XML 66 R47.htm IDEA: XBRL DOCUMENT v3.25.0.1
Cybersecurity Risk Management and Strategy Disclosure
 12 Months Ended
Dec. 31, 2024
Cybersecurity Risk Management, Strategy, and Governance [Line Items]  
Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]
The digital ecosystem has facilitated the access of companies and users to a large amount of information, multiplying the ease and speed at which this information can be transmitted between different networks, companies, and countries. This volume of data implies an important advancement opportunity for society, but also a significant responsibility for companies that, like Telefónica, manage considerable amounts of personal, anonymous, or aggregate information. In addition to threats to the integrity and privacy of data, Telefónica may face network interruptions which could affect the quality of, or cause interruption to, the provision of its services. See “Item 3. Key Information—Risk Factors—Risks Related to Telefónica’s Business Activities—The Telefónica Group's strategy, which is focused on driving new digital businesses and providing data-based services, involves exposure to risks and uncertainties arising from data privacy regulation”, “—Operational Risks—Information technology is key to the Group's business and is subject to cybersecurity risks" and “—Operational Risks—Climate change, natural disasters and other factors beyond the Group's control may result in physical damage to our technical infrastructure that may cause unanticipated network or service interruptions or quality loss or otherwise affect the Group’s business”.
Cybersecurity risks are considered to be one of the main risks within Telefónica’s risk management framework. For a discussion of the cybersecurity risks that may materially affect the business strategy, results of operations or financial condition of the Telefónica Group, see “Item 3. Key Information—Risk Factors—Operational Risks—Information technology is key to the Group's business and is subject to cybersecurity risks". To address these risks, the Group has adopted various lines of action which are led by its Security and Intelligence area, which coordinates with local Security areas in Group companies to periodically assess such risks and define specific mitigation plans.
The head of Security and Intelligence is the Global Director of Security and Intelligence, who has been delegated the authority and responsibility by the Company’s Board of Directors to establish the global strategy for the area of Security (including cybersecurity) by the approval of the Global Security Policy. He leads the development and monitors the implementation of the policy framework and global initiatives in this area. The Global Director of Security and Intelligence has extensive experience in intelligence, risks and threat management, and has held this position for eight years.
Cybersecurity Risk Management Processes Integrated [Flag] true
Cybersecurity Risk Management Processes Integrated [Text Block] Cybersecurity risks are considered to be one of the main risks within Telefónica’s risk management framework. For a discussion of the cybersecurity risks that may materially affect the business strategy, results of operations or financial condition of the Telefónica Group, see “Item 3. Key Information—Risk Factors—Operational Risks—Information technology is key to the Group's business and is subject to cybersecurity risks". To address these risks, the Group has adopted various lines of action which are led by its Security and Intelligence area, which coordinates with local Security areas in Group companies to periodically assess such risks and define specific mitigation plans.
Cybersecurity Risk Management Third Party Engaged [Flag] true
Cybersecurity Risk Third Party Oversight and Identification Processes [Flag] true
Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag] false
Cybersecurity Risk Board of Directors Oversight [Text Block]
The Audit and Control Committee of the Board of Directors is responsible for risk oversight, including oversight of cybersecurity risks. The Audit and Control Committee is regularly informed by Internal Audit on the status of the Group's main risks, including cybersecurity risks, which are regularly assessed by the relevant management areas as part of the enterprise risk management process. In addition, at least once a year, and upon a demand by the Audit and Control Committee, specific reports focused on the status of the cybersecurity risks and the management of cybersecurity incidents are prepared and presented by the Global Director of Security and Intelligence to the Board of Directors, through the Audit and Control Committee. Further, the Global Director of Security and Intelligence reports on cybersecurity status, if requested, to the Sustainability and Regulation Committee.
A local Security Officer is appointed for each main Operating Business, covering all Telefónica Group companies. The Global Director of Security and Intelligence is responsible for proposing the relevant candidates for the approval by the corresponding administrative or management bodies of the companies. For purposes of government and coordination, we have a bimonthly security meeting presided over by the Global Director of Security and Intelligence, in which the heads of our business areas (including Compliance, Internal Audit, Legal, Technology and Operations and Human Resources) and the local Security Officers for each Telefónica Group company participate, in addition to local Security Subcommittees, that collaborate in the definition of global strategic initiatives and guidelines and implement them in each Telefónica Group company. In addition, Telefónica has a Security Advisory Board made up of external experts in the field of security and intelligence. These external experts provide advice to the Security and Intelligence area with the aim of ensuring that the Company follows best practices with respect to security and intelligence (including cybersecurity), improving efficiencies of capabilities and procedures and raising the quality of our strategy in these matters. In addition, the Security and Intelligence area leads the Global Digital Security Committee, in which several members of the Company’s Executive Committee participate.
Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block] The Audit and Control Committee of the Board of Directors is responsible for risk oversight, including oversight of cybersecurity risks. The Audit and Control Committee is regularly informed by Internal Audit on the status of the Group's main risks, including cybersecurity risks, which are regularly assessed by the relevant management areas as part of the enterprise risk management process.
Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block] In addition, at least once a year, and upon a demand by the Audit and Control Committee, specific reports focused on the status of the cybersecurity risks and the management of cybersecurity incidents are prepared and presented by the Global Director of Security and Intelligence to the Board of Directors, through the Audit and Control Committee. Further, the Global Director of Security and Intelligence reports on cybersecurity status, if requested, to the Sustainability and Regulation Committee.
Cybersecurity Risk Role of Management [Text Block] The head of Security and Intelligence is the Global Director of Security and Intelligence, who has been delegated the authority and responsibility by the Company’s Board of Directors to establish the global strategy for the area of Security (including cybersecurity) by the approval of the Global Security Policy. He leads the development and monitors the implementation of the policy framework and global initiatives in this area. The Global Director of Security and Intelligence has extensive experience in intelligence, risks and threat management, and has held this position for eight years.
Cybersecurity Risk Management Positions or Committees Responsible [Flag] true
Cybersecurity Risk Management Positions or Committees Responsible [Text Block] For purposes of government and coordination, we have a bimonthly security meeting presided over by the Global Director of Security and Intelligence, in which the heads of our business areas (including Compliance, Internal Audit, Legal, Technology and Operations and Human Resources) and the local Security Officers for each Telefónica Group company participate, in addition to local Security Subcommittees, that collaborate in the definition of global strategic initiatives and guidelines and implement them in each Telefónica Group company
Cybersecurity Risk Management Expertise of Management Responsible [Text Block] The Global Director of Security and Intelligence has extensive experience in intelligence, risks and threat management, and has held this position for eight years
Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block] at least once a year, and upon a demand by the Audit and Control Committee, specific reports focused on the status of the cybersecurity risks and the management of cybersecurity incidents are prepared and presented by the Global Director of Security and Intelligence to the Board of Directors, through the Audit and Control Committee. Further, the Global Director of Security and Intelligence reports on cybersecurity status, if requested, to the Sustainability and Regulation Committee.
Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag] true