Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]

Cybersecurity Risk Management

We have processes in place designed to protect the confidentiality, integrity, and availability of our critical systems, information and data. These processes include mechanisms, controls, technologies, methods and systems that are designed to prevent, detect, or mitigate data loss, theft, misuse, unauthorized access, or other security incidents or vulnerabilities affecting the confidential, proprietary, and business and personal information that we collect, process, store, and transmit as part of our businesses. We also take measures to identify, protect, detect, and respond to reasonably foreseeable cybersecurity risk and threats. We maintain incident response plans designed to protect, identify, evaluate, respond to, and recover from a cybersecurity incident. Such plans are designed to be flexible so that they may be adapted to an array of scenarios and provide for the creation of cross-functional cybersecurity incident response teams in the event of a cybersecurity incident.

Our cybersecurity risk management framework is based on applicable laws and regulations, as well as industry recognized standards and practices. As part of our risk management process, we conduct application security assessments, vulnerability management, penetration testing, security audits, and ongoing risk assessments. In addition, we have implemented cybersecurity trainings designed to educate and train employees on how to identify and report cybersecurity threats.

Our cybersecurity risk management framework includes:

●

risk assessments designed to help identify material cybersecurity risks to our critical systems, information, products, services, and our broader enterprise information technology environment;

●

regular testing of our systems to identify and address potential vulnerabilities;

●

integrated planning and preparedness activities supporting business continuity and operational resiliency;

●

security teams principally responsible for managing (1) our annual cybersecurity risk assessment processes, (2) our security controls, and (3) our response to cybersecurity incidents;

●

a cybersecurity incident response plan that includes procedures for responding to cybersecurity incidents;

●

the use of external service providers, where appropriate, to assess, test or otherwise assist with aspects of our security controls;

●

an information training and awareness program for our employees, contractors, incident response personnel, and senior management; and

●

a vendor assessment program designed to identify and mitigate cybersecurity risks associated with our use of third-party service providers.

Cybersecurity Risk Management Processes Integrated [Text Block]

We have processes in place designed to protect the confidentiality, integrity, and availability of our critical systems, information and data. These processes include mechanisms, controls, technologies, methods and systems that are designed to prevent, detect, or mitigate data loss, theft, misuse, unauthorized access, or other security incidents or vulnerabilities affecting the confidential, proprietary, and business and personal information that we collect, process, store, and transmit as part of our businesses. We also take measures to identify, protect, detect, and respond to reasonably foreseeable cybersecurity risk and threats. We maintain incident response plans designed to protect, identify, evaluate, respond to, and recover from a cybersecurity incident. Such plans are designed to be flexible so that they may be adapted to an array of scenarios and provide for the creation of cross-functional cybersecurity incident response teams in the event of a cybersecurity incident.

Cybersecurity Risk Third Party Oversight and Identification Processes [Flag]

true

Cybersecurity Risk Board of Directors Oversight [Text Block]

Cybersecurity Governance

Our board of directors considers cybersecurity risk as part of its risk oversight function and has oversight of cybersecurity and other information technology risks. The board of directors oversees management’s implementation of our cybersecurity risk management program and management discusses and updates the Board, as necessary, regarding any significant cybersecurity incidents and any pressing risk or compliance matters.

Management is responsible for assessing, identifying, and managing material cybersecurity risks, and we have chief security officers and their security teams meet regularly with each other and with members of management to review and evaluate our cybersecurity risks and risk management framework.

Our security teams’ experience includes cybersecurity incident response, in-depth security assessments and security emulation exercises to evaluate security profile, security research, education and outreach, and security tool development.

We also periodically engage third-party advisors to assess the effectiveness of our cybersecurity program, policies and practices and consult with external advisors regarding opportunities and enhancements to strengthen our policies and practices.

As of the date of this report, we are not aware of any material risks from cybersecurity threats that have materially affected or are reasonably likely to materially affect us, including our business strategy, results of operations or financial condition. Although we have invested in the protection of our data and information technology, and monitor our systems on an ongoing basis, there can be no assurance that such efforts will be successful in preventing our information technology systems from being compromised or otherwise protecting us completely from security breaches or incidents. For additional information please see the section titled “Risk Factors,” in this Annual Report on Form 20-F, including the section titled “Risk Factors – Business or Operational Related Risks – Risks Across Multiple Businesses – We may be liable for security breaches and attacks against our or our third-party partners’ platforms and networks, particularly with regard to confidential user information and personal or other data or any other privacy or data protection compliance issue, and our platforms and games may contain unforeseen “bugs”, vulnerabilities or errors.”

Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block]

The board of directors oversees management’s implementation of our cybersecurity risk management program and management discusses and updates the Board, as necessary, regarding any significant cybersecurity incidents and any pressing risk or compliance matters.

Cybersecurity Risk Management Positions or Committees Responsible [Flag]

true

Cybersecurity Risk Management Expertise of Management Responsible [Text Block]

Our security teams’ experience includes cybersecurity incident response, in-depth security assessments and security emulation exercises to evaluate security profile, security research, education and outreach, and security tool development.

Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag]

true