|
Cybersecurity Risk Management and Strategy Disclosure
|12 Months Ended
Dec. 31, 2024
|Cybersecurity Risk Management, Strategy, and Governance [Line Items]
|Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]
|
Mitigation Efforts
The Company follows a structured risk management framework to identify, assess, and mitigate cybersecurity risks. This framework includes risk assessments, threat intelligence analysis, vulnerability scanning, and penetration testing. Risks are prioritized based on their potential impact on our operations, reputation, and financial stability. The Company has implemented various measures to mitigate cybersecurity risks, including:
•Implementing robust cybersecurity policies, procedures, and controls. The Company maintains comprehensive cybersecurity policies and procedures to guide its cybersecurity efforts. These policies cover areas such as access controls, data encryption, incident response, employee training, and third-party risk management. Policies are regularly reviewed and updated to address emerging threats and changes in regulations or industry standards.
•Investing in cybersecurity technologies, such as Security Information and Event Management (SIEM) with associated Security Operations Center (SOC), firewalls, intrusion detection systems, and encryption solutions.
•Conducting regular cybersecurity risk assessments and vulnerability scans.
•Providing cybersecurity awareness training for employees and contractors. Our employees receive regular training and we develop awareness programs to educate employees about cybersecurity risks and best practices. Training covers topics such as phishing awareness, password security, data handling procedures, and incident reporting. Employees are encouraged to remain vigilant and report any suspicious activity promptly.
•Developing and testing incident response plans designed for timely detection, containment, and recovery from cybersecurity incidents. The Company maintains a robust incident response plan to address cybersecurity incidents promptly and effectively. The plan defines roles and responsibilities for responding to incidents, establishes communication protocols, and outlines procedures for containing and mitigating the impact of incidents. The plan is regularly tested through tabletop exercises and incident simulations for preparedness.
•Engaging with external cybersecurity experts, industry partners, and government agencies to share threat intelligence and best practices.
•The Company assesses and manages cybersecurity risks associated with third-party vendors, suppliers, and service providers. This includes conducting due diligence on third-party cybersecurity practices, including contractual obligations for cybersecurity controls, incident response requirements, and ongoing monitoring of third-party performance.
•Alignment to new regulations such as the EU Digital Operational Resilience Act, commonly known as DORA, and identification of important business services along with the corresponding measures required by IT to improve Recovery Time Objective (RTO) and Recovery Point Objective (RPO). The Company also complies with certain cybersecurity regulations, industry standards, and best practices. This includes measures designed for compliance with laws such as the EU General Data Protection Regulation (GDPR). The Company has also implemented certain measures designed for alignment with the cybersecurity framework of the National Institute of Standards and Technology (NIST) and is also aligning to the International Organization for Standardization (ISO) 27001. IGI’s cybersecurity practices are also reviewed as part of the annual SOX/ITGC process.
•Continuous improvement in cybersecurity governance. This includes ongoing reviews of cybersecurity policies and procedures, assessments of emerging threats and technologies, and investments in cybersecurity
tools and capabilities. Lessons learned from cybersecurity incidents are used to inform improvements and enhance our overall cybersecurity posture.
|Cybersecurity Risk Management Processes Integrated [Flag]
|true
|Cybersecurity Risk Management Processes Integrated [Text Block]
|Potential cybersecurity risks are assessed as part of our broader enterprise-wide risk management process, with oversight from the board of directors and Group Chief Information and Security Officer (“CISO”), for alignment with our risk appetite and corporate strategy.
|Cybersecurity Risk Management Third Party Engaged [Flag]
|true
|Cybersecurity Risk Third Party Oversight and Identification Processes [Flag]
|true
|Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag]
|false
|Cybersecurity Risk Board of Directors Oversight [Text Block]
|
Board Oversight:
•The board of directors oversees cybersecurity risks as part of its overall governance responsibilities. Cybersecurity risks and mitigation efforts are reported to the board on a periodic basis through the CISO Pack, which is presented by the Vice President of IT (VP IT) and delegates. The CISO Pack includes an overview of material cybersecurity risks, incident trends, remediation efforts, and key cybersecurity performance metrics. While there is no dedicated board subcommittee for cybersecurity risk oversight, the IT Committee (IT Steerco), led by the Company’s VP IT and delegates, plays a key role in assessing and managing material cybersecurity risks and provides updates to the board as part of the governance framework.
•The Company’s VP IT also acts as the Company’s CISO and is supported by IT Governance and IT Security Engineers in the IT Department.
|Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block]
|While there is no dedicated board subcommittee for cybersecurity risk oversight, the IT Committee (IT Steerco), led by the Company’s VP IT and delegates, plays a key role in assessing and managing material cybersecurity risks and provides updates to the board as part of the governance framework.
|Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block]
|The Company’s IT Steerco is informed about cybersecurity incidents through the CISO Pack, which is presented periodically to the board and senior management. The CISO pack includes cybersecurity risk assessments, key incidents, remediation actions, and ongoing mitigation efforts. Additionally, security engineers and the IT governance team within the IT department play a key role in continuously monitoring cybersecurity incidents, providing technical assessments, and ensuring that prevention, detection, mitigation, and remediation efforts are effectively implemented and reported to the IT Steerco.
|Cybersecurity Risk Role of Management [Text Block]
|
Executive Leadership:
The Company’s IT Committee (IT Steerco), led by the VP IT, reports information about material risks from cybersecurity threats to the board of directors. The IT Steerco assesses and manages material risks from cybersecurity threats, including by setting our cybersecurity strategy, approving cybersecurity policies and procedures, and reviewing cybersecurity risk assessments and incident reports. The VP IT has extensive experience in developing and implementing cyber and information security strategies in his current and previous roles aligned to National Institute of Standards and Technology (NIST) and ISO 27001 frameworks. Additionally, the VP IT has developed and implemented an information security roadmap based on current and future appetite, risks and impact to achieve IGI’s cybersecurity objectives. The VP IT is also responsible for implementing cybersecurity measures and reporting to senior management and the board. The Company’s IT Steerco is informed about cybersecurity incidents through the CISO Pack, which is presented periodically to the board and senior management. The CISO pack includes cybersecurity risk assessments, key incidents, remediation actions, and ongoing mitigation efforts. Additionally, security engineers and the IT governance team within the IT department play a key role in continuously monitoring cybersecurity incidents, providing technical assessments, and ensuring that prevention, detection, mitigation, and remediation efforts are effectively implemented and reported to the IT Steerco.
|Cybersecurity Risk Management Positions or Committees Responsible [Flag]
|true
|Cybersecurity Risk Management Positions or Committees Responsible [Text Block]
|The Company’s VP IT also acts as the Company’s CISO and is supported by IT Governance and IT Security Engineers in the IT Department.
|Cybersecurity Risk Management Expertise of Management Responsible [Text Block]
|The VP IT has extensive experience in developing and implementing cyber and information security strategies in his current and previous roles aligned to National Institute of Standards and Technology (NIST) and ISO 27001 frameworks. Additionally, the VP IT has developed and implemented an information security roadmap based on current and future appetite, risks and impact to achieve IGI’s cybersecurity objectives.
|Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block]
|The Company’s IT Steerco is informed about cybersecurity incidents through the CISO Pack, which is presented periodically to the board and senior management. The CISO pack includes cybersecurity risk assessments, key incidents, remediation actions, and ongoing mitigation efforts. Additionally, security engineers and the IT governance team within the IT department play a key role in continuously monitoring cybersecurity incidents, providing technical assessments, and ensuring that prevention, detection, mitigation, and remediation efforts are effectively implemented and reported to the IT Steerco.
|Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag]
|true
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef