|
Cybersecurity Risk Management and Strategy Disclosure
|12 Months Ended
Dec. 31, 2024
|Cybersecurity Risk Management, Strategy, and Governance [Line Items]
|Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]
|
Our risk management program is designed to identify, assess and mitigate risks across our company. When considering financial, operational, regulatory, reputational and legal risk, our program is well matched for our size and complexity. Our Chief Technology Officer, in conjunction with the Chief Operating Officer, is currently responsible for managing our information security program. Given the increasing risk involving cybersecurity and the Bank’s evolving needs and reliance on technology, our strategy involves the addition of a Chief Information Security Officer. The Chief Information Security Officer will be primarily responsible for the cybersecurity component of our risk program. These responsibilities include performing and maintaining a cyber risk assessment, defense operations, incident response, vulnerability assessment, threat intelligence, access levels, third party risk and vendor management and business continuity planning. This key role will be developed as we expand our overall risk management program.
Our objectives for managing cybersecurity risk is to greatly minimize the impacts of external threats. This includes, but is not limited to, efforts to penetrate, disrupt or misuse our systems or information. Our information security program is designed to comply with industry standards, such as the National Institute of Technology Cybersecurity Framework. We successfully leverage several associations, industry groups, audits and enhanced monitoring to promote the effectiveness of our program. Our Chief Technology Officer, who reports to our Chief Operating Officer, collaborates regularly with peer banks and other industry groups to identify and implement best practices. Our program is regularly reviewed in an effort to address emerging trends and threats.We maintain multiple controls in an effort to manage cybersecurity threats. We employ various preventative and detective controls to monitor, block and prevent suspicious activity including those that provide real-time alerts and response. We have systems designed to mitigate cyber risk, which includes ongoing training for employees, preparedness and tabletop exercises, and recovery testing. We maintain a robust vendor management program that identifies, assesses and documents risk associated with external service providers. We proactively monitor email servers for malicious activity and limit remote work only to qualified positions. We leverage internal and external auditors to review processes, systems and controls related to our information security program to ensure they are operating effectively. Management proactively responds to all recommendations designed to strengthen or improve our operating environment.
|Cybersecurity Risk Management Processes Integrated [Flag]
|true
|Cybersecurity Risk Management Processes Integrated [Text Block]
|
Our risk management program is designed to identify, assess and mitigate risks across our company. When considering financial, operational, regulatory, reputational and legal risk, our program is well matched for our size and complexity. Our Chief Technology Officer, in conjunction with the Chief Operating Officer, is currently responsible for managing our information security program. Given the increasing risk involving cybersecurity and the Bank’s evolving needs and reliance on technology, our strategy involves the addition of a Chief Information Security Officer. The Chief Information Security Officer will be primarily responsible for the cybersecurity component of our risk program. These responsibilities include performing and maintaining a cyber risk assessment, defense operations, incident response, vulnerability assessment, threat intelligence, access levels, third party risk and vendor management and business continuity planning. This key role will be developed as we expand our overall risk management program.
|Cybersecurity Risk Management Third Party Engaged [Flag]
|true
|Cybersecurity Risk Third Party Oversight and Identification Processes [Flag]
|true
|Cybersecurity Risk Board of Directors Oversight [Text Block]
|
We maintain a detailed Incident Response Plan which outlines the steps we would implement in the event of an actual or potential cybersecurity event. The Incident Response Plan includes timely notification of an escalation to the appropriate levels of management and Board of Directors. The Incident Response Plan is reviewed and updated at least annually and mandates coordination and collaboration across all levels of management and all areas of the Bank.
The Board of Directors reviews components of the information security program on annual basis including policies, procedures, risk assessments, table top testing results, attestations, budgets and strategies. These components are presented by Executive Management as part of the regular board meeting schedule and strategic planning process.
|Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block]
|Our Chief Technology Officer, in conjunction with the Chief Operating Officer, is currently responsible for managing our information security program
|Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block]
|
We maintain a detailed Incident Response Plan which outlines the steps we would implement in the event of an actual or potential cybersecurity event. The Incident Response Plan includes timely notification of an escalation to the appropriate levels of management and Board of Directors. The Incident Response Plan is reviewed and updated at least annually and mandates coordination and collaboration across all levels of management and all areas of the Bank.
|Cybersecurity Risk Role of Management [Text Block]
|
We maintain a detailed Incident Response Plan which outlines the steps we would implement in the event of an actual or potential cybersecurity event. The Incident Response Plan includes timely notification of an escalation to the appropriate levels of management and Board of Directors. The Incident Response Plan is reviewed and updated at least annually and mandates coordination and collaboration across all levels of management and all areas of the Bank.
The Board of Directors reviews components of the information security program on annual basis including policies, procedures, risk assessments, table top testing results, attestations, budgets and strategies. These components are presented by Executive Management as part of the regular board meeting schedule and strategic planning process.
|Cybersecurity Risk Management Positions or Committees Responsible [Flag]
|true
|Cybersecurity Risk Management Positions or Committees Responsible [Text Block]
|The Chief Information Security Officer will be primarily responsible for the cybersecurity component of our risk program.
|Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block]
|Our Chief Technology Officer, who reports to our Chief Operating Officer, collaborates regularly with peer banks and other industry groups to identify and implement best practices. Our program is regularly reviewed in an effort to address emerging trends and threats.
|Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag]
|true
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef