|
Cybersecurity Risk Management and Strategy Disclosure
|12 Months Ended
Dec. 31, 2024
|Cybersecurity Risk Management, Strategy, and Governance [Line Items]
|Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]
|
Our cybersecurity organization’s mission is to provide a targeted set of services, support and capabilities to reduce the risk of cyberattacks, rapidly detect and contain threats, and mitigate risks to critical data.
Recognizing the threat of security breaches and cyberattacks globally, we have developed a cybersecurity program, overseen by our Chief Information Security Officer (CISO), that is designed to protect patient trust, defend the Moderna brand, and reduce the risk and impact of cyber-attacks. Our cybersecurity program is informed by industry standards and includes periodic risk assessments and security testing supported by cybersecurity technologies, including third-party security solutions, vulnerability management, and monitoring tools, designed to monitor, identify, and manage risks from cyber threats. In addition, we have implemented employee security and awareness training.
Management has established a cyber incident response plan (CIRP) designed to assess, identify and manage risks from cybersecurity threats and enable prompt response in the event that a cybersecurity incident is detected. We have a process in place for notification to our leadership response team in the event of a significant cyber incident, and for escalation of these events to our Audit Committee and Board, as appropriate. To date, we have not experienced a cybersecurity incident that has had a material impact on our business strategy, results of operations, or financial condition.We undergo several annual internal compliance audits and external reviews to evaluate our controls, including cybersecurity controls. In an effort to minimize third-party risk, we have established a process to assess the security practices of third-party suppliers and related risks, including through review of relevant supplier certifications and security and responses to standardized information gathering (SIG) questionnaires, as applicable and appropriate.
|Cybersecurity Risk Management Processes Integrated [Flag]
|true
|Cybersecurity Risk Management Processes Integrated [Text Block]
|Recognizing the threat of security breaches and cyberattacks globally, we have developed a cybersecurity program, overseen by our Chief Information Security Officer (CISO), that is designed to protect patient trust, defend the Moderna brand, and reduce the risk and impact of cyber-attacks.
|Cybersecurity Risk Management Third Party Engaged [Flag]
|true
|Cybersecurity Risk Third Party Oversight and Identification Processes [Flag]
|true
|Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag]
|false
|Cybersecurity Risk Board of Directors Oversight [Text Block]
|
Our Board of Directors oversees Moderna’s overall risk management strategy. The Board exercises oversight of risks from cybersecurity threats primarily through its Audit Committee, which oversees our risk management processes for information security and technology risks. Our cybersecurity risk management processes are integrated into our overall risk management strategy, which is overseen by the Audit Committee. At least annually, the Audit Committee discusses our risk management program, including information security and technology risks and findings from any audits, with our internal audit staff.
The Audit Committee receives cyber-related updates from management, including our CISO at committee meetings. During meetings, our CISO updates the committee on Moderna’s cybersecurity posture, potential threats and risk mitigation strategies, and the progress of the Company’s cybersecurity initiatives, as appropriate. The Chair of the Audit Committee and management provide regular briefings on such matters to the full Board of Directors, as appropriate.
At the management level, our CISO is primarily responsible for leading our cybersecurity strategy for assessing and managing material risks from cybersecurity threats. Our current CISO has over 25 years of cybersecurity experience across a wide array of industries, most recently serving in leadership positions at two different public companies and previous roles of increasing responsibility at multinational technology companies. Our CISO reports directly to our Chief People and Digital Technology Officer, who is a member of our Executive Committee and reports to our Chief Executive Officer.
We have built a cybersecurity leadership team designed to align with key services, with a separate lead overseeing each service offering, all reporting to the CISO. We also maintain relationships with law enforcement and industry groups to support our cybersecurity intelligence and risk management efforts.
|Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block]
|Our Board of Directors oversees Moderna’s overall risk management strategy. The Board exercises oversight of risks from cybersecurity threats primarily through its Audit Committee, which oversees our risk management processes for information security and technology risks. Our cybersecurity risk management processes are integrated into our overall risk management strategy, which is overseen by the Audit Committee. At least annually, the Audit Committee discusses our risk management program, including information security and technology risks and findings from any audits, with our internal audit staff.
|Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block]
|
Our Board of Directors oversees Moderna’s overall risk management strategy. The Board exercises oversight of risks from cybersecurity threats primarily through its Audit Committee, which oversees our risk management processes for information security and technology risks. Our cybersecurity risk management processes are integrated into our overall risk management strategy, which is overseen by the Audit Committee. At least annually, the Audit Committee discusses our risk management program, including information security and technology risks and findings from any audits, with our internal audit staff.The Audit Committee receives cyber-related updates from management, including our CISO at committee meetings. During meetings, our CISO updates the committee on Moderna’s cybersecurity posture, potential threats and risk mitigation strategies, and the progress of the Company’s cybersecurity initiatives, as appropriate. The Chair of the Audit Committee and management provide regular briefings on such matters to the full Board of Directors, as appropriate.
|Cybersecurity Risk Role of Management [Text Block]
|
At the management level, our CISO is primarily responsible for leading our cybersecurity strategy for assessing and managing material risks from cybersecurity threats. Our current CISO has over 25 years of cybersecurity experience across a wide array of industries, most recently serving in leadership positions at two different public companies and previous roles of increasing responsibility at multinational technology companies. Our CISO reports directly to our Chief People and Digital Technology Officer, who is a member of our Executive Committee and reports to our Chief Executive Officer.
We have built a cybersecurity leadership team designed to align with key services, with a separate lead overseeing each service offering, all reporting to the CISO. We also maintain relationships with law enforcement and industry groups to support our cybersecurity intelligence and risk management efforts.
|Cybersecurity Risk Management Positions or Committees Responsible [Flag]
|true
|Cybersecurity Risk Management Positions or Committees Responsible [Text Block]
|At the management level, our CISO is primarily responsible for leading our cybersecurity strategy for assessing and managing material risks from cybersecurity threats.
|Cybersecurity Risk Management Expertise of Management Responsible [Text Block]
|Our current CISO has over 25 years of cybersecurity experience across a wide array of industries, most recently serving in leadership positions at two different public companies and previous roles of increasing responsibility at multinational technology companies.
|Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block]
|
At the management level, our CISO is primarily responsible for leading our cybersecurity strategy for assessing and managing material risks from cybersecurity threats. Our current CISO has over 25 years of cybersecurity experience across a wide array of industries, most recently serving in leadership positions at two different public companies and previous roles of increasing responsibility at multinational technology companies. Our CISO reports directly to our Chief People and Digital Technology Officer, who is a member of our Executive Committee and reports to our Chief Executive Officer.
We have built a cybersecurity leadership team designed to align with key services, with a separate lead overseeing each service offering, all reporting to the CISO. We also maintain relationships with law enforcement and industry groups to support our cybersecurity intelligence and risk management efforts.
|Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag]
|true
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef