GREENLIGHT CAPITAL RE, LTD. 10-K Cybersecurity GRC - 2025-03-10

Page last updated on March 10, 2025

GREENLIGHT CAPITAL RE, LTD. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2025-03-10 16:40:57 EDT.

Filings

10-K filed on 2025-03-10

GREENLIGHT CAPITAL RE, LTD. filed a 10-K at 2025-03-10 16:40:57 EDT
Accession Number: 0001385613-25-000007

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

ITEM 1C. CYBERSECURITY Cybersecurity is a complex and constantly evolving risk that we are committed to understanding and mitigating. The foundation of our information security practices is rooted in the principles set forth by the National Institute of Standards and Technology (“NIST”), ensuring a robust and comprehensive approach to safeguarding our digital assets. This program provides standards, guidelines, and best practices for improving our cybersecurity risk management . To effectively manage our cybersecurity risk, we employ a comprehensive approach encompassing risk assessment, identification, and mitigation, all aligned with the rigorous standards and principles. Cybersecurity and IT compliance risk metrics are monitored regularly to assess, identify, manage and protect our environment. Periodic audits of IT and Cybersecurity are carried out as part of internal and external audits, are performed by professionals and form a part of our overall risk management system and processes. Our approach to third-party cybersecurity underscores a commitment to robust risk management and adherence to industry best practices. By implementing comprehensive measures in line with recognized standards, we ensure that our third-party cybersecurity protocols are aligned with rigorous standards. Regular assessments, SOC reviews, and collaborative efforts are integral components of our strategy, aimed at fostering a secure and resilient ecosystem that safeguards sensitive information and maintains the integrity of our digital infrastructure in partnership with external entities . We have a Chief Information Security Officer (“CISO”) and have an IT Steering Committee (“ITSC”). Our CISO is responsible for establishing the cybersecurity vision for the Company, determining and prioritizing cybersecurity initiatives, and keeping abreast of developing security threats. The ITSC reports to the Board and Audit Committee, is chaired by our Head of IT and Software Development (“Head of IT”), and has our CISO, CFO, COO, and SEC Reporting Officer as some of its members. Our CISO brings over three decades of expertise in the IT Industry and is a member of ISACA, showcasing a rich portfolio of industry certifications like the Certified Information Security Manager (“CISM”), Certified Data Privacy Solutions Engineer (“CPDSE”), and Microsoft Certified Systems Engineer (“MCSE”). The CISO also holds accreditations from vendors such as CISCO and Microsoft. Our Head of IT brings two decades of experience in aligning technology initiatives with business goals and managing IT strategy. With a background of over 15 years in insurance and reinsurance, the Head of IT is responsible for ensuring the implementation and adherence to governance and cybersecurity frameworks. Other members of the ITSC hold relevant qualifications and collectively, the ITSC has substantial experience and expertise in cybersecurity, risk, strategy, and management. The ITSC meets at least quarterly to discuss and approve IT and Cybersecurity matters. The ITSC produces and approves an annual IT budget, as well as an Incident Management and Response plan through which the CISO and the ITSC are informed about cybersecurity incidents. To assist with mitigating the risks of cybersecurity threats, periodic cybersecurity training is provided to employees, vendors, and members of the Board. Further, to mitigate risk arising from our relationships with third-parties, key vendors must be SOC 2 compliant, as determined in accordance with the framework developed by the American Institute of Certified Public Accountants, or undertake the Company’s enhanced due diligence process. Periodic testing is performed, and all material incidents are reported to the Board. IT and cybersecurity are a standing Board agenda item, with quarterly presentations to the Board from the IT leadership quarterly. Our Audit Committee assists the Board in its oversight responsibilities regarding our systems, policies, and procedures relating to technology and cybersecurity. The Audit Committee’s charter mandates that the Audit Committee reviews our technology and cybersecurity systems, policies, and procedures (including those relating to our assessment of third-party provider cybersecurity controls) with management. The Audit Committee is further tasked with discussing with management the policies with respect to risk assessment and risk management, including those related to technology and cybersecurity. An IT and Cybersecurity presentation is made to the Audit Committee quarterly and additionally as needed, to inform it of any new or emerging cybersecurity threats or risks. We have not identified or experienced any cybersecurity threats or incidents likely to materially affect our business strategy, results of operations, or financial conditions. See “Item 1A. Risk Factors - Risks Relating to Our Business - Technology breaches or failures, including those resulting from a malicious ransomware or cyber-attack on us or our business partners and service providers, could disrupt or otherwise negatively impact our business. "

Company Information