Cybersecurity Risk Management and Strategy Disclosure |
12 Months Ended |
|---|---|
Dec. 31, 2025 | |
| Cybersecurity Risk Management, Strategy, and Governance [Line Items] | |
| Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block] |
Risk management and Strategy
Our business operations rely upon secure information technology systems for data processing, storage and reporting. As a global shipping company and an Israeli-based company, we face heightened risks of cyber-attacks, and we remain potentially vulnerable to known or unknown threats, which are constantly evolving. Although to date we have not experienced any cybersecurity threats that have materially affected or are reasonably likely to materially affect our business strategy, results of operations or financial condition, there can be no guarantee that we will not experience such an incident in the future. Any future cybersecurity breach, whether as a result of malicious, political, competitive or other motives, may result in operational disruptions, heavy costs, information misappropriation or breach of privacy laws, including the European Union’s General Data Protection Regulation, the Israeli applicable privacy law and regulations and other applicable regulations, which could result in reputational damage and have a material adverse effect on our business, financial condition and results of operation. Increasing regulation regarding responses to cybersecurity incidents, including reporting and disclosure regulation, could subject us to additional liability and reputational harm.
At ZIM, cybersecurity risk management is an integral part of our overall enterprise risk management program. We are committed to maintaining a cybersecurity work plan and procedures that implement processes to assess, identify and manage cybersecurity risks on a periodic and ongoing basis, aligned with applicable industry standards and reviewed periodically. We are certified as compliant with ISO 27001 in Israel (information security management standard) and ISO 27701(extension to the information security management standard). Our work procedures include, among others, periodic risk assessments and implementation, periodic tests, periodic employee security awareness trainings (including annual company-wide cybersecurity emergency drills), and a third-party data security risk management plan. The third-party data security risk management plan includes due diligence procedures and the application of minimum-security requirements during their engagement with us; this plan helps us to analyse controls and monitor and mitigate cybersecurity risks associated with our third-party engagements. Additionally, we employ a dedicated 24/7 security operating center supervised by our Chief Information Security Officer (CISO) to monitor and respond to suspected cybersecurity threats.
|
| Cybersecurity Risk Management Processes Integrated [Flag] | true |
| Cybersecurity Risk Management Processes Integrated [Text Block] | We are committed to maintaining a cybersecurity work plan and procedures that implement processes to assess, identify and manage cybersecurity risks on a periodic and ongoing basis, aligned with applicable industry standards and reviewed periodically. |
| Cybersecurity Risk Management Third Party Engaged [Flag] | true |
| Cybersecurity Risk Third Party Oversight and Identification Processes [Flag] | true |
| Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag] | false |
| Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Text Block] | Although to date we have not experienced any cybersecurity threats that have materially affected or are reasonably likely to materially affect our business strategy, results of operations or financial condition, there can be no guarantee that we will not experience such an incident in the future. |
| Cybersecurity Risk Board of Directors Oversight [Text Block] |
Governance
We employ top-tier professionals with extensive experience managing cybersecurity threats headed by our CISO, who reports to the CEO and management, and who works in collaboration with our Chief Information Officer (CIO). Our CIO also has extensive prior work experience with the CISO, and CIO’s teams are responsible to implement all necessary measures for the cybersecurity protection. We also engage with reputable third-party consultants, advisors and vendors who review our overall data security and have helped us refine our cybersecurity-related work procedures, periodic risk assessments and trainings.
In addition, cybersecurity reports are also submitted by our CIO and our management to our Board of Directors, which is responsible for the oversight of cybersecurity risks, several times during a year. These reports include status reports as well as proposals regarding the cybersecurity budget and insurance policy. Our Board of Directors and management are responsible for identifying, considering and assessing material cybersecurity risks on an ongoing basis, establishing processes to ensure that such potential cybersecurity risk exposures are monitored, putting in place appropriate mitigation measures and maintaining cybersecurity programs.
For more information about these risks, please see “Risk factors – General risk factors” in this annual report on Form 20-F.
|
| Cybersecurity Risk Role of Management [Text Block] | We employ top-tier professionals with extensive experience managing cybersecurity threats headed by our CISO, who reports to the CEO and management, and who works in collaboration with our Chief Information Officer (CIO). Our CIO also has extensive prior work experience with the CISO, and CIO’s teams are responsible to implement all necessary measures for the cybersecurity protection. We also engage with reputable third-party consultants, advisors and vendors who review our overall data security and have helped us refine our cybersecurity-related work procedures, periodic risk assessments and trainings. |
| Cybersecurity Risk Management Positions or Committees Responsible [Flag] | true |
| Cybersecurity Risk Management Positions or Committees Responsible [Text Block] | Our Board of Directors and management are responsible for identifying, considering and assessing material cybersecurity risks on an ongoing basis |
| Cybersecurity Risk Management Expertise of Management Responsible [Text Block] | We employ top-tier professionals with extensive experience managing cybersecurity threats headed by our CISO, who reports to the CEO and management, and who works in collaboration with our Chief Information Officer (CIO). |
| Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block] | Our Board of Directors and management are responsible for identifying, considering and assessing material cybersecurity risks on an ongoing basis, establishing processes to ensure that such potential cybersecurity risk exposures are monitored, putting in place appropriate mitigation measures and maintaining cybersecurity programs. |
| Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag] | true |