|
Cybersecurity Risk Management and Strategy Disclosure
|12 Months Ended
Dec. 31, 2024
|Cybersecurity Risk Management, Strategy, and Governance [Line Items]
|Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]
|
The Company has processes and procedures in place to monitor the prevention, detection, mitigation, and remediation of cybersecurity risks. These include but are not limited to:
•Maintaining a defined and practiced incident response plan;
•Maintaining cyber insurance coverage;
•Employing appropriate incident prevention and detection software, such as antivirus, anti-malware, firewall, endpoint detection, and identity and access management;
•Maintaining a defined disaster recovery policy and employing backup/disaster recovery software, where appropriate;
•Educating, training, and testing employees on information security practices and identification of potential cybersecurity risks and threats;
•Ensuring familiarity and compliance with cybersecurity frameworks where appropriate; and
•Reviewing and evaluating new developments in the cyber threat landscape.
|Cybersecurity Risk Management Processes Integrated [Flag]
|true
|Cybersecurity Risk Management Processes Integrated [Text Block]
|Arcosa has strategically integrated cybersecurity risk management into its broader risk management framework to promote a company-wide culture of cyber risk awareness. Arcosa's Chief Information Security Officer ("CISO") and Senior Director of Information Security work closely with the IT department to continuously evaluate and address cybersecurity risks in alignment with business objectives, operational needs, and industry-accepted standards, such as the CIS Critical Security Controls and National Institute of Standards and Technology ("NIST") frameworks.
|Cybersecurity Risk Management Third Party Engaged [Flag]
|true
|Cybersecurity Risk Third Party Oversight and Identification Processes [Flag]
|true
|Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag]
|false
|Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Text Block]
|
Arcosa has not been subject to cybersecurity incidents that have materially affected, or are reasonably likely to materially affect the Company, its operations, or financial standing.
|Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block]
|
The Board's Audit Committee is responsible for overseeing the Company's cyber risk. The CISO and other experts, as necessary provide the Audit Committee quarterly updates that encompass a broad range of topics, including but not limited to:
•Current and emerging cybersecurity threat landscape;
•Status of ongoing cybersecurity initiatives and strategies;
•Incident reports and learnings from unique cybersecurity events, including those of other companies;
•Compliance status and efforts with regulatory requirements and industry standards; and
•Benchmarked data on the performance of certain aspects of our cybersecurity program relative to our peers.
|Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block]
|
In addition, the CISO provides updates to the full Board upon request and updates the Board on unique developments, such as regulatory updates or unique vulnerability developments. Our Board is composed of members with diverse expertise including risk management, technology, and finance, equipping them to oversee cybersecurity risks effectively.
|Cybersecurity Risk Role of Management [Text Block]
|Arcosa's cybersecurity risk management program is overseen by management at multiple levels. The CISO and Senior Director of Information Security play key roles in assessing, monitoring, and managing the Company's cybersecurity risks with support of dedicated information technology and security personnel.
|Cybersecurity Risk Management Expertise of Management Responsible [Text Block]
|Both the CISO and Senior Director of Information Security have been in their respective roles at Arcosa for over 6 years. The CISO has over 40 years of leadership positions in the high tech and IT industries. He is experienced in detailed product and solution development as well as business process operations providing an understanding of how cybersecurity considerations intersect the business. The Senior Director of Information Security and Compliance at Arcosa has more than 20 years of experience architecting, designing, and deploying security solutions based on industrial frameworks.
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef