PRUCO LIFE INSURANCE OF NEW JERSEY 10-K Cybersecurity GRC - 2024-03-20

Page last updated on April 11, 2024

PRUCO LIFE INSURANCE OF NEW JERSEY reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-03-20 16:06:37 EDT.

Filings

10-K filed on 2024-03-20

PRUCO LIFE INSURANCE OF NEW JERSEY filed an 10-K at 2024-03-20 16:06:37 EDT
Accession Number: 0001038509-24-000009

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. Cybersecurity Risk Management and Strategy Because of the size and scope of our business, we are subject to numerous and evolving cybersecurity risks, any of which, if it materializes, could affect our business strategy, results of operations, or financial condition. See Item 1A. Risk Factors Operational Risk for a discussion of such risks. Cybersecurity risk management is integrated within our risk management framework. See Item 7. “Management’s Discussion and Analysis of Financial Condition and Results of Operations - Risk Management” for additional information on our risk management. We conduct risk identification through several processes at the business unit, corporate, senior management, and Board levels. This framework includes escalation points to Prudential’s risk committees, allowing cyber risk and control matters to be elevated to the Board of Directors or its Audit Committee for oversight. In order to respond to the threat of security breaches and cyber-attacks, Prudential Financial has developed an information security program designed to protect and preserve the confidentiality, integrity, and continued availability of information owned by, or in the care of, the Company. This information security program provides for the coordination of various corporate functions and governance groups, including global technology, risk, legal, compliance and corporate audit, and serves as a framework for the execution of responsibilities across businesses and operational roles. Among other things, the information security program establishes security standards for our technological resources and includes training for employees, contractors and third-parties. Employees with access to our Company s systems are subject to comprehensive annual training on responsible information security, data security, and cybersecurity practices and how to protect data against cyber threats. As part of the information security program, we conduct periodic exercises with independent outside advisors to assess the effectiveness of our program and our internal response preparedness. We regularly engage with the broader security community and monitor cyber threat information. To address risks associated with third-parties, Prudential Financial has established an enterprise-wide Third-Party Risk Management Program. This program s features include, among other things, identifying, assessing and managing cybersecurity risks throughout the life of our third-party relationships. 27 Table of Contents We also maintain an incident response plan, which specifies escalation and evaluation processes for cyber events. This plan is executed in close coordination with our corporate functions, including a dedicated cyber and privacy law function, external affairs, and risk management, and is designed to ensure, among other things, appropriate and timely reporting and disclosure. During the period covered by this Report, we did not identify any cybersecurity threats that have materially affected or are reasonably likely to materially affect our business strategy, results of operations, or financial condition. See Item 1A. Risk Factors Operational Risk for a discussion of risks related to cybersecurity. Governance Prudential Financial’s information security program is overseen by the Chief Information Security Officer ( CISO ) and Information Security Office, as well as the Chief Information Officer ( CIO ). We believe that Prudential Financial’s employees responsible for managing cybersecurity risk have the skills and knowledge to assess and manage the Company’s material risks from cybersecurity threats, and their qualifications include degrees and certifications typical for cybersecurity professionals. We expect these employees to, among other things, understand computer systems, networks, and security technologies and be proficient in a variety of security tools and techniques, including intrusion detection, malware analysis and penetration testing. The CISO has served in various roles in information technology and information security for over 25 years, including serving as the head of information technology risk at two large public companies. The CISO holds a graduate degree in technology management and has attained the professional certifications of Certified Information Systems Security Professional and Certified Information Privacy Professional. Prudential Financial’s Audit Committee of the Board of Directors which is responsible for oversight of certain risk issues, including cybersecurity, receives reports from the CISO, the CIO and Operational Risk Management throughout the year. At least annually, Prudential Financial’s Board and the Audit Committee also receive updates about the results of program reviews, including exercises and response readiness assessments led by outside advisors who provide a third-party independent assessment of our technical program and internal response preparedness. To the extent cybersecurity controls are related to internal control over financial reporting, such controls are considered in the context of Prudential Financial’s annual external integrated audit. Prudential Financial’s Audit Committee regularly briefs the full Board of Directors on these matters, and the full Board of Directors also receives periodic briefings on cyber threats in order to enhance our directors literacy on cyber issues.

Company Information