Cybersecurity Risk Management and Strategy Disclosure |
12 Months Ended |
|---|---|
Dec. 31, 2024 | |
| Cybersecurity Risk Management, Strategy, and Governance [Line Items] | |
| Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block] | Risk Management and Strategy Cybersecurity risk management is an integral part of our overall enterprise risk management program. Our cybersecurity risk management program is designed based on the National Institute of Standards and Technology (NIST) cybersecurity framework. This framework includes steps for (a) identifying cybersecurity threats, assessing the severity, identifying the source and whether the threat is associated with a third-party service provider; (b) reporting material cybersecurity incidents to management and our board of directors; (c) implementing safeguards, countermeasures and mitigation strategies; and (d) remediation and restoration of the affected systems. Our cybersecurity team also engages third-party security experts for defense protection capability assessment and system enhancements. In addition, our cybersecurity team provides trainings, security exercises, security awareness electronic direct mail (eDM) and social engineering drills regularly. Our dedicated information technology (“IT”) personnel are experienced information systems security professionals and information security managers with more than 19 years of relevant experience. Our IT team provides cybersecurity reports quarterly that cover, among other topics, suspicious behaviors, end devices security logs analysis, suspicious activity analysis and statistics, and updates to the company’s cybersecurity programs and mitigation strategies. In 2024, we did not identify any cybersecurity threats that have materially affected or are reasonably likely to materially affect our business strategy, results of operations, or financial condition. However, despite our efforts, we cannot eliminate all risks from cybersecurity threats, or provide assurances that we have not experienced an undetected cybersecurity incident.
|
| Cybersecurity Risk Management Processes Integrated [Flag] | true |
| Cybersecurity Risk Management Processes Integrated [Text Block] | Cybersecurity risk management is an integral part of our overall enterprise risk management program. |
| Cybersecurity Risk Management Third Party Engaged [Flag] | true |
| Cybersecurity Risk Third Party Oversight and Identification Processes [Flag] | true |
| Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag] | false |
| Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Text Block] | In 2024, we did not identify any cybersecurity threats that have materially affected or are reasonably likely to materially affect our business strategy, results of operations, or financial condition. However, despite our efforts, we cannot eliminate all risks from cybersecurity threats, or provide assurances that we have not experienced an undetected cybersecurity incident. |
| Cybersecurity Risk Board of Directors Oversight [Text Block] | Corporate Governance Our board of directors has overall oversight responsibility for our risk management, and delegates cybersecurity risk management oversight to the audit committee. The audit committee is responsible for ensuring that management has processes in place designed to identify and evaluate cybersecurity risks to which the company is exposed and implement processes and programs to manage cybersecurity risks and mitigate cybersecurity incidents. Management is responsible for identifying, considering and assessing material cybersecurity risks on an ongoing basis, establishing processes to ensure that such potential cybersecurity risk exposures are monitored, putting in place appropriate mitigation measures and maintaining cybersecurity programs.
Our cybersecurity programs are under the direction of an “Incident Notification” established by the audit committee consisting currently of significant cybersecurity incidents, who receive reports from our cybersecurity team led by the “Cyber Forensics Report” and monitors the prevention, detection, mitigation, and remediation of cybersecurity incidents. |
| Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block] | Our board of directors has overall oversight responsibility for our risk management, and delegates cybersecurity risk management oversight to the audit committee. The audit committee is responsible for ensuring that management has processes in place designed to identify and evaluate cybersecurity risks to which the company is exposed and implement processes and programs to manage cybersecurity risks and mitigate cybersecurity incidents. |
| Cybersecurity Risk Management Positions or Committees Responsible [Flag] | true |
| Cybersecurity Risk Management Positions or Committees Responsible [Text Block] | Our cybersecurity team also engages third-party security experts for defense protection capability assessment and system enhancements. In addition, our cybersecurity team provides trainings, security exercises, security awareness electronic direct mail (eDM) and social engineering drills regularly. |
| Cybersecurity Risk Management Expertise of Management Responsible [Text Block] | Our dedicated information technology (“IT”) personnel are experienced information systems security professionals and information security managers with more than 19 years of relevant experience. Our IT team provides cybersecurity reports quarterly that cover, among other topics, suspicious behaviors, end devices security logs analysis, suspicious activity analysis and statistics, and updates to the company’s cybersecurity programs and mitigation strategies. |
| Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag] | true |