence of our customers” for more information on risks from cybersecurity threats that are reasonably likely to materially affect our business strategy, results of operations and financial condition.

Governance

The cybersecurity risk management processes described above are managed by our CISO, our Chief Information Officer (“CIO”) and our Chief Risk Officer (“CRO”). Our CISO is supported by three dedicated teams that respectively focus on establishing our cybersecurity goals and policies, examining security hazards and conducting security training. Our CIO oversees the operation of our IT systems, under which our Enterprise Architecture Team works to prevent cybersecurity breaches and performs control, response and recovery action in case of any cybersecurity breach. By dividing our cybersecurity roles from our IT system operation roles, we seek to prevent the abuse of and accidental or intentional misuse of data. In the event of a cybersecurity incident that would pose an organizational-level threat, our Emergency Response Committee, which is led by our CRO and includes a Cybersecurity Incident Subcommittee, would oversee response.

Our CISO is appointed in accordance with the requirements set forth by the Act on Promotion of Information and Communications Network Utilization and Data Protection in Korea. Our current CISO holds a master’s degree in security convergence science, possesses cybersecurity-related certifications and has more than 20 years of information security-related work experience.

Our day-to-day execution of cybersecurity processes are internally reported through email, phone, or formal reports on a monthly and as-needed basis. In the event of a cybersecurity incident, information including the date and time, name of breached system, cause and scale of damage, result of response, and classification of incident is reported to the appropriate members of the management. Our Board of Directors oversees all of our business, property and affairs, including cybersecurity risks, and our management provides reports to the Board of Directors on an as needed basis in the event of a material cybersecurity incident or for matters that require any material decision making.

Cybersecurity Risk Third Party Oversight and Identification Processes [Flag]

true

Cybersecurity Risk Board of Directors Oversight [Text Block]

Governance

The cybersecurity risk management processes described above are managed by our CISO, our Chief Information Officer (“CIO”) and our Chief Risk Officer (“CRO”). Our CISO is supported by three dedicated teams that respectively focus on establishing our cybersecurity goals and policies, examining security hazards and conducting security training. Our CIO oversees the operation of our IT systems, under which our Enterprise Architecture Team works to prevent cybersecurity breaches and performs control, response and recovery action in case of any cybersecurity breach. By dividing our cybersecurity roles from our IT system operation roles, we seek to prevent the abuse of and accidental or intentional misuse of data. In the event of a cybersecurity incident that would pose an organizational-level threat, our Emergency Response Committee, which is led by our CRO and includes a Cybersecurity Incident Subcommittee, would oversee response.

Our CISO is appointed in accordance with the requirements set forth by the Act on Promotion of Information and Communications Network Utilization and Data Protection in Korea. Our current CISO holds a master’s degree in security convergence science, possesses cybersecurity-related certifications and has more than 20 years of information security-related work experience.

Our day-to-day execution of cybersecurity processes are internally reported through email, phone, or formal reports on a monthly and as-needed basis. In the event of a cybersecurity incident, information including the date and time, name of breached system, cause and scale of damage, result of response, and classification of incident is reported to the appropriate members of the management. Our Board of Directors oversees all of our business, property and affairs, including cybersecurity risks, and our management provides reports to the Board of Directors on an as needed basis in the event of a material cybersecurity incident or for matters that require any material decision making.

Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block]

Our CIO oversees the operation of our IT systems, under which our Enterprise Architecture Team works to prevent cybersecurity breaches and performs control, response and recovery action in case of any cybersecurity breach. By dividing our cybersecurity roles from our IT system operation roles, we seek to prevent the abuse of and accidental or intentional misuse of data. In the event of a cybersecurity incident that would pose an organizational-level threat, our Emergency Response Committee, which is led by our CRO and includes a Cybersecurity Incident Subcommittee, would oversee response.

Cybersecurity Risk Management Positions or Committees Responsible [Flag]

true

Cybersecurity Risk Management Expertise of Management Responsible [Text Block]

Our current CISO holds a master’s degree in security convergence science, possesses cybersecurity-related certifications and has more than 20 years of information security-related work experience.

Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag]

true