|
Cybersecurity Risk Management and Strategy Disclosure
|12 Months Ended
Dec. 31, 2024
|Cybersecurity Risk Management, Strategy, and Governance [Line Items]
|Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]
|
Risk Management and Strategy
BancPlus’ cybersecurity program is integrated into its overall enterprise-wide risk management program and based on guidance established by the National Institute of Standards and Technology (“NIST”), the Federal Financial Institutions Examination Council (“FFIEC”) and other applicable regulatory standards, as described below.
Collaboration
BancPlus’ cybersecurity program seeks to address cybersecurity risks through a cross-functional approach that is focused on confidentiality, security, and availability of the information that the Company collects and stores by identifying and mitigating cybersecurity threats and effectively responding to cyber threats when they occur. BancPlus’ cybersecurity program is primarily administered at the management level by the Cybersecurity Committee, which is led by BancPlus’ Chief Information Security Officer (“CISO”) with other members of executive management serving as members. The Cybersecurity Committee is a cross-functional governing body that drives alignment on security decisions across the Company. The Cybersecurity Committee meets regularly to develop strategies for preserving the confidentiality, integrity and availability of Company and customer information, identifying and mitigating cybersecurity threats, and effectively responding to cybersecurity incidents. The cybersecurity program includes controls and procedures that are designed to ensure prompt escalation of appropriate cybersecurity incidents so that decisions regarding public disclosure and reporting of such incidents can be made by management and the BancPlus board of directors in a timely manner.
Risk Assessment
The Cybersecurity Committee, described below, meets as needed, but at least monthly, to review security performance metrics, identify security risks, and assess the status of approved security enhancements. The Cybersecurity Committee also considers and makes recommendations to the BancPlus board of directors on the Company’s cybersecurity program, including security policies and procedures, security service requirements, and risk mitigation strategies. At least annually, the Cybersecurity Committee conducts a cybersecurity risk assessment that considers information from internal stakeholders, known information security vulnerabilities, and information from external sources (e.g., reported security incidents that have impacted other companies, industry trends, and evaluations by third parties and consultants). The results of the assessment are used to drive alignment on, and prioritization of, initiatives to enhance the Company’s cybersecurity program, including security controls, make recommendations to improve processes, and inform a broader enterprise-level risk assessment that is presented to the Risk Committee of the BancPlus board of directors and members of management.
Technical Safeguards
As part of the Company’s cybersecurity program, BancPlus regularly assess and deploy technical safeguards designed to protect the Company’s information systems from cybersecurity threats. Such safeguards are regularly evaluated and improved based on vulnerability assessments, cybersecurity threat intelligence, and incident response experience. In the event of a cybersecurity incident, the CISO will notify the Cybersecurity Committee.
Incident Response and Recovery Planning
As part of its cybersecurity program, BancPlus has established comprehensive incident response and recovery plans in the case of a cybersecurity incident and continues to regularly test and evaluate the effectiveness of those plans. The Company’s incident response and recovery plans address and guide its employees, management, and the BancPlus board of directors on responses to a cybersecurity incident.
Third-Party Risk Management
BancPlus engages third party assessors, consultants and auditors in connection with the Company’s information security program, including to conduct external penetration testing, independent audits, and risk assessments. BancPlus also utilizes third party service providers in the ordinary course of business. The Company has implemented controls designed to identify and mitigate cybersecurity threats associated with its use of third-party service providers. Such providers are subject to security risk assessments at the time of onboarding, contract renewal, and upon detection of an increase in risk profile. The Company uses a variety of inputs in such risk assessments, including information supplied by providers and third parties who assist in such risk assessment. In addition, the Company requires its providers to meet appropriate security requirements, controls, and responsibilities and investigate security incidents that have impacted the Company’s third-party providers, as appropriate.
|Cybersecurity Risk Management Processes Integrated [Flag]
|true
|Cybersecurity Risk Management Processes Integrated [Text Block]
|BancPlus’ cybersecurity program is integrated into its overall enterprise-wide risk management program and based on guidance established by the National Institute of Standards and Technology (“NIST”), the Federal Financial Institutions Examination Council (“FFIEC”) and other applicable regulatory standards, as described below.
|Cybersecurity Risk Management Third Party Engaged [Flag]
|true
|Cybersecurity Risk Third Party Oversight and Identification Processes [Flag]
|true
|Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag]
|true
|Cybersecurity Risk Board of Directors Oversight [Text Block]
|
Cybersecurity Risk Oversight
The BancPlus board of directors, through the Risk Committee, provides direction and oversight of the enterprise-wide risk management framework of BancPlus. The Risk Committee of the BancPlus board of directors oversees the Company’s cybersecurity program. They receive regular reports from the Cybersecurity Committee about the prevention, detection, mitigation, and remediation of cybersecurity risks, including cybersecurity incidents, information security vulnerabilities, progress of risk reduction initiatives, external auditor feedback, control maturity assessments, and relevant internal and industry cybersecurity incidents. BancPlus’ risk management framework is overseen by the Chief Risk Officer at the management level. BancPlus’ CISO has primary responsibility for assessing and managing material cybersecurity risks and leads management’s Cybersecurity Committee. The CISO’s experience spans over 20 years of cybersecurity operations and management, leading teams in highly regulated industries such as financial services, healthcare, education, and cybersecurity consulting for private and public companies. The CISO holds a Master of Business Administration and has attained a variety of professional certifications such as CISSP, CISM, GLAW, and GSEC, among others. The CISO reports to the Chief Risk Officer. See the section entitled “Business—Enterprise Risk Management” in Part I, Item 1 of this Annual Report on Form 10-K for additional information on the role of the BancPlus board of directors and its committees in overseeing risk management.
|Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block]
|The BancPlus board of directors, through the Risk Committee, provides direction and oversight of the enterprise-wide risk management framework of BancPlus. The Risk Committee of the BancPlus board of directors oversees the Company’s cybersecurity program.
|Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block]
|The Risk Committee of the BancPlus board of directors oversees the Company’s cybersecurity program. They receive regular reports from the Cybersecurity Committee about the prevention, detection, mitigation, and remediation of cybersecurity risks, including cybersecurity incidents, information security vulnerabilities, progress of risk reduction initiatives, external auditor feedback, control maturity assessments, and relevant internal and industry cybersecurity incidents.
|Cybersecurity Risk Role of Management [Text Block]
|BancPlus’ risk management framework is overseen by the Chief Risk Officer at the management level. BancPlus’ CISO has primary responsibility for assessing and managing material cybersecurity risks and leads management’s Cybersecurity Committee. The CISO’s experience spans over 20 years of cybersecurity operations and management, leading teams in highly regulated industries such as financial services, healthcare, education, and cybersecurity consulting for private and public companies.
|Cybersecurity Risk Management Positions or Committees Responsible [Flag]
|true
|Cybersecurity Risk Management Positions or Committees Responsible [Text Block]
|BancPlus’ CISO has primary responsibility for assessing and managing material cybersecurity risks and leads management’s Cybersecurity Committee
|Cybersecurity Risk Management Expertise of Management Responsible [Text Block]
|The CISO’s experience spans over 20 years of cybersecurity operations and management, leading teams in highly regulated industries such as financial services, healthcare, education, and cybersecurity consulting for private and public companies.
|Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block]
|BancPlus’ CISO has primary responsibility for assessing and managing material cybersecurity risks and leads management’s Cybersecurity Committee.
|Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag]
|true
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef