|
Cybersecurity Risk Management and Strategy Disclosure
|12 Months Ended
Sep. 30, 2025
|Cybersecurity Risk Management, Strategy, and Governance [Line Items]
|Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]
|
Griffon relies on electronic information systems, networks and technologies to conduct and support its operations and other functions and activities within the Company and with third parties. We rely on commercially available systems, software, tools, third-party service providers and monitoring to provide security for processing, transmission and storage of confidential information and data. We have an enterprise-grade cybersecurity management program designed to assess, identify, protect, detect and respond to, and manage material risks from cybersecurity threats. To protect our information systems from cybersecurity threats, we use various information technology and cybersecurity tools to safeguard our systems and data, which help prevent, identify, escalate, investigate, remediate, respond and recover from identified vulnerabilities and cybersecurity incidents.
As part of the Company's cybersecurity risk management program, we follow the National Institute of Standards and Technology Cybersecurity Framework to assess, identify and manage material risks that arise from cybersecurity threats. Griffon's cybersecurity risk management program is closely tied to and integrated with the Company's overall enterprise risk management processes.
Griffon has a third-party risk management program regarding the cybersecurity practices of its vendors and partners that is designed to oversee, identify, and minimize material risks from cybersecurity threats associated with the use of such third parties. This program involves vetting of third parties before engagement. Regular monitoring and reviews are conducted to ensure third party vendors and partners comply with Griffon's security standards.
From time to time, Griffon engages external experts, including cybersecurity assessors, consultants, and/or auditors to evaluate cybersecurity measures and risk management processes.
We also maintain a cyber incident response plan with the objective of (1) providing a structured and systematic incident response process for cybersecurity threats that affect us, (2) timely and effectively identifying, resolving and communicating cybersecurity incidents, and (3) managing internal and external communications and reporting.
If a cybersecurity incident occurs, our incident response team ("IRT") is immediately notified, and Griffon management is informed about and monitors the prevention, detection, mitigation, and remediation of cybersecurity incidents impacting the Company. The IRT also coordinates further notifications, as applicable, to senior executives and organizational leadership, our Audit Committee and Board of Directors, business partners or service providers, and authorities.
Like most organizations, we and our third-party service providers have experienced and expect to continue to experience actual or attempted cyber-attacks of our information systems and networks. During the reporting period, Griffon has not identified any risks from cybersecurity threats, including as a result of previous cybersecurity incidents, that we believe have materiallyaffected, or are reasonably likely to materially affect, us, including our business strategy, operating results, and financial condition. However, if any such event, whether actual or perceived, were to occur, it could have a material adverse effect on our business strategy, operating results and financial condition. We continuously use threat models and cyber threat intelligence to identify relevant risks to our businesses and take active measures to mitigate these risks.
|Cybersecurity Risk Management Processes Integrated [Flag]
|true
|Cybersecurity Risk Management Processes Integrated [Text Block]
|
Griffon relies on electronic information systems, networks and technologies to conduct and support its operations and other functions and activities within the Company and with third parties. We rely on commercially available systems, software, tools, third-party service providers and monitoring to provide security for processing, transmission and storage of confidential information and data. We have an enterprise-grade cybersecurity management program designed to assess, identify, protect, detect and respond to, and manage material risks from cybersecurity threats. To protect our information systems from cybersecurity threats, we use various information technology and cybersecurity tools to safeguard our systems and data, which help prevent, identify, escalate, investigate, remediate, respond and recover from identified vulnerabilities and cybersecurity incidents.
|Cybersecurity Risk Management Third Party Engaged [Flag]
|true
|Cybersecurity Risk Third Party Oversight and Identification Processes [Flag]
|true
|Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag]
|false
|Cybersecurity Risk Board of Directors Oversight [Text Block]
|
Cybersecurity is an important part of our enterprise risk management processes and an area of focus for our Board of Directors and management.
The Audit Committee assists the Board of Directors in its oversight of risks related to cybersecurity and directly oversees risk management relating to cybersecurity. The Audit Committee is also responsible for assessing the steps management has taken to monitor and control these risks and exposures, and evaluating guidelines and policies with respect to our cybersecurity risk assessment and risk management. The Audit Committee reviews our cybersecurity program with management and reports to the Board of Directors with respect to, and regarding its review of, the program. Cybersecurity reviews by the Audit Committee generally occur at least annually, or more frequently as determined to be necessary or advisable. From time to time, third-party subject matter experts present to the Audit Committee on contemporary cybersecurity topics of interest.
Griffon also has a Cybersecurity Management Committee, consisting of executives from Griffon and technology leaders from Griffon's business segments, that monitors and assesses progress and performance by Griffon's business segments in the area of cybersecurity; the results of such assessments are reported to the Audit Committee from time to time. The Chief Information Officers of each of HBP and CPP regularly provide updates on material cybersecurity risks to our senior management and to our Audit Committee, and along with their technology teams, are responsible for assessing and managing cybersecurity risks. Each of our business segment Chief Information Officers has over 20 years of experience in cybersecurity, information security, policy, architecture, engineering and incident response.
|Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block]
|The Audit Committee assists the Board of Directors in its oversight of risks related to cybersecurity and directly oversees risk management relating to cybersecurity.
|Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block]
|The Audit Committee is also responsible for assessing the steps management has taken to monitor and control these risks and exposures, and evaluating guidelines and policies with respect to our cybersecurity risk assessment and risk management. The Audit Committee reviews our cybersecurity program with management and reports to the Board of Directors with respect to, and regarding its review of, the program. Cybersecurity reviews by the Audit Committee generally occur at least annually, or more frequently as determined to be necessary or advisable. From time to time, third-party subject matter experts present to the Audit Committee on contemporary cybersecurity topics of interest.
|Cybersecurity Risk Role of Management [Text Block]
|
The Audit Committee assists the Board of Directors in its oversight of risks related to cybersecurity and directly oversees risk management relating to cybersecurity. The Audit Committee is also responsible for assessing the steps management has taken to monitor and control these risks and exposures, and evaluating guidelines and policies with respect to our cybersecurity risk assessment and risk management. The Audit Committee reviews our cybersecurity program with management and reports to the Board of Directors with respect to, and regarding its review of, the program. Cybersecurity reviews by the Audit Committee generally occur at least annually, or more frequently as determined to be necessary or advisable. From time to time, third-party subject matter experts present to the Audit Committee on contemporary cybersecurity topics of interest.
Griffon also has a Cybersecurity Management Committee, consisting of executives from Griffon and technology leaders from Griffon's business segments, that monitors and assesses progress and performance by Griffon's business segments in the area of cybersecurity; the results of such assessments are reported to the Audit Committee from time to time. The Chief Information Officers of each of HBP and CPP regularly provide updates on material cybersecurity risks to our senior management and to our Audit Committee, and along with their technology teams, are responsible for assessing and managing cybersecurity risks. Each of our business segment Chief Information Officers has over 20 years of experience in cybersecurity, information security, policy, architecture, engineering and incident response.
|Cybersecurity Risk Management Positions or Committees Responsible [Flag]
|true
|Cybersecurity Risk Management Positions or Committees Responsible [Text Block]
|
The Audit Committee assists the Board of Directors in its oversight of risks related to cybersecurity and directly oversees risk management relating to cybersecurity. The Audit Committee is also responsible for assessing the steps management has taken to monitor and control these risks and exposures, and evaluating guidelines and policies with respect to our cybersecurity risk assessment and risk management. The Audit Committee reviews our cybersecurity program with management and reports to the Board of Directors with respect to, and regarding its review of, the program. Cybersecurity reviews by the Audit Committee generally occur at least annually, or more frequently as determined to be necessary or advisable. From time to time, third-party subject matter experts present to the Audit Committee on contemporary cybersecurity topics of interest.Griffon also has a Cybersecurity Management Committee, consisting of executives from Griffon and technology leaders from Griffon's business segments, that monitors and assesses progress and performance by Griffon's business segments in the area of cybersecurity; the results of such assessments are reported to the Audit Committee from time to time. The Chief Information Officers of each of HBP and CPP regularly provide updates on material cybersecurity risks to our senior management and to our Audit Committee, and along with their technology teams, are responsible for assessing and managing cybersecurity risks.
|Cybersecurity Risk Management Expertise of Management Responsible [Text Block]
|Each of our business segment Chief Information Officers has over 20 years of experience in cybersecurity, information security, policy, architecture, engineering and incident response.
|Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block]
|
Griffon also has a Cybersecurity Management Committee, consisting of executives from Griffon and technology leaders from Griffon's business segments, that monitors and assesses progress and performance by Griffon's business segments in the area of cybersecurity; the results of such assessments are reported to the Audit Committee from time to time. The Chief Information Officers of each of HBP and CPP regularly provide updates on material cybersecurity risks to our senior management and to our Audit Committee, and along with their technology teams, are responsible for assessing and managing cybersecurity risks. Each of our business segment Chief Information Officers has over 20 years of experience in cybersecurity, information security, policy, architecture, engineering and incident response.
|Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag]
|true
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef