|
Cybersecurity Risk Management and Strategy Disclosure
|12 Months Ended
Dec. 31, 2024
|Cybersecurity Risk Management, Strategy, and Governance [Line Items]
|Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]
|
Pursuant to applicable regulations, we have established and maintain a formal cybersecurity program to protect our information technology systems and customer data. This program is designed to comply with applicable regulatory requirements, incorporate industry standards, and to evolve with the changing security threat environment through ongoing assessment and measurement. To that end, we have in place, and seek to improve, a comprehensive system of security controls, managed by a dedicated staff, and overseen by our Group Chief Information Security Officer and Chief Technology Officer (the “Group CISO & CTO”), to protect
against or otherwise minimize cybersecurity risks. Such risks, including those posed by cyber incidents, form part of our enterprise risk management processes, and we continue to evaluate and assess our compliance in the changing regulatory environment.
Periodically, the services of third party experts are engaged to perform security penetration testing to identify vulnerabilities in our IT environment. The results of such tests are reviewed, and our security controls are updated as necessary to address vulnerabilities identified by such testing. In addition, we are subject to independent assessment and review by regulators, as well as an annual audit of our security controls by our independent internal audit team. Furthermore, we operate a supplier due diligence process that includes a component to assess the information and cyber security processes operated by third party service providers to ensure they are appropriate to the services being delivered.
Our employees and contractors are required to comply with our IT Acceptable Usage Policy and certify their compliance annually. Cybersecurity awareness training is mandatory for all new hires and for existing employees and contractors on an annual basis. Periodic phishing tests are also conducted to assess employees’ susceptibility to phishing attacks. Additional compulsory cybersecurity training is delivered where necessary.
We have implemented incident response and business continuity plans for our operations, which are regularly reviewed with respect to our business-critical infrastructure and systems. We employ data backup procedures to ensure that our key business systems and data are regularly backed up, and can be restored if necessary. Moreover, our backup information is stored remotely from sites hosting our data, in order to minimize the risk of loss of key data in the event of a disaster or other system outage. Our recovery plans involve arrangements with our off-site data center and cloud infrastructure. We believe the IT function will be able to utilize these plans to efficiently recover key system functionality in the event that our primary systems are unavailable due to various scenarios, such as natural disasters.
Like other businesses, the Group has previously experienced attempts by cyber-criminals to infiltrate its IT infrastructure; however, the Group has not been impacted by any material cybersecurity incidents, and it believes it has taken, and is taking, reasonable steps to mitigate the risk of future cyberattacks. To that end, the Group continues to adapt its cybersecurity training in response to evolving cyber threats and continually improves its technical and administrative security controls. However, there can be no guarantee that these steps will in fact prevent a future cyberattack against the Group. Any failure in our security controls may expose the Group to potential data loss and damages and potentially significant increases in compliance and litigation costs, and such exposure could have a material adverse effect on the Group’s business, prospects, financial condition or results of operations, and reputation. See Item 3.D. Risk Factors “Risk Relating to the Group’s Reliance on Third Parties in the Operation of its Business — The Group is reliant on third-party service providers and their IT systems, and their failure could lead to an interruption in the Group’s business activities, which could have a material adverse effect on the Group’s business.”
|Cybersecurity Risk Management Processes Integrated [Flag]
|true
|Cybersecurity Risk Management Processes Integrated [Text Block]
|
Pursuant to applicable regulations, we have established and maintain a formal cybersecurity program to protect our information technology systems and customer data. This program is designed to comply with applicable regulatory requirements, incorporate industry standards, and to evolve with the changing security threat environment through ongoing assessment and measurement. To that end, we have in place, and seek to improve, a comprehensive system of security controls, managed by a dedicated staff, and overseen by our Group Chief Information Security Officer and Chief Technology Officer (the “Group CISO & CTO”), to protect
against or otherwise minimize cybersecurity risks. Such risks, including those posed by cyber incidents, form part of our enterprise risk management processes, and we continue to evaluate and assess our compliance in the changing regulatory environment.
|Cybersecurity Risk Management Third Party Engaged [Flag]
|true
|Cybersecurity Risk Third Party Oversight and Identification Processes [Flag]
|true
|Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag]
|false
|Cybersecurity Risk Board of Directors Oversight [Text Block]
|
Our Board of Directors, along with the Risk Committee and Audit Committee, oversee our information security program, receiving periodic updates throughout the year on cybersecurity matters from relevant management and audit functions, with these updates being part of their standing agendas. A report on the state of the Group’s IT is presented to the Board every quarter. These reports also contain updates on our IT strategy, including information security strategies and initiatives, event preparedness and incremental improvement efforts. The Group CISO & CTO is expected to provide an annual briefing on the topic of cybersecurity risk management to the Board.
|Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block]
|Our Board of Directors, along with the Risk Committee and Audit Committee, oversee our information security program, receiving periodic updates throughout the year on cybersecurity matters from relevant management and audit functions, with these updates being part of their standing agendas
|Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block]
|A report on the state of the Group’s IT is presented to the Board every quarter. These reports also contain updates on our IT strategy, including information security strategies and initiatives, event preparedness and incremental improvement efforts. The Group CISO & CTO is expected to provide an annual briefing on the topic of cybersecurity risk management to the Board.
|Cybersecurity Risk Role of Management [Text Block]
|
Our Board of Directors, along with the Risk Committee and Audit Committee, oversee our information security program, receiving periodic updates throughout the year on cybersecurity matters from relevant management and audit functions, with these updates being part of their standing agendas. A report on the state of the Group’s IT is presented to the Board every quarter. These reports also contain updates on our IT strategy, including information security strategies and initiatives, event preparedness and incremental improvement efforts. The Group CISO & CTO is expected to provide an annual briefing on the topic of cybersecurity risk management to the Board.
The Group CISO & CTO is an established information security professional with more than ten years of experience in building and operating information security programs. Our Group CISO & CTO holds the Certified Information Systems Security Professional (CISSP) and ISO 27001 Lead Implementer certifications, and he has managed the global cybersecurity functions of two prominent law firms with active mergers and acquisitions (M&A) practices that necessitated the operation of rigorous information and cybersecurity programs.
|Cybersecurity Risk Management Positions or Committees Responsible [Flag]
|true
|Cybersecurity Risk Management Positions or Committees Responsible [Text Block]
|
Our Board of Directors, along with the Risk Committee and Audit Committee, oversee our information security program, receiving periodic updates throughout the year on cybersecurity matters from relevant management and audit functions, with these updates being part of their standing agendas. A report on the state of the Group’s IT is presented to the Board every quarter. These reports also contain updates on our IT strategy, including information security strategies and initiatives, event preparedness and incremental improvement efforts. The Group CISO & CTO is expected to provide an annual briefing on the topic of cybersecurity risk management to the Board.
|Cybersecurity Risk Management Expertise of Management Responsible [Text Block]
|
The Group CISO & CTO is an established information security professional with more than ten years of experience in building and operating information security programs. Our Group CISO & CTO holds the Certified Information Systems Security Professional (CISSP) and ISO 27001 Lead Implementer certifications, and he has managed the global cybersecurity functions of two prominent law firms with active mergers and acquisitions (M&A) practices that necessitated the operation of rigorous information and cybersecurity programs.
|Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block]
|These reports also contain updates on our IT strategy, including information security strategies and initiatives, event preparedness and incremental improvement efforts. The Group CISO & CTO is expected to provide an annual briefing on the topic of cybersecurity risk management to the Board.
|Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag]
|true
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef