|
Cybersecurity Risk Management and Strategy Disclosure
|12 Months Ended
Dec. 31, 2024
|Cybersecurity Risk Management, Strategy, and Governance [Line Items]
|Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]
|
Our cybersecurity program, led by our Global Chief Information Officer (“CIO”) and Chief Information Security Officer (“CISO”), is designed to protect and preserve the confidentiality, integrity and availability of all information and systems owned by us or in our care. The Audit and Risk Committee of our Board of Directors oversees cybersecurity, as outlined in its charter and disclosed in our proxy statement.
In addition, cybersecurity is reviewed as part of our enterprise risk management program led by our Director of Enterprise Risk Management, which assesses our significant enterprise risks, provides a summary of those risks and primary mitigations, identifies control improvement projects for our significant risks, and regularly reports on the progress of control improvement projects for those risks to our GEB and the Audit and Risk Committee of our Board of Directors.
Our cybersecurity strategy implements layered controls aligned with the National Institute of Standards and Technology (NIST) cybersecurity framework to minimize both the likelihood and potential impact of cybersecurity events.
Our CISO, who holds advanced qualifications and has extensive experience in cybersecurity, leads a global team of cybersecurity professionals. Our CISO reports to our CIO who is responsible for the Company's technology, data and information management strategy, and brings over two decades of relevant experience to the role.
We engage third-party consultants for assessing, identifying and managing material cybersecurity risks, including those associated with certain third-party providers. We maintain a cyber incident response plan and regularly conduct simulations and tabletop exercises.
In 2023, we established an executive management group responsible for determining the materiality of cybersecurity incidents and necessary disclosures. This group consists of our CISO, Chief Financial Officer, Chief Legal Officer and Chief Accounting Officer.
Like other companies with a large technology footprint and high-profile client base, we are regularly subject to cyberattacks. While certain attacks have been successful, thus far none have had a material impact on our or our clients' operations. In addition, we acknowledge that cybersecurity threats could significantly impact our business strategy, operations, or financial condition. As such, we continue to enhance our infrastructure, monitor for threats, and evaluate our response capabilities as we deploy additional mobile and cloud technologies. Also refer to our discussion of material cybersecurity risks in the "Operational Risk Factors" section of Item 1A, Risk Factors, of this report.
We maintain a cyber risk insurance policy, but costs related to cybersecurity threats or disruptions may not be fully insured. We acknowledge that successful cyberattacks could result in substantial costs, liability, reputational harm, and significant remediation expenses.
|Cybersecurity Risk Management Processes Integrated [Flag]
|true
|Cybersecurity Risk Management Third Party Engaged [Flag]
|true
|Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag]
|false
|Cybersecurity Risk Board of Directors Oversight [Text Block]
|
Our Management and the Board of Directors provide significant oversight of cybersecurity risks. In May 2022, the Board expanded the Audit Committee’s charter to include cybersecurity and information technology readiness. In addition, the Audit Committee was renamed to the “Audit and Risk Committee” to more accurately align with its responsibility to assist the Board in overseeing our policies, program and related risks identified as part of the enterprise risk management framework and cybersecurity and information technology. Further enhancing our cybersecurity governance, in 2024, the Cybersecurity Subcommittee of the Audit and Risk Committee was formally established. This subcommittee generally meets on a quarterly basis and regularly reports to the Audit and Risk Committee, providing an additional layer of specialized oversight on cybersecurity matters.
|Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block]
|
The Audit and Risk Committee, its Cybersecurity Subcommittee, and management’s Cyber Governance Committee receive regular reports on our information security program, including top risks, strategy, controls, incident response plans, metrics, and training protocols. Reports are also shared with the full Board of Directors.
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef