Cybersecurity Risk Management and Strategy Disclosure	12 Months Ended
Dec. 31, 2024
Cybersecurity Risk Management, Strategy, and Governance [Line Items]
Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]	The Enterprise Risk and Return Council has delegated the power and authority to manage cybersecurity risks to the Information Security Council (“ISC”). The CISO chairs the ISC, with senior management representation from across the Company including representatives from Privacy, Legal and Technology. The ISC monitors, makes mitigating decisions about, and escalates information security risks that are outside the Company’s established risk tolerance. Additionally, it provides executive sponsorship of information security controls and oversees the development and review of the information security policy and enterprise security standards. Information Security Program Allstate has implemented a robust Information Security Program to manage material risks from cybersecurity threats. The Company’s Program uses a risk-based, defense-in-depth approach to identify, assess and manage cybersecurity risks to the Company’s information assets and systems, enabling the business to achieve its objectives. The Information Security Program is aligned with industry best practices and standards including the ISO 27001/27002 standards, the Control Objectives for Information and Related Technologies Framework and the National Institute of Standards and Technology Cybersecurity Framework (“NIST CSF”). Allstate’s Information Security Program outlines the responsibilities and expectations for the security of Allstate information systems. The Program includes standards, policies and procedures requiring the implementation of technical, administrative and physical controls to manage the risk to Allstate information and systems. These standards, policies and procedures cover industry-standard information security domains, including risk assessment, third-party supplier risk management, vulnerability management, identity and access management, application security, network security, cybersecurity awareness training, encryption and incident management. Dedicated personnel support information security operations 24 hours per day, seven days per week. Allstate’s incident response program is designed to detect, respond and recover from a range of cybersecurity-related incidents. Allstate conducts risk and control assessments to proactively identify cybersecurity threats impacting the organization’s business processes. The Company conducts enterprise threat-based risk assessments for multiple aspects of the business, including applications, infrastructure, environments and business processes. Allstate documents the identified risks, tracking them based on potential impact and the likelihood of them occurring. Allstate performs control effectiveness tests, vulnerability scans and penetration tests to assess controls and proactively identify vulnerabilities for prioritization and remediation. Findings are managed and tracked in accordance with Allstate’s governance, risk and compliance standards. We also have a cybersecurity resiliency strategy that will enhance our ability to anticipate, withstand and recover from cybersecurity attacks and maintain the availability of our critical business operations. Cybersecurity resiliency plans improve our recovery speed to protect Allstate and its customers against adverse impacts due to ransomware and other cybersecurity events.
Cybersecurity Risk Management Processes Integrated [Flag]	true
Cybersecurity Risk Management Processes Integrated [Text Block]	Allstate has implemented a robust Information Security Program to manage material risks from cybersecurity threats. The Company’s Program uses a risk-based, defense-in-depth approach to identify, assess and manage cybersecurity risks to the Company’s information assets and systems, enabling the business to achieve its objectives. The Information Security Program is aligned with industry best practices and standards including the ISO 27001/27002 standards, the Control Objectives for Information and Related Technologies Framework and the National Institute of Standards and Technology Cybersecurity Framework (“NIST CSF”).
Cybersecurity Risk Management Third Party Engaged [Flag]	true
Cybersecurity Risk Third Party Oversight and Identification Processes [Flag]	true
Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag]	false
Cybersecurity Risk Board of Directors Oversight [Text Block]	The Allstate Corporation Board of Directors (“Allstate Board”) has overall responsibility for oversight of enterprise risk. The Audit Committee of the Allstate Board oversees the effectiveness of the cybersecurity program. The Audit Committee retains an external cybersecurity advisor to consult on cybersecurity matters and perform assessments of the Allstate Information Security Program (the “Program”).
Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block]	The Audit Committee of the Allstate Board oversees the effectiveness of the cybersecurity program. The Audit Committee retains an external cybersecurity advisor to consult on cybersecurity matters and perform assessments of the Allstate Information Security Program (the “Program”).
Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block]	The Chief Information Security Officer (“CISO”) regularly updates the Audit Committee and Allstate Board on Information Security Program status, cybersecurity risk management, the control environment, emerging threat intelligence and key risk and performance measurements.
Cybersecurity Risk Role of Management [Text Block]	The Chief Information Security Officer (“CISO”) regularly updates the Audit Committee and Allstate Board on Information Security Program status, cybersecurity risk management, the control environment, emerging threat intelligence and key risk and performance measurements. Our CISO is responsible for the development and execution of the security strategy which protects Allstate’s information from external and internal cybersecurity threats. He has more than 20 years of information security leadership experience.
Cybersecurity Risk Management Positions or Committees Responsible [Flag]	true
Cybersecurity Risk Management Positions or Committees Responsible [Text Block]	The Chief Information Security Officer (“CISO”) regularly updates the Audit Committee and Allstate Board on Information Security Program status, cybersecurity risk management, the control environment, emerging threat intelligence and key risk and performance measurements.
Cybersecurity Risk Management Expertise of Management Responsible [Text Block]	He has more than 20 years of information security leadership experience.
Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block]	The Chief Information Security Officer (“CISO”) regularly updates the Audit Committee and Allstate Board on Information Security Program status, cybersecurity risk management, the control environment, emerging threat intelligence and key risk and performance measurements.
Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag]	true

Cybersecurity Risk Management and Strategy Disclosure

12 Months Ended

Dec. 31, 2024

Cybersecurity Risk Management, Strategy, and Governance [Line Items]

Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]

The Enterprise Risk and Return Council has delegated the power and authority to manage cybersecurity risks to the Information Security Council (“ISC”). The CISO chairs the ISC, with senior management representation from across the Company including representatives from Privacy, Legal and Technology. The ISC monitors, makes mitigating decisions about, and escalates information security risks that are outside the Company’s established risk tolerance. Additionally, it provides executive sponsorship of information security controls and oversees the development and review of the information security policy and enterprise security standards.

Information Security Program Allstate has implemented a robust Information Security Program to manage material risks from cybersecurity threats. The Company’s Program uses a risk-based, defense-in-depth approach to identify, assess and manage cybersecurity risks to the Company’s information assets and systems, enabling the business to achieve its objectives. The Information Security Program is aligned with industry best practices and standards including the ISO 27001/27002 standards, the Control Objectives for Information and Related Technologies Framework and the National Institute of Standards and Technology Cybersecurity Framework (“NIST CSF”).

Allstate’s Information Security Program outlines the responsibilities and expectations for the security of Allstate information systems. The Program includes standards, policies and procedures requiring the implementation of technical, administrative and physical controls to manage the risk to Allstate information and systems. These standards, policies

and procedures cover industry-standard information security domains, including risk assessment, third-party supplier risk management, vulnerability management, identity and access management, application security, network security, cybersecurity awareness training, encryption and incident management.

Dedicated personnel support information security operations 24 hours per day, seven days per week. Allstate’s incident response program is designed to detect, respond and recover from a range of cybersecurity-related incidents.

Allstate conducts risk and control assessments to proactively identify cybersecurity threats impacting the organization’s business processes. The Company conducts enterprise threat-based risk assessments for multiple aspects of the business, including applications, infrastructure, environments and business processes. Allstate documents the identified risks, tracking them based on potential impact and the likelihood of them occurring.

Allstate performs control effectiveness tests, vulnerability scans and penetration tests to assess controls and proactively identify vulnerabilities for prioritization and remediation. Findings are managed and tracked in accordance with Allstate’s governance, risk and compliance standards.

We also have a cybersecurity resiliency strategy that will enhance our ability to anticipate, withstand and recover from cybersecurity attacks and maintain the availability of our critical business operations. Cybersecurity resiliency plans improve our recovery speed to protect Allstate and its customers against adverse impacts due to ransomware and other cybersecurity events.

Cybersecurity Risk Management Processes Integrated [Flag]

true

Cybersecurity Risk Management Processes Integrated [Text Block]

Allstate has implemented a robust Information Security Program to manage material risks from cybersecurity threats. The Company’s Program uses a risk-based, defense-in-depth approach to identify, assess and manage cybersecurity risks to the Company’s information assets and systems, enabling the business to achieve its objectives. The Information Security Program is aligned with industry best practices and standards including the ISO 27001/27002 standards, the Control Objectives for Information and Related Technologies Framework and the National Institute of Standards and Technology Cybersecurity Framework (“NIST CSF”).

Cybersecurity Risk Management Third Party Engaged [Flag]

true

Cybersecurity Risk Third Party Oversight and Identification Processes [Flag]

true

Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag]

false

Cybersecurity Risk Board of Directors Oversight [Text Block]

The Allstate Corporation Board of Directors (“Allstate Board”) has overall responsibility for oversight of enterprise risk.

The Audit Committee of the Allstate Board oversees the effectiveness of the cybersecurity program. The Audit Committee retains an external cybersecurity advisor to consult on cybersecurity matters and perform assessments of the Allstate Information Security Program (the “Program”).

Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block]

Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block]

The Chief Information Security Officer (“CISO”) regularly updates the Audit Committee and Allstate Board on Information Security Program status, cybersecurity risk management, the control environment, emerging threat intelligence and key risk and performance measurements.

Cybersecurity Risk Role of Management [Text Block]

Our CISO is responsible for the development and execution of the security strategy which protects Allstate’s information from external and internal cybersecurity threats. He has more than 20 years of information security leadership experience.

Cybersecurity Risk Management Positions or Committees Responsible [Flag]

true

Cybersecurity Risk Management Positions or Committees Responsible [Text Block]

Cybersecurity Risk Management Expertise of Management Responsible [Text Block]

He has more than 20 years of information security leadership experience.

Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block]

Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag]

true