|
Cybersecurity Risk Management and Strategy Disclosure
|12 Months Ended
Dec. 31, 2024
|Cybersecurity Risk Management, Strategy, and Governance [Abstract]
|Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]
|WISeKey is dedicated to maintaining
the highest standards of cybersecurity to safeguard our operations, assets, and stakeholder interests. In an era where digital threats
continue to evolve, we recognize the paramount importance of cybersecurity in preserving the integrity, confidentiality, and availability
of our critical information and systems.
Our commitment to cybersecurity is rooted in a proactive and strategic approach that aligns with the semiconductor industry’s best practices and regulatory standards. We view cybersecurity not only as a compliance requirement but as an integral component of our corporate responsibility to protect the trust our shareholders, customers, and partners place in us.
Below is an overview of our cybersecurity governance, policies, and practices. We aim to demonstrate our resilience against cyber threats, articulate the measures we have in place to mitigate risks, and emphasize our ongoing investments in cybersecurity to adapt to the evolving threat landscape.
By integrating cybersecurity into our corporate culture, WISeKey strives to maintain a secure and resilient environment, fostering trust and confidence among stakeholders. We believe that transparency in our cybersecurity practices enhances our overall risk management strategy, and we remain committed to continuously improving our defenses against cyber threats.
Overview
WISeKey recognizes the critical importance of cybersecurity in today’s digital landscape. As an integral aspect of our risk management strategy, we maintain a comprehensive approach to cybersecurity to protect our operations, data, and stakeholder trust.
Cybersecurity in Strategic Decision-Making:
At WISeKey cybersecurity is not just a compliance checkbox; it’s an integral consideration in our strategic decision-making processes. Our leadership recognize the strategic importance of cybersecurity in sustaining investor confidence and ensuring the resilience of our operations.
Employee Empowerment:
We empower our directors, senior management, and employees to be active participants in our cybersecurity strategy. Yearly training programs equip them with the knowledge and awareness needed to recognize and respond to cybersecurity risks, fortifying our collective defenses.
Dynamic Policies and Procedures:
Our commitment extends beyond static policies — we embrace dynamic cybersecurity measures. Policies and procedures are living documents, refined regularly to keep pace with emerging threats. This adaptability is foundational to maintaining the confidentiality and integrity of our operations.
Incident Response Excellence:
In the event of a cybersecurity incident, our response is characterized by agility and efficiency. The WISeKey incident response plan is not just a theoretical framework, but a tested strategy designed for swift detection, containment, and recovery. Disaster Recovery Plan is in place, with in different locations and ready to be activated on demand. This approach reflects our commitment to minimizing the impact of cyber incidents.
Investments in Cyber Resilience:
Continuous investments underscore our commitment to cyber resilience. WISeKey allocates resources to cutting-edge cybersecurity technologies, ensuring our defenses evolve in tandem with the sophistication of cyber threats. Over 30% of the IT budget is dedicated to cyber security defense. This proactive stance is our pledge to stakeholders that their trust remains well-protected.
Compliance and Beyond:
Our adherence to cybersecurity regulations is complemented by a broader commitment to excellence. We view compliance as a baseline and strive for continuous improvement, fostering a cybersecurity culture that goes beyond regulatory mandates. We are certified for years as WEBTRUST and follow the (EU) General Data Protection Regulation (“GDPR”) guidance.
Oversight and Collaboration:
Oversight of cybersecurity matters is coupled with collaboration. The WISeKey Board collaborates with internal, external cybersecurity experts and national organization like the NIST, ensuring that we stay informed about emerging threats and technological industry best practices, and enabling us to make informed decisions.
Transparent Communication:
Transparent communication is key to our cybersecurity strategy. In this disclosure, we aim to provide shareholders and stakeholders with a transparent view into our cybersecurity practices, fostering trust through open dialogue on our approach, challenges, and ongoing initiatives. Our WISeKey Chief Information Security Officer (“CISO”) is the main interface to the transparent communication.
|Cybersecurity Risk Management Processes Integrated [Flag]
|true
|Cybersecurity Risk Management Processes Integrated [Text Block]
|By integrating cybersecurity into our corporate culture, WISeKey strives to maintain a secure and resilient environment, fostering trust and confidence among stakeholders. We believe that transparency in our cybersecurity practices enhances our overall risk management strategy, and we remain committed to continuously improving our defenses against cyber threats.
|Cybersecurity Risk Board of Directors Oversight [Text Block]
|Cybersecurity
Governance
Our Board of Directors and management are actively involved in overseeing cybersecurity matters. The Board of Directors is responsible for reviewing on a regular basis and assessing cybersecurity risks and ensuring the adequacy of our cybersecurity measures.
Our security processes are piloted by a Global Security Director, under the supervision of a Security Board, which includes the top management of WISeKey. Once a year, the Global Security Director reassesses our cybersecurity risks and proposes to the Security Board a plan of action and budget for the year to come.
An Executive Board Member of WISeKey holds a monthly meeting with the Global Security Director. During these meetings, the risks faced by the business and any new matters arising or potential threats identified are discussed. The Global Security Director also provides updates on his ongoing projects designed to manage these risks, as well as presenting the results of any audits that are being carried out. The full Board are also kept appraised on the results of all audits carried out during the year and are required to decide on strategic decisions such as whether to attain accreditations for certain verticals of the business. The Board and Audit Committee are responsible also for overseeing the annual audit of WISeKey which, while primarily focused on the financials of WISeKey, does also cover certain risks associated with the business.
Policies and Procedures:
We have implemented under our global security policy robust cybersecurity policies and procedures that address the identification, protection, detection, response, and recovery from potential cyber threats. Our EDM-QMS (Quality Management System) contains over 55 procedures & policies for IT & Security. Policies & procedure are reviewed at least once a year and updated to align with semiconductors’ industry best practices and current threats. Policies and procedures are systematically asked for each ISO or customer audit.
|Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block]
|Our security processes are piloted by a Global Security Director, under the supervision of a Security Board, which includes the top management of WISeKey. Once a year, the Global Security Director reassesses our cybersecurity risks and proposes to the Security Board a plan of action and budget for the year to come.
|Cybersecurity Risk Role of Management [Text Block]
|An Executive Board Member of WISeKey holds a monthly meeting with the Global Security Director. During these meetings, the risks faced by the business and any new matters arising or potential threats identified are discussed. The Global Security Director also provides updates on his ongoing projects designed to manage these risks, as well as presenting the results of any audits that are being carried out. The full Board are also kept appraised on the results of all audits carried out during the year and are required to decide on strategic decisions such as whether to attain accreditations for certain verticals of the business. The Board and Audit Committee are responsible also for overseeing the annual audit of WISeKey which, while primarily focused on the financials of WISeKey, does also cover certain risks associated with the business.
|Cybersecurity Risk Management Positions or Committees Responsible [Flag]
|true
|Cybersecurity Risk Management Processes For Assessing Identifying And Managing Threats [Text Block]
|WISeKey is dedicated to maintaining
the highest standards of cybersecurity to safeguard our operations, assets, and stakeholder interests. In an era where digital threats
continue to evolve, we recognize the paramount importance of cybersecurity in preserving the integrity, confidentiality, and availability
of our critical information and systems.
Our commitment to cybersecurity is rooted in a proactive and strategic approach that aligns with the semiconductor industry’s best practices and regulatory standards. We view cybersecurity not only as a compliance requirement but as an integral component of our corporate responsibility to protect the trust our shareholders, customers, and partners place in us.
Below is an overview of our cybersecurity governance, policies, and practices. We aim to demonstrate our resilience against cyber threats, articulate the measures we have in place to mitigate risks, and emphasize our ongoing investments in cybersecurity to adapt to the evolving threat landscape.
By integrating cybersecurity into our corporate culture, WISeKey strives to maintain a secure and resilient environment, fostering trust and confidence among stakeholders. We believe that transparency in our cybersecurity practices enhances our overall risk management strategy, and we remain committed to continuously improving our defenses against cyber threats.
Overview
WISeKey recognizes the critical importance of cybersecurity in today’s digital landscape. As an integral aspect of our risk management strategy, we maintain a comprehensive approach to cybersecurity to protect our operations, data, and stakeholder trust.
Cybersecurity in Strategic Decision-Making:
At WISeKey cybersecurity is not just a compliance checkbox; it’s an integral consideration in our strategic decision-making processes. Our leadership recognize the strategic importance of cybersecurity in sustaining investor confidence and ensuring the resilience of our operations.
Employee Empowerment:
We empower our directors, senior management, and employees to be active participants in our cybersecurity strategy. Yearly training programs equip them with the knowledge and awareness needed to recognize and respond to cybersecurity risks, fortifying our collective defenses.
Dynamic Policies and Procedures:
Our commitment extends beyond static policies — we embrace dynamic cybersecurity measures. Policies and procedures are living documents, refined regularly to keep pace with emerging threats. This adaptability is foundational to maintaining the confidentiality and integrity of our operations.
Incident Response Excellence:
In the event of a cybersecurity incident, our response is characterized by agility and efficiency. The WISeKey incident response plan is not just a theoretical framework, but a tested strategy designed for swift detection, containment, and recovery. Disaster Recovery Plan is in place, with in different locations and ready to be activated on demand. This approach reflects our commitment to minimizing the impact of cyber incidents.
Investments in Cyber Resilience:
Continuous investments underscore our commitment to cyber resilience. WISeKey allocates resources to cutting-edge cybersecurity technologies, ensuring our defenses evolve in tandem with the sophistication of cyber threats. Over 30% of the IT budget is dedicated to cyber security defense. This proactive stance is our pledge to stakeholders that their trust remains well-protected.
Compliance and Beyond:
Our adherence to cybersecurity regulations is complemented by a broader commitment to excellence. We view compliance as a baseline and strive for continuous improvement, fostering a cybersecurity culture that goes beyond regulatory mandates. We are certified for years as WEBTRUST and follow the (EU) General Data Protection Regulation (“GDPR”) guidance.
Oversight and Collaboration:
Oversight of cybersecurity matters is coupled with collaboration. The WISeKey Board collaborates with internal, external cybersecurity experts and national organization like the NIST, ensuring that we stay informed about emerging threats and technological industry best practices, and enabling us to make informed decisions.
Transparent Communication:
Transparent communication is key to our cybersecurity strategy. In this disclosure, we aim to provide shareholders and stakeholders with a transparent view into our cybersecurity practices, fostering trust through open dialogue on our approach, challenges, and ongoing initiatives. Our WISeKey Chief Information Security Officer (“CISO”) is the main interface to the transparent communication.
|Cybersecurity Risk Management Processes Integrated [Flag]
|true
|Cybersecurity Risk Management Processes Integrated [Text Block]
|By integrating cybersecurity into our corporate culture, WISeKey strives to maintain a secure and resilient environment, fostering trust and confidence among stakeholders. We believe that transparency in our cybersecurity practices enhances our overall risk management strategy, and we remain committed to continuously improving our defenses against cyber threats.
|Cybersecurity Risk Board of Directors Oversight [Text Block]
|Cybersecurity
Governance
Our Board of Directors and management are actively involved in overseeing cybersecurity matters. The Board of Directors is responsible for reviewing on a regular basis and assessing cybersecurity risks and ensuring the adequacy of our cybersecurity measures.
Our security processes are piloted by a Global Security Director, under the supervision of a Security Board, which includes the top management of WISeKey. Once a year, the Global Security Director reassesses our cybersecurity risks and proposes to the Security Board a plan of action and budget for the year to come.
An Executive Board Member of WISeKey holds a monthly meeting with the Global Security Director. During these meetings, the risks faced by the business and any new matters arising or potential threats identified are discussed. The Global Security Director also provides updates on his ongoing projects designed to manage these risks, as well as presenting the results of any audits that are being carried out. The full Board are also kept appraised on the results of all audits carried out during the year and are required to decide on strategic decisions such as whether to attain accreditations for certain verticals of the business. The Board and Audit Committee are responsible also for overseeing the annual audit of WISeKey which, while primarily focused on the financials of WISeKey, does also cover certain risks associated with the business.
Policies and Procedures:
We have implemented under our global security policy robust cybersecurity policies and procedures that address the identification, protection, detection, response, and recovery from potential cyber threats. Our EDM-QMS (Quality Management System) contains over 55 procedures & policies for IT & Security. Policies & procedure are reviewed at least once a year and updated to align with semiconductors’ industry best practices and current threats. Policies and procedures are systematically asked for each ISO or customer audit.
|Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block]
|Our security processes are piloted by a Global Security Director, under the supervision of a Security Board, which includes the top management of WISeKey. Once a year, the Global Security Director reassesses our cybersecurity risks and proposes to the Security Board a plan of action and budget for the year to come.
|Cybersecurity Risk Role of Management [Text Block]
|An Executive Board Member of WISeKey holds a monthly meeting with the Global Security Director. During these meetings, the risks faced by the business and any new matters arising or potential threats identified are discussed. The Global Security Director also provides updates on his ongoing projects designed to manage these risks, as well as presenting the results of any audits that are being carried out. The full Board are also kept appraised on the results of all audits carried out during the year and are required to decide on strategic decisions such as whether to attain accreditations for certain verticals of the business. The Board and Audit Committee are responsible also for overseeing the annual audit of WISeKey which, while primarily focused on the financials of WISeKey, does also cover certain risks associated with the business.
|Cybersecurity Risk Management Positions or Committees Responsible [Flag]
|true
|Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag]
|true
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef