Cybersecurity Risk Management and Strategy Disclosure |
12 Months Ended |
|---|---|
Dec. 31, 2025 | |
| Cybersecurity Risk Management, Strategy, and Governance [Line Items] | |
| Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block] | We review cybersecurity risk as part of our overall enterprise risk management program. This ensures that cybersecurity risk management remains a top priority in our business strategy and operations.
|
| Cybersecurity Risk Management Processes Integrated [Flag] | true |
| Cybersecurity Risk Management Processes Integrated [Text Block] | Primary management responsibility for assessing, monitoring and managing our cybersecurity risks rests with our chief information security officer ("CISO"). Our current CISO has over 30 years of experience in information technology and cybersecurity in the United States military, retail and healthcare sectors and oversees our team of cybersecurity professionals. The CISO is regularly informed about recent developments in cybersecurity, including potential threats and innovative risk management techniques.
|
| Cybersecurity Risk Management Third Party Engaged [Flag] | true |
| Cybersecurity Risk Third Party Oversight and Identification Processes [Flag] | true |
| Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag] | false |
| Cybersecurity Risk Board of Directors Oversight [Text Block] | Cybersecurity risks are overseen by the full Board of Directors and the Audit Committee. The Audit Committee is central to the Board of Directors’ oversight of cybersecurity risks and bears the primary responsibility for overseeing cybersecurity risk. The Audit Committee actively participates in strategic decisions related to cybersecurity, offering guidance and approval for major cybersecurity initiatives. This involvement ensures that cybersecurity considerations are integrated into our broader strategic objectives.
|
| Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block] | Cybersecurity risks are overseen by the full Board of Directors and the Audit Committee. The Audit Committee is central to the Board of Directors’ oversight of cybersecurity risks and bears the primary responsibility for overseeing cybersecurity risk. The Audit Committee actively participates in strategic decisions related to cybersecurity, offering guidance and approval for major cybersecurity initiatives. This involvement ensures that cybersecurity considerations are integrated into our broader strategic objectives.
|
| Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block] | Our CISO provides comprehensive updates to the Audit Committee at least three times a year and the full Board of Directors periodically. These briefings include a range of topics, including: •Current cybersecurity landscape and emerging threats; •Status of ongoing cybersecurity initiatives and strategies; •Incident reports and learnings from any cybersecurity events; •Metrics demonstrating company and industry-standard prevention of common threats; and •Regulatory changes impacting cybersecurity requirements and strategy.
|
| Cybersecurity Risk Role of Management [Text Block] | Primary management responsibility for assessing, monitoring and managing our cybersecurity risks rests with our chief information security officer ("CISO"). Our current CISO has over 30 years of experience in information technology and cybersecurity in the United States military, retail and healthcare sectors and oversees our team of cybersecurity professionals. The CISO is regularly informed about recent developments in cybersecurity, including potential threats and innovative risk management techniques. The CISO implements and oversees processes for the regular monitoring of our information systems. We use various tools and methodologies to manage cybersecurity risk that are tested regularly. We also monitor and evaluate our cybersecurity posture and performance on an ongoing basis through regular vulnerability scans, penetration tests and threat intelligence feeds. In addition, we engage third-party consultants to conduct annual cybersecurity assessments and to conduct audits for compliance with regulatory, Sarbanes-Oxley Act, Service Organization Control Type 2 and International Organization for Standardization standards. We also engage third parties to assess our cybersecurity maturity and risk management programs. We use a cross-departmental approach to addressing cybersecurity risk, with our cybersecurity, product security and legal teams presenting quarterly on key topics to a committee of leaders in technology, legal, finance, regulatory and corporate affairs functions. This leadership committee meets quarterly to ensure that we have input and oversight from critical stakeholders into our cybersecurity program and evolving issues. The CISO oversees a training and awareness program for employees to take part in protecting the Company against cybersecurity risks. We have implemented annual mandatory security education to help employees understand cybersecurity risks and comply with our cybersecurity policies. Additionally, we provide frequent communications around pertinent cybersecurity topics and policies to all employees. We also provide additional cybersecurity and data protection training to employees in certain roles. As part of our cybersecurity risk management program, we also conduct cybersecurity, data protection, and privacy assessments on all third parties who integrate with Stryker’s data, network, systems and products. We use a combination of internal and external tools to confirm that these third parties meet our security requirements. We leverage standard industry threat model and privacy impact assessment concepts to confirm that data minimization and adequate data protections are in place. We perform supplemental reviews as necessary, commensurate with the risk associated with each vendor. In the event of a cybersecurity incident, we have an incident response plan that includes immediate actions to mitigate the impact and long-term strategies for remediation and prevention of future incidents. The cybersecurity and product security teams routinely practice this plan with functions across the organization. We conduct tabletop exercises with senior management, during which we practice the procedures in place to ensure that potentially material cybersecurity risks and incidents are escalated to management and the Board of Directors where applicable.
|
| Cybersecurity Risk Management Positions or Committees Responsible [Flag] | true |
| Cybersecurity Risk Management Positions or Committees Responsible [Text Block] | Primary management responsibility for assessing, monitoring and managing our cybersecurity risks rests with our chief information security officer ("CISO")
|
| Cybersecurity Risk Management Expertise of Management Responsible [Text Block] | Our current CISO has over 30 years of experience in information technology and cybersecurity in the United States military, retail and healthcare sectors and oversees our team of cybersecurity professionals. The CISO is regularly informed about recent developments in cybersecurity, including potential threats and innovative risk management techniques.
|
| Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block] | The CISO oversees a training and awareness program for employees to take part in protecting the Company against cybersecurity risks. We have implemented annual mandatory security education to help employees understand cybersecurity risks and comply with our cybersecurity policies. Additionally, we provide frequent communications around pertinent cybersecurity topics and policies to all employees. We also provide additional cybersecurity and data protection training to employees in certain roles. As part of our cybersecurity risk management program, we also conduct cybersecurity, data protection, and privacy assessments on all third parties who integrate with Stryker’s data, network, systems and products. We use a combination of internal and external tools to confirm that these third parties meet our security requirements. We leverage standard industry threat model and privacy impact assessment concepts to confirm that data minimization and adequate data protections are in place. We perform supplemental reviews as necessary, commensurate with the risk associated with each vendor.
|
| Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag] | true |