XML 63 R40.htm IDEA: XBRL DOCUMENT v3.25.0.1
Cybersecurity Risk Management and Strategy Disclosure
 12 Months Ended
Dec. 31, 2024
Cybersecurity Risk Management, Strategy, and Governance [Line Items]  
Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]
Our business is highly dependent on electronic information resources used for the collection, processing, maintenance, use, sharing, dissemination, or disposition of our and our clients’ information, which we refer to as “information systems”, including our computer systems, hardware, software and networks and those of our third-party vendors and service providers. Our operations rely on the secure processing, storage and transmission of confidential and other information by our information systems and those of third parties.
Lazard maintains a formal, robust cybersecurity and information security program that is aligned with the National Institute of Standards and Technology Cybersecurity Framework (“CSF”) and integrated into our overall risk management process. Our Information Security Program, Policies and Standards are also designed to comply with the financial regulations and cybersecurity laws in the jurisdictions in which we operate. By focusing on the following four interconnected pillars, we aim to reduce the impact of cybersecurity incidents, safeguard our digital assets and foster a proactive and comprehensive approach to cybersecurity within our organization.

Risk assessments and mitigation strategies
Conduct regular risk assessments to identify and prioritize critical assets and vulnerabilities, both internally and with respect to third-party risks.
Develop and implement appropriate mitigation strategies based on risk assessments.
Monitor and evaluate the effectiveness of risk mitigation measures.
Professional cybersecurity staff
Retain and recruit skilled cybersecurity professionals.
Provide regular training and development opportunities.
Foster collaboration and knowledge sharing among cybersecurity team members.
Security-aware organizational culture
Maintain policies and procedures for reporting and responding to cybersecurity incidents.
Empower employees to take ownership of their cybersecurity responsibilities.
Promote a security-aware culture throughout the organization through regular training and awareness programs.
Security technology
Implement and maintain robust cybersecurity technologies, including advanced threat detection, prevention and response tools.
Regularly evaluate and update our suite of cybersecurity technology to address emerging threats and vulnerabilities.
Integrate cybersecurity technologies with other systems and processes.
Cybersecurity Risk Management Processes Integrated [Flag] true
Cybersecurity Risk Management Processes Integrated [Text Block]
Lazard maintains a formal, robust cybersecurity and information security program that is aligned with the National Institute of Standards and Technology Cybersecurity Framework (“CSF”) and integrated into our overall risk management process. Our Information Security Program, Policies and Standards are also designed to comply with the financial regulations and cybersecurity laws in the jurisdictions in which we operate. By focusing on the following four interconnected pillars, we aim to reduce the impact of cybersecurity incidents, safeguard our digital assets and foster a proactive and comprehensive approach to cybersecurity within our organization.

Risk assessments and mitigation strategies
Conduct regular risk assessments to identify and prioritize critical assets and vulnerabilities, both internally and with respect to third-party risks.
Develop and implement appropriate mitigation strategies based on risk assessments.
Monitor and evaluate the effectiveness of risk mitigation measures.
Professional cybersecurity staff
Retain and recruit skilled cybersecurity professionals.
Provide regular training and development opportunities.
Foster collaboration and knowledge sharing among cybersecurity team members.
Security-aware organizational culture
Maintain policies and procedures for reporting and responding to cybersecurity incidents.
Empower employees to take ownership of their cybersecurity responsibilities.
Promote a security-aware culture throughout the organization through regular training and awareness programs.
Security technology
Implement and maintain robust cybersecurity technologies, including advanced threat detection, prevention and response tools.
Regularly evaluate and update our suite of cybersecurity technology to address emerging threats and vulnerabilities.
Integrate cybersecurity technologies with other systems and processes.
Cybersecurity Risk Management Third Party Engaged [Flag] true
Cybersecurity Risk Third Party Oversight and Identification Processes [Flag] true
Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag] false
Cybersecurity Risk Board of Directors Oversight [Text Block]
Lazard’s cybersecurity program, which includes information security, is the primary responsibility of our CISO, who oversees our global information security strategy and program and is supported by our Information Technology and Information Security departments. The Company’s current CISO has held the position since 2015 and has been working in technology risk management since 1991. The CISO holds a bachelor’s degree from New York Institute of Technology and is an accredited Certified Information Systems Security Professional. Our CISO leads our Cybersecurity Incident Handling Team (“CSIHT”), to which cybersecurity threats and cybersecurity incidents are reported. The CSIHT manages the Company’s response to cybersecurity threats and cybersecurity incidents, including the prevention, detection, analysis, containment, eradication and recovery thereof.
The CISO reports monthly to the GRC, which includes our Chief Executive Officer (“CEO”), Chief Financial Officer (“CFO”) and General Counsel, among other members of senior management, regarding cybersecurity incidents from the preceding month.
Our Internal Audit department regularly assesses and reports to the Audit Committee on the effectiveness of our cybersecurity and information technology controls. Our Audit Committee reviews the Company’s cybersecurity risk profile and risk management strategies at regular intervals. Management reviews with the Audit Committee categories of risk the Company faces, including cybersecurity risks, as well as the likelihood of the occurrence of cybersecurity risks, the potential impact of those risks and the steps management has taken to monitor, mitigate and control such risks. In addition, our CISO reports at least annually to the Board, and at least quarterly to the Board’s Audit Committee, with respect to cybersecurity risks, including those identified through review of our business, of rising threats in the industry, and of the current state of Lazard’s cybersecurity program. Updates on cybersecurity risks are reviewed at regular meetings of the Audit Committee and reported to the full Board.
Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block] Our Internal Audit department regularly assesses and reports to the Audit Committee on the effectiveness of our cybersecurity and information technology controls. Our Audit Committee reviews the Company’s cybersecurity risk profile and risk management strategies at regular intervals.
Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block] Our Internal Audit department regularly assesses and reports to the Audit Committee on the effectiveness of our cybersecurity and information technology controls. Our Audit Committee reviews the Company’s cybersecurity risk profile and risk management strategies at regular intervals. Management reviews with the Audit Committee categories of risk the Company faces, including cybersecurity risks, as well as the likelihood of the occurrence of cybersecurity risks, the potential impact of those risks and the steps management has taken to monitor, mitigate and control such risks. In addition, our CISO reports at least annually to the Board, and at least quarterly to the Board’s Audit Committee, with respect to cybersecurity risks, including those identified through review of our business, of rising threats in the industry, and of the current state of Lazard’s cybersecurity program. Updates on cybersecurity risks are reviewed at regular meetings of the Audit Committee and reported to the full Board.
Cybersecurity Risk Role of Management [Text Block]
Lazard’s cybersecurity program, which includes information security, is the primary responsibility of our CISO, who oversees our global information security strategy and program and is supported by our Information Technology and Information Security departments. The Company’s current CISO has held the position since 2015 and has been working in technology risk management since 1991. The CISO holds a bachelor’s degree from New York Institute of Technology and is an accredited Certified Information Systems Security Professional. Our CISO leads our Cybersecurity Incident Handling Team (“CSIHT”), to which cybersecurity threats and cybersecurity incidents are reported. The CSIHT manages the Company’s response to cybersecurity threats and cybersecurity incidents, including the prevention, detection, analysis, containment, eradication and recovery thereof.
The CISO reports monthly to the GRC, which includes our Chief Executive Officer (“CEO”), Chief Financial Officer (“CFO”) and General Counsel, among other members of senior management, regarding cybersecurity incidents from the preceding month.
Cybersecurity Risk Management Positions or Committees Responsible [Flag] true
Cybersecurity Risk Management Positions or Committees Responsible [Text Block] Lazard’s cybersecurity program, which includes information security, is the primary responsibility of our CISO, who oversees our global information security strategy and program and is supported by our Information Technology and Information Security departments. The Company’s current CISO has held the position since 2015 and has been working in technology risk management since 1991. The CISO holds a bachelor’s degree from New York Institute of Technology and is an accredited Certified Information Systems Security Professional. Our CISO leads our Cybersecurity Incident Handling Team (“CSIHT”), to which cybersecurity threats and cybersecurity incidents are reported. The CSIHT manages the Company’s response to cybersecurity threats and cybersecurity incidents, including the prevention, detection, analysis, containment, eradication and recovery thereof.
Cybersecurity Risk Management Expertise of Management Responsible [Text Block] The Company’s current CISO has held the position since 2015 and has been working in technology risk management since 1991. The CISO holds a bachelor’s degree from New York Institute of Technology and is an accredited Certified Information Systems Security Professional.
Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block] Our CISO leads our Cybersecurity Incident Handling Team (“CSIHT”), to which cybersecurity threats and cybersecurity incidents are reported. The CSIHT manages the Company’s response to cybersecurity threats and cybersecurity incidents, including the prevention, detection, analysis, containment, eradication and recovery thereof.
The CISO reports monthly to the GRC, which includes our Chief Executive Officer (“CEO”), Chief Financial Officer (“CFO”) and General Counsel, among other members of senior management, regarding cybersecurity incidents from the preceding month.
Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag] true