|
Cybersecurity Risk Management and Strategy Disclosure
|12 Months Ended
Dec. 31, 2024
|Cybersecurity Risk Management, Strategy, and Governance [Abstract]
|Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]
|SEALSQ is dedicated to maintaining
the highest standards of cybersecurity to safeguard our operations, assets, and stakeholder interests. In an era where digital threats
continue to evolve, we recognize the paramount importance of cybersecurity in preserving the integrity, confidentiality, and availability
of our critical information and systems.
Our commitment to cybersecurity is rooted in a proactive and strategic approach that aligns with the Semiconductor industry’s best practices and regulatory standards. We view cybersecurity not only as a compliance requirement but as an integral component of our corporate responsibility to protect the trust of our shareholders, customers, and partners place in us.
Below is an overview of our cybersecurity governance, policies, and practices. We aim to demonstrate our resilience against cyber threats, articulate the measures we have in place to mitigate risks, and emphasize our ongoing investments in cybersecurity to adapt to the evolving threat landscape.
By integrating cybersecurity into our corporate culture, SEALSQ strives to maintain a secure and resilient environment, fostering trust and confidence among stakeholders. We believe that transparency in our cybersecurity practices enhances our overall risk management strategy, and we remain committed to continuously improving our defenses against cyber threats.
Overview
SEALSQ recognizes the critical importance of cybersecurity in today's digital landscape. As an integral aspect of our risk management strategy, we maintain a comprehensive approach to cybersecurity to protect our operations, data, and stakeholder trust.
Future Outlook
We are committed to staying ahead of emerging cyber threats and technologies. Leveraging our seat on the Eurosmart committees, we remain informed of the latest incidents, attacks, and technological advancements. Our future outlook involves ongoing investments in cybersecurity, proactive risk assessments, and collaboration with the semiconductor industry and cybersecurity experts, such as Inquest, to address new and evolving challenges. We are also focused on enhancing network performance by upgrading our core switches from 10Gbit to 25Gbit technology, significantly improving speed and reliability. In addition, storage capacity and performance will be improved with the implementation of a new NETAPP storage bay for hot data. Finally, we aim to track and reduce high vulnerabilities by 70%, further strengthening our security posture.
|Cybersecurity Risk Management Processes Integrated [Flag]
|true
|Cybersecurity Risk Management Processes Integrated [Text Block]
|By integrating cybersecurity into our corporate culture, SEALSQ strives to maintain a secure and resilient environment, fostering trust and confidence among stakeholders. We believe that transparency in our cybersecurity practices enhances our overall risk management strategy, and we remain committed to continuously improving our defenses against cyber threats.
|Cybersecurity Risk Management Third Party Engaged [Flag]
|true
|Cybersecurity Risk Third Party Oversight and Identification Processes [Flag]
|true
|Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Text Block]
|Incident Response Plan:
SEALSQ has a well-defined incident response plan to effectively manage and mitigate the impact of cybersecurity incidents. With our partner InQuest, a leader in cyber-defense, we have defined a main policy called Cybersecurity Response Plan to define all actions and plans to perform in case of cyberattack. It is a skeleton plan that refers to more specific procedures to help SEALSQ to take the right actions in a timely manner and address all fields, including detection, containment, investigation, rebuild and communication.
|Cybersecurity Risk Board of Directors Oversight [Text Block]
|Cybersecurity Governance
Our board of directors and management are actively involved in overseeing cybersecurity matters. The board of directors is responsible for reviewing on a regular basis and assessing cybersecurity risks and ensuring the adequacy of our cybersecurity measures.
Our security processes are piloted by a Global Security Director, under the supervision of a Security Board , which includes the top management of SEALSQ. Once a year, the Global Security Director reassesses our cybersecurity risks and proposes to the Security Board a plan of action and budget for the year to come.
The executive board members of SEALSQ hold a weekly meeting with the general manager to discuss all matters including operational matters and risk management, as well as holding regular, wider meetings with the senior management of SEALSQ. During these meetings, the risks faced by the business and any new matters arising or potential threats identified are discussed. The SEALSQ management team provide updates on their ongoing projects designed to manage these risks, as well as presenting the results of any audits that are being carried out. The board of directors is also kept apprised on the results of all audits carried out during the year and is required to decide on strategic decisions such as whether to attain accreditations for the business. The board and audit committee are responsible also for overseeing the annual audit of SEALSQ which, while primarily focused on the financials of SEALSQ, does also cover certain risks associated with the business.
Policies and Procedures:
Under our global security policy, we have implemented robust cybersecurity policies and procedures that address the identification, protection, detection, response, and recovery from potential cyber threats. Our EDM-QMS (Quality Management System) contains over 60 policies and procedures for IT and security. Our policies and procedures are reviewed once a year, at minimum, and updated to align with the semiconductor industry’s best practices and current threats. These policies and procedures are systematically asked for on each ISO or customer audit.
Cybersecurity Investments
We continually invest in cybersecurity technologies, infrastructure, and training programs to enhance our ability to defend against evolving cyber threats. These investments are designed to fortify our cyber defenses and ensure the resilience of our information systems. In 2024, we spent approximately 31% of the IT budget for cybersecurity. This is expected to increase to over 32% for cybersecurity investment in our budget plan for 2025.
Compliance and Regulations
SEALSQ complies with all applicable cybersecurity laws and regulations. For more than 16 years we have been ISO 27001 certified, and our products have been CC Common Criteria EAL5+ (ISO 15408) since 2003. We monitor changes in regulatory requirements and promptly adapt our cybersecurity best practices to remain in compliance with evolving semiconductor standards, such as ISO27001 ver2005, ver2013 and new ver2022.
Third-Party Relationships
We manage cybersecurity risks associated with third-party vendors and partners through due diligence, contractual obligations, and periodic assessments. Each year external audits are performed to our main suppliers. This includes requirements for third-parties to adhere to our cybersecurity standards.
Training and Awareness
To foster a cybersecurity-aware culture, we conduct at least yearly training programs for all employees and subcontractors to enhance their understanding of cybersecurity risks and best practices. Security induction sessions are also provided for all new employees or contractors. This ensures that our workforce is a critical line of defense against potential threats.
Additionally, we enhance our training efforts by conducting phishing campaigns through KnowBe4, a leading European provider for cybersecurity awareness training. This approach simulates real-world scenarios, helping employees identify and respond to phishing attempts effectively, while reinforcing the importance of vigilance in everyday interactions.
|Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block]
|Our security processes are piloted by a Global Security Director, under the supervision of a Security Board , which includes the top management of SEALSQ. Once a year, the Global Security Director reassesses our cybersecurity risks and proposes to the Security Board a plan of action and budget for the year to come.
|Cybersecurity Risk Role of Management [Text Block]
|The executive board members of SEALSQ hold a weekly meeting with the general manager to discuss all matters including operational matters and risk management, as well as holding regular, wider meetings with the senior management of SEALSQ. During these meetings, the risks faced by the business and any new matters arising or potential threats identified are discussed. The SEALSQ management team provide updates on their ongoing projects designed to manage these risks, as well as presenting the results of any audits that are being carried out. The board of directors is also kept apprised on the results of all audits carried out during the year and is required to decide on strategic decisions such as whether to attain accreditations for the business. The board and audit committee are responsible also for overseeing the annual audit of SEALSQ which, while primarily focused on the financials of SEALSQ, does also cover certain risks associated with the business.
|Cybersecurity Risk Management Positions or Committees Responsible [Flag]
|true
|Cybersecurity Risk Management Positions or Committees Responsible [Text Block]
|we have defined a main policy called Cybersecurity Response Plan to define all actions and plans to perform in case of cyberattack. It is a skeleton plan that refers to more specific procedures to help SEALSQ to take the right actions in a timely manner and address all fields, including detection, containment, investigation, rebuild and communication.
|Cybersecurity Risk Management Processes For Assessing Identifying And Managing Threats [Text Block]
|SEALSQ is dedicated to maintaining
the highest standards of cybersecurity to safeguard our operations, assets, and stakeholder interests. In an era where digital threats
continue to evolve, we recognize the paramount importance of cybersecurity in preserving the integrity, confidentiality, and availability
of our critical information and systems.
Our commitment to cybersecurity is rooted in a proactive and strategic approach that aligns with the Semiconductor industry’s best practices and regulatory standards. We view cybersecurity not only as a compliance requirement but as an integral component of our corporate responsibility to protect the trust of our shareholders, customers, and partners place in us.
Below is an overview of our cybersecurity governance, policies, and practices. We aim to demonstrate our resilience against cyber threats, articulate the measures we have in place to mitigate risks, and emphasize our ongoing investments in cybersecurity to adapt to the evolving threat landscape.
By integrating cybersecurity into our corporate culture, SEALSQ strives to maintain a secure and resilient environment, fostering trust and confidence among stakeholders. We believe that transparency in our cybersecurity practices enhances our overall risk management strategy, and we remain committed to continuously improving our defenses against cyber threats.
Overview
SEALSQ recognizes the critical importance of cybersecurity in today's digital landscape. As an integral aspect of our risk management strategy, we maintain a comprehensive approach to cybersecurity to protect our operations, data, and stakeholder trust.
Future Outlook
We are committed to staying ahead of emerging cyber threats and technologies. Leveraging our seat on the Eurosmart committees, we remain informed of the latest incidents, attacks, and technological advancements. Our future outlook involves ongoing investments in cybersecurity, proactive risk assessments, and collaboration with the semiconductor industry and cybersecurity experts, such as Inquest, to address new and evolving challenges. We are also focused on enhancing network performance by upgrading our core switches from 10Gbit to 25Gbit technology, significantly improving speed and reliability. In addition, storage capacity and performance will be improved with the implementation of a new NETAPP storage bay for hot data. Finally, we aim to track and reduce high vulnerabilities by 70%, further strengthening our security posture.
|Cybersecurity Risk Management Processes Integrated [Flag]
|true
|Cybersecurity Risk Management Processes Integrated [Text Block]
|By integrating cybersecurity into our corporate culture, SEALSQ strives to maintain a secure and resilient environment, fostering trust and confidence among stakeholders. We believe that transparency in our cybersecurity practices enhances our overall risk management strategy, and we remain committed to continuously improving our defenses against cyber threats.
|Cybersecurity Risk Management Third Party Engaged [Flag]
|true
|Cybersecurity Risk Third Party Oversight and Identification Processes [Flag]
|true
|Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Text Block]
|Incident Response Plan:
SEALSQ has a well-defined incident response plan to effectively manage and mitigate the impact of cybersecurity incidents. With our partner InQuest, a leader in cyber-defense, we have defined a main policy called Cybersecurity Response Plan to define all actions and plans to perform in case of cyberattack. It is a skeleton plan that refers to more specific procedures to help SEALSQ to take the right actions in a timely manner and address all fields, including detection, containment, investigation, rebuild and communication.
|Cybersecurity Risk Board of Directors Oversight [Text Block]
|Cybersecurity Governance
Our board of directors and management are actively involved in overseeing cybersecurity matters. The board of directors is responsible for reviewing on a regular basis and assessing cybersecurity risks and ensuring the adequacy of our cybersecurity measures.
Our security processes are piloted by a Global Security Director, under the supervision of a Security Board , which includes the top management of SEALSQ. Once a year, the Global Security Director reassesses our cybersecurity risks and proposes to the Security Board a plan of action and budget for the year to come.
The executive board members of SEALSQ hold a weekly meeting with the general manager to discuss all matters including operational matters and risk management, as well as holding regular, wider meetings with the senior management of SEALSQ. During these meetings, the risks faced by the business and any new matters arising or potential threats identified are discussed. The SEALSQ management team provide updates on their ongoing projects designed to manage these risks, as well as presenting the results of any audits that are being carried out. The board of directors is also kept apprised on the results of all audits carried out during the year and is required to decide on strategic decisions such as whether to attain accreditations for the business. The board and audit committee are responsible also for overseeing the annual audit of SEALSQ which, while primarily focused on the financials of SEALSQ, does also cover certain risks associated with the business.
Policies and Procedures:
Under our global security policy, we have implemented robust cybersecurity policies and procedures that address the identification, protection, detection, response, and recovery from potential cyber threats. Our EDM-QMS (Quality Management System) contains over 60 policies and procedures for IT and security. Our policies and procedures are reviewed once a year, at minimum, and updated to align with the semiconductor industry’s best practices and current threats. These policies and procedures are systematically asked for on each ISO or customer audit.
Cybersecurity Investments
We continually invest in cybersecurity technologies, infrastructure, and training programs to enhance our ability to defend against evolving cyber threats. These investments are designed to fortify our cyber defenses and ensure the resilience of our information systems. In 2024, we spent approximately 31% of the IT budget for cybersecurity. This is expected to increase to over 32% for cybersecurity investment in our budget plan for 2025.
Compliance and Regulations
SEALSQ complies with all applicable cybersecurity laws and regulations. For more than 16 years we have been ISO 27001 certified, and our products have been CC Common Criteria EAL5+ (ISO 15408) since 2003. We monitor changes in regulatory requirements and promptly adapt our cybersecurity best practices to remain in compliance with evolving semiconductor standards, such as ISO27001 ver2005, ver2013 and new ver2022.
Third-Party Relationships
We manage cybersecurity risks associated with third-party vendors and partners through due diligence, contractual obligations, and periodic assessments. Each year external audits are performed to our main suppliers. This includes requirements for third-parties to adhere to our cybersecurity standards.
Training and Awareness
To foster a cybersecurity-aware culture, we conduct at least yearly training programs for all employees and subcontractors to enhance their understanding of cybersecurity risks and best practices. Security induction sessions are also provided for all new employees or contractors. This ensures that our workforce is a critical line of defense against potential threats.
Additionally, we enhance our training efforts by conducting phishing campaigns through KnowBe4, a leading European provider for cybersecurity awareness training. This approach simulates real-world scenarios, helping employees identify and respond to phishing attempts effectively, while reinforcing the importance of vigilance in everyday interactions.
|Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block]
|Our security processes are piloted by a Global Security Director, under the supervision of a Security Board , which includes the top management of SEALSQ. Once a year, the Global Security Director reassesses our cybersecurity risks and proposes to the Security Board a plan of action and budget for the year to come.
|Cybersecurity Risk Role of Management [Text Block]
|The executive board members of SEALSQ hold a weekly meeting with the general manager to discuss all matters including operational matters and risk management, as well as holding regular, wider meetings with the senior management of SEALSQ. During these meetings, the risks faced by the business and any new matters arising or potential threats identified are discussed. The SEALSQ management team provide updates on their ongoing projects designed to manage these risks, as well as presenting the results of any audits that are being carried out. The board of directors is also kept apprised on the results of all audits carried out during the year and is required to decide on strategic decisions such as whether to attain accreditations for the business. The board and audit committee are responsible also for overseeing the annual audit of SEALSQ which, while primarily focused on the financials of SEALSQ, does also cover certain risks associated with the business.
|Cybersecurity Risk Management Positions or Committees Responsible [Flag]
|true
|Cybersecurity Risk Management Positions or Committees Responsible [Text Block]
|we have defined a main policy called Cybersecurity Response Plan to define all actions and plans to perform in case of cyberattack. It is a skeleton plan that refers to more specific procedures to help SEALSQ to take the right actions in a timely manner and address all fields, including detection, containment, investigation, rebuild and communication.
|Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag]
|true
|Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block]
|Cybersecurity Performance
Metrics
SEALSQ monitors key performance metrics related to cybersecurity, including, but not limited to, firewalls, IPS probes (to track the number and nature of attacks), web and application usage by end users, and activity monitoring for VPN access. These metrics are reviewed weekly by the IT Director to drive continuous improvement. Additionally, general and file access control, account management, and power-user activities are monitored using the Log360 add-on from ManageEngine. In 2024, we enhanced our infrastructure monitoring capabilities by increasing Zabbix probes by 30%, providing a more comprehensive view of our IT infrastructure. Furthermore, critical vulnerabilities are now consistently reduced to near-zero levels. All these metrics, along with other insights, are consolidated and presented during the SEALSQ Security Board meetings.
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef