|
Cybersecurity Risk Management and Strategy Disclosure
|12 Months Ended
Dec. 31, 2024
|Cybersecurity Risk Management, Strategy, and Governance [Line Items]
|Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]
|
At Cannae, the board of directors oversees management’s process for identifying and mitigating risks, including cybersecurity risks. Senior leadership, including our Chief Information Security Officer ("CISO"), works diligently to identify, assess and manage material risks through our Enterprise Risk Management ("ERM") program. As part of that program, we conduct risk assessments to identify and assess our material business, operational and environmental risks and works with our management team to develop strategies and plans to mitigate and manage those risks, including cybersecurity risks related to the use of third-party service providers.
Our ERM program is overseen by a group of highly-qualified individuals and is tailored to the unique structure of our business. As a holding company with a small group of highly qualified employees, we are well positioned to maintain operations in the event of a disaster or a material disruption to our information technology ("IT") infrastructure and networks. Our CISO has extensive information technology, cybersecurity and program management experience as do many of the employees in the information security group for our third-party provider. Our CISO, as well as others in our third-party provider's information security group, hold certifications such as the Certified Information System Security Professional certification. Each of our various businesses separately maintains business continuity functions that adhere to the unique requirements of their business.
On an ongoing basis, management assesses the cybersecurity risks of Cannae and aligns its procedures and its audit plan with the identified and addressable risks. The underlying controls of the cyber risk management program are based on the recognized standards as outlined in the National Institute of Standards and Technology ("NIST") Cybersecurity Framework. We utilize a third party to manage our IT network and processes and our ERM personnel work directly with the provider on all aspects of the Company's IT infrastructure and cybersecurity risks. Risks are evaluated over various timeframes; however, the focus of management’s risk assessment is on risks to the long-term solvency and sustainability of the ongoing operations of Cannae. Risks with the potential for an adverse impact to the Company in the near term are prioritized to the extent they present a material risk to the financial viability of the Company.
We apply a comprehensive approach to the mitigation of identified security risks, including monitoring our third-party IT service provider and management of our unconsolidated affiliates. As a holding company with relatively low volumes of personnel and third-party data, we have established policies, procedures and controls, including those related to privacy, information security and cybersecurity, and we employ a broad and diversified set of IT risk monitoring and risk mitigation techniques tailored to the unique nature of our business, including threat and vulnerability management, security monitoring,
identity and access management, phishing awareness, risk oversight, third-party risk management, disaster recovery and business continuity management.
In the event of a cybersecurity incident, we have established protocols for management's response to incidents and we regularly test those protocols with appropriate management personnel. Such protocols include an incident response playbook with the assessment of cybersecurity risks and procedures and hierarchies for escalating and reporting incidents to executive management, the board of directors, investors, government agencies and the general public.The employees at our consolidated companies are the strongest assets in protecting information and mitigating risk. We monitor the security practices of our employees, including training programs that focus on applicable privacy, security, legal, and regulatory requirements that provide ongoing enhancement of their respective security and risk cultures. Our employees participate in an annual Information Security Training.
|Cybersecurity Risk Management Processes Integrated [Flag]
|true
|Cybersecurity Risk Management Processes Integrated [Text Block]
|At Cannae, the board of directors oversees management’s process for identifying and mitigating risks, including cybersecurity risks. Senior leadership, including our Chief Information Security Officer ("CISO"), works diligently to identify, assess and manage material risks through our Enterprise Risk Management ("ERM") program. As part of that program, we conduct risk assessments to identify and assess our material business, operational and environmental risks and works with our management team to develop strategies and plans to mitigate and manage those risks, including cybersecurity risks related to the use of third-party service providers.
|Cybersecurity Risk Management Third Party Engaged [Flag]
|true
|Cybersecurity Risk Third Party Oversight and Identification Processes [Flag]
|true
|Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag]
|false
|Cybersecurity Risk Board of Directors Oversight [Text Block]
|The Board administers its risk oversight function directly and through committees and our Board has a strong focus on cybersecurity. Our approaches to cybersecurity and privacy are overseen by the audit committee. At each regular meeting of the audit committee of our Board, management provides reports relating to existing and emerging risk at our companies, including, as appropriate, cyber and data security risks, and any security incidents. At least annually (or more frequently in the event of material changes to the Company) the update to the audit committee includes a summary of management’s complete reassessment of the Company’s risk and control environment identified through our ERM program. Our audit committee chairman reports on these discussions to our Board on a quarterly basis.
|Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block]
|At Cannae, the board of directors oversees management’s process for identifying and mitigating risks, including cybersecurity risks. Senior leadership, including our Chief Information Security Officer ("CISO"), works diligently to identify, assess and manage material risks through our Enterprise Risk Management ("ERM") program.
|Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block]
|
In the event of a cybersecurity incident, we have established protocols for management's response to incidents and we regularly test those protocols with appropriate management personnel. Such protocols include an incident response playbook with the assessment of cybersecurity risks and procedures and hierarchies for escalating and reporting incidents to executive management, the board of directors, investors, government agencies and the general public.
|Cybersecurity Risk Role of Management [Text Block]
|Senior leadership, including our Chief Information Security Officer ("CISO"), works diligently to identify, assess and manage material risks through our Enterprise Risk Management ("ERM") program. As part of that program, we conduct risk assessments to identify and assess our material business, operational and environmental risks and works with our management team to develop strategies and plans to mitigate and manage those risks, including cybersecurity risks related to the use of third-party service providers.
Our ERM program is overseen by a group of highly-qualified individuals and is tailored to the unique structure of our business. As a holding company with a small group of highly qualified employees, we are well positioned to maintain operations in the event of a disaster or a material disruption to our information technology ("IT") infrastructure and networks. Our CISO has extensive information technology, cybersecurity and program management experience as do many of the employees in the information security group for our third-party provider. Our CISO, as well as others in our third-party provider's information security group, hold certifications such as the Certified Information System Security Professional certification. Each of our various businesses separately maintains business continuity functions that adhere to the unique requirements of their business.At each regular meeting of the audit committee of our Board, management provides reports relating to existing and emerging risk at our companies, including, as appropriate, cyber and data security risks, and any security incidents.
|Cybersecurity Risk Management Positions or Committees Responsible [Flag]
|true
|Cybersecurity Risk Management Positions or Committees Responsible [Text Block]
|
Our ERM program is overseen by a group of highly-qualified individuals and is tailored to the unique structure of our business. As a holding company with a small group of highly qualified employees, we are well positioned to maintain operations in the event of a disaster or a material disruption to our information technology ("IT") infrastructure and networks. Our CISO has extensive information technology, cybersecurity and program management experience as do many of the employees in the information security group for our third-party provider. Our CISO, as well as others in our third-party provider's information security group, hold certifications such as the Certified Information System Security Professional certification. Each of our various businesses separately maintains business continuity functions that adhere to the unique requirements of their business.The Board administers its risk oversight function directly and through committees and our Board has a strong focus on cybersecurity. Our approaches to cybersecurity and privacy are overseen by the audit committee. At each regular meeting of the audit committee of our Board, management provides reports relating to existing and emerging risk at our companies, including, as appropriate, cyber and data security risks, and any security incidents. At least annually (or more frequently in the event of material changes to the Company) the update to the audit committee includes a summary of management’s complete reassessment of the Company’s risk and control environment identified through our ERM program. Our audit committee chairman reports on these discussions to our Board on a quarterly basis.
|Cybersecurity Risk Management Expertise of Management Responsible [Text Block]
|Our ERM program is overseen by a group of highly-qualified individuals and is tailored to the unique structure of our business. As a holding company with a small group of highly qualified employees, we are well positioned to maintain operations in the event of a disaster or a material disruption to our information technology ("IT") infrastructure and networks. Our CISO has extensive information technology, cybersecurity and program management experience as do many of the employees in the information security group for our third-party provider. Our CISO, as well as others in our third-party provider's information security group, hold certifications such as the Certified Information System Security Professional certification. Each of our various businesses separately maintains business continuity functions that adhere to the unique requirements of their business.
|Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block]
|The Board administers its risk oversight function directly and through committees and our Board has a strong focus on cybersecurity. Our approaches to cybersecurity and privacy are overseen by the audit committee. At each regular meeting of the audit committee of our Board, management provides reports relating to existing and emerging risk at our companies, including, as appropriate, cyber and data security risks, and any security incidents. At least annually (or more frequently in the event of material changes to the Company) the update to the audit committee includes a summary of management’s complete reassessment of the Company’s risk and control environment identified through our ERM program. Our audit committee chairman reports on these discussions to our Board on a quarterly basis.
|Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag]
|true
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef