|
Cybersecurity Risk Management and Strategy Disclosure
|12 Months Ended
Dec. 31, 2024
|Cybersecurity Risk Management, Strategy, and Governance [Abstract]
|Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]
|
Risk Management and Strategy
As an indirect subsidiary of ERJ, the Company falls within Embraer’s IT ecosystem and has adopted their processes and mechanisms for the assessment, identification and management of risks arising from cybersecurity threats. Eve, like all business organizations, is subject to a broad range of cyber threats, with varying levels of sophistication. The techniques and tools used in cyber threats can evolve rapidly and include new technologies, such as advanced automation and artificial intelligence. These cyber threats can jeopardize the confidentiality, availability and integrity of our systems and data, including our business partners’ confidential, classified or personal data.
We have adopted various processes for the assessment, identification and management of risks arising from cybersecurity threats, which are documented in our Cybersecurity Incident Response Procedure, Directives for Cyber Protection in Embraer Group Companies, and Procedures to Monitoring and Responding to Information Security Incidents.
We apply cybersecurity solutions and procedures to help ensure the most appropriate and applicable handling, collection, and availability of data and information used by our corporate systems, business processes and products. These procedures and mechanisms are based on best market practices (including frameworks such as NIST CSF and ISO27001/2) and undergo periodic reviews to help ensure their ability to spot, control, and respond to potential global cyber threats.
We have a cybersecurity incident response cycle procedure that is followed by the Eve Cyber Security team and Embraer’s SOC/SIEM team, which is a four-stage procedure response to be used in case of a detected cybersecurity incident. The procedure comprises the following stages: (i) the training and preparation of our teams to act promptly in response to cybersecurity incidents by implementing controls based on risk assessments; (ii) incident detection and analysis; (iii) actions for containment, eradication and recovery from the incident; (iv) post-incident activities, which comprises the activities to avoid, prevent and improve actions in case of new incidents and train those involved in the incident and raise awareness among other employees to avoid new cases.
As part of our risk management strategy, we have in the past engaged third-parties to assess our cybersecurity controls and procedures.
Cybersecurity Incidents
However, future cybersecurity incidents may interrupt our operations, cause reputational harm, subject us to increased operating costs and/or expose us to litigation. Despite our security controls and measures to prevent the violation of our systems, we cannot guarantee that cyberattacks or similar breaches will not happen in the future. For additional information on cybersecurity risks, see the risk factors, in Part I, Item 1A. of this Form 10-K.
|Cybersecurity Risk Management Processes Integrated [Flag]
|true
|Cybersecurity Risk Management Processes Integrated [Text Block]
|We have adopted various processes for the assessment, identification and management of risks arising from cybersecurity threats, which are documented in our Cybersecurity Incident Response Procedure, Directives for Cyber Protection in Embraer Group Companies, and Procedures to Monitoring and Responding to Information Security Incidents.
|Cybersecurity Risk Management Third Party Engaged [Flag]
|true
|Cybersecurity Risk Third Party Oversight and Identification Processes [Flag]
|true
|Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag]
|false
|Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Text Block]
|
However, future cybersecurity incidents may interrupt our operations, cause reputational harm, subject us to increased operating costs and/or expose us to litigation. Despite our security controls and measures to prevent the violation of our systems, we cannot guarantee that cyberattacks or similar breaches will not happen in the future. For additional information on cybersecurity risks, see the risk factors, in Part I, Item 1A. of this Form 10-K.
|Cybersecurity Risk Board of Directors Oversight [Text Block]
|
Governance
We have developed and continue to enhance our cybersecurity governance program to help identify and assess material risks from cybersecurity threats.
Our management team, with involvement and input from our Board of Directors and the Audit Committee, performs enterprise risk assessments annually, or as needed, to help identify and manage key existing and emerging enterprise risks for the Company. Our enterprise risk assessment process seeks to identify both the potential impacts to Eve of a particular risk, and its probability to materialize. Our management team has the overall responsibility for, and oversight of, our Enterprise Risk Management (“ERM”) process, monitoring and managing each of the identified risks, and cybersecurity is among the risks identified and presented to the management team in connection with ERM risk assessments. Embraer’s CISO has several years of experience in information security and possesses the requisite education, skills and competence expected of an individual assigned to these duties.
Our Audit Committee is responsible for discussing guidelines and policies governing the process by which senior management of the Company and the relevant departments of the Company, including the internal audit function, assess and manage the Company’s exposure to cybersecurity risk.
|Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block]
|Our management team has the overall responsibility for, and oversight of, our Enterprise Risk Management (“ERM”) process, monitoring and managing each of the identified risks, and cybersecurity is among the risks identified and presented to the management team in connection with ERM risk assessments.
|Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block]
|
Our Audit Committee is responsible for discussing guidelines and policies governing the process by which senior management of the Company and the relevant departments of the Company, including the internal audit function, assess and manage the Company’s exposure to cybersecurity risk.
|Cybersecurity Risk Role of Management [Text Block]
|
Our management team, with involvement and input from our Board of Directors and the Audit Committee, performs enterprise risk assessments annually, or as needed, to help identify and manage key existing and emerging enterprise risks for the Company. Our enterprise risk assessment process seeks to identify both the potential impacts to Eve of a particular risk, and its probability to materialize. Our management team has the overall responsibility for, and oversight of, our Enterprise Risk Management (“ERM”) process, monitoring and managing each of the identified risks, and cybersecurity is among the risks identified and presented to the management team in connection with ERM risk assessments. Embraer’s CISO has several years of experience in information security and possesses the requisite education, skills and competence expected of an individual assigned to these duties.
|Cybersecurity Risk Management Positions or Committees Responsible [Flag]
|true
|Cybersecurity Risk Management Positions or Committees Responsible [Text Block]
|Cybersecurity Risk Management Expertise of Management Responsible [Text Block]
|Embraer’s CISO has several years of experience in information security and possesses the requisite education, skills and competence expected of an individual assigned to these duties.
|Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block]
|Our Audit Committee is responsible for discussing guidelines and policies governing the process by which senior management of the Company and the relevant departments of the Company, including the internal audit function, assess and manage the Company’s exposure to cybersecurity risk.
|Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag]
|true
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef