Cybersecurity Risk Management and Strategy Disclosure	12 Months Ended
Dec. 31, 2024
Cybersecurity Risk Management, Strategy, and Governance [Line Items]
Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]	Cybersecurity risk oversight and management is a critical component of the Company’s overall enterprise risk management and top priority for the Company and its Board of Directors. The Company’s Board of Directors has delegated management of Enterprise Risk Management, which includes cybersecurity, to the HEI and Hawaiian Electric Audit and Risk Committees (collectively, the ARCs). The ARCs exercise their oversight responsibility of cybersecurity through quarterly (or more frequently if necessary) cybersecurity risk updates and reports of incidents, if any, by management (primarily the Utilities’ Chief Information Officer and Chief Information Security Officer). In early 2023, in recognition of the increased cybersecurity threats and heightened cybersecurity risks facing the Company, the ARCs formed the Cybersecurity Working Group (CWG), which is currently comprised of two directors, one from each of the HEI and Hawaiian Electric Boards of Directors. The purpose of the CWG is to oversee and conduct periodic meetings with management to discuss cyber risk, risk treatment, and operational activities relative to cyber risk treatment and to report matters to the ARCs. The CWG also evaluates cybersecurity areas highlighted by the ARCs including areas the CWG deems higher risk or topical and reports back to the ARCs on a quarterly basis. The CWG also coordinates with the Company’s management on regular trainings and tabletop exercises for the Board of Directors. Electric utility System overview. The Utilities rely on evolving and increasingly complex operational and information systems, networks and other technologies, which are interconnected with the systems and network infrastructure owned by third parties, to support a variety of business processes and activities, including procurement and supply chain, invoicing and collection of payments, customer relationship management, human resource management, the acquisition, generation and delivery of electrical service to customers, and to process financial information and results of operations for internal and external reporting and compliance with regulatory, financial reporting, legal and tax requirements. The Utilities use their systems and infrastructure to create, collect, store, and process sensitive information, including personal information regarding customers, employees and their dependents, retirees, and other individuals. Risk management and strategy. The Utilities have a cybersecurity program in place, which is integrated into the overall risk management program and includes a risk management strategy and risk assessment policy, which are disseminated and maintained by the Chief Information Security Officer (CISO), revisited annually and govern the enterprise cybersecurity risk and maturity assessment process. The program is aligned with the National Institute of Standards and Technology (NIST) Cybersecurity Framework (CSF), and leverages a risk-based approach to optimize security investment and advance the security program’s maturity and security posture over time. The Utilities’ cybersecurity program adopts security measures designed to protect the confidentiality, integrity, and availability of information technology systems, network infrastructure and other assets. The Utilities’ security measures, such as awareness and training, monitoring, etc. are designed to prevent, detect, and minimize the effects of a cybersecurity incident. These measures are periodically evaluated and audited against the NIST CSF by internal audit and independent third-party cybersecurity specialists. The CISO actively monitors developments in the area of cybersecurity and is involved in various related government and industry groups and briefs the Company’s Board quarterly or as needed on relevant cybersecurity issues. The Utilities continue to make investments in their cybersecurity program, including personnel, technologies, cyber insurance and training of Utilities personnel. The Utilities have disaster recovery and incident response plans in place to protect their businesses from information technology service interruptions. The disaster recovery plans are established to help prevent the loss of customer data, service interruptions and disruptions to operations or damage to important facilities. In addition, the Utilities also maintain cyber liability insurance that covers certain damages caused by cyber incidents. Despite the Utilities’ security measures, all of their systems are vulnerable to disability, failures or unauthorized access caused by natural disasters, cybersecurity incidents, security breaches, user error, unintentional defects created by system changes, military or terrorist actions, power or communication failures or similar events. To date, the Utilities are not aware of any risks from cybersecurity threats, including as a result of any previous cybersecurity incidents, that have materially affected or are reasonably likely to materially affect the Utilities, including their business strategy, results of operations or financial condition. For further information, see “The Company is subject to information technology and operational system failures, network disruptions, cyber attacks and breaches in data security that could materially and adversely affect its businesses and reputation” in Item 1A. Risk Factors. HEI does not have an information technology (IT) or cybersecurity risk management (CRM) department, including the resources or expertise, to manage IT/CRM-related matters and processes. HEI relies on Hawaiian Electric to provide most of its IT/CRM-related services pursuant to a Service Level Agreement (SLA), amended, as of November 30, 2023 between HEI and Hawaiian Electric. HEI also employs third party cybersecurity consultants to assist in managing CRM-related matters. The SLA outlines specific services that Hawaiian Electric provides to HEI, which includes support on all IT/CRM-related matters, IT service desk support, electronic file storage and backup, hardware and software installation, inventory and maintenance, standard networking and telecommunication support, and other various IT/CRM matters, including periodic reporting to HEI’s Board of Directors and CWG. Refer to Hawaiian Electric’s cybersecurity discussion for more information. The SLA services provided by Hawaiian Electric are mainly for applications and systems on Hawaiian Electric’s infrastructure, networks and servers. The SLA does not cover support for certain software applications that were procured outside of Hawaiian Electric’s procurement and IT policies and procedures. These include the HEI’s general ledger application itself, excluding the infrastructure that the general ledger application is installed on, and certain cloud-based software. Although these applications are not supported by Hawaiian Electric, security measures and internal control procedures related to user access and periodic security reviews have been implemented on these applications and are performed on an on-going basis in accordance with Hawaiian Electric’s IT policies and procedures. These controls are required to protect HEI’s financial and other sensitive information, as well as to prevent cybersecurity breaches on Hawaiian Electric’s infrastructure, networks and servers. In the event of a cybersecurity breach on these applications not supported by Hawaiian Electric, HEI employs third party cybersecurity consultants to assess and resolve issues resulting from a breach, depending on its severity. Hawaiian Electric may also provide guidance and support to assist HEI in assessing and resolving cybersecurity breaches. HEI has also formulated disaster recovery plans, which are updated on an annual basis, involving all of its applications, including those applications not supported by Hawaiian Electric. HEI’s cybersecurity governance is primarily integrated within Hawaiian Electric’s cybersecurity governance plan and processes. HEI’s Board of Directors and CWG are tasked with overseeing risks from cybersecurity threats through routine quarterly, or as needed, updates and periodic deep-dive sessions. These updates cover cybersecurity incidents, as well as overall cybersecurity risk reduction program maturity, emerging and current cybersecurity risks, and the cybersecurity threat landscape. The HEI CFO oversees all IT and cybersecurity matters at HEI, including having oversight responsibility for the services delivered under the SLA. Since the HEI CFO does not have expertise in cybersecurity, the HEI CFO works with the Hawaiian Electric CISO and, if necessary, with third-party cybersecurity consultants on assessing, identifying, and managing material cybersecurity matters impacting HEI. There were no cybersecurity incidents that have materially affected or are reasonably likely to materially affect HEI, including its business strategy, results of operations or financial condition.
Cybersecurity Risk Management Processes Integrated [Flag]	true
Cybersecurity Risk Management Processes Integrated [Text Block]	The Utilities have a cybersecurity program in place, which is integrated into the overall risk management program and includes a risk management strategy and risk assessment policy, which are disseminated and maintained by the Chief Information Security Officer (CISO), revisited annually and govern the enterprise cybersecurity risk and maturity assessment process. The program is aligned with the National Institute of Standards and Technology (NIST) Cybersecurity Framework (CSF), and leverages a risk-based approach to optimize security investment and advance the security program’s maturity and security posture over time.
Cybersecurity Risk Management Third Party Engaged [Flag]	true
Cybersecurity Risk Third Party Oversight and Identification Processes [Flag]	true
Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag]	false
Cybersecurity Risk Board of Directors Oversight [Text Block]	Cybersecurity governance is a critically important part of managing security and risk, and helps ensure that the Utilities’ cybersecurity program aligns with its business objectives, complies with government and industry regulations, and achieves the goals that leadership has set out for managing security and risk. The Company’s Board of Directors oversees risks from cybersecurity threats. Oversight includes quarterly or as needed reporting from the CISO on the overall cybersecurity risk reduction program maturity, emerging and current cybersecurity risks, and the cybersecurity threat landscape. The CISO has over 30 years of experience in assessing and managing cyber risks, is responsible for day-to-day management of cybersecurity risks and regularly reports to the Board of Directors through the CWG.
Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block]	Oversight includes quarterly or as needed reporting from the CISO on the overall cybersecurity risk reduction program maturity, emerging and current cybersecurity risks, and the cybersecurity threat landscape.
Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block]	The Company’s Board of Directors oversees risks from cybersecurity threats. Oversight includes quarterly or as needed reporting from the CISO on the overall cybersecurity risk reduction program maturity, emerging and current cybersecurity risks, and the cybersecurity threat landscape.
Cybersecurity Risk Role of Management [Text Block]	Cybersecurity governance is a critically important part of managing security and risk, and helps ensure that the Utilities’ cybersecurity program aligns with its business objectives, complies with government and industry regulations, and achieves the goals that leadership has set out for managing security and risk. The Company’s Board of Directors oversees risks from cybersecurity threats. Oversight includes quarterly or as needed reporting from the CISO on the overall cybersecurity risk reduction program maturity, emerging and current cybersecurity risks, and the cybersecurity threat landscape. The CISO has over 30 years of experience in assessing and managing cyber risks, is responsible for day-to-day management of cybersecurity risks and regularly reports to the Board of Directors through the CWG.
Cybersecurity Risk Management Positions or Committees Responsible [Flag]	true
Cybersecurity Risk Management Positions or Committees Responsible [Text Block]	Cybersecurity governance is a critically important part of managing security and risk, and helps ensure that the Utilities’ cybersecurity program aligns with its business objectives, complies with government and industry regulations, and achieves the goals that leadership has set out for managing security and risk. The Company’s Board of Directors oversees risks from cybersecurity threats. Oversight includes quarterly or as needed reporting from the CISO on the overall cybersecurity risk reduction program maturity, emerging and current cybersecurity risks, and the cybersecurity threat landscape. The CISO has over 30 years of experience in assessing and managing cyber risks, is responsible for day-to-day management of cybersecurity risks and regularly reports to the Board of Directors through the CWG.
Cybersecurity Risk Management Expertise of Management Responsible [Text Block]	The CISO has over 30 years of experience in assessing and managing cyber risks, is responsible for day-to-day management of cybersecurity risks and regularly reports to the Board of Directors through the CWG.
Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block]	The Company’s Board of Directors has delegated management of Enterprise Risk Management, which includes cybersecurity, to the HEI and Hawaiian Electric Audit and Risk Committees (collectively, the ARCs). The ARCs exercise their oversight responsibility of cybersecurity through quarterly (or more frequently if necessary) cybersecurity risk updates and reports of incidents, if any, by management (primarily the Utilities’ Chief Information Officer and Chief Information Security Officer).
Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag]	true

Cybersecurity Risk Management and Strategy Disclosure

12 Months Ended

Dec. 31, 2024

Cybersecurity Risk Management, Strategy, and Governance [Line Items]

Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]

Cybersecurity risk oversight and management is a critical component of the Company’s overall enterprise risk management and top priority for the Company and its Board of Directors. The Company’s Board of Directors has delegated management of Enterprise Risk Management, which includes cybersecurity, to the HEI and Hawaiian Electric Audit and Risk Committees (collectively, the ARCs). The ARCs exercise their oversight responsibility of cybersecurity through quarterly (or more frequently if necessary) cybersecurity risk updates and reports of incidents, if any, by management (primarily the Utilities’ Chief Information Officer and Chief Information Security Officer). In early 2023, in recognition of the increased cybersecurity threats and heightened cybersecurity risks facing the Company, the ARCs formed the Cybersecurity Working Group (CWG), which is currently comprised of two directors, one from each of the HEI and Hawaiian Electric Boards of Directors. The purpose of the CWG is to oversee and conduct periodic meetings with management to discuss cyber risk, risk treatment, and operational activities relative to cyber risk treatment and to report matters to the ARCs. The CWG also evaluates cybersecurity areas highlighted by the ARCs including areas the CWG deems higher risk or topical and reports back to the ARCs on a quarterly basis. The CWG also coordinates with the Company’s management on regular trainings and tabletop exercises for the Board of Directors.

Electric utility

System overview. The Utilities rely on evolving and increasingly complex operational and information systems, networks and other technologies, which are interconnected with the systems and network infrastructure owned by third parties, to support a variety of business processes and activities, including procurement and supply chain, invoicing and collection of payments, customer relationship management, human resource management, the acquisition, generation and delivery of electrical service to customers, and to process financial information and results of operations for internal and external reporting and compliance with regulatory, financial reporting, legal and tax requirements. The Utilities use their systems and infrastructure to create, collect, store, and process sensitive information, including personal information regarding customers, employees and their dependents, retirees, and other individuals.

Risk management and strategy. The Utilities have a cybersecurity program in place, which is integrated into the overall risk management program and includes a risk management strategy and risk assessment policy, which are disseminated and maintained by the Chief Information Security Officer (CISO), revisited annually and govern the enterprise cybersecurity risk and maturity assessment process. The program is aligned with the National Institute of Standards and Technology (NIST) Cybersecurity Framework (CSF), and leverages a risk-based approach to optimize security investment and advance the security program’s maturity and security posture over time.

The Utilities’ cybersecurity program adopts security measures designed to protect the confidentiality, integrity, and availability of information technology systems, network infrastructure and other assets. The Utilities’ security measures, such as awareness and training, monitoring, etc. are designed to prevent, detect, and minimize the effects of a cybersecurity incident. These measures are periodically evaluated and audited against the NIST CSF by internal audit and independent third-party cybersecurity specialists.

The CISO actively monitors developments in the area of cybersecurity and is involved in various related government and industry groups and briefs the Company’s Board quarterly or as needed on relevant cybersecurity issues. The Utilities continue to make investments in their cybersecurity program, including personnel, technologies, cyber insurance and training of Utilities personnel.

The Utilities have disaster recovery and incident response plans in place to protect their businesses from information technology service interruptions. The disaster recovery plans are established to help prevent the loss of customer data, service interruptions and disruptions to operations or damage to important facilities. In addition, the Utilities also maintain cyber liability insurance that covers certain damages caused by cyber incidents.

Despite the Utilities’ security measures, all of their systems are vulnerable to disability, failures or unauthorized access caused by natural disasters, cybersecurity incidents, security breaches, user error, unintentional defects created by system changes, military or terrorist actions, power or communication failures or similar events.

To date, the Utilities are not aware of any risks from cybersecurity threats, including as a result of any previous cybersecurity incidents, that have materially affected or are reasonably likely to materially affect the Utilities, including their business strategy, results of operations or financial condition. For further information, see “The Company is subject to

information technology and operational system failures, network disruptions, cyber attacks and breaches in data security that could materially and adversely affect its businesses and reputation” in Item 1A. Risk Factors.

HEI does not have an information technology (IT) or cybersecurity risk management (CRM) department, including the resources or expertise, to manage IT/CRM-related matters and processes. HEI relies on Hawaiian Electric to provide most of its IT/CRM-related services pursuant to a Service Level Agreement (SLA), amended, as of November 30, 2023 between HEI and Hawaiian Electric. HEI also employs third party cybersecurity consultants to assist in managing CRM-related matters. The SLA outlines specific services that Hawaiian Electric provides to HEI, which includes support on all IT/CRM-related matters, IT service desk support, electronic file storage and backup, hardware and software installation, inventory and maintenance, standard networking and telecommunication support, and other various IT/CRM matters, including periodic reporting to HEI’s Board of Directors and CWG. Refer to Hawaiian Electric’s cybersecurity discussion for more information.

The SLA services provided by Hawaiian Electric are mainly for applications and systems on Hawaiian Electric’s infrastructure, networks and servers. The SLA does not cover support for certain software applications that were procured outside of Hawaiian Electric’s procurement and IT policies and procedures. These include the HEI’s general ledger application itself, excluding the infrastructure that the general ledger application is installed on, and certain cloud-based software. Although these applications are not supported by Hawaiian Electric, security measures and internal control procedures related to user access and periodic security reviews have been implemented on these applications and are performed on an on-going basis in accordance with Hawaiian Electric’s IT policies and procedures. These controls are required to protect HEI’s financial and other sensitive information, as well as to prevent cybersecurity breaches on Hawaiian Electric’s infrastructure, networks and servers. In the event of a cybersecurity breach on these applications not supported by Hawaiian Electric, HEI employs third party cybersecurity consultants to assess and resolve issues resulting from a breach, depending on its severity. Hawaiian Electric may also provide guidance and support to assist HEI in assessing and resolving cybersecurity breaches. HEI has also formulated disaster recovery plans, which are updated on an annual basis, involving all of its applications, including those applications not supported by Hawaiian Electric.

HEI’s cybersecurity governance is primarily integrated within Hawaiian Electric’s cybersecurity governance plan and processes. HEI’s Board of Directors and CWG are tasked with overseeing risks from cybersecurity threats through routine quarterly, or as needed, updates and periodic deep-dive sessions. These updates cover cybersecurity incidents, as well as overall cybersecurity risk reduction program maturity, emerging and current cybersecurity risks, and the cybersecurity threat landscape.

The HEI CFO oversees all IT and cybersecurity matters at HEI, including having oversight responsibility for the services delivered under the SLA. Since the HEI CFO does not have expertise in cybersecurity, the HEI CFO works with the Hawaiian Electric CISO and, if necessary, with third-party cybersecurity consultants on assessing, identifying, and managing material cybersecurity matters impacting HEI. There were no cybersecurity incidents that have materially affected or are reasonably likely to materially affect HEI, including its business strategy, results of operations or financial condition.

Cybersecurity Risk Management Processes Integrated [Flag]

true

Cybersecurity Risk Management Processes Integrated [Text Block]

The Utilities have a cybersecurity program in place, which is integrated into the overall risk management program and includes a risk management strategy and risk assessment policy, which are disseminated and maintained by the Chief Information Security Officer (CISO), revisited annually and govern the enterprise cybersecurity risk and maturity assessment process. The program is aligned with the National Institute of Standards and Technology (NIST) Cybersecurity Framework (CSF), and leverages a risk-based approach to optimize security investment and advance the security program’s maturity and security posture over time.

Cybersecurity Risk Management Third Party Engaged [Flag]

true

Cybersecurity Risk Third Party Oversight and Identification Processes [Flag]

true

Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag]

false

Cybersecurity Risk Board of Directors Oversight [Text Block]

Cybersecurity governance is a critically important part of managing security and risk, and helps ensure that the Utilities’ cybersecurity program aligns with its business objectives, complies with government and industry regulations, and achieves the goals that leadership has set out for managing security and risk.

The Company’s Board of Directors oversees risks from cybersecurity threats. Oversight includes quarterly or as needed reporting from the CISO on the overall cybersecurity risk reduction program maturity, emerging and current cybersecurity risks, and the cybersecurity threat landscape.

The CISO has over 30 years of experience in assessing and managing cyber risks, is responsible for day-to-day management of cybersecurity risks and regularly reports to the Board of Directors through the CWG.

Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block]

Oversight includes quarterly or as needed reporting from the CISO on the overall cybersecurity risk reduction program maturity, emerging and current cybersecurity risks, and the cybersecurity threat landscape.

Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block]

Cybersecurity Risk Role of Management [Text Block]

Cybersecurity Risk Management Positions or Committees Responsible [Flag]

true

Cybersecurity Risk Management Positions or Committees Responsible [Text Block]

Cybersecurity Risk Management Expertise of Management Responsible [Text Block]

Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block]

The Company’s Board of Directors has delegated management of Enterprise Risk Management, which includes cybersecurity, to the HEI and Hawaiian Electric Audit and Risk Committees (collectively, the ARCs). The ARCs exercise their oversight responsibility of cybersecurity through quarterly (or more frequently if necessary) cybersecurity risk updates and reports of incidents, if any, by management (primarily the Utilities’ Chief Information Officer and Chief Information Security Officer).

Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag]

true