Cybersecurity Risk Management and Strategy Disclosure |
12 Months Ended |
|---|---|
Dec. 31, 2025 | |
| Cybersecurity Risk Management, Strategy, and Governance [Line Items] | |
| Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block] |
Our cybersecurity strategy, which is effected through our Cybersecurity Risk Management Model, prioritizes the security and protection of our information technology networks and systems, through the detection, analysis and response to known, anticipated or unexpected threats and effective management of security risks. Our Cybersecurity Risk Management Model provides for four levels of industry-standard response activities to protect the Company against cyber threats. These are:
(1)Policy Framework: Our information security practices include development, implementation, and improvement of policies and procedures to safeguard information and ensure availability of critical data and systems, including our Information Security Policies, which establishes guidelines for the safe and secure use of the Company’s information systems and data, and our Electronic Communication Policy, which outlines the responsibilities of those using the Company’s network and Information Technology (“IT”) equipment. Employees and third-party service providers are required to comply with our Information Security Policies and our Electronic Communication Policy.
(2)Awareness Programs: All employees participate in mandatory annual training and receive periodic communications regarding the cybersecurity environment to increase awareness throughout the Company. We also provide enhanced training for specific IT personnel that require specialized knowledge for their roles and responsibilities.
(3)Security Engineering: We leverage a combination of the International Organization for Standardization (the “ISO”) best practice standards and other global standards, including Control Objectives for Information and Relevant Technology (COBIT), to measure our security posture and manage risk. In
addition, we utilize multifactor authentication and maintain multiple certifications, including ISO 27001 certification, which is globally recognized as one of the highest standards of compliance and control for information security management systems. We also perform critical preventive measures and follow a layered defense, such as phishing simulations, email and system security monitoring, data encryption, continuous patching, and border protection security using both internal resources and independent third-party service providers.
(4)IT Resiliency: Our IT Department and operations teams have formalized disaster recovery processes, business continuity procedures and an incident response plan. These processes and procedures also account for risks associated with third parties that provide IT services, process information on our behalf, or have access to our information systems.
While the IT Department oversees the technical aspects of information security, our Data Privacy Officer (“DPO”) is responsible for leadership, compliance, and oversight of applicable privacy-related laws and policies, which are designed to protect data belonging to our employees and customers. Oversight and funding requests for all significant technology projects and initiatives, including data privacy and cybersecurity, must be reviewed and approved by our IT Steering Committee. This committee consists of five (5) members: the Chief Information Officer, the President and Chief Executive Officer (“CEO”), the Chief Financial Officer, the Chief Operating Officer, Government Services and the Chief Operating Officer, Offshore Energy Services.
The CEO, with the assistance of the other members of the Executive Leadership Team, is responsible for, among other risk management measures, implementing measures designed to ensure the safety standards for personnel, information technology systems and data security, the environment and property in performing the Company’s operations. The Company’s Enterprise Risk Management Committee (“ERM”), sponsored by the CEO, oversees our risk management processes and ensures that sound policies, procedures and practices are in place for the enterprise‐wide management of the Company’s material risks. The ERM reports the results of the Committee’s activities to the Company’s Board at least annually. Information shared with the Board includes risks associated with cybersecurity and any of the topics identified in our materiality assessment. Responsibilities for risk management and compliance are distributed throughout various functional areas of the business, including but not limited to, the Compliance Committee, which supports business integrity and compliance efforts globally, and oversees Bristow’s compliance efforts with respect to the COBI, relevant policies, and applicable laws.
|
| Cybersecurity Risk Management Processes Integrated [Flag] | true |
| Cybersecurity Risk Management Processes Integrated [Text Block] |
Our cybersecurity strategy, which is effected through our Cybersecurity Risk Management Model, prioritizes the security and protection of our information technology networks and systems, through the detection, analysis and response to known, anticipated or unexpected threats and effective management of security risks. Our Cybersecurity Risk Management Model provides for four levels of industry-standard response activities to protect the Company against cyber threats. These are:
(1)Policy Framework: Our information security practices include development, implementation, and improvement of policies and procedures to safeguard information and ensure availability of critical data and systems, including our Information Security Policies, which establishes guidelines for the safe and secure use of the Company’s information systems and data, and our Electronic Communication Policy, which outlines the responsibilities of those using the Company’s network and Information Technology (“IT”) equipment. Employees and third-party service providers are required to comply with our Information Security Policies and our Electronic Communication Policy.
(2)Awareness Programs: All employees participate in mandatory annual training and receive periodic communications regarding the cybersecurity environment to increase awareness throughout the Company. We also provide enhanced training for specific IT personnel that require specialized knowledge for their roles and responsibilities.
(3)Security Engineering: We leverage a combination of the International Organization for Standardization (the “ISO”) best practice standards and other global standards, including Control Objectives for Information and Relevant Technology (COBIT), to measure our security posture and manage risk. In
addition, we utilize multifactor authentication and maintain multiple certifications, including ISO 27001 certification, which is globally recognized as one of the highest standards of compliance and control for information security management systems. We also perform critical preventive measures and follow a layered defense, such as phishing simulations, email and system security monitoring, data encryption, continuous patching, and border protection security using both internal resources and independent third-party service providers.
(4)IT Resiliency: Our IT Department and operations teams have formalized disaster recovery processes, business continuity procedures and an incident response plan. These processes and procedures also account for risks associated with third parties that provide IT services, process information on our behalf, or have access to our information systems.
|
| Cybersecurity Risk Management Third Party Engaged [Flag] | true |
| Cybersecurity Risk Third Party Oversight and Identification Processes [Flag] | true |
| Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag] | false |
| Cybersecurity Risk Board of Directors Oversight [Text Block] |
We have a Cybersecurity Committee that prioritizes our cybersecurity programs and provides oversight around cybersecurity practices and guidance in responding to cyber incidents. Our Cybersecurity Committee consists of six (6) members: the Chief Information Officer, the Chief Financial Officer, the Director of Internal Audit, the Director of IT Infrastructure, Sr. Manager Flight Operations Systems, the Data Privacy Officer and the IT Security and Compliance Manager. Members of our Cybersecurity Committee have work experience managing cybersecurity and information security risks, an understanding of the cybersecurity threat landscape and/or knowledge of emerging privacy risks in our industry. Committee members are also experienced and knowledgeable across various IT disciplines including strategy, governance, infrastructure, applications, data management, audit controls & compliance, risk management, disaster recovery, business continuity, and incident response planning. The Cybersecurity Committee meets quarterly and provides updates to our Executive Leadership Team periodically and to the Audit Committee annually (or more frequently as needed). Under its charter, our Audit Committee, comprised of independent directors from our Board, must conduct annual reviews of any emerging cybersecurity developments and threats and strategies to mitigate cybersecurity risks. The Cybersecurity Committee also delivers periodic updates to the Board on the status of the information security program, including but not limited to, relevant cyber threats, technology roadmaps and key initiative updates, and the identification and management of information security risks. The Board reviews cybersecurity opportunities relating to our business strategy, and cybersecurity-related matters are also factored into business continuity planning.
|
| Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block] |
We have a Cybersecurity Committee that prioritizes our cybersecurity programs and provides oversight around cybersecurity practices and guidance in responding to cyber incidents. Our Cybersecurity Committee consists of six (6) members: the Chief Information Officer, the Chief Financial Officer, the Director of Internal Audit, the Director of IT Infrastructure, Sr. Manager Flight Operations Systems, the Data Privacy Officer and the IT Security and Compliance Manager. Members of our Cybersecurity Committee have work experience managing cybersecurity and information security risks, an understanding of the cybersecurity threat landscape and/or knowledge of emerging privacy risks in our industry. Committee members are also experienced and knowledgeable across various IT disciplines including strategy, governance, infrastructure, applications, data management, audit controls & compliance, risk management, disaster recovery, business continuity, and incident response planning.
|
| Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block] |
While the IT Department oversees the technical aspects of information security, our Data Privacy Officer (“DPO”) is responsible for leadership, compliance, and oversight of applicable privacy-related laws and policies, which are designed to protect data belonging to our employees and customers. Oversight and funding requests for all significant technology projects and initiatives, including data privacy and cybersecurity, must be reviewed and approved by our IT Steering Committee. This committee consists of five (5) members: the Chief Information Officer, the President and Chief Executive Officer (“CEO”), the Chief Financial Officer, the Chief Operating Officer, Government Services and the Chief Operating Officer, Offshore Energy Services.
The CEO, with the assistance of the other members of the Executive Leadership Team, is responsible for, among other risk management measures, implementing measures designed to ensure the safety standards for personnel, information technology systems and data security, the environment and property in performing the Company’s operations. The Company’s Enterprise Risk Management Committee (“ERM”), sponsored by the CEO, oversees our risk management processes and ensures that sound policies, procedures and practices are in place for the enterprise‐wide management of the Company’s material risks. The ERM reports the results of the Committee’s activities to the Company’s Board at least annually. Information shared with the Board includes risks associated with cybersecurity and any of the topics identified in our materiality assessment. Responsibilities for risk management and compliance are distributed throughout various functional areas of the business, including but not limited to, the Compliance Committee, which supports business integrity and compliance efforts globally, and oversees Bristow’s compliance efforts with respect to the COBI, relevant policies, and applicable laws.
|
| Cybersecurity Risk Role of Management [Text Block] |
While the IT Department oversees the technical aspects of information security, our Data Privacy Officer (“DPO”) is responsible for leadership, compliance, and oversight of applicable privacy-related laws and policies, which are designed to protect data belonging to our employees and customers. Oversight and funding requests for all significant technology projects and initiatives, including data privacy and cybersecurity, must be reviewed and approved by our IT Steering Committee. This committee consists of five (5) members: the Chief Information Officer, the President and Chief Executive Officer (“CEO”), the Chief Financial Officer, the Chief Operating Officer, Government Services and the Chief Operating Officer, Offshore Energy Services.
The CEO, with the assistance of the other members of the Executive Leadership Team, is responsible for, among other risk management measures, implementing measures designed to ensure the safety standards for personnel, information technology systems and data security, the environment and property in performing the Company’s operations. The Company’s Enterprise Risk Management Committee (“ERM”), sponsored by the CEO, oversees our risk management processes and ensures that sound policies, procedures and practices are in place for the enterprise‐wide management of the Company’s material risks. The ERM reports the results of the Committee’s activities to the Company’s Board at least annually. Information shared with the Board includes risks associated with cybersecurity and any of the topics identified in our materiality assessment. Responsibilities for risk management and compliance are distributed throughout various functional areas of the business, including but not limited to, the Compliance Committee, which supports business integrity and compliance efforts globally, and oversees Bristow’s compliance efforts with respect to the COBI, relevant policies, and applicable laws.
|
| Cybersecurity Risk Management Positions or Committees Responsible [Flag] | true |
| Cybersecurity Risk Management Positions or Committees Responsible [Text Block] |
While the IT Department oversees the technical aspects of information security, our Data Privacy Officer (“DPO”) is responsible for leadership, compliance, and oversight of applicable privacy-related laws and policies, which are designed to protect data belonging to our employees and customers. Oversight and funding requests for all significant technology projects and initiatives, including data privacy and cybersecurity, must be reviewed and approved by our IT Steering Committee. This committee consists of five (5) members: the Chief Information Officer, the President and Chief Executive Officer (“CEO”), the Chief Financial Officer, the Chief Operating Officer, Government Services and the Chief Operating Officer, Offshore Energy Services.
The CEO, with the assistance of the other members of the Executive Leadership Team, is responsible for, among other risk management measures, implementing measures designed to ensure the safety standards for personnel, information technology systems and data security, the environment and property in performing the Company’s operations. The Company’s Enterprise Risk Management Committee (“ERM”), sponsored by the CEO, oversees our risk management processes and ensures that sound policies, procedures and practices are in place for the enterprise‐wide management of the Company’s material risks. The ERM reports the results of the Committee’s activities to the Company’s Board at least annually. Information shared with the Board includes risks associated with cybersecurity and any of the topics identified in our materiality assessment. Responsibilities for risk management and compliance are distributed throughout various functional areas of the business, including but not limited to, the Compliance Committee, which supports business integrity and compliance efforts globally, and oversees Bristow’s compliance efforts with respect to the COBI, relevant policies, and applicable laws.
|
| Cybersecurity Risk Management Expertise of Management Responsible [Text Block] | Members of our Cybersecurity Committee have work experience managing cybersecurity and information security risks, an understanding of the cybersecurity threat landscape and/or knowledge of emerging privacy risks in our industry. Committee members are also experienced and knowledgeable across various IT disciplines including strategy, governance, infrastructure, applications, data management, audit controls & compliance, risk management, disaster recovery, business continuity, and incident response planning. |
| Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block] | The Cybersecurity Committee meets quarterly and provides updates to our Executive Leadership Team periodically and to the Audit Committee annually (or more frequently as needed). Under its charter, our Audit Committee, comprised of independent directors from our Board, must conduct annual reviews of any emerging cybersecurity developments and threats and strategies to mitigate cybersecurity risks. The Cybersecurity Committee also delivers periodic updates to the Board on the status of the information security program, including but not limited to, relevant cyber threats, technology roadmaps and key initiative updates, and the identification and management of information security risks. The Board reviews cybersecurity opportunities relating to our business strategy, and cybersecurity-related matters are also factored into business continuity planning. |
| Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag] | true |