Cybersecurity Risk Management and Strategy Disclosure

12 Months Ended

Dec. 31, 2024

Cybersecurity Risk Management, Strategy, and Governance [Line Items]

Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]

Cyber security Risk Management and Strategy

As a public security company, we prioritize robust cyber security measures to protect our assets, operations, and stakeholders. We have established policies and processes for assessing, identifying, and managing material risk from cyber security threats (as defined below), and have integrated these processes into our overall risk management systems and processes. We routinely assess material risks from cyber security threats, including any potential cyber security incidents (as defined below).

We conduct periodic risk assessments to identify cyber security threats, as well as assessments in the event of a material change in our business practices that may affect information systems (as defined below) that are vulnerable to such cyber security threats. These risk assessments include identification of reasonably foreseeable internal and external risks, the likelihood and potential damage that could result from such risks, and the sufficiency of existing policies, procedures, systems, and safeguards in place to manage such risks.

Following these risk assessments, we re-design, implement, and maintain reasonable safeguards to minimize identified risks; reasonably address any identified gaps in existing safeguards; and regularly monitor the effectiveness of our safeguards. We devote significant resources and designate high-level personnel, including our Chief Information Security Officer (CISO) who reports to our Chief Information Officer, to manage the risk assessment and mitigation process.

As part of our overall risk management process, we monitor and test our safeguards and train our employees on these safeguards, in collaboration with human resources, IT, and management. Personnel at all levels and departments are made aware of our cyber security policies through trainings.

We engage our internal auditors and other third parties in connection with our risk assessment processes. These service providers assist us to design and implement our cyber security policies and procedures in accordance with common best practices and methodologies, as well as to monitor and test our security controls.

We have not identified risks from known cyber security threats, including as a result of any prior cyber security incidents, that have materially affected or are reasonably likely to materially affect us, including our operations, business strategy, results of operations, or financial condition.

For additional information regarding whether any risks from cyber security threats, including as a result of any previous cyber security incidents, have materially affected or are reasonably likely to materially affect our company, including our business strategy, results of operations, or financial condition, please refer to Item 3D, “Key Information – Risk Factors,” in this Annual Report on Form 20-F, including the risk factors entitled “Other General Risks and Risks Related to the Ownership of Our Ordinary Shares - Our information technology systems, networks and products and services have been, and may continue to be, subject to various security threats and cyber security incidents.”

Cybersecurity Risk Management Processes Integrated [Flag]

true

Cybersecurity Risk Management Processes Integrated [Text Block]

Cybersecurity Risk Management Third Party Engaged [Flag]

true

Cybersecurity Risk Third Party Oversight and Identification Processes [Flag]

true

Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag]

false

Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Text Block]

Cybersecurity Risk Board of Directors Oversight [Text Block]

Cyber security Governance

Our Board of Directors considers cyber security risk as part of its risk oversight function and has delegated to the Audit Committee oversight of cyber security and other information technology risks. The Audit Committee oversees management’s implementation of our cyber security risk management program.

The Audit Committee receives quarterly reports from our Chief Information Officer and CISO on cyber security regarding our company’s cyber security risks and activities, including any recent cyber security incidents and related responses, cyber security systems testing, activities of third parties, as well as any incidents with lesser impact potential.

Our Audit Committee provides updates to the board of directors on such reports.

Our management team, particularly our Chief Information Officer, oversees our cyber security policies and processes, including those described in “Cyber security Risk Management and Strategy” above, and is responsible for assessing and managing our material risks from cyber security threats. Our Chief Information Officer and his team have primary responsibility for our overall cyber security risk management program and supervise both our internal cyber security personnel and our retained external cyber security consultants. Our management team’s experience includes our Chief Information Officer’s 17 years of experience in IT services, who has been with Check Point since 2008.

Our Chief Information Officer supervises efforts to prevent, detect, mitigate, and remediate cyber security risks and incidents through various means, which may include briefings from internal security personnel; threat intelligence and other information obtained from governmental, public or private sources, including external consultants engaged by us; and alerts and reports produced by security tools deployed in the IT environment.

For purposes of this Item 16K:

A “cyber security incident” means an unauthorized occurrence, or a series of related unauthorized occurrences, on or conducted through Check Point’s information systems that jeopardizes the confidentiality, integrity, or availability of a registrant’s information systems or any information residing therein.

A “cyber security threat” means any potential unauthorized occurrence on or conducted through a registrant’s information systems that may result in adverse effects on the confidentiality, integrity, or availability of Check Point’s information systems or any information residing therein.

“Information systems” means electronic information resources, owned or used by Check Point, including physical or virtual infrastructure controlled by such information resources, or components thereof, organized for the collection, processing, maintenance, use, sharing, dissemination, or disposition of Check Point’s information to maintain or support Check Point’s operations.

Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block]

Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block]

Cybersecurity Risk Role of Management [Text Block]

Cybersecurity Risk Management Positions or Committees Responsible [Flag]

true

Cybersecurity Risk Management Positions or Committees Responsible [Text Block]

Cybersecurity Risk Management Expertise of Management Responsible [Text Block]

Our management team’s experience includes our Chief Information Officer’s 17 years of experience in IT services, who has been with Check Point since 2008.

Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block]

Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag]

true