|
Cybersecurity Risk Management and Strategy Disclosure
|12 Months Ended
Dec. 31, 2024
|Cybersecurity Risk Management, Strategy, and Governance [Line Items]
|Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]
|Sunrise is subject to risks from cyber-attacks that have the potential to cause significant interruptions to the operation of its business. The frequency of these attempted intrusions has increased in recent years and the sources, motivations and techniques of attack continue to evolve and change rapidly. Sunrise has developed a cybersecurity program that is designed to scan for, monitor and identify risks to company confidential or non-public information, protect such information, detect threats and events and maintain an appropriate response and recovery capability to help ensure resilience against cyber-attacks and other information security incidents. Sunrise has adopted a variety of measures to monitor and address cyber-related risks and continue to implement and explore additional cybersecurity measures.
|Cybersecurity Risk Management Processes Integrated [Flag]
|true
|Cybersecurity Risk Management Processes Integrated [Text Block]
|Sunrise has developed a cybersecurity program that is designed to scan for, monitor and identify risks to company confidential or non-public information, protect such information, detect threats and events and maintain an appropriate response and recovery capability to help ensure resilience against cyber-attacks and other information security incidents. Sunrise has adopted a variety of measures to monitor and address cyber-related risks and continue to implement and explore additional cybersecurity measures. Sunrise's strategy for managing cyber-related risks is risk-based and, where appropriate, integrated within our comprehensive enterprise risk management processes.
|Cybersecurity Risk Management Third Party Engaged [Flag]
|true
|Cybersecurity Risk Third Party Oversight and Identification Processes [Flag]
|true
|Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag]
|false
|Cybersecurity Risk Board of Directors Oversight [Text Block]
|Sunrise's CISO provides periodic updates to the Audit Committee on the state of Sunrise's cybersecurity posture, new threats or threat actors that the company is monitoring or developing defenses against and any potential areas of improvement. Sunrise's CEO, CTO, CISO and CAO also have to provide ad hoc updates to the Audit Committee and full board of directors, as appropriate, in the case of a material cybersecurity incident, providing them a full briefing of the type and scope of the incident as well as the company’s current and planned mitigation efforts. All the memebrs of the Audit Committee have significant direct or indirect cybersecurity experience. Cybersecurity and the effectiveness of our cybersecurity strategy are regular topics of discussion at meetings of our Audit Committee and board of directors.
|Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block]
|Sunrise's Audit Committee is responsible for oversight of our cybersecurity measures, incident response management and risks related to cybersecurity and technology as well as the steps taken by management to mitigate such risks.
|Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block]
|Sunrise's CISO provides periodic updates to the Audit Committee on the state of Sunrise's cybersecurity posture, new threats or threat actors that the company is monitoring or developing defenses against and any potential areas of improvement. Sunrise's CEO, CTO, CISO and CAO also have to provide ad hoc updates to the Audit Committee and full board of directors, as appropriate, in the case of a material cybersecurity incident, providing them a full briefing of the type and scope of the incident as well as the company’s current and planned mitigation efforts.
|Cybersecurity Risk Role of Management [Text Block]
|Sunrise's Chief Information Security Officer (“CISO”), who reports directly to Sunrise's Chief Technology Officer (“CTO”), leads a dedicated cybersecurity team and is responsible for the design, implementation and execution of our cyber-risk management strategy. Additionally, the Compliance, Regulatory & Governance team who is reporting to the General Counsel and Chief Corporate Affairs Officer (“CAO”) and works closely with the CISO on information security matters oversees and manages the ISO 27001:2022 certified Sunrise Information Security Management System (“ISMS”) as well as the ISO 22301 certified Sunrise Business Continuity Management System (“BCMS”). Both of these management systems include a comprehensive and specific risk management and policy framework. The risks from the respective management systems feed directly into the corporate risk management and are regularly reported to the Audit Committee.
Sunrise's CISO and cybersecurity teams actively monitor Sunrise's systems, regularly review and adapt its policies, compliance, regulations and best practices, perform penetration testing, conduct incident response exercises and internal ethical phishing campaigns and provide periodic training and communication across the organization to strengthen security focused behavior and foster a culture of digital safety. Sunrise's cybersecurity team also routinely participates in industry-wide programs to further information sharing, intelligence gathering and unity of effort in responding to potential or actual attacks. The Sunrise ISO certified BCMS operates and is externally audited on a yearly cycle and includes comprehensive business continuity plans for all critical systems and activities to develop an effective recovery strategy that seeks to decrease incident response times, limit financial impacts and maintain customer confidence during any business interruption. As part of the ISO certified ISMS, Sunrise also administers a third-party risk governance program that identifies potential risks introduced through third-party relationships, such as vendors, software and hardware manufacturers or professional service providers. Sunrise seeks to obtain certain contractual security guarantees and assurances with these third-party relationships to help ensure the security and safety of its information. The cybersecurity teams works closely with a broad range of departments, including legal, regulatory, corporate communications, audit services, information technology and operational technology functions critical to Sunrise's operations, as well as engaging external vendors to help ensure the company’s cybersecurity program operates effectively.
Sunrise's current CISO, Antti Partanen, has significant experience leading cybersecurity efforts at large enterprises, having worked immediately prior to joining Sunrise at Vodafone Global Cyber Security where he was instrumental in shaping the Cyber Security function at Vodafone Germany, the biggest Vodafone OpCo, where he held the roles of Head of Cyber Prevent and Deputy Chief Information Security Officer during a period of eight years. The Sunrise CISO also holds a Masters degree in Communications Engineering, Telecommunications Systems and Network Security from Helsinki University of Technology (Aalto University). Furthermore, he is a ISACA-Certified Information Security Manager. Sunrise's CISO has been with the company or its subsidiaries for over two years.
Cybersecurity incidents detected by Sunrise's cybersecurity team are evaluated internally based on their severity Management of cyber incidents is aligned with the Sunrise Corporate Crisis Management5, with major incidents being escalated to, and managed by, the Corporate Crisis Management, and according to the thresholds defined in the Corporate Crisis Management, escalated to the highest levels of management, including the company’s Chief Technology Officer (“CTO”), its CAO, and, ultimately, its CEO. These members of the Executive Committee are provided with details of the type and severity of the attack, the company’s planned response to the incident
and are briefed on what information was accessed and the impact such incident has had or is expected to have on the company’s operations, as well as any financial or regulatory implications resulting from the incident.
Sunrise's Audit Committee is responsible for oversight of our cybersecurity measures, incident response management and risks related to cybersecurity and technology as well as the steps taken by management to mitigate such risks. Sunrise's CISO provides periodic updates to the Audit Committee on the state of Sunrise's cybersecurity posture, new threats or threat actors that the company is monitoring or developing defenses against and any potential areas of improvement. Sunrise's CEO, CTO, CISO and CAO also have to provide ad hoc updates to the Audit Committee and full board of directors, as appropriate, in the case of a material cybersecurity incident, providing them a full briefing of the type and scope of the incident as well as the company’s current and planned mitigation efforts. All the memebrs of the Audit Committee have significant direct or indirect cybersecurity experience. Cybersecurity and the effectiveness of our cybersecurity strategy are regular topics of discussion at meetings of our Audit Committee and board of directors.
|Cybersecurity Risk Management Positions or Committees Responsible [Flag]
|true
|Cybersecurity Risk Management Positions or Committees Responsible [Text Block]
|Sunrise's Chief Information Security Officer (“CISO”), who reports directly to Sunrise's Chief Technology Officer (“CTO”), leads a dedicated cybersecurity team and is responsible for the design, implementation and execution of our cyber-risk management strategy. Additionally, the Compliance, Regulatory & Governance team who is reporting to the General Counsel and Chief Corporate Affairs Officer (“CAO”) and works closely with the CISO on information security matters oversees and manages the ISO 27001:2022 certified Sunrise Information Security Management System (“ISMS”) as well as the ISO 22301 certified Sunrise Business Continuity Management System (“BCMS”)
|Cybersecurity Risk Management Expertise of Management Responsible [Text Block]
|Sunrise's current CISO, Antti Partanen, has significant experience leading cybersecurity efforts at large enterprises, having worked immediately prior to joining Sunrise at Vodafone Global Cyber Security where he was instrumental in shaping the Cyber Security function at Vodafone Germany, the biggest Vodafone OpCo, where he held the roles of Head of Cyber Prevent and Deputy Chief Information Security Officer during a period of eight years. The Sunrise CISO also holds a Masters degree in Communications Engineering, Telecommunications Systems and Network Security from Helsinki University of Technology (Aalto University). Furthermore, he is a ISACA-Certified Information Security Manager. Sunrise's CISO has been with the company or its subsidiaries for over two years.
|Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block]
|Cybersecurity incidents detected by Sunrise's cybersecurity team are evaluated internally based on their severity Management of cyber incidents is aligned with the Sunrise Corporate Crisis Management5, with major incidents being escalated to, and managed by, the Corporate Crisis Management, and according to the thresholds defined in the Corporate Crisis Management, escalated to the highest levels of management, including the company’s Chief Technology Officer (“CTO”), its CAO, and, ultimately, its CEO.
|Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag]
|true
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef