Cybersecurity Risk Management and Strategy Disclosure |
12 Months Ended |
|---|---|
Apr. 30, 2025 | |
| Cybersecurity Risk Management, Strategy, and Governance [Line Items] | |
| Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block] | Risk Management and Strategy Wiley is committed to maintaining robust cybersecurity practices to safeguard our operations, data, and stakeholders’ interests. We monitor our cybersecurity landscape and adapt our strategies and governance practices to mitigate risks in this rapidly evolving area. Wiley adopted the National Institute of Standards and Technology Cybersecurity Framework (NIST-CSF) as a guide for its cybersecurity program to establish and maintain a continuous improvement process for identifying, assessing, and managing cyber risks and cyber-related threats. Informed by the NIST-CSF, we maintain a cybersecurity risk management program that is designed to identify, assess, manage, and mitigate cybersecurity risks and provides a framework for handling cybersecurity threats and incidents, including threats and incidents associated with the use of services provided by third-party service providers. To secure our technology environment, our organization leverages the latest software and security capabilities with a defense-in-depth and layered strategy. We deploy endpoint detection and response, network anomaly detection, and multi-factor authentication across most of our environment. We engage with various third-party consultants as well as utilize various threat intelligence services to assist in our oversight and to identify risks. We require employees with access to our information systems, including all corporate employees and consultants, to undertake annual data protection and cybersecurity training and ongoing phishing simulation exercises. In addition, Wiley’s controls are also monitored and tested on a continuous basis by an external third-party to assess the effectiveness of our cyber program. Based on the information we have as of the date of this Annual Report on Form 10-K, we do not believe that any cybersecurity incident experienced by the Company has materially affected or is reasonably likely to materially affect Wiley, including our business strategy, results of operations, or financial condition. For additional information about cybersecurity risks, see Item 1A. “Risk Factors.
|
| Cybersecurity Risk Management Processes Integrated [Flag] | true |
| Cybersecurity Risk Management Processes Integrated [Text Block] | Wiley adopted the National Institute of Standards and Technology Cybersecurity Framework (NIST-CSF) as a guide for its cybersecurity program to establish and maintain a continuous improvement process for identifying, assessing, and managing cyber risks and cyber-related threats. Informed by the NIST-CSF, we maintain a cybersecurity risk management program that is designed to identify, assess, manage, and mitigate cybersecurity risks and provides a framework for handling cybersecurity threats and incidents, including threats and incidents associated with the use of services provided by third-party service providers. To secure our technology environment, our organization leverages the latest software and security capabilities with a defense-in-depth and layered strategy. We deploy endpoint detection and response, network anomaly detection, and multi-factor authentication across most of our environment. We engage with various third-party consultants as well as utilize various threat intelligence services to assist in our oversight and to identify risks. We require employees with access to our information systems, including all corporate employees and consultants, to undertake annual data protection and cybersecurity training and ongoing phishing simulation exercises. In addition, Wiley’s controls are also monitored and tested on a continuous basis by an external third-party to assess the effectiveness of our cyber program.
|
| Cybersecurity Risk Management Third Party Engaged [Flag] | true |
| Cybersecurity Risk Third Party Oversight and Identification Processes [Flag] | true |
| Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag] | false |
| Cybersecurity Risk Board of Directors Oversight [Text Block] | Our Board is responsible for the overall oversight of our enterprise risk management. The Board receives regular updates on the key risks to the organization on a quarterly basis. The Board has delegated oversight of cybersecurity risks to the Audit Committee. The Audit Committee receives quarterly and yearly cybersecurity updates from the Company’s Chief Information & Security Officer (CISO), which includes updates on the Company’s cybersecurity policies and strategies, cyber risks and threats, the status of projects designed to continuously improve the Company’s information security systems, assessments of the Company’s security program, employee training and awareness programs, emerging threat landscape, and engagement with external cybersecurity experts and advisors, as needed. Management’s Role Management is responsible for day-to-day risk management activities, including identifying and assessing cybersecurity risks, establishing processes to ensure that potential cybersecurity risk exposures are monitored, implementing appropriate mitigation or remediation measures, and maintaining cybersecurity programs. Risk mitigation strategies and key performance indicators are defined, and tracked, as part of the quarterly internal reporting. The information security team consists of subject matter experts in the fields of security operations, governance risk and compliance (GRC), application security, fraud, identity and access management, and security architecture. Our security operation center (SOC) monitors the prevention, detection, mitigation, and remediation of cybersecurity incidents through a variety of technical and operational measures and regularly reports to our CISO. Our CISO is part of the senior management team and regularly updates the Audit Committee on the company’s cybersecurity program, including cybersecurity risks, incidents, and mitigation strategies. The information security team is led by the CISO who has 29 years of experience in business risk management and cybersecurity. The information security team has established processes and procedures that guide and enable continuous monitoring, detection, prevention, mitigation, and remediation of cybersecurity incidents. These processes are carried out using various security platforms tools, capabilities, and strategies including tests of our information security program, tabletop exercises, penetration and vulnerability testing, and other exercises to evaluate the effectiveness of our information security program and improve our security measures and planning. Incident response teams within the SOC utilize procedures that identify escalation paths when security events are identified. Incident priorities dictate escalation of events and how they are reported from an incident commander up to the executive leadership team within Wiley as well as to the Board. Despite our efforts, we cannot eliminate all risks from cybersecurity threats or provide assurances that we have not experienced an undetected cybersecurity incident. The threat landscape is constantly changing and will continue to as new technologies, such as AI, evolve.
|
| Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block] | Our Board is responsible for the overall oversight of our enterprise risk management. |
| Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block] | The Board receives regular updates on the key risks to the organization on a quarterly basis. |
| Cybersecurity Risk Role of Management [Text Block] | Management is responsible for day-to-day risk management activities, including identifying and assessing cybersecurity risks, establishing processes to ensure that potential cybersecurity risk exposures are monitored, implementing appropriate mitigation or remediation measures, and maintaining cybersecurity programs. Risk mitigation strategies and key performance indicators are defined, and tracked, as part of the quarterly internal reporting. The information security team consists of subject matter experts in the fields of security operations, governance risk and compliance (GRC), application security, fraud, identity and access management, and security architecture. Our security operation center (SOC) monitors the prevention, detection, mitigation, and remediation of cybersecurity incidents through a variety of technical and operational measures and regularly reports to our CISO. Our CISO is part of the senior management team and regularly updates the Audit Committee on the company’s cybersecurity program, including cybersecurity risks, incidents, and mitigation strategies. The information security team is led by the CISO who has 29 years of experience in business risk management and cybersecurity. The information security team has established processes and procedures that guide and enable continuous monitoring, detection, prevention, mitigation, and remediation of cybersecurity incidents. These processes are carried out using various security platforms tools, capabilities, and strategies including tests of our information security program, tabletop exercises, penetration and vulnerability testing, and other exercises to evaluate the effectiveness of our information security program and improve our security measures and planning. Incident response teams within the SOC utilize procedures that identify escalation paths when security events are identified. Incident priorities dictate escalation of events and how they are reported from an incident commander up to the executive leadership team within Wiley as well as to the Board.
|
| Cybersecurity Risk Management Positions or Committees Responsible [Flag] | true |
| Cybersecurity Risk Management Positions or Committees Responsible [Text Block] | The Audit Committee receives quarterly and yearly cybersecurity updates from the Company’s Chief Information & Security Officer (CISO), which includes updates on the Company’s cybersecurity policies and strategies, cyber risks and threats, the status of projects designed to continuously improve the Company’s information security systems, assessments of the Company’s security program, employee training and awareness programs, emerging threat landscape, and engagement with external cybersecurity experts and advisors, as needed. Despite our efforts, we cannot eliminate all risks from cybersecurity threats or provide assurances that we have not experienced an undetected cybersecurity incident. The threat landscape is constantly changing and will continue to as new technologies, such as AI, evolve.
|
| Cybersecurity Risk Management Expertise of Management Responsible [Text Block] | The information security team is led by the CISO who has 29 years of experience in business risk management and cybersecurity. |
| Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block] | The Audit Committee receives quarterly and yearly cybersecurity updates from the Company’s Chief Information & Security Officer (CISO), which includes updates on the Company’s cybersecurity policies and strategies, cyber risks and threats, the status of projects designed to continuously improve the Company’s information security systems, assessments of the Company’s security program, employee training and awareness programs, emerging threat landscape, and engagement with external cybersecurity experts and advisors, as needed. |
| Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag] | true |