Cybersecurity Risk Management and Strategy Disclosure
|
12 Months Ended |
Dec. 31, 2025 |
|---|
| Cybersecurity Risk Management, Strategy, and Governance [Line Items] |
|
| Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block] |
Risk
Management and Strategy Our
cybersecurity risk management program is designed to protect the confidentiality, integrity, and availability of our critical systems,
information and data. The policies, standards, processes and practices of our cybersecurity risk management program are part of our information
security management system, or ISMS, program, which is integrated into our enterprise risk management process. Our cybersecurity risk
management program includes a comprehensive set of policies and procedures to prevent accidental or intentional unauthorized modification,
destruction or disclosure of confidential, proprietary, personal or otherwise critical information, including an appropriate level of
security over the equipment, processes and software used to process, store and transmit information. Key
elements of our cybersecurity risk management program include, but are not limited to the following:
| |
● |
a cybersecurity
threat defense system that addresses both internal and external threats; |
| |
● |
a cybersecurity incident response
plan that includes procedures for responding to cybersecurity incidents and risk assessments designed to help identify material cybersecurity
risks to our critical systems, information, products, services, and our broader enterprise information technology environment; |
| |
● |
a security
team principally responsible for managing our cybersecurity risk assessment processes, our security controls, and our response to
cybersecurity incidents; |
| |
● |
network,
host and application security; |
| ● | sensitive
information protection methods, including technical safeguards, procedural requirements,
and monitoring program on our corporate network; |
| ● | continuous
testing of our security posture both internally and with outside vendors; |
| ● | security
system effectiveness reviews with reference to applicable security standards; and |
| ● | regular
cybersecurity training for employees and contractors. |
To
further improve the effectiveness of our cybersecurity risk management program, we engage third-party service providers, where appropriate,
to assess and test the adequacy of our security controls and processes, consult best practices to address new challenges and evolving
risks, or otherwise assist with aspects of our security processes. Additionally, our risk monitoring systems are regularly audited by
our internal auditors as well as cybersecurity audit companies. We consider the results of external and internal audits of our risk detection
and monitoring systems and implement modifications as necessary. We
also implement third-party risk management processes to identify, assess and monitor material risks from cybersecurity threats associated
with key services providers that have access to our information technology systems or our confidential, proprietary, personal or otherwise
critical information based on our assessment of the potential impact to our operations and respective risk profile. We
have established and seek to continuously improve effective information security governance. We apply a risk-based approach in line with
our overall risk management framework to address potential gaps in security controls. The processes of our cybersecurity risk management
program are aligned to ISO 27001:2022, an international standard for information security management. As of the date of this Annual Report on Form 20-F, we have not experienced
any cybersecurity incidents or risks from cybersecurity threats that have materially affected or are currently viewed as reasonably likely
to materially affect, us, our business strategy, results of operations, or financial condition. However, the scope and impact of any future
cybersecurity threats cannot be predicted, and there can be no assurance that our cybersecurity risk management program will be effective
in preventing material cybersecurity threats in the future. For a description of the risks from cybersecurity threats that may materially
affect us, including our results of operations and financial condition, see “Item 1. Key Information—D. Risk Factors—Risks
related to our industry, business and operations—We or our CROs, contractors, consultants, or other third parties may suffer system
failures, security breaches, or other incidents which may have a material adverse impact to our operations and financial position, which
could result in material disruption of our product development programs and adversely impact our business, financial condition or results
of operations.
|
| Cybersecurity Risk Management Processes Integrated [Flag] |
true
|
| Cybersecurity Risk Management Processes Integrated [Text Block] |
Our
cybersecurity risk management program is designed to protect the confidentiality, integrity, and availability of our critical systems,
information and data. The policies, standards, processes and practices of our cybersecurity risk management program are part of our information
security management system, or ISMS, program, which is integrated into our enterprise risk management process.
|
| Cybersecurity Risk Role of Management [Text Block] |
Key
elements of our cybersecurity risk management program include, but are not limited to the following:
| |
● |
a cybersecurity
threat defense system that addresses both internal and external threats; |
| |
● |
a cybersecurity incident response
plan that includes procedures for responding to cybersecurity incidents and risk assessments designed to help identify material cybersecurity
risks to our critical systems, information, products, services, and our broader enterprise information technology environment; |
| |
● |
a security
team principally responsible for managing our cybersecurity risk assessment processes, our security controls, and our response to
cybersecurity incidents; |
| |
● |
network,
host and application security; |
| ● | sensitive
information protection methods, including technical safeguards, procedural requirements,
and monitoring program on our corporate network; |
| ● | continuous
testing of our security posture both internally and with outside vendors; |
| ● | security
system effectiveness reviews with reference to applicable security standards; and |
| ● | regular
cybersecurity training for employees and contractors. |
|
| Cybersecurity Risk Management Third Party Engaged [Flag] |
true
|
| Cybersecurity Risk Management Positions or Committees Responsible [Text Block] |
Additionally, our risk monitoring systems are regularly audited by
our internal auditors as well as cybersecurity audit companies. We consider the results of external and internal audits of our risk detection
and monitoring systems and implement modifications as necessary. We
also implement third-party risk management processes to identify, assess and monitor material risks from cybersecurity threats associated
with key services providers that have access to our information technology systems or our confidential, proprietary, personal or otherwise
critical information based on our assessment of the potential impact to our operations and respective risk profile. We
have established and seek to continuously improve effective information security governance. We apply a risk-based approach in line with
our overall risk management framework to address potential gaps in security controls. The processes of our cybersecurity risk management
program are aligned to ISO 27001:2022, an international standard for information security management. As of the date of this Annual Report on Form 20-F, we have not experienced
any cybersecurity incidents or risks from cybersecurity threats that have materially affected or are currently viewed as reasonably likely
to materially affect, us, our business strategy, results of operations, or financial condition. However, the scope and impact of any future
cybersecurity threats cannot be predicted, and there can be no assurance that our cybersecurity risk management program will be effective
in preventing material cybersecurity threats in the future. For a description of the risks from cybersecurity threats that may materially
affect us, including our results of operations and financial condition, see “Item 1. Key Information—D. Risk Factors—Risks
related to our industry, business and operations—We or our CROs, contractors, consultants, or other third parties may suffer system
failures, security breaches, or other incidents which may have a material adverse impact to our operations and financial position, which
could result in material disruption of our product development programs and adversely impact our business, financial condition or results
of operations.
|
| Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Text Block] |
As of the date of this Annual Report on Form 20-F, we have not experienced
any cybersecurity incidents or risks from cybersecurity threats that have materially affected or are currently viewed as reasonably likely
to materially affect, us, our business strategy, results of operations, or financial condition.
|
| Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag] |
false
|
| Cybersecurity Risk Board of Directors Oversight [Text Block] |
Governance Our
board of directors is responsible for overseeing cybersecurity risk as part of its enterprise risk oversight function and has delegated
to the Audit Committee oversight of cybersecurity and other information technology risks. The Audit Committee oversees management’s
implementation of our cybersecurity risk management program. Our board of directors receives periodic reports regarding operational,
financial, strategic, regulatory and other risks to the Company, including risks and exposures associated with cybersecurity, information
security and privacy matters and the steps management has taken to monitor and control such exposures. The Audit Committee and our board
of directors receive biannual reports from our Chief Executive Officer regarding management’s plans to monitor and address cybersecurity
risks and results from our internal audit function and third-party service-providers on their evaluation of the effectiveness of our
cybersecurity risk management program. Our
cybersecurity management team, led by our head of information technology, is responsible for the day-to-day activities of our information
technology systems and implementing our cybersecurity risk management program, assessing and managing our material risks from cybersecurity
threats and supervising both our internal cybersecurity personnel and our external cybersecurity consultants. Our cybersecurity management
team is informed about and monitors cybersecurity risks and incidents through various means, which may include briefings from internal
security personnel, threat intelligence and other information obtained from governmental, public or private sources, including external
consultants engaged by us, and alerts and reports produced by security tools deployed in the information technology environment. Our
head of information technology has more than 10 years of experience in cybersecurity leadership, directing enterprise security strategies,
managing cross-functional teams, and overseeing compliance with frameworks such as ISO27001. In addition, she performs risk assessments,
security related policy development, and incident response coordination, ensuring alignment with business objectives. She has also implemented
advanced security architectures including endpoint/virtual desktop infrastructure security, network security, data security, email security,
and others and led audits for information technology security compliance as well as fostering a security-first culture through staff
training and threat simulations. Based on ongoing communications with our cybersecurity management team and internal and external cybersecurity
personnel, our head of information technology provides updates to our Chief Executive Officer as to our overall security controls, policies
and operations and our Chief Executive Officer informs the Audit Committee and the board of directors regarding the effectiveness of
our cybersecurity risk management program, associated risks and steps taken to reduce our vulnerability and mitigate impacts associated
with cybersecurity threats.
|
| Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block] |
The Audit Committee oversees management’s
implementation of our cybersecurity risk management program.
|
| Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag] |
true
|
| Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block] |
Our cybersecurity management
team is informed about and monitors cybersecurity risks and incidents through various means, which may include briefings from internal
security personnel, threat intelligence and other information obtained from governmental, public or private sources, including external
consultants engaged by us, and alerts and reports produced by security tools deployed in the information technology environment.
|