Cybersecurity Risk Management and Strategy Disclosure |
12 Months Ended |
|---|---|
Dec. 31, 2025 | |
| Cybersecurity Risk Management, Strategy, and Governance [Line Items] | |
| Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block] | We regularly assess risks from cybersecurity threats, monitor our information systems for potential vulnerabilities, and review our cybersecurity policies, processes, and practices. To help protect our information systems from cybersecurity threats, we use a suite of security and business continuity tools that are designed to help us proactively identify, monitor, escalate, investigate, resolve, and recover from security incidents in a timely manner. Our cybersecurity training and testing program helps ensure awareness and knowledge of cybersecurity best practices for all departments. Our information technology department, led by our Chief Technology Officer (“CTO”), in connection with management and legal, assesses risks based on probability and potential impact to key business systems and processes. Our CTO has over two decades of expertise in managing information security, developing cybersecurity strategies and internal awareness programs, and implementing effective cybersecurity programs, including serving as chief information officer for over 10 years in previous roles. Our CTO leads the assessment and management of cybersecurity risks, including business continuity planning, incident response and regular disaster recovery testing. We take a risk-based approach to cybersecurity and have implemented cybersecurity policies and practices throughout our operations that are designed to address cybersecurity threats and incidents. Key elements of our cybersecurity risk management program include, among others, the following: •Deployment of monitoring tools designed to identify material cybersecurity risks within our enterprise IT environment and critical systems; •Engagement of external service providers to assess, test, or audit specific aspects of our security controls and processes; •Regular cybersecurity awareness training for employees, including phishing simulations and threat scenarios; •A cybersecurity incident response plan that establishes procedures for identifying, containing, and remediating incidents, and includes a materiality assessment framework with escalation protocols to senior leadership to determine reporting requirements; •Third-party risk management processes to review service providers based on their criticality to our operations and their respective risk profiles; and •Cybersecurity insurance coverage to mitigate potential financial impacts. Throughout 2025, we undertook significant steps to enhance our cybersecurity posture. Specifically, we focused on the hardening of our digital workplace and cloud ecosystem and reinforced the security of our endpoints by deploying advanced protection tools, remote control capabilities, and enhanced endpoint monitoring. Furthermore, we have updated our security policies to reflect the evolving threat landscape and completed a comprehensive assessment of our critical applications conducted by an independent third party and implemented a company-wide cybersecurity awareness program aimed at ensuring knowledge of best practices permeates all departments. For additional description of cybersecurity risks and potential related impacts on the Company, refer to “Item 3. Key Information—D. Risk Factors—Risks Related to Technology, E-Commerce, and Cybersecurity—We are dependent on information technology systems and infrastructure; if we, or the third parties we rely on, fail to protect sensitive information of our consumers and information technology systems against security breaches, it could damage our reputation and brand and substantially harm our business.”
|
| Cybersecurity Risk Management Processes Integrated [Flag] | true |
| Cybersecurity Risk Management Processes Integrated [Text Block] | We regularly assess risks from cybersecurity threats, monitor our information systems for potential vulnerabilities, and review our cybersecurity policies, processes, and practices. To help protect our information systems from cybersecurity threats, we use a suite of security and business continuity tools that are designed to help us proactively identify, monitor, escalate, investigate, resolve, and recover from security incidents in a timely manner. |
| Cybersecurity Risk Management Third Party Engaged [Flag] | true |
| Cybersecurity Risk Third Party Oversight and Identification Processes [Flag] | true |
| Cybersecurity Risk Board of Directors Oversight [Text Block] | Our Board oversees our risk management process, including as it pertains to cybersecurity risks, through the Audit and Governance Committee. The Audit and Governance Committee oversees our risk management program, which focuses on the most significant risks we face. Meetings of the Audit and Governance Committee include discussions of specific risk areas throughout the year, including cybersecurity incidents, reporting of which is required by our internal incident response protocol |
| Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block] | The Audit and Governance Committee oversees our risk management program, which focuses on the most significant risks we face. Meetings of the Audit and Governance Committee include discussions of specific risk areas throughout the year, including cybersecurity incidents, reporting of which is required by our internal incident response protocol |
| Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block] | Our Board oversees our risk management process, including as it pertains to cybersecurity risks, through the Audit and Governance Committee. The Audit and Governance Committee oversees our risk management program, which focuses on the most significant risks we face. Meetings of the Audit and Governance Committee include discussions of specific risk areas throughout the year, including cybersecurity incidents, reporting of which is required by our internal incident response protocol |
| Cybersecurity Risk Role of Management [Text Block] | Our Board oversees our risk management process, including as it pertains to cybersecurity risks, through the Audit and Governance Committee. The Audit and Governance Committee oversees our risk management program, which focuses on the most significant risks we face. Meetings of the Audit and Governance Committee include discussions of specific risk areas throughout the year, including cybersecurity incidents, reporting of which is required by our internal incident response protocol |
| Cybersecurity Risk Management Positions or Committees Responsible [Flag] | true |
| Cybersecurity Risk Management Positions or Committees Responsible [Text Block] | The Audit and Governance Committee oversees our risk management program, which focuses on the most significant risks we face. Meetings of the Audit and Governance Committee include discussions of specific risk areas throughout the year, including cybersecurity incidents, reporting of which is required by our internal incident response protocol |
| Cybersecurity Risk Management Expertise of Management Responsible [Text Block] | expertise in managing information security, developing cybersecurity strategies and internal awareness programs, and implementing effective cybersecurity programs, including serving as chief information officer for over 10 years in previous roles. Our CTO leads the assessment and management of cybersecurity risks, including business continuity planning, incident response and regular disaster recovery testing. We take a risk-based approach to cybersecurity and have implemented cybersecurity policies and practices throughout our operations that are designed to address cybersecurity threats and incidents. Key elements of our cybersecurity risk management program include, among others, the following: •Deployment of monitoring tools designed to identify material cybersecurity risks within our enterprise IT environment and critical systems; •Engagement of external service providers to assess, test, or audit specific aspects of our security controls and processes; •Regular cybersecurity awareness training for employees, including phishing simulations and threat scenarios; •A cybersecurity incident response plan that establishes procedures for identifying, containing, and remediating incidents, and includes a materiality assessment framework with escalation protocols to senior leadership to determine reporting requirements; •Third-party risk management processes to review service providers based on their criticality to our operations and their respective risk profiles; and •Cybersecurity insurance coverage to mitigate potential financial impacts. Throughout 2025, we undertook significant steps to enhance our cybersecurity posture. Specifically, we focused on the hardening of our digital workplace and cloud ecosystem and reinforced the security of our endpoints by deploying advanced protection tools, remote control capabilities, and enhanced endpoint monitoring. Furthermore, we have updated our security policies to reflect the evolving threat landscape and completed a comprehensive assessment of our critical applications conducted by an independent third party and implemented a company-wide cybersecurity awareness program aimed at ensuring knowledge of best practices permeates all departments. For additional description of cybersecurity risks and potential related impacts on the Company, refer to “Item 3. Key Information—D. Risk Factors—Risks Related to Technology, E-Commerce, and Cybersecurity—We are dependent on information technology systems and infrastructure; if we, or the third parties we rely on, fail to protect sensitive information of our consumers and information technology systems against security breaches, it could damage our reputation and brand and substantially harm our business.”
|
| Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block] | Our Board oversees our risk management process, including as it pertains to cybersecurity risks, through the Audit and Governance Committee. The Audit and Governance Committee oversees our risk management program, which focuses on the most significant risks we face. Meetings of the Audit and Governance Committee include discussions of specific risk areas throughout the year, including cybersecurity incidents, reporting of which is required by our internal incident response protocol.
|
| Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag] | true |