|
Cybersecurity Risk Management and Strategy Disclosure
|12 Months Ended
Dec. 31, 2024
|Cybersecurity Risk Management, Strategy, and Governance [Line Items]
|Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]
|
We have developed and implemented a cybersecurity risk management program with a comprehensive, multilayered approach intended to enhance security, manage emerging threats, ensure compliance, and protect infrastructure integrity.
We design and assess our program by integrating best practices from established frameworks and compliance guidelines, including NIST Cybersecurity Framework, AWS CAF (Amazon Web Services Cloud Adoption Framework), Mitre and the Sarbanes-Oxley Act. This does not mean that we meet any particular technical standards, specifications, or requirements, but only that we use these frameworks and guidelines to help us identify, assess, and manage cybersecurity risks relevant to our business. Our JumiaPay business is PCI-DSS certified.
Information about cybersecurity risks and our risk management processes is collected, analyzed and considered as part of our overall risk management program.
Key components of our cybersecurity risk management program include:
•risk assessments designed to help identify cybersecurity risks to our critical systems, information, services, and our broader enterprise IT environment;
•a security team principally responsible for managing (1) our cybersecurity risk assessment processes, (2) our security controls, and (3) our response to cybersecurity incidents;
•the use of external service providers, where appropriate, to assess, test or otherwise assist with aspects of our security processes;
•cybersecurity awareness training of our employees, incident response personnel and senior management;
•a cybersecurity incident response plan that includes procedures for responding to cybersecurity incidents; and
•secure access control measures applied to critical IT systems, equipment and devices, designed to prevent unauthorized users, processes, and devices from assessing IT systems and data.
At this time, we have not identified risks from known cybersecurity threats, including as a result of any prior cybersecurity incidents, that have materially affected us, including our operations, business strategy, results of operations, or financial condition. We may in the future face certain risks from cybersecurity threats that, if realized, are reasonably likely to materially affect us, including our operations, business strategy, results of operations, or financial condition. See Item 3. “Key Information—D. Risk Factors—We may experience malfunctions or disruptions of our technology systems.” and “Key Information—D. Risk Factors— We may experience security breaches and disruptions due to hacking, viruses, fraud, malicious attacks and other circumstances.”
|Cybersecurity Risk Management Processes Integrated [Flag]
|true
|Cybersecurity Risk Management Processes Integrated [Text Block]
|
We have developed and implemented a cybersecurity risk management program with a comprehensive, multilayered approach intended to enhance security, manage emerging threats, ensure compliance, and protect infrastructure integrity.
We design and assess our program by integrating best practices from established frameworks and compliance guidelines, including NIST Cybersecurity Framework, AWS CAF (Amazon Web Services Cloud Adoption Framework), Mitre and the Sarbanes-Oxley Act. This does not mean that we meet any particular technical standards, specifications, or requirements, but only that we use these frameworks and guidelines to help us identify, assess, and manage cybersecurity risks relevant to our business. Our JumiaPay business is PCI-DSS certified.
Information about cybersecurity risks and our risk management processes is collected, analyzed and considered as part of our overall risk management program.
Key components of our cybersecurity risk management program include:
•risk assessments designed to help identify cybersecurity risks to our critical systems, information, services, and our broader enterprise IT environment;
•a security team principally responsible for managing (1) our cybersecurity risk assessment processes, (2) our security controls, and (3) our response to cybersecurity incidents;
•the use of external service providers, where appropriate, to assess, test or otherwise assist with aspects of our security processes;
•cybersecurity awareness training of our employees, incident response personnel and senior management;
•a cybersecurity incident response plan that includes procedures for responding to cybersecurity incidents; and•secure access control measures applied to critical IT systems, equipment and devices, designed to prevent unauthorized users, processes, and devices from assessing IT systems and data.
|Cybersecurity Risk Management Third Party Engaged [Flag]
|true
|Cybersecurity Risk Third Party Oversight and Identification Processes [Flag]
|true
|Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag]
|false
|Cybersecurity Risk Board of Directors Oversight [Text Block]
|
Our supervisory board considers cybersecurity risk as part of its risk oversight function and has delegated to the audit committee oversight of cybersecurity and other information technology risks. The audit committee oversees our management board’s implementation of our cybersecurity risk management program.
The audit committee receives periodic reports from our management board on our cybersecurity risks. In addition, our management board updates the audit committee, as necessary, regarding any significant cybersecurity incidents.
|Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block]
|
Our supervisory board considers cybersecurity risk as part of its risk oversight function and has delegated to the audit committee oversight of cybersecurity and other information technology risks. The audit committee oversees our management board’s implementation of our cybersecurity risk management program.
The audit committee receives periodic reports from our management board on our cybersecurity risks. In addition, our management board updates the audit committee, as necessary, regarding any significant cybersecurity incidents.
|Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block]
|
Our supervisory board considers cybersecurity risk as part of its risk oversight function and has delegated to the audit committee oversight of cybersecurity and other information technology risks. The audit committee oversees our management board’s implementation of our cybersecurity risk management program.
The audit committee receives periodic reports from our management board on our cybersecurity risks. In addition, our management board updates the audit committee, as necessary, regarding any significant cybersecurity incidents.The management board receives monthly updates from the information security team on our cybersecurity risks. In addition, the information security team updates the management board, as necessary, regarding any material cybersecurity incidents, as well as any incidents with lesser impact potential.
|Cybersecurity Risk Role of Management [Text Block]
|
The management board receives monthly updates from the information security team on our cybersecurity risks. In addition, the information security team updates the management board, as necessary, regarding any material cybersecurity incidents, as well as any incidents with lesser impact potential.
Our information security team, composed of both full-time employees, with formal computer engineering or computer science backgrounds and hands on experience in cybersecurity risk and incident management, and external professional cybersecurity service suppliers, is led by our CISO and is responsible for assessing and managing our material risks from cybersecurity threats. We work with external consulting firms with expertise in cybersecurity governance, risk management and compliance to supplement our internal resources. Those consulting firms support the implementation, management and audit of our cybersecurity management systems procedures and policies. This partnership is designed to enable Jumia to implement a structured, methodical approach to cybersecurity and incident response, and to ensure that the company is protected against current threats and prepared to assess and manage material cybersecurity risks, including those arising from third-party providers.Our information security team, led by our CISO, is informed about and monitors the prevention, detection, mitigation, and remediation of cybersecurity risks and incidents through various means, which may include, among other things, briefings with internal security personnel, threat intelligence and other information obtained from governmental, public or private sources, including external consultants engaged by us, and alerts and reports produced by security tools deployed in our IT environment.
|Cybersecurity Risk Management Positions or Committees Responsible [Flag]
|true
|Cybersecurity Risk Management Positions or Committees Responsible [Text Block]
|Our information security team, composed of both full-time employees, with formal computer engineering or computer science backgrounds and hands on experience in cybersecurity risk and incident management, and external professional cybersecurity service suppliers, is led by our CISO and is responsible for assessing and managing our material risks from cybersecurity threats.
|Cybersecurity Risk Management Expertise of Management Responsible [Text Block]
|Our information security team, composed of both full-time employees, with formal computer engineering or computer science backgrounds and hands on experience in cybersecurity risk and incident management, and external professional cybersecurity service suppliers, is led by our CISO and is responsible for assessing and managing our material risks from cybersecurity threats.
|Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block]
|
The management board receives monthly updates from the information security team on our cybersecurity risks. In addition, the information security team updates the management board, as necessary, regarding any material cybersecurity incidents, as well as any incidents with lesser impact potential.
Our information security team, composed of both full-time employees, with formal computer engineering or computer science backgrounds and hands on experience in cybersecurity risk and incident management, and external professional cybersecurity service suppliers, is led by our CISO and is responsible for assessing and managing our material risks from cybersecurity threats. We work with external consulting firms with expertise in cybersecurity governance, risk management and compliance to supplement our internal resources. Those consulting firms support the implementation, management and audit of our cybersecurity management systems procedures and policies. This partnership is designed to enable Jumia to implement a structured, methodical approach to cybersecurity and incident response, and to ensure that the company is protected against current threats and prepared to assess and manage material cybersecurity risks, including those arising from third-party providers.Our information security team, led by our CISO, is informed about and monitors the prevention, detection, mitigation, and remediation of cybersecurity risks and incidents through various means, which may include, among other things, briefings with internal security personnel, threat intelligence and other information obtained from governmental, public or private sources, including external consultants engaged by us, and alerts and reports produced by security tools deployed in our IT environment.
|Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag]
|true
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef