Cybersecurity Risk Management and Strategy Disclosure |
12 Months Ended |
|---|---|
Jan. 31, 2025 | |
| Cybersecurity Risk Management, Strategy, and Governance [Line Items] | |
| Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block] |
Risk Management and Strategy We have implemented an enterprise-wide information security program designed to identify, protect, detect, respond to, and manage reasonably foreseeable cybersecurity risks and threats. Our primary objectives are to safeguard information assets, prevent their misuse or loss, and minimize business disruptions, through a comprehensive cybersecurity program intended to detect, analyze, contain and address cybersecurity risk exposures, threats and incidents. Our program utilizes various security tools to safeguard our information systems, aiding in prevention, identification, escalation, investigation, resolution, and recovery from vulnerabilities and security incidents. Examples of such security tools include internal reporting systems, monitoring and detection tools, third-party penetration testing and security assessments and a bug bounty program engaging security researchers. In addition, we have adopted a comprehensive incident response plan and process for detecting, mitigating, and investigating cybersecurity incidents, which employees, under the leadership of the Company's Chief Information Security Officer ("CISO"), regularly test through table-top exercises, testing of our security protocols through additional techniques such as penetration testing, debriefing after security incidents to improve our security and responses, and regular briefing to our directors and officers on our cybersecurity risks and preparedness. Our Board has oversight of our strategic and business risk management, including cybersecurity risk management, with support from our Audit Committee as described under “Governance” below. The Audit Committee is responsible for ensuring that management has processes in place designed to identify and evaluate cybersecurity risks to which we are exposed and to implement processes and programs to manage cybersecurity risks and mitigate cybersecurity incidents.
Our global information security program is led by our CISO, who brings over 20 years of industry experience.
Additionally, we maintain a -party security program to assess, prioritize, and mitigate risks associated with our vendors and partners. We also rely on parties to implement appropriate security measures.
Regular risk assessments evaluate cybersecurity and technology threats, employing a widely adopted risk management model to prioritize risks and develop corresponding security controls. Our information security program undergoes regular reviews, audits, tests, and exercises to ensure effectiveness and enhance security measures. Although we have experienced cybersecurity incidents in the past, as of the date of this report, we have not identified any risks from cybersecurity threats, including as a result of previous cybersecurity incidents that have materially affected or are reasonably likely to materially affect the Company, including our business strategy, results of operations, or financial condition. Despite our continuing efforts, however, we cannot guarantee that our cybersecurity safeguards will prevent breaches or breakdowns of our or our third-party service providers’ information technology systems, particularly in the face of continually evolving cybersecurity threats and increasingly sophisticated threat actors. A cybersecurity incident may materially affect our business, results of operations or financial condition, including where such an incident results in reputational, competitive, or business harm or damage to our Company, significant costs or the Company being subject to government investigations, litigation, fines or damages. For more information, see “We are regularly subject to cybersecurity and other similar attacks. If our security measures are breached or unauthorized access to customer data is otherwise obtained, our platforms may be perceived as insecure, we may lose existing customers or fail to attract new customers, our reputation may be harmed, and we may incur significant liabilities.” |
| Cybersecurity Risk Management Processes Integrated [Flag] | true |
| Cybersecurity Risk Management Processes Integrated [Text Block] | We have implemented an enterprise-wide information security program designed to identify, protect, detect, respond to, and manage reasonably foreseeable cybersecurity risks and threats. Our primary objectives are to safeguard information assets, prevent their misuse or loss, and minimize business disruptions, through a comprehensive cybersecurity program intended to detect, analyze, contain and address cybersecurity risk exposures, threats and incidents. Our program utilizes various security tools to safeguard our information systems, aiding in prevention, identification, escalation, investigation, resolution, and recovery from vulnerabilities and security incidents. Examples of such security tools include internal reporting systems, monitoring and detection tools, third-party penetration testing and security assessments and a bug bounty program engaging security researchers. In addition, we have adopted a comprehensive incident response plan and process for detecting, mitigating, and investigating cybersecurity incidents, which employees, under the leadership of the Company's Chief Information Security Officer ("CISO"), regularly test through table-top exercises, testing of our security protocols through additional techniques such as penetration testing, debriefing after security incidents to improve our security and responses, and regular briefing to our directors and officers on our cybersecurity risks and preparedness. |
| Cybersecurity Risk Management Third Party Engaged [Flag] | true |
| Cybersecurity Risk Third Party Oversight and Identification Processes [Flag] | true |
| Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag] | false |
| Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Text Block] | Although we have experienced cybersecurity incidents in the past, as of the date of this report, we have not identified any risks from cybersecurity threats, including as a result of previous cybersecurity incidents that have materially affected or are reasonably likely to materially affect the Company, including our business strategy, results of operations, or financial condition. Despite our continuing efforts, however, we cannot guarantee that our cybersecurity safeguards will prevent breaches or breakdowns of our or our third-party service providers’ information technology systems, particularly in the face of continually evolving cybersecurity threats and increasingly sophisticated threat actors. A cybersecurity incident may materially affect our business, results of operations or financial condition, including where such an incident results in reputational, competitive, or business harm or damage to our Company, significant costs or the Company being subject to government investigations, litigation, fines or damages. For more information, see “We are regularly subject to cybersecurity and other similar attacks. If our security measures are breached or unauthorized access to customer data is otherwise obtained, our platforms may be perceived as insecure, we may lose existing customers or fail to attract new customers, our reputation may be harmed, and we may incur significant liabilities.” |
| Cybersecurity Risk Board of Directors Oversight [Text Block] |
Governance
As part of its oversight responsibilities, which include the identification of the principal risks of the business and ensuring the implementation of appropriate systems to manage such risks, the Board devotes significant time and attention to information security and risk management, including cybersecurity, and regulatory compliance, supported by the Audit Committee.
The Audit Committee is responsible for evaluating the Company’s major financial risk exposures and the steps management has taken to monitor and control such exposures. The Audit Committee’s charter also requires it to discuss guidelines, policies and steps to govern the process by which risk assessment and management is undertaken (including risks related to information security, cybersecurity and data protection) and the establishment and management of appropriate systems to manage such risks. The Audit Committee reviews cybersecurity risks through quarterly reports from the CISO, and monitors the status of existing information security controls and practices to mitigate the potential risk from evolving cybersecurity threats. Regular reports on cybersecurity threats, assessments, and findings are also provided by the CISO to senior management and relevant teams. |
| Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block] | Our Board has oversight of our strategic and business risk management, including cybersecurity risk management, with support from our Audit Committee as described under “Governance” below. The Audit Committee is responsible for ensuring that management has processes in place designed to identify and evaluate cybersecurity risks to which we are exposed and to implement processes and programs to manage cybersecurity risks and mitigate cybersecurity incidents. |
| Cybersecurity Risk Role of Management [Text Block] | The Audit Committee is responsible for evaluating the Company’s major financial risk exposures and the steps management has taken to monitor and control such exposures. The Audit Committee’s charter also requires it to discuss guidelines, policies and steps to govern the process by which risk assessment and management is undertaken (including risks related to information security, cybersecurity and data protection) and the establishment and management of appropriate systems to manage such risks. The Audit Committee reviews cybersecurity risks through quarterly reports from the CISO, and monitors the status of existing information security controls and practices to mitigate the potential risk from evolving cybersecurity threats. Regular reports on cybersecurity threats, assessments, and findings are also provided by the CISO to senior management and relevant teams. |
| Cybersecurity Risk Management Positions or Committees Responsible [Flag] | true |
| Cybersecurity Risk Management Expertise of Management Responsible [Text Block] | Our global information security program is led by our CISO, who brings over 20 years of industry experience. |
| Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag] | true |