|
Cybersecurity Risk Management and Strategy Disclosure
|12 Months Ended
Dec. 31, 2024
|Cybersecurity Risk Management, Strategy, and Governance [Line Items]
|Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]
|
The aim of our security risk management is to protect the confidentiality, integrity, and availability of Philips products and services, and it is part of our broader risk management and internal control framework described in Risk management and internal control. The Board of Management is responsible for the design and management of Philips’ cybersecurity, which is ultimately overseen by the Supervisory Board (and specifically its Audit Committee). Quarterly reports on cybersecurity risks and incidents are prepared by the IT Audit & Risk Committee (consisting of representatives from the Group Security and Group IT Functions, Philips Internal Audit and the external auditor) and submitted to the Board of Management and the Supervisory Board. This reporting includes the overall risk level, relevant changes in the risk environment, challenges in reaching and/or maintaining current risk levels, and actual risk responses in the form of actions and owners.
The Group Security Function maintains a security management framework, which includes processes, requirements and controls for the assessment, identification and management of material risks from, among others, cybersecurity threats. The framework, including cybersecurity policies and procedures, is designed to promote implementation of security requirements in all applicable processes, information processing systems and infrastructure pertaining to our products and services and our supporting and enabling Functions. The framework includes risk, vulnerability and penetration assessments; mandatory yearly security training for all employees (including phishing simulations for all employees multiple times a year); and monitoring and response activities for vulnerabilities identified in products, services and infrastructure.
Our Head of Group Security, reporting to our Chief Financial Officer, leads the Group Security Function in supporting the Board of Management in evaluating and setting the security strategy, issuing security policies, and evaluating the progress and effectiveness of the deployment of the company’s security management framework. Our Chief Information Security Officer, reporting to our Head of Group Security, has nearly 27 years of technology and information security management experience in the industry, including prior roles with the Dutch Government and multinationals in the consumer goods, manufacturing, chemical and food processing industries, in various roles ranging from chief information security officer to IT security officer and security architect. Our Chief Information Security Officer is informed of and monitors the prevention, detection, mitigation and remediation of cybersecurity incidents through the Global Security Operations Center.
Group Security is also responsible for addressing security risks, including monitoring cybersecurity threats and responding to cybersecurity incidents. The Philips Global Security Operations Center, with the leadership of the Chief Information Security Officer, is the hub for the prevention, detection, mitigation and remediation of cybersecurity incidents on global enterprise systems, supported by certain external services and periodic/intermittent assessments. The severity and materiality of incidents are assessed through a dedicated security incident reporting process and, if necessary, incidents are escalated to the major event team that may hand off to central crisis management and (potentially) to the Philips Disclosure Committee, which assesses the need for public disclosure of (material) incidents. When needed, incidents are further escalated to Global Crisis Management.
Additionally, in order to address the security risks associated with our suppliers and the services they provide, security controls are embedded in our procurement and supplier management processes, covering due diligence when engaging with new suppliers; contracting, monitoring and managing existing supplier relationships; and terminating supplier relationships. These security controls include assessing existing security certificates and assurances reports for the services in scope, validating suppliers’ answers to security questionnaires in due diligence, and ensuring that security schedules are part of the signed contracts.
|Cybersecurity Risk Management Processes Integrated [Flag]
|true
|Cybersecurity Risk Management Processes Integrated [Text Block]
|The aim of our security risk management is to protect the confidentiality, integrity, and availability of Philips products and services, and it is part of our broader risk management and internal control framework described in Risk management and internal control.
|Cybersecurity Risk Management Third Party Engaged [Flag]
|true
|Cybersecurity Risk Third Party Oversight and Identification Processes [Flag]
|true
|Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag]
|false
|Cybersecurity Risk Board of Directors Oversight [Text Block]
|The Board of Management is responsible for the design and management of Philips’ cybersecurity, which is ultimately overseen by the Supervisory Board (and specifically its Audit Committee). Quarterly reports on cybersecurity risks and incidents are prepared by the IT Audit & Risk Committee (consisting of representatives from the Group Security and Group IT Functions, Philips Internal Audit and the external auditor) and submitted to the Board of Management and the Supervisory Board.
|Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block]
|The Board of Management is responsible for the design and management of Philips’ cybersecurity, which is ultimately overseen by the Supervisory Board (and specifically its Audit Committee). Quarterly reports on cybersecurity risks and incidents are prepared by the IT Audit & Risk Committee (consisting of representatives from the Group Security and Group IT Functions, Philips Internal Audit and the external auditor) and submitted to the Board of Management and the Supervisory Board.
|Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block]
|Quarterly reports on cybersecurity risks and incidents are prepared by the IT Audit & Risk Committee (consisting of representatives from the Group Security and Group IT Functions, Philips Internal Audit and the external auditor) and submitted to the Board of Management and the Supervisory Board.
The Group Security Function maintains a security management framework, which includes processes, requirements and controls for the assessment, identification and management of material risks from, among others, cybersecurity threats. The framework, including cybersecurity policies and procedures, is designed to promote implementation of security requirements in all applicable processes, information processing systems and infrastructure pertaining to our products and services and our supporting and enabling Functions. The framework includes risk, vulnerability and penetration assessments; mandatory yearly security training for all employees (including phishing simulations for all employees multiple times a year); and monitoring and response activities for vulnerabilities identified in products, services and infrastructure.Our Head of Group Security, reporting to our Chief Financial Officer, leads the Group Security Function in supporting the Board of Management in evaluating and setting the security strategy, issuing security policies, and evaluating the progress and effectiveness of the deployment of the company’s security management framework.
|Cybersecurity Risk Role of Management [Text Block]
|The Board of Management is responsible for the design and management of Philips’ cybersecurity, which is ultimately overseen by the Supervisory Board (and specifically its Audit Committee). Quarterly reports on cybersecurity risks and incidents are prepared by the IT Audit & Risk Committee (consisting of representatives from the Group Security and Group IT Functions, Philips Internal Audit and the external auditor) and submitted to the Board of Management and the Supervisory Board. This reporting includes the overall risk level, relevant changes in the risk environment, challenges in reaching and/or maintaining current risk levels, and actual risk responses in the form of actions and owners.
The Group Security Function maintains a security management framework, which includes processes, requirements and controls for the assessment, identification and management of material risks from, among others, cybersecurity threats. The framework, including cybersecurity policies and procedures, is designed to promote implementation of security requirements in all applicable processes, information processing systems and infrastructure pertaining to our products and services and our supporting and enabling Functions. The framework includes risk, vulnerability and penetration assessments; mandatory yearly security training for all employees (including phishing simulations for all employees multiple times a year); and monitoring and response activities for vulnerabilities identified in products, services and infrastructure.
Our Head of Group Security, reporting to our Chief Financial Officer, leads the Group Security Function in supporting the Board of Management in evaluating and setting the security strategy, issuing security policies, and evaluating the progress and effectiveness of the deployment of the company’s security management framework. Our Chief Information Security Officer, reporting to our Head of Group Security, has nearly 27 years of technology and information security management experience in the industry, including prior roles with the Dutch Government and multinationals in the consumer goods, manufacturing, chemical and food processing industries, in various roles ranging from chief information security officer to IT security officer and security architect. Our Chief Information Security Officer is informed of and monitors the prevention, detection, mitigation and remediation of cybersecurity incidents through the Global Security Operations Center.
Group Security is also responsible for addressing security risks, including monitoring cybersecurity threats and responding to cybersecurity incidents. The Philips Global Security Operations Center, with the leadership of the Chief Information Security Officer, is the hub for the prevention, detection, mitigation and remediation of cybersecurity incidents on global enterprise systems, supported by certain external services and periodic/intermittent assessments. The severity and materiality of incidents are assessed through a dedicated security incident reporting process and, if necessary, incidents are escalated to the major event team that may hand off to central crisis management and (potentially) to the Philips Disclosure Committee, which assesses the need for public disclosure of (material) incidents. When needed, incidents are further escalated to Global Crisis Management.
|Cybersecurity Risk Management Positions or Committees Responsible [Flag]
|true
|Cybersecurity Risk Management Positions or Committees Responsible [Text Block]
|Our Chief Information Security Officer, reporting to our Head of Group Security, has nearly 27 years of technology and information security management experience in the industry, including prior roles with the Dutch Government and multinationals in the consumer goods, manufacturing, chemical and food processing industries, in various roles ranging from chief information security officer to IT security officer and security architect. Our Chief Information Security Officer is informed of and monitors the prevention, detection, mitigation and remediation of cybersecurity incidents through the Global Security Operations Center.
|Cybersecurity Risk Management Expertise of Management Responsible [Text Block]
|Our Chief Information Security Officer, reporting to our Head of Group Security, has nearly 27 years of technology and information security management experience in the industry, including prior roles with the Dutch Government and multinationals in the consumer goods, manufacturing, chemical and food processing industries, in various roles ranging from chief information security officer to IT security officer and security architect. Our Chief Information Security Officer is informed of and monitors the prevention, detection, mitigation and remediation of cybersecurity incidents through the Global Security Operations Center.
|Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block]
|Our Head of Group Security, reporting to our Chief Financial Officer, leads the Group Security Function in supporting the Board of Management in evaluating and setting the security strategy, issuing security policies, and evaluating the progress and effectiveness of the deployment of the company’s security management framework. Our Chief Information Security Officer, reporting to our Head of Group Security,
|Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag]
|true
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef