At Everest, security is everyone's responsibility.
The overall objectives of our risk management strategy are to reach a level of security maturity that is commensurate with the risk appetite of the Company.
Everest’s Chief Information Security Officer (CISO) is responsible for the Company’s information security, technology risk management and data privacy and protection Programs. The CISO regularly provides updates to Everest’s Board of Directors and Senior Leadership Team.
Our commitment to security extends to our executives via our Data Risk and Privacy Council. The Council includes a cross functional group that provides governance and oversight of our cyber security and data program. This helps to ensure we are abiding by all data security, privacy and protection regulations, are remediating risks in an effective and responsible manner, and our cyber program is aligned to business outcomes.
We annually review and refresh our information security policies based on our evolving business model, adoption of digital platforms and in accordance with regulatory compliance obligations in the jurisdictions we are authorized to do business.