XML 56 R40.htm IDEA: XBRL DOCUMENT v3.25.0.1
Cybersecurity Risk Management and Strategy Disclosure
 12 Months Ended
Dec. 31, 2024
Cybersecurity Risk Management, Strategy, and Governance [Line Items]  
Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]
Overview of Cybersecurity Risk Management
The Company maintains a cybersecurity program that is designed to identify, prevent, detect, respond to, and recover from cybersecurity threats, and protect the confidentiality, integrity, and availability of our information technology, including the information residing on such systems. The Company has a dedicated Chief Information Security Officer ("CISO") with overall responsibility for developing and implementing the global cyber strategy, risk management, and operational initiatives. The Company leverages recognized cybersecurity frameworks to organize, improve, and assess its cybersecurity program and to manage and reduce cybersecurity risk. The global information security team, under the direction of the CISO, develops, implements, and manages cybersecurity-related internal controls and risk processes for the Company, with internal controls consisting of a mix of administrative, technical, and physical controls.
We deploy, configure, and maintain numerous technologies to enforce security policies, detect and protect against cybersecurity threats, and help safeguard the Company’s information systems and assets. We operate a Security Operation Center ("SOC") to monitor cybersecurity threats, coordinate incident response resources, and reduce response times. Our internal SOC team is augmented by a third-party managed security services provider. The Company maintains a cybersecurity incident response plan that provides a structured approach for the Company’s response to cybersecurity incidents. Under the plan, cybersecurity incidents are escalated based on a defined incident severity scale, including to the Board of Directors as appropriate. To improve preparedness for a cybersecurity incident, we conduct tabletop exercises multiple times throughout the year. These exercises are conducted by internal team members and in some instances with assistance from third-party experts. The Company’s cybersecurity program also includes regular cybersecurity trainings for staff. We actively evaluate the training effectiveness and adjust the trainings based on the evaluations.
The Company’s cybersecurity program is periodically reviewed and adjusted by the CISO's office so that it can remain flexible and responsive as circumstances evolve, new cybersecurity threats emerge, and regulations change.
Engagement of Third Parties
We engage third-party cybersecurity consultants and experts to supplement staffing of our SOC as well as to assess, validate, and enhance our security practices, including conducting cybersecurity maturity assessments, vulnerability assessments, and penetration tests. As part of the incident response process described above, we engage third-party experts as needed to support the incident response team, such as external legal advisors, cybersecurity forensic firms, and other specialists.
Third Party Service Provider Risk Management
Vendor risk assessment is part of the Company’s cybersecurity program, which facilitates management of third-party service providers’ IT-related risks. Third-party service providers that have access to the Company’s network, data and information are subject to a cybersecurity due diligence process and the corresponding security contractual and control requirements based on the nature of the engagement. The vendor risk assessment process is reviewed at least annually.
Risks from Material Cybersecurity Threats
Cybersecurity risk and the failure to maintain the integrity of our operational or security systems or infrastructure, or those of third parties with which we do business, could have a material adverse effect on our business, consolidated financial condition, results of operations, or cash flows. Refer to Part I, Item 1A, "Risk Factors," for more information on Sealed Air's risks relating to our technologies, systems, and networks.
Cybersecurity Risk Management Processes Integrated [Flag] true
Cybersecurity Risk Management Processes Integrated [Text Block]
The Company maintains a cybersecurity program that is designed to identify, prevent, detect, respond to, and recover from cybersecurity threats, and protect the confidentiality, integrity, and availability of our information technology, including the information residing on such systems. The Company has a dedicated Chief Information Security Officer ("CISO") with overall responsibility for developing and implementing the global cyber strategy, risk management, and operational initiatives. The Company leverages recognized cybersecurity frameworks to organize, improve, and assess its cybersecurity program and to manage and reduce cybersecurity risk. The global information security team, under the direction of the CISO, develops, implements, and manages cybersecurity-related internal controls and risk processes for the Company, with internal controls consisting of a mix of administrative, technical, and physical controls.
Cybersecurity Risk Management Third Party Engaged [Flag] true
Cybersecurity Risk Third Party Oversight and Identification Processes [Flag] true
Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag] false
Cybersecurity Risk Board of Directors Oversight [Text Block]
The Board of Directors has oversight responsibility for our risk management programs, including cybersecurity risk management. The Board of Directors has delegated the specific responsibility of cybersecurity risk oversight to the Audit
Committee, although the Board remains actively involved in overseeing cybersecurity risk management, both through presentations given by management during Board meetings, as well as through regular reports from the Audit Committee on its cybersecurity risk oversight activities.
Our Chief Information Officer ("CIO") and CISO provide cybersecurity updates to the Audit Committee three times each year and the Board at least annually. These updates cover various topics, including information relating to cybersecurity strategy, program management, and performance trends. In addition to this regular reporting, significant cybersecurity risks or threats may also be escalated on as needed basis to the Audit Committee and the Board of Directors.
The Company’s management team is responsible for the day-to-day assessment and management of cybersecurity risks. As mentioned above, a dedicated CISO leads the information security team and is responsible for the Company’s cybersecurity risk management and strategy. The CISO has a master's degree in cybersecurity from the University of Maryland Global Campus, a degree in computer science from Presbyterian College and more than 15 years of experience in technology, information security and risk management with companies in various sectors. The CISO reports to the CIO, who is responsible for global IT strategy and IT operations across the enterprise. The CIO has a degree in computer science and mathematics from Wofford College and has over 30 years of experience in the IT industry, spanning various roles and sectors.
As part of its overall Enterprise Risk Management ("ERM") program, the Company identifies and assesses cybersecurity risks on an annual basis. These assessments are integrated into the Company’s cybersecurity program to ensure alignment with broader risk management objectives. The ERM program includes identification, assessment and management of risks, including cybersecurity risks. Business process owners incorporate risk management philosophy, exposures, mitigating activities, and key indicators to develop strategies and actions. The ERM Steering Committee, comprised of senior level executives, is responsible for assessing cybersecurity risks, providing direction and oversight for risk mitigation actions, and assisting the Board of Directors in overseeing the Company’s cybersecurity risks.
Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block] The Board of Directors has delegated the specific responsibility of cybersecurity risk oversight to the Audit Committee, although the Board remains actively involved in overseeing cybersecurity risk management, both through presentations given by management during Board meetings, as well as through regular reports from the Audit Committee on its cybersecurity risk oversight activities.
Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block] Our Chief Information Officer ("CIO") and CISO provide cybersecurity updates to the Audit Committee three times each year and the Board at least annually. These updates cover various topics, including information relating to cybersecurity strategy, program management, and performance trends. In addition to this regular reporting, significant cybersecurity risks or threats may also be escalated on as needed basis to the Audit Committee and the Board of Directors.
Cybersecurity Risk Role of Management [Text Block]
Our Chief Information Officer ("CIO") and CISO provide cybersecurity updates to the Audit Committee three times each year and the Board at least annually. These updates cover various topics, including information relating to cybersecurity strategy, program management, and performance trends. In addition to this regular reporting, significant cybersecurity risks or threats may also be escalated on as needed basis to the Audit Committee and the Board of Directors.
The Company’s management team is responsible for the day-to-day assessment and management of cybersecurity risks. As mentioned above, a dedicated CISO leads the information security team and is responsible for the Company’s cybersecurity risk management and strategy.
Cybersecurity Risk Management Positions or Committees Responsible [Flag] true
Cybersecurity Risk Management Positions or Committees Responsible [Text Block] Our Chief Information Officer ("CIO") and CISO provide cybersecurity updates to the Audit Committee three times each year and the Board at least annually. These updates cover various topics, including information relating to cybersecurity strategy, program management, and performance trends. In addition to this regular reporting, significant cybersecurity risks or threats may also be escalated on as needed basis to the Audit Committee and the Board of Directors.
Cybersecurity Risk Management Expertise of Management Responsible [Text Block] The CISO has a master's degree in cybersecurity from the University of Maryland Global Campus, a degree in computer science from Presbyterian College and more than 15 years of experience in technology, information security and risk management with companies in various sectors. The CISO reports to the CIO, who is responsible for global IT strategy and IT operations across the enterprise. The CIO has a degree in computer science and mathematics from Wofford College and has over 30 years of experience in the IT industry, spanning various roles and sectors.
Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block] Our Chief Information Officer ("CIO") and CISO provide cybersecurity updates to the Audit Committee three times each year and the Board at least annually. These updates cover various topics, including information relating to cybersecurity strategy, program management, and performance trends. In addition to this regular reporting, significant cybersecurity risks or threats may also be escalated on as needed basis to the Audit Committee and the Board of Directors.
Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag] true