Cybersecurity Risk Management and Strategy Disclosure |
12 Months Ended |
|---|---|
Dec. 31, 2025 | |
| Cybersecurity Risk Management, Strategy, and Governance [Line Items] | |
| Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block] | Cybersecurity risks are constantly evolving and becoming increasingly pervasive across all industries. The Company uses a blend of people, process, and technology controls to manage and mitigate cybersecurity risk. The Company’s Board of Directors delegates oversight of the Bank's processes for identifying, assessing, and mitigating material risks, including cybersecurity risks, to the Board Risk Compliance Committee. Senior Leadership, including the CRO and the Director of Information Technology, manage third-party service providers and advisors to maintain and continuously enhance the Bank's Information Security Program. The CRO, Director of Information Technology, and the Bank's third-party virtual ISO regularly present to the Board Risk Compliance Committee on the state of cybersecurity at the Bank, including any business-impacting incidents and emerging industry risks. The virtual ISO has over 30 years of experience in IT, Information Security, Business Continuity, and Technology Risk in the Financial Services sector and maintains several industry-recognized security, audit, privacy and governance certifications. Key elements of the comprehensive Information Security Program include: •A mix of administrative and technical tools and controls appropriate to the size and complexity of the Bank to protect the confidentiality, integrity, and availability of critical systems and data, including the privacy of customer data, in compliance with applicable laws, rules, and regulations. Control coverage includes Board approved policies, layers of network and cloud security, encryption of data at rest and in transit, vulnerability scans of technology assets, logging and monitoring, identity and access management, and email security. •Risk assessments are conducted to: (a) identify reasonably foreseeable internal and external threats that could result in unauthorized disclosure, misuse, alteration, or destruction of critical Bank systems and data, (b) determine the likelihood and potential impact of the threats, and (c) determine the sufficiency of controls and mitigating factors to reduce the risks identified. •A detailed Cyber Incident Response Plan (“IRP”) which includes engagement of a third-party that specializes in cybersecurity for financial institutions to assist in incident response and recovery and communications with the Board, regulators, law enforcement and Federal and State Government offices, as required. In addition, targeted cybersecurity playbooks are maintained to respond to common threats, including malware, ransomware, and denial of service attacks. The IRP is tested at least annually and updated as required. •Security Awareness training to help employees understand their information protection and cybersecurity responsibilities, including targeted campaigns on phishing and other common social engineering techniques utilized by threat actors. •A third-party risk management program to classify suppliers according to risk and identify those that require enhanced cyber due diligence. •Annual independent third-party penetration tests, external vulnerability scans, assessments and audits of the Bank's Information Security Program elements. While cybersecurity risks have the potential to materially affect the Company's business, financial condition, and results of operations, the Company does not believe that risks from cybersecurity threats or attacks have materially affected the Company, including its business strategy, results of operations or financial condition. The Bank experienced two low-rated cyber incidents in the past year which did not have a material impact. As of the date of this Form 10-K, the Company is not aware of any cybersecurity incidents that have materially affected or are reasonably likely to materially affect the Company, including its business strategy, results of operations, or financial condition that are required to be reported in this Form 10-K. For further discussion, please see Item 1A. “Risk Factors” for a discussion of cybersecurity risks.
|
| Cybersecurity Risk Management Processes Integrated [Flag] | true |
| Cybersecurity Risk Management Processes Integrated [Text Block] | Key elements of the comprehensive Information Security Program include: •A mix of administrative and technical tools and controls appropriate to the size and complexity of the Bank to protect the confidentiality, integrity, and availability of critical systems and data, including the privacy of customer data, in compliance with applicable laws, rules, and regulations. Control coverage includes Board approved policies, layers of network and cloud security, encryption of data at rest and in transit, vulnerability scans of technology assets, logging and monitoring, identity and access management, and email security. •Risk assessments are conducted to: (a) identify reasonably foreseeable internal and external threats that could result in unauthorized disclosure, misuse, alteration, or destruction of critical Bank systems and data, (b) determine the likelihood and potential impact of the threats, and (c) determine the sufficiency of controls and mitigating factors to reduce the risks identified. •A detailed Cyber Incident Response Plan (“IRP”) which includes engagement of a third-party that specializes in cybersecurity for financial institutions to assist in incident response and recovery and communications with the Board, regulators, law enforcement and Federal and State Government offices, as required. In addition, targeted cybersecurity playbooks are maintained to respond to common threats, including malware, ransomware, and denial of service attacks. The IRP is tested at least annually and updated as required. •Security Awareness training to help employees understand their information protection and cybersecurity responsibilities, including targeted campaigns on phishing and other common social engineering techniques utilized by threat actors. •A third-party risk management program to classify suppliers according to risk and identify those that require enhanced cyber due diligence. •Annual independent third-party penetration tests, external vulnerability scans, assessments and audits of the Bank's Information Security Program elements.
|
| Cybersecurity Risk Management Third Party Engaged [Flag] | true |
| Cybersecurity Risk Third Party Oversight and Identification Processes [Flag] | true |
| Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag] | false |
| Cybersecurity Risk Board of Directors Oversight [Text Block] | The Company’s Board of Directors delegates oversight of the Bank's processes for identifying, assessing, and mitigating material risks, including cybersecurity risks, to the Board Risk Compliance Committee. Senior Leadership, including the CRO and the Director of Information Technology, manage third-party service providers and advisors to maintain and continuously enhance the Bank's Information Security Program. The CRO, Director of Information Technology, and the Bank's third-party virtual ISO regularly present to the Board Risk Compliance Committee on the state of cybersecurity at the Bank, including any business-impacting incidents and emerging industry risks. |
| Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block] | The Company’s Board of Directors delegates oversight of the Bank's processes for identifying, assessing, and mitigating material risks, including cybersecurity risks, to the Board Risk Compliance Committee. Senior Leadership, including the CRO and the Director of Information Technology, manage third-party service providers and advisors to maintain and continuously enhance the Bank's Information Security Program. |
| Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block] | The CRO, Director of Information Technology, and the Bank's third-party virtual ISO regularly present to the Board Risk Compliance Committee on the state of cybersecurity at the Bank, including any business-impacting incidents and emerging industry risks. |
| Cybersecurity Risk Role of Management [Text Block] | Senior Leadership, including the CRO and the Director of Information Technology, manage third-party service providers and advisors to maintain and continuously enhance the Bank's Information Security Program. The CRO, Director of Information Technology, and the Bank's third-party virtual ISO regularly present to the Board Risk Compliance Committee on the state of cybersecurity at the Bank, including any business-impacting incidents and emerging industry risks. The virtual ISO has over 30 years of experience in IT, Information Security, Business Continuity, and Technology Risk in the Financial Services sector and maintains several industry-recognized security, audit, privacy and governance certifications. |
| Cybersecurity Risk Management Positions or Committees Responsible [Flag] | true |
| Cybersecurity Risk Management Positions or Committees Responsible [Text Block] | The Company’s Board of Directors delegates oversight of the Bank's processes for identifying, assessing, and mitigating material risks, including cybersecurity risks, to the Board Risk Compliance Committee. Senior Leadership, including the CRO and the Director of Information Technology, manage third-party service providers and advisors to maintain and continuously enhance the Bank's Information Security Program. |
| Cybersecurity Risk Management Expertise of Management Responsible [Text Block] | The virtual ISO has over 30 years of experience in IT, Information Security, Business Continuity, and Technology Risk in the Financial Services sector and maintains several industry-recognized security, audit, privacy and governance certifications. |
| Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block] | Cybersecurity risks are constantly evolving and becoming increasingly pervasive across all industries. The Company uses a blend of people, process, and technology controls to manage and mitigate cybersecurity risk. The Company’s Board of Directors delegates oversight of the Bank's processes for identifying, assessing, and mitigating material risks, including cybersecurity risks, to the Board Risk Compliance Committee. Senior Leadership, including the CRO and the Director of Information Technology, manage third-party service providers and advisors to maintain and continuously enhance the Bank's Information Security Program. The CRO, Director of Information Technology, and the Bank's third-party virtual ISO regularly present to the Board Risk Compliance Committee on the state of cybersecurity at the Bank, including any business-impacting incidents and emerging industry risks. The virtual ISO has over 30 years of experience in IT, Information Security, Business Continuity, and Technology Risk in the Financial Services sector and maintains several industry-recognized security, audit, privacy and governance certifications.
|
| Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag] | true |