XML 422 R58.htm IDEA: XBRL DOCUMENT v3.25.4
Cybersecurity Risk Management and Strategy Disclosure
 12 Months Ended
Dec. 31, 2025
Cybersecurity Risk Management, Strategy, and Governance [Line Items]  
Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block] The Group adopts a risk-based approach to mitigate cyber threats it faces. The effective operation of the Group’s estate is supported by an IT
and Cyber Security Governance framework, guided by a threat-based strategy which underpins investment decisions. The ongoing protection of
the estate and confidentiality of material information is ensured through adherence to the Group Security Policy and supporting third-party
supplier security schedule, which have been aligned to industry good practice including the NIST Cyber Security Framework; and material laws
and regulations. The Group’s IT systems and information security risk management processes, which includes assessment, documentation and
treatment have been integrated into its overall enterprise risk management framework. The Group engages a specialist third party consultancy
on a periodic basis, to assess the maturity of its cyber security programme, in assessing, identifying and managing material risks from
cybersecurity threats. During the handling of an incident, the Cyber Security team will continuously monitor and assess the impact to the
Group.
Cybersecurity Risk Management Processes Integrated [Flag] true
Cybersecurity Risk Management Processes Integrated [Text Block] The Group’s IT systems and information security risk management processes, which includes assessment, documentation and treatment have been integrated into its overall enterprise risk management framework.
Cybersecurity Risk Management Third Party Engaged [Flag] true
Cybersecurity Risk Third Party Oversight and Identification Processes [Flag] true
Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag] false
Cybersecurity Risk Board of Directors Oversight [Text Block] The CSO actively participates
in Audit Committee and Board meetings and is responsible for offering updates on information security risks and mitigation strategies to the
Board and its subcommittees. Additionally, the CSO chairs a subcommittee comprised of stakeholders including, but not limited to security
representatives, risk management, compliance and Group Internal Audit. This subcommittee is focused on information security, to review major
policy changes, strategies and key risk mitigations to enhance the governance of the information security strategies and policies.
Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block] Additionally, the CSO chairs a subcommittee comprised of stakeholders including, but not limited to security representatives, risk management, compliance and Group Internal Audit.
Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block] The CSO actively participates
in Audit Committee and Board meetings and is responsible for offering updates on information security risks and mitigation strategies to the
Board and its subcommittees.
Cybersecurity Risk Role of Management [Text Block] To deal with cybersecurity threats, the Group has a dedicated Cyber Security function led by a certified CSO
Cybersecurity Risk Management Positions or Committees Responsible [Flag] true
Cybersecurity Risk Management Positions or Committees Responsible [Text Block] The CSO actively participates
in Audit Committee and Board meetings and is responsible for offering updates on information security risks and mitigation strategies to the
Board and its subcommittees. Additionally, the CSO chairs a subcommittee comprised of stakeholders including, but not limited to security
representatives, risk management, compliance and Group Internal Audit. This subcommittee is focused on information security, to review major
policy changes, strategies and key risk mitigations to enhance the governance of the information security strategies and policies.
Cybersecurity Risk Management Expertise of Management Responsible [Text Block] certified CSO with over 14 years of security experience at the UK Government, Bank of England and major financial services institutions at a leadership level.
Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block] During the handling of an incident, the Cyber Security team will continuously monitor and assess the impact to the
Group.
Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag] true