|
Cybersecurity Risk Management and Strategy Disclosure
|12 Months Ended
Dec. 31, 2024
|Cybersecurity Risk Management, Strategy, and Governance [Line Items]
|Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]
|
We are guided by our Cybersecurity Charter, which includes our philosophy of information security, identifies the motivation for security, describes information security principles and terms, and defines the scope of information security policies and responsibilities for various functions. We continue to improve the maturity of our cybersecurity program, aligning with the National Institute of Standards and Technology (“NIST”) Cybersecurity Framework.
Our Director of Cybersecurity leads our information security operations, with a focus on identifying, evaluating, mitigating, and reporting on IT and cybersecurity risks that have the potential to threaten Sensata’s enterprise information assets and systems. Our cybersecurity and global IT strategy is regularly aligned with business leaders across Sensata through our IT Excellence Committee meetings, conducted 8 times a year, to ensure cyber, IT, and business priorities are communicated and understood throughout the organization.
Our policies, standards, processes, and practices for assessing, identifying, and managing material risks from cybersecurity threats are integrated into our overall risk management program and are based on frameworks established by the NIST, the International Organization for Standardization, and other applicable industry standards. Our cybersecurity program in particular focuses on the following key areas:
•Incident Response: We have an Incident Response Plan ("IRP") to address cybersecurity incidents as defined by Item 106 of Regulation S-K. The IRP includes as a core component an Incident Response Team ("IRT") that utilizes guidelines identified in the IRP to identify, assess, and disclose cybersecurity incidents as applicable. The IRT consists of a core team, which includes representation from IT, Legal, and Human Resources, and an extended team, which includes representation from Enterprise Risk Management, Communications, Investor Relations, Internal Audit, Legal, Accounting, and External Reporting. The core team is involved in all incidents that are classified as significant, requiring a response from the IRT, and it involves components of the extended team as applicable. The IRT allows for broad representation of various areas of expertise for use in executing the IRP. The IRT meets monthly to evaluate the effectiveness of our cybersecurity risk management processes and procedures, including the IRP. The IRP is designed to ensure prompt escalation of certain cybersecurity incidents so that decisions regarding public disclosure and reporting of such incidents can be made by management and the Board in a timely manner.
•Defense and Monitoring: We work to protect our computing environments and products from cybersecurity threats through multi-layered defenses and apply lessons learned from our defense and monitoring efforts to help prevent future attacks. We utilize data analytics to detect anomalies and search for cyber threats. Our Cybersecurity Operations Center provides comprehensive cyber threat detection and response capabilities and maintains a 24x7 monitoring system which complements the technology, process, and threat detection techniques we use to monitor, manage, and mitigate cybersecurity threats. From time to time, we engage third party consultants or other advisors to assist in assessing, identifying, and/or managing cybersecurity threats. We also periodically use our Internal Audit function to conduct additional reviews and assessments.
•Insider Threats: We maintain an insider threat program designed to identify, assess, and address potential risks from within our Company. Our program evaluates potential risks consistent with industry practices, customer requirements, and applicable law, including privacy and other considerations.
•Third Party Risk Assessments: We conduct information security assessments before sharing or allowing the hosting of sensitive data in computing environments managed by third parties, and our standard terms and conditions contain contractual provisions requiring certain security protections.
•Training and Awareness: We have robust cybersecurity training programs with frequent touch points for all employees to empower them to act responsibly and keep cybersecurity top of mind. We use monthly activities to keep employees engaged with cybersecurity, including newsletters, articles on the Sensata intranet, and mock phishing campaigns. We regularly update our comprehensive training program, which covers a wide variety of topics, from protecting work machines and personal information to social innovation and how employees can protect their digital lives at home.
•Supplier Engagement: We require our suppliers to comply with our standard information security terms and conditions, in addition to any requirements from our customers, as a condition of doing business with us, and require them to complete information security questionnaires to review and assess any potential cyber-related risks depending on the nature of the services being provided.
•Risk Assessment: At least annually, we conduct a cybersecurity risk assessment that takes into account information from internal stakeholders, our risk register, and information from external sources (e.g., reported security incidents that have impacted other companies, industry trends, and evaluations by third parties and consultants). The results of the assessment are used to drive alignment on, and prioritization of, initiatives to enhance our security controls, make recommendations to improve processes, and inform a broader enterprise-level risk assessment that is presented to our Board, Audit Committee, and members of management.
•Technical Safeguards: We regularly assess and deploy technical safeguards designed to protect our information systems from cybersecurity threats. Such safeguards are regularly evaluated and improved based on vulnerability assessments, cybersecurity threat intelligence, and incident response experience.
|Cybersecurity Risk Management Processes Integrated [Flag]
|true
|Cybersecurity Risk Management Processes Integrated [Text Block]
|Our policies, standards, processes, and practices for assessing, identifying, and managing material risks from cybersecurity threats are integrated into our overall risk management program and are based on frameworks established by the NIST, the International Organization for Standardization, and other applicable industry standards.
|Cybersecurity Risk Management Third Party Engaged [Flag]
|true
|Cybersecurity Risk Third Party Oversight and Identification Processes [Flag]
|true
|Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag]
|false
|Cybersecurity Risk Board of Directors Oversight [Text Block]
|Our Board of Directors, in coordination with each of our Board Committees, is responsible for oversight of our enterprise risk management activities. The Nominating and Governance committee receives an update on the Company’s risk management process quarterly, including interaction of cybersecurity with our overall risks. The Board of Directors oversees risks from cybersecurity threats through report out from the Audit Committee, which monitors cybersecurity incidents and management's response to such incidents.
|Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block]
|Our Audit Committee directly oversees our cybersecurity program. Quarterly reports are delivered to the Audit Committee by the Chief Information & Digital Officer ("CIDO") and/or the Director of Cybersecurity at least four times per year.
|Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block]
|
Our Audit Committee directly oversees our cybersecurity program. Quarterly reports are delivered to the Audit Committee by the Chief Information & Digital Officer ("CIDO") and/or the Director of Cybersecurity at least four times per year. These reports include information about the prevention, detection, mitigation, and remediation of cybersecurity incidents, including material security risks and information security vulnerabilities. These reports also include updates on cybersecurity risk resulting from risk assessments, progress of risk reduction initiatives, external auditor feedback, control maturity assessments, and relevant internal and industry cybersecurity incidents.Our CIDO has served in various roles in IT and information security for more than 20 years. She holds an undergraduate degree in information management and technology. Our Director of Cybersecurity has served in various roles in IT and information security for more than 18 years, including in the military and the healthcare and retail industries.
|Cybersecurity Risk Role of Management [Text Block]
|
Our Board of Directors, in coordination with each of our Board Committees, is responsible for oversight of our enterprise risk management activities. The Nominating and Governance committee receives an update on the Company’s risk management process quarterly, including interaction of cybersecurity with our overall risks. The Board of Directors oversees risks from cybersecurity threats through report out from the Audit Committee, which monitors cybersecurity incidents and management's response to such incidents.
Our Audit Committee directly oversees our cybersecurity program. Quarterly reports are delivered to the Audit Committee by the Chief Information & Digital Officer ("CIDO") and/or the Director of Cybersecurity at least four times per year. These reports include information about the prevention, detection, mitigation, and remediation of cybersecurity incidents, including material security risks and information security vulnerabilities. These reports also include updates on cybersecurity risk resulting from risk assessments, progress of risk reduction initiatives, external auditor feedback, control maturity assessments, and relevant internal and industry cybersecurity incidents.Our CIDO has served in various roles in IT and information security for more than 20 years. She holds an undergraduate degree in information management and technology. Our Director of Cybersecurity has served in various roles in IT and information security for more than 18 years, including in the military and the healthcare and retail industries.
|Cybersecurity Risk Management Positions or Committees Responsible [Flag]
|true
|Cybersecurity Risk Management Positions or Committees Responsible [Text Block]
|
Our Audit Committee directly oversees our cybersecurity program. Quarterly reports are delivered to the Audit Committee by the Chief Information & Digital Officer ("CIDO") and/or the Director of Cybersecurity at least four times per year. These reports include information about the prevention, detection, mitigation, and remediation of cybersecurity incidents, including material security risks and information security vulnerabilities. These reports also include updates on cybersecurity risk resulting from risk assessments, progress of risk reduction initiatives, external auditor feedback, control maturity assessments, and relevant internal and industry cybersecurity incidents.
|Cybersecurity Risk Management Expertise of Management Responsible [Text Block]
|Our CIDO has served in various roles in IT and information security for more than 20 years. She holds an undergraduate degree in information management and technology. Our Director of Cybersecurity has served in various roles in IT and information security for more than 18 years, including in the military and the healthcare and retail industries.
|Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block]
|
Our Board of Directors, in coordination with each of our Board Committees, is responsible for oversight of our enterprise risk management activities. The Nominating and Governance committee receives an update on the Company’s risk management process quarterly, including interaction of cybersecurity with our overall risks. The Board of Directors oversees risks from cybersecurity threats through report out from the Audit Committee, which monitors cybersecurity incidents and management's response to such incidents.
Our Audit Committee directly oversees our cybersecurity program. Quarterly reports are delivered to the Audit Committee by the Chief Information & Digital Officer ("CIDO") and/or the Director of Cybersecurity at least four times per year. These reports include information about the prevention, detection, mitigation, and remediation of cybersecurity incidents, including material security risks and information security vulnerabilities. These reports also include updates on cybersecurity risk resulting from risk assessments, progress of risk reduction initiatives, external auditor feedback, control maturity assessments, and relevant internal and industry cybersecurity incidents.Our CIDO has served in various roles in IT and information security for more than 20 years. She holds an undergraduate degree in information management and technology. Our Director of Cybersecurity has served in various roles in IT and information security for more than 18 years, including in the military and the healthcare and retail industries.
|Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag]
|true
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef