|
Cybersecurity Risk Management and Strategy Disclosure
|12 Months Ended
Dec. 31, 2024
|Cybersecurity Risk Management, Strategy, and Governance [Line Items]
|Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]
|
Sinclair maintains a cyber risk management program designed to identify, assess, manage, mitigate, and respond to cybersecurity threats. This program is integrated within the Company’s enterprise risk management system and disclosure committee. The program addresses the corporate information technology environment, third-party service providers, and customer-facing products and applications.
The Company’s Chief Information Security Officer (“CISO”) is responsible for developing and implementing our information security program and reporting on cybersecurity matters to the Board, the audit committee and disclosure committee. Our CISO has over a decade of experience leading cybersecurity oversight, and others on our IT security team have cybersecurity experience or certifications, such as the Certified Information Systems Security Professional certification.
We have continued to expand investments in IT security, including additional end-user training, using layered defenses, identifying and protecting critical assets, strengthening monitoring and alerting, and engaging experts. At the management level, our IT security team identifies risks by regularly monitoring alerts, meeting to discuss threat levels, trends, and remediation, and immediately informing the CISO, whom leads the IT security team, upon the occurrence of any material event. The processes used to assess the risk level includes preparing a monthly cyber scorecard, regularly collecting data on cybersecurity threats and risk areas, and conducting an annual risk assessment. To assure risks are reduced and maintained, we conduct periodic external penetration tests, red team testing, and maturity testing to assess our processes and procedures and the threat landscape. We regularly test defenses by performing simulations and drills at both a technical level (including penetration tests) and by reviewing our operational policies and procedures with third-party experts. We view cybersecurity as a shared responsibility throughout the Company, and we periodically perform simulations and tabletop exercises at technical and management levels and incorporate external resources and advisors as needed. These tests and assessments are useful tools for maintaining a robust cybersecurity program to protect our investors, customers, employees, vendors, and intellectual property. All employees are required to complete cybersecurity training at least once a year and have access to more frequent cybersecurity online training. We also require employees in certain roles to complete additional role-based, specialized cybersecurity training. We utilize our Internal Audit team to assess the design and operating effectiveness of our internal controls, including those that relate to our IT security environment. Further, we maintain various cyber insurance policies and believe we are adequately covered in the event we experience a cybersecurity breach.
In addition to assessing our own cybersecurity preparedness, we also consider and evaluate cybersecurity risks associated with the use of third-party service providers. Our Internal Audit team conducts an annual review of third-party hosted applications with a specific focus on sensitive data shared with third parties. The internal business owners of the hosted applications are required to document user access reviews at least annually and provide from the vendor a System and Organization Controls (“SOC”) 1 or SOC 2 report. If a third-party vendor is not able to provide a SOC 1 or SOC 2 report, we take additional steps to assess their cybersecurity preparedness and assess our relationship on that basis. Our assessment of risks associated with the use of third-party providers is part of our overall cybersecurity risk management framework.
|Cybersecurity Risk Management Processes Integrated [Flag]
|true
|Cybersecurity Risk Management Processes Integrated [Text Block]
|
Sinclair maintains a cyber risk management program designed to identify, assess, manage, mitigate, and respond to cybersecurity threats. This program is integrated within the Company’s enterprise risk management system and disclosure committee. The program addresses the corporate information technology environment, third-party service providers, and customer-facing products and applications.
|Cybersecurity Risk Management Third Party Engaged [Flag]
|true
|Cybersecurity Risk Third Party Oversight and Identification Processes [Flag]
|true
|Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag]
|false
|Cybersecurity Risk Board of Directors Oversight [Text Block]
|
The Board oversees the Company’s cybersecurity risk exposures and the steps taken by management to monitor and mitigate cybersecurity risks. The CISO briefs the Board on the effectiveness of the Company’s cyber risk management program, typically on a quarterly basis. In addition, cybersecurity risks are reviewed by the Board, at least annually, as part of the Company’s corporate risk management process.
|Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block]
|The Company’s Chief Information Security Officer (“CISO”) is responsible for developing and implementing our information security program and reporting on cybersecurity matters to the Board, the audit committee and disclosure committee.
|Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block]
|We have continued to expand investments in IT security, including additional end-user training, using layered defenses, identifying and protecting critical assets, strengthening monitoring and alerting, and engaging experts. At the management level, our IT security team identifies risks by regularly monitoring alerts, meeting to discuss threat levels, trends, and remediation, and immediately informing the CISO, whom leads the IT security team, upon the occurrence of any material event. The processes used to assess the risk level includes preparing a monthly cyber scorecard, regularly collecting data on cybersecurity threats and risk areas, and conducting an annual risk assessment. To assure risks are reduced and maintained, we conduct periodic external penetration tests, red team testing, and maturity testing to assess our processes and procedures and the threat landscape.
|Cybersecurity Risk Role of Management [Text Block]
|
The Company’s Chief Information Security Officer (“CISO”) is responsible for developing and implementing our information security program and reporting on cybersecurity matters to the Board, the audit committee and disclosure committee. Our CISO has over a decade of experience leading cybersecurity oversight, and others on our IT security team have cybersecurity experience or certifications, such as the Certified Information Systems Security Professional certification.
We have continued to expand investments in IT security, including additional end-user training, using layered defenses, identifying and protecting critical assets, strengthening monitoring and alerting, and engaging experts. At the management level, our IT security team identifies risks by regularly monitoring alerts, meeting to discuss threat levels, trends, and remediation, and immediately informing the CISO, whom leads the IT security team, upon the occurrence of any material event. The processes used to assess the risk level includes preparing a monthly cyber scorecard, regularly collecting data on cybersecurity threats and risk areas, and conducting an annual risk assessment. To assure risks are reduced and maintained, we conduct periodic external penetration tests, red team testing, and maturity testing to assess our processes and procedures and the threat landscape. We regularly test defenses by performing simulations and drills at both a technical level (including penetration tests) and by reviewing our operational policies and procedures with third-party experts. We view cybersecurity as a shared responsibility throughout the Company, and we periodically perform simulations and tabletop exercises at technical and management levels and incorporate external resources and advisors as needed. These tests and assessments are useful tools for maintaining a robust cybersecurity program to protect our investors, customers, employees, vendors, and intellectual property. All employees are required to complete cybersecurity training at least once a year and have access to more frequent cybersecurity online training. We also require employees in certain roles to complete additional role-based, specialized cybersecurity training. We utilize our Internal Audit team to assess the design and operating effectiveness of our internal controls, including those that relate to our IT security environment. Further, we maintain various cyber insurance policies and believe we are adequately covered in the event we experience a cybersecurity breach.
|Cybersecurity Risk Management Positions or Committees Responsible [Flag]
|true
|Cybersecurity Risk Management Positions or Committees Responsible [Text Block]
|The Company’s Chief Information Security Officer (“CISO”) is responsible for developing and implementing our information security program and reporting on cybersecurity matters to the Board, the audit committee and disclosure committee.
|Cybersecurity Risk Management Expertise of Management Responsible [Text Block]
|Our CISO has over a decade of experience leading cybersecurity oversight, and others on our IT security team have cybersecurity experience or certifications, such as the Certified Information Systems Security Professional certification.
|Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block]
|We view cybersecurity as a shared responsibility throughout the Company, and we periodically perform simulations and tabletop exercises at technical and management levels and incorporate external resources and advisors as needed. These tests and assessments are useful tools for maintaining a robust cybersecurity program to protect our investors, customers, employees, vendors, and intellectual property. All employees are required to complete cybersecurity training at least once a year and have access to more frequent cybersecurity online training. We also require employees in certain roles to complete additional role-based, specialized cybersecurity training. We utilize our Internal Audit team to assess the design and operating effectiveness of our internal controls, including those that relate to our IT security environment. Further, we maintain various cyber insurance policies and believe we are adequately covered in the event we experience a cybersecurity breach.
|Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag]
|true
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef