|
Cybersecurity Risk Management and Strategy Disclosure
|12 Months Ended
Dec. 31, 2024
|Cybersecurity Risk Management, Strategy, and Governance [Line Items]
|Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]
|
The Group adopts a risk-based approach to mitigate cyber threats it faces. The effective operation of the Group’s estate is supported by an IT and Cyber Security Governance framework, guided by a threat-based strategy which underpins investment decisions. The ongoing protection of the estate and confidentiality of material information is ensured through adherence to the Lloyds Banking Group Security Policy and supporting third-party supplier security schedule, which have been aligned to industry good practice including the NIST Cyber Security Framework; and material laws and regulations. The Group’s IT systems and information security risk management processes, which includes assessment, documentation and treatment have been integrated into its overall enterprise risk management framework. The Group engages a specialist third party consultancy on a periodic basis, to assess the maturity of its cyber security programme, in assessing, identifying and managing material risks from cybersecurity threats. During the handling of an incident, the Cyber Security team will continuously monitor and assess the impact to the Group. Thresholds have been set that, once triggered, will bring the information security risk owning business representatives, legal and compliance teams together as a subcommittee. The subcommittee will own the invocation of crisis management, Board notification and the drafting of any regulatory notifications. In the event of a major information security incident, including those with a material impact on the Group, the Chief Security Officer (CSO) maintains engagement with the executive, supported by the Group incident management teams.
|Cybersecurity Risk Management Processes Integrated [Flag]
|true
|Cybersecurity Risk Management Processes Integrated [Text Block]
|The Group’s IT systems and information security risk management processes, which includes assessment, documentation and treatment have been integrated into its overall enterprise risk management framework.
|Cybersecurity Risk Management Third Party Engaged [Flag]
|true
|Cybersecurity Risk Third Party Oversight and Identification Processes [Flag]
|true
|Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag]
|false
|Cybersecurity Risk Board of Directors Oversight [Text Block]
|The CSO actively participates in Audit Committee and Board meetings and is responsible for offering updates on information security risks and mitigation strategies to the Board and its subcommittees. Additionally, the CSO chairs a subcommittee comprised of stakeholders including, but not limited to security representatives, risk management, compliance and Group Internal Audit. This subcommittee is focused on information security, to review major policy changes, strategies and key risk mitigations to enhance the governance of the information security strategies and policies.
|Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block]
|Additionally, the CSO chairs a subcommittee comprised of stakeholders including, but not limited to security representatives, risk management, compliance and Group Internal Audit.
|Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block]
|The CSO actively participates in Audit Committee and Board meetings and is responsible for offering updates on information security risks and mitigation strategies to the Board and its subcommittees.
|Cybersecurity Risk Role of Management [Text Block]
|To deal with cybersecurity threats, Lloyds Banking Group has a dedicated Cyber Security function led by a certified CSO
|Cybersecurity Risk Management Positions or Committees Responsible [Flag]
|true
|Cybersecurity Risk Management Positions or Committees Responsible [Text Block]
|certified CSO with over 13 years of security experience at the UK Government, Bank of England and major financial services institutions at a leadership level.
|Cybersecurity Risk Management Expertise of Management Responsible [Text Block]
|certified CSO with over 13 years of security experience at the UK Government, Bank of England and major financial services institutions at a leadership level.
|Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block]
|During the handling of an incident, the Cyber Security team will continuously monitor and assess the impact to the Group. Thresholds have been set that, once triggered, will bring the information security risk owning business representatives, legal and compliance teams together as a subcommittee. The subcommittee will own the invocation of crisis management, Board notification and the drafting of any regulatory notifications. In the event of a major information security incident, including those with a material impact on the Group, the Chief Security Officer (CSO) maintains engagement with the executive, supported by the Group incident management teams.
|Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag]
|true
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef