|
Cybersecurity Risk Management and Strategy Disclosure
|12 Months Ended
Dec. 31, 2024
|Cybersecurity Risk Management, Strategy, and Governance [Line Items]
|Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]
|
Risk Management and Strategy
NerdWallet, Inc. recognizes the importance of developing, implementing, and maintaining robust cybersecurity measures to safeguard our information systems and protect the confidentiality, integrity, and availability of our data and that of our users.
Risk Management
We have adopted the National Institute of Standards and Technology - Cybersecurity Framework (NIST-CSF) to guide our risk assessment and management and promote a company-wide cybersecurity risk management culture. Our cybersecurity team works closely with our information technology (IT) department to continuously evaluate and address cybersecurity risks in alignment with our business objectives and operational needs.
Engagement of Third Parties
We enlist third-party cybersecurity assessors and consultants to evaluate and test both our risk management systems and the third-party risk management systems of our business partners. Through these collaborations, we tap into specialized knowledge and insights, helping us gauge the effectiveness of our cybersecurity strategies and processes. The findings from these assessments guide our decision-making and planning processes, influencing how we set priorities and allocate resources.
Overseeing Third-party Risk
Before partnering with third-party providers, we conduct a thorough examination of their cybersecurity program, policies, and practices. This includes a review of their SOC 2 reports and any available penetration tests. Additionally, we actively monitor our primary service providers and regularly obtain security control reports from them. We also employ real-time monitoring to detect any suspicious activity promptly. This approach is implemented to minimize risks associated with data breaches or other security incidents that may arise from third-party sources.
Risks from Cybersecurity ThreatsTo date, no cybersecurity incident or any risk from cybersecurity threats has materially affected, or has been determined to be reasonably likely to materially affect, us or our operations or financial condition.
|Cybersecurity Risk Management Processes Integrated [Flag]
|true
|Cybersecurity Risk Management Processes Integrated [Text Block]
|
We have adopted the National Institute of Standards and Technology - Cybersecurity Framework (NIST-CSF) to guide our risk assessment and management and promote a company-wide cybersecurity risk management culture. Our cybersecurity team works closely with our information technology (IT) department to continuously evaluate and address cybersecurity risks in alignment with our business objectives and operational needs.
|Cybersecurity Risk Management Third Party Engaged [Flag]
|true
|Cybersecurity Risk Third Party Oversight and Identification Processes [Flag]
|true
|Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag]
|false
|Cybersecurity Risk Board of Directors Oversight [Text Block]
|
Governance
The Board of Directors recognizes the critical importance of managing cybersecurity risks and has implemented robust oversight mechanisms designed to ensure effective governance in this area.
Audit Committee Oversight
The Audit Committee, comprising Board members with diverse experience in risk management, IT, cybersecurity, and finance, is directly responsible for overseeing cybersecurity risks. Our Chief Information Security Officer (CISO) provides comprehensive quarterly presentations to the Audit Committee, covering ongoing cybersecurity initiatives, strategies, and emerging threats. The Committee reports significant matters to the full board, and the CISO also delivers an annual presentation to the Board of Directors.
Management’s Vigilance
A Security Council, led by the CISO with representatives from our engineering, corporate IT, security, legal, human resources, and internal audit teams, diligently reviews and assesses cybersecurity plans, risks, and incidents on a monthly basis. Any substantial risk incident is escalated to the executive team, disclosure committee, and potentially the full Board, if deemed material. Regular communication between the CISO and the Chief Legal Officer, Chief Financial Officer, and Chief Executive Officer ensures top management is well-informed about NerdWallet's cybersecurity posture and potential risks.
Risk Management Leadership
The primary responsibility for assessing, monitoring, and managing our cybersecurity risks lies with our highly experienced CISO. With two decades of cybersecurity expertise, including multiple CISO roles, our CISO plays a pivotal role in developing and executing our cybersecurity strategies. His responsibilities include overseeing governance programs, addressing known risks, leading employee security training, and executing the incident response plan in case of a cybersecurity incident.
|Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block]
|
The Board of Directors recognizes the critical importance of managing cybersecurity risks and has implemented robust oversight mechanisms designed to ensure effective governance in this area.
|Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block]
|
The Audit Committee, comprising Board members with diverse experience in risk management, IT, cybersecurity, and finance, is directly responsible for overseeing cybersecurity risks. Our Chief Information Security Officer (CISO) provides comprehensive quarterly presentations to the Audit Committee, covering ongoing cybersecurity initiatives, strategies, and emerging threats. The Committee reports significant matters to the full board, and the CISO also delivers an annual presentation to the Board of Directors.
|Cybersecurity Risk Role of Management [Text Block]
|Our Chief Information Security Officer (CISO) provides comprehensive quarterly presentations to the Audit Committee, covering ongoing cybersecurity initiatives, strategies, and emerging threats.
|Cybersecurity Risk Management Positions or Committees Responsible [Flag]
|true
|Cybersecurity Risk Management Positions or Committees Responsible [Text Block]
|A Security Council, led by the CISO with representatives from our engineering, corporate IT, security, legal, human resources, and internal audit teams
|Cybersecurity Risk Management Expertise of Management Responsible [Text Block]
|With two decades of cybersecurity expertise, including multiple CISO roles, our CISO plays a pivotal role in developing and executing our cybersecurity strategies.
|Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block]
|
The primary responsibility for assessing, monitoring, and managing our cybersecurity risks lies with our highly experienced CISO. With two decades of cybersecurity expertise, including multiple CISO roles, our CISO plays a pivotal role in developing and executing our cybersecurity strategies. His responsibilities include overseeing governance programs, addressing known risks, leading employee security training, and executing the incident response plan in case of a cybersecurity incident.
|Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag]
|true
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef