|
Cybersecurity Risk Management and Strategy Disclosure
|12 Months Ended
Dec. 31, 2024
|Cybersecurity Risk Management, Strategy, and Governance [Line Items]
|Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]
|
We have a cross-departmental approach to addressing cybersecurity risk, including employees and the Board. The Board, Audit Committee, and senior management devote significant resources to cybersecurity and risk management processes, ensuring we adapt to the evolving cybersecurity landscape and respond to emerging threats in a timely and
effective manner. Our information security risk assessment is conducted at least once a year or more frequently upon the occurrence of the following events: (i) there are significant changes to information equipment or services that may impact the Company’s information security; (ii) the development of new technologies may affect the Company’s information security; (iii) changes in relevant laws may affect the Company’s information security; or (iv) there are feedback or requests from regulatory authorities or relevant stakeholders. We regularly assess the threat landscape and take a comprehensive approach to address cybersecurity risks, implementing a layered cybersecurity strategy focused on prevention, detection and mitigation. Our information security team reviews enterprise-level cybersecurity risks annually. In addition, we have a set of company-wide policies and procedures governing cybersecurity matters, including an information security manual as well as other policies that directly or indirectly relate to cybersecurity, such as policies related to encryption standards, antivirus protection, remote access, multifactor authentication, confidential information and the use of the Internet, email and wireless devices. These policies have gone through an internal review process and are approved by appropriate members of management.
The Company’s Chief Technology Officer is responsible for developing and implementing our information security program and reporting on cybersecurity matters to the Board. With over 20 years of experience in cybersecurity oversight, our Chief Technology Officer leads the effort, supported by other members of our information security team who hold relevant cybersecurity experience and certifications. We consider cybersecurity a shared responsibility, and we periodically perform simulations and tabletop exercises at the management level, incorporating external resources and advisors as needed. All employees are required to complete cybersecurity trainings and have access to online courses for continuous cybersecurity trainings. We also require employees in specific roles to complete additional specialized role-based cybersecurity trainings.
We have continued to increase our investments in information security, including the adoption of enhanced end-user training, the implementation of layered defenses, identification and protection of critical assets, improved monitoring and alerting, and the engagement of third-party experts. We regularly test defenses by performing simulations and drills at both a technical level (including penetration tests) and by reviewing our operational policies and procedures with third-party experts. At the management level, our information security team consistently monitors alerts and hold meetings to discuss threat levels, trends and remediation. The team also prepares a risk assessment scorecard, regularly collects data on cybersecurity threats and risk areas and conducts an annual risk assessment. Further, we conduct periodic vulnerability assessment and external penetration tests to assess our processes and procedures and the threat landscape. These tests and assessments are useful tools for maintaining a robust cybersecurity program to protect our investors, customers, employees, vendors, and intellectual property.
Our internal cybersecurity team is required to conduct and document user access reviews on our platform at least annually and obtain from the third-party vendors a System and Organization Controls (“SOC”) 1 or SOC 2 report. If a third-party vendor is unable to provide a SOC 1 or SOC 2 report, we take additional steps to assess their cybersecurity preparedness and evaluate our relationship with the third-party vendor based on this assessment. Our assessment of risks associated with use of third-party vendors is an integral part of our overall cybersecurity risk management framework.
The Audit Committee and the full Board actively engage in discussions with management and among themselves regarding cybersecurity risks. The Audit Committee performs an annual review of the Company’s cybersecurity program, which includes discussions of management’s actions to identify and detect threats, as well as planned actions in the event of a response or recovery situation. The Audit Committee’s annual review also includes review of recent enhancements to the Company’s defenses and management’s progress on its cybersecurity strategic roadmap. In addition, the Board regularly receives cybersecurity reports, which include a review of key performance indicators, test results and related prevention, detection, mitigation and remediation of cybersecurity incidents, such as summaries of recent threats and how the Company is managing those threats.
As of the date of this annual report, no risks from cybersecurity threats, including as a result of any previous cybersecurity incidents, have materially affected or are reasonably likely to materially affect the Company, including its business strategy, results of operations, or financial condition.
|Cybersecurity Risk Management Processes Integrated [Flag]
|true
|Cybersecurity Risk Management Processes Integrated [Text Block]
|
We have a cross-departmental approach to addressing cybersecurity risk, including employees and the Board. The Board, Audit Committee, and senior management devote significant resources to cybersecurity and risk management processes, ensuring we adapt to the evolving cybersecurity landscape and respond to emerging threats in a timely and
effective manner. Our information security risk assessment is conducted at least once a year or more frequently upon the occurrence of the following events: (i) there are significant changes to information equipment or services that may impact the Company’s information security; (ii) the development of new technologies may affect the Company’s information security; (iii) changes in relevant laws may affect the Company’s information security; or (iv) there are feedback or requests from regulatory authorities or relevant stakeholders. We regularly assess the threat landscape and take a comprehensive approach to address cybersecurity risks, implementing a layered cybersecurity strategy focused on prevention, detection and mitigation. Our information security team reviews enterprise-level cybersecurity risks annually. In addition, we have a set of company-wide policies and procedures governing cybersecurity matters, including an information security manual as well as other policies that directly or indirectly relate to cybersecurity, such as policies related to encryption standards, antivirus protection, remote access, multifactor authentication, confidential information and the use of the Internet, email and wireless devices. These policies have gone through an internal review process and are approved by appropriate members of management.
|Cybersecurity Risk Management Third Party Engaged [Flag]
|true
|Cybersecurity Risk Third Party Oversight and Identification Processes [Flag]
|true
|Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag]
|false
|Cybersecurity Risk Board of Directors Oversight [Text Block]
|The Audit Committee and the full Board actively engage in discussions with management and among themselves regarding cybersecurity risks.
|Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block]
|The Audit Committee and the full Board actively engage in discussions with management and among themselves regarding cybersecurity risks.
|Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block]
|The Audit Committee and the full Board actively engage in discussions with management and among themselves regarding cybersecurity risks.
|Cybersecurity Risk Role of Management [Text Block]
|
The Company’s Chief Technology Officer is responsible for developing and implementing our information security program and reporting on cybersecurity matters to the Board. With over 20 years of experience in cybersecurity oversight, our Chief Technology Officer leads the effort, supported by other members of our information security team who hold relevant cybersecurity experience and certifications. We consider cybersecurity a shared responsibility, and we periodically perform simulations and tabletop exercises at the management level, incorporating external resources and advisors as needed. All employees are required to complete cybersecurity trainings and have access to online courses for continuous cybersecurity trainings. We also require employees in specific roles to complete additional specialized role-based cybersecurity trainings.
We have continued to increase our investments in information security, including the adoption of enhanced end-user training, the implementation of layered defenses, identification and protection of critical assets, improved monitoring and alerting, and the engagement of third-party experts. We regularly test defenses by performing simulations and drills at both a technical level (including penetration tests) and by reviewing our operational policies and procedures with third-party experts. At the management level, our information security team consistently monitors alerts and hold meetings to discuss threat levels, trends and remediation. The team also prepares a risk assessment scorecard, regularly collects data on cybersecurity threats and risk areas and conducts an annual risk assessment. Further, we conduct periodic vulnerability assessment and external penetration tests to assess our processes and procedures and the threat landscape. These tests and assessments are useful tools for maintaining a robust cybersecurity program to protect our investors, customers, employees, vendors, and intellectual property.
Our internal cybersecurity team is required to conduct and document user access reviews on our platform at least annually and obtain from the third-party vendors a System and Organization Controls (“SOC”) 1 or SOC 2 report. If a third-party vendor is unable to provide a SOC 1 or SOC 2 report, we take additional steps to assess their cybersecurity preparedness and evaluate our relationship with the third-party vendor based on this assessment. Our assessment of risks associated with use of third-party vendors is an integral part of our overall cybersecurity risk management framework.The Audit Committee and the full Board actively engage in discussions with management and among themselves regarding cybersecurity risks. The Audit Committee performs an annual review of the Company’s cybersecurity program, which includes discussions of management’s actions to identify and detect threats, as well as planned actions in the event of a response or recovery situation. The Audit Committee’s annual review also includes review of recent enhancements to the Company’s defenses and management’s progress on its cybersecurity strategic roadmap. In addition, the Board regularly receives cybersecurity reports, which include a review of key performance indicators, test results and related prevention, detection, mitigation and remediation of cybersecurity incidents, such as summaries of recent threats and how the Company is managing those threats.
|Cybersecurity Risk Management Positions or Committees Responsible [Flag]
|true
|Cybersecurity Risk Management Positions or Committees Responsible [Text Block]
|The Company’s Chief Technology Officer is responsible for developing and implementing our information security program and reporting on cybersecurity matters to the Board
|Cybersecurity Risk Management Expertise of Management Responsible [Text Block]
|With over 20 years of experience in cybersecurity oversight, our Chief Technology Officer leads the effort, supported by other members of our information security team who hold relevant cybersecurity experience and certifications.
|Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block]
|The Audit Committee performs an annual review of the Company’s cybersecurity program, which includes discussions of management’s actions to identify and detect threats, as well as planned actions in the event of a response or recovery situation.
|Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag]
|true
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef