Cybersecurity Risk Management, Strategy, and Governance	12 Months Ended
Dec. 31, 2025
Cybersecurity Risk Management, Strategy, and Governance [Line Items]
Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]	Item 1C. Cybersecurity Risk Management and Strategy Our cybersecurity program is led by our Chief Information Security Officer (CISO) and overseen by the Audit Committee and the Board of Directors. Our cybersecurity program prioritizes threat mitigation, while focusing on maintaining the integrity and resilience of our systems. Our cybersecurity program includes identifying threats, considering potential damages through the lens of residual risk, identifying potential actions to manage cyber risk, implementation, and ongoing monitoring and testing for design and performance effectiveness. The Company’s risk management strategy identifies cybersecurity risks, such as vulnerabilities on assets, fraud, abuse of systems and services, unauthorized data access, data exfiltration, data destruction, and service disruption, as among the Company’s top enterprise risks. As such, the cybersecurity risk management process and related governance process are integrated into the broader information technology control environment, which is integrated into the Company’s overall risk management systems and processes. Additionally, we regularly review and test our cybersecurity controls. Our cybersecurity team, in partnership with external vendors and a third-party security operations center, designs and implements data security and cybersecurity programs, risk assessments, monitoring, external and internal penetration tests, controls testing and training for our employees. In 2025, third-party consultants were engaged to perform security penetration tests and to facilitate a table top exercise to test the Company’s cyber incident response plan. We continue to make investments to enhance our ability to identify and detect cybersecurity risks within our environment and protect the Company from those identified risks. Risk Assessment, Risk Management and Incident Management We employ people, processes and technologies to proactively address cybersecurity risks. This includes the periodic review and update of IT security policies, employee security awareness training programs complemented by simulated phish testing, and the implementation of firewalls, intrusion prevention and detection systems, anti-malware sensors, and access and identity management controls. We have established cybersecurity incident response plans, such as the Cybersecurity Incident Response Plan and the IT Disaster Recovery Plan, which outline frameworks for addressing and managing potential cybersecurity incidents. These plans provide direction on departmental responsibilities and collaboration within ACIC, as well as define processes and protocols for incident response and management. The Cybersecurity Incident Response Plan specifies escalation procedures aligned to factors like the severity of the incident, associated risks and harms, necessary mitigation and remediation steps and any relevant legal or regulatory obligations. Multidisciplinary teams handle incident responses and escalate matters to senior management and the Board of Directors when needed. We review and update our cybersecurity incident response plans every year to ensure their effectiveness. The Company’s risk assessment considers cybersecurity threats associated with the use of third-party service providers. Failure to assess potential risks associated with a third party could expose us to a variety of risks, including, but not limited to supply chain attacks, data breaches, and reputational damage which can have devastating and long-lasting impacts. As such, we have employed contracting policies and procedures which include data protection and other cybersecurity considerations during the vendor onboarding process, and periodic review of service organization controls reports for material third-party service providers. In the last three fiscal years, we have not experienced a material cybersecurity incident, and we are not aware of any cybersecurity risks that are reasonably likely to materially affect our business other than what is already disclosed in Item 1.A Risk Factors in this Annual Report on Form 10-K. For more information about the risks posed by cybersecurity threats, see “If we experience difficulties with our information technology or data security systems and/or outsourcing relationships, our ability to conduct our business could be negatively impacted, which could adversely affect our financial condition or results of operations” in Item 1A. Risk Factors in this Annual Report on Form 10-K. Governance Management Oversight Our CISO has the overall responsibility of implementing strategies and objectives to build a strong cyber management function. Our CISO has over 25 years of IT experience with specialization in IT compliance, information security and risk management. Our Chief Information Officer (CIO) has the overall responsibility of establishing and overseeing the Company’s technology infrastructure and security posture. Our CIO has over 25 years of IT experience, nearly all in the insurance space. Finally, our Chief Compliance and Risk Officer (CCRO) has more than 30 years of experience in audit, finance and accounting and has managed tax planning, insurance accounting, internal audit and risk management functions. Our CCRO maintains an active Certified Public Accountant license. Board of Directors Oversight The Board of Directors and Audit Committee are responsible for overseeing our annual enterprise risk assessment, reviewing the guidelines and policies for assessing and managing the Company’s exposure to risks, including cybersecurity risks, and the steps management has taken to monitor and control such exposures. The Board of Directors and Audit Committee periodically meet to facilitate oversight of cybersecurity risk. The Board of Directors regularly devotes time during its meetings to review and discuss the most significant risks facing the Company over the short-, medium- and long-term, and management’s responses to those risks, including cybersecurity. Within these discussions, the Board of Directors receives updates from the CISO on the risks posed by cybersecurity threats and the Company’s cybersecurity program. In addition to evaluating the Company’s cybersecurity risks, the Board of Directors has oversight of management’s cybersecurity function and is responsible for reviewing and approving the Company’s cybersecurity program, as well as reviewing the quality and effectiveness of the Company’s technology security.
Cybersecurity Risk Management Processes Integrated [Flag]	true
Cybersecurity Risk Management Processes Integrated [Text Block]	The Company’s risk management strategy identifies cybersecurity risks, such as vulnerabilities on assets, fraud, abuse of systems and services, unauthorized data access, data exfiltration, data destruction, and service disruption, as among the Company’s top enterprise risks. As such, the cybersecurity risk management process and related governance process are integrated into the broader information technology control environment, which is integrated into the Company’s overall risk management systems and processes. Additionally, we regularly review and test our cybersecurity controls.
Cybersecurity Risk Management Third Party Engaged [Flag]	true
Cybersecurity Risk Third Party Oversight and Identification Processes [Flag]	true
Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag]	false
Cybersecurity Risk Board of Directors Oversight [Text Block]	Board of Directors Oversight The Board of Directors and Audit Committee are responsible for overseeing our annual enterprise risk assessment, reviewing the guidelines and policies for assessing and managing the Company’s exposure to risks, including cybersecurity risks, and the steps management has taken to monitor and control such exposures. The Board of Directors and Audit Committee periodically meet to facilitate oversight of cybersecurity risk. The Board of Directors regularly devotes time during its meetings to review and discuss the most significant risks facing the Company over the short-, medium- and long-term, and management’s responses to those risks, including cybersecurity. Within these discussions, the Board of Directors receives updates from the CISO on the risks posed by cybersecurity threats and the Company’s cybersecurity program. In addition to evaluating the Company’s cybersecurity risks, the Board of Directors has oversight of management’s cybersecurity function and is responsible for reviewing and approving the Company’s cybersecurity program, as well as reviewing the quality and effectiveness of the Company’s technology security.
Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block]	The Board of Directors regularly devotes time during its meetings to review and discuss the most significant risks facing the Company over the short-, medium- and long-term, and management’s responses to those risks, including cybersecurity. Within these discussions, the Board of Directors receives updates from the CISO on the risks posed by cybersecurity threats and the Company’s cybersecurity program. In addition to evaluating the Company’s cybersecurity risks, the Board of Directors has oversight of management’s cybersecurity function and is responsible for reviewing and approving the Company’s cybersecurity program, as well as reviewing the quality and effectiveness of the Company’s technology security.
Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block]	The Board of Directors and Audit Committee are responsible for overseeing our annual enterprise risk assessment, reviewing the guidelines and policies for assessing and managing the Company’s exposure to risks, including cybersecurity risks, and the steps management has taken to monitor and control such exposures. The Board of Directors and Audit Committee periodically meet to facilitate oversight of cybersecurity risk.
Cybersecurity Risk Role of Management [Text Block]	Management Oversight Our CISO has the overall responsibility of implementing strategies and objectives to build a strong cyber management function. Our CISO has over 25 years of IT experience with specialization in IT compliance, information security and risk management. Our Chief Information Officer (CIO) has the overall responsibility of establishing and overseeing the Company’s technology infrastructure and security posture. Our CIO has over 25 years of IT experience, nearly all in the insurance space. Finally, our Chief Compliance and Risk Officer (CCRO) has more than 30 years of experience in audit, finance and accounting and has managed tax planning, insurance accounting, internal audit and risk management functions. Our CCRO maintains an active Certified Public Accountant license.
Cybersecurity Risk Management Positions or Committees Responsible [Flag]	true
Cybersecurity Risk Management Positions or Committees Responsible [Text Block]	Our CISO has the overall responsibility of implementing strategies and objectives to build a strong cyber management function. Our CISO has over 25 years of IT experience with specialization in IT compliance, information security and risk management. Our Chief Information Officer (CIO) has the overall responsibility of establishing and overseeing the Company’s technology infrastructure and security posture. Our CIO has over 25 years of IT experience, nearly all in the insurance space. Finally, our Chief Compliance and Risk Officer (CCRO) has more than 30 years of experience in audit, finance and accounting and has managed tax planning, insurance accounting, internal audit and risk management functions. Our CCRO maintains an active Certified Public Accountant license.
Cybersecurity Risk Management Expertise of Management Responsible [Text Block]	Our CISO has over 25 years of IT experience with specialization in IT compliance, information security and risk management.Our CIO has over 25 years of IT experience, nearly all in the insurance space. our Chief Compliance and Risk Officer (CCRO) has more than 30 years of experience in audit, finance and accounting and has managed tax planning, insurance accounting, internal audit and risk management functions.
Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block]	Within these discussions, the Board of Directors receives updates from the CISO on the risks posed by cybersecurity threats and the Company’s cybersecurity program. In addition to evaluating the Company’s cybersecurity risks, the Board of Directors has oversight of management’s cybersecurity function and is responsible for reviewing and approving the Company’s cybersecurity program, as well as reviewing the quality and effectiveness of the Company’s technology security.
Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag]	true

Cybersecurity Risk Management, Strategy, and Governance

12 Months Ended

Dec. 31, 2025

Cybersecurity Risk Management, Strategy, and Governance [Line Items]

Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]

Item 1C. Cybersecurity

Risk Management and Strategy

Our cybersecurity program is led by our Chief Information Security Officer (CISO) and overseen by the Audit Committee and the Board of Directors. Our cybersecurity program prioritizes threat mitigation, while focusing on maintaining the integrity and resilience

of our systems. Our cybersecurity program includes identifying threats, considering potential damages through the lens of residual risk, identifying potential actions to manage cyber risk, implementation, and ongoing monitoring and testing for design and performance effectiveness.

The Company’s risk management strategy identifies cybersecurity risks, such as vulnerabilities on assets, fraud, abuse of systems and services, unauthorized data access, data exfiltration, data destruction, and service disruption, as among the Company’s top enterprise risks. As such, the cybersecurity risk management process and related governance process are integrated into the broader information technology control environment, which is integrated into the Company’s overall risk management systems and processes. Additionally, we regularly review and test our cybersecurity controls.

Our cybersecurity team, in partnership with external vendors and a third-party security operations center, designs and implements data security and cybersecurity programs, risk assessments, monitoring, external and internal penetration tests, controls testing and training for our employees. In 2025, third-party consultants were engaged to perform security penetration tests and to facilitate a table top exercise to test the Company’s cyber incident response plan. We continue to make investments to enhance our ability to identify and detect cybersecurity risks within our environment and protect the Company from those identified risks.

Risk Assessment, Risk Management and Incident Management

We employ people, processes and technologies to proactively address cybersecurity risks. This includes the periodic review and update of IT security policies, employee security awareness training programs complemented by simulated phish testing, and the implementation of firewalls, intrusion prevention and detection systems, anti-malware sensors, and access and identity management controls.

We have established cybersecurity incident response plans, such as the Cybersecurity Incident Response Plan and the IT Disaster Recovery Plan, which outline frameworks for addressing and managing potential cybersecurity incidents. These plans provide direction on departmental responsibilities and collaboration within ACIC, as well as define processes and protocols for incident response and management. The Cybersecurity Incident Response Plan specifies escalation procedures aligned to factors like the severity of the incident, associated risks and harms, necessary mitigation and remediation steps and any relevant legal or regulatory obligations. Multidisciplinary teams handle incident responses and escalate matters to senior management and the Board of Directors when needed. We review and update our cybersecurity incident response plans every year to ensure their effectiveness.

The Company’s risk assessment considers cybersecurity threats associated with the use of third-party service providers. Failure to assess potential risks associated with a third party could expose us to a variety of risks, including, but not limited to supply chain attacks, data breaches, and reputational damage which can have devastating and long-lasting impacts. As such, we have employed contracting policies and procedures which include data protection and other cybersecurity considerations during the vendor onboarding process, and periodic review of service organization controls reports for material third-party service providers.

In the last three fiscal years, we have not experienced a material cybersecurity incident, and we are not aware of any cybersecurity risks that are reasonably likely to materially affect our business other than what is already disclosed in Item 1.A Risk Factors in this Annual Report on Form 10-K. For more information about the risks posed by cybersecurity threats, see “If we experience difficulties with our information technology or data security systems and/or outsourcing relationships, our ability to conduct our business could be negatively impacted, which could adversely affect our financial condition or results of operations” in Item 1A. Risk Factors in this Annual Report on Form 10-K.

Governance

Management Oversight

Our CISO has the overall responsibility of implementing strategies and objectives to build a strong cyber management function. Our CISO has over 25 years of IT experience with specialization in IT compliance, information security and risk management.

Our Chief Information Officer (CIO) has the overall responsibility of establishing and overseeing the Company’s technology infrastructure and security posture. Our CIO has over 25 years of IT experience, nearly all in the insurance space.

Finally, our Chief Compliance and Risk Officer (CCRO) has more than 30 years of experience in audit, finance and accounting and has managed tax planning, insurance accounting, internal audit and risk management functions. Our CCRO maintains an active Certified Public Accountant license.

Board of Directors Oversight

The Board of Directors and Audit Committee are responsible for overseeing our annual enterprise risk assessment, reviewing the guidelines and policies for assessing and managing the Company’s exposure to risks, including cybersecurity risks, and the steps

management has taken to monitor and control such exposures. The Board of Directors and Audit Committee periodically meet to facilitate oversight of cybersecurity risk.

The Board of Directors regularly devotes time during its meetings to review and discuss the most significant risks facing the Company over the short-, medium- and long-term, and management’s responses to those risks, including cybersecurity. Within these discussions, the Board of Directors receives updates from the CISO on the risks posed by cybersecurity threats and the Company’s cybersecurity program. In addition to evaluating the Company’s cybersecurity risks, the Board of Directors has oversight of management’s cybersecurity function and is responsible for reviewing and approving the Company’s cybersecurity program, as well as reviewing the quality and effectiveness of the Company’s technology security.

Cybersecurity Risk Management Processes Integrated [Flag]

true

Cybersecurity Risk Management Processes Integrated [Text Block]

Cybersecurity Risk Management Third Party Engaged [Flag]

true

Cybersecurity Risk Third Party Oversight and Identification Processes [Flag]

true

Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag]

false

Cybersecurity Risk Board of Directors Oversight [Text Block]

Board of Directors Oversight

management has taken to monitor and control such exposures. The Board of Directors and Audit Committee periodically meet to facilitate oversight of cybersecurity risk.

Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block]

Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block]

management has taken to monitor and control such exposures. The Board of Directors and Audit Committee periodically meet to facilitate oversight of cybersecurity risk.

Cybersecurity Risk Role of Management [Text Block]

Management Oversight

Cybersecurity Risk Management Positions or Committees Responsible [Flag]

true

Cybersecurity Risk Management Positions or Committees Responsible [Text Block]

Cybersecurity Risk Management Expertise of Management Responsible [Text Block]

Our CISO has over 25 years of IT experience with specialization in IT compliance, information security and risk management.Our CIO has over 25 years of IT experience, nearly all in the insurance space. our Chief Compliance and Risk Officer (CCRO) has more than 30 years of experience in audit, finance and accounting and has managed tax planning, insurance accounting, internal audit and risk management functions.

Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block]

Within these discussions, the Board of Directors receives updates from the CISO on the risks posed by cybersecurity threats and the Company’s cybersecurity program. In addition to evaluating the Company’s cybersecurity risks, the Board of Directors has oversight of management’s cybersecurity function and is responsible for reviewing and approving the Company’s cybersecurity program, as well as reviewing the quality and effectiveness of the Company’s technology security.

Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag]

true