|
Cybersecurity Risk Management and Strategy Disclosure
|12 Months Ended
Dec. 31, 2024
|Cybersecurity Risk Management, Strategy, and Governance [Line Items]
|Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]
|Risk management and strategy
We manage cyber security risk using our corporate enterprise
risk management and Internal Control Framework (ICF). Our
Chief Information Security Officer (CISO) heads our Cyber
Security Office and is responsible for identifying and
implementing controls to mitigate and manage cyber security
risks, while maintaining a set of key risk indicators and setting
tolerances and thresholds that balance risk and business
needs. We adhere to widely accepted standards and
frameworks to benchmark our internal environment and
controls, defining our security objectives and desired outcomes.
As our threat environment evolves, we also utilise external
frameworks such as the NIST Cyber Security Framework to
measure cyber readiness and maturity, ISO 27001/27002 for
general information technology controls, and Sarbanes-Oxley
(SOX) for assessment of internal controls. Furthermore, we
draw on third party consultants’ expertise in processes for
assessing, identifying and/or managing cyber security risks. We
also have a third-party security risk management programme to
assess cyber security risk when selecting and onboarding thirdparties.
|Cybersecurity Risk Management Processes Integrated [Flag]
|true
|Cybersecurity Risk Management Processes Integrated [Text Block]
|We manage cyber security risk using our corporate enterprise
risk management and Internal Control Framework (ICF). Our
Chief Information Security Officer (CISO) heads our Cyber
Security Office and is responsible for identifying and
implementing controls to mitigate and manage cyber security
risks, while maintaining a set of key risk indicators and setting
tolerances and thresholds that balance risk and businessneeds.
|Cybersecurity Risk Management Third Party Engaged [Flag]
|true
|Cybersecurity Risk Third Party Oversight and Identification Processes [Flag]
|true
|Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag]
|false
|Cybersecurity Risk Board of Directors Oversight [Text Block]
|Information and Cyber Security Governance
The Chief Digital and Technology Officer (CDTO) leads the
Digital and Technology function, including the CISO and Cyber
Security Office. Our CDTO has over 25 years of experience as
an IT professional, including with GSK since 2018, and is
responsible for Technology and Cyber Security at GSK. The
CDTO is the Enterprise Risk Owner and manages and reports
regularly on the GSK Information and Cyber Security risk.
The CISO coordinates risk, develops controls, and monitors the
enterprise risk plan. This plan includes a description of the risk,
its external and internal context, our assessment and risk
appetite, how we treat and monitor the risk in line with our ICF.
The Board, Audit & Risk Committee, and Risk Oversight and
Compliance Council oversee our cyber security risk. The CISO
regularly reports on cyber security risks. This reporting covers
external and internal insights, key risk indicators, management
actions, updates on implementing the enterprise risk plan, and
escalations. The Cyber Security Office analyses potential
cyber security incidents. Significant cyber security incidents are
escalated to the Chief Compliance Officer, CDTO, GSK
Leadership Team, and Company Secretary. Material incidents
are escalated to the Board and Audit & Risk Committee and
appropriate disclosure committee as needed.
|Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block]
|The Board, Audit & Risk Committee, and Risk Oversight and Compliance Council oversee our cyber security risk.
|Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block]
|The Board, Audit & Risk Committee, and Risk Oversight and
Compliance Council oversee our cyber security risk. The CISO
regularly reports on cyber security risks. This reporting covers
external and internal insights, key risk indicators, management
actions, updates on implementing the enterprise risk plan, and
escalations. The Cyber Security Office analyses potential
cyber security incidents. Significant cyber security incidents are
escalated to the Chief Compliance Officer, CDTO, GSK
Leadership Team, and Company Secretary. Material incidents
are escalated to the Board and Audit & Risk Committee and
appropriate disclosure committee as needed.
|Cybersecurity Risk Role of Management [Text Block]
|The Chief Digital and Technology Officer (CDTO) leads the
Digital and Technology function, including the CISO and Cyber
Security Office. Our CDTO has over 25 years of experience as
an IT professional, including with GSK since 2018, and is
responsible for Technology and Cyber Security at GSK. The
CDTO is the Enterprise Risk Owner and manages and reports
regularly on the GSK Information and Cyber Security risk.
The CISO coordinates risk, develops controls, and monitors the
enterprise risk plan. This plan includes a description of the risk,
its external and internal context, our assessment and risk
appetite, how we treat and monitor the risk in line with our ICF.
The Board, Audit & Risk Committee, and Risk Oversight and
Compliance Council oversee our cyber security risk. The CISO
regularly reports on cyber security risks. This reporting covers
external and internal insights, key risk indicators, management
actions, updates on implementing the enterprise risk plan, and
escalations. The Cyber Security Office analyses potential
cyber security incidents. Significant cyber security incidents are
escalated to the Chief Compliance Officer, CDTO, GSK
Leadership Team, and Company Secretary. Material incidents
are escalated to the Board and Audit & Risk Committee and
appropriate disclosure committee as needed.
Cyber Security Awareness, Training and Readiness
Our cyber security awareness and training programmes include
phishing simulations, monthly awareness campaigns, and
mandatory annual refreshers for all employees. We also run
periodic crisis simulation exercises to test our response tocyber security incidents.
|Cybersecurity Risk Management Positions or Committees Responsible [Flag]
|true
|Cybersecurity Risk Management Positions or Committees Responsible [Text Block]
|The Chief Digital and Technology Officer (CDTO) leads the
Digital and Technology function, including the CISO and Cyber
Security Office. Our CDTO has over 25 years of experience as
an IT professional, including with GSK since 2018, and is
responsible for Technology and Cyber Security at GSK. The
CDTO is the Enterprise Risk Owner and manages and reports
regularly on the GSK Information and Cyber Security risk.
The CISO coordinates risk, develops controls, and monitors the
enterprise risk plan. This plan includes a description of the risk,
its external and internal context, our assessment and risk
appetite, how we treat and monitor the risk in line with our ICF.
The Board, Audit & Risk Committee, and Risk Oversight and
Compliance Council oversee our cyber security risk. The CISO
regularly reports on cyber security risks. This reporting covers
external and internal insights, key risk indicators, management
actions, updates on implementing the enterprise risk plan, and
escalations. The Cyber Security Office analyses potential
cyber security incidents. Significant cyber security incidents are
escalated to the Chief Compliance Officer, CDTO, GSK
Leadership Team, and Company Secretary. Material incidents
are escalated to the Board and Audit & Risk Committee and
appropriate disclosure committee as needed.
|Cybersecurity Risk Management Expertise of Management Responsible [Text Block]
|Our CDTO has over 25 years of experience as
an IT professional, including with GSK since 2018, and is
responsible for Technology and Cyber Security at GSK. The
CDTO is the Enterprise Risk Owner and manages and reportsregularly on the GSK Information and Cyber Security risk.
|Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block]
|The Chief Digital and Technology Officer (CDTO) leads the
Digital and Technology function, including the CISO and Cyber
Security Office. Our CDTO has over 25 years of experience as
an IT professional, including with GSK since 2018, and is
responsible for Technology and Cyber Security at GSK. The
CDTO is the Enterprise Risk Owner and manages and reports
regularly on the GSK Information and Cyber Security risk.
The CISO coordinates risk, develops controls, and monitors the
enterprise risk plan. This plan includes a description of the risk,
its external and internal context, our assessment and risk
appetite, how we treat and monitor the risk in line with our ICF.
The Board, Audit & Risk Committee, and Risk Oversight and
Compliance Council oversee our cyber security risk. The CISO
regularly reports on cyber security risks. This reporting covers
external and internal insights, key risk indicators, management
actions, updates on implementing the enterprise risk plan, and
escalations. The Cyber Security Office analyses potential
cyber security incidents. Significant cyber security incidents are
escalated to the Chief Compliance Officer, CDTO, GSK
Leadership Team, and Company Secretary. Material incidents
are escalated to the Board and Audit & Risk Committee and
appropriate disclosure committee as needed.
|Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag]
|true
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef