Cybersecurity Risk Management and Strategy Disclosure |
12 Months Ended |
|---|---|
Dec. 31, 2025 | |
| Cybersecurity Risk Management, Strategy, and Governance [Line Items] | |
| Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block] | In 2025, we continued to implement a comprehensive cyber security programme as part of our cyber defence strategy. This was done in adherence to Information and Digital Technology (IDT) requirements based on the Shell Performance Framework (SPF). Our Information and Digital Technology Standard sets out a structured approach to identify, assess and mitigate IT and cyber security risks. Following the approval of the IDT requirements, we refreshed our Information Risk Management capabilities and streamlined the organisational structure to enhance the formal Chief Information Security Officer (CISO) role, with support from the Executive Committee. This included integrating the cyber defence teams and other decentralised cyber security functions into the central Cyber and Information Security Office organisation. |
| Cybersecurity Risk Management Processes Integrated [Flag] | true |
| Cybersecurity Risk Management Processes Integrated [Text Block] | Cyber and information security risk management Our cyber security capabilities are embedded into our IT systems, and our IT and data are protected by various detective and protective technologies and controls. A structured approach to identify, assess and mitigate the IT and cyber security risks is built into our support processes and is benchmarked to external best practices.
|
| Cybersecurity Risk Management Third Party Engaged [Flag] | true |
| Cybersecurity Risk Third Party Oversight and Identification Processes [Flag] | true |
| Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag] | false |
| Cybersecurity Risk Board of Directors Oversight [Text Block] | Our cyber security strategy is regularly reviewed and updated, as required, by our CISO and Shell's Information and Digital Technology leadership team, with oversight from the EC, the Audit and Risk Committee, and the Board. |
| Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block] | Information and Digital Technology leadership team |
| Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block] | Information and Digital Technology leadership team |
| Cybersecurity Risk Role of Management [Text Block] | These reviews involve: ○consideration of changes to the external environment; ○strategic, operational and cultural risks; ○response to cyber security risks and implementation of further remedial actions as appropriate; and ○updates on the performance and benchmarking of the Group's cyber defences. The Cyber and Information Security Office function performs periodic reviews and targeted deep dives that help ensure cyber and information security risk posture remains aligned with our enterprise risk management and regulatory expectations. Shell has established processes to report cyber security and data privacy incidents to relevant authorities as required by applicable regulatory requirements.
|
| Cybersecurity Risk Management Positions or Committees Responsible [Flag] | true |
| Cybersecurity Risk Management Positions or Committees Responsible [Text Block] | CISO and Shell's Information and Digital Technology leadership team, with oversight from the EC, the Audit and Risk Committee, and the Board. |
| Cybersecurity Risk Management Expertise of Management Responsible [Text Block] | . With more than 26 years of experience in global IT leadership, including leadership roles at IBM, Cables & Wireless and Serco, he brings deep expertise in strategic change, innovation and operational excellence. At Shell, he has held senior IT positions across all major businesses and functions. Furthermore, he is active in cyber security industry trade groups. The CISO is supported by a leadership with extensive and significant cumulative experience spanning decades, possessing multiple relevant certifications including but not limited to Certified Information Systems Security Professional (CISSP), Certified Information Systems Auditor (CISA), Certified in Risk and Information System Control (CRISC) and Certified in the Governance of Enterprise IT (CGEIT). The leadership team also actively participates in various industry forums. |
| Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block] | Our cyber security strategy is regularly reviewed and updated, as required, by our CISO and Shell's Information and Digital Technology leadership team, with oversight from the EC, the Audit and Risk Committee, and the Board |
| Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag] | true |