Cybersecurity Risk Management and Strategy Disclosure |
12 Months Ended |
|---|---|
Mar. 31, 2026 | |
| Cybersecurity Risk Management, Strategy, and Governance [Line Items] | |
| Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block] | We maintain a comprehensive cybersecurity program, recognizing the critical importance of safeguarding our operations, employees, customers, and other business partners from cybersecurity risks, which continue to evolve in frequency and sophistication. These risks include, among others, operational, financial, reputational, legal, and regulatory risks. As a part of this program, we have developed an incident response plan (IRP) designed to quickly respond to, mitigate, and recover from cybersecurity incidents. The IRP includes procedures for incident detection and reporting, initial assessment, containment, eradication, recovery, post-incident activities, and continuous improvement. We also integrate cybersecurity risk management into our overall risk management framework to ensure that cybersecurity risks are considered in all aspects of our business. Our management team works closely with our Chief Digital & Data Officer (CDDO) and Chief Information Security Officer (CISO), and is designed to align our cybersecurity efforts with our business objectives and operational needs. Key components of our cybersecurity approach include, among other things: •establishing a dedicated action team, led by our CDDO and CISO, to oversee and manage cybersecurity risks; •implementing a comprehensive cybersecurity risk assessment process and strategy based on industry standards and established frameworks such as the National Institute of Standards and Technology (NIST); •implementing a third-party and vendor risk management program, which includes evaluating risk levels such that third parties and vendors with access to our systems or data are subject to cybersecurity onboarding and review, along with cybersecurity and data privacy audits and ongoing risk monitoring and mitigation efforts; •conducting penetration tests and security maturity assessments throughout the year; •periodically engaging independent third-party assessors to audit our cybersecurity and information system programs to evaluate their effectiveness; •implementing industry-standard technologies and processes to protect our system and data and to help detect potential unauthorized activity; •maintaining access controls to safeguard data and systems; •providing annual trainings to employees on responsible information security, data security and cybersecurity practices including appropriate action to take against cybersecurity threats; •conducting periodic phishing simulations to our employees; •engaging in cybersecurity incident tabletop exercises and scenario planning exercises; •maintaining a cybersecurity and information security risk insurance policy, which insures for data incidents or breaches and other technology related exposures; and •periodically reviewing and updating our IRP, privacy policy, and other relevant policies/procedures. We continuously evaluate and enhance our cybersecurity risk management practices in response to evolving threats and business needs. In the three-year period ended March 31, 2026, our business, results of operations and financial condition have not been materially affected by risks from cybersecurity threats, including as a result of any prior cybersecurity incidents experienced by either us or third parties, but we cannot provide assurance that they will not be materially affected in the future by such risks or any future material incidents. Refer to Part I, Item 1A, “Risk Factors - Risks Related to Technology, Data Security and Privacy” within this Annual Report for further information.
|
| Cybersecurity Risk Management Processes Integrated [Flag] | true |
| Cybersecurity Risk Management Processes Integrated [Text Block] | We also integrate cybersecurity risk management into our overall risk management framework to ensure that cybersecurity risks are considered in all aspects of our business. |
| Cybersecurity Risk Management Third Party Engaged [Flag] | true |
| Cybersecurity Risk Third Party Oversight and Identification Processes [Flag] | true |
| Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag] | false |
| Cybersecurity Risk Board of Directors Oversight [Text Block] | Our Board has delegated to the Audit Committee primary responsibility for oversight of enterprise risk assessment and risk management, including risks related to cybersecurity and information security. Our CDDO and CISO, who head our cybersecurity and information security initiatives, provide quarterly updates to the Audit Committee, and annual updates to the full Board.
|
| Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block] | Our Board has delegated to the Audit Committee primary responsibility for oversight of enterprise risk assessment and risk management, including risks related to cybersecurity and information security. |
| Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block] | Our CDDO and CISO, who head our cybersecurity and information security initiatives, provide quarterly updates to the Audit Committee, and annual updates to the full Board. These updates cover various topics, such as efforts to enhance our cybersecurity posture, operational and incident metrics, mitigation actions, and key performance indicators such as cybersecurity maturity, program health, and audit and compliance activities. The Audit Committee reviews and monitors these updates as part of its oversight of our cybersecurity risk management program. The Audit Committee also engages in regular dialogue with management, including our CDDO and CISO, regarding cybersecurity and technology risks and related initiatives. In addition, the Audit Committee reviews relevant internal audit findings and key metrics used to assess our capabilities to manage cybersecurity, information security, and technology risks. In addition to these regular updates, significant cybersecurity incidents and updates are escalated on an as-needed basis in accordance with our IRP, and the Audit Committee discusses with management the nature and potential impact of material cybersecurity incidents on our business, financial condition, and results of operations.
|
| Cybersecurity Risk Role of Management [Text Block] | Our Board has delegated to the Audit Committee primary responsibility for oversight of enterprise risk assessment and risk management, including risks related to cybersecurity and information security. Our CDDO and CISO, who head our cybersecurity and information security initiatives, provide quarterly updates to the Audit Committee, and annual updates to the full Board. These updates cover various topics, such as efforts to enhance our cybersecurity posture, operational and incident metrics, mitigation actions, and key performance indicators such as cybersecurity maturity, program health, and audit and compliance activities. The Audit Committee reviews and monitors these updates as part of its oversight of our cybersecurity risk management program. The Audit Committee also engages in regular dialogue with management, including our CDDO and CISO, regarding cybersecurity and technology risks and related initiatives. In addition, the Audit Committee reviews relevant internal audit findings and key metrics used to assess our capabilities to manage cybersecurity, information security, and technology risks. In addition to these regular updates, significant cybersecurity incidents and updates are escalated on an as-needed basis in accordance with our IRP, and the Audit Committee discusses with management the nature and potential impact of material cybersecurity incidents on our business, financial condition, and results of operations. Our CDDO and CISO have extensive experience in cybersecurity. Our CDDO has served in his role since September 2024. He has over 15 years of experience in digital transformations, enterprise technology, artificial intelligence, and data management. Our CISO has served in various roles in information technology for over 25 years, including 15 years in information security. He holds a B.S. in Cybersecurity and Information Assurance, along with industry certifications including ISACA’s Certified in Risk and Information Systems Control, ISACA’s Certified Information Security Manager, and ISC2’s Certified Information Systems Security Professional certifications.
|
| Cybersecurity Risk Management Positions or Committees Responsible [Flag] | true |
| Cybersecurity Risk Management Positions or Committees Responsible [Text Block] | Our CDDO and CISO, who head our cybersecurity and information security initiatives, provide quarterly updates to the Audit Committee, and annual updates to the full Board. These updates cover various topics, such as efforts to enhance our cybersecurity posture, operational and incident metrics, mitigation actions, and key performance indicators such as cybersecurity maturity, program health, and audit and compliance activities.
|
| Cybersecurity Risk Management Expertise of Management Responsible [Text Block] | Our CDDO and CISO have extensive experience in cybersecurity. Our CDDO has served in his role since September 2024. He has over 15 years of experience in digital transformations, enterprise technology, artificial intelligence, and data management. Our CISO has served in various roles in information technology for over 25 years, including 15 years in information security. He holds a B.S. in Cybersecurity and Information Assurance, along with industry certifications including ISACA’s Certified in Risk and Information Systems Control, ISACA’s Certified Information Security Manager, and ISC2’s Certified Information Systems Security Professional certifications.
|
| Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block] | Our Board has delegated to the Audit Committee primary responsibility for oversight of enterprise risk assessment and risk management, including risks related to cybersecurity and information security. Our CDDO and CISO, who head our cybersecurity and information security initiatives, provide quarterly updates to the Audit Committee, and annual updates to the full Board. These updates cover various topics, such as efforts to enhance our cybersecurity posture, operational and incident metrics, mitigation actions, and key performance indicators such as cybersecurity maturity, program health, and audit and compliance activities. The Audit Committee reviews and monitors these updates as part of its oversight of our cybersecurity risk management program. The Audit Committee also engages in regular dialogue with management, including our CDDO and CISO, regarding cybersecurity and technology risks and related initiatives. In addition, the Audit Committee reviews relevant internal audit findings and key metrics used to assess our capabilities to manage cybersecurity, information security, and technology risks. In addition to these regular updates, significant cybersecurity incidents and updates are escalated on an as-needed basis in accordance with our IRP, and the Audit Committee discusses with management the nature and potential impact of material cybersecurity incidents on our business, financial condition, and results of operations.
|
| Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag] | true |