XML 60 R38.htm IDEA: XBRL DOCUMENT v3.25.0.1
Cybersecurity Risk Management and Strategy Disclosure
 12 Months Ended
Dec. 31, 2024
Cybersecurity Risk Management, Strategy, and Governance [Line Items]  
Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]
ICON has a cybersecurity strategy and program designed to protect our information systems and data from an evolving cyber threat landscape. The cybersecurity program, overseen by the Chief Information Officer (CIO), has the support of executive leadership and the Board, and we have invested heavily in cybersecurity technologies to protect our environment.

The Chief Information Officer (CIO), who reports to the CEO, has oversight responsibility for the cybersecurity strategy and program and has over a decade experience leading cybersecurity oversight. The Vice President of Cyber & Information Security reports to the CIO and is responsible for the delivery of the cyber and information security strategy. The Vice President of Cyber & Information Security as well as the overall security team have many years’ experience and are all appropriately qualified. ICON’s cybersecurity processes are integrated into ICON’s overall risk management processes which are monitored by ICON’s executive leadership team and reported to the Board. The Chief Information Officer provides cybersecurity updates to the Board on a quarterly basis.

The underlying controls of the cyber risk management program are based on recognized best practices and standards for cybersecurity and information technology, including the National Institute of Standards and Technology (“NIST”) Cybersecurity Framework (“CSF”) and the International Organization Standardization (“ISO”) 27001 Information Security Management System Requirements. ICON has an enterprise-wide assessment, performed twice annually by a third party, of the Company’s cyber risk management program against ISO 27001. We also conduct an annual independent maturity review with a third party which is based on the NIST cybersecurity framework. ICON also maintains the Cyber Essentials certification.

ICON has a dedicated Cybersecurity Operations Center that continuously monitors for threats and unauthorized access. The Cybersecurity Operations Center is staffed by appropriately qualified cyber and information security professionals. ICON has put in place controls and processes to inform and monitor the prevention, detection, mitigation, and remediation of cybersecurity incidents. These controls and procedures are designed to ensure prompt escalation of certain cybersecurity incidents so that decisions regarding public disclosure and reporting of such incidents can be made by executive management in a timely manner. The escalation processes are based on defined prioritization and severity assessment criteria.
Cybersecurity Risk Management Processes Integrated [Flag] true
Cybersecurity Risk Management Processes Integrated [Text Block] ICON’s cybersecurity processes are integrated into ICON’s overall risk management processes which are monitored by ICON’s executive leadership team and reported to the Board.
Cybersecurity Risk Management Third Party Engaged [Flag] true
Cybersecurity Risk Third Party Oversight and Identification Processes [Flag] true
Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag] false
Cybersecurity Risk Board of Directors Oversight [Text Block] The cybersecurity program, overseen by the Chief Information Officer (CIO), has the support of executive leadership and the Board, and we have invested heavily in cybersecurity technologies to protect our environment.
The Chief Information Officer (CIO), who reports to the CEO, has oversight responsibility for the cybersecurity strategy and program and has over a decade experience leading cybersecurity oversight. The Vice President of Cyber & Information Security reports to the CIO and is responsible for the delivery of the cyber and information security strategy. The Vice President of Cyber & Information Security as well as the overall security team have many years’ experience and are all appropriately qualified. ICON’s cybersecurity processes are integrated into ICON’s overall risk management processes which are monitored by ICON’s executive leadership team and reported to the Board. The Chief Information Officer provides cybersecurity updates to the Board on a quarterly basis.
Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block] The Chief Information Officer (CIO), who reports to the CEO, has oversight responsibility for the cybersecurity strategy and program and has over a decade experience leading cybersecurity oversight.
Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block] The Chief Information Officer provides cybersecurity updates to the Board on a quarterly basis.
Cybersecurity Risk Role of Management [Text Block]
The Chief Information Officer (CIO), who reports to the CEO, has oversight responsibility for the cybersecurity strategy and program and has over a decade experience leading cybersecurity oversight. The Vice President of Cyber & Information Security reports to the CIO and is responsible for the delivery of the cyber and information security strategy. The Vice President of Cyber & Information Security as well as the overall security team have many years’ experience and are all appropriately qualified. ICON’s cybersecurity processes are integrated into ICON’s overall risk management processes which are monitored by ICON’s executive leadership team and reported to the Board. The Chief Information Officer provides cybersecurity updates to the Board on a quarterly basis.

The underlying controls of the cyber risk management program are based on recognized best practices and standards for cybersecurity and information technology, including the National Institute of Standards and Technology (“NIST”) Cybersecurity Framework (“CSF”) and the International Organization Standardization (“ISO”) 27001 Information Security Management System Requirements. ICON has an enterprise-wide assessment, performed twice annually by a third party, of the Company’s cyber risk management program against ISO 27001. We also conduct an annual independent maturity review with a third party which is based on the NIST cybersecurity framework. ICON also maintains the Cyber Essentials certification.

ICON has a dedicated Cybersecurity Operations Center that continuously monitors for threats and unauthorized access. The Cybersecurity Operations Center is staffed by appropriately qualified cyber and information security professionals. ICON has put in place controls and processes to inform and monitor the prevention, detection, mitigation, and remediation of cybersecurity incidents. These controls and procedures are designed to ensure prompt escalation of certain cybersecurity incidents so that decisions regarding public disclosure and reporting of such incidents can be made by executive management in a timely manner. The escalation processes are based on defined prioritization and severity assessment criteria.
Cybersecurity Risk Management Positions or Committees Responsible [Flag] true
Cybersecurity Risk Management Positions or Committees Responsible [Text Block] The Chief Information Officer (CIO), who reports to the CEO, has oversight responsibility for the cybersecurity strategy and program and has over a decade experience leading cybersecurity oversight. The Vice President of Cyber & Information Security reports to the CIO and is responsible for the delivery of the cyber and information security strategy
Cybersecurity Risk Management Expertise of Management Responsible [Text Block] The Vice President of Cyber & Information Security as well as the overall security team have many years’ experience and are all appropriately qualified
Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block] The Chief Information Officer provides cybersecurity updates to the Board on a quarterly basis.
Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag] true