Cybersecurity Risk Management and Strategy Disclosure	12 Months Ended
Dec. 31, 2024
Cybersecurity Risk Management, Strategy, and Governance [Line Items]
Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]	We maintain an enterprise-wide information security and cyber risk management framework (“Framework”) that is designed to protect our information, assets and systems and comply with applicable data security and privacy laws and regulations, in all jurisdictions in which we operate. Our Information Security and Cyber Risk Management Policy is aligned with the National Institute of Standards and Technology (“NIST”) cybersecurity framework and sets out our internal framework to enable a consistent and coordinated approach to ensure that information security risks are adequately addressed in a manner proportionate to the nature, scale and complexity of our operations. Our framework is designed to protect information from the time it is created, through its useful life, to its ultimate authorized disposal. Our cybersecurity program is designed to provide reasonable assurance that we will have efficient and effective operations; safeguard our assets; produce reliable reporting; comply with applicable laws and regulations; and to identify, protect, detect and respond to, and manage, reasonably foreseeable cybersecurity risks and threats. Our Framework is a key part of our internal control system and uses risk management processes to enable informed and prioritized decisions regarding information and cyber security. Effective identification of information security and cyber risk enable us to focus and prioritize risk management efforts and determine resources required to manage the risks. We regularly assess risks from cybersecurity and technology threats and monitor our information systems for potential vulnerabilities and incidents. Risk identification processes span the entity, segment, function, and operational levels, to capture key risks within business processes, group-wide risks that are not directly associated with an individual function or process, and changes that could impact the internal control environment. Risk assessment involves a dynamic and iterative process for analyzing information security and cyber risks in order to form the basis for classifying information assets according to their value, sensitivity, and criticality; and for determining how risks should be managed, in accordance with our risk tolerance. Our risk assessment considers threats, vulnerabilities, exploitability, likelihood, and magnitude of impact to our operations, assets, individuals and facilities. Risk assessments also consider risk from external parties, including contractors who operate systems on our behalf, individuals who access our systems or data, service providers, and outsourcing entities. Risk assessments play an important role in the control selection processes. As internal and external circumstances change over time, risk identification also captures emerging information security and cyber risks. These and other emerging risks are reported to the Risk Committee of the Board. Identified risks are recorded in the Group risk register and categorized, using the NIST security control family taxonomy to categorize and aggregate risk information. Once identified, all key information security and cyber risks are assessed to form the basis for determining how risks should be managed. After information security and cyber controls are implemented, they are regularly monitored and evaluated to determine whether the controls are implemented correctly, operate as intended, produce the desired outcome, and continue to comply with laws, regulations and contractual requirements. Monitoring helps to maintain a dynamic understanding of the Group’s risk profile and identify control deficiencies which require remediation actions. As part of our risk management process, we conduct application security assessments, vulnerability management, penetration testing, employee phishing testing, security audits, and ongoing risk assessments. We also maintain a variety of incident response plans that are utilized when incidents are detected. We require employees with access to information systems, including all employees, to undertake data protection and cybersecurity training and compliance programs annually. Where possible, with respect to our cyber risk management processes, controls are implemented with a corresponding performance scale which is used as the basis for establishing monitoring via Key Risk Indicators (“KRIs”). KRIs are measured against the acceptable level of variance in performance relative to the achievement of control objectives and indicate whether controls are adequately addressing risk and whether risks are changing over time. KRIs that fall outside of pre-established thresholds trigger a more thorough management review and assessment, and where appropriate, any necessary adjustments to controls. Control deficiencies that result in exposures that exceed tolerance will be subject to a monitored mitigation plan with an agreed timeline to reduce residual risk to within the tolerance; and included in risk reporting. In such a case, the risk is implicitly temporarily accepted while mitigation actions progress. The development and ownership of an appropriate response is determined by relevant first line stakeholders in consultation with the Group Chief Information Security Officer (“CISO”). The action plan should be proportionate to the level of exposure and include defined actions aligned to the underlying causes. In some cases, it might be determined that the exposure exceeds risk tolerance and cannot be brought within acceptable levels through any combination of mitigation or risk transfer. In this case, the applicable business function owner will consult with the CISO to determine the best course of action (e.g., through risk avoidance, an exception process, or increased security requirements for the relevant system/process). Exceptions and risk avoidance circumstances should be rare and will be recorded and reported to the Group Executive Committee. Notably, risk avoidance is not the same as ignoring a risk. See "Risk Factors - A failure in our data security and/or technology systems or infrastructure or those of third parties, including those caused by security breaches or cyber-attacks could disrupt our business, damage our reputation and cause losses." In the normal course, we engage assessors, consultants and other third parties to assist in various cyber-related matters. These engagements cover a range of risk mitigation activities such as threat detection, penetration testing and red/purple team cyber-attack simulations. We have implemented processes to identify and manage risks from cybersecurity threats associated with our use of such third-party service providers, including in relation to information security, particularly for personal information. These controls include contractual requirements to meet certain information security and testing requirements, alongside ongoing oversight procedures.
Cybersecurity Risk Management Processes Integrated [Flag]	true
Cybersecurity Risk Management Processes Integrated [Text Block]	Our cybersecurity program is designed to provide reasonable assurance that we will have efficient and effective operations; safeguard our assets; produce reliable reporting; comply with applicable laws and regulations; and to identify, protect, detect and respond to, and manage, reasonably foreseeable cybersecurity risks and threats. Our Framework is a key part of our internal control system and uses risk management processes to enable informed and prioritized decisions regarding information and cyber security.
Cybersecurity Risk Management Third Party Engaged [Flag]	true
Cybersecurity Risk Third Party Oversight and Identification Processes [Flag]	true
Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag]	false
Cybersecurity Risk Board of Directors Oversight [Text Block]	Management has responsibility to manage risk and bring to the Board’s attention the most material near-term and long-term risks to the Company. The Company’s CISO leads management’s assessment and management of cybersecurity risk and is responsible for defining the Framework, and for establishing and maintaining security policies, standards and guidelines for group-wide applicability. Our Company CISO has extensive experience in IT and cybersecurity in particular, spanning over 25 years within multiple industries, including financial services and insurance, including CISO roles at PE owned companies. The CISO reports to the Chief Information Officer, who reports to the Group Chief Operating Officer, who in turn reports directly to the Company’s Group Chief Executive Officer. The Board is actively engaged in overseeing and reviewing the Company’s strategic direction and objectives, taking into account, among other considerations, the Company’s risk profile and related exposures, as part of this oversight the Board has delegated certain of these responsibilities to committees of the Board. The Risk Committee reviews, on behalf of the Board, at least once annually, the Group’s cybersecurity program, its effectiveness, related exposures and risks, including actions underway or planned to reduce these risks. This review and oversight may generally encompass data breach risk; cyber prevention and detection controls; privacy matters; incident response plan; third-party cyber risk; cyber trends and events; and other cyber topics determined jointly by management and the Risk Committee. In carrying out this role, the Risk Committee takes into account the relevant work of the CISO. The CISO presents to the Risk Committee at least once annually, and the Board receives updates on operational risks, including cybersecurity matters, at its regular quarterly meetings from the Group Chief Operating Officer, alongside second-line oversight updates from the Group Chief Risk Officer. The Internal Audit function also provides third-line oversight of cyber risk elements through periodic testing of our cyber procedures, the results of which are reported to the Risk Committee and subsidiary boards of directors as appropriate. On the recommendation of the Risk Committee, the Board reviews and approves the Group Information Security and Risk Management Policy on an annual basis and oversees our annual enterprise risk assessment on at least an annual basis to assess key risks within the business, including security and technology risks and cybersecurity threats.
Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block]	The Risk Committee reviews, on behalf of the Board, at least once annually, the Group’s cybersecurity program, its effectiveness, related exposures and risks, including actions underway or planned to reduce these risks.
Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block]	The CISO presents to the Risk Committee at least once annually, and the Board receives updates on operational risks, including cybersecurity matters, at its regular quarterly meetings from the Group Chief Operating Officer, alongside second-line oversight updates from the Group Chief Risk Officer. The Internal Audit function also provides third-line oversight of cyber risk elements through periodic testing of our cyber procedures, the results of which are reported to the Risk Committee and subsidiary boards of directors as appropriate.
Cybersecurity Risk Role of Management [Text Block]	Management has responsibility to manage risk and bring to the Board’s attention the most material near-term and long-term risks to the Company. The Company’s CISO leads management’s assessment and management of cybersecurity risk and is responsible for defining the Framework, and for establishing and maintaining security policies, standards and guidelines for group-wide applicability. Our Company CISO has extensive experience in IT and cybersecurity in particular, spanning over 25 years within multiple industries, including financial services and insurance, including CISO roles at PE owned companies. The CISO reports to the Chief Information Officer, who reports to the Group Chief Operating Officer, who in turn reports directly to the Company’s Group Chief Executive Officer.
Cybersecurity Risk Management Positions or Committees Responsible [Flag]	true
Cybersecurity Risk Management Positions or Committees Responsible [Text Block]	The Risk Committee reviews, on behalf of the Board, at least once annually, the Group’s cybersecurity program, its effectiveness, related exposures and risks, including actions underway or planned to reduce these risks. This review and oversight may generally encompass data breach risk; cyber prevention and detection controls; privacy matters; incident response plan; third-party cyber risk; cyber trends and events; and other cyber topics determined jointly by management and the Risk Committee. In carrying out this role, the Risk Committee takes into account the relevant work of the CISO. The CISO presents to the Risk Committee at least once annually, and the Board receives updates on operational risks, including cybersecurity matters, at its regular quarterly meetings from the Group Chief Operating Officer, alongside second-line oversight updates from the Group Chief Risk Officer. The Internal Audit function also provides third-line oversight of cyber risk elements through periodic testing of our cyber procedures, the results of which are reported to the Risk Committee and subsidiary boards of directors as appropriate.
Cybersecurity Risk Management Expertise of Management Responsible [Text Block]	Our Company CISO has extensive experience in IT and cybersecurity in particular, spanning over 25 years within multiple industries, including financial services and insurance, including CISO roles at PE owned companies.
Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block]	The CISO presents to the Risk Committee at least once annually, and the Board receives updates on operational risks, including cybersecurity matters, at its regular quarterly meetings from the Group Chief Operating Officer, alongside second-line oversight updates from the Group Chief Risk Officer. The Internal Audit function also provides third-line oversight of cyber risk elements through periodic testing of our cyber procedures, the results of which are reported to the Risk Committee and subsidiary boards of directors as appropriate.
Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag]	true

Cybersecurity Risk Management and Strategy Disclosure

12 Months Ended

Dec. 31, 2024

Cybersecurity Risk Management, Strategy, and Governance [Line Items]

Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]

We maintain an enterprise-wide information security and cyber risk management framework (“Framework”) that is designed to protect our information, assets and systems and comply with applicable data security and privacy laws and regulations, in all jurisdictions in which we operate. Our Information Security and Cyber Risk Management Policy is aligned with the National Institute of Standards and Technology (“NIST”) cybersecurity framework and sets out our internal framework to enable a consistent and coordinated approach to ensure that information security risks are adequately addressed in a manner proportionate to the nature, scale and complexity of our operations. Our framework is designed to protect information from the time it is created, through its useful life, to its ultimate authorized disposal.

Our cybersecurity program is designed to provide reasonable assurance that we will have efficient and effective operations; safeguard our assets; produce reliable reporting; comply with applicable laws and regulations; and to identify, protect, detect and respond to, and manage, reasonably foreseeable cybersecurity risks and threats. Our Framework is a key part of our internal control system and uses risk management processes to enable informed and prioritized decisions regarding information and cyber security.

Effective identification of information security and cyber risk enable us to focus and prioritize risk management efforts and determine resources required to manage the risks. We regularly assess risks from cybersecurity and technology threats and monitor our information systems for potential vulnerabilities and incidents. Risk identification processes span the entity, segment, function, and operational levels, to capture key risks within business processes, group-wide risks that are not directly associated with an individual function or process, and changes that could impact the internal control environment. Risk assessment involves a dynamic and iterative process for analyzing information security and cyber risks in order to form the basis for classifying information assets according to their value, sensitivity, and criticality; and for determining how risks should be managed, in accordance with our risk tolerance. Our risk assessment considers threats, vulnerabilities, exploitability, likelihood, and magnitude of impact to our operations, assets, individuals and facilities. Risk assessments also consider risk from external parties, including contractors who operate systems on our behalf, individuals who access our systems or data, service providers, and outsourcing entities. Risk assessments play an important role in the control selection processes. As internal and external circumstances change over time, risk identification also captures emerging information security and cyber risks. These and other emerging risks are reported to the Risk Committee of the Board.

Identified risks are recorded in the Group risk register and categorized, using the NIST security control family taxonomy to categorize and aggregate risk information. Once identified, all key information security and cyber risks are assessed to form the basis for determining how risks should be managed. After information security and cyber controls are implemented, they are regularly monitored and evaluated to determine whether the controls are implemented correctly, operate as intended, produce the desired outcome, and continue to comply with laws, regulations and contractual requirements. Monitoring helps to maintain a dynamic understanding of the Group’s risk profile and identify control deficiencies which require remediation actions.

As part of our risk management process, we conduct application security assessments, vulnerability management, penetration testing, employee phishing testing, security audits, and ongoing risk assessments. We also maintain a variety of incident response plans that are utilized when incidents are detected. We require employees with access to information systems, including all employees, to undertake data protection and cybersecurity training and compliance programs annually.

Where possible, with respect to our cyber risk management processes, controls are implemented with a corresponding performance scale which is used as the basis for establishing monitoring via Key Risk Indicators (“KRIs”). KRIs are measured against the acceptable level of variance in performance relative to the achievement of control objectives and indicate whether controls are adequately addressing risk and whether risks are changing over time. KRIs that fall outside of pre-established thresholds trigger a more thorough management review and assessment, and where appropriate, any necessary adjustments to controls. Control deficiencies that result in exposures that exceed tolerance will be subject to a monitored mitigation plan with an agreed timeline to reduce residual risk to within the tolerance; and included in risk reporting. In such a case, the risk is implicitly temporarily accepted while mitigation actions progress. The development and ownership of an appropriate response is determined by relevant first line stakeholders in consultation with the Group Chief Information Security Officer (“CISO”). The action plan should be proportionate to the level of exposure and include defined actions aligned to the underlying causes.

In some cases, it might be determined that the exposure exceeds risk tolerance and cannot be brought within acceptable levels through any combination of mitigation or risk transfer. In this case, the applicable business function owner will consult with the CISO to determine the best course of action (e.g., through risk avoidance, an exception process, or increased security requirements for the relevant system/process). Exceptions and risk avoidance circumstances should be rare and will be recorded and reported to the Group Executive Committee. Notably, risk avoidance is not the same as ignoring a risk. See "Risk Factors - A failure in our data security and/or technology systems or infrastructure or those of third parties, including those caused by security breaches or cyber-attacks could disrupt our business, damage our reputation and cause losses."

In the normal course, we engage assessors, consultants and other third parties to assist in various cyber-related matters. These engagements cover a range of risk mitigation activities such as threat detection, penetration testing and red/purple team cyber-attack simulations.

We have implemented processes to identify and manage risks from cybersecurity threats associated with our use of such third-party service providers, including in relation to information security, particularly for personal information. These controls include contractual requirements to meet certain information security and testing requirements, alongside ongoing oversight procedures.

Cybersecurity Risk Management Processes Integrated [Flag]

true

Cybersecurity Risk Management Processes Integrated [Text Block]

Cybersecurity Risk Management Third Party Engaged [Flag]

true

Cybersecurity Risk Third Party Oversight and Identification Processes [Flag]

true

Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag]

false

Cybersecurity Risk Board of Directors Oversight [Text Block]

Management has responsibility to manage risk and bring to the Board’s attention the most material near-term and long-term risks to the Company. The Company’s CISO leads management’s assessment and management of cybersecurity risk and is responsible for defining the Framework, and for establishing and maintaining security policies, standards and guidelines for group-wide applicability. Our Company CISO has extensive experience in IT and cybersecurity in particular, spanning over 25 years within multiple industries, including financial services and insurance, including CISO roles at PE owned companies. The CISO reports to the Chief Information Officer, who reports to the Group Chief Operating Officer, who in turn reports directly to the Company’s Group Chief Executive Officer.

The Board is actively engaged in overseeing and reviewing the Company’s strategic direction and objectives, taking into account, among other considerations, the Company’s risk profile and related exposures, as part of this oversight the Board has delegated certain of these responsibilities to committees of the Board. The Risk Committee reviews, on behalf of the Board, at least once annually, the Group’s cybersecurity program, its effectiveness, related exposures and risks, including actions underway or planned to reduce these risks. This review and oversight may generally encompass data breach risk; cyber prevention and detection controls; privacy matters; incident response plan; third-party cyber risk; cyber trends and events; and other cyber topics determined jointly by management and the Risk Committee. In carrying out this role, the Risk Committee takes into account the relevant work of the CISO. The CISO presents to the Risk Committee at least once annually, and the Board receives updates on operational risks, including cybersecurity matters, at its regular quarterly meetings from the Group Chief Operating Officer, alongside second-line oversight updates from the Group Chief Risk Officer. The Internal Audit function also provides third-line oversight of cyber risk elements through periodic testing of our cyber procedures, the results of which are reported to the Risk Committee and subsidiary boards of directors as appropriate.

On the recommendation of the Risk Committee, the Board reviews and approves the Group Information Security and Risk Management Policy on an annual basis and oversees our annual enterprise risk assessment on at least an annual basis to assess key risks within the business, including security and technology risks and cybersecurity threats.

Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block]

Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block]

The CISO presents to the Risk Committee at least once annually, and the Board receives updates on operational risks, including cybersecurity matters, at its regular quarterly meetings from the Group Chief Operating Officer, alongside second-line oversight updates from the Group Chief Risk Officer. The Internal Audit function also provides third-line oversight of cyber risk elements through periodic testing of our cyber procedures, the results of which are reported to the Risk Committee and subsidiary boards of directors as appropriate.

Cybersecurity Risk Role of Management [Text Block]

Cybersecurity Risk Management Positions or Committees Responsible [Flag]

true

Cybersecurity Risk Management Positions or Committees Responsible [Text Block]

The Risk Committee reviews, on behalf of the Board, at least once annually, the Group’s cybersecurity program, its effectiveness, related exposures and risks, including actions underway or planned to reduce these risks. This review and oversight may generally encompass data breach risk; cyber prevention and detection controls; privacy matters; incident response plan; third-party cyber risk; cyber trends and events; and other cyber topics determined jointly by management and the Risk Committee. In carrying out this role, the Risk Committee takes into account the relevant work of the CISO. The CISO presents to the Risk Committee at least once annually, and the Board receives updates on operational risks, including cybersecurity matters, at its regular quarterly meetings from the Group Chief Operating Officer, alongside second-line oversight updates from the Group Chief Risk Officer. The Internal Audit function also provides third-line oversight of cyber risk elements through periodic testing of our cyber procedures, the results of which are reported to the Risk Committee and subsidiary boards of directors as appropriate.

Cybersecurity Risk Management Expertise of Management Responsible [Text Block]

Our Company CISO has extensive experience in IT and cybersecurity in particular, spanning over 25 years within multiple industries, including financial services and insurance, including CISO roles at PE owned companies.

Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block]

Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag]

true