|
Cybersecurity Risk Management and Strategy Disclosure
|12 Months Ended
Dec. 31, 2024
|Cybersecurity Risk Management, Strategy, and Governance [Line Items]
|Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]
|
The Company recognizes cybersecurity as a critical risk to its operations and the management of this risk is a top priority. We are committed to protecting the confidentiality, integrity, and availability of our customer information, information systems, data, and assets from unauthorized access, use, disclosure, disruption, modification, or destruction. The Company adheres to cybersecurity industry best practices such as the National Institute of Standards and Technology cybersecurity framework and Federal Financial Institutions Examinations Council ("FFIEC") guidance. The Company conducted a NIST cybersecurity framework version 1 to version 2 gap analysis and is in the process of updating controls to adhere to the newest version. Company management has integrated its processes for assessing, identifying, and managing material risks from cybersecurity threats into the Company’s overall risk management program, including regularly conducting risk assessments and gap analyses in order to identify and prioritize cybersecurity threats and vulnerabilities across our entire digital estate which is comprised of our IT infrastructure as well cloud-based applications and storage. These assessments consider industry best practices, evolving threats, and the specific needs of our business.
The Company implements a defense in depth, or layered, approach to security controls, including network security, intrusion detection and prevention, anomaly detection, endpoint security, data encryption, identity and access management, and security awareness training. Staff evaluate and update our controls on an ongoing basis to address emerging threats. We have a documented incident response plan in place to identify, contain, and remediate cybersecurity incidents. The plan includes roles and responsibilities for key personnel, communication protocols, and procedures for recovery and notification. We also maintain business continuity, crisis management, and disaster recovery plans to ensure the continued operation of critical business functions in the event of a major disruption, including a cyberattack, which are tested regularly through tabletop exercises, simulations, parallel testing, and functional testing.
The Company adheres to a continuous improvement philosophy in regard to cybersecurity and leverages external experts, consultants, auditors, and assessors on a regular basis to complement the internal staff in identifying and remediating any gaps in the Company’s cybersecurity program.
The Company has a well-defined and mature vendor management program that includes controls to address-party cybersecurity risks throughout the vendor management lifecycle.
The Board has oversight responsibility for enterprise-wide risks, including cybersecurity risks. The Audit Committee, a designated committee of the Board, is responsible for overseeing the Company's cybersecurity risk management program and reviewing its effectiveness. The Information Security Officer ("ISO") is responsible for assessing and managing material risks from cybersecurity threats, with a dedicated staff of internal and external information security professionals. The ISO is a Systems Security Certified Practitioner and Certified Information Systems Security Professional with over 12 years of education, training and experience managing technology and cybersecurity risks, including eight years of experience in the banking industry specifically. The ISO regularly updates executive and senior management, including the Bank's Enterprise Risk Management Committee, as well as the Board Audit Committee on cybersecurity risks and mitigation strategies. The Company has implemented internal controls to address the effectiveness of our cybersecurity program. These controls include risk assessments, vulnerability assessments and scans, periodic audits, and periodic penetration testing.
We are committed to disclosing material cybersecurity incidents to investors and other stakeholders in a timely and transparent manner in compliance with applicable regulations and in keeping with market practices. Management will assess the materiality of a cybersecurity incident based on its potential impact on our financial condition, results of operations, reputation, or ability to meet our business objectives. The Company is not aware of any current cybersecurity threats that are reasonably likely to affect the Company’s business strategy, results of operations or financial condition.
See "We are subject to certain risks in connection with our use of networks and technology systems" in Item 1A. Risk Factors of this Form 10-K for additional information regarding the risks we face from cybersecurity threats.
|Cybersecurity Risk Management Processes Integrated [Flag]
|true
|Cybersecurity Risk Management Processes Integrated [Text Block]
|The Company implements a defense in depth, or layered, approach to security controls, including network security, intrusion detection and prevention, anomaly detection, endpoint security, data encryption, identity and access management, and security awareness training. Staff evaluate and update our controls on an ongoing basis to address emerging threats. We have a documented incident response plan in place to identify, contain, and remediate cybersecurity incidents. The plan includes roles and responsibilities for key personnel, communication protocols, and procedures for recovery and notification. We also maintain business continuity, crisis management, and disaster recovery plans to ensure the continued operation of critical business functions in the event of a major disruption, including a cyberattack, which are tested regularly through tabletop exercises, simulations, parallel testing, and functional testing.
|Cybersecurity Risk Management Third Party Engaged [Flag]
|true
|Cybersecurity Risk Third Party Oversight and Identification Processes [Flag]
|true
|Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag]
|false
|Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Text Block]
|We are committed to disclosing material cybersecurity incidents to investors and other stakeholders in a timely and transparent manner in compliance with applicable regulations and in keeping with market practices. Management will assess the materiality of a cybersecurity incident based on its potential impact on our financial condition, results of operations, reputation, or ability to meet our business objectives. The Company is not aware of any current cybersecurity threats that are reasonably likely to affect the Company’s business strategy, results of operations or financial condition.
|Cybersecurity Risk Management Positions or Committees Responsible [Flag]
|true
|Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block]
|The Board has oversight responsibility for enterprise-wide risks, including cybersecurity risks. The Audit Committee, a designated committee of the Board, is responsible for overseeing the Company's cybersecurity risk management program and reviewing its effectiveness. The Information Security Officer ("ISO") is responsible for assessing and managing material risks from cybersecurity threats, with a dedicated staff of internal and external information security professionals. The ISO is a Systems Security Certified Practitioner and Certified Information Systems Security Professional with over 12 years of education, training and experience managing technology and cybersecurity risks, including eight years of experience in the banking industry specifically. The ISO regularly updates executive and senior management, including the Bank's Enterprise Risk Management Committee, as well as the Board Audit Committee on cybersecurity risks and mitigation strategies. The Company has implemented internal controls to address the effectiveness of our cybersecurity program. These controls include risk assessments, vulnerability assessments and scans, periodic audits, and periodic penetration testing.
|Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag]
|true
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef