|
Cybersecurity Risk Management, Strategy and Governance
|12 Months Ended
Dec. 31, 2024
|Cybersecurity Risk Management, Strategy, and Governance [Line Items]
|Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]
|
Item 1C Cyber Security
Risk Management & Strategy
Innospec has strategically integrated cyber security risk management into its broader risk management framework to promote a company-wide culture of cyber security risk management. This integration ensures that cyber security considerations are an integral part of our decision-making processes at every
level. For example, training on cyber security risks was required of all Innospec directors and employees who have access to our information technology resources. Our risk management team works closely with our Information Technology (“IT”) leadership to continuously evaluate and address cyber security risks in alignment with our business objectives and operational needs.
Innospec’s IT leadership team is responsible for assessing, identifying and managing the inherent and residual risks associated with cyber security threats across our IT and Operational Technology landscape. IT leadership periodically reviews the Company’s external threats, portfolio, and external services, and will update its risk register accordingly.
IT leadership will, when required by either executive management or the Board, engage third-party reviews of our overall cyber security compliance using The National Institute of Technology (“NIST”) framework. IT leadership will also periodically engage specialist security contractors to test the Company’s resilience to cyber security threats, conduct penetration testing and vulnerability assessments across its assets and request additional investment where necessary to further improve our cyber security.
Innospec utilizes an external service to provide ongoing analysis of the security related to our critical third-party service providers for IT operations and business IT services. Innospec will use the information provided by this external service as part of its IT vendor selection criteria and for ongoing third-party risk management.
Innospec’s cyber security is underpinned by a third-party specialist that monitors critical systems and end-user devices for cyber-attacks. In the first instance, cyber-attacks are brought to the attention of the IT leadership for evaluation and remediation before further escalation to the CEO and CFO is considered.
Periodically, our systems are subject to targeted attacks which are intended to interrupt our operations or may lead to the loss, misuse or theft of personal information relating to our employees, suppliers and customers or lead to the loss of Company data, confidential information or our intellectual property.
Governance
Innospec’s Board and its committees provide oversight of the Company’s IT, including cyber security, in connection with the Company’s efforts to assess and manage the Company’s risk exposure. Oversight of risk management, including cyber security risk management is an integral part of Board and committee deliberations throughout the year. Since 2019, the Board has retained NCC Group (“NCC”) to perform cyber security reviews. NCC reports its findings directly to the Board.
Innospec’s Board has delegated responsibility for the management of the Company’s IT to the Company's IT steering committee via the CEO and CFO. The IT steering committee is made up of executive management, business leaders from our reporting segments, the functional heads responsible for our operating systems, IT leadership and is chaired by our Global IT Director. The Company considers that the IT steering committee members have the appropriate qualifications and experience required to enable them to fulfill their responsibilities. The IT steering committee may, as per its agreed terms of reference, escalate any matter it wishes to the Board via either the CEO or CFO.
IT leadership is made up of senior managers with the appropriate qualifications and business experience required for their roles overseeing Innospec’s IT operations. In addition, the IT leadership team includes specialists with many years cyber security experience at both Innospec and previously with other organizations, combined with multiple cyber security qualifications. Innospec's IT leadership formally reports through the CEO and CFO to the Board.
Innospec’s CEO and CFO are involved with and approve the Company’s strategy for managing the prevention, detection, mitigation and remediation of cyber security incidents as part of its “IT Security Management System” which includes defined escalation and internal communications processes and responsibilities.
IT leadership will, as required, present to the IT steering committee, information regarding any IT risks identified and the mitigation plans to reduce the Company’s residual risks. The IT steering committee will be regularly updated as to the occurrence, mitigation and resolution of cyber security incidents. Any cyber security incident that is considered significant in nature will be shared by IT leadership with the IT steering committee in accordance with the agreed communication and escalation processes. The IT steering committee will assess the incident and make a recommendation to the CEO and CFO as to whether the incident is reportable to the SEC and/or other regulators or stakeholders.
In the last three fiscal years, management has determined there were no cyber security threats that have materially affected Innospec and that the expenses incurred relating to cyber incidents have been immaterial. The Company is not aware of any threats that are reasonably likely to materially affect its business strategy, results of operations or financial condition for the foreseeable future.
IT leadership provides a written report to the Board each quarter and the Global IT Director presents in person at least annually. Those reports and presentations include information on Innospec’s cyber security and the related key performance indicators. IT leadership also provides external threat analysis to the Board when new relevant threats are identified as being exploitable and their potential impact on Innospec.
|Cybersecurity Risk Management Processes Integrated [Flag]
|true
|Cybersecurity Risk Management Processes Integrated [Text Block]
|
Innospec has strategically integrated cyber security risk management into its broader risk management framework to promote a company-wide culture of cyber security risk management. This integration ensures that cyber security considerations are an integral part of our decision-making processes at every
level. For example, training on cyber security risks was required of all Innospec directors and employees who have access to our information technology resources. Our risk management team works closely with our Information Technology (“IT”) leadership to continuously evaluate and address cyber security risks in alignment with our business objectives and operational needs.
|Cybersecurity Risk Management Third Party Engaged [Flag]
|true
|Cybersecurity Risk Third Party Oversight and Identification Processes [Flag]
|true
|Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag]
|false
|Cybersecurity Risk Board of Directors Oversight [Text Block]
|
Innospec’s Board and its committees provide oversight of the Company’s IT, including cyber security, in connection with the Company’s efforts to assess and manage the Company’s risk exposure. Oversight of risk management, including cyber security risk management is an integral part of Board and committee deliberations throughout the year. Since 2019, the Board has retained NCC Group (“NCC”) to perform cyber security reviews. NCC reports its findings directly to the Board.
Innospec’s Board has delegated responsibility for the management of the Company’s IT to the Company's IT steering committee via the CEO and CFO. The IT steering committee is made up of executive management, business leaders from our reporting segments, the functional heads responsible for our operating systems, IT leadership and is chaired by our Global IT Director. The Company considers that the IT steering committee members have the appropriate qualifications and experience required to enable them to fulfill their responsibilities. The IT steering committee may, as per its agreed terms of reference, escalate any matter it wishes to the Board via either the CEO or CFO.
IT leadership is made up of senior managers with the appropriate qualifications and business experience required for their roles overseeing Innospec’s IT operations. In addition, the IT leadership team includes specialists with many years cyber security experience at both Innospec and previously with other organizations, combined with multiple cyber security qualifications. Innospec's IT leadership formally reports through the CEO and CFO to the Board.
Innospec’s CEO and CFO are involved with and approve the Company’s strategy for managing the prevention, detection, mitigation and remediation of cyber security incidents as part of its “IT Security Management System” which includes defined escalation and internal communications processes and responsibilities.
IT leadership will, as required, present to the IT steering committee, information regarding any IT risks identified and the mitigation plans to reduce the Company’s residual risks. The IT steering committee will be regularly updated as to the occurrence, mitigation and resolution of cyber security incidents. Any cyber security incident that is considered significant in nature will be shared by IT leadership with the IT steering committee in accordance with the agreed communication and escalation processes. The IT steering committee will assess the incident and make a recommendation to the CEO and CFO as to whether the incident is reportable to the SEC and/or other regulators or stakeholders.
In the last three fiscal years, management has determined there were no cyber security threats that have materially affected Innospec and that the expenses incurred relating to cyber incidents have been immaterial. The Company is not aware of any threats that are reasonably likely to materially affect its business strategy, results of operations or financial condition for the foreseeable future.
IT leadership provides a written report to the Board each quarter and the Global IT Director presents in person at least annually. Those reports and presentations include information on Innospec’s cyber security and the related key performance indicators. IT leadership also provides external threat analysis to the Board when new relevant threats are identified as being exploitable and their potential impact on Innospec.
|Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block]
|The IT steering committee is made up of executive management, business leaders from our reporting segments, the functional heads responsible for our operating systems, IT leadership and is chaired by our Global IT Director. The Company considers that the IT steering committee members have the appropriate qualifications and experience required to enable them to fulfill their responsibilities. The IT steering committee may, as per its agreed terms of reference, escalate any matter it wishes to the Board via either the CEO or CFO.
|Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block]
|
IT leadership provides a written report to the Board each quarter and the Global IT Director presents in person at least annually. Those reports and presentations include information on Innospec’s cyber security and the related key performance indicators. IT leadership also provides external threat analysis to the Board when new relevant threats are identified as being exploitable and their potential impact on Innospec.
|Cybersecurity Risk Role of Management [Text Block]
|
Innospec’s CEO and CFO are involved with and approve the Company’s strategy for managing the prevention, detection, mitigation and remediation of cyber security incidents as part of its “IT Security Management System” which includes defined escalation and internal communications processes and responsibilities.
|Cybersecurity Risk Management Positions or Committees Responsible [Flag]
|true
|Cybersecurity Risk Management Positions or Committees Responsible [Text Block]
|Innospec’s Board has delegated responsibility for the management of the Company’s IT to the Company's IT steering committee via the CEO and CFO
|Cybersecurity Risk Management Expertise of Management Responsible [Text Block]
|IT leadership is made up of senior managers with the appropriate qualifications and business experience required for their roles overseeing Innospec’s IT operations. In addition, the IT leadership team includes specialists with many years cyber security experience at both Innospec and previously with other organizations, combined with multiple cyber security qualifications.
|Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block]
|The IT steering committee will be regularly updated as to the occurrence, mitigation and resolution of cyber security incidents. Any cyber security incident that is considered significant in nature will be shared by IT leadership with the IT steering committee in accordance with the agreed communication and escalation processes. The IT steering committee will assess the incident and make a recommendation to the CEO and CFO as to whether the incident is reportable to the SEC and/or other regulators or stakeholders.
|Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag]
|true
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef