|
Cybersecurity Risk Management and Strategy Disclosure
|12 Months Ended
Dec. 31, 2024
|Cybersecurity Risk Management, Strategy, and Governance [Line Items]
|Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]
|
Cybersecurity Risk Management and Strategy
As a financial institution, the Company’s business depends on the continuous operation of its information and data processing systems and the security of information received from customers, employees and others. The Company has developed and implemented a cybersecurity program intended to protect the reliability of its critical systems and the confidentiality of nonpublic information.
The Company has designed and assess its cybersecurity program based on the National Institute of Standards and Technology Cybersecurity Framework (“NIST CSF”) and the guidance of banking and other regulatory agencies. The Company’s information security team has primary responsibility for overall cybersecurity risk management program. The Company’s cybersecurity professionals are led by the Information Security Officer, who has over 23 years of experience in the information technology field, including over 3 years of experience focusing solely on the cybersecurity space. The Information Security Officer has Security+ and Network+ certifications and is currently working on obtaining CISSP. The Company’s cybersecurity risk management is integrated as part of its overall risk management program, and the Company’s Chief Risk Officer and Information Security Officer, in conjunction with Chief Information Officer, work together to develop and maintain the cybersecurity program.
In addition to its own employees, the Company engages third party service providers to provide security products and services as needed, using their expertise to evaluate and enhance its cybersecurity program and to inform employees regarding evolving threats, risks and defensive measures. Generally, these third party service providers are managed by the Information Security Officer and Chief Information Officer.
Features of the cybersecurity risk management program include:
•Technology solutions designed to prevent, detect and mitigate cybersecurity incidents.
•Review, testing and assessments of the Company’s cybersecurity systems, both internal and using third party service providers with cybersecurity expertise.
•Required cybersecurity training for employees to learn about data security, how to identify and mitigate potential cybersecurity risks and how to protect our resources and information.
•Specialized security training for members of the risk management, cybersecurity and technology teams that includes information about evolving cybersecurity threats and new risk mitigation and detection technologies.
•Processes to assess, identify and manage the material risks from cybersecurity threats include the risks arising from threats associated with third-party service providers, including technology providers and cloud-based platforms.
•A cybersecurity incident response plan that includes procedures for responding to cybersecurity incidents and facilitates coordination and communication across multiple parts of the Company.
•On-going assessment of the adequacy of the cybersecurity program.
Like all financial institutions, the Company faces ongoing risks from certain cybersecurity threats that, if realized, are reasonably likely to materially affect its business, results of operations, or financial condition. See Item 1A – Risk Factors – “Risk Related to our Business – System failure or breaches of our network security could subject us to increased operating costs as well as litigation and other liabilities.,” above.
|Cybersecurity Risk Management Processes Integrated [Flag]
|true
|Cybersecurity Risk Management Processes Integrated [Text Block]
|The Information Security Officer has Security+ and Network+ certifications and is currently working on obtaining CISSP. The Company’s cybersecurity risk management is integrated as part of its overall risk management program, and the Company’s Chief Risk Officer and Information Security Officer, in conjunction with Chief Information Officer, work together to develop and maintain the cybersecurity program.
|Cybersecurity Risk Management Third Party Engaged [Flag]
|true
|Cybersecurity Risk Third Party Oversight and Identification Processes [Flag]
|true
|Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag]
|true
|Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Text Block]
|Like all financial institutions, the Company faces ongoing risks from certain cybersecurity threats that, if realized, are reasonably likely to materially affect its business, results of operations, or financial condition.
|Cybersecurity Risk Board of Directors Oversight [Text Block]
|The Company’s Board of Directors and its Risk and Compliance Committee are responsible for overseeing the Company’s cybersecurity program and polices. The Company’s management, led by the Chief Risk Officer and Information Security Officer in conjunction with Chief Information Officer, is responsible for designing and implementing the program. The Chief Risk Officer and Information Security Officer regularly report to the Risk and Compliance Committee regarding management’s implementation of the cybersecurity program, cybersecurity risks and threat, assessments of the Company’s cybersecurity systems and the planning and status of projects to strength the Company’s information security. The Company’s cybersecurity incident response plan requires that management promptly advise of the Risk and Compliance Committee of any material cybersecurity incident. The Chair of the Risk and Compliance Committee regularly reports to the Board on cybersecurity risks and other matters reviewed by the Committee. Board members may attend Risk and Compliance Committee meetings where cybersecurity issues are discussed and have access to the materials for each Risk and Compliance Committee meeting.
|Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block]
|The Company’s Board of Directors and its Risk and Compliance Committee are responsible for overseeing the Company’s cybersecurity program and polices. The Company’s management, led by the Chief Risk Officer and Information Security Officer in conjunction with Chief Information Officer, is responsible for designing and implementing the program. The Chief Risk Officer and Information Security Officer regularly report to the Risk and Compliance Committee regarding management’s implementation of the cybersecurity program, cybersecurity risks and threat, assessments of the Company’s cybersecurity systems and the planning and status of projects to strength the Company’s information security. The Company’s cybersecurity incident response plan requires that management promptly advise of the Risk and Compliance Committee of any material cybersecurity incident. The Chair of the Risk and Compliance Committee regularly reports to the Board on cybersecurity risks and other matters reviewed by the Committee. Board members may attend Risk and Compliance Committee meetings where cybersecurity issues are discussed and have access to the materials for each Risk and Compliance Committee meeting.
|Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block]
|The Company’s cybersecurity incident response plan requires that management promptly advise of the Risk and Compliance Committee of any material cybersecurity incident
|Cybersecurity Risk Role of Management [Text Block]
|The Company’s cybersecurity professionals are led by the Information Security Officer, who has over 23 years of experience in the information technology field, including over 3 years of experience focusing solely on the cybersecurity space. The Information Security Officer has Security+ and Network+ certifications and is currently working on obtaining CISSP. The Company’s cybersecurity risk management is integrated as part of its overall risk management program, and the Company’s Chief Risk Officer and Information Security Officer, in conjunction with Chief Information Officer, work together to develop and maintain the cybersecurity program.
In addition to its own employees, the Company engages third party service providers to provide security products and services as needed, using their expertise to evaluate and enhance its cybersecurity program and to inform employees regarding evolving threats, risks and defensive measures. Generally, these third party service providers are managed by the Information Security Officer and Chief Information Officer.
Features of the cybersecurity risk management program include:
•Technology solutions designed to prevent, detect and mitigate cybersecurity incidents.
•Review, testing and assessments of the Company’s cybersecurity systems, both internal and using third party service providers with cybersecurity expertise.
•Required cybersecurity training for employees to learn about data security, how to identify and mitigate potential cybersecurity risks and how to protect our resources and information.
•Specialized security training for members of the risk management, cybersecurity and technology teams that includes information about evolving cybersecurity threats and new risk mitigation and detection technologies.
•Processes to assess, identify and manage the material risks from cybersecurity threats include the risks arising from threats associated with third-party service providers, including technology providers and cloud-based platforms.
•A cybersecurity incident response plan that includes procedures for responding to cybersecurity incidents and facilitates coordination and communication across multiple parts of the Company.
•On-going assessment of the adequacy of the cybersecurity program.
|Cybersecurity Risk Management Positions or Committees Responsible [Flag]
|true
|Cybersecurity Risk Management Positions or Committees Responsible [Text Block]
|The Company’s Board of Directors and its Risk and Compliance Committee are responsible for overseeing the Company’s cybersecurity program and polices.
|Cybersecurity Risk Management Expertise of Management Responsible [Text Block]
|The Company’s cybersecurity professionals are led by the Information Security Officer, who has over 23 years of experience in the information technology field, including over 3 years of experience focusing solely on the cybersecurity space. The Information Security Officer has Security+ and Network+ certifications and is currently working on obtaining CISSP.
|Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block]
|The Chief Risk Officer and Information Security Officer regularly report to the Risk and Compliance Committee regarding management’s implementation of the cybersecurity program, cybersecurity risks and threat, assessments of the Company’s cybersecurity systems and the planning and status of projects to strength the Company’s information security. The Company’s cybersecurity incident response plan requires that management promptly advise of the Risk and Compliance Committee of any material cybersecurity incident. The Chair of the Risk and Compliance Committee regularly reports to the Board on cybersecurity risks and other matters reviewed by the Committee. Board members may attend Risk and Compliance Committee meetings where cybersecurity issues are discussed and have access to the materials for each Risk and Compliance Committee meeting.
|Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag]
|true
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef