Cybersecurity Risk Management and Strategy Disclosure

12 Months Ended

Dec. 31, 2024

Cybersecurity Risk Management, Strategy, and Governance [Line Items]

Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]

Cybersecurity Risk Management and Strategy

We have developed and implemented a cybersecurity risk management program intended to protect the confidentiality, integrity, and availability of our critical systems and information. Our cybersecurity risk management program is based on various cybersecurity standards in which we are certified, including ISO 27001, SOC 2 Type 2 and SOC 3. We have also obtained and maintain PCI-DSS (level 1) certification. While we may not always meet every technical standard, specification and requirement specified in these frameworks at all times, we use these frameworks to help us identify, assess, and manage cybersecurity risks relevant to our business. We constantly evaluate our cybersecurity risk management program, and will make proper adjustments and enhancements as needed.

Our cybersecurity risk management program shares common principles, oversight, reporting channels and governance processes with our general risk management processes.

Primarily, our cybersecurity risk management approach, include, but are not limited to:

•

risk assessments designed to help identify material cybersecurity risks to our critical systems, information, products, services, and our broader enterprise IT environment;

•

a security team principally responsible for managing (a) our cybersecurity risk assessment processes, (b) our security controls, and (c) our response to cybersecurity incidents;

•

physical and technical security measures, including encryption, authentication, and access controls;

•

cybersecurity awareness training and internal cybersecurity resources for our employees;

•

the use of external service providers, where appropriate, to assess, test or otherwise assist with aspects of our security processes; and a cybersecurity incident response plan that includes procedures for responding to cybersecurity incidents and assessing the materiality of such incidents (the “Cybersecurity Incident Response Plan”); and

•

a third-party risk management process for service providers, suppliers, and vendors based on their criticality and risk profile.

During the year 2024, we did not identify risks from known cybersecurity threats, including as a result of any prior cybersecurity incidents, that have materially affected us, including our operations, business strategy, results of operations, or financial condition. We face risks from cybersecurity threats that, if realized, are reasonably likely to materially affect us, including our operations, business strategy, results of operations, or financial condition. See Part I, Item 3.D. “Risk Factors-We store personal information of merchants and shoppers. To the extent our security measures are compromised, our platform may be perceived as not being secure. This may result in merchants curtailing or ceasing their use of our platform, our reputation being harmed, our incurring of significant regulatory and monetary liabilities, and adverse effects on our results of operations and growth prospects.”

We have recently developed and established a cybersecurity work plan for 2025 to maintain a proactive and resilient cybersecurity position, based on a comprehensive risk assessment, identifying potential threats, vulnerabilities, and business impacts. The plan outlines security objectives, initiatives, and mitigation measures, which we believe could help us achieve compliance with regulatory requirements and internal policies. The plan includes regular cybersecurity awareness training, cybersecurity audits, penetration testing, incident response drills, and policy reviews to uphold the information security management system (ISMS). Additionally, a structured monitoring and reporting framework was put in place to enable tracking progress and effectiveness, allowing for continuous adaptation to emerging cybersecurity threats.

Cybersecurity Risk Management Processes Integrated [Flag]

true

Cybersecurity Risk Management Processes Integrated [Text Block]

We have developed and implemented a cybersecurity risk management program intended to protect the confidentiality, integrity, and availability of our critical systems and information.

Cybersecurity Risk Management Third Party Engaged [Flag]

true

Cybersecurity Risk Third Party Oversight and Identification Processes [Flag]

true

Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag]

false

Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Text Block]

Cybersecurity Risk Board of Directors Oversight [Text Block]

Cybersecurity Governance

Our board of directors considers cybersecurity risk as part of its risk oversight function and has delegated to the audit committee overall risk management, including oversight of cybersecurity and other information technology risks. The audit committee members receive periodic briefings from management on our cybersecurity risks, and our management updates our audit committee members, as necessary, regarding any significant cybersecurity incidents. Our audit committee members also receive briefings from management on our cyber risk management program. Our board of directors is periodically briefed regarding management’s activities, including those related to cybersecurity.

In 2024, we established an information security management committee (InfoSec Committee). The InfoSec Committee is responsible for overseeing our cybersecurity risk management program, addressing cybersecurity risks, and supervising both our internal cybersecurity personnel and our retained external cybersecurity consultants. The InfoSec Committee directs efforts to prevent, detect, mitigate, and remediate cybersecurity risks and incidents through various means, including security briefings from the CISO and other security personnel, intelligence gathered from governmental, public, and private sources, assessments conducted by external cybersecurity consultants, and automated alerts and reports generated by security tools deployed across the IT environment.

Our CTO has over 25 years of experience in the areas of software development, DevOps, production systems, cloud operation, data integrity, information security, information security and delivery, including 7 years of experience particularly in cybersecurity and 3 years spent at Global-e. Our CISO has over 17 years of experience in the areas of production systems, data integrity and information security, cyber defense and fraud prevention, including 15 years of experience particularly in cybersecurity and over four years spent at Global-e.

Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block]

Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block]

The audit committee members receive periodic briefings from management on our cybersecurity risks, and our management updates our audit committee members, as necessary, regarding any significant cybersecurity incidents. Our audit committee members also receive briefings from management on our cyber risk management program. Our board of directors is periodically briefed regarding management’s activities, including those related to cybersecurity.

Cybersecurity Risk Role of Management [Text Block]

The InfoSec Committee directs efforts to prevent, detect, mitigate, and remediate cybersecurity risks and incidents through various means, including security briefings from the CISO and other security personnel, intelligence gathered from governmental, public, and private sources, assessments conducted by external cybersecurity consultants, and automated alerts and reports generated by security tools deployed across the IT environment.

Cybersecurity Risk Management Positions or Committees Responsible [Flag]

true

Cybersecurity Risk Management Positions or Committees Responsible [Text Block]

InfoSec Committee is responsible for overseeing our cybersecurity risk management program, addressing cybersecurity risks, and supervising both our internal cybersecurity personnel and our retained external cybersecurity consultants.

Cybersecurity Risk Management Expertise of Management Responsible [Text Block]

CISO has over 17 years of experience in the areas of production systems, data integrity and information security, cyber defense and fraud prevention, including 15 years of experience particularly in cybersecurity and over four years spent at Global-e.