|
Cybersecurity Risk Management and Strategy Disclosure
|12 Months Ended
Dec. 31, 2024
|Cybersecurity Risk Management, Strategy, and Governance [Line Items]
|Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]
|
The Company recognizes the critical importance of developing, implementing, and maintaining robust cybersecurity measures to safeguard its information systems and to protect the confidentiality, integrity, and availability of its data. Cybersecurity risks are monitored, updated on a regular basis, and integrated as part of the Company’s broader enterprise risk management process. The reporting and analysis of cybersecurity risks have also been incorporated within the Company’s disclosure controls and procedures and internal disclosure committee process. The Company conducts multiple forms of cybersecurity awareness and training for employees including general cybersecurity awareness articles, role-based training, online cybersecurity awareness tools, and frequent monthly awareness presentations.
The Company uses a combination of internal and external resources to assess, identify, and manage material risks from cybersecurity threats. Internally, the Company leverages its global information security organization, the IT function, privacy and compliance departments, operating segments, functional areas, and its internal audit function. Given the complexity and evolving nature of cybersecurity threats, the Company also utilizes the following external resources:
•two industry research and technology firms for benchmarking and industry research;
•several cybersecurity operations partners for risk detection and threat information sharing;
•cybersecurity penetration testing companies to provide regular technical assessments of our systems;
•an information sharing and analysis service specific to the consumer goods industry; and
•the assistance of its outside cybersecurity counsel.
The Company oversees its third-party service providers’ security posture by using an internally managed vendor security assessment process prior to vendor onboarding, with ongoing monitoring for any emerging risks. The Company supplements its internal processes with third-party security partners that provide risk measurements for third parties.
While the Company has not encountered cybersecurity risks that have materially affected or are reasonably likely to materially affect its strategy, results of operations or financial condition, there can be no guarantee that the Company will not be materially affected by such cybersecurity risks or a cybersecurity incident in the future. For a discussion of cybersecurity risks and incidents that may impact the Company, refer to preceding section Item 1A. Risk Factors.
|Cybersecurity Risk Management Processes Integrated [Flag]
|true
|Cybersecurity Risk Management Processes Integrated [Text Block]
|
The Company recognizes the critical importance of developing, implementing, and maintaining robust cybersecurity measures to safeguard its information systems and to protect the confidentiality, integrity, and availability of its data. Cybersecurity risks are monitored, updated on a regular basis, and integrated as part of the Company’s broader enterprise risk management process. The reporting and analysis of cybersecurity risks have also been incorporated within the Company’s disclosure controls and procedures and internal disclosure committee process. The Company conducts multiple forms of cybersecurity awareness and training for employees including general cybersecurity awareness articles, role-based training, online cybersecurity awareness tools, and frequent monthly awareness presentations.
|Cybersecurity Risk Management Third Party Engaged [Flag]
|true
|Cybersecurity Risk Third Party Oversight and Identification Processes [Flag]
|true
|Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag]
|false
|Cybersecurity Risk Board of Directors Oversight [Text Block]
|The Company’s Board of Directors provides oversight of risks from cybersecurity threats through its Audit Committee. The Company’s Chief Information Security Officer provides regular quarterly updates on material cybersecurity risks, performance and material risk related metrics, and material risk mitigation strategies. These reviews help to inform the Audit Committee, identify areas for improvement and help align the Company’s cybersecurity risk management efforts with overall enterprise risk management. The Audit Committee incorporates this information into its regular reporting to the Board of Directors.
|Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block]
|The Company’s Board of Directors provides oversight of risks from cybersecurity threats through its Audit Committee.
|Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block]
|The Company’s Chief Information Security Officer provides regular quarterly updates on material cybersecurity risks, performance and material risk related metrics, and material risk mitigation strategies. These reviews help to inform the Audit Committee, identify areas for improvement and help align the Company’s cybersecurity risk management efforts with overall enterprise risk management.
|Cybersecurity Risk Role of Management [Text Block]
|
The Company’s management plays a critical role in assessing and managing cybersecurity risks. The Newell Brands Information Security program is led by the Company’s Chief Information Security Officer, a Certified Information Systems Security Professional (CISSP) with over 20 years of experience in cybersecurity gained at four global Fortune 500 companies, and the Company’s Chief Information Officer who has overseen the Company’s security function for the past 12 years. The Newell Brands Information Security program is governed by the Information Security Governance Committee (the “ISG Committee”), comprised of the Chief Information Security Officer (its Chair), Chief Financial Officer, Chief Legal and Administrative Officer, Chief Human Resources Officer, Chief Information Officer, and Vice President of Internal Audit and SOX. The ISG Committee meets quarterly to discuss material risks, material risk related metrics, and material risk mitigating strategies and conducts tabletop exercises.
In addition to the ISG Committee, Company management is informed about and monitors material cybersecurity risks and incidents through the following formal processes:
•Newell Brands Incident Response Policy and Procedures and related response and governance protocols for high severity incidents;
•Periodic Information Security program presentations to leadership; and
•Chief Information Security Officer material incident notifications to Company management, including the President and CEO.
|Cybersecurity Risk Management Positions or Committees Responsible [Flag]
|true
|Cybersecurity Risk Management Positions or Committees Responsible [Text Block]
|The Company’s management plays a critical role in assessing and managing cybersecurity risks. The Newell Brands Information Security program is led by the Company’s Chief Information Security Officer, a Certified Information Systems Security Professional (CISSP) with over 20 years of experience in cybersecurity gained at four global Fortune 500 companies, and the Company’s Chief Information Officer who has overseen the Company’s security function for the past 12 years. The Newell Brands Information Security program is governed by the Information Security Governance Committee (the “ISG Committee”), comprised of the Chief Information Security Officer (its Chair), Chief Financial Officer, Chief Legal and Administrative Officer, Chief Human Resources Officer, Chief Information Officer, and Vice President of Internal Audit and SOX. The ISG Committee meets quarterly to discuss material risks, material risk related metrics, and material risk mitigating strategies and conducts tabletop exercises.
|Cybersecurity Risk Management Expertise of Management Responsible [Text Block]
|The Newell Brands Information Security program is led by the Company’s Chief Information Security Officer, a Certified Information Systems Security Professional (CISSP) with over 20 years of experience in cybersecurity gained at four global Fortune 500 companies, and the Company’s Chief Information Officer who has overseen the Company’s security function for the past 12 years.
|Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block]
|The ISG Committee meets quarterly to discuss material risks, material risk related metrics, and material risk mitigating strategies and conducts tabletop exercises.
In addition to the ISG Committee, Company management is informed about and monitors material cybersecurity risks and incidents through the following formal processes:
•Newell Brands Incident Response Policy and Procedures and related response and governance protocols for high severity incidents;
•Periodic Information Security program presentations to leadership; and
•Chief Information Security Officer material incident notifications to Company management, including the President and CEO.
|Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag]
|true
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef