XML 27 R11.htm IDEA: XBRL DOCUMENT v3.25.0.1
Cybersecurity Risk Management, Strategy and Governance
 12 Months Ended
Dec. 31, 2024
Cybersecurity Risk Management, Strategy, and Governance [Line Items]  
Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]

ITEM 1C. CYBERSECURITY

As part of the Company’s enterprise risk management, we maintain a cyber risk program with established policies and procedures to detect, prevent, mitigate, and remediate cybersecurity incidents and related risks. The program is led by our Chief Information Security Officer (“CISO”), who has 30 years of experience in information security and is a Certified Information Systems Security Professional. Our CISO reports directly to our Chief Information Officer of Corporate IT, who has over 25 years of experience in all areas of information technology. Our cybersecurity team is comprised of experienced, educated, and certified professionals with decades of experience in cybersecurity leadership roles.

Our cyber risk management program is based on recognized industry practices and standards in cybersecurity and information technology. These standards include the National Institute of Standards and Technology (“NIST”) Cybersecurity Framework (“CSF”) and the International Organization for Standardization (“ISO”) 27001. Security controls are managed using an information security management system (“ISMS”), providing a systematic approach consisting of people, processes, and technology. NOV’s ISMS aims to minimize risk and ensure business continuity by proactively limiting the impact of security incidents.

Our cybersecurity incident response plan includes an escalation process to senior management, who evaluates various factors related to the cybersecurity incident to assess the impact on the Company and any required disclosures. If a cybersecurity incident was determined to be material by senior management, our Board of Directors would be promptly notified and the incident reported based on applicable legal requirements. Our processes also address cybersecurity risks associated with third-party service providers, including those in our supply chain or who have access to our data or systems. We evaluate third-party service providers from a cybersecurity risk perspective, which may include an assessment of that service provider’s cybersecurity posture or a recommendation of specific mitigation controls. We conduct continuous vulnerability assessments and continuous penetration testing. Additionally, we undergo internal and external assessments of our processes to identify opportunities for improvement and reduce exposure to cybersecurity incidents.

The Company’s Board of Directors provides oversight of the Company’s cybersecurity program through periodic updates, typically on a quarterly basis. Additionally, on an annual basis, cybersecurity risks are discussed as part of enterprise risk management.

We have not experienced any cybersecurity incidents that have had a material adverse effect on our business, financial condition, results of operations, or cash flows. Although we have not experienced any cybersecurity incidents that are individually, or in aggregate, material, we have experienced cyberattacks in the past, which we believe have thus far been mitigated by preventative, detective, and responsive measures put in place by the Company. We recognize the potential impact of cybersecurity risks on our business strategy, results of operations, and financial condition and take proactive measures to mitigate these risks. See Item 1A. “Risk Factors.”
Cybersecurity Risk Third Party Oversight and Identification Processes [Flag] true
Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag] false
Cybersecurity Risk Board of Directors Oversight [Text Block]

The Company’s Board of Directors provides oversight of the Company’s cybersecurity program through periodic updates, typically on a quarterly basis. Additionally, on an annual basis, cybersecurity risks are discussed as part of enterprise risk management.
Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block] We evaluate third-party service providers from a cybersecurity risk perspective, which may include an assessment of that service provider’s cybersecurity posture or a recommendation of specific mitigation controls. We conduct continuous vulnerability assessments and continuous penetration testing. Additionally, we undergo internal and external assessments of our processes to identify opportunities for improvement and reduce exposure to cybersecurity incidents.
Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block] If a cybersecurity incident was determined to be material by senior management, our Board of Directors would be promptly notified and the incident reported based on applicable legal requirements.
Cybersecurity Risk Role of Management [Text Block] As part of the Company’s enterprise risk management, we maintain a cyber risk program with established policies and procedures to detect, prevent, mitigate, and remediate cybersecurity incidents and related risks. The program is led by our Chief Information Security Officer (“CISO”), who has 30 years of experience in information security and is a Certified Information Systems Security Professional. Our CISO reports directly to our Chief Information Officer of Corporate IT, who has over 25 years of experience in all areas of information technology. Our cybersecurity team is comprised of experienced, educated, and certified professionals with decades of experience in cybersecurity leadership roles
Cybersecurity Risk Management Positions or Committees Responsible [Flag] true
Cybersecurity Risk Management Positions or Committees Responsible [Text Block] The program is led by our Chief Information Security Officer (“CISO”), who has 30 years of experience in information security and is a Certified Information Systems Security Professional. Our CISO reports directly to our Chief Information Officer of Corporate IT, who has over 25 years of experience in all areas of information technology. Our cybersecurity team is comprised of experienced, educated, and certified professionals with decades of experience in cybersecurity leadership roles.
Cybersecurity Risk Management Expertise of Management Responsible [Text Block] The program is led by our Chief Information Security Officer (“CISO”), who has 30 years of experience in information security and is a Certified Information Systems Security Professional. Our CISO reports directly to our Chief Information Officer of Corporate IT, who has over 25 years of experience in all areas of information technology. Our cybersecurity team is comprised of experienced, educated, and certified professionals with decades of experience in cybersecurity leadership roles.
Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block] Our cybersecurity incident response plan includes an escalation process to senior management, who evaluates various factors related to the cybersecurity incident to assess the impact on the Company and any required disclosures. If a cybersecurity incident was determined to be material by senior management, our Board of Directors would be promptly notified and the incident reported based on applicable legal requirements.
Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag] true