Cybersecurity Risk Management and Strategy Disclosure |
12 Months Ended |
|---|---|
Jun. 30, 2025 | |
| Cybersecurity Risk Management, Strategy, and Governance [Line Items] | |
| Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block] | We seek to address cybersecurity risks through a cross-functional approach that is focused on preserving the confidentiality, integrity, and availability of the information that we collect and store by identifying, preventing, and mitigating cybersecurity threats and effectively responding to cybersecurity incidents when they occur. Our cybersecurity program is designed to protect information and information systems from unauthorized access, use, disclosure, disruption, modification, or destruction. Our management team has adopted policies, standards, processes, and practices and implemented controls and procedures that allow us to assess, identify and manage material risks from cybersecurity threats enabling our board of directors to actively oversee the strategic direction, objectives, and effectiveness of our cybersecurity risk management framework. Our processes are integrated into our overall enterprise risk management program, as implemented by management and as overseen by our board of directors. Our board of directors has an important role in risk oversight. To identify and assess material risks from cybersecurity threats, we use a risk assessment process aligned with standard industry frameworks such as the National Institute of Standards and Technology, or NIST, International Organization for Standardization, or ISO, 27001 and other industry standards. We engage in regular network and endpoint monitoring, vulnerability assessments, and penetration testing, among other exercises. We continuously monitor threats and unauthorized access to our network through both internal and external third-party resources. We have developed incident response plans which include triage, assessing the severity of incidents, escalation protocols, containment of incidents, investigation of incidents, and remediation. We provide annual privacy and security training for all employees which incorporates awareness of cyber threats (including but not limited to malware, ransomware, and social engineering attacks), password hygiene and incident reporting processes. We have also implemented processes to identify, monitor and address material risks from cybersecurity threats associated with our use of critical third-party service providers, including those in our supply chain or who have access to our systems, data or facilities that house such systems or data. Additionally, we require those third parties that could introduce significant cybersecurity risk to us to provide ISO certifications or Service Organization Controls, or SOC, 2 reports as evidence of a cybersecurity audit and these reports are reviewed and assessed for risk. We review our cybersecurity risk framework and related policies both internally and externally by third parties at least annually. Our risk management program is also reviewed annually as part of SOC 2 and Health Information Trust Alliance, or HITRUST, Common Security Framework audits. We are not aware of any known risks from cybersecurity threats, including as a result of any previous cybersecurity incidents, that have materially affected or are reasonably likely to materially affect us, including our business strategy, results of operations, or financial condition. Despite our security measures, however, there can be no assurance that we, or the third parties with which we interact, will not experience a cybersecurity incident in the future that may materially affect us. For additional information, see Item 1A. “Risk Factors” for a discussion of cybersecurity risks that we face.
|
| Cybersecurity Risk Management Processes Integrated [Flag] | true |
| Cybersecurity Risk Management Processes Integrated [Text Block] | We seek to address cybersecurity risks through a cross-functional approach that is focused on preserving the confidentiality, integrity, and availability of the information that we collect and store by identifying, preventing, and mitigating cybersecurity threats and effectively responding to cybersecurity incidents when they occur. Our cybersecurity program is designed to protect information and information systems from unauthorized access, use, disclosure, disruption, modification, or destruction. Our management team has adopted policies, standards, processes, and practices and implemented controls and procedures that allow us to assess, identify and manage material risks from cybersecurity threats enabling our board of directors to actively oversee the strategic direction, objectives, and effectiveness of our cybersecurity risk management framework. Our processes are integrated into our overall enterprise risk management program, as implemented by management and as overseen by our board of directors. Our board of directors has an important role in risk oversight. |
| Cybersecurity Risk Management Third Party Engaged [Flag] | true |
| Cybersecurity Risk Third Party Oversight and Identification Processes [Flag] | true |
| Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag] | false |
| Cybersecurity Risk Board of Directors Oversight [Text Block] | As part of the board of directors’ role in overseeing our enterprise risk management program, which includes our cybersecurity risk management framework, the board of directors is responsible for exercising oversight of management’s identification and management of, and planning for, material cybersecurity risks that may reasonably be expected to impact us. The audit committee is responsible for reviewing proposed disclosures in connection with any material cybersecurity incident consistent with our disclosure obligations under Item 1.05 of Form 8-K. The board of directors is informed of our cybersecurity risk management and receives an overview of our cybersecurity program from the Chief Information Security Officer, or CISO, at least annually. That overview covers, among other topics, the cybersecurity risk landscape and trends, data security posture, results from third-party assessments, training and vulnerability testing, our incident response plan, material cybersecurity risks, whether developing or actual, as well as the steps management has taken to respond to such risks, emerging cybersecurity regulations, technologies and best practices. |
| Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block] | Our CISO, Chief Financial Officer, Global General Counsel, internal audit, and privacy teams are responsible for management’s oversight of cybersecurity governance, awareness, and security compliance. |
| Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block] | Our CISO, Chief Financial Officer, Global General Counsel, internal audit, and privacy teams are responsible for management’s oversight of cybersecurity governance, awareness, and security compliance. Our CISO meets regularly with this group to review the cybersecurity program designed to protect our information systems from cybersecurity threats and to respond to incidents in accordance with our incident response plan. The CISO manages a team that is responsible for day-to-day tracking, assessing and management of threats. Through ongoing communications, the CISO and key stakeholders are informed about and monitor the prevention, detection, mitigation and remediation of cybersecurity incidents and progress on cybersecurity infrastructure initiatives. In the event of a material cybersecurity incident or investigation, management will, in compliance with escalation protocols in place, promptly report to the board of directors, as appropriate, in accordance with our incident response plan and other policies, and determine the timing of action, and necessary response.
|
| Cybersecurity Risk Role of Management [Text Block] | Our CISO, Chief Financial Officer, Global General Counsel, internal audit, and privacy teams are responsible for management’s oversight of cybersecurity governance, awareness, and security compliance. Our CISO meets regularly with this group to review the cybersecurity program designed to protect our information systems from cybersecurity threats and to respond to incidents in accordance with our incident response plan. The CISO manages a team that is responsible for day-to-day tracking, assessing and management of threats. Through ongoing communications, the CISO and key stakeholders are informed about and monitor the prevention, detection, mitigation and remediation of cybersecurity incidents and progress on cybersecurity infrastructure initiatives. In the event of a material cybersecurity incident or investigation, management will, in compliance with escalation protocols in place, promptly report to the board of directors, as appropriate, in accordance with our incident response plan and other policies, and determine the timing of action, and necessary response. Our CISO has over 20 years of experience in various roles in information technology and information security, including serving as CISO at Mattel and Universal Music Group. He holds an MBA degree and several relevant certifications, including Certified Information Security Manager, Certified Information Systems Security Professional, Certified in Risk and Information System Control, and Certified Information Privacy Professional.
|
| Cybersecurity Risk Management Positions or Committees Responsible [Flag] | true |
| Cybersecurity Risk Management Positions or Committees Responsible [Text Block] | Our CISO, Chief Financial Officer, Global General Counsel, internal audit, and privacy teams are responsible for management’s oversight of cybersecurity governance, awareness, and security compliance. |
| Cybersecurity Risk Management Expertise of Management Responsible [Text Block] | Our CISO has over 20 years of experience in various roles in information technology and information security, including serving as CISO at Mattel and Universal Music Group. He holds an MBA degree and several relevant certifications, including Certified Information Security Manager, Certified Information Systems Security Professional, Certified in Risk and Information System Control, and Certified Information Privacy Professional.
|
| Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block] | Our CISO, Chief Financial Officer, Global General Counsel, internal audit, and privacy teams are responsible for management’s oversight of cybersecurity governance, awareness, and security compliance. Our CISO meets regularly with this group to review the cybersecurity program designed to protect our information systems from cybersecurity threats and to respond to incidents in accordance with our incident response plan. The CISO manages a team that is responsible for day-to-day tracking, assessing and management of threats. Through ongoing communications, the CISO and key stakeholders are informed about and monitor the prevention, detection, mitigation and remediation of cybersecurity incidents and progress on cybersecurity infrastructure initiatives. In the event of a material cybersecurity incident or investigation, management will, in compliance with escalation protocols in place, promptly report to the board of directors, as appropriate, in accordance with our incident response plan and other policies, and determine the timing of action, and necessary response.
|
| Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag] | true |