|
Cybersecurity Risk Management and Strategy Disclosure
|12 Months Ended
Dec. 31, 2024
|Cybersecurity Risk Management, Strategy, and Governance [Line Items]
|Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]
|
Risk Management and Strategy
We have implemented robust processes for assessing, identifying and managing material risks from cybersecurity threats and monitoring the prevention, detection, mitigation and remediation of material cybersecurity incidents. We have also integrated cybersecurity risk management into our overall enterprise risk management system.
We have established a dynamic and multi-layered cybersecurity defense system to effectively mitigate both internal and external cyber threats.
This comprehensive system spans multiple security domains, including network, host and application layers. It integrates a range of security capabilities such as threat defense, continuous monitoring,
in-depthanalysis, rapid response, as well as strategic deception and countermeasures. Our approach to managing cybersecurity risks and safeguarding sensitive data is multi-faceted, involving technological safeguards, procedural protocols, a rigorous program of surveillance on our corporate network, ongoing internal and external evaluations of our security measures, a solid incident response framework, and regular online or offline cybersecurity training sessions for our employees. We have deployed a network firewall, an application firewall, intrusion detection systems and the DDoS protection system to detect and prevent network attacks. We have also been equipped with a unified security software to prevent viruses and regularly patch software vulnerabilities. In addition, we have implemented a strong password policy and multi- factor authentication to protect our system from unauthorized access. Our information security department is actively engaged in continuous monitoring of our applications, platforms and infrastructure to ensure prompt identification and response to potential issues, including emerging cybersecurity threats.
We have engaged with third parties in connection with the processes for assessing, identifying, and managing material risks from cybersecurity threats. Specifically, collaborate with security service providers to conduct regular security audits, privacy compliance checks and penetration testing. This helps to identify potential security vulnerabilities and rectify them. We have processes in place to oversee and identify risks from cybersecurity threats associated with our use of third-party service providers. As of the date of this annual report, we have not experienced any material cybersecurity incidents or identified any material cybersecurity threats that have affected or are reasonably likely to materially affect us, our business strategy, results of operations or financial condition.
Governance
Our board of directors is responsible for overseeing our cybersecurity risk management. Our board of directors shall (i) maintain oversight of the disclosure related to cybersecurity matters in current reports or periodic reports of our company, (ii) review updates to the status of any material cybersecurity incidents or material risks from cybersecurity threats to our company, and the relevant disclosure issues, if any, presented by our chief executive officer,
co-chieffinancial officers and cybersecurity officer on a quarterly basis, and (iii) review disclosure concerning cybersecurity matters in our annual report on Form
20-Fpresented by our chief executive officer,
co-chieffinancial officers and cybersecurity officer.
At management level, our chief executive officer,
co-chieffinancial officers and cybersecurity officer are responsible for assessing, identifying and managing material risks from cybersecurity threats to our company and monitoring the prevention, detection, mitigation and remediation of material cybersecurity incident. These officers report to our board of directors on (i) a quarterly basis on updates to the status of any material cybersecurity incidents or material risks from cybersecurity threats to our company, and the relevant disclosure issues, if any, and (ii) on disclosure concerning cybersecurity matters in our annual report on Form
20-F.
At the operational level, we have established three lines of defense to manage information security risks. Led by our chief executive officer,
co-chief financial officers and cybersecurity officer, our internal information security committee, consisting of representatives of business departments, our general counsel, head of information security department and head of IT department, is the first line of defense responsible for information security strategic decision-making, resource coordination and planning, etc. The information security department and the legal and compliance department form the second line of defense responsible for leading, guiding, monitoring and inspecting our security plan and reporting to the information security committee. The information security department leads the implementation of our security strategic plan, carries out security operations, including data security, privacy protection, security compliance, security incident emergency response and other security operations, and cooperates with business departments, IT department and other functional departments, which collectively form the third line of defense.
If a cybersecurity incident occurs, our information security department will promptly organize relevant personnel for internal assessment and if it is determined that the incident could potentially be a material cybersecurity event, our chief executive officer,
co-chieffinancial officers and cybersecurity officer will promptly report the incident and assessment results to our board of directors and other members of senior management and external legal counsel, to the extent appropriate. Our cybersecurity officer and relevant departments shall prepare disclosure material on the cybersecurity incident for review and approval by the board of directors and other members of senior management (if necessary), before it is disseminated to the public.
|Cybersecurity Risk Management Processes Integrated [Flag]
|true
|Cybersecurity Risk Management Processes Integrated [Text Block]
|
We have implemented robust processes for assessing, identifying and managing material risks from cybersecurity threats and monitoring the prevention, detection, mitigation and remediation of material cybersecurity incidents. We have also integrated cybersecurity risk management into our overall enterprise risk management system.
We have established a dynamic and multi-layered cybersecurity defense system to effectively mitigate both internal and external cyber threats.
This comprehensive system spans multiple security domains, including network, host and application layers. It integrates a range of security capabilities such as threat defense, continuous monitoring,
in-depthanalysis, rapid response, as well as strategic deception and countermeasures. Our approach to managing cybersecurity risks and safeguarding sensitive data is multi-faceted, involving technological safeguards, procedural protocols, a rigorous program of surveillance on our corporate network, ongoing internal and external evaluations of our security measures, a solid incident response framework, and regular online or offline cybersecurity training sessions for our employees. We have deployed a network firewall, an application firewall, intrusion detection systems and the DDoS protection system to detect and prevent network attacks. We have also been equipped with a unified security software to prevent viruses and regularly patch software vulnerabilities. In addition, we have implemented a strong password policy and multi- factor authentication to protect our system from unauthorized access. Our information security department is actively engaged in continuous monitoring of our applications, platforms and infrastructure to ensure prompt identification and response to potential issues, including emerging cybersecurity threats.
|Cybersecurity Risk Management Third Party Engaged [Flag]
|true
|Cybersecurity Risk Third Party Oversight and Identification Processes [Flag]
|true
|Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag]
|true
|Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Text Block]
|
We have engaged with third parties in connection with the processes for assessing, identifying, and managing material risks from cybersecurity threats. Specifically, collaborate with security service providers to conduct regular security audits, privacy compliance checks and penetration testing. This helps to identify potential security vulnerabilities and rectify them. We have processes in place to oversee and identify risks from cybersecurity threats associated with our use of third-party service providers. As of the date of this annual report, we have not experienced any material cybersecurity incidents or identified any material cybersecurity threats that have affected or are reasonably likely to materially affect us, our business strategy, results of operations or financial condition.
|Cybersecurity Risk Board of Directors Oversight [Text Block]
|
Our board of directors is responsible for overseeing our cybersecurity risk management. Our board of directors shall (i) maintain oversight of the disclosure related to cybersecurity matters in current reports or periodic reports of our company, (ii) review updates to the status of any material cybersecurity incidents or material risks from cybersecurity threats to our company, and the relevant disclosure issues, if any, presented by our chief executive officer,
co-chieffinancial officers and cybersecurity officer on a quarterly basis, and (iii) review disclosure concerning cybersecurity matters in our annual report on Form
20-Fpresented by our chief executive officer,
co-chieffinancial officers and cybersecurity officer.
|Cybersecurity Risk Management Expertise of Management Responsible [Text Block]
|
At the operational level, we have established three lines of defense to manage information security risks. Led by our chief executive officer,
co-chief financial officers and cybersecurity officer, our internal information security committee, consisting of representatives of business departments, our general counsel, head of information security department and head of IT department, is the first line of defense responsible for information security strategic decision-making, resource coordination and planning, etc. The information security department and the legal and compliance department form the second line of defense responsible for leading, guiding, monitoring and inspecting our security plan and reporting to the information security committee. The information security department leads the implementation of our security strategic plan, carries out security operations, including data security, privacy protection, security compliance, security incident emergency response and other security operations, and cooperates with business departments, IT department and other functional departments, which collectively form the third line of defense.
If a cybersecurity incident occurs, our information security department will promptly organize relevant personnel for internal assessment and if it is determined that the incident could potentially be a material cybersecurity event, our chief executive officer,
co-chieffinancial officers and cybersecurity officer will promptly report the incident and assessment results to our board of directors and other members of senior management and external legal counsel, to the extent appropriate. Our cybersecurity officer and relevant departments shall prepare disclosure material on the cybersecurity incident for review and approval by the board of directors and other members of senior management (if necessary), before it is disseminated to the public.
|Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag]
|true
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef