Cybersecurity Risk Management and Strategy Disclosure |
12 Months Ended |
|---|---|
Dec. 31, 2025 | |
| Cybersecurity Risk Management, Strategy, and Governance [Line Items] | |
| Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block] | Risk Management and Strategy Cybersecurity risk management is an integral part of our overall enterprise risk management program. Our cybersecurity risk management program is designed based on the National Institute of Standards and Technology (NIST) cybersecurity framework. This framework includes steps for (a) identifying cybersecurity threats, assessing the severity, identifying the source and whether the threat is associated with a third-party service provider; (b) reporting material cybersecurity incidents to management and our board of directors; (c) implementing safeguards, countermeasures and mitigation strategies; and (d) remediation and restoration of the affected systems. Our cybersecurity team also engages third-party security experts for defense protection capability assessment and system enhancements. We also maintain a third-party risk management process under which we assess the cybersecurity practices of key third-party service providers prior to engagement and on a periodic basis thereafter, including through contractual requirements, security questionnaires, and, where appropriate, third-party security assessments. We require key third-party service providers that have access to our systems or data to implement and maintain appropriate cybersecurity controls and to notify us promptly of any cybersecurity incident that may affect our systems or data. In addition, our cybersecurity team provides trainings, security exercises, security awareness electronic direct mail (eDM) and social engineering drills regularly. Our dedicated information technology (“IT”) personnel are experienced information systems security professionals and information security managers with more than 20 years of relevant experience. Our IT team provides cybersecurity reports quarterly that cover, among other topics, suspicious behaviors, end devices security logs analysis, suspicious activity analysis and statistics, and updates to the Company’s cybersecurity programs and mitigation strategies. In 2025, we did not identify any cybersecurity threats that have materially affected or are reasonably likely to materially affect our business strategy, results of operations, or financial condition. However, despite our efforts, we cannot eliminate all risks from cybersecurity threats, or provide assurances that we have not experienced an undetected cybersecurity incident.
|
| Cybersecurity Risk Management Processes Integrated [Flag] | true |
| Cybersecurity Risk Management Processes Integrated [Text Block] | Cybersecurity risk management is an integral part of our overall enterprise risk management program. |
| Cybersecurity Risk Management Third Party Engaged [Flag] | true |
| Cybersecurity Risk Third Party Oversight and Identification Processes [Flag] | true |
| Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag] | true |
| Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Text Block] | In 2025, we did not identify any cybersecurity threats that have materially affected or are reasonably likely to materially affect our business strategy, results of operations, or financial condition. However, despite our efforts, we cannot eliminate all risks from cybersecurity threats, or provide assurances that we have not experienced an undetected cybersecurity incident. |
| Cybersecurity Risk Board of Directors Oversight [Text Block] | Corporate Governance Our board of directors has overall oversight responsibility for our risk management, and delegates cybersecurity risk management oversight to the audit committee. The audit committee is responsible for ensuring that management has processes in place designed to identify and evaluate cybersecurity risks to which the company is exposed and implement processes and programs to manage cybersecurity risks and mitigate cybersecurity incidents. The audit committee receives cybersecurity risk updates from management at least quarterly, including the quarterly cybersecurity reports prepared by our IT team, and discusses cybersecurity risk management as a standing item at its regular meetings. The audit committee reports to the full board of directors on cybersecurity matters as appropriate. At the management level, responsibility for assessing and managing cybersecurity risks is led by our IT head / Chief Information Officer (“CIO”), together with a dedicated cybersecurity team. This cybersecurity team includes a management-level incident response and notification committee (the “Incident Notification Committee”), which is responsible for the escalation, evaluation, and reporting of significant cybersecurity incidents to senior management and the audit committee. In addition to incident-specific reporting, the IT head / CIO provides routine cybersecurity risk updates to senior management and the audit committee on at least a quarterly basis, covering the Company’s overall cybersecurity posture, emerging threats, risk mitigation activities, and the status of cybersecurity programs and controls. Our cybersecurity operations are supported by the dedicated cybersecurity team, including personnel responsible for cybersecurity monitoring, threat detection, incident response, and remediation. This team reports to the IT head / CIO and provides regular updates to the Incident Notification Committee and senior management. In addition, we engage external cybersecurity consultants and specialists, as needed, to support risk assessments, penetration testing, and incident investigations. Management is responsible for identifying, considering, and assessing material cybersecurity risks on an ongoing basis, and for establishing and maintaining processes designed to ensure that such risks are appropriately monitored and mitigated. These processes include continuous network monitoring, vulnerability assessments, incident response planning, and implementation of cybersecurity controls and technologies. With respect to relevant expertise, our IT head / CIO has extensive experience in information technology management, including oversight of cybersecurity programs in various industries. In addition, members of our cybersecurity team possess relevant technical expertise in areas such as network security, system architecture, threat intelligence, and incident response, and may hold industry-recognized Certified Information Systems Security Professional (CISSP) and Systems Security Certified Practitioner (SSCP), Certified Ethical Hacker (CEH) and ISO27001 certifications. |
| Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block] | Our board of directors has overall oversight responsibility for our risk management, and delegates cybersecurity risk management oversight to the audit committee. The audit committee is responsible for ensuring that management has processes in place designed to identify and evaluate cybersecurity risks to which the company is exposed and implement processes and programs to manage cybersecurity risks and mitigate cybersecurity incidents. The audit committee receives cybersecurity risk updates from management at least quarterly, including the quarterly cybersecurity reports prepared by our IT team, and discusses cybersecurity risk management as a standing item at its regular meetings. The audit committee reports to the full board of directors on cybersecurity matters as appropriate. |
| Cybersecurity Risk Management Positions or Committees Responsible [Flag] | true |
| Cybersecurity Risk Management Positions or Committees Responsible [Text Block] | Our cybersecurity team also engages third-party security experts for defense protection capability assessment and system enhancements. We also maintain a third-party risk management process under which we assess the cybersecurity practices of key third-party service providers prior to engagement and on a periodic basis thereafter, including through contractual requirements, security questionnaires, and, where appropriate, third-party security assessments. We require key third-party service providers that have access to our systems or data to implement and maintain appropriate cybersecurity controls and to notify us promptly of any cybersecurity incident that may affect our systems or data. In addition, our cybersecurity team provides trainings, security exercises, security awareness electronic direct mail (eDM) and social engineering drills regularly. |
| Cybersecurity Risk Management Expertise of Management Responsible [Text Block] | Our dedicated information technology (“IT”) personnel are experienced information systems security professionals and information security managers with more than 20 years of relevant experience. Our IT team provides cybersecurity reports quarterly that cover, among other topics, suspicious behaviors, end devices security logs analysis, suspicious activity analysis and statistics, and updates to the Company’s cybersecurity programs and mitigation strategies. |
| Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag] | true |