|
Cybersecurity Risk Management, Strategy, and Governance
|12 Months Ended
Dec. 31, 2024
|Cybersecurity Risk Management, Strategy, and Governance [Line Items]
|Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]
|
Item 1C. Cybersecurity
Risk Management and Strategy
Hecla’s cybersecurity program uses multiple security measures to protect our assets, designed so that if one line of defense is compromised, additional layers exist as a backup in an effort to ensure that threats are stopped along the way. This program actively identifies internal and external threats and protects computer systems from attack, detects known threats and suspicious activity within the network, and supports response and recovery should a cyber incident occur. As part of this program, we engage third party resources to augment monitoring capabilities and review and assess the security program and advise on improvements. Additionally, we conduct a National Institute of Security and Technology (NIST) self-assessment annually to determine overall security program health. Approximately 10% of our corporate information systems technology (“IT”) budget is devoted to security programming, training, and
management. Acceptable IT use policies are in place and communicated to employees and contract staff, and periodic training takes place to educate employees on the importance of cybersecurity and steps to be taken to avoid incidents.
Any material cybersecurity incident that we become aware of follows our standard guidelines for crisis communications and response, engaging personnel, management, and the Board of Directors as appropriate. In cases where the materiality of a cybersecurity incident is not immediately apparent, our Vice President, Information Technology (“VP, IT”) would report the incident to his supervisor, our Senior Vice President - Chief Administrative Officer (“CAO”), and to our Senior Vice President - General Counsel ("GC"). This is consistent with our overall risk management system which relies, in part, on a “chain of command” reporting system in which supervisors monitor their respective departments and constantly seek feedback from employees or vendors in their department for potentially material events. This system is designed to ensure that information reaches the appropriate levels of the Company, including the Board of Directors. In cases where a question of materiality, public disclosure or legal exposure is in question, our CAO or GC will direct the flow of information to other members of management or the Board as appropriate. Additionally, we have standing weekly senior staff meetings where the President and CEO along with each vice president and occasionally other employees meet to discuss current issues the Company is facing. We expect that any cybersecurity incident that our VP, IT believes may be material to the Company will be discussed at these meetings, or sooner if circumstances warrant.
When a cybersecurity incident is detected, we conduct an impact assessment, determine materiality, and take appropriate actions as described above. This process is also followed when notified that a software/services supplier has a cybersecurity incident.
There were no material cyber security incidents discovered in 2024. See Item 1A. Risk Factors - We have had losses that could reoccur in the future; Mining accidents or other adverse events at an operation could decrease our anticipated production or otherwise adversely affect our operations; Our operations may be adversely affected by risks and hazards associated with the mining industry that may not be fully covered by insurance; The price of our stock has a history of volatility and could decline in the future; and Our information technology systems may be vulnerable to disruption which could place our systems at risk from data loss, operational failure, or compromise of confidential information.
Board and Management Oversight
Through the risk management processes identified above, we are confident that any material cybersecurity threats will be brought to the attention to the Board of Directors, either directly or through the Audit Committee which is governed by its charter, including the affirmative responsibility to “periodically review risk assessments from management with respect to cybersecurity, including assessments of the overall threat landscape and related strategies and investments.” One way in which the Audit Committee fulfills that requirement is by receiving regular reports from management on not only known cybersecurity threats or incidents (including related risk assessments), but the landscape more generally, including with respect to known threats, technological advancements, best practices and current events.
In addition to the risk management policies described above, management regularly reviews cyber security planning, including development and management of the program, budgeting, and participation in the incident response plan. The management team involved in this review includes our CEO, CAO, Chief Financial Officer ("CFO"), GC, and the VP, IT. These reviews can also provide topics for discussion at Board and/or Audit Committee meetings.
Our VP, IT, has a degree in Management Information Systems and over 35 years of experience. The fully staffed department includes resources dedicated to cybersecurity who monitors our threat detection and response tools for any attempted or successful hacks or other incursions into our IT environment, both externally and internally. These are reviewed and mitigated where appropriate, and escalated if necessary, via the processes noted above.
|Cybersecurity Risk Management Processes Integrated [Flag]
|true
|Cybersecurity Risk Management Processes Integrated [Text Block]
|Hecla’s cybersecurity program uses multiple security measures to protect our assets, designed so that if one line of defense is compromised, additional layers exist as a backup in an effort to ensure that threats are stopped along the way.
|Cybersecurity Risk Management Third Party Engaged [Flag]
|true
|Cybersecurity Risk Third Party Oversight and Identification Processes [Flag]
|true
|Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag]
|false
|Cybersecurity Risk Board of Directors Oversight [Text Block]
|
Board and Management Oversight
Through the risk management processes identified above, we are confident that any material cybersecurity threats will be brought to the attention to the Board of Directors, either directly or through the Audit Committee which is governed by its charter, including the affirmative responsibility to “periodically review risk assessments from management with respect to cybersecurity, including assessments of the overall threat landscape and related strategies and investments.” One way in which the Audit Committee fulfills that requirement is by receiving regular reports from management on not only known cybersecurity threats or incidents (including related risk assessments), but the landscape more generally, including with respect to known threats, technological advancements, best practices and current events.
In addition to the risk management policies described above, management regularly reviews cyber security planning, including development and management of the program, budgeting, and participation in the incident response plan. The management team involved in this review includes our CEO, CAO, Chief Financial Officer ("CFO"), GC, and the VP, IT. These reviews can also provide topics for discussion at Board and/or Audit Committee meetings.
Our VP, IT, has a degree in Management Information Systems and over 35 years of experience. The fully staffed department includes resources dedicated to cybersecurity who monitors our threat detection and response tools for any attempted or successful hacks or other incursions into our IT environment, both externally and internally. These are reviewed and mitigated where appropriate, and escalated if necessary, via the processes noted above.
|Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block]
|Through the risk management processes identified above, we are confident that any material cybersecurity threats will be brought to the attention to the Board of Directors, either directly or through the Audit Committee which is governed by its charter, including the affirmative responsibility to “periodically review risk assessments from management with respect to cybersecurity, including assessments of the overall threat landscape and related strategies and investments.”
|Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block]
|One way in which the Audit Committee fulfills that requirement is by receiving regular reports from management on not only known cybersecurity threats or incidents (including related risk assessments), but the landscape more generally, including with respect to known threats, technological advancements, best practices and current events.
|Cybersecurity Risk Role of Management [Text Block]
|
In addition to the risk management policies described above, management regularly reviews cyber security planning, including development and management of the program, budgeting, and participation in the incident response plan. The management team involved in this review includes our CEO, CAO, Chief Financial Officer ("CFO"), GC, and the VP, IT. These reviews can also provide topics for discussion at Board and/or Audit Committee meetings.
Our VP, IT, has a degree in Management Information Systems and over 35 years of experience. The fully staffed department includes resources dedicated to cybersecurity who monitors our threat detection and response tools for any attempted or successful hacks or other incursions into our IT environment, both externally and internally. These are reviewed and mitigated where appropriate, and escalated if necessary, via the processes noted above.
|Cybersecurity Risk Management Positions or Committees Responsible [Flag]
|true
|Cybersecurity Risk Management Positions or Committees Responsible [Text Block]
|The management team involved in this review includes our CEO, CAO, Chief Financial Officer ("CFO"), GC, and the VP, IT.
|Cybersecurity Risk Management Expertise of Management Responsible [Text Block]
|Our VP, IT, has a degree in Management Information Systems and over 35 years of experience.
|Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block]
|The fully staffed department includes resources dedicated to cybersecurity who monitors our threat detection and response tools for any attempted or successful hacks or other incursions into our IT environment, both externally and internally. These are reviewed and mitigated where appropriate, and escalated if necessary, via the processes noted above.
|Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag]
|true
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef