|
Cybersecurity Risk Management and Strategy Disclosure (Imported)
|12 Months Ended
Dec. 31, 2024
|Cybersecurity Risk Management Strategy And Governance [Abstract]
|Cybersecurity Risk Management Processes For Assessing Identifying And Managing Threats [Text Block]
|
Safeguarding the confidentiality, integrity, and availability of systems, data and applications as well as protecting trade secrets and data privacy is an essential pillar in ensuring the business continuity of Genmab, and complying with regulatory requirements, and maintaining the trust of our patients, employees, shareholders, partners, and other stakeholders. Genmab maintains a comprehensive cybersecurity program based on the National Institute of Standards and Technology’s NIST 800 Special Publication Information Security standard (“NIST Standard”) for managing cybersecurity activities, including formulation of global objectives of the cybersecurity program and risk identification and mitigation activities.
Genmab’s Information Security Department, led by the Global Head of Information Security and Information Technology Risk & Compliance Management, is responsible for administering and annually updating our enterprise-wide information security program. The program includes activities and projects in all six functions (govern, identify, protect, detect, respond, recover) of the NIST standard with the goal of further improving Genmab’s security profile and adapting, where needed, to changes in Genmab’s business strategy and threat environment. Input for the program comes from the annual attack and penetration test, periodic threat landscape and security maturity assessments, as well as requirements of applicable cybersecurity regulations. The Information Security Department is also responsible for a number of global security processes and services that Genmab undertakes, such as the following:
We work with consultants and other third-party advisors to perform security services and conduct security assessments and independent audits of the security and resilience of our systems and networks. We have also established a cyber response task force consisting of leaders from Finance, Legal, Compliance, Communications, and Information Technology & Digital (“IT&D”) departments. The task force is responsible for cybersecurity crisis preparedness and the management of cybersecurity crisis situations. This task force regularly leads scenario exercises, which include engagement of all levels of management including members of Genmab’s Executive Committee, to assess Genmab’s resilience capabilities in the event of a cybersecurity crisis.
We have integrated information security risk management into our overall risk management infrastructure through our enterprise risk management program. The enterprise risk management program, which is overseen by our Global Compliance & Risk Committee (“GCRC”), entails a formal process that seeks to identify, assess, mitigate and manage the risks from both internal and external conditions that could significantly impact the Company and influence our business strategy and performance.
|Cybersecurity Risk Management Processes Integrated [Flag]
|true
|Cybersecurity Risk Management Processes Integrated [Text Block]
|
We have integrated information security risk management into our overall risk management infrastructure through our enterprise risk management program. The enterprise risk management program, which is overseen by our Global Compliance & Risk Committee (“GCRC”), entails a formal process that seeks to identify, assess, mitigate and manage the risks from both internal and external conditions that could significantly impact the Company and influence our business strategy and performance.
|Cybersecurity Risk Management Third Party Engaged [Flag]
|true
|Cybersecurity Risk Third Party Oversight And Identification Processes [Flag]
|true
|Cybersecurity Risk Board Of Directors Oversight [Text Block]
|
The Board of Directors oversees our approach to overall risk management. The board has delegated oversight of information security strategy and risks to the Audit and Finance Committee. The Audit and Finance Committee is responsible for reviewing Genmab’s information security strategy and program, including with respect to identification and management of cybersecurity risks and threats. The Global Head of Information Security and IT Risk & Compliance Management presents an update on the status of the Genmab information security strategy and program, including strategic priorities, progress made in respect of those priorities and a review of cybersecurity incidents, risks, and threats to the Audit and Finance Committee at least annually. A summary management report on the information security strategy, program, incidents, risks and threats is presented to the Board of Directors periodically and is supplemented by discussions between the Board of Directors and Audit and Finance Committee.
|Cybersecurity Risk Board Committee Or Subcommittee Responsible For Oversight [Text Block]
|The Global Head of Information Security and Information Technology Risk & Compliance Management
|Cybersecurity Risk Process For Informing Board Committee Or Subcommittee Responsible For Oversight [Text Block]
|
The Global Head of Information Security and Information Technology Risk & Compliance Management reports the status of the Genmab information security program, security threats, incidents, and risks quarterly to the GCRC, chaired by Genmab’s CEO and the Senior Vice President, Head of Global Compliance and Risk, and in which members of our Executive Committee participate. The status of risk mitigation actions and newly identified risks are discussed during periodic meetings of the Information Technology Risk Governance Board, consisting of members of the IT&D Leadership Team and chaired by the Global Head of IT&D. Results of security assessments and periodic cyber threat landscape assessments may also be integrated in strategic reports to Genmab’s relevant business leaders and the GCRC when appropriate.
|Cybersecurity Risk Role Of Management [Text Block]
|
The Global Head of Information Security and Information Technology Risk & Compliance Management is responsible for information security within Genmab and reports to the Global Head of IT&D. Our current Global Head of Information Security and Information Technology Risk & Compliance Management has more than 15 years of experience in leading global information and cyber security departments and programs, and our current Global Head of IT&D has more than 20 years of experience in leading, managing and transforming IT departments, in each case for large, global organizations.
The Global Head of Information Security and Information Technology Risk & Compliance Management reports the status of the Genmab information security program, security threats, incidents, and risks quarterly to the GCRC, chaired by Genmab’s CEO and the Senior Vice President, Head of Global Compliance and Risk, and in which members of our Executive Committee participate. The status of risk mitigation actions and newly identified risks are discussed during periodic meetings of the Information Technology Risk Governance Board, consisting of members of the IT&D Leadership Team and chaired by the Global Head of IT&D. Results of security assessments and periodic cyber threat landscape assessments may also be integrated in strategic reports to Genmab’s relevant business leaders and the GCRC when appropriate.
|Cybersecurity Risk Management Positions Or Committees Responsible [Flag]
|true
|Cybersecurity Risk Management Positions Or Committees Responsible [Text Block]
|Global Head of Information Security and Information Technology Risk & Compliance Management
|Cybersecurity Risk Management Expertise Of Management Responsible [Text Block]
|Our current Global Head of Information Security and Information Technology Risk & Compliance Management has more than 15 years of experience in leading global information and cyber security departments and programs, and our current Global Head of IT&D has more than 20 years of experience in leading, managing and transforming IT departments, in each case for large, global organizations.
|Cybersecurity Risk Process For Informing Management Or Committees Responsible [Text Block]
|The Global Head of Information Security and Information Technology Risk & Compliance Management is responsible for information security within Genmab and reports to the Global Head of IT&D. Our current Global Head of Information Security and Information Technology Risk & Compliance Management has more than 15 years of experience in leading global information and cyber security departments and programs, and our current Global Head of IT&D has more than 20 years of experience in leading, managing and transforming IT departments, in each case for large, global organizations.
|Cybersecurity Risk Management Positions Or Committees Responsible Report To Board [Flag]
|true
|X
- References
+ Details
No definition available.
|X
- References
+ Details
No definition available.
|X
- References
+ Details
No definition available.
|X
- References
+ Details
No definition available.
|X
- References
+ Details
No definition available.
|X
- References
+ Details
No definition available.
|X
- References
+ Details
No definition available.
|X
- References
+ Details
No definition available.
|X
- References
+ Details
No definition available.
|X
- References
+ Details
No definition available.
|X
- References
+ Details
No definition available.
|X
- References
+ Details
No definition available.
|X
- References
+ Details
No definition available.
|X
- References
+ Details
No definition available.
|X
- References
+ Details
No definition available.