|
Cybersecurity Risk Management and Strategy Disclosure
|12 Months Ended
Dec. 31, 2024
|Cybersecurity Risk Management, Strategy, and Governance [Line Items]
|Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]
|
We have certain processes for assessing, identifying and managing cybersecurity risks, which are built into our overall risk management program/information technology function and are designed to help protect our information assets and operations from internal and external cyber threats, protect employee information from unauthorized access or attack, as well as secure our networks and systems. Such processes include physical, procedural and technical safeguards, response plans, regular tests on our systems, and routine review of our policies and procedures to identify risks and enhance our practices. We engage certain external parties to enhance our cybersecurity oversight. We consider the internal risk oversight programs of third-party service providers before engaging them in order to help protect us from any related vulnerabilities.
We do not believe that there are any risks from known cybersecurity threats, including as a result of any prior cybersecurity incidents, that have materially affected or are reasonably likely to materially affect us or our business strategy, results of operations or financial condition. See “Security breaches and other disruptions could compromise our information and expose us to liability, which could cause our business and reputation to suffer." in “Item 1A. Risk Factors” for additional information.
The Audit Committee of our Board of Directors provides direct oversight over cybersecurity risk and provides updates to the Board of Directors regarding such oversight. The Audit Committee receives quarterly updates from management regarding cybersecurity matters and is notified between such updates regarding significant new cybersecurity threats or incidents.
Our Vice President and Director of Information Technology leads the operational oversight of company-wide cybersecurity strategy, policy, standards and processes and works across relevant departments to assess and help prepare us and our employees to address cybersecurity risks. Prior to his approximately 15 years overseeing and securing our information technology operations, our Vice President and Director of Information Technology held various roles during his approximately 9 years of tenure at USI New England, most recently overseeing and securing their information technology operations as Regional IT Manager. This experience is reinforced with regular cybersecurity training from industry leading organizations such as the SANS Institute and ISC2.
In an effort to protect our resources from cyber threats, we maintain a security program that includes multiple layers designed to prevent, mitigate, detect, defend against, and remediate these threats. These include, but are not limited to, continuous vulnerability assessment and remediation, annual penetration testing conducted by a third party, security and monitoring tools that are monitored by a 24x7 SOC (Security Operations Center) and Incident Response Planning. Additionally, all employees are required to take annual cyber security training that aligns with our risks and current cyber trends such as ransomware, BEC (business email compromise,) phishing, and social engineering.
|Cybersecurity Risk Management Processes Integrated [Flag]
|true
|Cybersecurity Risk Management Processes Integrated [Text Block]
|Such processes include physical, procedural and technical safeguards, response plans, regular tests on our systems, and routine review of our policies and procedures to identify risks and enhance our practices.
|Cybersecurity Risk Management Third Party Engaged [Flag]
|true
|Cybersecurity Risk Third Party Oversight and Identification Processes [Flag]
|true
|Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag]
|false
|Cybersecurity Risk Board of Directors Oversight [Text Block]
|The Audit Committee of our Board of Directors provides direct oversight over cybersecurity risk and provides updates to the Board of Directors regarding such oversight. The Audit Committee receives quarterly updates from management regarding cybersecurity matters and is notified between such updates regarding significant new cybersecurity threats or incidents.
|Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block]
|Audit Committee of our Board of Directors
|Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block]
|The Audit Committee receives quarterly updates from management regarding cybersecurity matters and is notified between such updates regarding significant new cybersecurity threats or incidents.
|Cybersecurity Risk Role of Management [Text Block]
|Our Vice President and Director of Information Technology leads the operational oversight of company-wide cybersecurity strategy, policy, standards and processes and works across relevant departments to assess and help prepare us and our employees to address cybersecurity risks. Prior to his approximately 15 years overseeing and securing our information technology operations, our Vice President and Director of Information Technology held various roles during his approximately 9 years of tenure at USI New England, most recently overseeing and securing their information technology operations as Regional IT Manager. This experience is reinforced with regular cybersecurity training from industry leading organizations such as the SANS Institute and ISC2.
|Cybersecurity Risk Management Positions or Committees Responsible [Flag]
|true
|Cybersecurity Risk Management Positions or Committees Responsible [Text Block]
|Vice President and Director of Information Technology
|Cybersecurity Risk Management Expertise of Management Responsible [Text Block]
|Prior to his approximately 15 years overseeing and securing our information technology operations, our Vice President and Director of Information Technology held various roles during his approximately 9 years of tenure at USI New England, most recently overseeing and securing their information technology operations as Regional IT Manager. This experience is reinforced with regular cybersecurity training from industry leading organizations such as the SANS Institute and ISC2.
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef