XML 90 R50.htm IDEA: XBRL DOCUMENT v3.26.1
Cybersecurity Risk Management and Strategy Disclosure
 12 Months Ended
Dec. 31, 2025
Cybersecurity Risk Management, Strategy, and Governance [Line Items]  
Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block] Marex recognizes the critical importance of safeguarding information assets and managing
cybersecurity risks across its enterprise. Cybersecurity considerations are integrated into Marex’s
operational processes and its enterprise risk management framework. These considerations are aligned
with the methodologies, reporting structures, and governance processes that apply to other key risk
categories, including legal, compliance, strategic, operational, and financial risks.
As part of this integrated approach, Marex has implemented a layered cybersecurity risk
management program designed to identify, assess, and manage cybersecurity risks.
Our cybersecurity program is informed by recognized frameworks and standards, including the
National Institute of Standards and Technology (NIST) Cybersecurity Framework, ISO/IEC 27001, and
relevant industry best practices. Reference to these frameworks does not represent a statement that
Marex complies with any specific technical standard or certification. Rather, these frameworks are used
as guides to support the identification, assessment, and management of cybersecurity risks relevant to
our business.
Key components of Marex’s cybersecurity risk management program include, but are not limited
to:
Cybersecurity risk assessments intended to identify material risks arising from cybersecurity
threats to our critical systems and information;
A dedicated security function with primary responsibility for (i) cybersecurity risk assessment
processes, (ii) the design and operation of security controls, and (iii) the coordination of responses
to cybersecurity incidents;
Cybersecurity awareness and training programs for employees, including personnel involved in
incident response, as well as senior management;
A range of technical and procedural measures designed to prevent, detect, escalate, investigate,
remediate, and recover from identified vulnerabilities and cybersecurity incidents in a timely
manner, including monitoring and detection tools, internal reporting mechanisms, and other
security controls;
A formal cybersecurity incident response plan that sets out processes and procedures for
responding to cybersecurity incidents; and
The engagement, where appropriate, of third-party service providers and consultants to assess,
test, monitor, or otherwise support aspects of our cybersecurity processes and controls.
Recognizing that third-party vendors and service providers are an integral part of our operations,
Marex maintains a third-party risk management program to evaluate the risks from key vendors are
commensurate with the vendor’s criticality and risk profile.
As previously disclosed, in January 2023, ION, a third-party service provider on which Marex
relies for certain back-office services, experienced a cybersecurity incident that temporarily disrupted
access to trade management and reporting systems. Based on information available to us, no personal
information was lost or exfiltrated as a result of this incident. Following the incident, ION implemented
additional security measures.
Based on Marex’s assessment, this incident did not have, and is not reasonably likely to have in
the future, a material impact on our operations, business strategy, results of operations, or financial
condition. Other than as disclosed, we have not identified cybersecurity threats that have materially
affected us, including our operations, business strategy, results of operations, or financial condition.
Nevertheless, Marex is subject to cybersecurity risks that, if realized, could be reasonably likely to
materially affect our operations, business strategy, results of operations, or financial condition. For
additional information regarding these risks, see “Risk Factors – If we or our third-party providers fail to
protect our IT systems or confidential information, this could, among other things, limit our ability to
conduct our operations and lead to legal liability, material financial penalties, or damage to our reputation,
which could materially affect our business, results of operations, and financial condition.”
Cybersecurity Risk Management Processes Integrated [Flag] true
Cybersecurity Risk Management Processes Integrated [Text Block] Our cybersecurity program is informed by recognized frameworks and standards, including the
National Institute of Standards and Technology (NIST) Cybersecurity Framework, ISO/IEC 27001, and
relevant industry best practices. Reference to these frameworks does not represent a statement that
Marex complies with any specific technical standard or certification. Rather, these frameworks are used
as guides to support the identification, assessment, and management of cybersecurity risks relevant to
our business.
Key components of Marex’s cybersecurity risk management program include, but are not limited
to:
Cybersecurity risk assessments intended to identify material risks arising from cybersecurity
threats to our critical systems and information;
A dedicated security function with primary responsibility for (i) cybersecurity risk assessment
processes, (ii) the design and operation of security controls, and (iii) the coordination of responses
to cybersecurity incidents;
Cybersecurity awareness and training programs for employees, including personnel involved in
incident response, as well as senior management;
A range of technical and procedural measures designed to prevent, detect, escalate, investigate,
remediate, and recover from identified vulnerabilities and cybersecurity incidents in a timely
manner, including monitoring and detection tools, internal reporting mechanisms, and other
security controls;
A formal cybersecurity incident response plan that sets out processes and procedures for
responding to cybersecurity incidents; and
The engagement, where appropriate, of third-party service providers and consultants to assess,
test, monitor, or otherwise support aspects of our cybersecurity processes and controls.
Recognizing that third-party vendors and service providers are an integral part of our operations,
Marex maintains a third-party risk management program to evaluate the risks from key vendors are
commensurate with the vendor’s criticality and risk profile.
Cybersecurity Risk Management Third Party Engaged [Flag] true
Cybersecurity Risk Third Party Oversight and Identification Processes [Flag] true
Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag] false
Cybersecurity Risk Board of Directors Oversight [Text Block] The Board of Directors considers cybersecurity risk as part of its overall risk oversight
responsibilities and has delegated primary oversight of cybersecurity to the Risk Committee (the
“Committee”), including oversight of Marex’s cybersecurity risk management program.
The Committee receives regular, at least quarterly, updates from management regarding
cybersecurity risks. Management also provides additional updates to the Committee, where it deems
appropriate, regarding cybersecurity incidents that it considers significant.
The Committee reports to the Board on its activities, including matters relating to cybersecurity. In
addition, the Board receives briefings from management on Marex’s cybersecurity risk management
program. As part of the Board’s continuing education, directors periodically receive presentations on
cybersecurity topics from the Head of Information Security, internal security personnel, or external
subject-matter experts.
Marex’s management team, including the Chief Technology Officer and Chief Risk Officer, is
responsible for assessing and managing material cybersecurity risks. This team has primary responsibility
for the overall cybersecurity risk management program and oversees both internal cybersecurity
personnel and external cybersecurity consultants engaged by Marex. Members of the management team
each have more than 20 years of relevant industry experience.
Management supervises efforts to prevent, detect, mitigate and remediate cybersecurity risks and
incidents through a variety of mechanisms, including regular briefings from internal security teams; threat
intelligence and other information obtained from governmental, public and private sources; input from
external advisors; and alerts and reports generated by security tools deployed within the IT environment.
Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block] The Board of Directors considers cybersecurity risk as part of its overall risk oversight
responsibilities and has delegated primary oversight of cybersecurity to the Risk Committee (the
“Committee”), including oversight of Marex’s cybersecurity risk management program.
Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block] The Committee receives regular, at least quarterly, updates from management regarding
cybersecurity risks. Management also provides additional updates to the Committee, where it deems
appropriate, regarding cybersecurity incidents that it considers significant.
The Committee reports to the Board on its activities, including matters relating to cybersecurity. In
addition, the Board receives briefings from management on Marex’s cybersecurity risk management
program. As part of the Board’s continuing education, directors periodically receive presentations on
cybersecurity topics from the Head of Information Security, internal security personnel, or external
subject-matter experts.
Cybersecurity Risk Role of Management [Text Block] Marex’s management team, including the Chief Technology Officer and Chief Risk Officer, is
responsible for assessing and managing material cybersecurity risks. This team has primary responsibility
for the overall cybersecurity risk management program and oversees both internal cybersecurity
personnel and external cybersecurity consultants engaged by Marex. Members of the management team
each have more than 20 years of relevant industry experience.
Management supervises efforts to prevent, detect, mitigate and remediate cybersecurity risks and
incidents through a variety of mechanisms, including regular briefings from internal security teams; threat
intelligence and other information obtained from governmental, public and private sources; input from
external advisors; and alerts and reports generated by security tools deployed within the IT environment.
Cybersecurity Risk Management Positions or Committees Responsible [Flag] true
Cybersecurity Risk Management Positions or Committees Responsible [Text Block] Marex’s management team, including the Chief Technology Officer and Chief Risk Officer, is responsible for assessing and managing material cybersecurity risks.
Cybersecurity Risk Management Expertise of Management Responsible [Text Block] Members of the management team
each have more than 20 years of relevant industry experience.
Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block] The Committee reports to the Board on its activities, including matters relating to cybersecurity. In
addition, the Board receives briefings from management on Marex’s cybersecurity risk management
program. As part of the Board’s continuing education, directors periodically receive presentations on
cybersecurity topics from the Head of Information Security, internal security personnel, or external
subject-matter experts.
Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag] true