Cybersecurity Risk Management and Strategy Disclosure |
12 Months Ended |
|---|---|
Dec. 31, 2024 | |
| Cybersecurity Risk Management, Strategy, and Governance [Line Items] | |
| Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block] |
Risk management and strategy We rely on our information technology to operate our business. We have policies and processes designed to protect our information technology systems, some of which are managed by third parties, and resolve issues in a timely manner in the event of a cybersecurity threat or incident. As part of our broader risk management framework, we have identified the potential cybersecurity risks to our business and implemented structured controls to mitigate them. Our business applications and hosting services are designed to minimize the impact of cybersecurity incidents, with designated backup systems in place where necessary. To enhance cybersecurity resilience, we have implemented a structured Information Security Management System (ISMS) certified in accordance with ISO 27001, providing a comprehensive approach to managing cybersecurity risks and aligning with industry best practices. Our risk mitigation efforts include a combination of administrative, technical, and operational controls, such as real-time monitoring and detection activities, anti-malware and endpoint protection solutions, annual employee cybersecurity training, regular security audits, third-party penetration testing, and a clear communication and reporting structure to facilitate timely responses to security incidents. We have a Cybersecurity Incident Response Plan (CIRP) that defines roles, responsibilities, and reporting mechanisms, as well as a structured incident response process covering preparation, detection, response, documentation, and post-incident analysis. This plan outlines possible cybersecurity threats and response measures for incidents such as denial-of-service attacks, malicious code attacks, website defacement, data corruption, and data leakage. In addition, we maintain a Business Continuity Plan (BCP) in accordance with ISO 27001 to ensure operational resilience, including detailed continuity procedures, system restoration timeframes, and recovery strategies for various scenarios. To address cybersecurity risks associated with third-party service providers, we have established procedures, policies, and tools for identifying, assessing, and mitigating potential threats. This process begins with a third-party risk assessment, which is performed and updated as needed. Our Information Security Guidelines for Suppliers ensure compliance with security standards, while our Access Control Policies regulate third-party access to sensitive systems, and our Cloud System Information Security Procedures govern data security in cloud environments. We also engage third-party consultants to assist in designing and enhancing our cybersecurity risk management framework, including penetration testing and continuous threat monitoring. To date, we have not encountered cybersecurity threats or incidents that have had a material impact on our business. |
| Cybersecurity Risk Management Processes Integrated [Flag] | true |
| Cybersecurity Risk Management Processes Integrated [Text Block] |
We rely on our information technology to operate our business. We have policies and processes designed to protect our information technology systems, some of which are managed by third parties, and resolve issues in a timely manner in the event of a cybersecurity threat or incident. |
| Cybersecurity Risk Management Third Party Engaged [Flag] | true |
| Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Text Block] | we have not encountered cybersecurity threats or incidents that have had a material impact on our business. |
| Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag] | false |
| Cybersecurity Risk Third Party Oversight and Identification Processes [Flag] | true |
| Cybersecurity Risk Board of Directors Oversight [Text Block] |
Our Board of Directors has specific oversight responsibility for cybersecurity, which also oversees our general risk management. The Board of Directors reviews and discusses with management our policies, practices and risks related to information security and cybersecurity. Our Chief Financial Officer has primary responsibility for assessing, monitoring, and managing cybersecurity risks. Leaders of our Ondas Networks and OAS segments, along with the Chief Financial Officer, meet quarterly to assess cybersecurity risks, identify emerging threats, and evaluate our risk management framework. The Chief Financial Officer provides quarterly updates to the Board of Directors on any cybersecurity-related risks. Our incident response plan includes notifying the Board of Directors of any material threats or incidents as they arise. Although these members of our senior management do not have direct cybersecurity expertise obtained through certifications, their experience managing the Company, which includes consulting and coordinating as necessary with in-house and third-party information technology specialists, enables them to effectively assess and manage material risks from cybersecurity threats. At OAS, risk management oversight is further managed through our Head of Information Security, who is responsible for overseeing the information security aspects of our cybersecurity framework. Our Head of Information Security brings extensive expertise to the role, with military experience in information security, a B.Sc. in Information Systems Engineering, and specialized training in computer and information systems security/information assurance from the TÜV SÜD Academy. Additionally, our Head of Information Security is certified by the Standards Institution of Israel as a Senior Internal Auditor for ISO 27001. Her areas of expertise include performing risk assessments, developing business continuity plans, drafting information security policies and procedures, conducting internal audits, leading information security training, and evaluating information systems This structured approach ensures that our cybersecurity governance remains robust, proactive, and aligned with industry best practices. At Ondas Networks, risk management is further managed through the use of expert third party companies to assist in managing relevant risks. In particular, the Company outsources its information technology function and monitoring to a third-party provider whereby it benefits from a professionally managed network monitoring, management, maintenance, detection and response system and a 24/7 security operations center with both onsite and remote support services. Any cybersecurity incident would be reported to the Company promptly by our third-party consultant. |
| Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block] | The Board of Directors reviews and discusses with management our policies, practices and risks related to information security and cybersecurity. |
| Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block] | Our Chief Financial Officer has primary responsibility for assessing, monitoring, and managing cybersecurity risks. Leaders of our Ondas Networks and OAS segments, along with the Chief Financial Officer, meet quarterly to assess cybersecurity risks, identify emerging threats, and evaluate our risk management framework. |
| Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block] | The Chief Financial Officer provides quarterly updates to the Board of Directors on any cybersecurity-related risks. Our incident response plan includes notifying the Board of Directors of any material threats or incidents as they arise. |
| Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag] | true |