|
Cybersecurity Risk Management and Strategy Disclosure
|12 Months Ended
Dec. 31, 2024
|Cybersecurity Risk Management, Strategy, and Governance [Line Items]
|Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]
|
Cybersecurity is a complex and constantly evolving risk that we are committed to understanding and mitigating. The foundation of our information security practices is rooted in the principles set forth by the National Institute of Standards and Technology ("NIST"), ensuring a robust and comprehensive approach to safeguarding our digital assets. This program provides standards, guidelines, and best practices for improving our cybersecurity risk management. To effectively manage our cybersecurity risk, we employ a comprehensive approach encompassing risk assessment, identification, and mitigation, all aligned with the rigorous standards and principles. Cybersecurity and IT compliance risk metrics are monitored regularly to assess, identify, manage and protect our environment. Periodic audits of IT and Cybersecurity are carried out as part of internal and external audits, are performed by professionals and form a part of our overall risk management system and processes.
Our approach to third-party cybersecurity underscores a commitment to robust risk management and adherence to industry best practices. By implementing comprehensive measures in line with recognized standards, we ensure that our third-party cybersecurity protocols are aligned with rigorous standards. Regular assessments, SOC reviews, and collaborative efforts are integral components of our strategy, aimed at fostering a secure and resilient ecosystem that safeguards sensitive information and maintains the integrity of our digital infrastructure in partnership with external entities.
|Cybersecurity Risk Management Processes Integrated [Flag]
|true
|Cybersecurity Risk Management Processes Integrated [Text Block]
|
Cybersecurity is a complex and constantly evolving risk that we are committed to understanding and mitigating. The foundation of our information security practices is rooted in the principles set forth by the National Institute of Standards and Technology ("NIST"), ensuring a robust and comprehensive approach to safeguarding our digital assets. This program provides standards, guidelines, and best practices for improving our cybersecurity risk management. To effectively manage our cybersecurity risk, we employ a comprehensive approach encompassing risk assessment, identification, and mitigation, all aligned with the rigorous standards and principles. Cybersecurity and IT compliance risk metrics are monitored regularly to assess, identify, manage and protect our environment. Periodic audits of IT and Cybersecurity are carried out as part of internal and external audits, are performed by professionals and form a part of our overall risk management system and processes.
|Cybersecurity Risk Management Third Party Engaged [Flag]
|true
|Cybersecurity Risk Third Party Oversight and Identification Processes [Flag]
|true
|Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag]
|false
|Cybersecurity Risk Board of Directors Oversight [Text Block]
|
We have a Chief Information Security Officer ("CISO") and have an IT Steering Committee ("ITSC"). Our CISO is responsible for establishing the cybersecurity vision for the Company, determining and prioritizing cybersecurity initiatives, and keeping abreast of developing security threats. The ITSC reports to the Board and Audit Committee, is chaired by our Head of IT and Software Development (“Head of IT”), and has our CISO, CFO, COO, and SEC Reporting Officer as some of its members. Our CISO brings over three decades of expertise in the IT Industry and is a member of ISACA, showcasing a rich portfolio of industry certifications like the Certified Information Security Manager (“CISM”), Certified Data Privacy Solutions Engineer (“CPDSE”), and Microsoft Certified Systems Engineer (“MCSE”). The CISO also holds accreditations from vendors such as CISCO and Microsoft. Our Head of IT brings two decades of experience in aligning technology initiatives with business goals and managing IT strategy. With a background of over 15 years in insurance and reinsurance, the Head of IT is responsible for ensuring the implementation and adherence to governance and cybersecurity frameworks. Other members of the ITSC hold relevant qualifications and collectively, the ITSC has substantial experience and expertise in cybersecurity, risk, strategy, and management.
The ITSC meets at least quarterly to discuss and approve IT and Cybersecurity matters. The ITSC produces and approves an annual IT budget, as well as an Incident Management and Response plan through which the CISO and the ITSC are informed about cybersecurity incidents.
To assist with mitigating the risks of cybersecurity threats, periodic cybersecurity training is provided to employees, vendors, and members of the Board. Further, to mitigate risk arising from our relationships with third-parties, key vendors must be SOC 2 compliant, as determined in accordance with the framework developed by the American Institute of Certified Public Accountants, or undertake the Company’s enhanced due diligence process. Periodic testing is performed, and all material incidents are reported to the Board.
IT and cybersecurity are a standing Board agenda item, with quarterly presentations to the Board from the IT leadership quarterly. Our Audit Committee assists the Board in its oversight responsibilities regarding our systems, policies, and procedures relating to technology and cybersecurity. The Audit Committee’s charter mandates that the Audit Committee reviews our technology and cybersecurity systems, policies, and procedures (including those relating to our assessment of third-party provider cybersecurity controls) with management. The Audit Committee is further tasked with discussing with management the policies with respect to risk assessment and risk management, including those related to technology and cybersecurity. An IT and Cybersecurity presentation is made to the Audit Committee quarterly and additionally as needed, to inform it of any new or emerging cybersecurity threats or risks.We have not identified or experienced any cybersecurity threats or incidents likely to materially affect our business strategy, results of operations, or financial conditions.
|Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block]
|Our Audit Committee assists the Board in its oversight responsibilities regarding our systems, policies, and procedures relating to technology and cybersecurity.
|Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block]
|The Audit Committee’s charter mandates that the Audit Committee reviews our technology and cybersecurity systems, policies, and procedures (including those relating to our assessment of third-party provider cybersecurity controls) with management. The Audit Committee is further tasked with discussing with management the policies with respect to risk assessment and risk management, including those related to technology and cybersecurity. An IT and Cybersecurity presentation is made to the Audit Committee quarterly and additionally as needed, to inform it of any new or emerging cybersecurity threats or risks.
|Cybersecurity Risk Role of Management [Text Block]
|
We have a Chief Information Security Officer ("CISO") and have an IT Steering Committee ("ITSC"). Our CISO is responsible for establishing the cybersecurity vision for the Company, determining and prioritizing cybersecurity initiatives, and keeping abreast of developing security threats. The ITSC reports to the Board and Audit Committee, is chaired by our Head of IT and Software Development (“Head of IT”), and has our CISO, CFO, COO, and SEC Reporting Officer as some of its members. Our CISO brings over three decades of expertise in the IT Industry and is a member of ISACA, showcasing a rich portfolio of industry certifications like the Certified Information Security Manager (“CISM”), Certified Data Privacy Solutions Engineer (“CPDSE”), and Microsoft Certified Systems Engineer (“MCSE”). The CISO also holds accreditations from vendors such as CISCO and Microsoft. Our Head of IT brings two decades of experience in aligning technology initiatives with business goals and managing IT strategy. With a background of over 15 years in insurance and reinsurance, the Head of IT is responsible for ensuring the implementation and adherence to governance and cybersecurity frameworks. Other members of the ITSC hold relevant qualifications and collectively, the ITSC has substantial experience and expertise in cybersecurity, risk, strategy, and management.
The ITSC meets at least quarterly to discuss and approve IT and Cybersecurity matters. The ITSC produces and approves an annual IT budget, as well as an Incident Management and Response plan through which the CISO and the ITSC are informed about cybersecurity incidents.
To assist with mitigating the risks of cybersecurity threats, periodic cybersecurity training is provided to employees, vendors, and members of the Board. Further, to mitigate risk arising from our relationships with third-parties, key vendors must be SOC 2 compliant, as determined in accordance with the framework developed by the American Institute of Certified Public Accountants, or undertake the Company’s enhanced due diligence process. Periodic testing is performed, and all material incidents are reported to the Board.
IT and cybersecurity are a standing Board agenda item, with quarterly presentations to the Board from the IT leadership quarterly. Our Audit Committee assists the Board in its oversight responsibilities regarding our systems, policies, and procedures relating to technology and cybersecurity. The Audit Committee’s charter mandates that the Audit Committee reviews our technology and cybersecurity systems, policies, and procedures (including those relating to our assessment of third-party provider cybersecurity controls) with management. The Audit Committee is further tasked with discussing with management the policies with respect to risk assessment and risk management, including those related to technology and cybersecurity. An IT and Cybersecurity presentation is made to the Audit Committee quarterly and additionally as needed, to inform it of any new or emerging cybersecurity threats or risks.
|Cybersecurity Risk Management Positions or Committees Responsible [Flag]
|true
|Cybersecurity Risk Management Positions or Committees Responsible [Text Block]
|We have a Chief Information Security Officer ("CISO") and have an IT Steering Committee ("ITSC").
|Cybersecurity Risk Management Expertise of Management Responsible [Text Block]
|Our CISO brings over three decades of expertise in the IT Industry and is a member of ISACA, showcasing a rich portfolio of industry certifications like the Certified Information Security Manager (“CISM”), Certified Data Privacy Solutions Engineer (“CPDSE”), and Microsoft Certified Systems Engineer (“MCSE”). The CISO also holds accreditations from vendors such as CISCO and Microsoft. Our Head of IT brings two decades of experience in aligning technology initiatives with business goals and managing IT strategy. With a background of over 15 years in insurance and reinsurance, the Head of IT is responsible for ensuring the implementation and adherence to governance and cybersecurity frameworks. Other members of the ITSC hold relevant qualifications and collectively, the ITSC has substantial experience and expertise in cybersecurity, risk, strategy, and management.
|Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block]
|
The ITSC meets at least quarterly to discuss and approve IT and Cybersecurity matters. The ITSC produces and approves an annual IT budget, as well as an Incident Management and Response plan through which the CISO and the ITSC are informed about cybersecurity incidents.
|Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag]
|true
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef