|
Cybersecurity Risk Management and Strategy Disclosure
|12 Months Ended
Jun. 30, 2025
|Cybersecurity Risk Management, Strategy, and Governance [Line Items]
|Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]
|
Our security program is designed to reflect our business objectives, meet relevant laws and regulations, prevent unauthorized use of or access to our information systems, and maintain information assets' confidentiality, integrity, and availability. Our policies and processes are guided by security requirements specific to our operating environment, laws, and regulations that are relevant to us and information security best practices.
Risk Management and Strategy
The Company’s cybersecurity strategy includes recognition and deployment of the following:
a.A formal approach to enterprise risk management encompassing finance, operational risk management, and Information Technology (“IT”) to manage the business and technology-related challenges and required regulatory compliance obligations
i.Board approved Information Security policies that are reviewed annually
ii.An IT infrastructure architecture that has been designed and implemented with security at its core in order to enable key business activities while ensuring the confidentiality, integrity, and availability of our technology infrastructure and critical business and customer data. The Network Security Architecture design focuses on our ability to:
i.Identify and understand organizational risks to critical systems, assets, data & capabilities
ii.Protect our environment by putting in safeguards
iii.Detect potential threats by developing and implementing the appropriate activities to identify the occurrence of a cybersecurity event
iv.Respond to and take the appropriate action regarding a detected cybersecurity incident
v.Recover and restore any capabilities or services that were impaired due to a cybersecurity incident
To reduce the risks from cybersecurity threats associated with our use of third-party service providers, we have a supplier relationship policy and process which outlines information security requirements for mitigating the risks associated with supplier’s access to our organization’s assets. This policy must be agreed to by the supplier, documented, and reviewed annually.
SelectQuote has a network of third-party, industry leading, security experts whom they engage to independently test, assess and evaluate our risk management practices. We routinely engage in risk management activities designed to identify potential vulnerabilities; which, if identified, are planned for remediation.
|Cybersecurity Risk Management Processes Integrated [Flag]
|true
|Cybersecurity Risk Management Processes Integrated [Text Block]
|
The Company’s cybersecurity strategy includes recognition and deployment of the following:
a.A formal approach to enterprise risk management encompassing finance, operational risk management, and Information Technology (“IT”) to manage the business and technology-related challenges and required regulatory compliance obligations
i.Board approved Information Security policies that are reviewed annually
ii.An IT infrastructure architecture that has been designed and implemented with security at its core in order to enable key business activities while ensuring the confidentiality, integrity, and availability of our technology infrastructure and critical business and customer data. The Network Security Architecture design focuses on our ability to:
i.Identify and understand organizational risks to critical systems, assets, data & capabilities
ii.Protect our environment by putting in safeguards
iii.Detect potential threats by developing and implementing the appropriate activities to identify the occurrence of a cybersecurity event
iv.Respond to and take the appropriate action regarding a detected cybersecurity incident
v.Recover and restore any capabilities or services that were impaired due to a cybersecurity incident
To reduce the risks from cybersecurity threats associated with our use of third-party service providers, we have a supplier relationship policy and process which outlines information security requirements for mitigating the risks associated with supplier’s access to our organization’s assets. This policy must be agreed to by the supplier, documented, and reviewed annually.
|Cybersecurity Risk Management Third Party Engaged [Flag]
|true
|Cybersecurity Risk Third Party Oversight and Identification Processes [Flag]
|true
|Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag]
|false
|Cybersecurity Risk Board of Directors Oversight [Text Block]
|
Governance
Day to day management of our cybersecurity program is the responsibility of the Director, Information Technology Security. The Director manages an internal team of security professionals, as well as a third-party managed security operations center which provides 24/7 security monitoring. Our Director of IT Security reports to the Chief Information Officer. The two, combined, have over 50 years of experience in the information technology field and 30 years in IT security.
Our Board of Directors recognizes the importance of cybersecurity in safeguarding the Company’s sensitive data. The Board of Directors has oversight responsibilities for risk management with a focus on the most significant risks facing us, including strategic, operational, financial and legal compliance risks. The Board’s risk oversight process builds upon management’s risk assessment and mitigation processes, which include an enterprise risk management program of which our cybersecurity processes are an integral component.
Our Board implements its risk oversight function both as a board and through delegation to board committees, which meet regularly and report back to the Board, including delegating oversight of specific risks to board committees that align with their functional responsibilities. Our Audit Committee assists the Board in overseeing the enterprise risk management program and evaluates and monitors risks related to, among other things, the company’s information security program. Our Audit Committee assesses cybersecurity and information technology risks and the controls implemented to monitor and mitigate these risks. Our Chief Information Officer and Director of Information Technology Security periodically attend meetings and provide quarterly cybersecurity updates to the Audit Committee, and as needed, to the Board.
Our Chief Information Officer and Director of IT Security report directly to the Audit Committee of the Board of Directors on our cybersecurity program and efforts to prevent, detect, mitigate, and remediate issues at least once annually or more frequently as determined to be necessary or advisable. In addition, we have an escalation process in place to inform senior management and the Board of Directors when it is appropriate under the circumstances.
We, like any company, have experienced cybersecurity incidents in the past. However, as of the date of this Annual Report on Form 10-K, we have not experienced any cybersecurity incidents which have been determined to be material. For additional information regarding whether any risks from cybersecurity threats, including as a result of any previous cybersecurity incidents, have materially affected or are reasonably likely to materially affect our company, including our business, operating results and financial condition, please refer to Part I, Item 1A, Risk Factors, in this Annual Report on Form 10-K.
|Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block]
|
Day to day management of our cybersecurity program is the responsibility of the Director, Information Technology Security. The Director manages an internal team of security professionals, as well as a third-party managed security operations center which provides 24/7 security monitoring. Our Director of IT Security reports to the Chief Information Officer. The two, combined, have over 50 years of experience in the information technology field and 30 years in IT security.
|Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block]
|Our Director of IT Security reports to the Chief Information Officer. The two, combined, have over 50 years of experience in the information technology field and 30 years in IT security.
Our Board of Directors recognizes the importance of cybersecurity in safeguarding the Company’s sensitive data. The Board of Directors has oversight responsibilities for risk management with a focus on the most significant risks facing us, including strategic, operational, financial and legal compliance risks. The Board’s risk oversight process builds upon management’s risk assessment and mitigation processes, which include an enterprise risk management program of which our cybersecurity processes are an integral component.
Our Board implements its risk oversight function both as a board and through delegation to board committees, which meet regularly and report back to the Board, including delegating oversight of specific risks to board committees that align with their functional responsibilities. Our Audit Committee assists the Board in overseeing the enterprise risk management program and evaluates and monitors risks related to, among other things, the company’s information security program. Our Audit Committee assesses cybersecurity and information technology risks and the controls implemented to monitor and mitigate these risks. Our Chief Information Officer and Director of Information Technology Security periodically attend meetings and provide quarterly cybersecurity updates to the Audit Committee, and as needed, to the Board.
|Cybersecurity Risk Role of Management [Text Block]
|
Our Board of Directors recognizes the importance of cybersecurity in safeguarding the Company’s sensitive data. The Board of Directors has oversight responsibilities for risk management with a focus on the most significant risks facing us, including strategic, operational, financial and legal compliance risks. The Board’s risk oversight process builds upon management’s risk assessment and mitigation processes, which include an enterprise risk management program of which our cybersecurity processes are an integral component.
|Cybersecurity Risk Management Positions or Committees Responsible [Flag]
|true
|Cybersecurity Risk Management Positions or Committees Responsible [Text Block]
|
Our Board of Directors recognizes the importance of cybersecurity in safeguarding the Company’s sensitive data. The Board of Directors has oversight responsibilities for risk management with a focus on the most significant risks facing us, including strategic, operational, financial and legal compliance risks. The Board’s risk oversight process builds upon management’s risk assessment and mitigation processes, which include an enterprise risk management program of which our cybersecurity processes are an integral component.
Our Board implements its risk oversight function both as a board and through delegation to board committees, which meet regularly and report back to the Board, including delegating oversight of specific risks to board committees that align with their functional responsibilities. Our Audit Committee assists the Board in overseeing the enterprise risk management program and evaluates and monitors risks related to, among other things, the company’s information security program. Our Audit Committee assesses cybersecurity and information technology risks and the controls implemented to monitor and mitigate these risks. Our Chief Information Officer and Director of Information Technology Security periodically attend meetings and provide quarterly cybersecurity updates to the Audit Committee, and as needed, to the Board.
Our Chief Information Officer and Director of IT Security report directly to the Audit Committee of the Board of Directors on our cybersecurity program and efforts to prevent, detect, mitigate, and remediate issues at least once annually or more frequently as determined to be necessary or advisable. In addition, we have an escalation process in place to inform senior management and the Board of Directors when it is appropriate under the circumstances.
|Cybersecurity Risk Management Expertise of Management Responsible [Text Block]
|over 50 years of experience
|Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block]
|
Our Chief Information Officer and Director of IT Security report directly to the Audit Committee of the Board of Directors on our cybersecurity program and efforts to prevent, detect, mitigate, and remediate issues at least once annually or more frequently as determined to be necessary or advisable. In addition, we have an escalation process in place to inform senior management and the Board of Directors when it is appropriate under the circumstances.
|Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag]
|true
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef