MUNCY COLUMBIA FINANCIAL Corp 10-K Cybersecurity GRC - 2024-03-12

Page last updated on April 11, 2024

MUNCY COLUMBIA FINANCIAL Corp reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-03-12 17:22:43 EDT.

Filings

10-K filed on 2024-03-12

MUNCY COLUMBIA FINANCIAL Corp filed an 10-K at 2024-03-12 17:22:43 EDT
Accession Number: 0001999371-24-003417

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. Cybersecurity We are exposed to various cybersecurity risks that could adversely affect our business, operations, and financial condition. As a community bank, we rely heavily on information technology and telecommunications systems to conduct our business activities, such as processing transactions, maintaining records, communicating with customers and vendors, and providing online and mobile banking services. These systems are subject to various cybersecurity threats, such as unauthorized access, hacking, phishing, malware, ransomware, denial-of-service attacks, and other malicious or criminal activities, that could compromise the confidentiality, integrity, or availability of our systems, data, or customer information. Cybersecurity threats may originate from external sources, such as cybercriminals, hackers, terrorists, or foreign governments, or from internal sources, such as employees, contractors, or vendors. Cybersecurity threats may also target our third-party service providers, such as core processors, cloud providers, or payment processors, whose systems and data are interconnected with ours. We have implemented various security measures and controls to protect our systems and data from unauthorized access, use, or disclosure, such as firewalls, encryption, authentication, backup, and recovery, both internally and with our third party managed service provider. We also have established policies and procedures to monitor and respond to cybersecurity incidents, and to comply with applicable laws and regulations regarding cybersecurity and data privacy. We regularly review and update our security measures and controls to address the evolving nature and sophistication of cybersecurity threats. We also provide training and education to our employees and customers on cybersecurity awareness and best practices. In addition, we maintain cyber liability insurance coverage to mitigate the potential financial impact of cybersecurity incidents. Furthermore, internal and external auditors and regulators periodically review our processes, systems, and controls, including with respect to our information security program, to assess their design and operating effectiveness and make recommendations to strengthen our risk management program. 16 We maintain a Business Continuity and Incident Response Program that provides a documented framework for responding to actual or potential incidents, including engagement of appropriate third parties such as insurance providers and incident response professionals, and timely reporting to our CEO and Board of Directors as appropriate. The Business Continuity and Incident Response Program is coordinated by the Information Security Officer and key members of management are embedded into the Plan by its design. The Business Continuity and Incident Response Program facilitates coordination across multiple areas of our organization and is evaluated at least annually. Notwithstanding our defensive measures and processes, the threat posed by cyber-attacks is always present. Our internal systems, processes, and controls are designed to mitigate loss from cyber-attacks. Despite our efforts, we cannot guarantee that our security measures and controls will be sufficient or effective to prevent, detect, or mitigate all cybersecurity incidents or to protect our systems and data from unauthorized access, use, or disclosure. We may experience cybersecurity incidents in the future that could result in operational disruption, reputational damage, customer dissatisfaction, loss of business or revenue, legal liability, regulatory actions, fines, penalties, or remediation costs. Any of these outcomes could have a material adverse effect on our business, operations, and financial condition. While we have experienced cybersecurity incidents in the past, risks from cybersecurity threats have not materially affected the Corporation to date.

Company Information