|
Cybersecurity Risk Management and Strategy Disclosure
|12 Months Ended
Dec. 31, 2024
|Cybersecurity Risk Management, Strategy, and Governance [Line Items]
|Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]
|
At Ingevity, we recognize the paramount importance of cybersecurity in safeguarding sensitive information. We align with industry standards, including the ISO 27001 information security framework, for which we became certified in 2024. Our comprehensive cybersecurity program is led by a team of diverse, highly skilled professionals, and we invest in modern technologies, including artificial intelligence and machine learning, to fortify our defenses. We actively collaborate with local, state and federal agencies, as well as peers in the chemical manufacturing industry to identify the latest threats and implement effective defenses that safeguard our employees and customers.
Key Components of Our Cybersecurity Program:
Leadership and Governance. We have a team of skilled internal and external cybersecurity professionals, led by our Vice President of Information Technology, Chief Information Officer and Chief Information Security Officer ("CIO"), who has over three decades of experience in information security and information technology infrastructure. Our team has experience in information security and information technology infrastructure and holds several advanced and expert licenses and certifications, including International Society of Automation 62443, Cybersecurity Expert and International Information System Security Certification Consortium (ISC2), Certified Information Security Manager (CISM), and Certified Information Systems Security Professional (CISSP). Beginning in 2025, the Sustainability & Safety Committee of our Board of Directors (“the Board”) has oversight of our cybersecurity and risk management programs. Prior to that, the full Board exercised oversight of cybersecurity risk management. The Board moved oversight of cybersecurity risk management into the Sustainability & Safety Committee to allow for more in-depth reviews. The Sustainability & Safety Committee receives at least quarterly updates from the CIO on cybersecurity matters and our related risk management program, and periodic updates from external cybersecurity experts on the overall risk landscape. Our full Board of Directors also receives an update at least once a year on these matters in addition to regular reporting from the Sustainability & Safety Committee on matters reviewed. We have implemented processes for continual monitoring of our information systems, including the deployment of advanced security measures and system audits to identify potential vulnerabilities. If a cybersecurity incident were to occur, we have developed and documented an incident response plan that includes immediate actions to mitigate the impact and long-term strategies for remediation and prevention of future incidents. Additionally, our CIO regularly meets with our executive management leadership team to provide updates on our cybersecurity risks and incidents ensuring management is keenly aware of any potential threat.
Protection of Sensitive Information. We enforce collection, storage, and access controls of personal, proprietary, and confidential information, focusing on protecting trade secrets, intellectual property, clinical trial data, third-party information, and employee data.
Industry-Standard Frameworks and Policies. We incorporate industry-standard frameworks, policies, and practices such as ISO 27001 which are designed to protect the confidentiality and privacy of information.
Protection Mechanisms. We currently adhere to the ISO 27001 information security framework and are advancing our program having achieved ISO 27001 certification in 2024. We continuously monitor our enterprise network and have deployed detective and preventative controls. In-depth third-party security assessments are conducted annually.
Incident Response and Testing. We maintain a robust cybersecurity incident response plan that incorporates regular simulations, drills, vulnerability scans, penetration testing and third-party assessments to evaluate and enhance our cybersecurity controls and resilience.
Third-Party Monitoring. We partner with a managed security services provider for 24/7 monitoring of our enterprise network. We require third-party service providers with access to personal, confidential or proprietary information to implement and maintain comprehensive cybersecurity measures aligned with applicable legal standards and industry best practices.
Our proactive approach to cybersecurity involves the integration of leading technologies and collaboration with third-party experts to ensure alignment with industry standards. We believe these measures contribute to the protection of both our organization's and our clients' sensitive information.
|Cybersecurity Risk Management Processes Integrated [Flag]
|true
|Cybersecurity Risk Management Processes Integrated [Text Block]
|
Protection of Sensitive Information. We enforce collection, storage, and access controls of personal, proprietary, and confidential information, focusing on protecting trade secrets, intellectual property, clinical trial data, third-party information, and employee data.
Industry-Standard Frameworks and Policies. We incorporate industry-standard frameworks, policies, and practices such as ISO 27001 which are designed to protect the confidentiality and privacy of information.
Protection Mechanisms. We currently adhere to the ISO 27001 information security framework and are advancing our program having achieved ISO 27001 certification in 2024. We continuously monitor our enterprise network and have deployed detective and preventative controls. In-depth third-party security assessments are conducted annually.
Incident Response and Testing. We maintain a robust cybersecurity incident response plan that incorporates regular simulations, drills, vulnerability scans, penetration testing and third-party assessments to evaluate and enhance our cybersecurity controls and resilience.
|Cybersecurity Risk Management Third Party Engaged [Flag]
|true
|Cybersecurity Risk Third Party Oversight and Identification Processes [Flag]
|true
|Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag]
|false
|Cybersecurity Risk Board of Directors Oversight [Text Block]
|Leadership and Governance. We have a team of skilled internal and external cybersecurity professionals, led by our Vice President of Information Technology, Chief Information Officer and Chief Information Security Officer ("CIO"), who has over three decades of experience in information security and information technology infrastructure. Our team has experience in information security and information technology infrastructure and holds several advanced and expert licenses and certifications, including International Society of Automation 62443, Cybersecurity Expert and International Information System Security Certification Consortium (ISC2), Certified Information Security Manager (CISM), and Certified Information Systems Security Professional (CISSP). Beginning in 2025, the Sustainability & Safety Committee of our Board of Directors (“the Board”) has oversight of our cybersecurity and risk management programs. Prior to that, the full Board exercised oversight of cybersecurity risk management. The Board moved oversight of cybersecurity risk management into the Sustainability & Safety Committee to allow for more in-depth reviews. The Sustainability & Safety Committee receives at least quarterly updates from the CIO on cybersecurity matters and our related risk management program, and periodic updates from external cybersecurity experts on the overall risk landscape. Our full Board of Directors also receives an update at least once a year on these matters in addition to regular reporting from the Sustainability & Safety Committee on matters reviewed. We have implemented processes for continual monitoring of our information systems, including the deployment of advanced security measures and system audits to identify potential vulnerabilities. If a cybersecurity incident were to occur, we have developed and documented an incident response plan that includes immediate actions to mitigate the impact and long-term strategies for remediation and prevention of future incidents. Additionally, our CIO regularly meets with our executive management leadership team to provide updates on our cybersecurity risks and incidents ensuring management is keenly aware of any potential threat.
|Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block]
|Leadership and Governance. We have a team of skilled internal and external cybersecurity professionals, led by our Vice President of Information Technology, Chief Information Officer and Chief Information Security Officer ("CIO")
|Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block]
|Leadership and Governance. We have a team of skilled internal and external cybersecurity professionals, led by our Vice President of Information Technology, Chief Information Officer and Chief Information Security Officer ("CIO"), who has over three decades of experience in information security and information technology infrastructure. Our team has experience in information security and information technology infrastructure and holds several advanced and expert licenses and certifications, including International Society of Automation 62443, Cybersecurity Expert and International Information System Security Certification Consortium (ISC2), Certified Information Security Manager (CISM), and Certified Information Systems Security Professional (CISSP). Beginning in 2025, the Sustainability & Safety Committee of our Board of Directors (“the Board”) has oversight of our cybersecurity and risk management programs. Prior to that, the full Board exercised oversight of cybersecurity risk management. The Board moved oversight of cybersecurity risk management into the Sustainability & Safety Committee to allow for more in-depth reviews. The Sustainability & Safety Committee receives at least quarterly updates from the CIO on cybersecurity matters and our related risk management program, and periodic updates from external cybersecurity experts on the overall risk landscape. Our full Board of Directors also receives an update at least once a year on these matters in addition to regular reporting from the Sustainability & Safety Committee on matters reviewed. We have implemented processes for continual monitoring of our information systems, including the deployment of advanced security measures and system audits to identify potential vulnerabilities. If a cybersecurity incident were to occur, we have developed and documented an incident response plan that includes immediate actions to mitigate the impact and long-term strategies for remediation and prevention of future incidents. Additionally, our CIO regularly meets with our executive management leadership team to provide updates on our cybersecurity risks and incidents ensuring management is keenly aware of any potential threat.
|Cybersecurity Risk Role of Management [Text Block]
|We have implemented processes for continual monitoring of our information systems, including the deployment of advanced security measures and system audits to identify potential vulnerabilities. If a cybersecurity incident were to occur, we have developed and documented an incident response plan that includes immediate actions to mitigate the impact and long-term strategies for remediation and prevention of future incidents.
|Cybersecurity Risk Management Positions or Committees Responsible [Flag]
|true
|Cybersecurity Risk Management Positions or Committees Responsible [Text Block]
|Beginning in 2025, the Sustainability & Safety Committee of our Board of Directors (“the Board”) has oversight of our cybersecurity and risk management programs. Prior to that, the full Board exercised oversight of cybersecurity risk management.
|Cybersecurity Risk Management Expertise of Management Responsible [Text Block]
|Vice President of Information Technology, Chief Information Officer and Chief Information Security Officer ("CIO"), who has over three decades of experience in information security and information technology infrastructure. Our team has experience in information security and information technology infrastructure and holds several advanced and expert licenses and certifications, including International Society of Automation 62443, Cybersecurity Expert and International Information System Security Certification Consortium (ISC2), Certified Information Security Manager (CISM), and Certified Information Systems Security Professional (CISSP).
|Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block]
|The Sustainability & Safety Committee receives at least quarterly updates from the CIO on cybersecurity matters and our related risk management program, and periodic updates from external cybersecurity experts on the overall risk landscape. Our full Board of Directors also receives an update at least once a year on these matters in addition to regular reporting from the Sustainability & Safety Committee on matters reviewed.
|Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag]
|true
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef