|
Cybersecurity Risk Management and Strategy Disclosure
|12 Months Ended
Dec. 31, 2024
|Cybersecurity Risk Management, Strategy, and Governance [Line Items]
|Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]
|
Risk management and strategy
We prioritize the management of cybersecurity risk and the protection of information across our enterprise by embedding data protection and cybersecurity risk management in our operations. Our processes for assessing, identifying, and managing material risks from cybersecurity threats have been integrated into our overall risk management system and processes.
As a foundation of this approach, we have implemented a layered governance structure to help assess, identify and manage cybersecurity risks. Our privacy and cybersecurity policies encompass incident response procedures, information security and vendor management. In order to help develop these policies and procedures, we monitor the privacy and cybersecurity laws, regulations and guidance applicable to us in the regions where we do business (including ISO27001, GDPR and CSL\DSL\PIPL), as well as proposed privacy and cybersecurity laws, regulations, guidance and emerging risks.
We undergo penetration testing 3-4 times a year. With respect to third party service providers, we obligate our main information technology vendors to adhere to privacy and cybersecurity measures, and we perform risk assessments of vendors having access to our systems or sensitive personal data, including their ability to protect data from unauthorized access.
As described in Item 3.D “Risk Factors,” our operations rely on the secure processing, storage and transmission of confidential and other information in our computer systems and networks. Computer viruses, hackers, employee or vendor misconduct, and other external hazards could expose our information systems and those of our vendors to security breaches, cybersecurity incidents or other disruptions, any of which could materially and adversely affect our business, including by way of disruption of operations resulting from inability to carry out manufacturing, sales activity, shipping and other business operations, financial losses due to direct costs associated with investigation, remediation, and legal fees and indirect costs may encompass increased insurance premiums, loss of business due to damaged reputation and the need for significant investments in cybersecurity measures post-incident. While we have experienced cybersecurity incidents, to date, we are not aware that we have experienced a material cybersecurity incident during 2024.
The sophistication of cybersecurity threats, including through the use of artificial intelligence, continues to increase, and the controls and preventative actions we take to reduce the risk of cybersecurity incidents and protect our systems, including the regular testing of our cybersecurity incident response plan, may be insufficient. In addition, to the extent we use new technology that could result in greater operational efficiency such as artificial intelligence, we may further expose our computer systems to the risk of cybersecurity incidents.
In 2024, we obtained our first ISO 27001 certification, a globally recognized standard for information security management systems (ISMS). This milestone demonstrates our strong commitment to safeguarding sensitive information and aligning with industry best practices. The certification reflects our dedication to implementing robust security controls, mitigating risks, and building trust with customers, partners, and stakeholders by adhering to the highest standards of information security management.
In addition, we have successfully completed a Business Impact Analysis (BIA) phase, marking a critical milestone in establishing a comprehensive Business Continuity Plan (BCP). This achievement underscores Kornit’s proactive approach to identifying key business processes, assessing potential risks, and ensuring operational resilience in the face of disruptions.
Governance
As part of our overall risk management approach, we prioritize the identification and management of cybersecurity risk at several levels, including Board oversight, executive commitment and employee training and awareness. Our Audit Committee, comprised of independent directors from our Board, oversees the Board’s responsibilities relating to the operational (including information technology (IT) risks, business continuity and data security) risk affairs of the Company. Our Audit Committee is informed of such risks through quarterly reports from our group Chief Information Security Officer (CISO).
In 2024, Kornit appointed a new Chief Information Security Officer (CISO) with over 15 years of experience in the security field. Before joining Kornit the new CISO has held several senior security related positions in both the consulting industry and corporate environments. Our CISO oversees the implementation and compliance of our information security standards and mitigation of information security related risks. We also have a management level committee and a cybersecurity incident team who support our processes to assess and manage cybersecurity risk as follows:
Our CISO summarizes the information pertaining to information security committee’s activities as appropriate and reports to the Audit Committee.
At the employee level, we maintain an experienced information technology team who are tasked with implementing our privacy and cybersecurity program and support the CISO in carrying out reporting, security and mitigation functions. We also hold employee trainings on privacy and cybersecurity, records and information management, conduct phishing tests and generally seek to promote awareness of cybersecurity risk through communication and education of our employee population.
|Cybersecurity Risk Management Processes Integrated [Text Block]
|
We prioritize the management of cybersecurity risk and the protection of information across our enterprise by embedding data protection and cybersecurity risk management in our operations. Our processes for assessing, identifying, and managing material risks from cybersecurity threats have been integrated into our overall risk management system and processes.
|Cybersecurity Risk Management Processes Integrated [Flag]
|false
|Cybersecurity Risk Management Third Party Engaged [Flag]
|false
|Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Text Block]
|we are not aware that we have experienced a material cybersecurity incident during 2024.
|Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag]
|false
|Cybersecurity Risk Board of Directors Oversight [Text Block]
|As part of our overall risk management approach, we prioritize the identification and management of cybersecurity risk at several levels, including Board oversight, executive commitment and employee training and awareness.
|Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block]
|Our Audit Committee, comprised of independent directors from our Board, oversees the Board’s responsibilities relating to the operational (including information technology (IT) risks, business continuity and data security) risk affairs of the Company. Our Audit Committee is informed of such risks through quarterly reports from our group Chief Information Security Officer (CISO).
|Cybersecurity Risk Management Positions or Committees Responsible [Text Block]
|Our Audit Committee is informed of such risks through quarterly reports from our group Chief Information Security Officer (CISO).
|Cybersecurity Risk Management Positions or Committees Responsible [Flag]
|false
|Cybersecurity Risk Management Expertise of Management Responsible [Text Block]
|In 2024, Kornit appointed a new Chief Information Security Officer (CISO) with over 15 years of experience in the security field. Before joining Kornit the new CISO has held several senior security related positions in both the consulting industry and corporate environments.
|Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block]
|Our CISO oversees the implementation and compliance of our information security standards and mitigation of information security related risks.
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef