|
Cybersecurity Risk Management and Strategy Disclosure
|12 Months Ended
Dec. 31, 2024
|Cybersecurity Risk Management, Strategy, and Governance [Line Items]
|Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]
|
LivaNova’s enterprise risk management process consists of risk identification, evaluation, control and monitoring, and documentation. The LivaNova Board oversees risk management within the Company, and the legal and compliance teams work in tandem to provide the framework to identify and reduce risks that may materially impact the Company’s business. As part of the enterprise risk management process, regular inquiries and discussions are held with, among others, the CISO, Chief Information Officer, Chief Privacy Officer, and their respective teams to review the cybersecurity risk landscape.
LivaNova’s CISO has a Master of Science in Accountancy with a specialization in risk management, in addition to over 15 years of experience in the IT Risk Advisory sector. The CISO leads the Company’s information security team, identifies cybersecurity threats, and implements countermeasures in the cybersecurity realm, considering both internal operations and the external landscape. As part of his duties, the CISO provides relevant information in connection with regular enterprise risk assessments. The CISO also manages the Company’s ISMS program. Guided by the principles of various industry-leading standards, such as the NIST cybersecurity framework and ISO 27001, the objective of the ISMS program is to continue to strengthen LivaNova’s cyber resiliency in connection with its information technology systems.
As part of LivaNova’s cyber resiliency strategy and in an effort to mitigate potential cybersecurity risks, the Company employs various measures, including employee training, systems monitoring, testing and maintenance of protective systems, and contingency plans. In addition, the CISO manages a structured cybersecurity incident response program where periodic simulation exercises are performed to prepare and train the Company’s cybersecurity incident responders. The Company deploys security tools to help bolster its defense detection capabilities, such as endpoint detection and response tools, security information and event management tools, and 24/7 monitoring. LivaNova regularly evaluates itself for appropriate business continuity and disaster recovery planning, with test scenarios that include simulations and penetration tests.
In addition, LivaNova routinely engages with third-party service providers to conduct evaluations of its security controls, whether through penetration testing, security assessments, or consulting on best practices to address new challenges. The Company receives threat intelligence from industry peers, government agencies, industry-specific information sharing and analysis centers, and cybersecurity associations. The Company relies heavily on its supply chain to deliver products and services to its customers, and a cybersecurity incident at a supplier, subcontractor, or service provider could materially adversely impact the Company. The Company assesses third-party cybersecurity controls through its information security program and includes security and privacy addendums to its contracts where applicable.Historically, risks from cybersecurity threats have not materially affected the Company’s business strategy, results of operations, or financial condition. As previously disclosed, in November 2023, the Company initiated its cyber response protocol in response to a cybersecurity incident that resulted in a disruption of portions of its information technology systems. Promptly after detecting the issue and per LivaNova’s cyber response protocol, the Company began an investigation with assistance from external cybersecurity experts and coordinated with law enforcement. The Company implemented remediation measures to mitigate the impact of the incident. The Company also assessed the nature and scope of the affected data, analyzed its statutory notification obligations, and notified affected individuals and regulators as required by applicable law. The incident has been contained, and the Company’s mitigation efforts are considered complete, but any future cybersecurity event has the potential to materially affect the Company’s results of operations, cash flows, and financial condition. For further information, please refer to “Part II, Item 7. Management’s Discussion and Analysis of Financial Condition and Results of Operations” and “Note 11. Commitments and Contingencies” in LivaNova’s consolidated financial statements in this Report. Additionally, for a description of the Company’s evaluation of its disclosure controls and procedures, management’s report on internal control over financial reporting, and changes in internal control over financial reporting, see “Part II, Item 9A. Controls and Procedures.
|Cybersecurity Risk Management Processes Integrated [Flag]
|true
|Cybersecurity Risk Management Processes Integrated [Text Block]
|The LivaNova Board oversees risk management within the Company, and the legal and compliance teams work in tandem to provide the framework to identify and reduce risks that may materially impact the Company’s business. As part of the enterprise risk management process, regular inquiries and discussions are held with, among others, the CISO, Chief Information Officer, Chief Privacy Officer, and their respective teams to review the cybersecurity risk landscape.
|Cybersecurity Risk Management Third Party Engaged [Flag]
|true
|Cybersecurity Risk Third Party Oversight and Identification Processes [Flag]
|true
|Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag]
|false
|Cybersecurity Risk Board of Directors Oversight [Text Block]
|
On a quarterly basis, the CISO presents key security metrics to the Company’s IT Advisory Council, which is composed of functional leaders across the Company and is responsible for IT governance oversight in the Company. Specifically, this IT Advisory Council is responsible for establishing program strategies in alignment with LivaNova’s business objectives, as well as providing guidance on the implementation of appropriate and necessary security controls in alignment with the Company’s Information Security Policy. Among other things, the IT Advisory Council reviews summaries of information security incidents, audit findings, or other test reports, and ensures appropriate root-cause analyses are performed and corrective actions are taken. It also reviews year-over-year goals, security objectives, and priorities for the Company’s information security program.
On an annual basis, the CISO reviews the information security program achievements and reports with the Company’s IS Executive Committee, which is a cross-functional group composed of the CEO, the CFO, the CLO, and other executive leaders
of the Company. Among other things, the IS Executive Committee approves the Company’s Information Security Policy and the allocation of budget and resources to information security program initiatives, performs the annual management review of the information security program, and reviews corrective actions to improve the program.
|Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block]
|As codified in its charter, the Audit Committee is responsible for reviewing the processes by which cybersecurity risks are managed and reporting any issues that arise out of such reviews to the Board. The CISO provides key security metrics to the Audit Committee on a quarterly basis, and directly to the chair of the Audit Committee on a case-by-case basis, as needed, at any time during the quarter. The Audit Committee reviews these reports, which include, among other things, external events impacting the Company, cybersecurity incidents, user training statistics, and evaluations of user readiness to address cybersecurity incidents.
|Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block]
|As codified in its charter, the Audit Committee is responsible for reviewing the processes by which cybersecurity risks are managed and reporting any issues that arise out of such reviews to the Board. The CISO provides key security metrics to the Audit Committee on a quarterly basis, and directly to the chair of the Audit Committee on a case-by-case basis, as needed, at any time during the quarter. The Audit Committee reviews these reports, which include, among other things, external events impacting the Company, cybersecurity incidents, user training statistics, and evaluations of user readiness to address cybersecurity incidents. Notwithstanding the Company’s approach to cybersecurity, the Company may not be successful in preventing or mitigating future cybersecurity incidents that could have a material adverse effect on the Company. While LivaNova maintains cybersecurity insurance, the costs related to cybersecurity threats or disruptions may not be fully insured.
|Cybersecurity Risk Role of Management [Text Block]
|
On a quarterly basis, the CISO presents key security metrics to the Company’s IT Advisory Council, which is composed of functional leaders across the Company and is responsible for IT governance oversight in the Company. Specifically, this IT Advisory Council is responsible for establishing program strategies in alignment with LivaNova’s business objectives, as well as providing guidance on the implementation of appropriate and necessary security controls in alignment with the Company’s Information Security Policy. Among other things, the IT Advisory Council reviews summaries of information security incidents, audit findings, or other test reports, and ensures appropriate root-cause analyses are performed and corrective actions are taken. It also reviews year-over-year goals, security objectives, and priorities for the Company’s information security program.
On an annual basis, the CISO reviews the information security program achievements and reports with the Company’s IS Executive Committee, which is a cross-functional group composed of the CEO, the CFO, the CLO, and other executive leaders
of the Company. Among other things, the IS Executive Committee approves the Company’s Information Security Policy and the allocation of budget and resources to information security program initiatives, performs the annual management review of the information security program, and reviews corrective actions to improve the program.As codified in its charter, the Audit Committee is responsible for reviewing the processes by which cybersecurity risks are managed and reporting any issues that arise out of such reviews to the Board. The CISO provides key security metrics to the Audit Committee on a quarterly basis, and directly to the chair of the Audit Committee on a case-by-case basis, as needed, at any time during the quarter. The Audit Committee reviews these reports, which include, among other things, external events impacting the Company, cybersecurity incidents, user training statistics, and evaluations of user readiness to address cybersecurity incidents.
|Cybersecurity Risk Management Positions or Committees Responsible [Flag]
|true
|Cybersecurity Risk Management Positions or Committees Responsible [Text Block]
|
As codified in its charter, the Audit Committee is responsible for reviewing the processes by which cybersecurity risks are managed and reporting any issues that arise out of such reviews to the Board. The CISO provides key security metrics to the Audit Committee on a quarterly basis, and directly to the chair of the Audit Committee on a case-by-case basis, as needed, at any time during the quarter. The Audit Committee reviews these reports, which include, among other things, external events impacting the Company, cybersecurity incidents, user training statistics, and evaluations of user readiness to address cybersecurity incidents. Notwithstanding the Company’s approach to cybersecurity, the Company may not be successful in preventing or mitigating future cybersecurity incidents that could have a material adverse effect on the Company. While LivaNova maintains cybersecurity insurance, the costs related to cybersecurity threats or disruptions may not be fully insured. For more information on risks related to cybersecurity and data security, see “Item 1A. Risk Factors – Risks Relating to the Company’s Business and Operations.”
|Cybersecurity Risk Management Expertise of Management Responsible [Text Block]
|LivaNova’s CISO has a Master of Science in Accountancy with a specialization in risk management, in addition to over 15 years of experience in the IT Risk Advisory sector.
|Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block]
|The CISO provides key security metrics to the Audit Committee on a quarterly basis, and directly to the chair of the Audit Committee on a case-by-case basis, as needed, at any time during the quarter. The Audit Committee reviews these reports, which include, among other things, external events impacting the Company, cybersecurity incidents, user training statistics, and evaluations of user readiness to address cybersecurity incidents.
|Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag]
|true
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef