XML 51 R35.htm IDEA: XBRL DOCUMENT

Cybersecurity Risk Management and Strategy Disclosure	12 Months Ended
Cybersecurity Risk Management and Strategy Disclosure	Dec. 31, 2024
Cybersecurity Risk Management, Strategy, and Governance [Line Items]
Cybersecurity Risk Management Processes Integrated [Flag]	true
Cybersecurity Risk Management Processes Integrated [Text Block]	The CISO, with the support of the cybersecurity team and the owners of information technology across the business, monitors current events and trends related to cybersecurity and assesses impact on current systems and operations. There are several processes in place to monitor and review our systems, including third-party solutions, to identify potential risks. Third-party service providers are required to notify us in the event of a cybersecurity incident within their systems, and annual reviews are conducted on the Company’s critical third-party vendors. Cybersecurity risks, threats, and incidents, including those from third-party service providers, are tracked and regularly provided to the CISO. The Cybersecurity Leadership Team, which includes the CISO and executives from all business functions across the organization, meets at least quarterly to review and discuss cybersecurity risks facing the Company.
Cybersecurity Risk Management Third Party Engaged [Flag]	true
Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag]	true
Cybersecurity Risk Management Positions or Committees Responsible [Flag]	true
Cybersecurity Risk Management Positions or Committees Responsible [Text Block]	Our Board of Directors administers its cybersecurity risk oversight function directly through our Audit and Finance Committee (“AFC”). Our AFC has primary responsibility for overseeing our risk management practices, programs, and policies related to data privacy, data protection, and cybersecurity. The AFC reviews and evaluates the processes utilized by management to identify and assess the material internal and external risks that may affect our business. Our AFC regularly discusses the our major risk exposures with management, legal counsel, and the internal audit department. This includes potential financial impact on the Company and the steps taken to monitor and control those risks. Annual reviews with management include a summary of legal and regulatory compliance matters, risk management activities, and including a review of our cybersecurity program. Additionally, our AFC oversees the process by which our Board of Directors is informed regarding the risks facing the Company and coordinates with our legal counsel to ensure our Board of Directors receives regular risk assessment updates from management. The Chief Information Security Officer (“CISO”) is responsible for identifying, assessing, and managing our risks from cybersecurity threats. The CISO has been with the Company for three years, bringing more than 30 years of technology experience, including 15 years in cybersecurity, and has held the CISO position at other companies before joining Exact Sciences. The CISO leads the cybersecurity team consisting of experts in strategy, governance, risk management, compliance, engineering and development, security operations, and incident management.
Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag]	true