XML 59 R37.htm IDEA: XBRL DOCUMENT v3.25.4
Cybersecurity Risk Management and Strategy Disclosure
 12 Months Ended
Dec. 31, 2025
Cybersecurity Risk Management, Strategy, and Governance [Line Items]  
Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]
Key cybersecurity risks are incorporated into our enterprise risk management framework. Our cybersecurity risk management program leverages the National Institute of Standards and Technology (“NIST”) framework, which organizes cybersecurity risk management actions into six categories: govern, identify, protect, detect, respond, and recover. The Company’s cybersecurity risk management program and strategy includes the following:
Cybersecurity Operations Centers - We, along with certain third-parties, operate several global cybersecurity operations centers, which provide 24/7 monitoring and incident response capabilities. In the event of an alert, our cybersecurity operations centers coordinate the investigation and remediation of such alerts.
Partnerships with Cybersecurity Companies - We partner with specialized cybersecurity companies and organizations, leveraging third-party technology and expertise. These partnerships help monitor and maintain the performance and effectiveness of our cybersecurity tools and program.
Annual and Periodic Assessments by Third Parties - Our cyber risk management program undergoes periodic assessments by third parties including annual penetration and disaster recovery tests.
Policies and Training - We maintain company-wide policies and procedures concerning cybersecurity, which are reviewed and approved by appropriate management members. All employees are required to complete cybersecurity training periodically, with additional specialized trainings for certain roles. We conduct monthly phishing simulation exercises with mandatory training on failure.
Incident Response - In case of a cybersecurity incident, we follow a documented incident response process, which outlines steps from detection to mitigation, recovery, and notification, including notifying senior leadership and the Board as appropriate based on severity.
Third-Party Service Providers - In addition to assessing our own cybersecurity preparedness, we also consider and evaluate cybersecurity risks associated with use of third-party service providers. We assess third party cybersecurity controls through a cybersecurity questionnaire and include security and privacy addendums to our contracts where applicable.
Cybersecurity Risk Management Processes Integrated [Flag] true
Cybersecurity Risk Management Processes Integrated [Text Block] Key cybersecurity risks are incorporated into our enterprise risk management framework. Our cybersecurity risk management program leverages the National Institute of Standards and Technology (“NIST”) framework, which organizes cybersecurity risk management actions into six categories: govern, identify, protect, detect, respond, and recover.
Cybersecurity Risk Management Third Party Engaged [Flag] true
Cybersecurity Risk Third Party Oversight and Identification Processes [Flag] true
Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag] false
Cybersecurity Risk Board of Directors Oversight [Text Block]
The Board, primarily through the Audit Committee, oversees management's approach to managing cybersecurity risks. Management provides cybersecurity updates to the Audit Committee, at least quarterly, and material cybersecurity incidents are reported to the Board.
Quaker Houghton has a dedicated Global Cyber Security team led by the Senior Director, Cybersecurity and Compliance that is responsible for identifying, assessing, monitoring, managing and communicating the Company’s cybersecurity risks. Collectively this team has decades of dedicated cybersecurity experience with personnel experienced and certified in various disciplines, including data security and privacy, enterprise risk management, cloud security and ethical hacking.
The Global Cyber Security team reports to the Chief Digital Information Officer (“CDIO”), who reports to the Chief Financial Officer (“CFO”), who in turn reports to the Chief Executive Officer (“CEO”). Refer to the “Information about our Executive Officers” section, which appears in Item 4(a) of this report for more information about the CDIO’s relevant professional experience and qualifications.
Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block]
The Board, primarily through the Audit Committee, oversees management's approach to managing cybersecurity risks. Management provides cybersecurity updates to the Audit Committee, at least quarterly, and material cybersecurity incidents are reported to the Board.
Quaker Houghton has a dedicated Global Cyber Security team led by the Senior Director, Cybersecurity and Compliance that is responsible for identifying, assessing, monitoring, managing and communicating the Company’s cybersecurity risks. Collectively this team has decades of dedicated cybersecurity experience with personnel experienced and certified in various disciplines, including data security and privacy, enterprise risk management, cloud security and ethical hacking.
Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block]
The Board, primarily through the Audit Committee, oversees management's approach to managing cybersecurity risks. Management provides cybersecurity updates to the Audit Committee, at least quarterly, and material cybersecurity incidents are reported to the Board.
Quaker Houghton has a dedicated Global Cyber Security team led by the Senior Director, Cybersecurity and Compliance that is responsible for identifying, assessing, monitoring, managing and communicating the Company’s cybersecurity risks. Collectively this team has decades of dedicated cybersecurity experience with personnel experienced and certified in various disciplines, including data security and privacy, enterprise risk management, cloud security and ethical hacking.
The Global Cyber Security team reports to the Chief Digital Information Officer (“CDIO”), who reports to the Chief Financial Officer (“CFO”), who in turn reports to the Chief Executive Officer (“CEO”). Refer to the “Information about our Executive Officers” section, which appears in Item 4(a) of this report for more information about the CDIO’s relevant professional experience and qualifications.
Cybersecurity Risk Role of Management [Text Block]
Key cybersecurity risks are incorporated into our enterprise risk management framework. Our cybersecurity risk management program leverages the National Institute of Standards and Technology (“NIST”) framework, which organizes cybersecurity risk management actions into six categories: govern, identify, protect, detect, respond, and recover. The Company’s cybersecurity risk management program and strategy includes the following:
Cybersecurity Operations Centers - We, along with certain third-parties, operate several global cybersecurity operations centers, which provide 24/7 monitoring and incident response capabilities. In the event of an alert, our cybersecurity operations centers coordinate the investigation and remediation of such alerts.
Partnerships with Cybersecurity Companies - We partner with specialized cybersecurity companies and organizations, leveraging third-party technology and expertise. These partnerships help monitor and maintain the performance and effectiveness of our cybersecurity tools and program.
Annual and Periodic Assessments by Third Parties - Our cyber risk management program undergoes periodic assessments by third parties including annual penetration and disaster recovery tests.
Policies and Training - We maintain company-wide policies and procedures concerning cybersecurity, which are reviewed and approved by appropriate management members. All employees are required to complete cybersecurity training periodically, with additional specialized trainings for certain roles. We conduct monthly phishing simulation exercises with mandatory training on failure.
Incident Response - In case of a cybersecurity incident, we follow a documented incident response process, which outlines steps from detection to mitigation, recovery, and notification, including notifying senior leadership and the Board as appropriate based on severity.
Third-Party Service Providers - In addition to assessing our own cybersecurity preparedness, we also consider and evaluate cybersecurity risks associated with use of third-party service providers. We assess third party cybersecurity controls through a cybersecurity questionnaire and include security and privacy addendums to our contracts where applicable.
Cybersecurity Risk Management Positions or Committees Responsible [Flag] true
Cybersecurity Risk Management Positions or Committees Responsible [Text Block]
The Board, primarily through the Audit Committee, oversees management's approach to managing cybersecurity risks. Management provides cybersecurity updates to the Audit Committee, at least quarterly, and material cybersecurity incidents are reported to the Board.
Quaker Houghton has a dedicated Global Cyber Security team led by the Senior Director, Cybersecurity and Compliance that is responsible for identifying, assessing, monitoring, managing and communicating the Company’s cybersecurity risks. Collectively this team has decades of dedicated cybersecurity experience with personnel experienced and certified in various disciplines, including data security and privacy, enterprise risk management, cloud security and ethical hacking.
Cybersecurity Risk Management Expertise of Management Responsible [Text Block] Collectively this team has decades of dedicated cybersecurity experience with personnel experienced and certified in various disciplines, including data security and privacy, enterprise risk management, cloud security and ethical hacking.
Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block]
The Board, primarily through the Audit Committee, oversees management's approach to managing cybersecurity risks. Management provides cybersecurity updates to the Audit Committee, at least quarterly, and material cybersecurity incidents are reported to the Board.
Quaker Houghton has a dedicated Global Cyber Security team led by the Senior Director, Cybersecurity and Compliance that is responsible for identifying, assessing, monitoring, managing and communicating the Company’s cybersecurity risks. Collectively this team has decades of dedicated cybersecurity experience with personnel experienced and certified in various disciplines, including data security and privacy, enterprise risk management, cloud security and ethical hacking.
The Global Cyber Security team reports to the Chief Digital Information Officer (“CDIO”), who reports to the Chief Financial Officer (“CFO”), who in turn reports to the Chief Executive Officer (“CEO”). Refer to the “Information about our Executive Officers” section, which appears in Item 4(a) of this report for more information about the CDIO’s relevant professional experience and qualifications.
Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag] true