|
Cybersecurity Risk Management and Strategy Disclosure
|12 Months Ended
Dec. 31, 2024
|Cybersecurity Risk Management, Strategy, and Governance [Line Items]
|Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]
|
PSE maintains a comprehensive business continuity plan that includes the identification, assessment and management of risks arising from various avenues, including cyber. Business continuity includes action plans to respond to and remedy information technology (IT) outages, attacks, and other cyber threats, which are maintained between two specific plans, the IT disaster recovery plan and the cybersecurity incident response plan (CSIRP). The CSIRP specifies guidance for various cyber related risks to ensure business continuity and timely reporting of incidents to various governing bodies, including the SEC. The CSIRP is a perpetually updated plan that is managed by the Chief Information Security Officer (CISO) and Chief Information Officer (CIO). PSE's CIO has served in various roles in IT and IT security for over 15 years, including serving as Chief Operating Officer or Chief Information Officer primarily in the financial services industry. Further, the CIO holds an undergraduate degree in computer science. PSE's CISO has over 15 years of experience managing IT security across different
industries and companies. Additionally, the CISO holds an undergraduate degree and has been a Certified Information Systems Security Professional for over 15 years.
As part of the CSIRP, PSE maintains a standalone team of IT security and risk management professionals in the Cyber Defense Center (CDC). The CDC is responsible for implementing the CSIRP, including the identification and ongoing monitoring and response to all cyber events and risks, including risks associated with the Company’s use of third-party service providers, which impact the Company. To identify, defend, detect and respond to cyber events, PSE performs various on-going activities, such as, proactive privacy and cybersecurity reviews of systems and applications, monitoring threat intelligence information feeds, penetration testing to test security controls, conducting employee trainings, and monitoring emerging laws and regulations related to data protection and information security. Additionally, the Company conducts tabletop exercises to simulate our response to cybersecurity incidents. Depending on the nature of the incident, PSE may engage consultants, assessors, or other third-parties to assist in the assessment, testing, remediation, and/or management of cyber incidents.
Once cyber incidents are identified, a risk assessment is performed by the CDC, in accordance with the CSIRP. The risk assessment includes quantitative and qualitative considerations determined by a committee of individuals, including, among others, the Controller, CISO and Chief Ethics and Compliance Officer, that report to the Chief Financial Officer, CIO, and Senior Vice President General Counsel and Chief Sustainability Officer. Any cyber incidents that exceed thresholds set in the CSIRP are then escalated to the aforementioned committee for a materiality assessment and disclosure considerations.
The Company's Audit Committee oversees management's process for identifying and mitigating cybersecurity risks. Periodically, the CISO presents cyber incidents and risks to the audit committee as part of the board of directors' oversight of risks from cybersecurity threats. The Audit Committee's oversight includes understanding existing and new cybersecurity risks and status on management's response and mitigation plans.As of December 31, 2024, the Company was not aware of (i) any cybersecurity incidents, or (ii) any specific cybersecurity threats, that, in either case, materially affected or are reasonably likely to materially affect the business, strategy, results of operations, or financial condition of the Company. However, we can provide no assurance that there will not be cybersecurity threats or incidents in the future or that they will not materially affect PSE, including our business, strategy, results of operations, or financial condition. For more information regarding risk from cybersecurity threats, see Item 1A, "Risk Factors" included in this report.
|Cybersecurity Risk Management Processes Integrated [Flag]
|true
|Cybersecurity Risk Management Processes Integrated [Text Block]
|PSE maintains a comprehensive business continuity plan that includes the identification, assessment and management of risks arising from various avenues, including cyber.
|Cybersecurity Risk Management Third Party Engaged [Flag]
|true
|Cybersecurity Risk Third Party Oversight and Identification Processes [Flag]
|true
|Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag]
|false
|Cybersecurity Risk Board of Directors Oversight [Text Block]
|
PSE maintains a comprehensive business continuity plan that includes the identification, assessment and management of risks arising from various avenues, including cyber. Business continuity includes action plans to respond to and remedy information technology (IT) outages, attacks, and other cyber threats, which are maintained between two specific plans, the IT disaster recovery plan and the cybersecurity incident response plan (CSIRP). The CSIRP specifies guidance for various cyber related risks to ensure business continuity and timely reporting of incidents to various governing bodies, including the SEC. The CSIRP is a perpetually updated plan that is managed by the Chief Information Security Officer (CISO) and Chief Information Officer (CIO). PSE's CIO has served in various roles in IT and IT security for over 15 years, including serving as Chief Operating Officer or Chief Information Officer primarily in the financial services industry. Further, the CIO holds an undergraduate degree in computer science. PSE's CISO has over 15 years of experience managing IT security across different
industries and companies. Additionally, the CISO holds an undergraduate degree and has been a Certified Information Systems Security Professional for over 15 years.
As part of the CSIRP, PSE maintains a standalone team of IT security and risk management professionals in the Cyber Defense Center (CDC). The CDC is responsible for implementing the CSIRP, including the identification and ongoing monitoring and response to all cyber events and risks, including risks associated with the Company’s use of third-party service providers, which impact the Company. To identify, defend, detect and respond to cyber events, PSE performs various on-going activities, such as, proactive privacy and cybersecurity reviews of systems and applications, monitoring threat intelligence information feeds, penetration testing to test security controls, conducting employee trainings, and monitoring emerging laws and regulations related to data protection and information security. Additionally, the Company conducts tabletop exercises to simulate our response to cybersecurity incidents. Depending on the nature of the incident, PSE may engage consultants, assessors, or other third-parties to assist in the assessment, testing, remediation, and/or management of cyber incidents.
Once cyber incidents are identified, a risk assessment is performed by the CDC, in accordance with the CSIRP. The risk assessment includes quantitative and qualitative considerations determined by a committee of individuals, including, among others, the Controller, CISO and Chief Ethics and Compliance Officer, that report to the Chief Financial Officer, CIO, and Senior Vice President General Counsel and Chief Sustainability Officer. Any cyber incidents that exceed thresholds set in the CSIRP are then escalated to the aforementioned committee for a materiality assessment and disclosure considerations.
The Company's Audit Committee oversees management's process for identifying and mitigating cybersecurity risks. Periodically, the CISO presents cyber incidents and risks to the audit committee as part of the board of directors' oversight of risks from cybersecurity threats. The Audit Committee's oversight includes understanding existing and new cybersecurity risks and status on management's response and mitigation plans.As of December 31, 2024, the Company was not aware of (i) any cybersecurity incidents, or (ii) any specific cybersecurity threats, that, in either case, materially affected or are reasonably likely to materially affect the business, strategy, results of operations, or financial condition of the Company. However, we can provide no assurance that there will not be cybersecurity threats or incidents in the future or that they will not materially affect PSE, including our business, strategy, results of operations, or financial condition. For more information regarding risk from cybersecurity threats, see Item 1A, "Risk Factors" included in this report.
|Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block]
|The Company's Audit Committee oversees management's process for identifying and mitigating cybersecurity risks. Periodically, the CISO presents cyber incidents and risks to the audit committee as part of the board of directors' oversight of risks from cybersecurity threats. The Audit Committee's oversight includes understanding existing and new cybersecurity risks and status on management's response and mitigation plans.
|Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block]
|Once cyber incidents are identified, a risk assessment is performed by the CDC, in accordance with the CSIRP. The risk assessment includes quantitative and qualitative considerations determined by a committee of individuals, including, among others, the Controller, CISO and Chief Ethics and Compliance Officer, that report to the Chief Financial Officer, CIO, and Senior Vice President General Counsel and Chief Sustainability Officer. Any cyber incidents that exceed thresholds set in the CSIRP are then escalated to the aforementioned committee for a materiality assessment and disclosure considerations.
|Cybersecurity Risk Role of Management [Text Block]
|
PSE maintains a comprehensive business continuity plan that includes the identification, assessment and management of risks arising from various avenues, including cyber. Business continuity includes action plans to respond to and remedy information technology (IT) outages, attacks, and other cyber threats, which are maintained between two specific plans, the IT disaster recovery plan and the cybersecurity incident response plan (CSIRP). The CSIRP specifies guidance for various cyber related risks to ensure business continuity and timely reporting of incidents to various governing bodies, including the SEC. The CSIRP is a perpetually updated plan that is managed by the Chief Information Security Officer (CISO) and Chief Information Officer (CIO). PSE's CIO has served in various roles in IT and IT security for over 15 years, including serving as Chief Operating Officer or Chief Information Officer primarily in the financial services industry. Further, the CIO holds an undergraduate degree in computer science. PSE's CISO has over 15 years of experience managing IT security across different
industries and companies. Additionally, the CISO holds an undergraduate degree and has been a Certified Information Systems Security Professional for over 15 years.
As part of the CSIRP, PSE maintains a standalone team of IT security and risk management professionals in the Cyber Defense Center (CDC). The CDC is responsible for implementing the CSIRP, including the identification and ongoing monitoring and response to all cyber events and risks, including risks associated with the Company’s use of third-party service providers, which impact the Company. To identify, defend, detect and respond to cyber events, PSE performs various on-going activities, such as, proactive privacy and cybersecurity reviews of systems and applications, monitoring threat intelligence information feeds, penetration testing to test security controls, conducting employee trainings, and monitoring emerging laws and regulations related to data protection and information security. Additionally, the Company conducts tabletop exercises to simulate our response to cybersecurity incidents. Depending on the nature of the incident, PSE may engage consultants, assessors, or other third-parties to assist in the assessment, testing, remediation, and/or management of cyber incidents.
Once cyber incidents are identified, a risk assessment is performed by the CDC, in accordance with the CSIRP. The risk assessment includes quantitative and qualitative considerations determined by a committee of individuals, including, among others, the Controller, CISO and Chief Ethics and Compliance Officer, that report to the Chief Financial Officer, CIO, and Senior Vice President General Counsel and Chief Sustainability Officer. Any cyber incidents that exceed thresholds set in the CSIRP are then escalated to the aforementioned committee for a materiality assessment and disclosure considerations.
The Company's Audit Committee oversees management's process for identifying and mitigating cybersecurity risks. Periodically, the CISO presents cyber incidents and risks to the audit committee as part of the board of directors' oversight of risks from cybersecurity threats. The Audit Committee's oversight includes understanding existing and new cybersecurity risks and status on management's response and mitigation plans.As of December 31, 2024, the Company was not aware of (i) any cybersecurity incidents, or (ii) any specific cybersecurity threats, that, in either case, materially affected or are reasonably likely to materially affect the business, strategy, results of operations, or financial condition of the Company. However, we can provide no assurance that there will not be cybersecurity threats or incidents in the future or that they will not materially affect PSE, including our business, strategy, results of operations, or financial condition. For more information regarding risk from cybersecurity threats, see Item 1A, "Risk Factors" included in this report.
|Cybersecurity Risk Management Positions or Committees Responsible [Flag]
|true
|Cybersecurity Risk Management Positions or Committees Responsible [Text Block]
|The CSIRP is a perpetually updated plan that is managed by the Chief Information Security Officer (CISO) and Chief Information Officer (CIO).
|Cybersecurity Risk Management Expertise of Management Responsible [Text Block]
|PSE's CIO has served in various roles in IT and IT security for over 15 years, including serving as Chief Operating Officer or Chief Information Officer primarily in the financial services industry. Further, the CIO holds an undergraduate degree in computer science. PSE's CISO has over 15 years of experience managing IT security across different industries and companies. Additionally, the CISO holds an undergraduate degree and has been a Certified Information Systems Security Professional for over 15 years.
|Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block]
|
Once cyber incidents are identified, a risk assessment is performed by the CDC, in accordance with the CSIRP. The risk assessment includes quantitative and qualitative considerations determined by a committee of individuals, including, among others, the Controller, CISO and Chief Ethics and Compliance Officer, that report to the Chief Financial Officer, CIO, and Senior Vice President General Counsel and Chief Sustainability Officer. Any cyber incidents that exceed thresholds set in the CSIRP are then escalated to the aforementioned committee for a materiality assessment and disclosure considerations.The Company's Audit Committee oversees management's process for identifying and mitigating cybersecurity risks. Periodically, the CISO presents cyber incidents and risks to the audit committee as part of the board of directors' oversight of risks from cybersecurity threats. The Audit Committee's oversight includes understanding existing and new cybersecurity risks and status on management's response and mitigation plans.
|Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag]
|true
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef