XML 54 R37.htm IDEA: XBRL DOCUMENT v3.25.0.1
Cybersecurity Risk Management and Strategy Disclosure
 12 Months Ended
Dec. 31, 2024
Cybersecurity Risk Management, Strategy, and Governance [Line Items]  
Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]
We recognize the importance of maintaining an integrated cybersecurity risk management system and view our responsibility for cybersecurity management as an enterprise risk, where we have adopted proactive and defensive safeguards. We maintain layered processes that place responsibility for management and mitigation of cybersecurity risks at both the management and Board level, which is modeled after the National Institute of Standards and Technology’s cybersecurity framework, as more fully described below.
We have not previously experienced a cybersecurity incident that has materially affected HGV, including our business strategy, results of operations, or financial condition. However, we cannot be certain that we will not experience such an incident in the future. For information on risks we face from cybersecurity threats, see “Our increasing reliance on information technology and other systems subjects us to risks associated with cybersecurity. Cyber-attacks or our failure to maintain the security and integrity of company, employee, associate, customer, or third-party data could have a disruptive effect on our business and adversely affect our reputation and financial performance” in Item 1A. Risk Factors.
Cybersecurity Risk Management Processes Integrated [Flag] true
Cybersecurity Risk Management Processes Integrated [Text Block] We recognize the importance of maintaining an integrated cybersecurity risk management system and view our responsibility for cybersecurity management as an enterprise risk, where we have adopted proactive and defensive safeguards. We maintain layered processes that place responsibility for management and mitigation of cybersecurity risks at both the management and Board level, which is modeled after the National Institute of Standards and Technology’s cybersecurity framework, as more fully described below.
Cybersecurity Risk Management Third Party Engaged [Flag] true
Cybersecurity Risk Third Party Oversight and Identification Processes [Flag] true
Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag] false
Cybersecurity Risk Board of Directors Oversight [Text Block]
Board Level Governance
The Audit Committee has primary Board-level responsibility for oversight of our cybersecurity and data protection risks. and serves as a liaison between management and the full Board. The Audit Committee receives regular reports from our CTO and CISO regarding the primary cybersecurity risks facing HGV, and the steps management is taking to mitigate such risks. The CISO and the CTO provide comprehensive briefings to the Audit Committee on a regular basis, generally at least once per quarter. These briefings include:
Current cybersecurity landscape and emerging threats;
Status of ongoing cybersecurity initiatives and strategies;
Incident reports and learnings from any cybersecurity incidents, if applicable; and
Compliance with regulatory requirements and industry standards.
The Audit Committee also reviews our cybersecurity management strategy and initiatives on a regular basis with our CTO and CISO. Both the Audit Committee and Board will promptly be made aware of any significant cybersecurity incident, as specified in our cybersecurity incident response plan.
Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block] Our cybersecurity efforts are led by the Chief Technology Officer (“CTO”) and Chief Information Security Officer (“CISO”). The CISO has primary management-level responsibility for assessing and managing our cybersecurity program. The CISO reports to the CTO, who provides regular feedback to other members of the management team on managing material risks from cybersecurity threats.
Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block]
The Audit Committee has primary Board-level responsibility for oversight of our cybersecurity and data protection risks. and serves as a liaison between management and the full Board. The Audit Committee receives regular reports from our CTO and CISO regarding the primary cybersecurity risks facing HGV, and the steps management is taking to mitigate such risks. The CISO and the CTO provide comprehensive briefings to the Audit Committee on a regular basis, generally at least once per quarter. These briefings include:
Current cybersecurity landscape and emerging threats;
Status of ongoing cybersecurity initiatives and strategies;
Incident reports and learnings from any cybersecurity incidents, if applicable; and
Compliance with regulatory requirements and industry standards.
The Audit Committee also reviews our cybersecurity management strategy and initiatives on a regular basis with our CTO and CISO. Both the Audit Committee and Board will promptly be made aware of any significant cybersecurity incident, as specified in our cybersecurity incident response plan.
Cybersecurity Risk Role of Management [Text Block]
Our cybersecurity efforts are led by the Chief Technology Officer (“CTO”) and Chief Information Security Officer (“CISO”). The CISO has primary management-level responsibility for assessing and managing our cybersecurity program. The CISO reports to the CTO, who provides regular feedback to other members of the management team on managing material risks from cybersecurity threats.
Our CISO has over 25 years of experience in the field of cybersecurity. His background includes extensive experience as a technology consultant. His in-depth knowledge and experience are instrumental in developing and executing our cybersecurity strategies.
Our CTO has extensive experience designing, developing, and utilizing technology products for security operation center services. His technical responsibilities spanned product security, privacy controls, data protection, and identity management. He has also overseen security operations, incident response, threat hunting, security intelligence, analytics, and technical fraud functions and worked with legal response teams at numerous companies, including serving as a Managing Director of a cybersecurity firm. He has advised chief information officers and consulted for boards of directors on cybersecurity related issues and attacks.
Our CISO oversees our governance programs, tests our compliance with standards, remediates known risks, and leads our employee training program on information security. He is also responsible for keeping HGV apprised of the latest developments in cybersecurity, including potential threats and innovative risk management techniques. We believe this ongoing knowledge acquisition is crucial for the effective prevention, detection, mitigation, and remediation of cybersecurity incidents. The CISO implements and oversees processes for the regular monitoring of our information systems. This includes the deployment of advanced security measures and regular system audits to identify potential vulnerabilities. In the event of a cybersecurity incident, the CISO is equipped with a well-defined incident response plan. This plan includes immediate actions designed to mitigate the impact and long-term strategies for remediation and prevention of future incidents.
Cybersecurity Risk Management Positions or Committees Responsible [Flag] true
Cybersecurity Risk Management Positions or Committees Responsible [Text Block] Our cybersecurity efforts are led by the Chief Technology Officer (“CTO”) and Chief Information Security Officer (“CISO”). The CISO has primary management-level responsibility for assessing and managing our cybersecurity program. The CISO reports to the CTO, who provides regular feedback to other members of the management team on managing material risks from cybersecurity threats.
Cybersecurity Risk Management Expertise of Management Responsible [Text Block]
Our CISO has over 25 years of experience in the field of cybersecurity. His background includes extensive experience as a technology consultant. His in-depth knowledge and experience are instrumental in developing and executing our cybersecurity strategies.
Our CTO has extensive experience designing, developing, and utilizing technology products for security operation center services. His technical responsibilities spanned product security, privacy controls, data protection, and identity management. He has also overseen security operations, incident response, threat hunting, security intelligence, analytics, and technical fraud functions and worked with legal response teams at numerous companies, including serving as a Managing Director of a cybersecurity firm. He has advised chief information officers and consulted for boards of directors on cybersecurity related issues and attacks.
Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block]
Our CISO oversees our governance programs, tests our compliance with standards, remediates known risks, and leads our employee training program on information security. He is also responsible for keeping HGV apprised of the latest developments in cybersecurity, including potential threats and innovative risk management techniques. We believe this ongoing knowledge acquisition is crucial for the effective prevention, detection, mitigation, and remediation of cybersecurity incidents. The CISO implements and oversees processes for the regular monitoring of our information systems. This includes the deployment of advanced security measures and regular system audits to identify potential vulnerabilities. In the event of a cybersecurity incident, the CISO is equipped with a well-defined incident response plan. This plan includes immediate actions designed to mitigate the impact and long-term strategies for remediation and prevention of future incidents.
Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag] true