Cybersecurity Risk Management and Strategy Disclosure |
12 Months Ended |
|---|---|
Dec. 31, 2025 | |
| Cybersecurity Risk Management, Strategy, and Governance [Line Items] | |
| Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block] |
We are exposed to various cybersecurity risks that could adversely affect our business, operations, and financial condition.
We maintain a Business Continuity and Incident Response Program that provides a documented framework for responding to actual or potential incidents, including the engagement of appropriate third parties such as insurance providers and incident response professionals, and the timely escalation of matters to executive leadership and the board of directors. The program is coordinated by the Chief Information Officer, with key members of management embedded by design to enable cross-functional coordination, and is evaluated and tested at least annually.
Oversight of these risks is provided by a committee composed of four independent directors with experience in information system security, including two directors with direct information technology expertise. The is responsible for managing these risks, assigning responsibilities, and communicating relevant matters to the committee and the CEO. The , in turn, reports to the full board of directors and oversees external communications to regulators, employees, and customers, as appropriate.
We may experience cybersecurity incidents in the future that could result in operational disruption, reputational damage, customer dissatisfaction, loss of business or revenue, legal liability, regulatory actions, fines, penalties, or remediation costs. Any of these outcomes could have a material adverse effect on our business, operations, and financial condition. While we have experienced cybersecurity incidents in the past, such incidents have materially affected the Company to date.
|
| Cybersecurity Risk Management Processes Integrated [Flag] | true |
| Cybersecurity Risk Management Processes Integrated [Text Block] | We have implemented various security measures and controls to protect our systems and data from unauthorized access, use, or disclosure, such as firewalls, encryption, authentication, backup, and recovery, both internally and with our third party managed service provider. We also have established policies and procedures to monitor and respond to cybersecurity incidents, and to comply with applicable laws and regulations regarding cybersecurity and data privacy. We regularly review and update our security measures and controls to address the evolving nature and sophistication of cybersecurity threats. We also provide training and education to our employees and customers on cybersecurity awareness and best practices. In addition, we maintain cyber liability insurance coverage to mitigate the potential financial impact of cybersecurity incidents. Furthermore, internal and external auditors and regulators periodically review our processes, systems, and controls, including with respect to our information security program, to assess their design and operating effectiveness and make recommendations to strengthen our risk management program. |
| Cybersecurity Risk Management Third Party Engaged [Flag] | true |
| Cybersecurity Risk Third Party Oversight and Identification Processes [Flag] | true |
| Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag] | false |
| Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Text Block] | Notwithstanding our defensive measures and processes, the threat posed by cyber-attacks is always present. Our internal systems, processes, and controls are designed to mitigate loss from cyber-attacks. Despite our efforts, we cannot guarantee that our security measures and controls will be sufficient or effective to prevent, detect, or mitigate all cybersecurity incidents or to protect our systems and data from unauthorized access, use, or disclosure. |
| Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block] | As a community bank, we rely heavily on information technology and telecommunications systems to conduct our business activities, such as processing transactions, maintaining records, communicating with customers and vendors, and providing online and mobile banking services. These systems are subject to various cybersecurity threats, such as unauthorized access, hacking, phishing, malware, ransomware, denial-of-service attacks, and other malicious or criminal activities, that could compromise the confidentiality, integrity, or availability of our systems, data, or customer information. Cybersecurity threats may originate from external sources, such as cybercriminals, hackers, terrorists, or foreign governments, or from internal sources, such as employees, contractors, or vendors. Cybersecurity threats may also target our third-party service providers, such as core processors, cloud providers, or payment processors, whose systems and data are interconnected with ours. |
| Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block] | As a community bank, we rely heavily on information technology and telecommunications systems to conduct our business activities, such as processing transactions, maintaining records, communicating with customers and vendors, and providing online and mobile banking services. These systems are subject to various cybersecurity threats, such as unauthorized access, hacking, phishing, malware, ransomware, denial-of-service attacks, and other malicious or criminal activities, that could compromise the confidentiality, integrity, or availability of our systems, data, or customer information. Cybersecurity threats may originate from external sources, such as cybercriminals, hackers, terrorists, or foreign governments, or from internal sources, such as employees, contractors, or vendors. Cybersecurity threats may also target our third-party service providers, such as core processors, cloud providers, or payment processors, whose systems and data are interconnected with ours. |
| Cybersecurity Risk Role of Management [Text Block] | We maintain a Business Continuity and Incident Response Program that provides a documented framework for responding to actual or potential incidents, including the engagement of appropriate third parties such as insurance providers and incident response professionals, and the timely escalation of matters to executive leadership and the board of directors. The program is coordinated by the Chief Information Officer, with key members of management embedded by design to enable cross-functional coordination, and is evaluated and tested at least annually. |
| Cybersecurity Risk Management Positions or Committees Responsible [Flag] | true |
| Cybersecurity Risk Management Positions or Committees Responsible [Text Block] | We maintain a Business Continuity and Incident Response Program that provides a documented framework for responding to actual or potential incidents, including the engagement of appropriate third parties such as insurance providers and incident response professionals, and the timely escalation of matters to executive leadership and the board of directors. The program is coordinated by the Chief Information Officer, with key members of management embedded by design to enable cross-functional coordination, and is evaluated and tested at least annually. |
| Cybersecurity Risk Management Expertise of Management Responsible [Text Block] | We have implemented various security measures and controls to protect our systems and data from unauthorized access, use, or disclosure, such as firewalls, encryption, authentication, backup, and recovery, both internally and with our third party managed service provider. We also have established policies and procedures to monitor and respond to cybersecurity incidents, and to comply with applicable laws and regulations regarding cybersecurity and data privacy. We regularly review and update our security measures and controls to address the evolving nature and sophistication of cybersecurity threats. We also provide training and education to our employees and customers on cybersecurity awareness and best practices. In addition, we maintain cyber liability insurance coverage to mitigate the potential financial impact of cybersecurity incidents. Furthermore, internal and external auditors and regulators periodically review our processes, systems, and controls, including with respect to our information security program, to assess their design and operating effectiveness and make recommendations to strengthen our risk management program. |
| Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block] | As a community bank, we rely heavily on information technology and telecommunications systems to conduct our business activities, such as processing transactions, maintaining records, communicating with customers and vendors, and providing online and mobile banking services. These systems are subject to various cybersecurity threats, such as unauthorized access, hacking, phishing, malware, ransomware, denial-of-service attacks, and other malicious or criminal activities, that could compromise the confidentiality, integrity, or availability of our systems, data, or customer information. Cybersecurity threats may originate from external sources, such as cybercriminals, hackers, terrorists, or foreign governments, or from internal sources, such as employees, contractors, or vendors. Cybersecurity threats may also target our third-party service providers, such as core processors, cloud providers, or payment processors, whose systems and data are interconnected with ours. |
| Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag] | true |