IT and Cyber Security

IT and Cybersecurity
Greenlight Re maintains robust security policies and practices that span across the organization. The foundation of our information security practices is rooted in the principles set forth by the National Institute of Standards and Technology (“NIST”), ensuring a robust and comprehensive approach to safeguarding our digital assets. This program provides standards, guidelines, and best practices for improving our cybersecurity risk management. To effectively manage our cybersecurity risk, we employ a comprehensive approach encompassing risk assessment, identification, and mitigation, all aligned with the rigorous standards and principles. Cybersecurity and IT compliance risk metrics are monitored regularly to assess, identify, manage, and protect our network. Periodic audits of IT and Cybersecurity are carried out as part of internal and external audits and are performed by professionals.

Third party cybersecurity
Our approach to third-party cybersecurity underscores a commitment to robust risk management and adherence to industry best practices. By implementing comprehensive measures in line with recognized standards, we ensure that our third-party cybersecurity protocols are aligned with rigorous standards. Regular assessments, SOC reviews, and collaborative efforts are integral components of our strategy, aimed at fostering a secure and resilient ecosystem that safeguards sensitive information and maintains the integrity of our digital infrastructure in partnership with external entities.

Our CISO and ITSC
Our Chief Information Security Officer (“CISO”) has more than three decades of expertise in the IT Industry and is a member of ISACA, showcasing a rich portfolio of industry certifications like CISM, CPDSE, MCSE, and holding accreditations from vendors such as ISACA, CISCO and Microsoft.

Our IT Steering Committee (“ITSC”) reports to the Executive Committee and is chaired by the Head of IT and Software Development (Head of IT). The ITSC meets at least quarterly to discuss and approve IT and Cybersecurity matters. The ITSC produces and approves an annual IT budget, as well as an Incident Management and Response plan through which the CISO and the ITSC are informed about cybersecurity incidents. The Head of IT and CISO present an IT and Cybersecurity Update to the Audit Committee of the Board on a quarterly basis to discuss the status of Cybersecurity and IT compliance risk metrics, and any new or emerging cybersecurity threats or risks. Our Audit Committee assists the Board in its oversight responsibilities regarding our systems, policies, and procedures relating to technology and cybersecurity. The Audit Committee’s charter mandates that the Audit Committee reviews our technology and cybersecurity systems, policies, and procedures (including those relating to our assessment of third-party provider cybersecurity controls) with management. The Audit Committee is further tasked with discussing with management the policies with respect to risk assessment and risk management, including those related to technology and cybersecurity.

Internal processes
To assist with mitigating the risks of cybersecurity threats, regular cybersecurity training is provided to employees and members of the Board. This is completed annually and forms part of our employee onboarding process. We protect our information systems with physical, electronic, and software safeguards considered appropriate by our management. We employ a specialist vendor to continuously monitor our systems for security events and risks within our network. Further, to mitigate risk arising from our relationships with third-parties, vendors must be SOC 1 Type 2 or SOC 2 compliant where data is stored, as determined in accordance with the framework developed by the American Institute of Certified Public Accountants, or undertake our enhanced due diligence process. Periodic testing is performed, and all material incidents are reported to the Board.

Breaches and Incidents
As of the year ended December 31, 2024, Greenlight Re has not experienced an information security breach within the last three years, has not been materially impacted by any third-party information security breaches, and has not identified any cybersecurity threats likely to materially affect the Company’s business strategy, results of operations, or financial conditions.

Cyber Essentials Plus
Greenlight is proud to be Cyber Essentials Plus certified. This certification reflects our commitment to robust cybersecurity practices, ensuring that our systems and data are safeguarded against potential threats. With Cyber Essentials Plus, we provide our clients and partners with the assurance that their information is protected to the highest standards.