|
Cybersecurity Risk Management and Strategy Disclosure
|12 Months Ended
Dec. 31, 2024
|Cybersecurity Risk Management, Strategy, and Governance [Line Items]
|Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]
|
Our Board of Directors and management team recognizes the importance of assessing, identifying, and managing material risks associated with cybersecurity threats, as such term is defined in Item 106(a) of Regulation S-K. Our cybersecurity risks are considered individually as part of our enterprise risk management program alongside other risks, and prioritized and discussed with our Board of Directors.
Our internal Security Operations Center (“SOC”) has primary responsibility for assessing, identifying, and managing material risks associated with cybersecurity threats, and provides information security monitoring for both shoreside and shipboard information systems and applications. The SOC is a team comprised of cybersecurity professionals who are responsible for real-time incident response management for our IT infrastructure, which includes our websites, applications, databases, servers, network devices and components and workstations. They are trained and equipped to identify, contain, analyze and investigate any perceived security threats as well as assist internal users with any information security questions or reported issues, such as phishing/scam emails, information security concerns and security solution related access or performance issues.
As part of our cybersecurity program, team members are offered cybersecurity training and participate in awareness programs including phishing simulation exercises, regular cybersecurity newsletters and reminders and programming and events during cybersecurity awareness month.
Our processes also address cybersecurity threat risks associated with our use of third-party service providers, including those who have access to our customer, prospect, supplier or employee data or our systems. In addition, cybersecurity considerations affect the selection and oversight of our third-party service providers. We generally require that third-party service providers that access, host our data, or could otherwise introduce cybersecurity risk to us, enter into contracts that obligate them to manage their cybersecurity risks in certain ways and report any cybersecurity incidents to us.
We engage third-party advisory firms to conduct assessments of the maturity of our security program and, among other measures, work to be Payment Card Industry compliant where required. We also maintain incident response procedures and business continuity and contingency plans and periodically hire third parties to conduct vulnerability analyses. We also compare our processes to standards set by the National Institute of Standards and Technology and/or International Organization for Standardization, as appropriate.
|Cybersecurity Risk Management Processes Integrated [Flag]
|true
|Cybersecurity Risk Management Processes Integrated [Text Block]
|
Our Board of Directors and management team recognizes the importance of assessing, identifying, and managing material risks associated with cybersecurity threats, as such term is defined in Item 106(a) of Regulation S-K. Our cybersecurity risks are considered individually as part of our enterprise risk management program alongside other risks, and prioritized and discussed with our Board of Directors.
Our internal Security Operations Center (“SOC”) has primary responsibility for assessing, identifying, and managing material risks associated with cybersecurity threats, and provides information security monitoring for both shoreside and shipboard information systems and applications. The SOC is a team comprised of cybersecurity professionals who are responsible for real-time incident response management for our IT infrastructure, which includes our websites, applications, databases, servers, network devices and components and workstations. They are trained and equipped to identify, contain, analyze and investigate any perceived security threats as well as assist internal users with any information security questions or reported issues, such as phishing/scam emails, information security concerns and security solution related access or performance issues.
As part of our cybersecurity program, team members are offered cybersecurity training and participate in awareness programs including phishing simulation exercises, regular cybersecurity newsletters and reminders and programming and events during cybersecurity awareness month.
Our processes also address cybersecurity threat risks associated with our use of third-party service providers, including those who have access to our customer, prospect, supplier or employee data or our systems. In addition, cybersecurity considerations affect the selection and oversight of our third-party service providers. We generally require that third-party service providers that access, host our data, or could otherwise introduce cybersecurity risk to us, enter into contracts that obligate them to manage their cybersecurity risks in certain ways and report any cybersecurity incidents to us.
We engage third-party advisory firms to conduct assessments of the maturity of our security program and, among other measures, work to be Payment Card Industry compliant where required. We also maintain incident response procedures and business continuity and contingency plans and periodically hire third parties to conduct vulnerability analyses. We also compare our processes to standards set by the National Institute of Standards and Technology and/or International Organization for Standardization, as appropriate.
|Cybersecurity Risk Management Third Party Engaged [Flag]
|true
|Cybersecurity Risk Third Party Oversight and Identification Processes [Flag]
|true
|Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag]
|false
|Cybersecurity Risk Board of Directors Oversight [Text Block]
|
The Technology, Environmental, Safety and Security Committee of NCLH’s Board of Directors oversees our programs and policies related to data protection and cybersecurity and receives updates on related risks from our Chief Information Security Officer on at least an annual basis, and more often as the circumstances require. The Audit Committee of our Board of Directors also receives updates, at least annually, from our Chief Information Officer and/or Chief Information Security Officer regarding cybersecurity and other information system compliance matters that may pose risks to our financial reporting or operations.
|Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block]
|The Technology, Environmental, Safety and Security Committee
|Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block]
|
The Technology, Environmental, Safety and Security Committee of NCLH’s Board of Directors oversees our programs and policies related to data protection and cybersecurity and receives updates on related risks from our Chief Information Security Officer on at least an annual basis, and more often as the circumstances require. The Audit Committee of our Board of Directors also receives updates, at least annually, from our Chief Information Officer and/or Chief Information Security Officer regarding cybersecurity and other information system compliance matters that may pose risks to our financial reporting or operations.
|Cybersecurity Risk Role of Management [Text Block]
|
Our Chief Information Security Officer is responsible for our overall data security and cybersecurity risk reduction efforts, including information security compliance, training and awareness and application, network and system security. Our Chief Information Security Officer has 25 years of prior experience in the fields of information systems, cybersecurity, risk management, and infrastructure management. Our Chief Information Security Officer holds master’s and bachelor’s degrees in both Computer Information Systems and Business Administration and the following certifications: Certified Internal Controls Auditor (CICA), Payment Card Industry Professional (PCIP), Certified Information Systems Security Professional (CISSP), Certified Information Systems Auditor (CISA) and Certified in Risk and Information Systems Control (CRISC).
|Cybersecurity Risk Management Positions or Committees Responsible [Flag]
|true
|Cybersecurity Risk Management Positions or Committees Responsible [Text Block]
|Chief Information Security Officer
|Cybersecurity Risk Management Expertise of Management Responsible [Text Block]
|Our Chief Information Security Officer has 25 years of prior experience in the fields of information systems, cybersecurity, risk management, and infrastructure management. Our Chief Information Security Officer holds master’s and bachelor’s degrees in both Computer Information Systems and Business Administration and the following certifications: Certified Internal Controls Auditor (CICA), Payment Card Industry Professional (PCIP), Certified Information Systems Security Professional (CISSP), Certified Information Systems Auditor (CISA) and Certified in Risk and Information Systems Control (CRISC).
|Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag]
|true
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef