XML 47 R33.htm IDEA: XBRL DOCUMENT v3.25.2
Cybersecurity Risk Management and Strategy Disclosure
 12 Months Ended
Jun. 30, 2025
Cybersecurity Risk Management, Strategy, and Governance [Line Items]  
Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]
Risk Management and Strategy
Our risk management processes and procedures include a cybersecurity risk management program as part of its multiple technical layers of defense. Through our cybersecurity risk management program, we have designed and implemented processes for identifying, assessing, preventing, and managing material risks from cybersecurity threats to our critical computer networks, third-party service providers, communication systems, hardware and software, and our critical data, including confidential company and customer information. As part of our cybersecurity risk management program, we evaluate our various technical layers of defense on an ongoing basis including performing incident response planning, frequent vulnerability testing, vendor risk management, intrusion monitoring, and maintaining a security awareness program. We invest in our people, processes and systems and collaborate with appropriate government and law enforcement agencies to help monitor cybersecurity threats as well as prevent and respond to cybersecurity incidents.
We may utilize various resources that we deem necessary based on actual or potential threats and vulnerabilities to Axos, including engaging independent third-party assessors, consultants and/or auditors to help evaluate the effectiveness of our cybersecurity risk management program, processes, and controls.
Our overall enterprise risk management includes a third-party risk management program, through which we identify, monitor, and manage cybersecurity risks inherent in or related to external service providers and other third parties. Through our business lines, we actively assess and oversee our third-party service providers against requirements set by our third-party risk management program and our cybersecurity risk management program.
We have not identified any cybersecurity incidents that have materially affected Axos or its business strategy, results of operations, or financial condition. However, we face ongoing cybersecurity risks which may materially affect the Company in the future. Refer to the Risk Factors section for additional information.
Cybersecurity Risk Management Processes Integrated [Flag] true
Cybersecurity Risk Management Processes Integrated [Text Block]
Our risk management processes and procedures include a cybersecurity risk management program as part of its multiple technical layers of defense. Through our cybersecurity risk management program, we have designed and implemented processes for identifying, assessing, preventing, and managing material risks from cybersecurity threats to our critical computer networks, third-party service providers, communication systems, hardware and software, and our critical data, including confidential company and customer information. As part of our cybersecurity risk management program, we evaluate our various technical layers of defense on an ongoing basis including performing incident response planning, frequent vulnerability testing, vendor risk management, intrusion monitoring, and maintaining a security awareness program. We invest in our people, processes and systems and collaborate with appropriate government and law enforcement agencies to help monitor cybersecurity threats as well as prevent and respond to cybersecurity incidents.
Cybersecurity Risk Management Third Party Engaged [Flag] true
Cybersecurity Risk Third Party Oversight and Identification Processes [Flag] true
Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag] false
Cybersecurity Risk Board of Directors Oversight [Text Block] Cybersecurity risk management is part of our Board of Directors’ general oversight function, which includes oversight of the cybersecurity risk management program and any identified cybersecurity risks and incidents. To facilitate its oversight, the Board of Directors receives regular updates from management on cybersecurity.
Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block] Our Chief Risk Officer has primary responsibility for our enterprise risk management program. Our Chief Information Security Officer has primary responsibility for our cybersecurity risk management program and supervises the Company’s cybersecurity personnel.
Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block]
Our Chief Risk Officer has primary responsibility for our enterprise risk management program. Our Chief Information Security Officer has primary responsibility for our cybersecurity risk management program and supervises the Company’s cybersecurity personnel. Both individuals have extensive work experience in various roles involving risk and compliance, including cybersecurity and information security.
The individuals involved in our cybersecurity risk management program are informed about developments in cybersecurity risks and related matters through a variety of channels inside the Company, including but not limited to, briefings from internal teams and alerts and reports produced by various measures we may deploy, as well as information obtained from external sources in the government and private sector, including external third party consultants retained by Axos.
Our Chief Information Security Officer and Chief Risk Officer report information on cybersecurity risks to the Board of Directors on a regular basis.
Cybersecurity Risk Role of Management [Text Block]
Our Chief Risk Officer has primary responsibility for our enterprise risk management program. Our Chief Information Security Officer has primary responsibility for our cybersecurity risk management program and supervises the Company’s cybersecurity personnel. Both individuals have extensive work experience in various roles involving risk and compliance, including cybersecurity and information security.
The individuals involved in our cybersecurity risk management program are informed about developments in cybersecurity risks and related matters through a variety of channels inside the Company, including but not limited to, briefings from internal teams and alerts and reports produced by various measures we may deploy, as well as information obtained from external sources in the government and private sector, including external third party consultants retained by Axos.
Our Chief Information Security Officer and Chief Risk Officer report information on cybersecurity risks to the Board of Directors on a regular basis.
Cybersecurity Risk Management Positions or Committees Responsible [Flag] true
Cybersecurity Risk Management Positions or Committees Responsible [Text Block] Our Chief Risk Officer has primary responsibility for our enterprise risk management program. Our Chief Information Security Officer has primary responsibility for our cybersecurity risk management program and supervises the Company’s cybersecurity personnel.
Cybersecurity Risk Management Expertise of Management Responsible [Text Block] Both individuals have extensive work experience in various roles involving risk and compliance, including cybersecurity and information security.
Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block]
Our Chief Risk Officer has primary responsibility for our enterprise risk management program. Our Chief Information Security Officer has primary responsibility for our cybersecurity risk management program and supervises the Company’s cybersecurity personnel. Both individuals have extensive work experience in various roles involving risk and compliance, including cybersecurity and information security.
The individuals involved in our cybersecurity risk management program are informed about developments in cybersecurity risks and related matters through a variety of channels inside the Company, including but not limited to, briefings from internal teams and alerts and reports produced by various measures we may deploy, as well as information obtained from external sources in the government and private sector, including external third party consultants retained by Axos.
Our Chief Information Security Officer and Chief Risk Officer report information on cybersecurity risks to the Board of Directors on a regular basis.
Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag] true