|
Cybersecurity Risk Management and Strategy Disclosure
|12 Months Ended
Dec. 31, 2024
|Cybersecurity Risk Management, Strategy, and Governance [Line Items]
|Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]
|
Cybersecurity Risk Management and Strategy
SharkNinja utilizes the National Institute of Standards and Technology (“NIST”) Cybersecurity Framework (“CSF”) as the foundation of the Company’s commitment to effective cybersecurity risk management. The NIST CSF is implemented across the organization to embed risk management processes that address critical information technology risk by applying its key functions for assessing, managing and mitigating cyber risks over time as follows:
1.Identify: The Enterprise Risk Committee of the Company, including the Chief Financial Officer, Chief Legal Officer, Chief Information Officer, Chief People Officer and Chief Operating Officer, identifies and prioritizes information assets, business processes, and systems critical to its operations and performs risk assessments to identify potential threats and vulnerabilities.
2.Protect: Measures are in place to safeguard information assets, including access controls, encryption, secure configurations and leading cybersecurity software and tools. Employee training programs promote awareness of real-world cyber-threats and adherence to cybersecurity policies.
3.Detect: The Company utilizes current technologies to detect and respond to cybersecurity events promptly. Continuous monitoring and incident response plans are integral components of our cybersecurity posture and are supported by a third-party managed security services provider in addition to an internal security operations team.
4.Respond: In the event of a cybersecurity incident, the Company follows a defined incident response plan to contain, mitigate, evaluate and recover from the impact of cybersecurity incidents. Communication protocols are established to notify relevant stakeholders promptly. Third-party forensic investigation and legal firms augment the Incident Response Team to provide specialized services if needed.
5.Recover: The Company maintains comprehensive backup and recovery procedures to ensure the timely restoration of information assets in the event of a cybersecurity incident. Lessons learned from incidents are used to enhance future resilience.
We rely extensively on information technology (“IT”) systems, networks and services, including internet sites, data hosting and processing facilities and tools and other hardware, software and technical applications and platforms, some of which are managed, hosted, provided and/or used by third parties or their vendors, to assist in conducting our business.
Our IT systems have been, and will likely continue to be, subject to computer viruses or other malicious codes, unauthorized access attempts, phishing and other cyberattacks. We continue to assess potential threats and make investments seeking to address and prevent these threats, including monitoring of our networks and systems and upgrading skills, employee training and security policies for us and our third-party providers. However, because the techniques used in these cyberattacks change frequently and may be difficult to detect for periods of time, we may face difficulties in anticipating and implementing adequate preventative measures. To date, risks from cybersecurity threats, including as a result of any previous cybersecurity incidents, have not materially affected and we do not believe are reasonably likely to materially affect the Company, including our business strategy, results of operations, or financial condition. However, we cannot guarantee that our security efforts will prevent breaches or breakdowns to our or our third-party providers’ databases or systems in the future. If the IT systems, networks or service providers we rely upon fail to function properly or if we or one of our third-party providers suffer a loss, significant unavailability of or disclosure of our business or stakeholder information and our business continuity plans do not effectively address these failures on a timely basis, we may be exposed to reputational, competitive and business harm as well as litigation and regulatory action, including administrative fines. The costs and operational consequences of responding to breaches and implementing remediation measures could be significant.
The Audit Committee of the Board of Directors provides oversight of the Company’s cybersecurity program and receives regular updates on cyber-risks and risk mitigation strategies. Senior management oversees program planning, operations and continuous improvement including:
1.Cyber-risks are reported and monitored through the Enterprise Risk Management program with oversight by the Enterprise Risk Committee.
2.Periodic third-party cybersecurity threat modeling and maturity assessment designed to identify likely threat actors and attack techniques and the Company’s ability that mitigate likely threats.
3.Annual Cybersecurity Strategic Plan and roadmap designed to align cybersecurity budget investments and program enhancements with corporate initiatives and growth goals.
4.Policies and standards that govern the cybersecurity program and the use of technology assets by SharkNinja associates.
5.Cybersecurity awareness training at time of onboarding and annually for all associates, email phishing simulations and ongoing communications to inform associates of current threats and attack techniques.
6.Frequent vulnerability scanning and security tests to identify and reduce risk exposure of critical assets.
7.Annual incident response plan preparedness assessment led by outside consultants to evaluate the Company’s ability to effectively respond to a cybersecurity incident.SharkNinja performs third-party cybersecurity program risk assessments to evaluate key vendors’ abilities to maintain ongoing operations that support the Company and to protect confidential information from unauthorized access. The Company evaluates risks and implements mitigation strategies with vendors when applicable. Contracts with vendors include provisions that govern effective cybersecurity program management and privacy requirements.
|Cybersecurity Risk Management Processes Integrated [Flag]
|true
|Cybersecurity Risk Management Processes Integrated [Text Block]
|
SharkNinja utilizes the National Institute of Standards and Technology (“NIST”) Cybersecurity Framework (“CSF”) as the foundation of the Company’s commitment to effective cybersecurity risk management. The NIST CSF is implemented across the organization to embed risk management processes that address critical information technology risk by applying its key functions for assessing, managing and mitigating cyber risks over time as follows:
|Cybersecurity Risk Management Third Party Engaged [Flag]
|true
|Cybersecurity Risk Third Party Oversight and Identification Processes [Flag]
|true
|Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag]
|false
|Cybersecurity Risk Board of Directors Oversight [Text Block]
|
The Audit Committee provides oversight of the Company’s cybersecurity program. This oversight includes understanding our business needs and associated risks and reviewing management's strategy and recommendations for managing cybersecurity and privacy risks. In line with this oversight responsibility, the Audit Committee receives regular updates on cyber-risks and risk mitigation strategies from management. Outside counsel and cybersecurity consultants support the Committee in its oversight of the SharkNinja cybersecurity program. Additionally, a Cybersecurity & Privacy Steering Committee consisting of our Chief Information Officer, Chief Legal Officer and Chief Financial Officer meets periodically and is apprised of key risks.
|Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block]
|The Audit Committee provides oversight of the Company’s cybersecurity program.
|Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block]
|The Audit Committee provides oversight of the Company’s cybersecurity program. This oversight includes understanding our business needs and associated risks and reviewing management's strategy and recommendations for managing cybersecurity and privacy risks.
|Cybersecurity Risk Role of Management [Text Block]
|
The Audit Committee provides oversight of the Company’s cybersecurity program. This oversight includes understanding our business needs and associated risks and reviewing management's strategy and recommendations for managing cybersecurity and privacy risks. In line with this oversight responsibility, the Audit Committee receives regular updates on cyber-risks and risk mitigation strategies from management. Outside counsel and cybersecurity consultants support the Committee in its oversight of the SharkNinja cybersecurity program. Additionally, a Cybersecurity & Privacy Steering Committee consisting of our Chief Information Officer, Chief Legal Officer and Chief Financial Officer meets periodically and is apprised of key risks.
|Cybersecurity Risk Management Positions or Committees Responsible [Flag]
|true
|Cybersecurity Risk Management Positions or Committees Responsible [Text Block]
|
The Audit Committee provides oversight of the Company’s cybersecurity program. This oversight includes understanding our business needs and associated risks and reviewing management's strategy and recommendations for managing cybersecurity and privacy risks. In line with this oversight responsibility, the Audit Committee receives regular updates on cyber-risks and risk mitigation strategies from management. Outside counsel and cybersecurity consultants support the Committee in its oversight of the SharkNinja cybersecurity program. Additionally, a Cybersecurity & Privacy Steering Committee consisting of our Chief Information Officer, Chief Legal Officer and Chief Financial Officer meets periodically and is apprised of key risks.
|Cybersecurity Risk Management Expertise of Management Responsible [Text Block]
|Additionally, a Cybersecurity & Privacy Steering Committee consisting of our Chief Information Officer, Chief Legal Officer and Chief Financial Officer meets periodically and is apprised of key risks
|Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block]
|The Audit Committee provides oversight of the Company’s cybersecurity program. This oversight includes understanding our business needs and associated risks and reviewing management's strategy and recommendations for managing cybersecurity and privacy risks. In line with this oversight responsibility, the Audit Committee receives regular updates on cyber-risks and risk mitigation strategies from management.
|Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag]
|true
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef