XML 43 R29.htm IDEA: XBRL DOCUMENT v3.26.1
Cybersecurity Risk Management and Strategy Disclosure
 12 Months Ended
Dec. 31, 2025
Cybersecurity Risk Management, Strategy, and Governance [Line Items]  
Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]

The Company has developed and maintains an information security program designed to assess, identify, and monitor cybersecurity risks in order to protect one of its most critical assets – information. The program includes information security governance, documented policies and procedures, and technical safeguards intended to protect information owned by or entrusted to the Company.

 

The Company regularly evaluates its exposure to cybersecurity risks and, to the extent practicable, assesses the likelihood and potential severity of such risks, as well as their possible impact on the Company, its customers, and its employees. The effectiveness of the Company’s information security controls, processes, and procedures is evaluated through periodic internal testing and independent assessments conducted by third-party cybersecurity firms. These efforts are supplemented by regular tabletop incident response exercises and ongoing cybersecurity awareness training for employees. Results from testing, exercises, and training are used to enhance the Company’s incident response and business continuity plans, related procedures, and employee training programs.

 

The Company also manages cybersecurity risks arising from its relationships with third-party vendors through a comprehensive vendor management program. Vendors are assessed for cybersecurity risk as part of the onboarding process, and all assessment activities are documented within the Company’s vendor management system. The vendor review process includes evaluation of independent assurance reports and certifications, such as Service Organization Controls (SOC) reports, Payment Card Industry Data Security Standard (PCI DSS) compliance, and other relevant documentation, as applicable. Critical vendors are reviewed at least annually, with the results reported to the Board of Directors.
Cybersecurity Risk Management Processes Integrated [Flag] true
Cybersecurity Risk Management Processes Integrated [Text Block]

The Company has developed and maintains an information security program designed to assess, identify, and monitor cybersecurity risks in order to protect one of its most critical assets – information. The program includes information security governance, documented policies and procedures, and technical safeguards intended to protect information owned by or entrusted to the Company.
Cybersecurity Risk Management Third Party Engaged [Flag] true
Cybersecurity Risk Third Party Oversight and Identification Processes [Flag] true
Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag] false
Cybersecurity Risk Board of Directors Oversight [Text Block]

The Company’s information security program is led by the Chief Information Officer and the Information Security Officer, in coordination with management, the Board of Directors, and the Technology Committee. The Technology Committee provides ongoing oversight of the Company’s cybersecurity and information security program and regularly reviews cybersecurity risk assessments and related reporting from management. This oversight is further supported through engagement with independent cybersecurity firms with expertise in financial services.

Prior to Seneca Bancorp, the Chief Information Officer and the Information Security Officer served in various roles where he led the transformation to stabilize and secure IT infrastructure and systems.  He also served as a Senior Manager of the Technology Advisory Services team where he provided technology management and advisory services to clients through a series of assessments and development of technology roadmaps aligned with business objectives.
Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block] Technology Committee
Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block] The Company’s information security program is led by the Chief Information Officer and the Information Security Officer, in coordination with management, the Board of Directors, and the Technology Committee. The Technology Committee provides ongoing oversight of the Company’s cybersecurity and information security program and regularly reviews cybersecurity risk assessments and related reporting from management.
Cybersecurity Risk Role of Management [Text Block] The Company’s information security program is led by the Chief Information Officer and the Information Security Officer, in coordination with management, the Board of Directors, and the Technology Committee. The Technology Committee provides ongoing oversight of the Company’s cybersecurity and information security program and regularly reviews cybersecurity risk assessments and related reporting from management.
Cybersecurity Risk Management Positions or Committees Responsible [Flag] true
Cybersecurity Risk Management Positions or Committees Responsible [Text Block] Chief Information Officer and the Information Security Officer
Cybersecurity Risk Management Expertise of Management Responsible [Text Block]

Prior to Seneca Bancorp, the Chief Information Officer and the Information Security Officer served in various roles where he led the transformation to stabilize and secure IT infrastructure and systems.  He also served as a Senior Manager of the Technology Advisory Services team where he provided technology management and advisory services to clients through a series of assessments and development of technology roadmaps aligned with business objectives.
Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block] The Technology Committee provides ongoing oversight of the Company’s cybersecurity and information security program and regularly reviews cybersecurity risk assessments and related reporting from management.
Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag] true