Cybersecurity Risk Management and Strategy Disclosure	12 Months Ended
Dec. 31, 2024
Cybersecurity Risk Management, Strategy, and Governance [Line Items]
Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]	Processes for assessing, identifying, and managing material risks from cybersecurity threats We have implemented policies, procedures and controls to safeguard our operations from cybersecurity threats. We have defined the responsibilities for employees and third-party providers, and we have put in place procedures to detect, prevent and mitigate any exposure of our information, people, processes, technology and physical infrastructure to cyberattacks. These policies focus on both internal and external potential attacks on our information and the other essential components of our operations. We also have a process to identify, evaluate and manage the material risks of cybersecurity threats, which we consider as part of our overall risk management cycle. When a cybersecurity incident is detected, it is quickly escalated so that we can make the necessary tactical and strategic decisions. We continuously strengthen our Information Security Management System (‘ISMS’) to prevent, detect, and mitigate cybersecurity threats. The ISMS is a comprehensive set of policies, standards, controls, baselines, manuals, methodologies and governance frameworks. It incorporates ISO 27001, the U.S. National Institute of Standards and Technology’s Cybersecurity Framework 2.0, and Control Objectives for Information and Related Technologies (‘COBIT’). We also incorporate a maturity model based on Capability Maturity Model Integration (‘CMMI’), Information Technology Infrastructure Library (‘ITIL’), and ISO 15504 criteria, which we review and update annually. This information is readily accessible to employees via our intranet. Additionally, we leverage other specialized technical frameworks, including the Center for Internet Security (‘CIS’) for infrastructure security and the Open Web Application Security Project (‘OWASP’) for secure development, Application Programming Interface (‘API’) security, and related areas. As part of our risk management strategy, we have engaged consultants and audit firms with industry-recognized expertise in cybersecurity since 2018 to periodically assess our cybersecurity procedures, controls and maturity level. In 2024, the results revealed significant progress in cybersecurity maturity. Key strengths included a robust culture and awareness of cybersecurity management, the expertise of our people, the integration of cybersecurity principles into the design and maintenance of solutions, as well as advances in innovation and technological capabilities. In response to the growing sophistication of cyberattackers worldwide and the adoption of new detection and response technologies, we relaunched our Security Operations Center (‘SOC’) as the Intelligence and Cyber Defense Center (‘CDC’). The new capabilities include innovative threat detection and intelligence, including an AI module, which has improved detection and has made us more proactive and effective in response to emerging threats. We implemented several modernization initiatives, including the transition to a zero-trust strategy for remote access, enhanced malware protection, a strengthened cybersecurity posture, and reinforcement of the development lifecycle for services offered to customers. We also continued our efforts to identify and assess cybersecurity threats associated with our use of third party service providers by: (i) identifying and classifying the information that we share with our most critical third party service providers, (ii) conducting a security evaluation of third party service providers, (iii) obtaining security scorecards for their public websites, certifications that validate their management practices, and (iv) requesting reports from external auditors on the operational effectiveness of key providers' controls. In 2024, we increased the number of third party service providers that we evaluated for cybersecurity risk, especially in Banistmo, Banco Agrícola and Nequi, compared with 2023. In 2024, we carried out a series of comprehensive awareness and training initiatives for all employees and a significant number of third-party service providers. These efforts included 10 cybersecurity exercises addressing topics such as phishing, ransomware, and business email attacks, achieving 100% employee participation. Additionally, all employees completed mandatory annual virtual courses on cybersecurity and information security. The virtual training platform, Cybersecurity Campus, remains accessible on our intranet, providing continuous learning and certification opportunities for all employees. We organized a cybersecurity marathon featuring interactive activities, demonstrations and conferences, engaging a large number of employees. Additionally, we developed a 20-hour theoretical and practical course on secure development, tailored for employees in roles such as developers, technical leaders, cybersecurity architects, and personnel from risk and audit departments. By the end of 2024, more than 1,200 employees had successfully completed the program. We conducted awareness sessions on cybersecurity and fraud prevention, specifically for senior leaders, including participation from corporate-level vice presidents. Additionally, we engaged our clients through financial education and fraud prevention initiatives, leveraging social media campaigns, conferences and direct messaging across all segments. To further support our personal segment clients, we launched a podcast that is available on Spotify. In 2025, we aim to enhance resilience against emerging cybersecurity threats by designing and simulating new scenarios to evaluate and improve the prevention and detection of threats and our response and recovery. We will continue to address the improvement opportunities identified in our last assessment, advancing initiatives to strengthen the security of internet-exposed services, protect information, and simplify and converge our cybersecurity solutions. In terms of automation, our focus will be on the initial operational stages of the CDC and the evaluation of third- and fourth-party providers, along with the integration of artificial intelligence into existing security controls. The goal is to enhance the effectiveness of these processes in operations. Additionally, through the Identity, Governance and Administration (‘IGA’) project, we are automating access provisioning (including registrations, cancellations, and changes), with plans to expand coverage further by 2025. We will continue to define and implement work plans with our subsidiaries to implement best cybersecurity practices and enhance cybersecurity maturity levels across companies such as Wenia, Wompi, Renting, and Bancolombia Capital. This will consist through knowledge transfer, consulting, tool selection, and the provision of corporate services, tailored to the level of integration of each company. To date, no material cybersecurity incident has occurred. However, we acknowledge the dynamic and ever-evolving nature of the global cyber risk landscape faced by industries and businesses. Depending on their origin and severity, future cybersecurity incidents could potentially have a material impact on our business strategy, operational performance or financial condition.
Cybersecurity Risk Management Processes Integrated [Flag]	true
Cybersecurity Risk Management Processes Integrated [Text Block]	We have implemented policies, procedures and controls to safeguard our operations from cybersecurity threats. We have defined the responsibilities for employees and third-party providers, and we have put in place procedures to detect, prevent and mitigate any exposure of our information, people, processes, technology and physical infrastructure to cyberattacks. These policies focus on both internal and external potential attacks on our information and the other essential components of our operations. We also have a process to identify, evaluate and manage the material risks of cybersecurity threats, which we consider as part of our overall risk management cycle. When a cybersecurity incident is detected, it is quickly escalated so that we can make the necessary tactical and strategic decisions.
Cybersecurity Risk Management Third Party Engaged [Flag]	true
Cybersecurity Risk Third Party Oversight and Identification Processes [Flag]	true
Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag]	false
Cybersecurity Risk Board of Directors Oversight [Text Block]	Board of Directors’ oversight of risks of cybersecurity threats Bancolombia's Board of Directors, directly or through its committees, establishes and oversees our cybersecurity risk management strategy. The Board of Directors receives semiannual reports from the Chief Information Security Officer (‘CISO’) regarding the cybersecurity environment, including the outcomes of the cybersecurity risk management process. These reports include evaluations of the confidentiality, integrity and availability of information, the identification of cybersecurity threats, assessments of the effectiveness of cybersecurity programs, the evolution of the maturity model, cybersecurity practices with third parties, awareness initiatives, improvement proposals, and a summary of incidents that have impacted us. Additionally, the Board of Directors has engaged an external technology and cybersecurity advisor, with more than 30 years of experience and extensive expertise in the payment industry, to advise on such matters. The advisor attends the Board and relevant committee meetings when invited, offering independent advice and recommendations. The Board has three committees that are involved in overseeing cybersecurity risk: –The Technology and Cybersecurity Committee is comprised of at least three Board members, of which at least one must be an expert on cybersecurity matters. The Committee’s primary role is to assist the Board in the strategic oversight of technology and cybersecurity matters. It evaluates technological trends that may impact Bancolombia's strategic objectives and approves related adoption and management strategies. Key areas of focus include software development, technological architecture, service availability, IT continuity, and investment performance. The Committee also monitors significant cybersecurity and technology events, providing recommendations to the Board on measures to prevent and address channel unavailability. Additionally, it reports to the Board on the effectiveness of cybersecurity risk management, incidents of cybersecurity breaches, and the mitigation measures implemented. –The Audit Committee is comprised of three independent Board members. This committee reviews and recommends to the Board of Directors, as per Colombian regulations, the approval of the information security and cybersecurity policy and the strategic technology plan, and their respective modifications. –The Risk Committee is comprised of three independent Board members. This committee assists the Board with the oversight of the risk management strategy, which includes cyber risks. Management’s role and expertise in assessing and managing cybersecurity risks Our management is responsible for identifying, considering and assessing cybersecurity risks on an ongoing basis, establishing processes to monitor potential cybersecurity exposures, implementing appropriate mitigation measures, and maintaining robust cybersecurity programs. The CISO, who reports to the Vice President of Customer and Employee Services, and dedicated personnel on his team are certified and experienced information systems security professionals and information security managers. Bancolombia’s CEO and senior management receive monthly reports on cybersecurity achievements, including metrics on monthly expected loss compliance, fraud management and the availability of components, as well as new initiatives, controls, integration and alerts. Bancolombia has two management committees involved in managing cybersecurity risks: The Corporate Cybersecurity Committee is responsible for approving and promoting cybersecurity and information security policies, strategies, and projects. It oversees compliance with the strategic plan, prioritizes initiatives and budget allocation, monitors significant changes in cybersecurity risks, and fosters a culture of information security within Bancolombia. The committee meets quarterly and includes Bancolombia's Vice Presidents of Customer and Employee Services, Human Resources, and Risk, as well as the Vice Presidents of Services for Bancolombia, Banistmo, Banco Agrícola, Banco Agromercantil and Nequi. Meetings are led by the CISO, who participates as a permanent invitee. While the committee’s responsibilities align with those of the Cybersecurity and Information Security Committee, its decisions have a regional scope, impacting other companies within Bancolombia and tailoring specific initiatives to each bank. The Cybersecurity and Information Security Committee approves and promotes policies, standards, strategies and crucial projects, in addition to making decisions on associated controls. It periodically evaluates strategic and tactical compliance plans, reviewing, approving and prioritizing initiatives or decisions. The Committee meets monthly, and its members are Bancolombia’s Vice-President of Corporate Services, Vice-President of Customer and Employee Services, Vice-President of Risk and Vice-President of Human Resources, Technology Services and Product Environment. The CISO, who has over 26 years of experience in Technology and Cybersecurity, is a permanent invitee of the Committee.
Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block]	The Board has three committees that are involved in overseeing cybersecurity risk: –The Technology and Cybersecurity Committee is comprised of at least three Board members, of which at least one must be an expert on cybersecurity matters. The Committee’s primary role is to assist the Board in the strategic oversight of technology and cybersecurity matters. It evaluates technological trends that may impact Bancolombia's strategic objectives and approves related adoption and management strategies. Key areas of focus include software development, technological architecture, service availability, IT continuity, and investment performance. The Committee also monitors significant cybersecurity and technology events, providing recommendations to the Board on measures to prevent and address channel unavailability. Additionally, it reports to the Board on the effectiveness of cybersecurity risk management, incidents of cybersecurity breaches, and the mitigation measures implemented. –The Audit Committee is comprised of three independent Board members. This committee reviews and recommends to the Board of Directors, as per Colombian regulations, the approval of the information security and cybersecurity policy and the strategic technology plan, and their respective modifications. –The Risk Committee is comprised of three independent Board members. This committee assists the Board with the oversight of the risk management strategy, which includes cyber risks.
Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block]	The Board of Directors receives semiannual reports from the Chief Information Security Officer (‘CISO’) regarding the cybersecurity environment, including the outcomes of the cybersecurity risk management process. These reports include evaluations of the confidentiality, integrity and availability of information, the identification of cybersecurity threats, assessments of the effectiveness of cybersecurity programs, the evolution of the maturity model, cybersecurity practices with third parties, awareness initiatives, improvement proposals, and a summary of incidents that have impacted us.
Cybersecurity Risk Role of Management [Text Block]	Our management is responsible for identifying, considering and assessing cybersecurity risks on an ongoing basis, establishing processes to monitor potential cybersecurity exposures, implementing appropriate mitigation measures, and maintaining robust cybersecurity programs.
Cybersecurity Risk Management Positions or Committees Responsible [Flag]	true
Cybersecurity Risk Management Positions or Committees Responsible [Text Block]	Bancolombia has two management committees involved in managing cybersecurity risks: The Corporate Cybersecurity Committee is responsible for approving and promoting cybersecurity and information security policies, strategies, and projects. It oversees compliance with the strategic plan, prioritizes initiatives and budget allocation, monitors significant changes in cybersecurity risks, and fosters a culture of information security within Bancolombia. The committee meets quarterly and includes Bancolombia's Vice Presidents of Customer and Employee Services, Human Resources, and Risk, as well as the Vice Presidents of Services for Bancolombia, Banistmo, Banco Agrícola, Banco Agromercantil and Nequi. Meetings are led by the CISO, who participates as a permanent invitee. While the committee’s responsibilities align with those of the Cybersecurity and Information Security Committee, its decisions have a regional scope, impacting other companies within Bancolombia and tailoring specific initiatives to each bank. The Cybersecurity and Information Security Committee approves and promotes policies, standards, strategies and crucial projects, in addition to making decisions on associated controls. It periodically evaluates strategic and tactical compliance plans, reviewing, approving and prioritizing initiatives or decisions. The Committee meets monthly, and its members are Bancolombia’s Vice-President of Corporate Services, Vice-President of Customer and Employee Services, Vice-President of Risk and Vice-President of Human Resources, Technology Services and Product Environment. The CISO, who has over 26 years of experience in Technology and Cybersecurity, is a permanent invitee of the Committee.
Cybersecurity Risk Management Expertise of Management Responsible [Text Block]	The Cybersecurity and Information Security Committee approves and promotes policies, standards, strategies and crucial projects, in addition to making decisions on associated controls. It periodically evaluates strategic and tactical compliance plans, reviewing, approving and prioritizing initiatives or decisions. The Committee meets monthly, and its members are Bancolombia’s Vice-President of Corporate Services, Vice-President of Customer and Employee Services, Vice-President of Risk and Vice-President of Human Resources, Technology Services and Product Environment. The CISO, who has over 26 years of experience in Technology and Cybersecurity, is a permanent invitee of the Committee.
Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block]	Bancolombia’s CEO and senior management receive monthly reports on cybersecurity achievements, including metrics on monthly expected loss compliance, fraud management and the availability of components, as well as new initiatives, controls, integration and alerts.
Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag]	true

Cybersecurity Risk Management and Strategy Disclosure

12 Months Ended

Dec. 31, 2024

Cybersecurity Risk Management, Strategy, and Governance [Line Items]

Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]

Processes for assessing, identifying, and managing material risks from cybersecurity threats

We have implemented policies, procedures and controls to safeguard our operations from cybersecurity threats. We have defined the responsibilities for employees and third-party providers, and we have put in place procedures to detect, prevent and mitigate any exposure of our information, people, processes, technology and physical infrastructure to cyberattacks. These policies focus on both internal and external potential attacks on our information and the other essential components of our operations.

We also have a process to identify, evaluate and manage the material risks of cybersecurity threats, which we consider as part of our overall risk management cycle. When a cybersecurity incident is detected, it is quickly escalated so that we can make the necessary tactical and strategic decisions.

We continuously strengthen our Information Security Management System (‘ISMS’) to prevent, detect, and mitigate cybersecurity threats. The ISMS is a comprehensive set of policies, standards, controls, baselines, manuals, methodologies and governance frameworks. It incorporates ISO 27001, the U.S. National Institute of Standards and Technology’s Cybersecurity Framework 2.0, and Control Objectives for Information and Related Technologies (‘COBIT’). We also incorporate a maturity model based on Capability Maturity Model Integration (‘CMMI’), Information Technology Infrastructure Library (‘ITIL’), and ISO 15504 criteria, which we review and update annually. This information is readily accessible to employees via our intranet.

Additionally, we leverage other specialized technical frameworks, including the Center for Internet Security (‘CIS’) for infrastructure security and the Open Web Application Security Project (‘OWASP’) for secure development, Application Programming Interface (‘API’) security, and related areas.

As part of our risk management strategy, we have engaged consultants and audit firms with industry-recognized expertise in cybersecurity since 2018 to periodically assess our cybersecurity procedures, controls and maturity level. In 2024, the results revealed significant progress in cybersecurity maturity. Key strengths included a robust culture and awareness of cybersecurity management, the expertise of our people, the integration of cybersecurity principles into the design and maintenance of solutions, as well as advances in innovation and technological capabilities.

In response to the growing sophistication of cyberattackers worldwide and the adoption of new detection and response technologies, we relaunched our Security Operations Center (‘SOC’) as the Intelligence and Cyber Defense Center (‘CDC’). The new capabilities include innovative threat detection and intelligence, including an AI module, which has improved detection and has made us more proactive and effective in response to emerging threats.

We implemented several modernization initiatives, including the transition to a zero-trust strategy for remote access, enhanced malware protection, a strengthened cybersecurity posture, and reinforcement of the development lifecycle for services offered to customers.

We also continued our efforts to identify and assess cybersecurity threats associated with our use of third party service providers by: (i) identifying and classifying the information that we share with our most critical third party service providers, (ii) conducting a security evaluation of third party service providers, (iii) obtaining security scorecards for their public websites, certifications that validate their management practices, and (iv) requesting reports from external auditors on the operational effectiveness of key providers' controls. In 2024, we increased the number of third party service providers that we evaluated for cybersecurity risk, especially in Banistmo, Banco Agrícola and Nequi, compared with 2023.

In 2024, we carried out a series of comprehensive awareness and training initiatives for all employees and a significant number of third-party service providers. These efforts included 10 cybersecurity exercises addressing topics such as phishing, ransomware, and business email attacks, achieving 100% employee participation. Additionally, all employees completed mandatory annual virtual courses on cybersecurity and information security. The virtual training platform, Cybersecurity Campus, remains accessible on our intranet, providing continuous learning and certification opportunities for all employees. We organized a cybersecurity marathon featuring interactive activities, demonstrations and conferences, engaging a large number of employees. Additionally, we developed a 20-hour theoretical and practical course on secure development, tailored for employees in roles such as developers, technical leaders, cybersecurity architects, and personnel from risk and audit departments. By the end of 2024, more than 1,200 employees had successfully completed the program.

We conducted awareness sessions on cybersecurity and fraud prevention, specifically for senior leaders, including participation from corporate-level vice presidents. Additionally, we engaged our clients through financial education and fraud prevention initiatives, leveraging social media campaigns, conferences and direct messaging across all segments. To further support our personal segment clients, we launched a podcast that is available on Spotify.

In 2025, we aim to enhance resilience against emerging cybersecurity threats by designing and simulating new scenarios to evaluate and improve the prevention and detection of threats and our response and recovery.

We will continue to address the improvement opportunities identified in our last assessment, advancing initiatives to strengthen the security of internet-exposed services, protect information, and simplify and converge our cybersecurity solutions.

In terms of automation, our focus will be on the initial operational stages of the CDC and the evaluation of third- and fourth-party providers, along with the integration of artificial intelligence into existing security controls. The goal is to enhance the effectiveness of these processes in operations. Additionally, through the Identity, Governance and Administration (‘IGA’) project, we are automating access provisioning (including registrations, cancellations, and changes), with plans to expand coverage further by 2025.

We will continue to define and implement work plans with our subsidiaries to implement best cybersecurity practices and enhance cybersecurity maturity levels across companies such as Wenia, Wompi, Renting, and Bancolombia Capital. This will consist through knowledge transfer, consulting, tool selection, and the provision of corporate services, tailored to the level of integration of each company.

To date, no material cybersecurity incident has occurred. However, we acknowledge the dynamic and ever-evolving nature of the global cyber risk landscape faced by industries and businesses. Depending on their origin and severity, future cybersecurity incidents could potentially have a material impact on our business strategy, operational performance or financial condition.

Cybersecurity Risk Management Processes Integrated [Flag]

true

Cybersecurity Risk Management Processes Integrated [Text Block]

Cybersecurity Risk Management Third Party Engaged [Flag]

true

Cybersecurity Risk Third Party Oversight and Identification Processes [Flag]

true

Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag]

false

Cybersecurity Risk Board of Directors Oversight [Text Block]

Board of Directors’ oversight of risks of cybersecurity threats

Bancolombia's Board of Directors, directly or through its committees, establishes and oversees our cybersecurity risk management strategy.

The Board of Directors receives semiannual reports from the Chief Information Security Officer (‘CISO’) regarding the cybersecurity environment, including the outcomes of the cybersecurity risk management process. These reports include evaluations of the confidentiality, integrity and availability of information, the identification of cybersecurity threats, assessments of the effectiveness of cybersecurity programs, the evolution of the maturity model, cybersecurity practices with third parties, awareness initiatives, improvement proposals, and a summary of incidents that have impacted us.

Additionally, the Board of Directors has engaged an external technology and cybersecurity advisor, with more than 30 years of experience and extensive expertise in the payment industry, to advise on such matters. The advisor attends the Board and relevant committee meetings when invited, offering independent advice and recommendations.

The Board has three committees that are involved in overseeing cybersecurity risk:

–The Technology and Cybersecurity Committee is comprised of at least three Board members, of which at least one must be an expert on cybersecurity matters. The Committee’s primary role is to assist the Board in the strategic oversight of technology and cybersecurity matters. It evaluates technological trends that may impact Bancolombia's strategic objectives and approves related adoption and management strategies. Key areas of focus include software development, technological architecture, service availability, IT continuity, and investment performance. The Committee also monitors significant cybersecurity and technology events, providing recommendations to the Board on measures to prevent and address channel unavailability. Additionally, it reports to the Board on the effectiveness of cybersecurity risk management, incidents of cybersecurity breaches, and the mitigation measures implemented.

–The Audit Committee is comprised of three independent Board members. This committee reviews and recommends to the Board of Directors, as per Colombian regulations, the approval of the information security and cybersecurity policy and the strategic technology plan, and their respective modifications.

–The Risk Committee is comprised of three independent Board members. This committee assists the Board with the oversight of the risk management strategy, which includes cyber risks.

Management’s role and expertise in assessing and managing cybersecurity risks

Our management is responsible for identifying, considering and assessing cybersecurity risks on an ongoing basis, establishing processes to monitor potential cybersecurity exposures, implementing appropriate mitigation measures, and maintaining robust cybersecurity programs.

The CISO, who reports to the Vice President of Customer and Employee Services, and dedicated personnel on his team are certified and experienced information systems security professionals and information security managers.

Bancolombia’s CEO and senior management receive monthly reports on cybersecurity achievements, including metrics on monthly expected loss compliance, fraud management and the availability of components, as well as new initiatives, controls, integration and alerts.

Bancolombia has two management committees involved in managing cybersecurity risks:

The Corporate Cybersecurity Committee is responsible for approving and promoting cybersecurity and information security policies, strategies, and projects. It oversees compliance with the strategic plan, prioritizes initiatives and budget allocation, monitors significant changes in cybersecurity risks, and fosters a culture of information security within Bancolombia. The committee meets quarterly and includes Bancolombia's Vice Presidents of Customer and Employee Services, Human Resources, and Risk, as well as the Vice Presidents of Services for Bancolombia, Banistmo, Banco Agrícola, Banco Agromercantil and Nequi. Meetings are led by the CISO, who participates as a permanent invitee. While the committee’s responsibilities align with those of the Cybersecurity and Information Security Committee, its decisions have a regional scope, impacting other companies within Bancolombia and tailoring specific initiatives to each bank.

The Cybersecurity and Information Security Committee approves and promotes policies, standards, strategies and crucial projects, in addition to making decisions on associated controls. It periodically evaluates strategic and tactical compliance plans, reviewing, approving and prioritizing initiatives or decisions. The Committee meets monthly, and its members are Bancolombia’s Vice-President of Corporate Services, Vice-President of Customer and Employee Services, Vice-President of Risk and Vice-President of Human Resources, Technology Services and Product Environment. The CISO, who has over 26 years of experience in Technology and Cybersecurity, is a permanent invitee of the Committee.

Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block]

The Board has three committees that are involved in overseeing cybersecurity risk:

–The Risk Committee is comprised of three independent Board members. This committee assists the Board with the oversight of the risk management strategy, which includes cyber risks.

Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block]

Cybersecurity Risk Role of Management [Text Block]

Cybersecurity Risk Management Positions or Committees Responsible [Flag]

true

Cybersecurity Risk Management Positions or Committees Responsible [Text Block]

Bancolombia has two management committees involved in managing cybersecurity risks:

Cybersecurity Risk Management Expertise of Management Responsible [Text Block]

Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block]

Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag]

true