Cybersecurity Risk Management and Strategy Disclosure |
12 Months Ended |
|---|---|
Dec. 31, 2024 | |
| Cybersecurity Risk Management, Strategy, and Governance [Line Items] | |
| Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block] |
Gulfport increasingly relies on digital technology to optimize our business. As our reliance on technology expands, we are exposed to additional cyber-risks, which we focus on assessing, identifying, and managing. These risks include, but are not limited to: financial risks, operational risks, safety concerns, employee and owner personal information and violation of data privacy or security laws.
Managing Material Risks & Integrated Overall Risk Management
We take an integrated approach to assessing and identifying cybersecurity risks and threats. At the corporate level, cybersecurity is identified as a key risk within our Enterprise Risk Management (ERM) program. Our management of cyber risk is based on the National Institute of Standards and Technology’s (NIST) cybersecurity framework. While the NIST cybersecurity framework is our foundation, we combine that with the Center for Internet Security’s (CIS) control framework.
We utilize a defense-in-depth approach, layering security starting with cloud-based tools through our perimeter all the way to the client and server end points with End Point Detection and Response solutions. We continue to invest and align advances in technology to strengthen our security posture. This year we implemented tools that provide additional visibility into lateral movement, enhancements for multifactor authentication, and patching of servers. Cyber risks and incidents are categorized by severity, evaluated for materiality, responded to based on defined incident response playbooks and then remediated accordingly. We perform organized tabletop exercises to test these practices and identify areas where opportunities for improvement can occur.
We acknowledge that—even with advanced security tools—we are only as strong as the people that use our technology. That is why we design phishing simulations and require multiple security trainings for every employee annually. Our partnerships with law enforcement, the Oil and Natural Gas Information Sharing Center and our third party partners continually mature our cyber program as threats evolve.
Engaging Third Parties on Risk Management
Recognizing the complexity and evolving nature of cybersecurity risk, we leverage strategic external partnerships to assess and mitigate cybersecurity threats to us. For example, in addition to our security analysts, we partner with third parties that provide 24/7 security operations monitoring, enhancing our response time. We are also audited by third parties for compliance with information security standards and assess vulnerabilities annually, providing additional expertise that strengthens our security posture.
Managing Third Party Risk
We also recognize the risks associated with the use of vendors, service providers and other third parties that provide information system services to us, process information on our behalf, or have access to our information systems, and we have processes in place to oversee and manage these risks. We maintain ongoing monitoring to ensure compliance with our cybersecurity standards.
Risks from Cybersecurity Incidents As of December 31, 2024, and for the past five years, we have identified no security incidents or breaches that are material, or likely to be material, to our business strategy, results or financial condition.
|
| Cybersecurity Risk Management Processes Integrated [Flag] | true |
| Cybersecurity Risk Management Processes Integrated [Text Block] |
Gulfport increasingly relies on digital technology to optimize our business. As our reliance on technology expands, we are exposed to additional cyber-risks, which we focus on assessing, identifying, and managing. These risks include, but are not limited to: financial risks, operational risks, safety concerns, employee and owner personal information and violation of data privacy or security laws.
|
| Cybersecurity Risk Management Third Party Engaged [Flag] | true |
| Cybersecurity Risk Third Party Oversight and Identification Processes [Flag] | true |
| Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag] | false |
| Cybersecurity Risk Board of Directors Oversight [Text Block] |
We involve multiple levels of oversight as a part of our approach to cybersecurity risk management.
|
| Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block] |
Board of Director Oversight The Audit Committee receives a detailed cybersecurity update annually from the Chief Information Officer and receives a cybersecurity update quarterly through the ERM program as a key risk.
|
| Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block] | The Audit Committee receives a detailed cybersecurity update annually from the Chief Information Officer and receives a cybersecurity update quarterly through the ERM program as a key risk. |
| Cybersecurity Risk Role of Management [Text Block] | Our current CIO has 20 years of industry experience and over 10 years of experience with the development, training and controls of effective global enterprise cybersecurity programs. The CIO’s responsibilities include but are not limited to: (i) reviewing our enterprise risk register and functional risk register; (ii) maintaining adequate processes to manage the identified risks under our cybersecurity program; (iii) analyzing logs of cybersecurity threats and vulnerabilities; (iv) overseeing prevention, detection, mitigation and remediation efforts; and (v) developing, maintaining, and ensuring team familiarity with the above‑mentioned incident response plan. Additionally, we maintain an experienced information technology team at the employee level that supports our Chief Information Officer in implementing our cybersecurity program and internal reporting, security and mitigation functions. |
| Cybersecurity Risk Management Positions or Committees Responsible [Flag] | true |
| Cybersecurity Risk Management Positions or Committees Responsible [Text Block] |
We involve multiple levels of oversight as a part of our approach to cybersecurity risk management.
Risk Management Personnel
Cybersecurity remains a top identified enterprise-wide risk for our business and is overseen by our Chief Information Officer who is responsible for identifying and mitigating information security risks. Our current CIO has 20 years of industry experience and over 10 years of experience with the development, training and controls of effective global enterprise cybersecurity programs. The CIO’s responsibilities include but are not limited to: (i) reviewing our enterprise risk register and functional risk register; (ii) maintaining adequate processes to manage the identified risks under our cybersecurity program; (iii) analyzing logs of cybersecurity threats and vulnerabilities; (iv) overseeing prevention, detection, mitigation and remediation efforts; and (v) developing, maintaining, and ensuring team familiarity with the above‑mentioned incident response plan. Additionally, we maintain an experienced information technology team at the employee level that supports our Chief Information Officer in implementing our cybersecurity program and internal reporting, security and mitigation functions.
Board of Director Oversight The Audit Committee receives a detailed cybersecurity update annually from the Chief Information Officer and receives a cybersecurity update quarterly through the ERM program as a key risk.
|
| Cybersecurity Risk Management Expertise of Management Responsible [Text Block] | Our current CIO has 20 years of industry experience and over 10 years of experience with the development, training and controls of effective global enterprise cybersecurity programs. |
| Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block] | The Audit Committee receives a detailed cybersecurity update annually from the Chief Information Officer and receives a cybersecurity update quarterly through the ERM program as a key risk. |
| Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag] | true |