|
Cybersecurity Risk Management and Strategy Disclosure
|12 Months Ended
Dec. 31, 2024
|Cybersecurity Risk Management, Strategy, and Governance [Abstract]
|Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]
|Risk Management
We understand the importance of preventing, assessing, identifying, and managing material risks associated with cybersecurity threats. Processes to manage risks from cybersecurity threats have been incorporated as a part of our overall risk assessment process. Our cybersecurity risks include theft of business data, fraud or extortion, lack of access to our information systems, harm to employees, harm to business partners, violation of privacy laws, potential reputational damage, and litigation or other legal risk if a cybersecurity incident were to occur. It is difficult to assign a monetary materiality assessment to these risks or to the impact if we were to sustain a breach of our systems. Our approach is based on the premise that any cybersecurity incident could result in material harm to our company.
Threats to security, confidentiality, and availability are identified and assessed as part of our annual and routine risk assessments. Our annual risk assessment is performed by using the ISO27001 risk assessment as a basis for risk identification, which is conducted by a trusted third-party provider to test our enterprise and product security controls. Additionally, our employees go through cybersecurity awareness training as part of their onboarding procedures. We also try to stay ahead of emerging cyber threats by continuously updating our security measures and investing in the latest technologies. We believe this proactive approach will help us be prepared to defend against new types of attacks, keeping our customers’ data secure.
Matters determined to present potential material impacts to our financial results, operations, and/or reputation would immediately be reported by our cybersecurity team and escalated, as appropriate. In relation to security incident levels P0 - P4, the following escalation framework will be evoked, as outlined in the table below:
In addition, we have established procedures to ensure that members of our management responsible for overseeing the effectiveness of disclosure controls are informed in a timely manner of known cybersecurity risks and incidents that may materially impact our operations and that timely public disclosure is made, as appropriate. We procure third-party insurance policies to cover operations-related risks such as cybersecurity and data breaches.
We manage significant and persistent cybersecurity risks due to the need to protect our business, including our intellectual property and intellectual property of others that is licensed for our use, our confidential information and information concerning our personnel and others with whom we conduct business. As other technology companies we occasionally face threats from actors who seek to disrupt our business as well as others who are engaging in malicious activities or for reputation damage. Disclose of certain information as a result of a cybersecurity breach may result in a breach of privacy laws. The substantial level of harm that could occur to us and our suppliers and customers were we to suffer impacts of a material cybersecurity incident; and our use of third-party products, services and components requires us to maintain robust governance and oversight of these risks and to implement mechanisms, technologies and processes designed to help us assess, identify, and eliminate these risks.
While we have not, as of the date of this annual report, experienced a cybersecurity threat or incident that resulted in a material adverse impact to our business or operations, we cannot assure you that we will not experience such an incident in the future. We have seen an increase in cyberattack volume, frequency, and sophistication. We seek to detect and investigate unauthorized attempts and attacks against our network, products, and services, and to prevent their occurrence and recurrence where practicable through changes or updates to our internal processes and tools and changes or updates to our products and services; however, while diligently taking actions to eliminate and reduce cyber risks, we remain potentially vulnerable to known or unknown threats. In some instances, we, our suppliers, our customers, and the users of our products and services can be unaware of a threat or incident or its magnitude and effects. Further, there are increasing regulation requirements regarding responses to cybersecurity incidents, including reporting to regulators, which could subject us to additional liability and reputational harm.
|Cybersecurity Risk Management Processes Integrated [Flag]
|true
|Cybersecurity Risk Management Processes Integrated [Text Block]
|Threats to security, confidentiality, and availability are identified and assessed as part of our annual and routine risk assessments. Our annual risk assessment is performed by using the ISO27001 risk assessment as a basis for risk identification, which is conducted by a trusted third-party provider to test our enterprise and product security controls. Additionally, our employees go through cybersecurity awareness training as part of their onboarding procedures. We also try to stay ahead of emerging cyber threats by continuously updating our security measures and investing in the latest technologies. We believe this proactive approach will help us be prepared to defend against new types of attacks, keeping our customers’ data secure
|Cybersecurity Risk Management Third Party Engaged [Flag]
|true
|Cybersecurity Risk Third Party Oversight and Identification Processes [Flag]
|true
|Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag]
|false
|Cybersecurity Risk Board of Directors Oversight [Text Block]
|Governance
We aim to incorporate industry best practices throughout our cybersecurity program. Our cybersecurity strategy focuses on implementing effective and efficient controls, technologies, and other processes to assess, identify, and manage material cybersecurity risks.
Our cybersecurity program is designed to be aligned with applicable industry standards, and we have engaged outside sources to assist in this effort. We have processes in place to assess, identify, manage, and address material cybersecurity threats and incidents.
We monitor issues that are internally discovered or externally reported that may affect our products and have processes to assess those issues for potential cybersecurity impact or risk. We also have a process in place to manage cybersecurity risks associated with third-party service providers. We are in the process of implementing additional technical and organizational security measures to follow our information security program.
Under our cybersecurity governance framework, the Audit Committee, in its charter, is empowered to implement and oversee our cybersecurity and information security policies and periodically review their compliance and mitigate potential cybersecurity threats.
Our CISO, who is a third party engaged by us, leads the strategy and guidelines, and works with senior management and IT engineering, to operate and implement cybersecurity of the Company. The CISO is responsible for handling the risk management by assessment, analysis, reporting, managing the cyber protection following the relevant requirements, the work with the Information Technology team, implementing information security awareness among the employees, and updating the company’s security policies. Our CISO provides annual analysis and updates to the management on our cybersecurity and information security policies and programs, as well as ad hoc updates on information security and cybersecurity matters.
|Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block]
|Under our cybersecurity governance framework, the Audit Committee, in its charter, is empowered to implement and oversee our cybersecurity and information security policies and periodically review their compliance and mitigate potential cybersecurity threats
|Cybersecurity Risk Management Positions or Committees Responsible [Text Block]
|The CISO is responsible for handling the risk management by assessment, analysis, reporting, managing the cyber protection following the relevant requirements, the work with the Information Technology team, implementing information security awareness among the employees, and updating the company’s security policies
|Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block]
|Our CISO provides annual analysis and updates to the management on our cybersecurity and information security policies and programs, as well as ad hoc updates on information security and cybersecurity matters
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef