v3.25.4
Cybersecurity Risk Management, Strategy and Governance
 12 Months Ended
Dec. 31, 2025
Cybersecurity Risk Management, Strategy, and Governance [Abstract]  
Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]

Item 16K Cybersecurity

Cybersecurity Risk Management and Strategy

We have developed and implemented a cybersecurity risk management program intended to safeguard the confidentiality and integrity of the information we collect and process, prevent unauthorized access to our information technology (“IT”) systems and data, and ensure availability of our IT systems and data according to defined business requirements. Our cybersecurity risk management program includes a cybersecurity incident response plan.

Our Information Security Policy for Global IT outlines the organizational responsibilities for maintaining a strong security posture for our IT systems and sets forth the IT security measures and controls that are required to be in place. This policy covers all IT systems that process Company information. Our Security Management team is responsible for ensuring internal security compliance and for managing IT vendors.

We have designed our security program around the International Organization for Standardization/International Electrotechnical Commission (“ISO/IEC”) 27001 standard on a strategic and tactical level, while our operational program is maintained in accordance with the Center for Internet Security (“CIS”) Critical Security Controls framework. This does not imply that we meet any particular technical standards, specifications, or requirements, only that we use the ISO/IEC and CIS Controls standards as guides to help us identify, assess, and manage cybersecurity risks relevant to our business.

Our cybersecurity risk management program is integrated into our overall enterprise risk management program, and shares common methodologies, reporting channels and governance processes that apply across the enterprise risk management program to other legal, compliance, strategic, operational, and financial risk areas.

Our cybersecurity risk management program includes:

Risk assessments designed to help identify material cybersecurity risks to our critical systems, information, products, services, and our broader enterprise IT environment;
A security team principally responsible for managing (1) our cybersecurity risk assessment processes; (2) our security controls; and (3) our response to cybersecurity incidents;
An external and internal Security Operations Center (SOC) performing advanced threat detection and response across our environment.
The use of external service providers, where appropriate, to assess, test or otherwise assist with aspects of our security controls;
A defined process for registration, classification and escalation of any incidents to a named IT Incident Manager and incident response team, which includes relevant members of the IT management team, the compliance team, business process owners and potentially external vendors;
Security awareness campaigns for Company employees via various channels (intranet, direct mail, screen savers, etc.); and
Secure access control measures applied to critical IT systems, equipment and devices, designed to prevent unauthorized users, processes, and devices from accessing IT systems and data.

We have not identified risks from known cybersecurity threats, including as a result of any prior cybersecurity incidents, that have materially affected or are reasonably likely to materially affect us, including our operations, business strategy, results of operations, or financial condition.

Cybersecurity Governance

Our Board considers cybersecurity risk as part of its risk oversight function and has delegated the oversight of cybersecurity and other information technology risks to the executive board. The executive board oversees the Security Management team's implementation of our cybersecurity risk management program.

The executive board receives regular updates from the Security Management team on our cybersecurity risks. In addition, the Security Management team updates the executive board, as necessary, regarding any material cybersecurity incidents, as well as any incidents with lesser impact potential.

The executive board reports to the full Board regarding its activities, including those related to cybersecurity. The full Board also receives briefings from management on our cyber risk management program. Board members receive presentations on cybersecurity topics from our Security Management team.

Our Security Management team is chaired by the Chief Information Officer and includes the Global Head of Digitalization and Cyber Security, and is responsible for assessing and managing our material risks from cybersecurity threats. The team has primary responsibility for our overall cybersecurity risk management program and supervises both our internal cybersecurity personnel and our retained external cybersecurity consultants. Our Security Management team's background includes experience in regulatory compliance, cloud computing and infrastructure, and cyber incident response.

Our Security Management team supervises efforts to prevent, detect, mitigate, and remediate cybersecurity risks and incidents through various means, which may include briefings from internal security personnel, threat intelligence and other information obtained from governmental, public or private sources, including external consultants engaged by us, as well as alerts and reports produced by security tools deployed in our IT environment.

Our executive management that is part of the Corporate Management Group signs off on the overall strategic direction for IT security and ensures alignment with our overall business strategy.

We have established a dedicated Security Organization Unit to drive alignment across all key security functions within the company. This unit is chaired by the Chief Information Officer and includes representatives with oversight of critical areas such as IT Compliance, AI & Automation, Global Service Desk, Infrastructure, Integration, and Data Management.

It is the responsibility of the Security Organization Unit to approve the Company's IT security roadmap, ensure allocation and prioritization of resources, and to act as the escalation point for IT security matters.

A named IT Director is assigned the responsibility of maintaining IT security across our global organization. This responsibility includes defining and driving IT security roadmap initiatives, defining and implementing activities needed to drive an IT security awareness program, supporting the assessment of new IT systems and vendors, and acting as the leader and point person in the event of a major security incident.

Operational responsibility resides with the related product teams. The product teams are responsible for ensuring effective and updated security technologies are used in the day-to-day operational procedures, and for maintaining, operating and implementing applications and technologies securely across business areas within the Company.
Cybersecurity Risk Management Processes Integrated [Flag] true
Cybersecurity Risk Management Processes Integrated [Text Block]

Our cybersecurity risk management program is integrated into our overall enterprise risk management program, and shares common methodologies, reporting channels and governance processes that apply across the enterprise risk management program to other legal, compliance, strategic, operational, and financial risk areas.
Cybersecurity Risk Management Third Party Engaged [Flag] true
Cybersecurity Risk Third Party Oversight and Identification Processes [Flag] true
Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag] false
Cybersecurity Risk Board of Directors Oversight [Text Block]

Our Board considers cybersecurity risk as part of its risk oversight function and has delegated the oversight of cybersecurity and other information technology risks to the executive board. The executive board oversees the Security Management team's implementation of our cybersecurity risk management program.

The executive board receives regular updates from the Security Management team on our cybersecurity risks. In addition, the Security Management team updates the executive board, as necessary, regarding any material cybersecurity incidents, as well as any incidents with lesser impact potential.

The executive board reports to the full Board regarding its activities, including those related to cybersecurity. The full Board also receives briefings from management on our cyber risk management program. Board members receive presentations on cybersecurity topics from our Security Management team.
Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block] The executive board oversees the Security Management team's implementation of our cybersecurity risk management program.
Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block]

The executive board receives regular updates from the Security Management team on our cybersecurity risks. In addition, the Security Management team updates the executive board, as necessary, regarding any material cybersecurity incidents, as well as any incidents with lesser impact potential.

The executive board reports to the full Board regarding its activities, including those related to cybersecurity. The full Board also receives briefings from management on our cyber risk management program. Board members receive presentations on cybersecurity topics from our Security Management team.
Cybersecurity Risk Role of Management [Text Block]

Our Security Management team is chaired by the Chief Information Officer and includes the Global Head of Digitalization and Cyber Security, and is responsible for assessing and managing our material risks from cybersecurity threats. The team has primary responsibility for our overall cybersecurity risk management program and supervises both our internal cybersecurity personnel and our retained external cybersecurity consultants. Our Security Management team's background includes experience in regulatory compliance, cloud computing and infrastructure, and cyber incident response.

Our Security Management team supervises efforts to prevent, detect, mitigate, and remediate cybersecurity risks and incidents through various means, which may include briefings from internal security personnel, threat intelligence and other information obtained from governmental, public or private sources, including external consultants engaged by us, as well as alerts and reports produced by security tools deployed in our IT environment.

Our executive management that is part of the Corporate Management Group signs off on the overall strategic direction for IT security and ensures alignment with our overall business strategy.
Cybersecurity Risk Management Positions or Committees Responsible [Flag] true
Cybersecurity Risk Management Positions or Committees Responsible [Text Block] Our Security Management team is chaired by the Chief Information Officer and includes the Global Head of Digitalization and Cyber Security, and is responsible for assessing and managing our material risks from cybersecurity threats. The team has primary responsibility for our overall cybersecurity risk management program and supervises both our internal cybersecurity personnel and our retained external cybersecurity consultants.
Cybersecurity Risk Management Expertise of Management Responsible [Text Block] Our Security Management team's background includes experience in regulatory compliance, cloud computing and infrastructure, and cyber incident response.
Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag] true
Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block]

The executive board reports to the full Board regarding its activities, including those related to cybersecurity. The full Board also receives briefings from management on our cyber risk management program. Board members receive presentations on cybersecurity topics from our Security Management team.