AMERICAN EQUITY INVESTMENT LIFE HOLDING CO - (AEL)

10-K Filing Date: February 29, 2024
Item 1C. Cybersecurity
Risk Management and Strategy; Governance
American Equity maintains a documented Information Security Risk Management Program (“Program”) that includes risk assessments regularly conducted by American Equity and third-party experts, assessors and auditors to evaluate potential security threats that may have a negative impact on the organization, detect potential vulnerabilities and mitigate any identified security risks. The Program is integrated into the Company’s overall risk management system. The Program is informed by industry standards and frameworks and is evaluated on an ongoing basis to address the evolving cyber threat landscape and seek alignment with industry standards such as applicable legal and regulatory guidance and mandates. In addition, the Company regularly self-assesses the Program against its internal policies.
As part of the Program, the Company: deploys technical and organizational safeguards designed to protect the Company’s networks, systems, and data from cybersecurity threats; maintains a threat management program that continuously monitors evolving cybersecurity risks; has established and maintains incident response plans that address the Company’s response to a cybersecurity incident; maintains a third-party risk management program that includes a due diligence and ongoing assessment process for service providers based on the risk they present and the adequacy of their safeguards; and provides ongoing education and training to employees regarding information security threats. The Company also conducts periodic penetration testing and tabletop exercises.
The American Equity Chief Information Security Officer provides oversight and direction for the Program and communicates the information security risk posture and the prevention, detection, mitigation, and remediation of cybersecurity incidents to the American Equity executive team and American Equity's Board of Directors. The Board oversees the Program and management of risks from cybersecurity threats and reviews and monitors American Equity’s business and technology strategy.
As of the reporting date, no risks from cybersecurity threats, including as a result of any previous cybersecurity incidents, have materially affected or are reasonably likely to materially affect the Company, including its business strategy, results of operations or financial condition.