|
Cybersecurity Risk Management and Strategy Disclosure
|12 Months Ended
Dec. 31, 2024
|Cybersecurity Risk Management, Strategy, and Governance [Line Items]
|Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]
|
Risk Management and Strategy
We maintain an active cybersecurity risk management and strategy program to address the risks of cybersecurity threats to our business. Our cybersecurity program aligns with the NIST Cybersecurity Framework, and we conduct reviews of its effectiveness on a regular basis through annual testing, periodic third-party evaluations of our processes and controls, and ongoing surveillance. This program involves the use of cybersecurity tools to identify, protect, detect, respond, and recover from cybersecurity threats. Additionally, we engage with third-party cybersecurity consultants and other professional advisors to gain insight and knowledge into emerging threats, industry trends and emerging practices. Annually, we review cybersecurity risk in the context of our overall enterprise risk management assessment. As a component of these processes, our management team, including our Senior Vice President and Chief Technology Officer, identifies and assesses the likelihood and magnitude of risks, on both inherent and residual basis. These evaluations inform our overall cybersecurity strategy.
Our business operations depend significantly on third party service providers. We have processes in place to evaluate the operational and cybersecurity risks posed to us by third parties on whom we are reliant for these services at the inception of our engagement, and we continuously monitor third-party firms that pose the greatest risks to our business and operations from cybersecurity threats. Nonetheless, we rely on the third parties we use to implement security programs commensurate with their own risk, and we cannot ensure that their efforts will be successful.
Our primary business involves investments in mortgages and mortgage instruments, but we do not perform mortgage servicing, maintain customer accounts, or provide any direct mortgage lending. Nor do we receive personal information on individual mortgage borrowers as part of our regular operations. However, our business is highly dependent on the availability of information systems, and a cybersecurity incident, if one were to occur, could have the potential to disrupt our operations. To date, the Company has not identified any cybersecurity incidents which have materially affected, or are reasonably likely to materially affect, our operations, business strategy, or financial condition. As discussed more fully under Risks Related to Our Business Operations in Item 1A. Risk Factors of this Form 10-K, given the evolving nature and increasing sophistication of cyber threats, there is no guarantee that future incidents will not have a material impact. While we continuously assess, identify,
and mitigate cybersecurity risks through policies, procedures, and industry-standard security measures, cyber threats remain dynamic and could potentially disrupt our operations, expose us to legal or regulatory liabilities, or cause reputational harm.
|Cybersecurity Risk Management Processes Integrated [Flag]
|true
|Cybersecurity Risk Management Third Party Engaged [Flag]
|true
|Cybersecurity Risk Third Party Oversight and Identification Processes [Flag]
|true
|Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag]
|false
|Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block]
|
Governance and Oversight
The Audit Committee of the Board has responsibility to oversee management’s strategy to address risks from cybersecurity threats. The Audit Committee periodically reviews with management the Company’s policies, controls, and procedures used to identify, mitigate, and manage cybersecurity risks. To accomplish this objective, we have established processes for reporting cybersecurity risks to the Audit Committee of the Board on a quarterly basis. This report, which is prepared by our Senior Vice President and Chief Technology Officer, includes performance as against key performance indicators (KPIs) and service level objectives specifically defined to measure the effectiveness of our cybersecurity controls and risk management efforts, current threat landscape, and strategy. In addition, on at least an annual basis the Company’s Senior Vice President and Chief Technology Officer presents to the Audit Committee on cybersecurity matters, including material changes to the Company’s information systems, policies and controls, the results of penetration and other testing and findings from any third-party reviews. Our Audit Committee is committed to maintaining a well-informed and cybersecurity-aware posture, regularly engaging by receiving scheduled and requested updates on our strategy to address risks from cybersecurity threats and the evolving threat landscape. The Board also is apprised of cybersecurity risks as part of its review of management’s annual enterprise risk management assessment.Management plays a pivotal role in identifying, assessing, and managing material risks from cybersecurity threats. This involves continuous monitoring, analyzing emerging threats, and developing and implementing risk mitigation strategies. The Company, led by our Senior Vice President and Chief Technology Officer—who holds the Certified Information Systems Security Professional (CISSP) designation and has over 20 years of cyber and risk management experience—actively implements and enforces cybersecurity policies, procedures, and strategies, including employee training programs, security assessments, and updates to ensure alignment with our evolving threat landscape.
|Cybersecurity Risk Management Positions or Committees Responsible [Flag]
|true
|Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag]
|true
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef