|
Cybersecurity Risk Management and Strategy Disclosure
|12 Months Ended
Dec. 31, 2024
|Cybersecurity Risk Management, Strategy, and Governance [Line Items]
|Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]
|At TWFG, cybersecurity risk management is an important part of our overall enterprise risk management program. Our cybersecurity risk management program provides a framework for handling cybersecurity threats and incidents and involves coordination across different departments of our Company. The framework is informed in part by the National Institute of Standards and Technology (NIST) Cybersecurity Framework, although this does not imply that we meet all technical standards, specifications or requirements under the NIST. This framework includes assessing the severity of cybersecurity threats, identifying the sources of cybersecurity threats including whether the cybersecurity threats are associated with third-party service providers, implementing cybersecurity mitigation strategies and informing management and our board of directors of material cybersecurity threats and incidents. Our vendor management process may include reviewing the cybersecurity practices of third-party providers, contractually imposing obligations on the provider, conducting security assessments, and conducting periodic reassessment during their engagement. We have a cybersecurity incident response plan and dedicated teams to respond to cybersecurity incidents, and we conduct an annual tabletop exercise to test our incident preparedness and response process. Our cybersecurity team also engages our third-party Security Operations Center and IT advisors for security risk assessments and security management. In addition, we provide security awareness training to help our employees understand their information protection and cybersecurity responsibilities.
|Cybersecurity Risk Management Processes Integrated [Flag]
|true
|Cybersecurity Risk Management Processes Integrated [Text Block]
|At TWFG, cybersecurity risk management is an important part of our overall enterprise risk management program. Our cybersecurity risk management program provides a framework for handling cybersecurity threats and incidents and involves coordination across different departments of our Company. T
|Cybersecurity Risk Management Third Party Engaged [Flag]
|true
|Cybersecurity Risk Third Party Oversight and Identification Processes [Flag]
|true
|Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag]
|false
|Cybersecurity Risk Board of Directors Oversight [Text Block]
|In addition to this board-level oversight, our Information Technology Governance Committee (“ITGC”), a management committee, is responsible for overseeing and managing our cybersecurity risks
|Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block]
|The Audit Committee of our board of directors is responsible for board-level oversight and management of our cybersecurity risks
|Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block]
|The Audit Committee of our board of directors is responsible for board-level oversight and management of our cybersecurity risks. In addition to this board-level oversight, our Information Technology Governance Committee (“ITGC”), a management committee, is responsible for overseeing and managing our cybersecurity risks. The ITGC includes our Chief Operating Officer, General Counsel and senior management in the technology teams, and is supported by our third-party Chief Information Security Officer (“CISO”) and Security Operations Center provider. Our CISO has over twenty years of experience in managing cybersecurity risks, disaster recovery, and business continuity and is a Certified Information Systems Security Professional (CISSP) and Master Business Continuity Professional (MBCP).
|Cybersecurity Risk Role of Management [Text Block]
|The Audit Committee of our board of directors is responsible for board-level oversight and management of our cybersecurity risks. In addition to this board-level oversight, our Information Technology Governance Committee (“ITGC”), a management committee, is responsible for overseeing and managing our cybersecurity risks. The ITGC includes our Chief Operating Officer, General Counsel and senior management in the technology teams, and is supported by our third-party Chief Information Security Officer (“CISO”) and Security Operations Center provider. Our CISO has over twenty years of experience in managing cybersecurity risks, disaster recovery, and business continuity and is a Certified Information Systems Security Professional (CISSP) and Master Business Continuity Professional (MBCP). The ITGC is responsible for identifying, considering and assessing material cybersecurity risks on an ongoing basis, establishing processes to monitor such potential cybersecurity risk exposures, implementing appropriate mitigation measures and maintaining cybersecurity policies. The ITGC takes steps to remain informed about and monitor efforts to prevent, detect, mitigate, and remediate cybersecurity risks and incidents through various means, which may include briefings from internal security personnel; threat intelligence and other information obtained from governmental, public or private sources, including third-party consultants engaged by us; and alerts and reports produced by security tools deployed in our IT environment. The ITGC conducts regular meetings throughout the year, and reports on cybersecurity risks at the quarterly meetings of the Audit Committee. Based on these reports, the board of directors may request follow-up information to address any specific concerns and recommendations.
|Cybersecurity Risk Management Positions or Committees Responsible [Flag]
|true
|Cybersecurity Risk Management Positions or Committees Responsible [Text Block]
|The Audit Committee of our board of directors is responsible for board-level oversight and management of our cybersecurity risks. In addition to this board-level oversight, our Information Technology Governance Committee (“ITGC”), a management committee, is responsible for overseeing and managing our cybersecurity risks. The ITGC includes our Chief Operating Officer, General Counsel and senior management in the technology teams, and is supported by our third-party Chief Information Security Officer (“CISO”) and Security Operations Center provider
|Cybersecurity Risk Management Expertise of Management Responsible [Text Block]
|Our CISO has over twenty years of experience in managing cybersecurity risks, disaster recovery, and business continuity and is a Certified Information Systems Security Professional (CISSP) and Master Business Continuity Professional (MBCP)
|Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block]
|The ITGC is responsible for identifying, considering and assessing material cybersecurity risks on an ongoing basis, establishing processes to monitor such potential cybersecurity risk exposures, implementing appropriate mitigation measures and maintaining cybersecurity policies. The ITGC takes steps to remain informed about and monitor efforts to prevent, detect, mitigate, and remediate cybersecurity risks and incidents through various means, which may include briefings from internal security personnel; threat intelligence and other information obtained from governmental, public or private sources, including third-party consultants engaged by us; and alerts and reports produced by security tools deployed in our IT environment. The ITGC conducts regular meetings throughout the year, and reports on cybersecurity risks at the quarterly meetings of the Audit Committee. Based on these reports, the board of directors may request follow-up information to address any specific concerns and recommendations.
|Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag]
|true
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef