Ategrity Specialty Insurance Co Holdings 10-K Cybersecurity GRC - 2026-03-06

Page last updated on March 6, 2026

Ategrity Specialty Insurance Co Holdings reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2026-03-06 17:22:59 EST.

Filings

10-K filed on 2026-03-06

Ategrity Specialty Insurance Co Holdings filed a 10-K at 2026-03-06 17:22:59 EST
Accession Number: 0002040491-26-000011

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. Cybersecurity Cybersecurity Risk Management & Strategy We maintain processes designed to identify, assess, and manage cybersecurity risks that could affect our information systems and data. Cybersecurity is integrated into our broader enterprise risk management ("ERM") framework and is intended to address risks to the confidentiality, integrity, and availability of information used in our operations, including policyholder, underwriting, claims, employee, and financial data. Our information security program includes administrative, technical and physical controls and procedures designed to prevent, detect, respond to and recover from cybersecurity incidents. These processes include periodic risk assessments, vulnerability management, incident response planning, business continuity and disaster recovery planning, and oversight of third-party service providers that have access to our systems or data. We periodically review and update our cybersecurity practices in light of changes in our business operations, technology environment, and evolving cybersecurity threats. Despite these efforts, cybersecurity risks cannot be completely eliminated, and we may not be able to prevent all cybersecurity incidents. Cybersecurity Governance Cybersecurity oversight forms part of our ERM governance structure and is overseen by our Board of Directors, with support from the Audit Committee. Management is responsible for overseeing cybersecurity risk management , with periodic reporting to the Board of Directors or an appropriate committee thereof. The Board and Audit Committee receive periodic updates regarding cybersecurity risks, significant incidents (if any), the status of remediation activities, results of risk assessments and IT audits, and the maturity of the information security program. We maintain an Information Security Steering Committee ("ISSC") chaired by our Chief Information Security Officer and comprised of senior executives. The ISSC meets at least quarterly to review cybersecurity risks, high-risk findings, regulatory developments, resource needs, and incident response preparedness. Our Chief Information Security Officer is responsible for leading the information security program, including implementing policies, monitoring threats, coordinating incident response activities and reporting material matters to senior management and the Board or Audit Committee, as appropriate. As of the date of this filing, we are not aware of any cybersecurity threats, including as a result of any previous cybersecurity incidents, that have materially affected the Company, including our business strategy, results of operations, or financial condition. See Item 1A. "Risk Factors-We could suffer security breaches, loss of data, cyberattacks, and other information technology failures, and are subject to laws and regulations concerning data privacy and security that are continually evolving. Actual or suspected information technology failures or failures to comply with applicable law could disrupt our operations, damage our reputation, and adversely affect our business, financial condition, or results of operations."

Company Information