Cybersecurity Risk Management and Strategy Disclosure |
12 Months Ended |
|---|---|
Dec. 31, 2024 | |
| Cybersecurity Risk Management, Strategy, and Governance [Line Items] | |
| Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block] |
Risk Management We manage significant and persistent cybersecurity risks due to the need to protect our business, including our intellectual property and intellectual property of others that is licensed for our use, our confidential information and information concerning our personnel and others with whom we conduct business. As other technology companies we occasionally face threats from actors who seek to disrupt our business as well as others who are engaging in malicious activities or for reputation damage. Disclose of certain information as a result of a cybersecurity breach may result in a breach of privacy laws. The substantial level of harm that could occur to us and our suppliers and customers were we to suffer impacts of a material cybersecurity incident; and our use of third-party products, services and components requires us to maintain robust governance and oversight of these risks and to implement mechanisms, technologies and processes designed to help us assess, identify, and eliminate these risks. While we have not, as of the date of this Form 20-F, experienced a cybersecurity threat or incident that resulted in a material adverse impact to our business or operations, we cannot assure you that we will not experience such an incident in the future. While we did suffer a cybersecurity incident in 2023 which did not result in any material adverse impact to our business, we did not experience any disclosure of our proprietary information, and following such incident we took additional steps to protect ourselves from cybersecurity incidents. Any cybersecurity incidents, whether or not successful, could result in our incurring additional costs related to, for example, rebuilding our internal systems, implementing additional threat protection measures, responding to regulatory inquiries or actions, paying damages or making payments to obtain access to our computer systems, or taking other remedial steps with respect to third parties, as well as incurring significant reputational harm. We have seen an increase in cyberattack volume, frequency, and sophistication. We seek to detect and investigate unauthorized attempts and attacks against our network, products, and services, and to prevent their occurrence and recurrence where practicable through changes or updates to our internal processes and tools and changes or updates to our products and services; however, while diligently taking actions to eliminate and reduce cyber risks, we remain potentially vulnerable to known or unknown threats. In some instances, we, our suppliers, our customers, and the users of our products and services can be unaware of a threat or incident or its magnitude and effects. Further, there are increasing regulation requirements regarding responses to cybersecurity incidents, including reporting to regulators, which could subject us to additional liability and reputational harm. |
| Cybersecurity Risk Third Party Oversight and Identification Processes [Flag] | true |
| Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Text Block] | we cannot assure you that we will not experience such an incident in the future. |
| Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag] | false |
| Cybersecurity Risk Management Expertise of Management Responsible [Text Block] | While we did suffer a cybersecurity incident in 2023 which did not result in any material adverse impact to our business, we did not experience any disclosure of our proprietary information, and following such incident we took additional steps to protect ourselves from cybersecurity incidents. |
| Cybersecurity Risk Management Third Party Engaged [Flag] | true |
| Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block] | In addition, and as part of our policy, our CISO is also responsible for informing the Audit Committee of material cybersecurity threats and incidents, based on management’s assessment of risk. |
| Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block] | Our board of directors has overall oversight responsibility for our risk management, and delegates cybersecurity risk management oversight to the audit committee of our board of directors (the “Audit Committee”). Under our cybersecurity governance framework the Audit Committee, in its charter, is empowered to implement and oversee our cybersecurity and information security policies and periodically review their compliance and mitigate potential cybersecurity threats. |
| Cybersecurity Risk Management Positions or Committees Responsible [Text Block] | The Audit Committee is responsible for ensuring that management has in place processes designed to identify and assess cybersecurity risks, and implement processes and programs designed to manage and mitigate and remediate such risks and incidents. |
| Cybersecurity Risk Management Positions or Committees Responsible [Flag] | true |
| Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag] | true |
| Cybersecurity Risk Board of Directors Oversight [Text Block] |
Governance We aim to incorporate industry best practices throughout our cybersecurity program. Our cybersecurity strategy focuses on implementing effective and efficient controls, technologies, and other processes to assess, identify, and manage material cybersecurity risks. Our cybersecurity program is designed to be aligned with applicable industry standards, and we have engaged outside sources to assist in this effort. We have processes in place to assess, identify, manage, and address material cybersecurity threats and incidents. We have ISO 27001:2013 certification, which is an early standard for information security management. Steps taken by us include, among other things: an audit which was conducted by the company’s internal auditor during 2023 through 2024 of the cybersecurity measures and practices of the Company, the engagement with professional service providers (such as a chief information security officer (“CISO”) and security operations center services), security awareness training for employees; mechanisms to detect and monitor unusual network activity; and containment and incident response tools. We monitor issues that are internally discovered or externally reported that may affect our products and have processes to assess those issues for potential cybersecurity impact or risk. We also have a process in place to manage cybersecurity risks associated with third-party service providers. We are in the process of implementing additional technical and organizational security measures to follow our information security program. Our CISO, who is a third party engaged by us, and our VP infrastructure, lead the strategy and guidelines, and work with senior management and IT engineering, to operate and implement cybersecurity of the Company. The CISO is responsible for handling the risk management by assessment, analysis, reporting, managing the cyber protection following the relevant requirements, the work with the Information Technology team, implementing information security awareness among the employees, and updating the company’s security policies. Our CISO provides annual analysis and updates to the management on our cybersecurity and information security policies and programs, as well as ad hoc updates on information security and cybersecurity matters. The CISO and management provide updates to the Audit Committee on the Company’s cybersecurity policies, risks and mitigation strategies. In addition, and as part of our policy, our CISO is also responsible for informing the Audit Committee of material cybersecurity threats and incidents, based on management’s assessment of risk. Our board of directors has overall oversight responsibility for our risk management, and delegates cybersecurity risk management oversight to the audit committee of our board of directors (the “Audit Committee”). Under our cybersecurity governance framework the Audit Committee, in its charter, is empowered to implement and oversee our cybersecurity and information security policies and periodically review their compliance and mitigate potential cybersecurity threats. The Audit Committee is responsible for ensuring that management has in place processes designed to identify and assess cybersecurity risks, and implement processes and programs designed to manage and mitigate and remediate such risks and incidents. Both management and the Audit Committee also report material cybersecurity risks to our full board of directors, based on management’s assessment of risk. |