|
Cybersecurity Risk Management and Strategy Disclosure
|12 Months Ended
Dec. 31, 2024
|Cybersecurity Risk Management, Strategy, and Governance [Line Items]
|Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]
|
Risk Management and Strategy
We have established policies and processes for assessing, identifying, and managing material risk from cybersecurity threats, and have integrated these processes into our overall risk management systems and processes. The structure of our information security program is based on the National Institute of Standards and Technology (“NIST”) Cybersecurity Framework and other industry standards. We routinely assess material risks from cybersecurity threats, including any potential unauthorized occurrence on or conducted through our information systems that may result in adverse effects on the confidentiality, integrity, or availability of our information systems or any information residing therein.
We conduct periodic risk assessments, including vulnerability scanning and penetration testing, to identify cybersecurity threats, as well as assessments in the event of a material change in our business practices that may affect information systems that are vulnerable to such cybersecurity threats. These risk assessments include an inventory of assets, followed by identification of reasonably foreseeable internal and external vulnerabilities, the likelihood and potential damage that could result from such risks, and the sufficiency of existing policies, procedures, systems, and safeguards in place to manage such risks.
Following these risk assessments, we re-design, implement, and maintain reasonable safeguards to minimize identified risks; reasonably address any identified gaps in existing safeguards; and regularly monitor the effectiveness of our safeguards. We monitor various cybersecurity resources to remain informed about new and emerging cybersecurity threats and attack vectors. We devote significant resources and designate high-level personnel, including our Chief Information Security Officer (“CISO”), who reports to our Executive Vice President of Platform Development, to manage the risk assessment and mitigation process.
As part of our overall risk management system, we monitor and test our safeguards and train our employees on recognizing potential cybersecurity threats and implementing our safeguards. Personnel at all levels and departments are made aware of our cybersecurity policies through periodic trainings. We also conduct tabletop exercises for members of various functional areas on data recovery and incident response.
We engage security consultants and other third parties in connection with our risk assessment processes. These service providers assist us to design and implement our cybersecurity policies and procedures, as well as to monitor and test our safeguards and to conduct regular vulnerability assessments for our internal assets. We require each third-party service provider to give assurance that it has the ability to implement and maintain appropriate security measures, consistent with all applicable laws, to implement and maintain reasonable security measures in connection with their work with us, and to promptly report any suspected breach of its security measures that may affect our company. We review third-party service providers’ policies, data protection procedures, intellectual property protection measures and incident response measures. Our CISO oversees our relationships with these third-party service providers.
While we are not aware of any material data security breaches to date, for additional information regarding whether any risks from cybersecurity threats, including as a result of any previous cybersecurity incidents, have materially affected or are reasonably likely to materially affect our company, including our business strategy, results of operations, or financial condition, please refer to Item 1A, “Risk Factors,” in this annual report on Form 10-K, including the risk factors under the heading “Risks Related to Privacy, Data Protection and Cybersecurity,” which is incorporated herein by reference.
|Cybersecurity Risk Management Processes Integrated [Flag]
|true
|Cybersecurity Risk Management Processes Integrated [Text Block]
|We have established policies and processes for assessing, identifying, and managing material risk from cybersecurity threats, and have integrated these processes into our overall risk management systems and processes. The structure of our information security program is based on the National Institute of Standards and Technology (“NIST”) Cybersecurity Framework and other industry standards. We routinely assess material risks from cybersecurity threats, including any potential unauthorized occurrence on or conducted through our information systems that may result in adverse effects on the confidentiality, integrity, or availability of our information systems or any information residing therein.
|Cybersecurity Risk Management Third Party Engaged [Flag]
|true
|Cybersecurity Risk Third Party Oversight and Identification Processes [Flag]
|true
|Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag]
|false
|Cybersecurity Risk Board of Directors Oversight [Text Block]
|Our board of directors is responsible for monitoring and assessing strategic risk exposure, and our executive officers are responsible for the day-to-day management of the material risks we face. Our board of directors administers its cybersecurity risk oversight function directly as a whole, as well as through the audit committee.
|Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block]
|Our board of directors administers its cybersecurity risk oversight function directly as a whole, as well as through the audit committee.
|Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block]
|Our CISO and representatives from our steering committee on information security provide quarterly briefings to the audit committee regarding our company’s cybersecurity risks and activities, including any recent cybersecurity incidents and related responses, cybersecurity systems testing, activities of third parties, and the like. Because many members of our board of directors regularly attend our audit committee meetings, the full board of directors regularly receives updates on cybersecurity.
|Cybersecurity Risk Role of Management [Text Block]
|
Our CISO and our steering committee on information security, which includes members of our executive management as well as leaders of business functional areas, together with our Privacy and Data Protection Team, are primarily responsible to assess and manage our material risks from cybersecurity threats. Our CISO has over 20 years of experience leading in the information security field at well-known publicly traded technology companies. He also received a CIO Executive Education Certificate from Stanford University.
Our CISO and our steering committee on information security oversee our cybersecurity policies and processes, including those described in “Risk Management and Strategy” above. The processes by which our CISO and our steering committee on information security are informed about and monitor the prevention, detection, mitigation, and remediation of cybersecurity incidents includes the following: risk assessment and management, policy development and implementation, prevention strategies, detection mechanisms, incident response and mitigation, remediation and recovery, reporting and communication, compliance and legal considerations, efforts at continuous improvement, and training and awareness.
|Cybersecurity Risk Management Positions or Committees Responsible [Flag]
|true
|Cybersecurity Risk Management Positions or Committees Responsible [Text Block]
|
Governance
Our board of directors is responsible for monitoring and assessing strategic risk exposure, and our executive officers are responsible for the day-to-day management of the material risks we face. Our board of directors administers its cybersecurity risk oversight function directly as a whole, as well as through the audit committee.
Our CISO and our steering committee on information security, which includes members of our executive management as well as leaders of business functional areas, together with our Privacy and Data Protection Team, are primarily responsible to assess and manage our material risks from cybersecurity threats. Our CISO has over 20 years of experience leading in the information security field at well-known publicly traded technology companies. He also received a CIO Executive Education Certificate from Stanford University.
Our CISO and our steering committee on information security oversee our cybersecurity policies and processes, including those described in “Risk Management and Strategy” above. The processes by which our CISO and our steering committee on information security are informed about and monitor the prevention, detection, mitigation, and remediation of cybersecurity incidents includes the following: risk assessment and management, policy development and implementation, prevention strategies, detection mechanisms, incident response and mitigation, remediation and recovery, reporting and communication, compliance and legal considerations, efforts at continuous improvement, and training and awareness.Our CISO and representatives from our steering committee on information security provide quarterly briefings to the audit committee regarding our company’s cybersecurity risks and activities, including any recent cybersecurity incidents and related responses, cybersecurity systems testing, activities of third parties, and the like. Because many members of our board of directors regularly attend our audit committee meetings, the full board of directors regularly receives updates on cybersecurity.
|Cybersecurity Risk Management Expertise of Management Responsible [Text Block]
|Our CISO has over 20 years of experience leading in the information security field at well-known publicly traded technology companies. He also received a CIO Executive Education Certificate from Stanford University.
|Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block]
|Our CISO and representatives from our steering committee on information security provide quarterly briefings to the audit committee regarding our company’s cybersecurity risks and activities, including any recent cybersecurity incidents and related responses, cybersecurity systems testing, activities of third parties, and the like. Because many members of our board of directors regularly attend our audit committee meetings, the full board of directors regularly receives updates on cybersecurity.
|Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag]
|true
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef