|
Cybersecurity Risk Management and Strategy Disclosure
|12 Months Ended
Dec. 31, 2024
|Cybersecurity Risk Management, Strategy, and Governance [Line Items]
|Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]
|
We employ a risk management strategy for the assessment, identification and management of material risks stemming from cybersecurity threats. Our methodologies involve a systematic evaluation of potential threats, vulnerabilities, and their potential impacts on our organization’s operations, data, and systems. Our cybersecurity risk management program includes:
•Risk assessments designed to help identify material cybersecurity risks to our critical systems, and our IT environment;
•The use of third-party service providers to assess, test or otherwise assist with aspects of our security controls;
•Cybersecurity awareness training of our employees and senior management through the use of third-party providers for regular mandatory trainings;
•A cybersecurity incident response plan that includes procedures for responding to cybersecurity incidents; and
•We design and assess our program using the National Institute Cybersecurity Framework (“NIST CSF”) as a set of guiding principles.
Our third-party service providers are primarily responsible for the security of their own information technology environments and in certain instances we rely significantly on third-party service providers to supply and store our sensitive data in a secure manner. All of these third parties face potential risks relating to cybersecurity similar to ours which could disrupt their businesses and therefore adversely impact us. While we provide guidance and specific requirements in some cases, we do not directly control any of these parties' information technology security operations, or the amount of investment they place in guarding against cybersecurity threats. Accordingly, we are subject to any flaw or breaches to their information technology systems, or those which they operate for us, which could have a material adverse effect on our financial condition or results of operations.
We face certain ongoing risks from cybersecurity threats that, if realized, are reasonably likely to materially affect us, including our operations, business strategy, results of operations, or financial condition. See “Risk Factors – The occurrence of cyber incidents or cyberattacks could disrupt our operations, result in the loss of confidential information and/or damage our business relationships and reputation.
|Cybersecurity Risk Management Processes Integrated [Flag]
|true
|Cybersecurity Risk Management Processes Integrated [Text Block]
|We employ a risk management strategy for the assessment, identification and management of material risks stemming from cybersecurity threats. Our methodologies involve a systematic evaluation of potential threats, vulnerabilities, and their potential impacts on our organization’s operations, data, and systems.
|Cybersecurity Risk Management Third Party Engaged [Flag]
|true
|Cybersecurity Risk Third Party Oversight and Identification Processes [Flag]
|true
|Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag]
|false
|Cybersecurity Risk Board of Directors Oversight [Text Block]
|Our board of directors considers cybersecurity risk as part of its risk oversight function and has delegated to the Audit Committee (the “Committee”) oversight of cybersecurity and other information technology risks. The Committee oversees management’s implementation of our cybersecurity risk management program.
|Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block]
|Our board of directors considers cybersecurity risk as part of its risk oversight function and has delegated to the Audit Committee (the “Committee”) oversight of cybersecurity and other information technology risks. The Committee oversees management’s implementation of our cybersecurity risk management program. The Committee receives periodic reports from management on our potential cybersecurity risks and threats and receives presentations on cybersecurity topics.
|Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block]
|Our board of directors considers cybersecurity risk as part of its risk oversight function and has delegated to the Audit Committee (the “Committee”) oversight of cybersecurity and other information technology risks. The Committee oversees management’s implementation of our cybersecurity risk management program. The Committee receives periodic reports from management on our potential cybersecurity risks and threats and receives presentations on cybersecurity topics. In addition, management oversees and identifies such risks from cybersecurity threats associated with our use of third-party service providers and works collaboratively with our third-party providers to test our systems security processes and prevent, monitor, detect, mediate and remediate cybersecurity threats and incidents, and will report such threats and incidents to the Audit Committee when appropriate.
|Cybersecurity Risk Role of Management [Text Block]
|
Our board of directors considers cybersecurity risk as part of its risk oversight function and has delegated to the Audit Committee (the “Committee”) oversight of cybersecurity and other information technology risks. The Committee oversees management’s implementation of our cybersecurity risk management program. The Committee receives periodic reports from management on our potential cybersecurity risks and threats and receives presentations on cybersecurity topics. In addition, management oversees and identifies such risks from cybersecurity threats associated with our use of third-party service providers and works collaboratively with our third-party providers to test our systems security processes and prevent, monitor, detect, mediate and remediate cybersecurity threats and incidents, and will report such threats and incidents to the Audit Committee when appropriate. The Committee reports to the full board of directors regarding its activities, including those related to cybersecurity.
Our Chief Executive Officer, Anthony Coniglio, leads our cybersecurity risk assessment and management processes. Mr. Coniglio is an experienced risk management professional.Mr. Coniglio has served as our Chief Executive Officer, President and Chief Investment Officer, overseeing risk management activities. Previously, Mr. Coniglio was the Chief Executive Officer of Primary Capital Mortgage Company (“PCM”), a residential mortgage company, where he was responsible for overseeing information technology, including cybersecurity, for the highly regulated business. Mr. Coniglio currently serves on the board of St. Mary’s Hospital for Children, as chair of the IT & cybersecurity committee and chair of the audit committee.
Mr. Coniglio oversees the development and enhancement of internal controls designed to prevent, detect, address, and mitigate the risk of cyber incidents. Since 2021, we have retained a third-party information technology provider to develop and maintain our information technology infrastructure, cloud network, and assist in the development of cybersecurity and information technology policies. Our third-party provider is MSPAlliance® Cyber Verified, which has been examined by an independent third-party public accounting firm and has successfully met the applicable 10 control objectives and underlying controls and requirements.
Management plays a key role in incorporating cybersecurity risk considerations into our boarder risk management framework and ensuring that essential priorities are communicated to the appropriate personnel. Management is responsible for approving cybersecurity processes, reviewing cybersecurity assessments and other cybersecurity-related matters, and responding to cybersecurity incidents, including but not limited to reporting cybersecurity incidents to the audit committee as described above. Our management team also evaluates the potential impact of cybersecurity incidents. If any such incidents should occur, management’s evaluation considers factors such as the nature. scope and materiality of the incident, and its effects on the Company’s operations.
|Cybersecurity Risk Management Positions or Committees Responsible [Flag]
|true
|Cybersecurity Risk Management Positions or Committees Responsible [Text Block]
|
Our Chief Executive Officer, Anthony Coniglio, leads our cybersecurity risk assessment and management processes. Mr. Coniglio is an experienced risk management professional.Mr. Coniglio has served as our Chief Executive Officer, President and Chief Investment Officer, overseeing risk management activities. Previously, Mr. Coniglio was the Chief Executive Officer of Primary Capital Mortgage Company (“PCM”), a residential mortgage company, where he was responsible for overseeing information technology, including cybersecurity, for the highly regulated business. Mr. Coniglio currently serves on the board of St. Mary’s Hospital for Children, as chair of the IT & cybersecurity committee and chair of the audit committee.
Mr. Coniglio oversees the development and enhancement of internal controls designed to prevent, detect, address, and mitigate the risk of cyber incidents. Since 2021, we have retained a third-party information technology provider to develop and maintain our information technology infrastructure, cloud network, and assist in the development of cybersecurity and information technology policies. Our third-party provider is MSPAlliance® Cyber Verified, which has been examined by an independent third-party public accounting firm and has successfully met the applicable 10 control objectives and underlying controls and requirements.
Management plays a key role in incorporating cybersecurity risk considerations into our boarder risk management framework and ensuring that essential priorities are communicated to the appropriate personnel. Management is responsible for approving cybersecurity processes, reviewing cybersecurity assessments and other cybersecurity-related matters, and responding to cybersecurity incidents, including but not limited to reporting cybersecurity incidents to the audit committee as described above. Our management team also evaluates the potential impact of cybersecurity incidents. If any such incidents should occur, management’s evaluation considers factors such as the nature. scope and materiality of the incident, and its effects on the Company’s operations.
|Cybersecurity Risk Management Expertise of Management Responsible [Text Block]
|Our Chief Executive Officer, Anthony Coniglio, leads our cybersecurity risk assessment and management processes. Mr. Coniglio is an experienced risk management professional.Mr. Coniglio has served as our Chief Executive Officer, President and Chief Investment Officer, overseeing risk management activities. Previously, Mr. Coniglio was the Chief Executive Officer of Primary Capital Mortgage Company (“PCM”), a residential mortgage company, where he was responsible for overseeing information technology, including cybersecurity, for the highly regulated business. Mr. Coniglio currently serves on the board of St. Mary’s Hospital for Children, as chair of the IT & cybersecurity committee and chair of the audit committee.
|Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block]
|
Mr. Coniglio oversees the development and enhancement of internal controls designed to prevent, detect, address, and mitigate the risk of cyber incidents. Since 2021, we have retained a third-party information technology provider to develop and maintain our information technology infrastructure, cloud network, and assist in the development of cybersecurity and information technology policies. Our third-party provider is MSPAlliance® Cyber Verified, which has been examined by an independent third-party public accounting firm and has successfully met the applicable 10 control objectives and underlying controls and requirements.
Management plays a key role in incorporating cybersecurity risk considerations into our boarder risk management framework and ensuring that essential priorities are communicated to the appropriate personnel. Management is responsible for approving cybersecurity processes, reviewing cybersecurity assessments and other cybersecurity-related matters, and responding to cybersecurity incidents, including but not limited to reporting cybersecurity incidents to the audit committee as described above. Our management team also evaluates the potential impact of cybersecurity incidents. If any such incidents should occur, management’s evaluation considers factors such as the nature. scope and materiality of the incident, and its effects on the Company’s operations.
|Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag]
|true
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef