Maiden Holdings, Ltd. 10-K Cybersecurity GRC - 2024-03-12

Page last updated on April 11, 2024

Maiden Holdings, Ltd. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-03-12 16:07:08 EDT.

Filings

10-K filed on 2024-03-12

Maiden Holdings, Ltd. filed an 10-K at 2024-03-12 16:07:08 EDT
Accession Number: 0001412100-24-000014

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. Cybersecurity. Cybersecurity Risk Management and Strategy The Company employs a comprehensive, cross-departmental approach to continuously assess, identify, and manage potential cybersecurity risks. Our cybersecurity risk management program involves collaboration between our employees, the information technology ( IT ) team, our Chief Information Security Officer ( CISO ), and our Enterprise Risk Management Committee, as overseen by the Board of Directors, primarily through its Audit Committee. The Company s cybersecurity policies, standards, processes, and practices are integrated into the Company s overall risk management program and we regularly consider cybersecurity risks in the context of material risks to the Company. Our cybersecurity risk management program categorizes cybersecurity risks into five areas: identify, protect, detect, respond, and recover. We regularly assess the cybersecurity threat landscape, employing a layered cybersecurity strategy that emphasizes prevention, detection, and mitigation through a variety of technical and operational measures. As a part of our cybersecurity risk management program, our information security program is tailored to address identified risks, while aligning with pertinent business requirements. We foster a shared responsibility for the Company s cybersecurity with all our employees, conducting periodic phishing simulation campaigns and providing regular, mandatory security awareness training to enhance awareness and readiness against cyber threats. Certain roles require additional role-based, specialized cybersecurity training. To protect our data and information systems, we maintain Company-wide cybersecurity policies and procedures regarding encryption standards, malware protection, remote access, multifactor authentication, confidential information, and internet, social media, email, and wireless device usage. The CISO and IT team review and update such policies and procedures to adapt to evolving cybersecurity landscapes, industry best practices, and regulatory and statutory updates. Our CISO conducts thorough reviews of these updates at least annually to ensure their continued relevance and effectiveness in safeguarding the Company s assets and business interests. We continually seek to improve our cybersecurity posture, encompassing end-user training, layered defenses, critical asset identification and protection, enhanced monitoring and alerting, and engagement with third-party experts as needed to evaluate the efficacy of our security measures. We engage reputable third-party tools and products to assist in the monitoring, protection, detection, and potential remediation of cybersecurity threats and incidents. We also regularly evaluate cybersecurity risks associated with our use of third-party service providers, conducting an annual review of hosted applications and assessing their cybersecurity preparedness. Cybersecurity Governance and Oversight Our CISO is primarily responsible for the assessment and management of the Company s material cybersecurity risks and the related cybersecurity risk management policies and procedures. Our CISO oversees our cybersecurity risk management and information security programs and provides quarterly status reports to the Audit Committee. Our CISO possesses over 25 years of experience in various technology and cybersecurity operations, holds the following certifications from ISC2, Information Systems Security Management Professional (ISSMP), Certified Information Systems Security Professional (CISSP), Certified Cloud Security Professional (CCSP), Certified in Governance, Risk and Compliance (CGRC) as well as ISACA certifications of Certified Information Security Manager (CISM) and Certified in Risk and Information Systems Control (CRISC). Other key members of management assist our CISO in the oversight of cybersecurity risk management. We have established an incident response team which is composed of individuals from our various IT and managerial functions and consults with members of internal departments, as needed to perform an impact analysis of security incidents which may have a material affect on the Company, The Audit Committee has responsibility for oversight of information and cybersecurity risks and assessment of cyber threats and defenses, and it oversees management to ensure that the processes designed, implemented, and maintained with respect to such risks are functioning as intended and adapted when necessary to respond to changes in our strategy, as well as emerging risks. Given the importance of information security and cybersecurity to our stakeholders, our Enterprise Risk Management Committee and our Audit Committee review quarterly reports from our CISO regarding the Company s cybersecurity strategies for mitigating known risks, newly identified risks, existing projects, and key performance insights and engage in discussions with management based on such reports and other recent developments. Cybersecurity Incident Reporting and Management We have not identified any cybersecurity incidents that have materially affected or vulnerabilities to cybersecurity threats that are reasonably likely to materially affect us, including our business strategy, results of operations, or financial condition. However, we remain vigilant and prepared to respond effectively to any incidents, should they arise. 35

Company Information