|
Cybersecurity Risk Management and Strategy Disclosure
|12 Months Ended
Dec. 31, 2024
|Cybersecurity Risk Management, Strategy, and Governance [Line Items]
|Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]
|
As previously discussed under the section titled "Enterprise Risk Management", through our ERM program we have a risk management framework that recognizes the risks inherent in our operating segments as well as the risks associated with the operations of our holding company. This process includes assessing, identifying and managing material risks related to cybersecurity.
ProAssurance's Information Systems Security department, with assistance from third-party security vendors, continually monitors the Company's systems for indicators of attack or compromise to mitigate the risk of cyberattacks. The Company regularly enhances its cyber and information security in order to identify and neutralize emerging threats and improve its ability to prevent, detect and respond to attempts to gain unauthorized access to the Company's data and systems. ProAssurance regularly adds additional security measures to its computer systems and network infrastructure to mitigate the possibility of cybersecurity breaches, including firewalls and penetration testing. The Company encrypts sensitive information and data and utilizes stringent access controls. Team members are required to complete quarterly security training which encompasses a wide range of cybersecurity topics. This training informs all team members of the processes and procedures to follow in the case they encounter a possible cybersecurity threat. This training is reinforced through periodic simulated phishing tests. Further, all team members are required to read and acknowledge the Company's guidelines for the use of publicly available generative artificial intelligence tools. The Company's guidelines explain how to protect the Company from risks that can arise if legally protected, proprietary or confidential information is shared with these tools.
The Company also evaluates the integrity and security of the technology infrastructure of certain third parties that access, process or store data that the Company considers to be sensitive, significant or legally protected. ProAssurance reviews and assesses its third-party providers' cybersecurity controls, as appropriate, and makes changes to the Company's business processes to manage these risks.
|Cybersecurity Risk Management Processes Integrated [Flag]
|true
|Cybersecurity Risk Management Third Party Engaged [Flag]
|true
|Cybersecurity Risk Third Party Oversight and Identification Processes [Flag]
|true
|Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag]
|false
|Cybersecurity Risk Board of Directors Oversight [Text Block]
|
While our Board is responsible for ensuring that our entire ERM process is in place and functioning, our Audit Committee has the primary oversight responsibility for risks relating to cybersecurity. Our Vice President of Information Security regularly attends and presents to our Audit Committee on material cybersecurity risks and mitigating procedures. Our Vice President of Information Security oversees ProAssurance's information security and data privacy programs and is responsible for establishing and implementing our security strategy alongside our General Counsel, to whom the Vice President of Information Security reports directly. Our Vice President of Information Security has been with ProAssurance since 1998 and has over 26 years of IT and cybersecurity experience.
The Company has a formal process in place for identifying, handling and disclosing of material cybersecurity incidents. The Company's Security Oversight Committee includes our Chief Financial Officer, General Counsel, Vice President of Information Security and representatives from our Internal Audit, Legal, Compliance and Information Systems departments. The purpose of the SOC is to develop and review the Information Security policies, standards and guidelines for the Company that manage Cyber Risk. Furthermore, the Company's Code of Ethics and Conduct explicitly prohibits officers, directors, team members or other insiders who are subject to the Code from transacting in the Company's stock during a time when such individuals have knowledge of any material undisclosed cybersecurity incident or breach.
Effective July 26, 2023, the SEC finalized rules requiring registrants to disclose material cybersecurity incidents. Per the ruling, any cybersecurity incident deemed to be material shall be disclosed within four business days of materiality determination. The determination of materiality related to cybersecurity incidents is subjective, however, the Company has implemented materiality consideration in its formal process.All possible cybersecurity incidents are reported to our General Counsel for consideration of materiality. Our General Counsel escalates consideration of materiality to our Chief Executive Officer, Chief Financial Officer and other corporate officers as appropriate. The Company does not utilize any third-party service providers for consideration of materiality for cybersecurity incidents. Upon determination that the Company has experienced a material cybersecurity incident, the Company will disclose the incident within four business days as required by regulation. Our Board will also be notified of any material cybersecurity incidents immediately upon determination of materiality.
|Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block]
|While our Board is responsible for ensuring that our entire ERM process is in place and functioning, our Audit Committee has the primary oversight responsibility for risks relating to cybersecurity.
|Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block]
|Our Vice President of Information Security regularly attends and presents to our Audit Committee on material cybersecurity risks and mitigating procedures. Our Vice President of Information Security oversees ProAssurance's information security and data privacy programs and is responsible for establishing and implementing our security strategy alongside our General Counsel, to whom the Vice President of Information Security reports directly. Our Vice President of Information Security has been with ProAssurance since 1998 and has over 26 years of IT and cybersecurity experience.
|Cybersecurity Risk Role of Management [Text Block]
|
The Company has a formal process in place for identifying, handling and disclosing of material cybersecurity incidents. The Company's Security Oversight Committee includes our Chief Financial Officer, General Counsel, Vice President of Information Security and representatives from our Internal Audit, Legal, Compliance and Information Systems departments. The purpose of the SOC is to develop and review the Information Security policies, standards and guidelines for the Company that manage Cyber Risk. Furthermore, the Company's Code of Ethics and Conduct explicitly prohibits officers, directors, team members or other insiders who are subject to the Code from transacting in the Company's stock during a time when such individuals have knowledge of any material undisclosed cybersecurity incident or breach.
|Cybersecurity Risk Management Positions or Committees Responsible [Flag]
|true
|Cybersecurity Risk Management Positions or Committees Responsible [Text Block]
|
While our Board is responsible for ensuring that our entire ERM process is in place and functioning, our Audit Committee has the primary oversight responsibility for risks relating to cybersecurity. Our Vice President of Information Security regularly attends and presents to our Audit Committee on material cybersecurity risks and mitigating procedures. Our Vice President of Information Security oversees ProAssurance's information security and data privacy programs and is responsible for establishing and implementing our security strategy alongside our General Counsel, to whom the Vice President of Information Security reports directly. Our Vice President of Information Security has been with ProAssurance since 1998 and has over 26 years of IT and cybersecurity experience.
|Cybersecurity Risk Management Expertise of Management Responsible [Text Block]
|Our Vice President of Information Security has been with ProAssurance since 1998 and has over 26 years of IT and cybersecurity experience.
|Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block]
|
The Company has a formal process in place for identifying, handling and disclosing of material cybersecurity incidents. The Company's Security Oversight Committee includes our Chief Financial Officer, General Counsel, Vice President of Information Security and representatives from our Internal Audit, Legal, Compliance and Information Systems departments. The purpose of the SOC is to develop and review the Information Security policies, standards and guidelines for the Company that manage Cyber Risk. Furthermore, the Company's Code of Ethics and Conduct explicitly prohibits officers, directors, team members or other insiders who are subject to the Code from transacting in the Company's stock during a time when such individuals have knowledge of any material undisclosed cybersecurity incident or breach.
|Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag]
|true
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef