LAKELAND FINANCIAL CORP 10-K Cybersecurity GRC - 2024-02-21

Page last updated on April 11, 2024

LAKELAND FINANCIAL CORP reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-02-21 08:00:00 EST.

Filings

10-K filed on 2024-02-21

LAKELAND FINANCIAL CORP filed an 10-K at 2024-02-21 08:00:00 EST
Accession Number: 0000721994-24-000013

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

ITEM 1C. CYBERSECURITY We rely extensively on various information systems and other electronic resources to operate our business. In addition, nearly all of our customers, service providers and other business partners on whom we depend, including the providers of our online banking, mobile banking and accounting systems, use these systems and their own electronic information systems. Any of these systems can be compromised, including through the employees, customers and other individuals who are authorized to use them, and threat actors use a sophisticated and constantly evolving set of software, tools and strategies to do so. The nature of our business, as a financial services provider, and our relative size, make us and our business partners high-value targets for these bad actors to pursue. See section Risks Relation to our Operations . Accordingly, we have long devoted significant resources to assessing, identifying and managing risks associated with cybersecurity threats, including: an internal information security team that is responsible for conducting regular assessments of our information systems, existing controls, vulnerabilities and potential improvements; continuous monitoring tools that can detect and help respond to cybersecurity threats in real-time; performing due diligence with respect to our third-party service providers, including their cybersecurity practices, and requiring contractual commitments from our service providers to take certain cybersecurity measures; third-party information security and cybersecurity consultants, who conduct periodic penetration testing, vulnerability assessments and other procedures to identify potential weaknesses in our systems and processes; and ongoing cybersecurity training and phishing testing for our employees. This information security program is a key part of our overall risk management system. The program includes administrative, technical and physical safeguards to help ensure the security and confidentiality of customer records and information. These security and privacy policies and procedures are in effect across all of our businesses and geographic locations. From time-to-time, we have identified cybersecurity threats and cybersecurity incidents that require us to make changes to our processes and to implement additional safeguards. While none of these identified threats or incidents have materially affected us, it is possible that threats and incidents we identify in the future could have a material adverse effect on our business strategy, results of operations and financial condition. Our management team is responsible for the day-to-day management of risks we face, including our Vice President Information Security Officer. Our current Information Security Officer has over 15 years of experience, including prior work in the healthcare field, and is a Certified Information Systems Security Professional and CompTIA Security+ certified. In addition, our board of directors, as a whole and through the Bank’s Corporate Risk Committee (the Risk Committee ), is responsible for the oversight of risk management. In that role, our board of directors and Risk Committee, with support from the Company s cybersecurity advisors, are responsible for ensuring that the risk management processes designed and implemented by management are adequate and functioning as designed. To carry out those duties, our board of directors receives reports, at least quarterly, from our management team regarding cybersecurity risks, and the Company s efforts to prevent, detect, mitigate and remediate any cybersecurity incidents.

Company Information