|
Cybersecurity Risk Management and Strategy Disclosure
|12 Months Ended
Dec. 31, 2024
|Cybersecurity Risk Management, Strategy, and Governance [Line Items]
|Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]
|
Management’s Role
Management is responsible for day-to-day cybersecurity risk management activities, including proactively identifying, assessing, prioritizing, managing and mitigating enterprise cybersecurity risks. Our Chief Financial Officer (“CFO”) is the accountable leader in executive management for Zebra’s IT and cybersecurity programs.
The Chief Security Officer (“CSO”) is the senior-most security professional responsible for the implementation of the Company’s cybersecurity, product security, and corporate/physical security programs, and reports to the CFO. The CSO also makes recommendations to the Company’s executive management regarding the Company’s cybersecurity risk mitigation priorities. The Company’s current CSO has served in that role for Zebra since 2018. He is a recognized leader in the field of cybersecurity with over 15 years of global executive cybersecurity experience.
The Chief Information Officer (“CIO”) is a peer to the CSO, also reports to the CFO. The CIO and his team are responsible for executing cybersecurity risk mitigation plans. Zebra’s current CIO was appointed to the role in 2022 and has nearly 20 years of experience in managing IT functions.
The Chief Information Security Officer (“CISO”) reports to the CSO and oversees the Company’s Security Operations Center (“SOC”). The CISO establishes and oversees the execution of prioritized cybersecurity mitigation plans for the Company. Zebra’s current CISO was appointed to the role in 2018 and has held multiple leadership roles overseeing IT functions since joining the Company in 2004, including driving efforts within the cybersecurity function.
Cybersecurity Risk Management
The underlying controls of our cybersecurity risk management program are based on recognized industry practices and standards for cybersecurity and information technology, including the National Institute of Standards and Technology Cybersecurity Framework. Our approach to cybersecurity risk management includes the following key elements:
•Defense and On-going Monitoring – Our SOC is responsible for the on-going monitoring and analysis of cybersecurity threats to the Company. The SOC evaluates cybersecurity incidents according to the Company’s cyber incident response plan, appropriate cybersecurity incident playbook, and crisis communications cybersecurity incident plan. The Company also utilizes endpoint detection and response services as well as data forensic investigation services for additional capability and timely assistance with potential cybersecurity incidents.
•Technical Safeguards – The Company utilizes various tactics for cybersecurity threat protection. We periodically perform vulnerability assessments, remediate vulnerabilities, review logs and access, perform system maintenance, manage network perimeter protection, and implement and manage disaster recovery testing. Further, Zebra relies on its information security management system supported by a comprehensive set of policies that directly align with ISO 27001 and are supported by System and Organization Controls 2 (SOC2) reports and external ISO 27001:2013 certification for certain parts of our business.
•Education and Awareness – To foster employee awareness of cybersecurity threats, we provide periodic educational sessions to our employees, including annual training on general cybersecurity concepts and targeted educational opportunities that include real-life simulation and “tabletop exercises.” We also regularly conduct privacy and security summits that involve training and information sessions conducted by employees and by third parties.
•Third-Party Risk Management (“TPRM”) – Our TPRM function focuses on mitigating cybersecurity risk from specific third-party vendor categories. This function performs initial TPRM assessments as part of the vendor selection process and regularly reassesses vendors based on vendor type and risk factors.
|Cybersecurity Risk Management Processes Integrated [Flag]
|true
|Cybersecurity Risk Management Processes Integrated [Text Block]
|
Zebra takes a comprehensive approach to managing cybersecurity risk, starting with the integration of cybersecurity risk into our overall enterprise risk management framework, among other significant risks to the Company.
|Cybersecurity Risk Management Third Party Engaged [Flag]
|true
|Cybersecurity Risk Third Party Oversight and Identification Processes [Flag]
|true
|Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag]
|false
|Cybersecurity Risk Board of Directors Oversight [Text Block]
|
Board Oversight
Our Board of Directors is responsible for oversight of risks to the Company and is assisted by the Audit Committee in the oversight of cybersecurity risks. Management provides regular updates to the Board regarding the Company’s key cybersecurity activities. In connection with its oversight, the Audit Committee monitors the quality and effectiveness of the Company’s cybersecurity program, including security of its internal information technology systems and its products, services, and software solutions as well as our cybersecurity incident response plan and resources. Management provides quarterly updates to the Audit Committee about cybersecurity threat protection, detection, mitigation and remediation, including the overall status of the Company’s cybersecurity program, results of third-party assessments, and recent cybersecurity threats. In addition, the Audit Committee reviews the Company’s cybersecurity investment methodology to determine whether cybersecurity maturity improvements and risk reductions are being made.
|Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block]
|Our Board of Directors is responsible for oversight of risks to the Company and is assisted by the Audit Committee in the oversight of cybersecurity risks.
|Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block]
|Management provides regular updates to the Board regarding the Company’s key cybersecurity activities. In connection with its oversight, the Audit Committee monitors the quality and effectiveness of the Company’s cybersecurity program, including security of its internal information technology systems and its products, services, and software solutions as well as our cybersecurity incident response plan and resources. Management provides quarterly updates to the Audit Committee about cybersecurity threat protection, detection, mitigation and remediation, including the overall status of the Company’s cybersecurity program, results of third-party assessments, and recent cybersecurity threats. In addition, the Audit Committee reviews the Company’s cybersecurity investment methodology to determine whether cybersecurity maturity improvements and risk reductions are being made.
|Cybersecurity Risk Role of Management [Text Block]
|
Management’s Role
Management is responsible for day-to-day cybersecurity risk management activities, including proactively identifying, assessing, prioritizing, managing and mitigating enterprise cybersecurity risks. Our Chief Financial Officer (“CFO”) is the accountable leader in executive management for Zebra’s IT and cybersecurity programs.
The Chief Security Officer (“CSO”) is the senior-most security professional responsible for the implementation of the Company’s cybersecurity, product security, and corporate/physical security programs, and reports to the CFO. The CSO also makes recommendations to the Company’s executive management regarding the Company’s cybersecurity risk mitigation priorities. The Company’s current CSO has served in that role for Zebra since 2018. He is a recognized leader in the field of cybersecurity with over 15 years of global executive cybersecurity experience.
The Chief Information Officer (“CIO”) is a peer to the CSO, also reports to the CFO. The CIO and his team are responsible for executing cybersecurity risk mitigation plans. Zebra’s current CIO was appointed to the role in 2022 and has nearly 20 years of experience in managing IT functions.
The Chief Information Security Officer (“CISO”) reports to the CSO and oversees the Company’s Security Operations Center (“SOC”). The CISO establishes and oversees the execution of prioritized cybersecurity mitigation plans for the Company. Zebra’s current CISO was appointed to the role in 2018 and has held multiple leadership roles overseeing IT functions since joining the Company in 2004, including driving efforts within the cybersecurity function.
Cybersecurity Risk Management
The underlying controls of our cybersecurity risk management program are based on recognized industry practices and standards for cybersecurity and information technology, including the National Institute of Standards and Technology Cybersecurity Framework. Our approach to cybersecurity risk management includes the following key elements:
•Defense and On-going Monitoring – Our SOC is responsible for the on-going monitoring and analysis of cybersecurity threats to the Company. The SOC evaluates cybersecurity incidents according to the Company’s cyber incident response plan, appropriate cybersecurity incident playbook, and crisis communications cybersecurity incident plan. The Company also utilizes endpoint detection and response services as well as data forensic investigation services for additional capability and timely assistance with potential cybersecurity incidents.
•Technical Safeguards – The Company utilizes various tactics for cybersecurity threat protection. We periodically perform vulnerability assessments, remediate vulnerabilities, review logs and access, perform system maintenance, manage network perimeter protection, and implement and manage disaster recovery testing. Further, Zebra relies on its information security management system supported by a comprehensive set of policies that directly align with ISO 27001 and are supported by System and Organization Controls 2 (SOC2) reports and external ISO 27001:2013 certification for certain parts of our business.
•Education and Awareness – To foster employee awareness of cybersecurity threats, we provide periodic educational sessions to our employees, including annual training on general cybersecurity concepts and targeted educational opportunities that include real-life simulation and “tabletop exercises.” We also regularly conduct privacy and security summits that involve training and information sessions conducted by employees and by third parties.
•Third-Party Risk Management (“TPRM”) – Our TPRM function focuses on mitigating cybersecurity risk from specific third-party vendor categories. This function performs initial TPRM assessments as part of the vendor selection process and regularly reassesses vendors based on vendor type and risk factors.
|Cybersecurity Risk Management Positions or Committees Responsible [Flag]
|true
|Cybersecurity Risk Management Positions or Committees Responsible [Text Block]
|
Management is responsible for day-to-day cybersecurity risk management activities, including proactively identifying, assessing, prioritizing, managing and mitigating enterprise cybersecurity risks. Our Chief Financial Officer (“CFO”) is the accountable leader in executive management for Zebra’s IT and cybersecurity programs.
The Chief Security Officer (“CSO”) is the senior-most security professional responsible for the implementation of the Company’s cybersecurity, product security, and corporate/physical security programs, and reports to the CFO. The CSO also makes recommendations to the Company’s executive management regarding the Company’s cybersecurity risk mitigation priorities. The Company’s current CSO has served in that role for Zebra since 2018. He is a recognized leader in the field of cybersecurity with over 15 years of global executive cybersecurity experience.
The Chief Information Officer (“CIO”) is a peer to the CSO, also reports to the CFO. The CIO and his team are responsible for executing cybersecurity risk mitigation plans. Zebra’s current CIO was appointed to the role in 2022 and has nearly 20 years of experience in managing IT functions.
The Chief Information Security Officer (“CISO”) reports to the CSO and oversees the Company’s Security Operations Center (“SOC”). The CISO establishes and oversees the execution of prioritized cybersecurity mitigation plans for the Company. Zebra’s current CISO was appointed to the role in 2018 and has held multiple leadership roles overseeing IT functions since joining the Company in 2004, including driving efforts within the cybersecurity function.
|Cybersecurity Risk Management Expertise of Management Responsible [Text Block]
|
The Chief Security Officer (“CSO”) is the senior-most security professional responsible for the implementation of the Company’s cybersecurity, product security, and corporate/physical security programs, and reports to the CFO. The CSO also makes recommendations to the Company’s executive management regarding the Company’s cybersecurity risk mitigation priorities. The Company’s current CSO has served in that role for Zebra since 2018. He is a recognized leader in the field of cybersecurity with over 15 years of global executive cybersecurity experience.
The Chief Information Officer (“CIO”) is a peer to the CSO, also reports to the CFO. The CIO and his team are responsible for executing cybersecurity risk mitigation plans. Zebra’s current CIO was appointed to the role in 2022 and has nearly 20 years of experience in managing IT functions.
The Chief Information Security Officer (“CISO”) reports to the CSO and oversees the Company’s Security Operations Center (“SOC”). The CISO establishes and oversees the execution of prioritized cybersecurity mitigation plans for the Company. Zebra’s current CISO was appointed to the role in 2018 and has held multiple leadership roles overseeing IT functions since joining the Company in 2004, including driving efforts within the cybersecurity function.
|Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block]
|Management provides regular updates to the Board regarding the Company’s key cybersecurity activities. In connection with its oversight, the Audit Committee monitors the quality and effectiveness of the Company’s cybersecurity program, including security of its internal information technology systems and its products, services, and software solutions as well as our cybersecurity incident response plan and resources. Management provides quarterly updates to the Audit Committee about cybersecurity threat protection, detection, mitigation and remediation, including the overall status of the Company’s cybersecurity program, results of third-party assessments, and recent cybersecurity threats. In addition, the Audit Committee reviews the Company’s cybersecurity investment methodology to determine whether cybersecurity maturity improvements and risk reductions are being made.
|Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag]
|true
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef