Cybersecurity Risk Management and Strategy Disclosure |
12 Months Ended |
|---|---|
Dec. 31, 2025 | |
| Cybersecurity Risk Management, Strategy, and Governance [Line Items] | |
| Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block] |
Additional features of our cybersecurity program include security controls, such as firewalls and intrusion detection systems; data loss prevention tools; penetration testing of network, cloud, and application platforms; security assessments of our -party vendors; and security awareness education for our employees and specialized training for our information security specialists.
We have implemented security monitoring capabilities, designed to alert us to suspicious activity and have developed an incident response program that includes periodic coordinated response exercises designed to restore business operations as quickly and as orderly as possible in the event of a breach. In the event of cyber incident which may be considered “material” under the SEC’s disclosure rules, Apyx Medical has established a separate committee comprised of the CISO, Chief Financial Officer, Outside Counsel, Chief Executive Officer, and Department Heads, if necessary. This committee is responsible for determining whether a cyber incident, or series of incidents, is “material” and requires disclosure under Item 1.05 of Form 8-K as well as informing the Board of Directors about the incident from a risk oversight perspective.
The Board of Directors oversees risks relating to cybersecurity. The CISO and Chief Financial Officer present to the Board of Directors on a quarterly basis and the results of the risk assessments and audits on at least an annual basis. These reports also include detailed updates on the Company’s performance preparing for, preventing, detecting, responding to, and recovering from cyber incidents. Apyx outsources the majority of our IT services and security to a well-respected company in the industry.
Failure of our information security program to prevent or detect a cyber incident could result in the compromise of Company and customer information, reputational damage, and/or financial loss. During the periods covered by this report, we did not experience any material cyber incidents and the expenses we incurred from cyber incidents were immaterial. While prior incidents have not had a material impact on us, future incidents could have a material adverse effect on our business, results of operations and cash flows. For additional information about our cybersecurity risks, see Item 1A — Risk Factors on this Annual Report on Form 10-K. |
| Cybersecurity Risk Management Processes Integrated [Flag] | true |
| Cybersecurity Risk Management Third Party Engaged [Flag] | true |
| Cybersecurity Risk Third Party Oversight and Identification Processes [Flag] | true |
| Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag] | false |
| Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Text Block] | Failure of our information security program to prevent or detect a cyber incident could result in the compromise of Company and customer information, reputational damage, and/or financial loss. During the periods covered by this report, we did not experience any material cyber incidents and the expenses we incurred from cyber incidents were immaterial. While prior incidents have not had a material impact on us, future incidents could have a material adverse effect on our business, results of operations and cash flows. |
| Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block] | The outsourced Chief Information Security Officer (“CISO”) works closely with the Chief Financial Officer to collectively manage our global information security, information technology and data privacy programs. The Company’s information security program includes a robust set of controls and safeguards for the systems, applications, and databases of the Company and of its third-party vendors. The CISO manages the information security program and sets annual targets and security objectives. The program includes regular risk assessments and recurring internal and external audits to assess the program’s maturity and effectiveness. The results of these assessments and audits help inform decisions to make program adjustments and ensure that the program’s security objectives are effective and up to date. |
| Cybersecurity Risk Role of Management [Text Block] | The Board of Directors oversees risks relating to cybersecurity. The CISO and Chief Financial Officer present to the Board of Directors on a quarterly basis and the results of the risk assessments and audits on at least an annual basis. These reports also include detailed updates on the Company’s performance preparing for, preventing, detecting, responding to, and recovering from cyber incidents. Apyx outsources the majority of our IT services and security to a well-respected company in the industry. |
| Cybersecurity Risk Management Positions or Committees Responsible [Flag] | true |
| Cybersecurity Risk Management Positions or Committees Responsible [Text Block] | The Board of Directors oversees risks relating to cybersecurity. The CISO and Chief Financial Officer present to the Board of Directors on a quarterly basis and the results of the risk assessments and audits on at least an annual basis. These reports also include detailed updates on the Company’s performance preparing for, preventing, detecting, responding to, and recovering from cyber incidents. Apyx outsources the majority of our IT services and security to a well-respected company in the industry. |
| Cybersecurity Risk Management Expertise of Management Responsible [Text Block] | The outsourced Chief Information Security Officer (“CISO”) works closely with the Chief Financial Officer to collectively manage our global information security, information technology and data privacy programs. The Company’s information security program includes a robust set of controls and safeguards for the systems, applications, and databases of the Company and of its third-party vendors. The CISO manages the information security program and sets annual targets and security objectives. The program includes regular risk assessments and recurring internal and external audits to assess the program’s maturity and effectiveness. The results of these assessments and audits help inform decisions to make program adjustments and ensure that the program’s security objectives are effective and up to date. |
| Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block] | The Board of Directors oversees risks relating to cybersecurity. The CISO and Chief Financial Officer present to the Board of Directors on a quarterly basis and the results of the risk assessments and audits on at least an annual basis. These reports also include detailed updates on the Company’s performance preparing for, preventing, detecting, responding to, and recovering from cyber incidents. Apyx outsources the majority of our IT services and security to a well-respected company in the industry. |
| Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag] | true |