XML 53 R31.htm IDEA: XBRL DOCUMENT v3.25.2
Cybersecurity Risk Management and Strategy Disclosure
 12 Months Ended
Jun. 30, 2025
Cybersecurity Risk Management, Strategy, and Governance [Line Items]  
Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]

Managing technology risks, including cybersecurity risks, is a fundamental part of the Corporation’s risk management framework and processes. The Corporation employs a variety of processes, risk assessments, and controls to assess, identify, and manage these risks. This includes estimating the likelihood and potential impact of cybersecurity incidents. To manage these risks, the Corporation designs, documents, and implements controls, which are then tested through compliance assessments and internal and external audits. In some cases, the Corporation also transfers risk, either wholly or partially, through insurance and other methods. When an incident occurs, the Corporation responds by remediating the incident while complying with regulatory obligations, and then evaluates the remediation’s effectiveness. Communication about risk management matters is conducted through documented policies and procedures, management and Board committee reporting, and employee training and communications. For a detailed description of how cybersecurity risks may materially affect the Corporation’s business strategy or results, see "Item 1A. Risk Factors.”

Additionally, the Corporation engages third-party experts as needed to assess, manage, and respond to cybersecurity risks through various methods, including risk assessments, IT audits based on different frameworks, penetration and vulnerability testing, social engineering, incident response, threat intelligence, education, and managed security services.The Corporation also monitors risks from third parties, such as service providers, through efforts like monitoring, information sharing, risk assessments, audits, contractual due diligence, and adherence to third-party security standards.
Cybersecurity Risk Management Processes Integrated [Flag] true
Cybersecurity Risk Management Processes Integrated [Text Block]

Managing technology risks, including cybersecurity risks, is a fundamental part of the Corporation’s risk management framework and processes. The Corporation employs a variety of processes, risk assessments, and controls to assess, identify, and manage these risks. This includes estimating the likelihood and potential impact of cybersecurity incidents. To manage these risks, the Corporation designs, documents, and implements controls, which are then tested through compliance assessments and internal and external audits. In some cases, the Corporation also transfers risk, either wholly or partially, through insurance and other methods. When an incident occurs, the Corporation responds by remediating the incident while complying with regulatory obligations, and then evaluates the remediation’s effectiveness. Communication about risk management matters is conducted through documented policies and procedures, management and Board committee reporting, and employee training and communications. For a detailed description of how cybersecurity risks may materially affect the Corporation’s business strategy or results, see "Item 1A. Risk Factors.”

Additionally, the Corporation engages third-party experts as needed to assess, manage, and respond to cybersecurity risks through various methods, including risk assessments, IT audits based on different frameworks, penetration and vulnerability testing, social engineering, incident response, threat intelligence, education, and managed security services.The Corporation also monitors risks from third parties, such as service providers, through efforts like monitoring, information sharing, risk assessments, audits, contractual due diligence, and adherence to third-party security standards
Cybersecurity Risk Management Third Party Engaged [Flag] true
Cybersecurity Risk Third Party Oversight and Identification Processes [Flag] true
Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag] false
Cybersecurity Risk Board of Directors Oversight [Text Block]

The Corporation’s Board of Directors, including the Audit Committee, oversees all risk management policies, procedures, and practices, including those related to cybersecurity. Senior management generally reports quarterly, or more frequently as necessary, to the Enterprise Risk Committee on technology risks, including those from cybersecurity threats. The Board’s Audit Committee and the Board of Directors receive these reports as part of their risk management oversight responsibilities. Board members have direct access to senior management and other relevant personnel and may direct questions and request further information as needed to fulfill their oversight responsibilities.
Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block] Audit Committee
Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block] Board’s Audit Committee and the Board of Directors receive these reports as part of their risk management oversight responsibilities.
Cybersecurity Risk Role of Management [Text Block]

The Corporation’s information technology risk management department consists of professionals with experience and expertise in cybersecurity, including specialists in identity and access management, cyber defense operations, security engineering, and information technology governance, risk, and compliance. This department is led by the Chief Information Officer (“CIO”), who has a bachelor of science in information technology and many certifications such as Certified Information Systems Security Professional, Certified Cloud Security Professional and Certified Information Privacy Professional, and the Information Security Officer (“ISO”), who has a bachelor of science in computer science and has over 19 years of experience in cybersecurity risk management. The ISO reports to the CIO, and the CIO reports directly to the President and Chief Executive Officer. Additionally, the Corporation engages third-party experts as needed to assess, manage, and respond to cybersecurity risks through various methods, including risk assessments, IT audits based on different frameworks, penetration and vulnerability testing, social engineering, incident response, threat intelligence, education, and managed security services.

Senior management governs risk management and is informed about and monitors the prevention, detection, mitigation, and mediation of cybersecurity incidents. This is facilitated through working review committees, on which the ISO and/or CIO serve. These committees receive risk management reports appropriate to their scope of review, covering assessment results, risk ratings, and critical issues. They report significant matters to enterprise-wide risk committees, which oversee the broader scope of risk management for the enterprise. Through these efforts, senior management makes decisions and sets priorities for allocating resources to address risk management issues.
Cybersecurity Risk Management Positions or Committees Responsible [Flag] true
Cybersecurity Risk Management Positions or Committees Responsible [Text Block] the Information Security Officer (“ISO”)
Cybersecurity Risk Management Expertise of Management Responsible [Text Block] The Corporation’s information technology risk management department consists of professionals with experience and expertise in cybersecurity, including specialists in identity and access management, cyber defense operations, security engineering, and information technology governance, risk, and compliance. This department is led by the Chief Information Officer (“CIO”), who has a bachelor of science in information technology and many certifications such as Certified Information Systems Security Professional, Certified Cloud Security Professional and Certified Information Privacy Professional, and the Information Security Officer (“ISO”), who has a bachelor of science in computer science and has over 19 years of experience in cybersecurity risk management.
Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block] Senior management governs risk management and is informed about and monitors the prevention, detection, mitigation, and mediation of cybersecurity incidents. This is facilitated through working review committees, on which the ISO and/or CIO serve. These committees receive risk management reports appropriate to their scope of review, covering assessment results, risk ratings, and critical issues. They report significant matters to enterprise-wide risk committees, which oversee the broader scope of risk management for the enterprise. Through these efforts, senior management makes decisions and sets priorities for allocating resources to address risk management issues.
Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag] true