Cybersecurity Risk Management and Strategy Disclosure |
12 Months Ended |
|---|---|
Dec. 31, 2025 | |
| Cybersecurity Risk Management, Strategy, and Governance [Line Items] | |
| Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block] | We have implemented processes across our organization for assessing, identifying, and managing material risks from potential unauthorized occurrences on or through our electronic information systems that could adversely affect the confidentiality, integrity, or availability of our information systems or the information residing on those systems. These processes include internal and external vulnerability management systems, scanning systems, firewalls and breach alert systems, among others. Such systems and processes are designed to prevent, detect, or mitigate data loss, theft, misuse, unauthorized access, or other security incidents or vulnerabilities affecting the data. The data includes confidential, proprietary, and business and personal information that we collect, process, store, and transmit as part of our business, including on behalf of third parties. As part of our risk management process, we conduct monthly vulnerability scans, annual penetration testing, phishing tests, annual risk assessments, and ad-hoc application security assessments. We also maintain a variety of playbooks for our incident response plan that are utilized when incidents are detected. We require employees with access to information systems to undertake data protection and cybersecurity training at least annually. In addition, employees subject to regulatory requirements undertake compliance training at least annually. In addition, we engage certain third-party security providers to assist with assessing, identifying, and managing cybersecurity risks. Such services include, but are not limited to, managed security providers, assessors, consultants, auditors, and penetration testers. We also use a third-party vendor management software to assess the security posture of other material third party vendors to reduce the impact of a security incident from such vendors. As discussed below, we rely on notifications from third parties and other external alert systems to identify material risks that may exist with such parties.
|
| Cybersecurity Risk Management Processes Integrated [Flag] | true |
| Cybersecurity Risk Management Processes Integrated [Text Block] | We have implemented processes across our organization for assessing, identifying, and managing material risks from potential unauthorized occurrences on or through our electronic information systems that could adversely affect the confidentiality, integrity, or availability of our information systems or the information residing on those systems.
|
| Cybersecurity Risk Management Third Party Engaged [Flag] | true |
| Cybersecurity Risk Third Party Oversight and Identification Processes [Flag] | true |
| Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag] | false |
| Cybersecurity Risk Board of Directors Oversight [Text Block] | Our cybersecurity risks and associated mitigation efforts are continuously monitored and evaluated by senior management as part of the Company's overall risk management process. In addition, a report prepared by the Chief Information Security Officer outlining any material cyber risks as well as any mitigation efforts is presented by the Chief Information Security Officer to the Audit Committee of our Board of Directors on a quarterly basis as part of the Company's enterprise risk program. The Company is not aware of any risks from cybersecurity threats, including as a result of any previous cybersecurity incidents that have materially affected or are reasonably likely to materially affect the Company, including its business strategy, results of operations, or financial condition. Additional information about cybersecurity risks we face is discussed in “Item 1A. Risk Factors,” under the heading “Risks Related to Data Security and Intellectual Property,” which should be read in conjunction with the information above.
|
| Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block] | Each business unit maintains appropriate cybersecurity leadership based on its operational needs. Certain business units, including our Telecom group, maintain a dedicated Chief Information Security Officer who oversees cybersecurity programs tailored to their specific business requirements and regulatory obligations. The Consumer Product group, receive virtual Chief Information Security Officer (vCISO) services from our corporate cybersecurity team, ensuring consistent oversight and expertise while allowing operational flexibility. This structure enables us to provide comprehensive cybersecurity leadership across our diverse portfolio while maintaining efficiency and leveraging centralized expertise where appropriate. The corporate CISO provides regular updates to the Cybersecurity Committee (discussed further below) of which he is also a member. Cybersecurity leaders across all business units coordinate with the corporate CISO to ensure consistent application of cybersecurity standards, sharing of threat intelligence, and alignment on enterprise-wide cybersecurity initiatives.
|
| Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block] | Cybersecurity incidents come to the attention of the Company from the cybersecurity teams which may be notified of such incidents from internal vulnerability monitoring systems, business unit security teams, third-party vendors, government or industry alerts, media broadcasts, or employee self-reporting. Risk assessment and mitigation efforts related to cybersecurity incidents are subject to oversight by the Cybersecurity Committee, which monitors the prevention, detection, and remediation of such incidents. The Cybersecurity Committee, which is comprised of directors from different divisions within the Company, as well as members of the Corporate Cybersecurity Team and the corporate Chief information Security Officer, oversees Company policies and procedures for protecting cybersecurity infrastructure and for compliance with applicable data protection and security regulations, and related risks. The Cybersecurity Committee meets at least quarterly or whenever a material cybersecurity incident is identified at the Company or any of its business units. Material cybersecurity incidents, as well as mitigation efforts related to such incidents, are promptly reported to senior management.
|
| Cybersecurity Risk Role of Management [Text Block] | BRC Group Holdings, Inc. operates through multiple business units, each with tailored cybersecurity leadership appropriate to its size, complexity, and risk profile. Our corporate cybersecurity function is led by our Chief Information Security Officer (CISO), who has extensive cybersecurity knowledge and skills gained from over 20 years of experience at the Company as Chief Information Security Officer and Chief Information Officer, where he has been responsible for implementing and maintaining cybersecurity and data protection practices, implementing complex technology solutions, and managing large groups of technology professionals. He holds multiple cybersecurity industry focused certifications and reports directly to the Co-Chief Executive Officer. Each business unit maintains appropriate cybersecurity leadership based on its operational needs. Certain business units, including our Telecom group, maintain a dedicated Chief Information Security Officer who oversees cybersecurity programs tailored to their specific business requirements and regulatory obligations. The Consumer Product group, receive virtual Chief Information Security Officer (vCISO) services from our corporate cybersecurity team, ensuring consistent oversight and expertise while allowing operational flexibility. This structure enables us to provide comprehensive cybersecurity leadership across our diverse portfolio while maintaining efficiency and leveraging centralized expertise where appropriate. The corporate CISO provides regular updates to the Cybersecurity Committee (discussed further below) of which he is also a member. Cybersecurity leaders across all business units coordinate with the corporate CISO to ensure consistent application of cybersecurity standards, sharing of threat intelligence, and alignment on enterprise-wide cybersecurity initiatives.
|
| Cybersecurity Risk Management Positions or Committees Responsible [Flag] | true |
| Cybersecurity Risk Management Positions or Committees Responsible [Text Block] | our Chief Information Security Officer (CISO), who has extensive cybersecurity knowledge and skills gained from over 20 years of experience at the Company as Chief Information Security Officer and Chief Information Officer, where he has been responsible for implementing and maintaining cybersecurity and data protection practices, implementing complex technology solutions, and managing large groups of technology professionals. |
| Cybersecurity Risk Management Expertise of Management Responsible [Text Block] | Our corporate cybersecurity function is led by our Chief Information Security Officer (CISO), who has extensive cybersecurity knowledge and skills gained from over 20 years of experience at the Company as Chief Information Security Officer and Chief Information Officer, where he has been responsible for implementing and maintaining cybersecurity and data protection practices, implementing complex technology solutions, and managing large groups of technology professionals. |
| Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block] | Cybersecurity incidents come to the attention of the Company from the cybersecurity teams which may be notified of such incidents from internal vulnerability monitoring systems, business unit security teams, third-party vendors, government or industry alerts, media broadcasts, or employee self-reporting. Risk assessment and mitigation efforts related to cybersecurity incidents are subject to oversight by the Cybersecurity Committee, which monitors the prevention, detection, and remediation of such incidents. The Cybersecurity Committee, which is comprised of directors from different divisions within the Company, as well as members of the Corporate Cybersecurity Team and the corporate Chief information Security Officer, oversees Company policies and procedures for protecting cybersecurity infrastructure and for compliance with applicable data protection and security regulations, and related risks. The Cybersecurity Committee meets at least quarterly or whenever a material cybersecurity incident is identified at the Company or any of its business units. Material cybersecurity incidents, as well as mitigation efforts related to such incidents, are promptly reported to senior management. Board Oversight Our cybersecurity risks and associated mitigation efforts are continuously monitored and evaluated by senior management as part of the Company's overall risk management process. In addition, a report prepared by the Chief Information Security Officer outlining any material cyber risks as well as any mitigation efforts is presented by the Chief Information Security Officer to the Audit Committee of our Board of Directors on a quarterly basis as part of the Company's enterprise risk program.
|
| Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag] | true |