Annual report [Section 13 and 15(d), not S-K Item 405]

Cybersecurity Risk Management and Strategy Disclosure

v3.25.0.1
Cybersecurity Risk Management and Strategy Disclosure
12 Months Ended
Dec. 31, 2024
Cybersecurity Risk Management, Strategy, and Governance [Line Items]  
Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]

Cybersecurity Risk Management and Strategy

We have a cybersecurity risk management program designed to protect the confidentiality, integrity, and availability of our critical systems and information. Our cybersecurity risk management program is integrated into and serves as an important component of our overall enterprise risk management program, and utilizes cross-functional teams to proactively assess risk and ensure that security controls are built-in prior to deployment.

Our cyber risk management program is informed by recognized standards for cybersecurity and information technology, including the National Institute of Standards and Technology Cybersecurity Framework (“CSF”), the International Organization Standardization (“ISO”) 27001:2013 Information Security Management System Requirements and the AICPA Trust Services Criteria, which are independently validated and attested via our SOC 2 Type II report.

Our cybersecurity risk management program includes:

risk assessments designed to assess, identify and manage material cybersecurity risks to our critical systems, information, solutions, and our broader IT environment;
an incident response plan;
vulnerability management, penetration testing, tabletop exercises and ongoing threat intelligence;
the use of third-parties, where appropriate, to engage in penetration testing, conduct audits of our systems and engage in monitoring;
enterprise-wide cybersecurity awareness training; and
a third-party risk management process for vendors.
Cybersecurity Risk Management Processes Integrated [Flag] true
Cybersecurity Risk Management Processes Integrated [Text Block]

We have a cybersecurity risk management program designed to protect the confidentiality, integrity, and availability of our critical systems and information. Our cybersecurity risk management program is integrated into and serves as an important component of our overall enterprise risk management program, and utilizes cross-functional teams to proactively assess risk and ensure that security controls are built-in prior to deployment.

Cybersecurity Risk Management Third Party Engaged [Flag] true
Cybersecurity Risk Third Party Oversight and Identification Processes [Flag] true
Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag] false
Cybersecurity Risk Board of Directors Oversight [Text Block]

Cybersecurity Governance

Cybersecurity is an important part of our risk management processes and an area of focus for the Board of Directors of DoubleVerify (the “Board”) and management. Our Board as a whole has responsibility for overseeing our risk management program. The Board exercises this oversight responsibility directly and through its committees. The Board has primary responsibility for evaluating strategic and operational risk management, including cybersecurity risk management, and has delegated to the Audit Committee of the Board (the “Audit Committee”) oversight of the adequacy and effectiveness of the Company’s information and technology security policies as well as the internal controls regarding information and technology security, cybersecurity and privacy related areas. The Audit Committee also oversees management’s implementation of our cybersecurity risk management program.

The Audit Committee receives reports from management at least quarterly on a broad range of relevant topics, which include cybersecurity risks attendant to our business, recent developments in the cybersecurity landscape and practice, third-party and independent reviews, benchmarking and resource allocation, among other topics. In addition, management updates the Audit Committee regarding material or potentially material cybersecurity incidents. The Audit Committee provides reports to the full Board regarding these and other matters at least quarterly. The full Board also receives periodic briefings from management on our information security organization and risk management programs.

The Company’s Chief Information Security Officer reports to our Chief Information Officer and leads the Company’s cybersecurity team. This team is principally responsible for managing the Company’s cybersecurity risk management program, in cross-functional partnership with business leaders across the Company, reporting cybersecurity risks and incidents, among other things, to the Audit Committee, and supervising both our internal cybersecurity personnel and our retained external cybersecurity consultants. Collectively, our cybersecurity team has decades of experience managing cybersecurity risk worldwide and members hold accreditations such as the Certified Information Systems Security Professional, Certified Ethical Hacker and Certified Information Security Manager certifications.

Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block] Audit Committee
Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block] The Board has primary responsibility for evaluating strategic and operational risk management, including cybersecurity risk management, and has delegated to the Audit Committee of the Board (the “Audit Committee”) oversight of the adequacy and effectiveness of the Company’s information and technology security policies as well as the internal controls regarding information and technology security, cybersecurity and privacy related areas. The Audit Committee also oversees management’s implementation of our cybersecurity risk management program.
Cybersecurity Risk Role of Management [Text Block]

The Company’s Chief Information Security Officer reports to our Chief Information Officer and leads the Company’s cybersecurity team. This team is principally responsible for managing the Company’s cybersecurity risk management program, in cross-functional partnership with business leaders across the Company, reporting cybersecurity risks and incidents, among other things, to the Audit Committee, and supervising both our internal cybersecurity personnel and our retained external cybersecurity consultants. Collectively, our cybersecurity team has decades of experience managing cybersecurity risk worldwide and members hold accreditations such as the Certified Information Systems Security Professional, Certified Ethical Hacker and Certified Information Security Manager certifications.

Cybersecurity Risk Management Positions or Committees Responsible [Flag] true
Cybersecurity Risk Management Positions or Committees Responsible [Text Block] The Company’s Chief Information Security Officer reports to our Chief Information Officer and leads the Company’s cybersecurity team. This team is principally responsible for managing the Company’s cybersecurity risk management program, in cross-functional partnership with business leaders across the Company, reporting cybersecurity risks and incidents, among other things, to the Audit Committee, and supervising both our internal cybersecurity personnel and our retained external cybersecurity consultants.
Cybersecurity Risk Management Expertise of Management Responsible [Text Block] our cybersecurity team has decades of experience managing cybersecurity risk worldwide and members hold accreditations such as the Certified Information Systems Security Professional, Certified Ethical Hacker and Certified Information Security Manager certifications.
Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block]

The Audit Committee receives reports from management at least quarterly on a broad range of relevant topics, which include cybersecurity risks attendant to our business, recent developments in the cybersecurity landscape and practice, third-party and independent reviews, benchmarking and resource allocation, among other topics. In addition, management updates the Audit Committee regarding material or potentially material cybersecurity incidents. The Audit Committee provides reports to the full Board regarding these and other matters at least quarterly. The full Board also receives periodic briefings from management on our information security organization and risk management programs.

Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag] true