|
Cybersecurity Risk Management and Strategy Disclosure
|12 Months Ended
Dec. 31, 2024
|Cybersecurity Risk Management, Strategy, and Governance [Line Items]
|Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]
|
Cybersecurity Risk Management and Strategy
Our cybersecurity risk management program is an integrated component of the Enterprise Risk Management strategy designed to protect the confidentiality, integrity and availability of our critical systems and information.
We design and evaluate our program based on industry recognized standards such as the National Institute of Standards and Technology Cybersecurity Framework and the Center for Internet Security Controls. This does not imply that we meet any particular technical standards, specifications, or requirements, but rather that we use these standards as a guide to help us identify, assess, and manage cybersecurity risks relevant to our business.
Our cybersecurity risk management program is closely aligned with the Company’s business strategy. It shares common methodologies, reporting channels and governance processes that apply to other areas of enterprise risk, including third-party relationships, legal, compliance, strategic, operational, and financial. Key elements of our enterprise cybersecurity risk management program include:
•implementation of policies and procedures in the areas of Information Security, Business Continuity, Disaster Recovery, Privacy, Third-Party Relationship Risk Management, Risk Management, and Incident Response;
•risk assessments designed to help identify material cybersecurity risks to our critical systems, data, products, services, and our broader enterprise information technology environment;
•an independent second line function, the Information Security Department, which is principally responsible for managing our cybersecurity risk assessment processes, executing our incident response plan, and monitoring of our security controls;
•the use of external service providers, where appropriate, to assess, test and enhance our security controls, including penetration testing, training, and table top exercises;
•a comprehensive employee training and awareness program which includes periodic security assessments to test knowledge and reinforce adoption of security processes and controls that include simulated phishing attacks;
•membership with the Financial Services Information Sharing and Analysis Center (FS-ISAC) and annual participation in the Cyber Attacks against Payment Systems (CAPS) exercises;
•regular reporting of cybersecurity metrics and other risk/threat information matters to both the Management Risk and CIT Committees;
•a cybersecurity incident response plan that includes procedures for responding to cybersecurity incidents; and
•a third-party relationships risk management process for service providers, suppliers and vendors which analyses, monitors, reports, and mitigates cyber risks associated with third-party relationships.
Risks from cybersecurity threats, including any previous cybersecurity events, have not materially affected or are reasonably likely to materially affect the Company, including its business strategy, results of operations, or financial conditions, and any expenses incurred from cybersecurity incidents have been immaterial. For a discussion of whether and how any risks from cybersecurity threats, including as a result of any previous cybersecurity incidents, have materially affected or are reasonably likely to materially affect us, including our business strategy, results of operations or financial condition, refer to Item 1A. Risk Factors – “Risks Related to Operational Matters”.
|Cybersecurity Risk Management Processes Integrated [Flag]
|true
|Cybersecurity Risk Management Processes Integrated [Text Block]
|
Our cybersecurity risk management program is an integrated component of the Enterprise Risk Management strategy designed to protect the confidentiality, integrity and availability of our critical systems and information.
We design and evaluate our program based on industry recognized standards such as the National Institute of Standards and Technology Cybersecurity Framework and the Center for Internet Security Controls. This does not imply that we meet any particular technical standards, specifications, or requirements, but rather that we use these standards as a guide to help us identify, assess, and manage cybersecurity risks relevant to our business.
|Cybersecurity Risk Management Third Party Engaged [Flag]
|true
|Cybersecurity Risk Third Party Oversight and Identification Processes [Flag]
|true
|Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag]
|false
|Cybersecurity Risk Board of Directors Oversight [Text Block]
|
The Board of Directors has established its CIT Committee with specific responsibilities for overseeing the cybersecurity risk management program, among other things. Our Chief Information Security Officer (“CISO”) provides the CIT Committee with periodic reports on cybersecurity risks, threats and any material cybersecurity incidents. The CIT Committee also retains an independent external cybersecurity consultant who attends all CIT Committee meetings and reports directly to the CIT Committee Chair. In addition, the external cyber security consultant provides periodic training to the CIT Committee and to our Board of Directors.
Northfield Bank maintains a comprehensive Information and Cybersecurity Program led by our Chief Risk Officer, the Chief Information Officer, and the CISO. The program is designed to identify and mitigate information security risks, with timely Board oversight. The Chief Risk Officer briefs the Board of Directors on information security matters during every meeting, ensuring that cybersecurity risks and strategies align with Northfield Bank's risk profile.
The Information Security Department is primarily responsible for identifying, assessing and managing material risks from cybersecurity threats and overseeing cybersecurity third-party relationships. The Information Security Department is led by our CISO, who has over 15 years of experience in the cybersecurity space and has obtained professional security certifications and advanced training in the field of cybersecurity and technology. Our CISO and our Chief Information Officer, along with key members of their departments, regularly collaborate with peer institutions, industry groups, policymakers and third-party relationships to discuss cybersecurity trends and issues and identify best practices. The cybersecurity risk management program is periodically reviewed to address changing threats and conditions. Our internal audit team, led by our Chief Internal Auditor, provides independent assurance and evaluation of processes, controls and cybersecurity risk management practices to ensure they are adequate and functioning as intended.
The Information Security Department also monitors the prevention, detection, mitigation, and remediation of cybersecurity risks and incidents through various means, including briefings with internal security personnel, threat intelligence and other information obtained from governmental, public or private sources, including external consultants engaged by us, and alerts and reports produced by security tools deployed in the information technology environment.
|Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block]
|Northfield Bank maintains a comprehensive Information and Cybersecurity Program led by our Chief Risk Officer, the Chief Information Officer, and the CISO. The program is designed to identify and mitigate information security risks, with timely Board oversight. The Chief Risk Officer briefs the Board of Directors on information security matters during every meeting, ensuring that cybersecurity risks and strategies align with Northfield Bank's risk profile.
|Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block]
|The Information Security Department is primarily responsible for identifying, assessing and managing material risks from cybersecurity threats and overseeing cybersecurity third-party relationships
|Cybersecurity Risk Role of Management [Text Block]
|
Northfield Bank maintains a comprehensive Information and Cybersecurity Program led by our Chief Risk Officer, the Chief Information Officer, and the CISO. The program is designed to identify and mitigate information security risks, with timely Board oversight. The Chief Risk Officer briefs the Board of Directors on information security matters during every meeting, ensuring that cybersecurity risks and strategies align with Northfield Bank's risk profile.
The Information Security Department is primarily responsible for identifying, assessing and managing material risks from cybersecurity threats and overseeing cybersecurity third-party relationships. The Information Security Department is led by our CISO, who has over 15 years of experience in the cybersecurity space and has obtained professional security certifications and advanced training in the field of cybersecurity and technology. Our CISO and our Chief Information Officer, along with key members of their departments, regularly collaborate with peer institutions, industry groups, policymakers and third-party relationships to discuss cybersecurity trends and issues and identify best practices. The cybersecurity risk management program is periodically reviewed to address changing threats and conditions. Our internal audit team, led by our Chief Internal Auditor, provides independent assurance and evaluation of processes, controls and cybersecurity risk management practices to ensure they are adequate and functioning as intended.
The Information Security Department also monitors the prevention, detection, mitigation, and remediation of cybersecurity risks and incidents through various means, including briefings with internal security personnel, threat intelligence and other information obtained from governmental, public or private sources, including external consultants engaged by us, and alerts and reports produced by security tools deployed in the information technology environment.
|Cybersecurity Risk Management Positions or Committees Responsible [Flag]
|true
|Cybersecurity Risk Management Positions or Committees Responsible [Text Block]
|Northfield Bank maintains a comprehensive Information and Cybersecurity Program led by our Chief Risk Officer, the Chief Information Officer, and the CISO. The program is designed to identify and mitigate information security risks, with timely Board oversight. The Chief Risk Officer briefs the Board of Directors on information security matters during every meeting, ensuring that cybersecurity risks and strategies align with Northfield Bank's risk profile.
|Cybersecurity Risk Management Expertise of Management Responsible [Text Block]
|The Information Security Department is led by our CISO, who has over 15 years of experience in the cybersecurity space and has obtained professional security certifications and advanced training in the field of cybersecurity and technology
|Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block]
|
Northfield Bank maintains a comprehensive Information and Cybersecurity Program led by our Chief Risk Officer, the Chief Information Officer, and the CISO. The program is designed to identify and mitigate information security risks, with timely Board oversight. The Chief Risk Officer briefs the Board of Directors on information security matters during every meeting, ensuring that cybersecurity risks and strategies align with Northfield Bank's risk profile.
The Information Security Department is primarily responsible for identifying, assessing and managing material risks from cybersecurity threats and overseeing cybersecurity third-party relationships. The Information Security Department is led by our CISO, who has over 15 years of experience in the cybersecurity space and has obtained professional security certifications and advanced training in the field of cybersecurity and technology. Our CISO and our Chief Information Officer, along with key members of their departments, regularly collaborate with peer institutions, industry groups, policymakers and third-party relationships to discuss cybersecurity trends and issues and identify best practices. The cybersecurity risk management program is periodically reviewed to address changing threats and conditions. Our internal audit team, led by our Chief Internal Auditor, provides independent assurance and evaluation of processes, controls and cybersecurity risk management practices to ensure they are adequate and functioning as intended.
|Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag]
|true
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef