|
Cybersecurity Risk Management and Strategy Disclosure
|12 Months Ended
Dec. 31, 2024
|Cybersecurity Risk Management, Strategy, and Governance [Abstract]
|Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]
|
Risk Management and Strategy
We outsource substantially all of our IT functions, including cybersecurity, through BankOnIT, LLC (“BankOnIT”), a third-party banking technology service provider. BankOnIT provides significant resources to identify, assess and manage risks from cybersecurity threats, including:
BankOnIT leverages certain industry and government associations and threat-intelligence resources to keep up to date on, and respond to, the latest cybersecurity threats.
We engage in regular assessments of our infrastructure, software systems, and network architecture utilizing third-party cybersecurity professions, including annual penetration testing and audits of our information technology systems to identify vulnerabilities and areas for additional enhancement. Employees receive regular virtual and in-person security awareness training through simulated tests, company communications, and in-person training. We also maintain a vendor management program to identify and assess risks of our third-party service providers.
Due to the type and volume of information that we collect and store to provide banking services to our customers, we are an attractive target for cyber threat actors seeking financial gain. Our failure to maintain the safety of our customer’s information could have a material adverse effect on our reputation, financial condition and results of operations. To date, we have not experienced a cybersecurity incident that resulted in a material adverse effect on our business strategy, results of operations, or financial condition; however, there can be no guarantee that we will not experience such an incident in the future. Although we maintain cybersecurity insurance, the costs and expenses related to cybersecurity incidents may not be fully insured. We describe whether and how risks from identified cybersecurity threats, including as a result of previous cybersecurity incidents, have materially affected or are reasonably likely to materially affect us, including our business strategy, results of operations, or financial condition under Item 1A. Risk Factors. We are exposed to cybersecurity risks associated with our internet-based systems and online commerce security, including ‘hacking’ and ‘identify theft.’”
|Cybersecurity Risk Management Processes Integrated [Flag]
|true
|Cybersecurity Risk Management Processes Integrated [Text Block]
|
We engage in regular assessments of our infrastructure, software systems, and network architecture utilizing third-party cybersecurity professions, including annual penetration testing and audits of our information technology systems to identify vulnerabilities and areas for additional enhancement. Employees receive regular virtual and in-person security awareness training through simulated tests, company communications, and in-person training. We also maintain a vendor management program to identify and assess risks of our third-party service providers.
|Cybersecurity Risk Management Third Party Engaged [Flag]
|true
|Cybersecurity Risk Third Party Oversight and Identification Processes [Flag]
|true
|Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag]
|false
|Cybersecurity Risk Board of Directors Oversight [Text Block]
|
Governance
Our cybersecurity function is overseen by our COO/ IT Manager who has over 9 years’ experience managing such functions. IT functions are also managed through our IT Committee which is comprised of several senior level executive officers and other Company employees and chaired by our COO/ IT Manager. The IT Committee governs all IT functions at the Company and selects, monitors and manages our third-party IT service providers that implement and maintain our cybersecurity functions.
We also maintain a Cyber Incident Response Team, which includes a board representative and an executive officer representative and is chaired by our COO/IT Manager. The Cyber Incident Response Team is charged with developing and implementing incident response and recovery plans to guide our employees, management and the Board in their response to a cybersecurity incident.
Our Board of Directors is responsible for overseeing our enterprise risk management activities in general, including cybersecurity risks. The full Board receives a network health report at each board meeting from our COO/ IT Manager, which addresses our overall network risk including any relevant cybersecurity threats and incidents.
|Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block]
|
Our cybersecurity function is overseen by our COO/ IT Manager who has over 9 years’ experience managing such functions. IT functions are also managed through our IT Committee which is comprised of several senior level executive officers and other Company employees and chaired by our COO/ IT Manager. The IT Committee governs all IT functions at the Company and selects, monitors and manages our third-party IT service providers that implement and maintain our cybersecurity functions.
|Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block]
|The full Board receives a network health report at each board meeting from our COO/ IT Manager, which addresses our overall network risk including any relevant cybersecurity threats and incidents.
|Cybersecurity Risk Role of Management [Text Block]
|
Our Board of Directors is responsible for overseeing our enterprise risk management activities in general, including cybersecurity risks. The full Board receives a network health report at each board meeting from our COO/ IT Manager, which addresses our overall network risk including any relevant cybersecurity threats and incidents.
|Cybersecurity Risk Management Positions or Committees Responsible [Flag]
|true
|Cybersecurity Risk Management Positions or Committees Responsible [Text Block]
|Our cybersecurity function is overseen by our COO/ IT Manager who has over 9 years’ experience managing such functions. IT functions are also managed through our IT Committee which is comprised of several senior level executive officers and other Company employees and chaired by our COO/ IT Manager.
|Cybersecurity Risk Management Expertise of Management Responsible [Text Block]
|Our cybersecurity function is overseen by our COO/ IT Manager who has over 9 years’ experience managing such functions. IT functions are also managed through our IT Committee which is comprised of several senior level executive officers and other Company employees and chaired by our COO/ IT Manager.
|Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block]
|The full Board receives a network health report at each board meeting from our COO/ IT Manager, which addresses our overall network risk including any relevant cybersecurity threats and incidents.
|Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag]
|true
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef