|
Cybersecurity Risk Management and Strategy Disclosure
|12 Months Ended
Dec. 31, 2025
|Cybersecurity Risk Management, Strategy, and Governance [Line Items]
|Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]
|
The Company utilizes information systems to support a variety of business processes and activities in its decentralized operations. These systems may be subject to cyber-based attacks or breaches. For additional information related to the risks associated with cybersecurity threats, refer to the Business and Operational Risks section of Item 1A. Risk Factors.
Cybersecurity risk management is part of the Company's global enterprise risk management program. In order to manage the risks associated with cybersecurity threats, the Company has implemented a risk-based cybersecurity program consisting of processes, technologies, and controls to assess, identify and manage material risks from cybersecurity threats.
A key part of the Company's cybersecurity program is the ITW Cybersecurity Framework, which is based on the National Institute of Standards and Technology's Cybersecurity Framework ("CSF") and is designed to protect the Company's data through rapid identification of and effective response to cybersecurity incidents. The Company's framework includes detailed processes and controls related to backup and recovery, response planning, awareness, vulnerability management and endpoint protection as well as cybersecurity requirements for third-party service providers. The framework is regularly reviewed, assessed, and updated based on input from third party specialists, threat intelligence firms and CSF standard updates.
The ITW Cybersecurity Framework includes a number of activities designed to enhance the Company's resiliency related to cyber-related risks and ensure that the Company's information systems are secure from material cybersecurity threats. These activities include the following, among others:
•Annual cybersecurity training;
•Quarterly phish simulation testing;
•Ongoing response planning and tabletop exercises;
•Network/endpoint protection, monitoring and response;
•Vulnerability management; and
•Backup and recovery testing.
While the Company's information systems are exposed to cybersecurity threats and risks, the Company has not experienced any material cybersecurity incidents during 2025, 2024 or 2023, and any costs or operational impacts related to cybersecurity incidents were immaterial during this period.
|Cybersecurity Risk Management Processes Integrated [Flag]
|true
|Cybersecurity Risk Management Processes Integrated [Text Block]
|
Cybersecurity risk management is part of the Company's global enterprise risk management program. In order to manage the risks associated with cybersecurity threats, the Company has implemented a risk-based cybersecurity program consisting of processes, technologies, and controls to assess, identify and manage material risks from cybersecurity threats.
|Cybersecurity Risk Management Third Party Engaged [Flag]
|true
|Cybersecurity Risk Third Party Oversight and Identification Processes [Flag]
|true
|Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag]
|false
|Cybersecurity Risk Board of Directors Oversight [Text Block]
|
ITW's Board of Directors is responsible for providing oversight and strategic guidance to management to support the long-term interests of the Company's stakeholders. As part of this responsibility, the Board of Directors annually reviews and evaluates the Company's cybersecurity policies and practices with respect to risk management as well as steps taken by management to monitor and control such exposures.
|Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block]
|
In addition to oversight by the Board of Directors, several cross-functional management teams focus on cybersecurity risk and report any identified cybersecurity incidents. Each of the Company's divisions has a Division Cyber Incident Response Team and protocols in place to communicate cybersecurity incidents to a central Cyber Incident Response Team. The Cyber Incident Response Team is led by the Chief Information Security Officer ("CISO") and is responsible for the initial assessment of cybersecurity incidents and oversight of any incident response.
The Company's cybersecurity program is overseen by a dedicated global team of cybersecurity professionals, led by the CISO who brings over 20 years of information technology and cybersecurity leadership experience and holds the Certified Information Security Manager ("CISM") designation. The CISO reports directly to the Chief Information Officer ("CIO") and is responsible for leading the execution of the Company's cybersecurity strategy.
|Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block]
|
In addition to oversight by the Board of Directors, several cross-functional management teams focus on cybersecurity risk and report any identified cybersecurity incidents. Each of the Company's divisions has a Division Cyber Incident Response Team and protocols in place to communicate cybersecurity incidents to a central Cyber Incident Response Team. The Cyber Incident Response Team is led by the Chief Information Security Officer ("CISO") and is responsible for the initial assessment of cybersecurity incidents and oversight of any incident response.
The Company's cybersecurity program is overseen by a dedicated global team of cybersecurity professionals, led by the CISO who brings over 20 years of information technology and cybersecurity leadership experience and holds the Certified Information Security Manager ("CISM") designation. The CISO reports directly to the Chief Information Officer ("CIO") and is responsible for leading the execution of the Company's cybersecurity strategy.
On a quarterly basis, or sooner if appropriate, cybersecurity incidents are summarized and reported to the Cybersecurity Governance Committee comprised of senior executives. Additionally, the Audit Committee of the Board of Directors receives quarterly cybersecurity reports from senior management which cover any identified cybersecurity incidents, significant cybersecurity risks, and key developments in policies and practices during the quarter.
|Cybersecurity Risk Role of Management [Text Block]
|
In addition to oversight by the Board of Directors, several cross-functional management teams focus on cybersecurity risk and report any identified cybersecurity incidents. Each of the Company's divisions has a Division Cyber Incident Response Team and protocols in place to communicate cybersecurity incidents to a central Cyber Incident Response Team. The Cyber Incident Response Team is led by the Chief Information Security Officer ("CISO") and is responsible for the initial assessment of cybersecurity incidents and oversight of any incident response.
The Company's cybersecurity program is overseen by a dedicated global team of cybersecurity professionals, led by the CISO who brings over 20 years of information technology and cybersecurity leadership experience and holds the Certified Information Security Manager ("CISM") designation. The CISO reports directly to the Chief Information Officer ("CIO") and is responsible for leading the execution of the Company's cybersecurity strategy.
On a quarterly basis, or sooner if appropriate, cybersecurity incidents are summarized and reported to the Cybersecurity Governance Committee comprised of senior executives. Additionally, the Audit Committee of the Board of Directors receives quarterly cybersecurity reports from senior management which cover any identified cybersecurity incidents, significant cybersecurity risks, and key developments in policies and practices during the quarter.
|Cybersecurity Risk Management Positions or Committees Responsible [Flag]
|true
|Cybersecurity Risk Management Positions or Committees Responsible [Text Block]
|
In addition to oversight by the Board of Directors, several cross-functional management teams focus on cybersecurity risk and report any identified cybersecurity incidents. Each of the Company's divisions has a Division Cyber Incident Response Team and protocols in place to communicate cybersecurity incidents to a central Cyber Incident Response Team. The Cyber Incident Response Team is led by the Chief Information Security Officer ("CISO") and is responsible for the initial assessment of cybersecurity incidents and oversight of any incident response.
The Company's cybersecurity program is overseen by a dedicated global team of cybersecurity professionals, led by the CISO who brings over 20 years of information technology and cybersecurity leadership experience and holds the Certified Information Security Manager ("CISM") designation. The CISO reports directly to the Chief Information Officer ("CIO") and is responsible for leading the execution of the Company's cybersecurity strategy.
|Cybersecurity Risk Management Expertise of Management Responsible [Text Block]
|The Company's cybersecurity program is overseen by a dedicated global team of cybersecurity professionals, led by the CISO who brings over 20 years of information technology and cybersecurity leadership experience and holds the Certified Information Security Manager ("CISM") designation.
|Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block]
|
On a quarterly basis, or sooner if appropriate, cybersecurity incidents are summarized and reported to the Cybersecurity Governance Committee comprised of senior executives. Additionally, the Audit Committee of the Board of Directors receives quarterly cybersecurity reports from senior management which cover any identified cybersecurity incidents, significant cybersecurity risks, and key developments in policies and practices during the quarter.
|Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag]
|true
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef