GREENLIGHT CAPITAL RE, LTD. 10-K Cybersecurity GRC - 2024-03-05

Page last updated on April 11, 2024

GREENLIGHT CAPITAL RE, LTD. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-03-05 17:09:29 EST.

Filings

10-K filed on 2024-03-05

GREENLIGHT CAPITAL RE, LTD. filed an 10-K at 2024-03-05 17:09:29 EST
Accession Number: 0001385613-24-000016

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

ITEM 1C. CYBERSECURITY Cybersecurity is a complex and constantly evolving risk that we are committed to understanding and mitigating. The foundation of our information security practices is rooted in the principles set forth by the National Institute of Standards and Technology (“NIST”), ensuring a robust and comprehensive approach to safeguarding our digital assets. This program provides standards, guidelines, and best practices for improving our cybersecurity risk management . To effectively manage our cybersecurity risk, we employ a comprehensive approach encompassing risk assessment, identification, and mitigation, all aligned with the rigorous standards and principles. Cybersecurity and IT compliance risk metrics are monitored regularly to assess, identify, manage and protect our environment. Periodic audits of IT and Cybersecurity are carried out as part of internal and external audits and are performed by professionals. Our approach to third-party cybersecurity underscores a commitment to robust risk management and adherence to industry best practices. By implementing comprehensive measures in line with recognized standards, we ensure that our third-party cybersecurity protocols are aligned with rigorous standards. Regular assessments, SOC reviews, and collaborative efforts 46 Link to Table of Contents are integral components of our strategy, aimed at fostering a secure and resilient ecosystem that safeguards sensitive information and maintains the integrity of our digital infrastructure in partnership with external entities. We have a Chief Information Security Officer (“CISO”) and have an IT Steering Committee (“ITSC”). Our CISO is responsible for establishing the cybersecurity vision for the Company, determining and prioritizing cybersecurity initiatives, and keeping abreast of developing security threats. The ITSC reports to the Board and Audit Committee, is chaired by our Chief Risk Officer ( CRO ), and has our CISO, Chief Financial Officer ( CFO ), and GRILChief Executive Officer, and SEC Reporting Officer as some of its members. Our CISO brings over three decades of expertise in the IT Industry and is a member of ISACA, showcasing a rich portfolio of industry certifications like the Certified Information Security Manager ( CISM ), Certified Data Privacy Solutions Engineer ( CPDSE ), and Microsoft Certified Systems Engineer ( MCSE ). The CISO also holds accreditations from vendors such as CISCO and Microsoft. Our CRO has over 20 years experience in the property and casualty reinsurance industry, and significant expertise in the field of risk management. He holds a CISM certification, as well as a B.Sc. in Mathematics and a Ph.D. in Computer Science from the University of Salford. Other members of the ITSC hold relevant qualifications and collectively, the ITSC has substantial experience and expertise in cybersecurity, risk, strategy, and management. The ITSC meets at least quarterly to discuss and approve IT and Cybersecurity matters. The ITSC produces and approves an annual IT budget, as well as an Incident Management and Response plan through which the CISO and the ITSC are informed about cybersecurity incidents. To assist with mitigating the risks of cybersecurity threats, periodic cybersecurity training is provided to employees, vendors, and members of the Board. Further, to mitigate risk arising from our relationships with third-parties, key vendors must be SOC 2 compliant, as determined in accordance with the framework developed by the American Institute of Certified Public Accountants, or undertake the Company s enhanced due diligence process. Periodic testing is performed, and all material incidents are reported to the Board. IT and cybersecurity are a standing Board agenda item, with quarterly presentations to the Board from the IT leadership quarterly. Our Audit Committee assists the Board in its oversight responsibilities regarding our systems, policies, and procedures relating to technology and cybersecurity. The Audit Committee s charter mandates that the Audit Committee reviews our technology and cybersecurity systems, policies, and procedures (including those relating to our assessment of third-party provider cybersecurity controls) with management. The Audit Committee is further tasked with discussing with management the policies with respect to risk assessment and risk management, including those related to technology and cybersecurity. The CRO presents an IT and Cybersecurity update to the Audit Committee on a quarterly basis and additionally as needed, to inform it of any new or emerging cybersecurity threats or risks. For the year ended December 31, 2023, we have not identified or experienced any cybersecurity threats or incidents likely to materially affect our business strategy, results of operations, or financial conditions. See Item 1A. Risk Factors Risks Relating to Our Business Technology breaches or failures, including those resulting from a malicious ransomware or cyber-attack on us or our business partners and service providers, could disrupt or otherwise negatively impact our business.

Company Information