|
Cybersecurity Risk Management and Strategy Disclosure
|12 Months Ended
Dec. 31, 2024
|Cybersecurity Risk Management, Strategy, and Governance [Line Items]
|Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]
|Cybersecurity
Cybersecurity risk management is an essential part of our enterprise risk management program. We are committed to maintaining governance and oversight of these risks and to implementing controls, technologies, and processes designed to help us identify, assess, and manage these risks.
Our cybersecurity program aims to incorporate industry best practices, including standards such as ISO 27001 and the NIST Cybersecurity Framework, and focuses on implementing effective and efficient controls, technologies, and other processes to assess, identify, manage and address cybersecurity risks, threats and incidents. Our practices include, among other things, security awareness training and simulations, technologies and processes to monitor our systems, assessments of controls, and incident response processes. We engage with industry groups and forums to stay informed of industry practices and developments. We monitor developments in the threat landscape that may affect our systems or services and assess their potential impacts on and risks to our cybersecurity posture. We engage external service providers, where appropriate and from time to time, to assist us with aspects of our program, such as assessing and testing controls, providing threat intelligence information and incident response. We also have processes in place to manage cybersecurity risks associated with third-party service providers. Certain key security controls are tested annually by independent third-party auditors as well as our internal auditors. We regularly refine our cybersecurity processes as we determine necessary to address developments in the threat landscape, advance our control and technology capabilities, respond to regulatory requirements and standards, and implement improvements based on the results of internal and external assessments.
Our cybersecurity incident response process involves a multi-functional approach for investigating, containing, and mitigating incidents, including reporting findings to senior management and other key stakeholders, including if appropriate the audit committee and the board, and keeping them informed and involved as appropriate. While we have not, as of the date of this Form 10-K, experienced a cybersecurity threat or incident that has had a material impact on our business or operations, we have experienced incidents that did not have a material impact on our business or operations, and there can be no guarantee that we will not experience an incident that results in a material impact to our business or operations in the future. In addition, cybersecurity threats are constantly evolving and increasing in sophistication, which increases the difficulty of successfully defending against them or implementing adequate preventative and detective measures. See "Risk Factors" above for more information about the cybersecurity risks we face.
Our board of directors has ultimate responsibility for oversight of our risk management, and delegates cybersecurity risk management oversight to the audit committee. The audit committee, which is responsible for ensuring that management has processes in place designed to identify, evaluate and manage cybersecurity risks and incidents, regularly reviews our cybersecurity program with management and reports to the board of directors. Cybersecurity reviews by the audit committee generally occur at least quarterly. A number of our directors have experience in assessing and managing cybersecurity risk, including by serving on other public company audit committees having responsibility for cybersecurity oversight. One of our directors has also served as a Chief Technology Officer for multiple companies.
|Cybersecurity Risk Management Processes Integrated [Flag]
|true
|Cybersecurity Risk Management Processes Integrated [Text Block]
|
Cybersecurity risk management is an essential part of our enterprise risk management program. We are committed to maintaining governance and oversight of these risks and to implementing controls, technologies, and processes designed to help us identify, assess, and manage these risks.
|Cybersecurity Risk Management Third Party Engaged [Flag]
|true
|Cybersecurity Risk Third Party Oversight and Identification Processes [Flag]
|true
|Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag]
|false
|Cybersecurity Risk Board of Directors Oversight [Text Block]
|
Our board of directors has ultimate responsibility for oversight of our risk management, and delegates cybersecurity risk management oversight to the audit committee. The audit committee, which is responsible for ensuring that management has processes in place designed to identify, evaluate and manage cybersecurity risks and incidents, regularly reviews our cybersecurity program with management and reports to the board of directors. Cybersecurity reviews by the audit committee generally occur at least quarterly. A number of our directors have experience in assessing and managing cybersecurity risk, including by serving on other public company audit committees having responsibility for cybersecurity oversight. One of our directors has also served as a Chief Technology Officer for multiple companies.
|Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block]
|Our cybersecurity program is run by our Chief Information Security Officer (CISO), who reports to our Head of Enterprise Risk Management and receives input and support from our Head of Enterprise Risk Management and our Chief Technology and Transformation Officer. Our CISO has extensive experience leading and managing cybersecurity programs and in cybersecurity risk management. Our CISO has served in this position since 2014 and, before Genpact, was previously CISO at another US-listed public company. Our CISO is supported by our information security team, many of whom hold cybersecurity certifications and who collectively possess relevant experience in different areas of cybersecurity, and by our information technology team who operate several critical controls.
|Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block]
|
Our CISO is informed about and monitors prevention, detection, mitigation, and remediation efforts through regular communication and reporting from our information security team, internal governance processes, and by reviewing the results of internal and third-party assessments and audits. Our CISO regularly reports directly to the audit committee on our cybersecurity program and our efforts to prevent, detect, mitigate, and remediate cybersecurity risks. In addition, we have an Information Security Governance Council, made up of members of our senior management team as well as relevant information security personnel, that meets periodically to discuss and address relevant cybersecurity matters.
|Cybersecurity Risk Role of Management [Text Block]
|
Our cybersecurity program is run by our Chief Information Security Officer (CISO), who reports to our Head of Enterprise Risk Management and receives input and support from our Head of Enterprise Risk Management and our Chief Technology and Transformation Officer. Our CISO has extensive experience leading and managing cybersecurity programs and in cybersecurity risk management. Our CISO has served in this position since 2014 and, before Genpact, was previously CISO at another US-listed public company. Our CISO is supported by our information security team, many of whom hold cybersecurity certifications and who collectively possess relevant experience in different areas of cybersecurity, and by our information technology team who operate several critical controls.
Our CISO is informed about and monitors prevention, detection, mitigation, and remediation efforts through regular communication and reporting from our information security team, internal governance processes, and by reviewing the results of internal and third-party assessments and audits. Our CISO regularly reports directly to the audit committee on our cybersecurity program and our efforts to prevent, detect, mitigate, and remediate cybersecurity risks. In addition, we have an Information Security Governance Council, made up of members of our senior management team as well as relevant information security personnel, that meets periodically to discuss and address relevant cybersecurity matters.
|Cybersecurity Risk Management Positions or Committees Responsible [Flag]
|true
|Cybersecurity Risk Management Positions or Committees Responsible [Text Block]
|Our cybersecurity program is run by our Chief Information Security Officer (CISO), who reports to our Head of Enterprise Risk Management and receives input and support from our Head of Enterprise Risk Management and our Chief Technology and Transformation Officer.Our CISO is informed about and monitors prevention, detection, mitigation, and remediation efforts through regular communication and reporting from our information security team, internal governance processes, and by reviewing the results of internal and third-party assessments and audits. Our CISO regularly reports directly to the audit committee on our cybersecurity program and our efforts to prevent, detect, mitigate, and remediate cybersecurity risks.
|Cybersecurity Risk Management Expertise of Management Responsible [Text Block]
|Our CISO has extensive experience leading and managing cybersecurity programs and in cybersecurity risk management. Our CISO has served in this position since 2014 and, before Genpact, was previously CISO at another US-listed public company. Our CISO is supported by our information security team, many of whom hold cybersecurity certifications and who collectively possess relevant experience in different areas of cybersecurity, and by our information technology team who operate several critical controls.
|Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block]
|Our CISO regularly reports directly to the audit committee on our cybersecurity program and our efforts to prevent, detect, mitigate, and remediate cybersecurity risks.
|Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag]
|true
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef