v3.25.2
Cybersecurity Risk Management and Strategy Disclosure
12 Months Ended
May 31, 2025
Cybersecurity Risk Management, Strategy, and Governance [Line Items]  
Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]

Cybersecurity risk, management, and strategy

 

Tilray recognizes that cybersecurity is critical to protecting our systems, data, and operations. We are committed to addressing the significant risks posed by cyber threats by proactively managing the evolving landscape through a comprehensive, enterprise wide approach. Our enterprise risk management framework considers cybersecurity risk alongside other company risks as part of our overall risk assessment process and shares common methodologies, reporting channels and governance processes that apply across the enterprise risk management framework to other legal, compliance, operational, and financial risk areas. The Company is committed to maintaining robust processes to assess, identify and mitigate material risks from cybersecurity threats and to protect against, detect and respond to cybersecurity incidents. 

 

Our business is subject to various cybersecurity risks, including but not limited to, unauthorized access to sensitive data, including customer information and medical information, disruption of operations or supply chain due to cyberattacks, theft or manipulation of intellectual property, such as proprietary strains or cultivation techniques, regulatory non-compliance resulting from cybersecurity breaches, including violations of data privacy laws. To address these risks, we have implemented a comprehensive cybersecurity program, which includes, regular risk assessments and vulnerability testing to identify and remediate potential weaknesses in our infrastructure, deployment of advanced access controls, encryption, and endpoint protection to safeguard sensitive data such as customer and medical information, mandatory annual cybersecurity training and awareness programs for all employees to reduce the risk of social engineering and phishing attacks, and continual monitoring and incident response protocols to detect, contain and respond to cybersecurity incidents in a timely and effective manner. We also have information security and data privacy policies and procedures in place applicable to our directors, officers, employees, contractors and suppliers. Third parties service providers also contribute to our overall cybersecurity. We engage third parties that are cybersecurity experts to support in the design, implementation and continuous improvement of our cybersecurity program.

 

As of the date of this Form 10-K, we do not believe any risks from cybersecurity threats, including as a result of any previous cybersecurity incidents, have materially affected or are reasonably likely to materially affect us, including our business strategy, results of operations or financial condition. See “Item 1A. Risk Factors” for further information about these risks.

Cybersecurity Risk Management Processes Integrated [Flag] true
Cybersecurity Risk Management Processes Integrated [Text Block] Tilray recognizes that cybersecurity is critical to protecting our systems, data, and operations. We are committed to addressing the significant risks posed by cyber threats by proactively managing the evolving landscape through a comprehensive, enterprise wide approach. Our enterprise risk management framework considers cybersecurity risk alongside other company risks as part of our overall risk assessment process and shares common methodologies, reporting channels and governance processes that apply across the enterprise risk management framework to other legal, compliance, operational, and financial risk areas. The Company is committed to maintaining robust processes to assess, identify and mitigate material risks from cybersecurity threats and to protect against, detect and respond to cybersecurity incidents.
Cybersecurity Risk Management Third Party Engaged [Flag] true
Cybersecurity Risk Third Party Oversight and Identification Processes [Flag] true
Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag] false
Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Text Block] Our business is subject to various cybersecurity risks, including but not limited to, unauthorized access to sensitive data, including customer information and medical information, disruption of operations or supply chain due to cyberattacks, theft or manipulation of intellectual property, such as proprietary strains or cultivation techniques, regulatory non-compliance resulting from cybersecurity breaches, including violations of data privacy laws. To address these risks, we have implemented a comprehensive cybersecurity program, which includes, regular risk assessments and vulnerability testing to identify and remediate potential weaknesses in our infrastructure, deployment of advanced access controls, encryption, and endpoint protection to safeguard sensitive data such as customer and medical information, mandatory annual cybersecurity training and awareness programs for all employees to reduce the risk of social engineering and phishing attacks, and continual monitoring and incident response protocols to detect, contain and respond to cybersecurity incidents in a timely and effective manner. We also have information security and data privacy policies and procedures in place applicable to our directors, officers, employees, contractors and suppliers. Third parties service providers also contribute to our overall cybersecurity. We engage third parties that are cybersecurity experts to support in the design, implementation and continuous improvement of our cybersecurity program.
Cybersecurity Risk Board of Directors Oversight [Text Block]

Cybersecurity governance

 

Cybersecurity is an important part of our risk management processes and is an area of focus for our Board, Chief Information Officer ("CIO") whom reports directly to the Chief Executive Officer, and management team. Our CIO plays a pivotal role in assessing and managing material risks stemming from cybersecurity threats and is primarily responsible for the oversight of our overall cybersecurity risk management program, and coordinates with our external cybersecurity consultants. Additionally, given that cybersecurity risks can impact various areas of responsibility of the Committees of the Board, our Board of Directors oversees cybersecurity risk management and regularly reviews our cybersecurity strategy and initiatives. The Board receives quarterly and as needed updates on cybersecurity matters from the CIO and management on topics including threat landscape developments, incident response readiness, and program enhancements.

 

Tilray is dedicated to maintaining a robust cybersecurity program to safeguard our assets, data, and stakeholders’ interests. We remain vigilant in our efforts to identify, assess, and mitigate cybersecurity risks and are committed to transparency and accountability in our cybersecurity disclosures.

Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block] Cybersecurity is an important part of our risk management processes and is an area of focus for our Board, Chief Information Officer ("CIO") whom reports directly to the Chief Executive Officer, and management team. Our CIO plays a pivotal role in assessing and managing material risks stemming from cybersecurity threats and is primarily responsible for the oversight of our overall cybersecurity risk management program, and coordinates with our external cybersecurity consultants. Additionally, given that cybersecurity risks can impact various areas of responsibility of the Committees of the Board, our Board of Directors oversees cybersecurity risk management and regularly reviews our cybersecurity strategy and initiatives. The Board receives quarterly and as needed updates on cybersecurity matters from the CIO and management on topics including threat landscape developments, incident response readiness, and program enhancements.
Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block] Cybersecurity is an important part of our risk management processes and is an area of focus for our Board, Chief Information Officer ("CIO") whom reports directly to the Chief Executive Officer, and management team. Our CIO plays a pivotal role in assessing and managing material risks stemming from cybersecurity threats and is primarily responsible for the oversight of our overall cybersecurity risk management program, and coordinates with our external cybersecurity consultants. Additionally, given that cybersecurity risks can impact various areas of responsibility of the Committees of the Board, our Board of Directors oversees cybersecurity risk management and regularly reviews our cybersecurity strategy and initiatives. The Board receives quarterly and as needed updates on cybersecurity matters from the CIO and management on topics including threat landscape developments, incident response readiness, and program enhancements.
Cybersecurity Risk Role of Management [Text Block] Cybersecurity is an important part of our risk management processes and is an area of focus for our Board, Chief Information Officer ("CIO") whom reports directly to the Chief Executive Officer, and management team. Our CIO plays a pivotal role in assessing and managing material risks stemming from cybersecurity threats and is primarily responsible for the oversight of our overall cybersecurity risk management program, and coordinates with our external cybersecurity consultants. Additionally, given that cybersecurity risks can impact various areas of responsibility of the Committees of the Board, our Board of Directors oversees cybersecurity risk management and regularly reviews our cybersecurity strategy and initiatives. The Board receives quarterly and as needed updates on cybersecurity matters from the CIO and management on topics including threat landscape developments, incident response readiness, and program enhancements.
Cybersecurity Risk Management Positions or Committees Responsible [Flag] true
Cybersecurity Risk Management Positions or Committees Responsible [Text Block] Cybersecurity is an important part of our risk management processes and is an area of focus for our Board, Chief Information Officer ("CIO") whom reports directly to the Chief Executive Officer, and management team. Our CIO plays a pivotal role in assessing and managing material risks stemming from cybersecurity threats and is primarily responsible for the oversight of our overall cybersecurity risk management program, and coordinates with our external cybersecurity consultants. Additionally, given that cybersecurity risks can impact various areas of responsibility of the Committees of the Board, our Board of Directors oversees cybersecurity risk management and regularly reviews our cybersecurity strategy and initiatives. The Board receives quarterly and as needed updates on cybersecurity matters from the CIO and management on topics including threat landscape developments, incident response readiness, and program enhancements.
Cybersecurity Risk Management Expertise of Management Responsible [Text Block] Cybersecurity is an important part of our risk management processes and is an area of focus for our Board, Chief Information Officer ("CIO") whom reports directly to the Chief Executive Officer, and management team. Our CIO plays a pivotal role in assessing and managing material risks stemming from cybersecurity threats and is primarily responsible for the oversight of our overall cybersecurity risk management program, and coordinates with our external cybersecurity consultants. Additionally, given that cybersecurity risks can impact various areas of responsibility of the Committees of the Board, our Board of Directors oversees cybersecurity risk management and regularly reviews our cybersecurity strategy and initiatives. The Board receives quarterly and as needed updates on cybersecurity matters from the CIO and management on topics including threat landscape developments, incident response readiness, and program enhancements.
Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block] Cybersecurity is an important part of our risk management processes and is an area of focus for our Board, Chief Information Officer ("CIO") whom reports directly to the Chief Executive Officer, and management team. Our CIO plays a pivotal role in assessing and managing material risks stemming from cybersecurity threats and is primarily responsible for the oversight of our overall cybersecurity risk management program, and coordinates with our external cybersecurity consultants. Additionally, given that cybersecurity risks can impact various areas of responsibility of the Committees of the Board, our Board of Directors oversees cybersecurity risk management and regularly reviews our cybersecurity strategy and initiatives. The Board receives quarterly and as needed updates on cybersecurity matters from the CIO and management on topics including threat landscape developments, incident response readiness, and program enhancements.
Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag] true