|
Cybersecurity Risk Management and Strategy Disclosure
|12 Months Ended
Dec. 31, 2024
|Cybersecurity Risk Management, Strategy, and Governance [Line Items]
|Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]
|
We believe that cybersecurity and the protection of data and customer information in our possession, custody or control is of paramount importance to our business. The Company’s information security program is designed to protect the confidentiality, integrity, and availability of our critical systems and information, including customer information. The program is comprised of policies, procedures, and programs, and is informed by and intended to align with the interagency guidance issued by banking regulators as well as the FFIEC Information Security Booklet and Cybersecurity Assessment Tool (the “Information Security Program”). This does not imply that we meet any particular technical standards, specifications, or requirements, but rather that we use the guidance to help us identify, assess, and manage cybersecurity risks relevant to our business.
Cybersecurity Risk Management and Strategy
Our Information Security Program is integrated into our risk management program and is aligned to the Company’s business strategy and Enterprise Risk Management program. It shares common methodologies, reporting channels and governance processes that apply to other areas of enterprise risk, including legal, compliance, strategic, operational, and financial risk. Key elements of our Information Security Program include:
•risk assessments designed to help identify material cybersecurity risks to our critical systems, information, products, services, and our broader enterprise information technology environment are conducted on at least an annual basis;
•internal testing of our security controls and our response to cybersecurity incidents;
•the use of external service providers, to assess, test or otherwise assist with aspects of our security controls;
•training and awareness programs for all employees that include periodic and ongoing assessments to drive adoption and awareness of cybersecurity processes and controls;
•a cybersecurity incident response plan that includes procedures for responding to cybersecurity incidents;
•maintenance and regular testing of a Business Continuity Plan that includes redundant back-up systems for critical functions;
•a physical security program that is tested regularly;
•obtaining and maintaining cyber insurance; and
•a third-party risk management program for service providers, suppliers, and vendors, that provides for the assessment, monitoring and management of cybersecurity risk presented by the Company’s use of such third parties, as well as contractual protections related to cybersecurity incidents affecting third party vendors and service providers.
The Company engages in a continuous risk monitoring process that seeks to identify the likelihood and impact of internal and external threats to our information security systems and data, and assesses the sufficiency of the controls in place to mitigate these threats to acceptable levels on a risk-based basis. Incidents are reported to and handled under our Incident Response Policy, which designates an incident response team and includes procedures and processes to identify, assess, respond to, mitigate and report on cybersecurity incidents.
The risk and evolving nature of cybersecurity threats, and not a previous cybersecurity incident, has led to the Company to devote significant time and resources to the development and implementation of the Information Security Program described above. Despite our efforts, there can be no assurance that our cybersecurity risk management processes and measures will be fully implemented, complied with, or effective in protecting our systems and information. We face risks from certain cybersecurity threats that, if realized, are reasonably likely to materially affect our business strategy, result of operations or financial condition. Please see Part I, Item 1A Risk Factors for further discussion of the risks associated with an interruption or breach in our information systems or infrastructure.
|Cybersecurity Risk Management Processes Integrated [Flag]
|true
|Cybersecurity Risk Management Processes Integrated [Text Block]
|
Our Information Security Program is integrated into our risk management program and is aligned to the Company’s business strategy and Enterprise Risk Management program. It shares common methodologies, reporting channels and governance processes that apply to other areas of enterprise risk, including legal, compliance, strategic, operational, and financial risk. Key elements of our Information Security Program include:
•risk assessments designed to help identify material cybersecurity risks to our critical systems, information, products, services, and our broader enterprise information technology environment are conducted on at least an annual basis;
•internal testing of our security controls and our response to cybersecurity incidents;
•the use of external service providers, to assess, test or otherwise assist with aspects of our security controls;
•training and awareness programs for all employees that include periodic and ongoing assessments to drive adoption and awareness of cybersecurity processes and controls;
•a cybersecurity incident response plan that includes procedures for responding to cybersecurity incidents;
•maintenance and regular testing of a Business Continuity Plan that includes redundant back-up systems for critical functions;
•a physical security program that is tested regularly;
•obtaining and maintaining cyber insurance; and
•a third-party risk management program for service providers, suppliers, and vendors, that provides for the assessment, monitoring and management of cybersecurity risk presented by the Company’s use of such third parties, as well as contractual protections related to cybersecurity incidents affecting third party vendors and service providers.
The Company engages in a continuous risk monitoring process that seeks to identify the likelihood and impact of internal and external threats to our information security systems and data, and assesses the sufficiency of the controls in place to mitigate these threats to acceptable levels on a risk-based basis. Incidents are reported to and handled under our Incident Response Policy, which designates an incident response team and includes procedures and processes to identify, assess, respond to, mitigate and report on cybersecurity incidents.
|Cybersecurity Risk Management Third Party Engaged [Flag]
|true
|Cybersecurity Risk Third Party Oversight and Identification Processes [Flag]
|true
|Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag]
|false
|Cybersecurity Risk Board of Directors Oversight [Text Block]
|
Our Board of Directors keeps apprised of and oversees technology risk and cybersecurity of the Company. The Board receives updates from the Company’s Information Security Officer (“ISO”) on a quarterly basis and receives cybersecurity training on at least an annual basis. While the entire Board receives reporting and receives training, the Board has delegated certain specific responsibility for overseeing cybersecurity threats, among other things, to its Risk Committee. Our ISO and Chief Risk Officer provide the Risk Committee and the Company’s internal Enterprise Risk Management Committee periodic and as needed reports on our cybersecurity risks and cybersecurity incidents, if any.The Risk Committee and the entire Board review and approve the Company’s information security policies and certain other relevant policies on at least an annual basis. Our ISO, who has over twenty-five years of experience in the system, network, and cybersecurity space, is responsible for overseeing and managing the Information Security Program alongside our Chief Information Officer. The Chief Information Officer serves on the Enterprise Risk Management Committee, which is chaired by our Chief Risk Officer. They are supported by our team of technology professionals, who are responsible for information technology security monitoring and for managing the controls designed to identify, detect, protect against, respond to and recover from cybersecurity threats and cybersecurity incidents.
|Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block]
|
Our Board of Directors keeps apprised of and oversees technology risk and cybersecurity of the Company. The Board receives updates from the Company’s Information Security Officer (“ISO”) on a quarterly basis and receives cybersecurity training on at least an annual basis. While the entire Board receives reporting and receives training, the Board has delegated certain specific responsibility for overseeing cybersecurity threats, among other things, to its Risk Committee. Our ISO and Chief Risk Officer provide the Risk Committee and the Company’s internal Enterprise Risk Management Committee periodic and as needed reports on our cybersecurity risks and cybersecurity incidents, if any.The Risk Committee and the entire Board review and approve the Company’s information security policies and certain other relevant policies on at least an annual basis. Our ISO, who has over twenty-five years of experience in the system, network, and cybersecurity space, is responsible for overseeing and managing the Information Security Program alongside our Chief Information Officer. The Chief Information Officer serves on the Enterprise Risk Management Committee, which is chaired by our Chief Risk Officer. They are supported by our team of technology professionals, who are responsible for information technology security monitoring and for managing the controls designed to identify, detect, protect against, respond to and recover from cybersecurity threats and cybersecurity incidents.
|Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block]
|Our Board of Directors keeps apprised of and oversees technology risk and cybersecurity of the Company. The Board receives updates from the Company’s Information Security Officer (“ISO”) on a quarterly basis and receives cybersecurity training on at least an annual basis. While the entire Board receives reporting and receives training, the Board has delegated certain specific responsibility for overseeing cybersecurity threats, among other things, to its Risk Committee. Our ISO and Chief Risk Officer provide the Risk Committee and the Company’s internal Enterprise Risk Management Committee periodic and as needed reports on our cybersecurity risks and cybersecurity incidents, if any.
|Cybersecurity Risk Role of Management [Text Block]
|
Our Board of Directors keeps apprised of and oversees technology risk and cybersecurity of the Company. The Board receives updates from the Company’s Information Security Officer (“ISO”) on a quarterly basis and receives cybersecurity training on at least an annual basis. While the entire Board receives reporting and receives training, the Board has delegated certain specific responsibility for overseeing cybersecurity threats, among other things, to its Risk Committee. Our ISO and Chief Risk Officer provide the Risk Committee and the Company’s internal Enterprise Risk Management Committee periodic and as needed reports on our cybersecurity risks and cybersecurity incidents, if any.The Risk Committee and the entire Board review and approve the Company’s information security policies and certain other relevant policies on at least an annual basis. Our ISO, who has over twenty-five years of experience in the system, network, and cybersecurity space, is responsible for overseeing and managing the Information Security Program alongside our Chief Information Officer. The Chief Information Officer serves on the Enterprise Risk Management Committee, which is chaired by our Chief Risk Officer. They are supported by our team of technology professionals, who are responsible for information technology security monitoring and for managing the controls designed to identify, detect, protect against, respond to and recover from cybersecurity threats and cybersecurity incidents.
|Cybersecurity Risk Management Positions or Committees Responsible [Flag]
|true
|Cybersecurity Risk Management Positions or Committees Responsible [Text Block]
|
Our Board of Directors keeps apprised of and oversees technology risk and cybersecurity of the Company. The Board receives updates from the Company’s Information Security Officer (“ISO”) on a quarterly basis and receives cybersecurity training on at least an annual basis. While the entire Board receives reporting and receives training, the Board has delegated certain specific responsibility for overseeing cybersecurity threats, among other things, to its Risk Committee. Our ISO and Chief Risk Officer provide the Risk Committee and the Company’s internal Enterprise Risk Management Committee periodic and as needed reports on our cybersecurity risks and cybersecurity incidents, if any.The Risk Committee and the entire Board review and approve the Company’s information security policies and certain other relevant policies on at least an annual basis. Our ISO, who has over twenty-five years of experience in the system, network, and cybersecurity space, is responsible for overseeing and managing the Information Security Program alongside our Chief Information Officer. The Chief Information Officer serves on the Enterprise Risk Management Committee, which is chaired by our Chief Risk Officer. They are supported by our team of technology professionals, who are responsible for information technology security monitoring and for managing the controls designed to identify, detect, protect against, respond to and recover from cybersecurity threats and cybersecurity incidents.
|Cybersecurity Risk Management Expertise of Management Responsible [Text Block]
|Our ISO, who has over twenty-five years of experience in the system, network, and cybersecurity space, is responsible for overseeing and managing the Information Security Program alongside our Chief Information Officer. The Chief Information Officer serves on the Enterprise Risk Management Committee, which is chaired by our Chief Risk Officer. They are supported by our team of technology professionals, who are responsible for information technology security monitoring and for managing the controls designed to identify, detect, protect against, respond to and recover from cybersecurity threats and cybersecurity incidents.
|Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block]
|While the entire Board receives reporting and receives training, the Board has delegated certain specific responsibility for overseeing cybersecurity threats, among other things, to its Risk Committee. Our ISO and Chief Risk Officer provide the Risk Committee and the Company’s internal Enterprise Risk Management Committee periodic and as needed reports on our cybersecurity risks and cybersecurity incidents, if any.
|Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag]
|true
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef