|
Cybersecurity Risk Management and Strategy Disclosure
|12 Months Ended
Dec. 31, 2024
|Cybersecurity Risk Management, Strategy, and Governance [Line Items]
|Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]
|
Risk Management and Strategy
We prioritize the management of cybersecurity risk and the protection of information across our enterprise by embedding data protection and cybersecurity risk management in our operations. Our processes for assessing, identifying and managing material risks from cybersecurity threats have been integrated into our overall risk management system and processes. As a foundation of our cybersecurity risk management processes, we have implemented a layered governance structure, as discussed further below, to help assess, identify and manage cybersecurity risks.
Our privacy and cybersecurity policies encompass incident response procedures, information security and vendor management. In order to help develop these policies and procedures, we monitor the privacy and cybersecurity laws, regulations and guidance applicable to us in the regions where we do business, as well as proposed privacy and cybersecurity laws, regulations, guidance and emerging risks, as further described in Item 4.B “Business Overview—Laws and Regulations—Business Impact and Liability Arising from New and Evolving Data Privacy and Cybersecurity Laws and Regulations.”
As described in Item 3.D “Risk Factors,” our operations rely on the secure processing, storage and transmission of confidential and other information in our computer systems and networks. Computer viruses, hackers, employee or vendor misconduct and other external hazards could expose our information systems and those of our vendors to security breaches, cybersecurity incidents or other disruptions, any of which could materially and adversely affect our business.
While we have experienced cybersecurity incidents, to date, we are not aware that we have experienced a material cybersecurity incident during fiscal years 2024, 2023 or 2022 .
We have contractual arrangements with a number of game developers under which these game developers provide cybersecurity controls for our games and their users. These controls include implementation of an information security management system, establishment of data management policies including data security protection measures, development of policies on risk management, assessment and response processes and conducting annual risk assessments. In addition, since obtaining ISO/IEC 27001 certification, we have carried out annual audits conducted by external certification bodies to ensure compliance with the standard.The sophistication of cybersecurity threats, including through the use of artificial intelligence, continues to increase, and the controls and preventative actions we take to reduce the risk of cybersecurity incidents and protect our systems, including the regular testing of our cybersecurity incident response plan, may be insufficient. In addition, new technology that could result in greater operational efficiency may further expose our computer systems to the risk of cybersecurity incidents. To address these challenges, we provide regular employee training to promote the safe and responsible use of artificial intelligence (AI).
|Cybersecurity Risk Management Processes Integrated [Flag]
|true
|Cybersecurity Risk Management Processes Integrated [Text Block]
|We prioritize the management of cybersecurity risk and the protection of information across our enterprise by embedding data protection and cybersecurity risk management in our operations. Our processes for assessing, identifying and managing material risks from cybersecurity threats have been integrated into our overall risk management system and processes. As a foundation of our cybersecurity risk management processes, we have implemented a layered governance structure, as discussed further below, to help assess, identify and manage cybersecurity risks.
|Cybersecurity Risk Management Third Party Engaged [Flag]
|true
|Cybersecurity Risk Third Party Oversight and Identification Processes [Flag]
|true
|Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag]
|false
|Cybersecurity Risk Board of Directors Oversight [Text Block]
|
Governance
We implemented a layered governance structure as a part of our integration of cybersecurity risk management into our overall risk management system and processes. Our Board oversees the operational (including information technology (IT) risks, business continuity and data security) risk affairs of the Company. Our Board is informed of such risks through periodic reports from our Chief Information Security Officer (the “CISO”). In addition, the CISO updates the Board, as necessary, regarding any material cybersecurity incidents, as well as any incidents with lesser impact potential.
Our CISO, Jong Yul Kim, who has been serving in this role since August 2019, oversees the implementation and compliance of our information security standards and mitigation of information security-related risks. As the CISO, he is also responsible for assessing and managing our material risks from cybersecurity threats. Previously, in his capacity as a senior game developer with leading game companies for more than a decade, Mr. Kim oversaw server security and other cybersecurity risk management for such game companies. We also have the following internal groups that support our processes to assess and manage cybersecurity risks as follows:
a.The Security Forum, comprising the Chief Executive Officer (Chair), Chief Operating Officer (Vice Chair), CISO and the Information Security Manager, brings together management, IT, information security and compliance teams. The Security Forum provides a forum for these cross-functional members of management to make major decisions relating to information security matters, including considering emerging technologies, such as artificial intelligence and emerging cybersecurity risks; reviewing and evaluating cybersecurity and privacy regulations; approving, reviewing and updating policies, budgets, procedures and standards as appropriate; and promoting cross-functional collaboration to manage cybersecurity and privacy risks and incidents across the enterprise.
b.The Crisis Incident Management Team, comprising senior cybersecurity, finance, marketing and legal leaders across business segments, manages risks from matters related to business continuity including risks posed by cybersecurity threats, and implements controls to mitigate such operational risks. Among other processes, this team reviews the Company’s programs and processes related to information security, third-party risk, vendor management, facilities, unplanned downtime, business disruption, business continuity and disaster recovery. The team also addresses and manages cybersecurity incidents, natural disasters and business outages. The head of the team is responsible for reporting to the CISO who will then report to management, in the event of an actual crisis. In addition, upon the conclusion of an incident, the team provides an official comprehensive report to management outlining the incurred damages, the incident’s root cause and proposed future prevention measures.
c.The Information Security Operation Committee, comprising senior leaders across business segments and led by the Information Security Manager, oversees information security initiatives while considering cybersecurity risk mitigation with respect to these initiatives.
Each of these internal groups provides summary reports on their activities, which are communicated as appropriate to the Board.
At the employee level, we maintain an experienced information technology team that is tasked with implementing our privacy and cybersecurity program and support the CISO in carrying out reporting, security and mitigation functions. We also hold employee trainings on privacy and cybersecurity, records and information management, conduct phishing tests and generally seek to promote awareness of cybersecurity risk through communication and education of our employee population.
|Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block]
|Our Board oversees the operational (including information technology (IT) risks, business continuity and data security) risk affairs of the Company. Our Board is informed of such risks through periodic reports from our Chief Information Security Officer (the “CISO”). In addition, the CISO updates the Board, as necessary, regarding any material cybersecurity incidents, as well as any incidents with lesser impact potential.
|Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block]
|Our Board oversees the operational (including information technology (IT) risks, business continuity and data security) risk affairs of the Company. Our Board is informed of such risks through periodic reports from our Chief Information Security Officer (the “CISO”). In addition, the CISO updates the Board, as necessary, regarding any material cybersecurity incidents, as well as any incidents with lesser impact potential.
|Cybersecurity Risk Role of Management [Text Block]
|
Our CISO, Jong Yul Kim, who has been serving in this role since August 2019, oversees the implementation and compliance of our information security standards and mitigation of information security-related risks. As the CISO, he is also responsible for assessing and managing our material risks from cybersecurity threats. Previously, in his capacity as a senior game developer with leading game companies for more than a decade, Mr. Kim oversaw server security and other cybersecurity risk management for such game companies. We also have the following internal groups that support our processes to assess and manage cybersecurity risks as follows:
a.The Security Forum, comprising the Chief Executive Officer (Chair), Chief Operating Officer (Vice Chair), CISO and the Information Security Manager, brings together management, IT, information security and compliance teams. The Security Forum provides a forum for these cross-functional members of management to make major decisions relating to information security matters, including considering emerging technologies, such as artificial intelligence and emerging cybersecurity risks; reviewing and evaluating cybersecurity and privacy regulations; approving, reviewing and updating policies, budgets, procedures and standards as appropriate; and promoting cross-functional collaboration to manage cybersecurity and privacy risks and incidents across the enterprise.
b.The Crisis Incident Management Team, comprising senior cybersecurity, finance, marketing and legal leaders across business segments, manages risks from matters related to business continuity including risks posed by cybersecurity threats, and implements controls to mitigate such operational risks. Among other processes, this team reviews the Company’s programs and processes related to information security, third-party risk, vendor management, facilities, unplanned downtime, business disruption, business continuity and disaster recovery. The team also addresses and manages cybersecurity incidents, natural disasters and business outages. The head of the team is responsible for reporting to the CISO who will then report to management, in the event of an actual crisis. In addition, upon the conclusion of an incident, the team provides an official comprehensive report to management outlining the incurred damages, the incident’s root cause and proposed future prevention measures.
c.The Information Security Operation Committee, comprising senior leaders across business segments and led by the Information Security Manager, oversees information security initiatives while considering cybersecurity risk mitigation with respect to these initiatives.
Each of these internal groups provides summary reports on their activities, which are communicated as appropriate to the Board.
|Cybersecurity Risk Management Positions or Committees Responsible [Flag]
|true
|Cybersecurity Risk Management Positions or Committees Responsible [Text Block]
|We also have the following internal groups that support our processes to assess and manage cybersecurity risks as follows:
a.The Security Forum, comprising the Chief Executive Officer (Chair), Chief Operating Officer (Vice Chair), CISO and the Information Security Manager, brings together management, IT, information security and compliance teams. The Security Forum provides a forum for these cross-functional members of management to make major decisions relating to information security matters, including considering emerging technologies, such as artificial intelligence and emerging cybersecurity risks; reviewing and evaluating cybersecurity and privacy regulations; approving, reviewing and updating policies, budgets, procedures and standards as appropriate; and promoting cross-functional collaboration to manage cybersecurity and privacy risks and incidents across the enterprise.
b.The Crisis Incident Management Team, comprising senior cybersecurity, finance, marketing and legal leaders across business segments, manages risks from matters related to business continuity including risks posed by cybersecurity threats, and implements controls to mitigate such operational risks. Among other processes, this team reviews the Company’s programs and processes related to information security, third-party risk, vendor management, facilities, unplanned downtime, business disruption, business continuity and disaster recovery. The team also addresses and manages cybersecurity incidents, natural disasters and business outages. The head of the team is responsible for reporting to the CISO who will then report to management, in the event of an actual crisis. In addition, upon the conclusion of an incident, the team provides an official comprehensive report to management outlining the incurred damages, the incident’s root cause and proposed future prevention measures.
c.The Information Security Operation Committee, comprising senior leaders across business segments and led by the Information Security Manager, oversees information security initiatives while considering cybersecurity risk mitigation with respect to these initiatives.
Each of these internal groups provides summary reports on their activities, which are communicated as appropriate to the Board.
|Cybersecurity Risk Management Expertise of Management Responsible [Text Block]
|Previously, in his capacity as a senior game developer with leading game companies for more than a decade, Mr. Kim oversaw server security and other cybersecurity risk management for such game companies.
|Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block]
|
Each of these internal groups provides summary reports on their activities, which are communicated as appropriate to the Board.
|Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag]
|true
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef