|
Cybersecurity Risk Management and Strategy Disclosure
|12 Months Ended
Dec. 31, 2024
|Cybersecurity Risk Management, Strategy, and Governance [Line Items]
|Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]
|
Risk Management
We recognize the importance of developing, implementing, and maintaining cybersecurity measures to safeguard our information systems and protect the integrity and confidentiality of our data. ACM has established an Information Technology Steering Committee (the "ITSC”) to help mitigate technology risks including those relating to cybersecurity. One of the roles of the ITSC is to oversee cyber risk assessments, monitor applicable key risk indicators, review cybersecurity training procedures, oversee the Company’s Cybersecurity Incident Response Plan and engage third-party service providers to conduct periodic penetration testing, advise on current best practices and review policies and procedures.
Third-party Service Providers
The ITSC engages with external experts, including cybersecurity assessors and consultants in evaluating and testing our cyber risk systems. These engagements enable leveraging specialized knowledge and provides insight to attempt to ensure the cybersecurity strategies and processes are industry best practices. Our collaboration with these third-party service providers includes regular audits, threat assessments, and consultation on security enhancements.
Because of the risks associated with third-party service providers, the ITSC has implemented processes to oversee and manage these risks. Security assessments of key third-party providers are performed before engagement with ongoing monitoring performed to attempt to ensure compliance with cybersecurity standards. The monitoring includes quarterly assessments by the ITSC. This approach is designed to mitigate risks related to data breaches or other security incidents originating from third parties. Our cybersecurity risk assessment includes an evaluation of cyber risk related to sensitive data held by third parties on their systems. There is no assurance that these efforts will effectively mitigate cybersecurity risk and mitigation efforts are not an assurance that no cybersecurity incidents will occur.
Risks from Cybersecurity ThreatsWe rely on our financial, accounting and other data processing systems. Computer malware, viruses, computer hacking and phishing attacks have become more prevalent in our industry and may occur on our systems. Although we have not detected a material cybersecurity breach to date, or encountered any risks from cybersecurity threats, including as a result of any previous cybersecurity incidents, that have materially affected or are reasonably likely to affect the Company, including its business strategy, results of operations or financial condition, other financial services institutions have reported material breaches of their systems, some of which have been significant. Even with all reasonable security efforts, not every breach can be prevented or even detected. It is possible that we have experienced an undetected breach. There is no assurance that we, or the third parties that facilitate our business activities, have not or will not experience a breach. It is difficult to determine what, if any, negative impact may directly result from any specific interruption or cyber-attacks or security breaches of our networks or systems (or the networks or systems of third parties that facilitate our business activities), any failure to maintain performance or any other risk from cybersecurity threats. See General risks common to ARMOUR and our peer mortgage REITs—We are highly dependent on information and communications systems. System failures, security breaches or cyber-attacks of networks or systems could significantly disrupt our business and negatively affect the market price of our common stock and our ability to distribute dividends in Item 1A. Risk Factors of this Form 10-K for further discussion.
|Cybersecurity Risk Management Processes Integrated [Flag]
|true
|Cybersecurity Risk Management Processes Integrated [Text Block]
|
In addition to our scheduled meetings, the Audit Committee, ITSC and CEO maintain an ongoing dialogue regarding emerging or potential cybersecurity risks. Together, they receive updates on any significant developments in the cybersecurity domain, attempting to ensure the Board’s oversight is proactive and responsive. The Audit Committee provides the guidance that attempts to ensure cybersecurity considerations are integrated into the broader operating environment. The Audit Committee conducts an annual review of the company’s cybersecurity position and the effectiveness of its risk management strategies. This review helps in identifying areas for improvement and attempting to ensure the alignment of cybersecurity efforts with the overall risk management framework.
|Cybersecurity Risk Management Third Party Engaged [Flag]
|true
|Cybersecurity Risk Third Party Oversight and Identification Processes [Flag]
|true
|Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag]
|false
|Cybersecurity Risk Board of Directors Oversight [Text Block]
|
Our Board is aware of the critical nature of managing risks associated with cybersecurity threats and has established oversight mechanisms to ensure effective governance in managing risks associated with cybersecurity threats. Our Audit Committee periodically monitors and oversees our information and cybersecurity risks includingreviewing and approving any information and cybersecurity policies, procedures and resources, and reviewing our information and cybersecurity risk assessment, detection, protection, and mitigation systems.
|Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block]
|Our Audit Committee periodically monitors and oversees our information and cybersecurity risks including reviewing and approving any information and cybersecurity policies, procedures and resources, and reviewing our information and cybersecurity risk assessment, detection, protection, and mitigation systems.
|Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block]
|Our Audit Committee periodically monitors and oversees our information and cybersecurity risks including reviewing and approving any information and cybersecurity policies, procedures and resources, and reviewing our information and cybersecurity risk assessment, detection, protection, and mitigation systems.
|Cybersecurity Risk Role of Management [Text Block]
|
Management’s Role
The ITSC and the Chief Executive Officer (“CEO") play a pivotal role in informing the Audit Committee on cybersecurity risks. They provide comprehensive briefings to the Audit Committee on a regular basis, with a minimum frequency of once per year. These briefings encompass a broad range of topics, including:
•Current cybersecurity landscape and emerging threats;
•Status of ongoing cybersecurity initiatives and strategies;
•Incident reports from any cybersecurity events; and
•Compliance with regulatory requirements and industry standards.
In addition to our scheduled meetings, the Audit Committee, ITSC and CEO maintain an ongoing dialogue regarding emerging or potential cybersecurity risks. Together, they receive updates on any significant developments in the cybersecurity domain, attempting to ensure the Board’s oversight is proactive and responsive. The Audit Committee provides the guidance that attempts to ensure cybersecurity considerations are integrated into the broader operating environment. The Audit Committee conducts an annual review of the company’s cybersecurity position and the effectiveness of its risk management strategies. This review helps in identifying areas for improvement and attempting to ensure the alignment of cybersecurity efforts with the overall risk management framework.
Risk Management Personnel
Primary responsibility for assessing, monitoring, and managing our cybersecurity risks rests with the ITSC. This committee consists of the Chief Technology Officer ("CTO"), IT Systems Administrator, Co-Chief Investment Officers, Controller and the CFO. Our CTO has over a twenty years of experience with cybersecurity, and our IT Systems Administrator has cybersecurity experience and certifications. All ACM employees are required to complete monthly cybersecurity trainings. Our ITSC oversees our governance programs, tests our compliance with standards, remediates known risks, and leads our cybersecurity training procedures.
Monitoring
The ITSC is informed by our CTO about the latest developments in cybersecurity, including potential threats and innovative risk management techniques. Information technology subscriptions and cybersecurity updates are reviewed regularly by our CTO and continuing education in the cybersecurity field is ongoing. This ongoing knowledge acquisition is crucial for the effective prevention, detection, mitigation, and remediation of cybersecurity incidents. The ITSC implements and oversees processes for the regular monitoring of our information systems. This includes the deployment of advanced security measures and regular system audits to identify potential vulnerabilities. In the event of a cybersecurity incident, the ITSC is equipped with a well-defined incident response plan. This plan includes immediate actions to mitigate the impact and long-term strategies for remediation and prevention of future incidents.
|Cybersecurity Risk Management Positions or Committees Responsible [Flag]
|true
|Cybersecurity Risk Management Positions or Committees Responsible [Text Block]
|
Primary responsibility for assessing, monitoring, and managing our cybersecurity risks rests with the ITSC. This committee consists of the Chief Technology Officer ("CTO"), IT Systems Administrator, Co-Chief Investment Officers, Controller and the CFO. Our CTO has over a twenty years of experience with cybersecurity, and our IT Systems Administrator has cybersecurity experience and certifications. All ACM employees are required to complete monthly cybersecurity trainings. Our ITSC oversees our governance programs, tests our compliance with standards, remediates known risks, and leads our cybersecurity training procedures.
|Cybersecurity Risk Management Expertise of Management Responsible [Text Block]
|Our CTO has over a twenty years of experience with cybersecurity, and our IT Systems Administrator has cybersecurity experience and certifications. All ACM employees are required to complete monthly cybersecurity trainings.
|Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block]
|
Monitoring
The ITSC is informed by our CTO about the latest developments in cybersecurity, including potential threats and innovative risk management techniques. Information technology subscriptions and cybersecurity updates are reviewed regularly by our CTO and continuing education in the cybersecurity field is ongoing. This ongoing knowledge acquisition is crucial for the effective prevention, detection, mitigation, and remediation of cybersecurity incidents. The ITSC implements and oversees processes for the regular monitoring of our information systems. This includes the deployment of advanced security measures and regular system audits to identify potential vulnerabilities. In the event of a cybersecurity incident, the ITSC is equipped with a well-defined incident response plan. This plan includes immediate actions to mitigate the impact and long-term strategies for remediation and prevention of future incidents.
Reporting
The ITSC regularly informs the CEO of all known aspects related to cybersecurity risks and incidents. This attempts to ensure that the highest levels of management are kept abreast of the cybersecurity posture and potential risks facing ARMOUR. Furthermore, significant cybersecurity matters are escalated to the Board, so that the Board can provide guidance on critical cybersecurity issues.
|Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag]
|true
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef