XML 48 R31.htm IDEA: XBRL DOCUMENT v3.25.3
Cybersecurity Risk Management and Strategy Disclosure
 12 Months Ended
Sep. 27, 2025
Cybersecurity Risk Management, Strategy, and Governance [Line Items]  
Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]
We recognize the critical importance of developing, implementing, and maintaining robust cybersecurity measures designed to protect the security, confidentiality, integrity, and availability of our business systems and information. We base our cybersecurity risk management program upon and measure it against the National Institute of Standards and Technology (NIST) Cybersecurity Framework 2.0.
Our cybersecurity risk management program includes the following:
A dedicated staff of cybersecurity and risk management professionals;
Defined security policies and standards;
Annual mandatory employee cybersecurity and privacy compliance awareness training;
Cybersecurity tooling for detecting and responding to cyber incidents;
Cybersecurity incident response and major crisis plans that govern activities such as detection, coordination, remediation, recovery, and escalation to senior management and, where appropriate, our Audit and Finance Committee and our Board;
Back-up & recovery plans;
Periodic tabletop exercises to promote awareness and improve internal processes;
Periodic penetration testing and vulnerability management processes; and
Third-party risk assessments for suppliers and vendors, which may require such third parties to sign data processing agreements, comply with particular security controls, or complete an additional security and privacy assessment.
Our program also utilizes third-party security providers for specialized areas, including penetration testing, staff augmentation, consulting and other on-demand cybersecurity services. We also leverage a managed security service provider to augment our cybersecurity organization and to provide additional monitoring and response capabilities.
We have integrated cybersecurity related risks into our enterprise risk management program, which is designed to identify, prioritize, assess, monitor and mitigate the various risks confronting our Company, including both external and internal cybersecurity risks. When identified, risks are reported to relevant business and governance leaders within the Company for appropriate action. When potential improvements are identified, we weigh the costs and benefits of such improvements (including against other potential improvements) and, if selected, the improvements are added to a roadmap for possible implementation.
As a global company, we manage a variety of cybersecurity threats and cannot wholly eliminate the risk of adverse impacts from such incidents. Further, the scope and impact of any future incident cannot be predicted. However, as of the date of this Form 10-K, we are not aware of cybersecurity threats, including as a result of any previous cybersecurity incidents, that have materially affected or are reasonably likely to materially affect us, including our business strategy, results of our operations or financial condition. For additional information on the risks from cybersecurity threats that we face, please refer to the “Risk Factors” in Part I, Item 1A. of this Form 10-K.
Cybersecurity Risk Management Processes Integrated [Flag] true
Cybersecurity Risk Management Processes Integrated [Text Block]
We have integrated cybersecurity related risks into our enterprise risk management program, which is designed to identify, prioritize, assess, monitor and mitigate the various risks confronting our Company, including both external and internal cybersecurity risks. When identified, risks are reported to relevant business and governance leaders within the Company for appropriate action. When potential improvements are identified, we weigh the costs and benefits of such improvements (including against other potential improvements) and, if selected, the improvements are added to a roadmap for possible implementation.
Cybersecurity Risk Management Third Party Engaged [Flag] true
Cybersecurity Risk Third Party Oversight and Identification Processes [Flag] true
Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag] false
Cybersecurity Risk Board of Directors Oversight [Text Block]
Our cybersecurity risk management program is led by our Chief Information Security Officer (CISO), who oversees a dedicated cybersecurity and risk management team, which works in partnership across the Company, under the direction of our Chief Information Officer (CIO). Our CISO has over 20 years of experience working in defense and cybersecurity and has served in various cybersecurity leadership roles within Fortune 500 companies. He and our cybersecurity team have extensive experience in leading and addressing IT risk management, security architecture and engineering, security operations, data security, and identity and access management. Our CISO also works closely with our legal team to oversee compliance with legal, regulatory and contractual security requirements.

As part of management’s oversight of our cybersecurity program, we also maintain an executive-level cybersecurity steering committee, comprised of Hologic’s Chief Financial Officer, General Counsel, Head of Internal Audit, Chief Information Officer, Head of Human Resources, Head of Global Supply Chain, and Division President of Breast and Skeletal Health, to help address cybersecurity risks at an enterprise level. The cybersecurity steering committee is a decision-making body that coordinates and communicates the direction, current state, and oversight of our cybersecurity and risk management programs.
While our Board oversees our overall risk management process, as part of its oversight, the Board has delegated primary responsibility for the oversight of cybersecurity risks, including management’s steps to monitor and control such risks, to our Audit and Finance Committee. On a quarterly basis, our CIO and CISO provide updates to the Audit and Finance Committee on
the cybersecurity and related risk management programs, including recent developments and current risk assessments. Our CIO and CISO typically also meet in person with the Audit and Finance Committee twice annually for a more detailed discussion of significant threats, risk mitigation strategies, any security program assessments and identified improvements. Additionally, our CIO and CISO meet at least annually with the full Board and report on the Company’s Information Technology program and more specifically, cybersecurity matters.
Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block] Our cybersecurity risk management program is led by our Chief Information Security Officer (CISO), who oversees a dedicated cybersecurity and risk management team, which works in partnership across the Company, under the direction of our Chief Information Officer (CIO).
Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block] While our Board oversees our overall risk management process, as part of its oversight, the Board has delegated primary responsibility for the oversight of cybersecurity risks, including management’s steps to monitor and control such risks, to our Audit and Finance Committee.
Cybersecurity Risk Role of Management [Text Block] Our cybersecurity risk management program is led by our Chief Information Security Officer (CISO), who oversees a dedicated cybersecurity and risk management team, which works in partnership across the Company, under the direction of our Chief Information Officer (CIO).
Cybersecurity Risk Management Positions or Committees Responsible [Flag] true
Cybersecurity Risk Management Positions or Committees Responsible [Text Block] Our cybersecurity risk management program is led by our Chief Information Security Officer (CISO), who oversees a dedicated cybersecurity and risk management team, which works in partnership across the Company, under the direction of our Chief Information Officer (CIO).
Cybersecurity Risk Management Expertise of Management Responsible [Text Block] Our CISO has over 20 years of experience working in defense and cybersecurity and has served in various cybersecurity leadership roles within Fortune 500 companies. He and our cybersecurity team have extensive experience in leading and addressing IT risk management, security architecture and engineering, security operations, data security, and identity and access management. Our CISO also works closely with our legal team to oversee compliance with legal, regulatory and contractual security requirements.
Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block] On a quarterly basis, our CIO and CISO provide updates to the Audit and Finance Committee on
the cybersecurity and related risk management programs, including recent developments and current risk assessments. Our CIO and CISO typically also meet in person with the Audit and Finance Committee twice annually for a more detailed discussion of significant threats, risk mitigation strategies, any security program assessments and identified improvements. Additionally, our CIO and CISO meet at least annually with the full Board and report on the Company’s Information Technology program and more specifically, cybersecurity matters.
Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag] true