|
Cybersecurity Risk Management and Strategy Disclosure
|12 Months Ended
Dec. 31, 2024
|Cybersecurity Risk Management, Strategy, and Governance [Line Items]
|Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]
|
Risk management and strategy
We prioritize the management of cybersecurity risk and the protection of information across our enterprise by embedding risk-based data protection and cybersecurity risk management in our operations. Our processes for assessing, identifying, and managing material risks from cybersecurity threats have been integrated into our overall risk management system and processes.
As a foundation for this approach, we have implemented a layered governance structure to help assess, identify and manage cybersecurity risks. Our cybersecurity risk management program includes processes to assess and identify cybersecurity risks with regards to our assets, classify such risks, and implement corrective and preventive actions in accordance with industry best practice. We undergo annual external evaluation by third party consultants, whose work includes the performance of cybersecurity risk management process reviews, penetration testing, and security surveys. We are ISO27001 and ISO22301 certified and undergo annual SOX audits by our external auditors.
Our privacy and cybersecurity policies that currently exist and will continue to fortified and updated to adapt to applicable regulatory requirements, encompass incident response procedures, vendor management standards and information security domains including security awareness training, asset management, network security, business continuity management, and backups and restoration. In order to help develop these policies and procedures, we monitor the privacy and cybersecurity laws, regulations and guidance applicable to us in the regions where we do business. Our cybersecurity risk management program is modeled on industry standards and best practices, as well as the requirements of applicable privacy and cybersecurity laws and regulations.
Our cybersecurity risk management program will include processes to monitor and manage vendors’ cybersecurity risks. Our agreements with applicable third-party service providers require such providers to adhere to privacy and cybersecurity standards, and we perform risk assessments of vendors, including evaluating their ability to protect data from unauthorized access. Furthermore, we monitor and review vendors’ access to our systems and data.
We maintain an experienced information technology team who are tasked with implementing our privacy and cybersecurity program and support the CISO in carrying out reporting, security and mitigation functions. We also hold employee trainings on privacy and cybersecurity, records and information management, conduct phishing tests and generally seek to promote awareness of cybersecurity risk through communication and education of our employee population.
As described in Item 3.D “Risk Factors,” our operations rely on the secure processing, storage and transmission of confidential and other information in our computer systems and networks. Computer viruses, hackers, employee or vendor misconduct, and other external hazards could expose our information systems and those of our vendors to security breaches, cybersecurity incidents or other disruptions, any of which could materially and adversely affect our business, by way of disclosing our confidential business and financial information and/or affecting our platforms’ availabilities (affecting our ability to provide services and support to our customers) and/or affecting our data integrity. We are not aware that we have experienced a material cybersecurity incident during the 2024 fiscal year.
The sophistication of cybersecurity threats, including through the use of artificial intelligence, continues to increase, and the controls and preventative actions we take to reduce the risk of cybersecurity incidents and protect our systems, including the regular testing of our cybersecurity incident response plan, may be insufficient. In addition, new technology that could result in greater operational efficiency such as use of artificial intelligence may further expose our computer systems to the risk of cybersecurity incidents.
|Cybersecurity Risk Management Processes Integrated [Flag]
|true
|Cybersecurity Risk Management Processes Integrated [Text Block]
|
We prioritize the management of cybersecurity risk and the protection of information across our enterprise by embedding risk-based data protection and cybersecurity risk management in our operations. Our processes for assessing, identifying, and managing material risks from cybersecurity threats have been integrated into our overall risk management system and processes.
|Cybersecurity Risk Management Third Party Engaged [Flag]
|true
|Cybersecurity Risk Third Party Oversight and Identification Processes [Flag]
|true
|Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag]
|true
|Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Text Block]
|
As described in Item 3.D “Risk Factors,” our operations rely on the secure processing, storage and transmission of confidential and other information in our computer systems and networks. Computer viruses, hackers, employee or vendor misconduct, and other external hazards could expose our information systems and those of our vendors to security breaches, cybersecurity incidents or other disruptions, any of which could materially and adversely affect our business, by way of disclosing our confidential business and financial information and/or affecting our platforms’ availabilities (affecting our ability to provide services and support to our customers) and/or affecting our data integrity. We are not aware that we have experienced a material cybersecurity incident during the 2024 fiscal year.
|Cybersecurity Risk Board of Directors Oversight [Text Block]
|
Governance
As part of our overall risk management approach, we prioritize the identification and management of cybersecurity risk at several levels, including Board oversight, executive commitment, IT management team. Our Audit Committee, comprised of independent directors from our Board, oversees the Board’s responsibilities relating to the operational risk affairs of the Company (including information systems (IT), business continuity and data security risks). This is also supported by an annual Risk Assessment Survey Validation, presented to the Board, by our external auditors, where the main risk exposures are assessed, quantified and ranked.
Our CISO, who has been a chief information security officer for 20 years and worked in banking and hi-tech industries, oversees the implementation and compliance of our information security standards and mitigation of information security related risks. The IT Steering Committee, which includes our group Chief Information Officer and members of executive leadership, oversees IT initiatives while considering cybersecurity risk mitigation with respect to these initiatives.
The IT Steering Committee reports regularly to the company’s management of the security risks. According to our Incident Response procedures, the CISO is responsible for supervising cybersecurity alerts and incidents, investigating them, and escalating them, through the company’s management to the Board, if and when necessary.
|Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block]
|As part of our overall risk management approach, we prioritize the identification and management of cybersecurity risk at several levels, including Board oversight, executive commitment, IT management team.
|Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block]
|Our Audit Committee, comprised of independent directors from our Board, oversees the Board’s responsibilities relating to the operational risk affairs of the Company (including information systems (IT), business continuity and data security risks).
|Cybersecurity Risk Role of Management [Text Block]
|
Our CISO, who has been a chief information security officer for 20 years and worked in banking and hi-tech industries, oversees the implementation and compliance of our information security standards and mitigation of information security related risks. The IT Steering Committee, which includes our group Chief Information Officer and members of executive leadership, oversees IT initiatives while considering cybersecurity risk mitigation with respect to these initiatives.
The IT Steering Committee reports regularly to the company’s management of the security risks. According to our Incident Response procedures, the CISO is responsible for supervising cybersecurity alerts and incidents, investigating them, and escalating them, through the company’s management to the Board, if and when necessary.
|Cybersecurity Risk Management Positions or Committees Responsible [Flag]
|true
|Cybersecurity Risk Management Positions or Committees Responsible [Text Block]
|According to our Incident Response procedures, the CISO is responsible for supervising cybersecurity alerts and incidents, investigating them, and escalating them, through the company’s management to the Board, if and when necessary.
|Cybersecurity Risk Management Expertise of Management Responsible [Text Block]
|Our CISO, who has been a chief information security officer for 20 years and worked in banking and hi-tech industries, oversees the implementation and compliance of our information security standards and mitigation of information security related risks.
|Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block]
|
The IT Steering Committee reports regularly to the company’s management of the security risks. According to our Incident Response procedures, the CISO is responsible for supervising cybersecurity alerts and incidents, investigating them, and escalating them, through the company’s management to the Board, if and when necessary.
|Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag]
|true
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef