Cybersecurity Risk Management and Strategy Disclosure |
12 Months Ended |
|---|---|
Dec. 31, 2025 | |
| Cybersecurity Risk Management, Strategy, and Governance [Line Items] | |
| Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block] | To date, cybersecurity threats, including as a result of any previous cybersecurity incidents, have not materially affected and are not reasonably likely to materially affect the Company, including its business strategy, results of operations or financial condition. Ladder has a cybersecurity risk management program that is designed to assess, identify, manage, and govern material risks from cybersecurity threats. Our cybersecurity risk management program is also a key component of our overall risk management program. Ladder leverages a senior cybersecurity team (the “Cybersecurity Team”) comprised of the Chief Technology Officer (“CTO”), Chief Administrative Officer and General Counsel (the “GC”), Chief Compliance Officer and Senior Regulatory Counsel (the “CCO”), as well as senior representatives from Ladder’s outsourced technology firm. The Cybersecurity Team maintains Ladder’s cybersecurity risk management program, which is designed to identify, detect, assess, and manage cybersecurity risks. The Cybersecurity Team monitors technology trends and developments to inform improvements and modifications to Ladder’s information technology (“IT”) infrastructure and oversees the Company’s various cybersecurity training initiatives. The Cybersecurity Team also oversees the Company’s testing and deployment of AI technologies and monitors AI-enabled cybersecurity threats. The members of the Cybersecurity Team have extensive on-the-job experience in cybersecurity matters, sharing responsibility for cybersecurity, as well as for regulatory, compliance and/or IT. Ladder’s CTO has over 20 years of experience in the design, engineering, implementation, and management of information technology, including as the founder of an IT managed service provider for professional and financial services companies. The GC helped establish the Company’s cybersecurity risk management framework and has overseen the Company’s best practice approach to cybersecurity governance, testing and diligence for over a decade. The CCO helps ensure adherence to regulatory standards and helps refine our cybersecurity policies and training initiatives. Ladder conducts routine risk assessments to identify cyber threats and vulnerabilities and assess the likelihood of occurrence and severity of the impact of such threats and vulnerabilities on the Company. Ladder regularly updates its risk assessment to guide Ladder’s cybersecurity risk management program and controls and to prioritize risk mitigation and remediation in an evolving threat landscape. Ladder maintains cybersecurity policies and procedures informed by National Institute of Standards and Technology (“NIST”) or International Organization for Standardization (“ISO”) and designed to manage these risks and ensure that the Cybersecurity Team and other relevant employees are made aware of cybersecurity incidents in a timely manner. These policies include incident response, data classification, physical and network security polices, remote access, record retention and secure destruction policies. The Cybersecurity Team conducts a formal evaluation of Ladder’s applicable policies and cyber risks and mitigants on at least an annual basis. Ladder’s outsourced technology firm, as well as internal auditors, participate in this evaluation. Ladder also maintains processes designed to oversee and identify material risks from cybersecurity threats associated with our use of third-party service providers based on the service provider’s risk profile. Ladder does not generally maintain consumer data and does not extensively leverage third parties to manage or process sensitive data. Most of the third parties that have access to sensitive information belonging to either us or our borrowers, clients or other counterparties are lenders, law firms and other third parties that require such access in connection with Ladder’s commercial lending activities. When Ladder leverages third-party service providers that collect or maintain sensitive information, Ladder conducts initial diligence on such third parties and conducts ongoing monitoring that includes annual due diligence questionnaires and contractual data security protections. In addition to the policies and procedures discussed above, Ladder leverages industry standard third-party technology, tools and services to assist in monitoring, detecting and managing cyber threats, including managed security service monitoring, endpoint detection and response tools. Ladder also maintains other appropriate cybersecurity controls, including: •Annual penetration testing by rotating third-party service providers; •Weekly vulnerability scans; •Annual company-wide cybersecurity and AI training, including monthly phishing exercises; •Annual tabletop exercises; •Vendor cybersecurity diligence; and •Cyber insurance.
|
| Cybersecurity Risk Management Processes Integrated [Flag] | true |
| Cybersecurity Risk Management Processes Integrated [Text Block] | Ladder has a cybersecurity risk management program that is designed to assess, identify, manage, and govern material risks from cybersecurity threats. Our cybersecurity risk management program is also a key component of our overall risk management program.
|
| Cybersecurity Risk Management Third Party Engaged [Flag] | true |
| Cybersecurity Risk Third Party Oversight and Identification Processes [Flag] | true |
| Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag] | false |
| Cybersecurity Risk Board of Directors Oversight [Text Block] | Our board of directors is responsible for the overall governance of our cybersecurity risk management program and is aware of the critical nature of managing risks associated with its cybersecurity threats. The Audit Committee assists the board in its oversight of the Company’s strategies to assess and mitigate cybersecurity risks, as set forth in the Audit Committee’s charter. The Audit Committee receives quarterly or as needed updates from the CTO and GC regarding the cybersecurity risks the Company faces based on the current cybersecurity threat landscape, as well as the status of the measures undertaken by the Company to manage those risks. The Audit Committee reports to the board as needed.
|
| Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block] | Our board of directors is responsible for the overall governance of our cybersecurity risk management program and is aware of the critical nature of managing risks associated with its cybersecurity threats. The Audit Committee assists the board in its oversight of the Company’s strategies to assess and mitigate cybersecurity risks, as set forth in the Audit Committee’s charter. |
| Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block] | The Audit Committee receives quarterly or as needed updates from the CTO and GC regarding the cybersecurity risks the Company faces based on the current cybersecurity threat landscape, as well as the status of the measures undertaken by the Company to manage those risks. The Audit Committee reports to the board as needed. |
| Cybersecurity Risk Role of Management [Text Block] | Ladder conducts routine risk assessments to identify cyber threats and vulnerabilities and assess the likelihood of occurrence and severity of the impact of such threats and vulnerabilities on the Company. Ladder regularly updates its risk assessment to guide Ladder’s cybersecurity risk management program and controls and to prioritize risk mitigation and remediation in an evolving threat landscape. Ladder maintains cybersecurity policies and procedures informed by National Institute of Standards and Technology (“NIST”) or International Organization for Standardization (“ISO”) and designed to manage these risks and ensure that the Cybersecurity Team and other relevant employees are made aware of cybersecurity incidents in a timely manner. These policies include incident response, data classification, physical and network security polices, remote access, record retention and secure destruction policies. The Cybersecurity Team conducts a formal evaluation of Ladder’s applicable policies and cyber risks and mitigants on at least an annual basis. Ladder’s outsourced technology firm, as well as internal auditors, participate in this evaluation. Ladder also maintains processes designed to oversee and identify material risks from cybersecurity threats associated with our use of third-party service providers based on the service provider’s risk profile. Ladder does not generally maintain consumer data and does not extensively leverage third parties to manage or process sensitive data. Most of the third parties that have access to sensitive information belonging to either us or our borrowers, clients or other counterparties are lenders, law firms and other third parties that require such access in connection with Ladder’s commercial lending activities. When Ladder leverages third-party service providers that collect or maintain sensitive information, Ladder conducts initial diligence on such third parties and conducts ongoing monitoring that includes annual due diligence questionnaires and contractual data security protections. In addition to the policies and procedures discussed above, Ladder leverages industry standard third-party technology, tools and services to assist in monitoring, detecting and managing cyber threats, including managed security service monitoring, endpoint detection and response tools. Ladder also maintains other appropriate cybersecurity controls, including: •Annual penetration testing by rotating third-party service providers; •Weekly vulnerability scans; •Annual company-wide cybersecurity and AI training, including monthly phishing exercises; •Annual tabletop exercises; •Vendor cybersecurity diligence; and •Cyber insurance.
|
| Cybersecurity Risk Management Positions or Committees Responsible [Flag] | true |
| Cybersecurity Risk Management Positions or Committees Responsible [Text Block] | Ladder leverages a senior cybersecurity team (the “Cybersecurity Team”) comprised of the Chief Technology Officer (“CTO”), Chief Administrative Officer and General Counsel (the “GC”), Chief Compliance Officer and Senior Regulatory Counsel (the “CCO”), as well as senior representatives from Ladder’s outsourced technology firm. The Cybersecurity Team maintains Ladder’s cybersecurity risk management program, which is designed to identify, detect, assess, and manage cybersecurity risks. The Cybersecurity Team monitors technology trends and developments to inform improvements and modifications to Ladder’s information technology (“IT”) infrastructure and oversees the Company’s various cybersecurity training initiatives. The Cybersecurity Team also oversees the Company’s testing and deployment of AI technologies and monitors AI-enabled cybersecurity threats. The members of the Cybersecurity Team have extensive on-the-job experience in cybersecurity matters, sharing responsibility for cybersecurity, as well as for regulatory, compliance and/or IT. Ladder’s CTO has over 20 years of experience in the design, engineering, implementation, and management of information technology, including as the founder of an IT managed service provider for professional and financial services companies. The GC helped establish the Company’s cybersecurity risk management framework and has overseen the Company’s best practice approach to cybersecurity governance, testing and diligence for over a decade. The CCO helps ensure adherence to regulatory standards and helps refine our cybersecurity policies and training initiatives.
|
| Cybersecurity Risk Management Expertise of Management Responsible [Text Block] | The members of the Cybersecurity Team have extensive on-the-job experience in cybersecurity matters, sharing responsibility for cybersecurity, as well as for regulatory, compliance and/or IT. Ladder’s CTO has over 20 years of experience in the design, engineering, implementation, and management of information technology, including as the founder of an IT managed service provider for professional and financial services companies. The GC helped establish the Company’s cybersecurity risk management framework and has overseen the Company’s best practice approach to cybersecurity governance, testing and diligence for over a decade. The CCO helps ensure adherence to regulatory standards and helps refine our cybersecurity policies and training initiatives.
|
| Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block] | The Audit Committee receives quarterly or as needed updates from the CTO and GC regarding the cybersecurity risks the Company faces based on the current cybersecurity threat landscape, as well as the status of the measures undertaken by the Company to manage those risks. The Audit Committee reports to the board as needed. |
| Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag] | true |