Cybersecurity Risk Management and Strategy Disclosure |
12 Months Ended |
|---|---|
Mar. 31, 2026 | |
| Cybersecurity Risk Management, Strategy, and Governance [Abstract] | |
| Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block] |
Risk Management and Strategy
The Company’s risk management program includes governance through the cybersecurity committee, consisting of senior executive management team along with legal and other key holders. Our Risk Management lead is tasked with integrating any cybersecurity risk considerations into overall risk management strategy. Risk management includes regular risk assessments to identify internal and external risks and to evaluate the magnitude of harm that could arise out of such risks. The risk management program may also utilize third-party service providers where such support is complementary to the Company’s overall business strategy. Our risk management program includes training and education over the continuously evolving landscape of cybersecurity threats. We collaborate with external parties, including consultants, independent privacy assessors, computer security firms, training service providers and risk management and governance experts, to enhance our cybersecurity oversight. As part of our cybersecurity governance framework, we periodically engage independent third-party auditors and security assessors to review elements of our cybersecurity program, evaluate the effectiveness of security controls, provide recommendations aligned with industry best practices, and support compliance and certification activities. We also routinely engage with industry groups to stay informed about emerging trends. In addition, as part of our overall risk mitigation strategy, we maintain cyber insurance coverage. Our cybersecurity policies, standards and procedures include cyber and data breach response plans, which are periodically assessed against the ISO 27001:2022, National Institute of Standards and Technology Cybersecurity Framework (NIST CSF 2.0), and other relevant standards.
Material effects of cybersecurity threats
Although cybersecurity risks have the potential to affect the business, financial condition, and results of operations, we do not believe that risks from attacks, including results from any previous cybersecurity incidents or threats, have materially affected or likely to materially affect our strategy, operations or financial condition. However, no system or control framework can eliminate all risk. Despite our risk management practices, cyber incidents capable of causing material harm may still occur. Refer to “Our business relies heavily on owned and third-party technology and computer systems, which subjects us to various uncertainties” under the section entitled “Risk Factors”. |
| Cybersecurity Risk Management Processes Integrated [Flag] | true |
| Cybersecurity Risk Management Processes Integrated [Text Block] | The Company’s risk management program includes governance through the cybersecurity committee, consisting of senior executive management team along with legal and other key holders. Our Risk Management lead is tasked with integrating any cybersecurity risk considerations into overall risk management strategy. Risk management includes regular risk assessments to identify internal and external risks and to evaluate the magnitude of harm that could arise out of such risks. |
| Cybersecurity Risk Management Third Party Engaged [Flag] | true |
| Cybersecurity Risk Third Party Oversight and Identification Processes [Flag] | true |
| Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag] | false |
| Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Text Block] | Although cybersecurity risks have the potential to affect the business, financial condition, and results of operations, we do not believe that risks from attacks, including results from any previous cybersecurity incidents or threats, have materially affected or likely to materially affect our strategy, operations or financial condition. |
| Cybersecurity Risk Board of Directors Oversight [Text Block] |
Governance and Management
Our board of directors addresses our cybersecurity risk management as part of its general oversight function. As part of the Board’s oversight, the Board will receive a report at least annually from our cybersecurity committee, covering updates on our cybersecurity risks and threats, the status of projects intended to strengthen our information security systems, assessments of the cybersecurity program, and the emerging threat landscape.
Our cybersecurity committee plays an active role by meeting periodically to review the status of the Company’s cyber security program and roadmap for new cybersecurity risk management initiatives. The committee oversees cybersecurity risk management by evaluating whether management has robust cybersecurity policies and procedures, regularly assessing and monitoring cybersecurity risks, and receiving regular reports on the Company’s cybersecurity posture. The cybersecurity committee holds monthly review meetings, to discuss the status of the Company’s cybersecurity posture, plans and projects underway, and to discuss any changes in existing policies and procedures.
Our cybersecurity risk management processes are devised, implemented and assessed quarterly by our Cybersecurity lead, Enterprise Risk Management lead and Head of IT Strategy and Solutions. Our leads have extensive experience in cybersecurity and information technology, and based on their careers, have a deep understanding of our information technology and business needs. Our leads report to the cybersecurity committee monthly regarding emerging risks and the overall cybersecurity environment and immediately when a cybersecurity incident occurs. Our IT heads and Cybersecurity lead closely monitor cybersecurity risks, including our practices and procedures against the cybersecurity environment, including the operation of our incident response plan. Our cybersecurity program is designed to ensure the confidentiality, integrity, and availability of data and systems as well as to ensure timely identification of and response to any incidents. This design is geared toward supporting our business objectives and the needs of our valued customers, employees, and other stakeholders. We strongly believe that cybersecurity is a collective responsibility that extends to every employee, and we prioritize it as an ongoing objective. To increase our employees’ awareness of cyber threats, we provide education and share best practices through a security awareness training program. This includes conducting quarterly exercises, cyber-event simulations, training programs and incorporating our Technology Acceptable Use Policy into onboarding and training materials. |
| Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block] | Our board of directors addresses our cybersecurity risk management as part of its general oversight function. |
| Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block] | As part of the Board’s oversight, the Board will receive a report at least annually from our cybersecurity committee, covering updates on our cybersecurity risks and threats, the status of projects intended to strengthen our information security systems, assessments of the cybersecurity program, and the emerging threat landscape. |
| Cybersecurity Risk Role of Management [Text Block] | Our cybersecurity committee plays an active role by meeting periodically to review the status of the Company’s cyber security program and roadmap for new cybersecurity risk management initiatives. |
| Cybersecurity Risk Management Positions or Committees Responsible [Flag] | true |
| Cybersecurity Risk Management Positions or Committees Responsible [Text Block] | The cybersecurity committee holds monthly review meetings, to discuss the status of the Company’s cybersecurity posture, plans and projects underway, and to discuss any changes in existing policies and procedures. |
| Cybersecurity Risk Management Expertise of Management Responsible [Text Block] | Our cybersecurity risk management processes are devised, implemented and assessed quarterly by our Cybersecurity lead, Enterprise Risk Management lead and Head of IT Strategy and Solutions. Our leads have extensive experience in cybersecurity and information technology, and based on their careers, have a deep understanding of our information technology and business needs. |
| Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag] | true |
| Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block] | We strongly believe that cybersecurity is a collective responsibility that extends to every employee, and we prioritize it as an ongoing objective. |