|
Cybersecurity Risk Management and Strategy Disclosure
|12 Months Ended
Dec. 31, 2024
|Cybersecurity Risk Management, Strategy, and Governance [Line Items]
|Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]
|
KKR’s asset management business has a cybersecurity incident response plan, which was developed taking into account industry standard guidance provided by institutes such as the National Institute of Standards and Technology. This plan is a key component of the cybersecurity program, which is generally incorporated within KKR’s enterprise risk management framework. The cybersecurity incident response plan includes details on the cybersecurity incident response management team, which includes members of the Company’s management team. The KKR CISO and KKR’s Chief Compliance Officer co-chair a cybersecurity incident response team (“KKR CIRT”), which aims to manage and mitigate the risk and impact of cybersecurity breach events at KKR’s asset management business, including those arising from third-party service providers, including but not limited to, those providers that have access to KKR’s customer and employee data. Cybersecurity considerations affect the selection and oversight of our third-party service providers. We perform cybersecurity-related diligence on third parties that have access to our systems, data or facilities. In addition to the KKR CISO and KKR’s Chief Compliance Officer, the KKR CIRT includes members of KKR’s legal, technology, compliance, risk, public affairs, human capital and finance groups. The Company also has a cybersecurity incident response plan that is consistent with that of KKR’s asset management business and has established a notification decision framework to determine when the KKR CIRT will provide notifications regarding certain cybersecurity incidents, with different severity thresholds triggering notifications to different recipient groups, including members of the Company management and the Board.The KKR information security team undertakes a variety of measures to monitor and manage the cybersecurity risks of KKR’s asset management business. KKR’s technology platforms and applications are designed to enable it to monitor user and network behavior at KKR’s asset management business, identify threats using certain analytics, and mitigate attacks across various layers of the enterprise. The KKR information security team conducts regular internal and external audits with third-party cybersecurity experts to identify and evaluate potential weaknesses in its cybersecurity systems. In addition, the KKR information security team conducts periodic phishing simulations, as well as periodic employee training on KKR’s security policies and controls and provides other security trainings as part of new employee onboarding. Additionally, the KKR CIRT conducts periodic tabletop exercises simulating a cybersecurity breach at KKR.
|Cybersecurity Risk Management Processes Integrated [Flag]
|true
|Cybersecurity Risk Management Processes Integrated [Text Block]
|KKR’s asset management business has a cybersecurity incident response plan, which was developed taking into account industry standard guidance provided by institutes such as the National Institute of Standards and Technology. This plan is a key component of the cybersecurity program, which is generally incorporated within KKR’s enterprise risk management framework.
|Cybersecurity Risk Management Third Party Engaged [Flag]
|true
|Cybersecurity Risk Third Party Oversight and Identification Processes [Flag]
|true
|Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag]
|false
|Cybersecurity Risk Board of Directors Oversight [Text Block]
|At least annually, KKR’s CISO and/or other members of the KKR information security team will present to the Board on various topics relating to KKR’s technology risks, including KKR’s cybersecurity program, the current cybersecurity threat landscape, and risk management.
|Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block]
|At least annually, KKR’s CISO and/or other members of the KKR information security team will present to the Board on various topics relating to KKR’s technology risks, including KKR’s cybersecurity program, the current cybersecurity threat landscape, and risk management.
|Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block]
|At least annually, KKR’s CISO and/or other members of the KKR information security team will present to the Board on various topics relating to KKR’s technology risks, including KKR’s cybersecurity program, the current cybersecurity threat landscape, and risk management. The Company also has a cybersecurity incident response plan that is consistent with that of KKR’s asset management business and has established a notification decision framework to determine when the KKR CIRT will provide notifications regarding certain cybersecurity incidents, with different severity thresholds triggering notifications to different recipient groups, including members of the Company management and the Board.
|Cybersecurity Risk Role of Management [Text Block]
|
The Company is managed by the Manager. As an indirect subsidiary of KKR, the Manager is subject to and participates in KKR’s processes for assessing, identifying, and managing risks from cybersecurity threats, as detailed below.
KKR’s Chief Information Security Officer (the “KKR CISO”) leads an information security team (the “KKR information security team”) whose responsibilities include securing data from unauthorized use or access. The cybersecurity strategy and program at KKR’s asset management business includes, among other things, annual employee training about cybersecurity risks and new employee onboarding about KKR’s security policies.
The KKR CISO is a member of KKR’s Operational Risk Committee. The Operational Risk Committee is comprised of senior employees from across KKR’s asset management business and operating functions. The committee focuses on significant operating and business risks, which includes among others, regulatory, cybersecurity, operational, geopolitical, and reputational risks, and is responsible for ensuring risks are identified, assessed, managed and mitigated effectively. The cybersecurity risk environment for KKR’s asset management business includes identifying and monitoring KKR’s technology risks, including those related to information security, business disruption, fraud and privacy related risks, and also promoting cybersecurity awareness at KKR.At least annually, KKR’s CISO and/or other members of the KKR information security team will present to the Board on various topics relating to KKR’s technology risks, including KKR’s cybersecurity program, the current cybersecurity threat landscape, and risk management.
|Cybersecurity Risk Management Positions or Committees Responsible [Flag]
|true
|Cybersecurity Risk Management Positions or Committees Responsible [Text Block]
|
KKR’s Chief Information Security Officer (the “KKR CISO”) leads an information security team (the “KKR information security team”) whose responsibilities include securing data from unauthorized use or access. The cybersecurity strategy and program at KKR’s asset management business includes, among other things, annual employee training about cybersecurity risks and new employee onboarding about KKR’s security policies.
The KKR CISO is a member of KKR’s Operational Risk Committee. The Operational Risk Committee is comprised of senior employees from across KKR’s asset management business and operating functions. The committee focuses on significant operating and business risks, which includes among others, regulatory, cybersecurity, operational, geopolitical, and reputational risks, and is responsible for ensuring risks are identified, assessed, managed and mitigated effectively. The cybersecurity risk environment for KKR’s asset management business includes identifying and monitoring KKR’s technology risks, including those related to information security, business disruption, fraud and privacy related risks, and also promoting cybersecurity awareness at KKR.
|Cybersecurity Risk Management Expertise of Management Responsible [Text Block]
|
Prior to joining KKR, KKR’s CISO was the CISO at another large financial institution where he was responsible for their global information security program. KKR’s CISO also has prior experience in various information security roles, including security architecture, application security, engineering and operations. He holds a Bachelor of Science in computer science from the New York University Polytechnic School of Engineering, is a Certified Information Systems Security Professional (CISSP) and holds a Series 99 – Operations Professional Exam certification.
|Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block]
|In addition to the KKR CISO and KKR’s Chief Compliance Officer, the KKR CIRT includes members of KKR’s legal, technology, compliance, risk, public affairs, human capital and finance groups. The Company also has a cybersecurity incident response plan that is consistent with that of KKR’s asset management business and has established a notification decision framework to determine when the KKR CIRT will provide notifications regarding certain cybersecurity incidents, with different severity thresholds triggering notifications to different recipient groups, including members of the Company management and the Board.
|Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag]
|true
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef