Cybersecurity Risk Management and Strategy Disclosure |
12 Months Ended |
|---|---|
Nov. 28, 2025 | |
| Cybersecurity Risk Management, Strategy, and Governance [Line Items] | |
| Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block] | Adobe has certain security processes, infrastructure, systems, policies and practices for assessing, identifying and managing risks from cybersecurity threats. We maintain an information security risk management framework for managing cybersecurity risks, priorities and projects for our products, services, infrastructure and corporate resources. As part of our framework, a cybersecurity risk steering committee meets regularly to review newly identified risks and progress on remediating existing risks. We conduct regular security reviews, simulations and testing, including internal and external penetration testing, vulnerability assessments and regular scans on our hosts and network devices. We review available threat intelligence, including information from industry groups and our security vendor. We consult with third parties, including cybersecurity consultants, as part of our cybersecurity threat and risk management strategy. Depending on the environment, our risk mitigation strategies include a variety of technical, physical and operational measures designed to manage and mitigate material risks from cybersecurity threats to our systems and data. We require employees annually to complete a general security awareness training, and additional engineering and security specific training may also be required for certain positions. Further, we maintain a vendor security review program, which is designed to provide an assessment of the security practices of those third-party vendors that process Adobe non-public data or connect to our networks. We maintain an information security incident response plan designed to monitor, analyze, address, escalate and report cybersecurity incidents, and escalate certain cybersecurity incidents to members of management depending on the circumstances. For a description of the risks from cybersecurity threats that may materially affect us, see the risks described in the section titled “Risk Factors” contained in Part I, Item IA of this report, including under the headings “Security incidents, improper access to or disclosure of our customers’ data or other cybersecurity incidents may harm our reputation and materially and adversely affect our business.”
|
| Cybersecurity Risk Management Processes Integrated [Flag] | true |
| Cybersecurity Risk Management Processes Integrated [Text Block] | Adobe has certain security processes, infrastructure, systems, policies and practices for assessing, identifying and managing risks from cybersecurity threats. We maintain an information security risk management framework for managing cybersecurity risks, priorities and projects for our products, services, infrastructure and corporate resources. As part of our framework, a cybersecurity risk steering committee meets regularly to review newly identified risks and progress on remediating existing risks.
|
| Cybersecurity Risk Management Third Party Engaged [Flag] | true |
| Cybersecurity Risk Third Party Oversight and Identification Processes [Flag] | true |
| Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag] | false |
| Cybersecurity Risk Board of Directors Oversight [Text Block] | Our Board of Directors (the “Board”) addresses cybersecurity risks as part of its general oversight function. Our Audit Committee of the Board (the “Audit Committee”) oversees enterprise risks, including cybersecurity risks, and the adequacy and effectiveness of our information security, technology and policies and our internal controls regarding these areas. The Audit Committee receives regular cybersecurity updates from our Chief Security Officer (“CSO”), in conjunction with senior cyber legal and other professionals, and reports those updates to the Board. The updates address topics such as cybersecurity risks and the prevention, detection, mitigation and remediation of cybersecurity incidents. We have a Cyber Disclosure Committee, comprised of our CSO, cyber legal professionals and other cross-functional leaders, that meets regularly to assess and make determinations regarding certain cybersecurity incidents, and have an escalation process to inform management and the Audit Committee when appropriate. Additionally, our CSO identifies certain cybersecurity risks that are reviewed as part of the enterprise risk management framework and periodically presented to the Board and the Audit Committee.
|
| Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block] | Our Audit Committee of the Board (the “Audit Committee”) oversees enterprise risks, including cybersecurity risks, |
| Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block] | The Audit Committee receives regular cybersecurity updates from our Chief Security Officer (“CSO”), in conjunction with senior cyber legal and other professionals, and reports those updates to the Board. The updates address topics such as cybersecurity risks and the prevention, detection, mitigation and remediation of cybersecurity incidents. We have a Cyber Disclosure Committee, comprised of our CSO, cyber legal professionals and other cross-functional leaders, that meets regularly to assess and make determinations regarding certain cybersecurity incidents, and have an escalation process to inform management and the Audit Committee when appropriate. Additionally, our CSO identifies certain cybersecurity risks that are reviewed as part of the enterprise risk management framework and periodically presented to the Board and the Audit Committee. |
| Cybersecurity Risk Role of Management [Text Block] | Our cybersecurity risk assessment and management processes are implemented and maintained by management, including our CSO and our cyber legal professionals, whom each has extensive cybersecurity experience in their respective areas of responsibility and expertise. Our CSO, who reports to the Chief Financial Officer, has primary responsibility for the strategy, engineering and operations of cybersecurity across Adobe in partnership with our executive-level product leaders and our cyber legal professionals, who report to the Chief Legal Officer, and have primary responsibility for the legal aspects of cybersecurity across Adobe. Our CSO is supported by a team of cybersecurity, information security, information technology, operations and legal executives and professionals.
|
| Cybersecurity Risk Management Positions or Committees Responsible [Flag] | true |
| Cybersecurity Risk Management Positions or Committees Responsible [Text Block] | Our cybersecurity risk assessment and management processes are implemented and maintained by management, including our CSO and our cyber legal professionals, |
| Cybersecurity Risk Management Expertise of Management Responsible [Text Block] | Our cybersecurity risk assessment and management processes are implemented and maintained by management, including our CSO and our cyber legal professionals, whom each has extensive cybersecurity experience in their respective areas of responsibility and expertise. |
| Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block] | Our CSO, who reports to the Chief Financial Officer, has primary responsibility for the strategy, engineering and operations of cybersecurity across Adobe in partnership with our executive-level product leaders and our cyber legal professionals, who report to the Chief Legal Officer, and have primary responsibility for the legal aspects of cybersecurity across Adobe. Our CSO is supported by a team of cybersecurity, information security, information technology, operations and legal executives and professionals. |
| Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag] | true |