HORIZON BANCORP INC /IN/ 10-K Cybersecurity GRC - 2024-03-15

Page last updated on April 11, 2024

HORIZON BANCORP INC /IN/ reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-03-15 13:12:48 EDT.

Filings

10-K filed on 2024-03-15

HORIZON BANCORP INC /IN/ filed an 10-K at 2024-03-15 13:12:48 EDT
Accession Number: 0000706129-24-000015

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

ITEM 1C. CYBERSECURITY The Board established the Cyber Security Committee of the Board in December 2022 to augment the Board’s oversight with cybersecurity focus and expertise and to complement the risk framework activities of the Enterprise Risk Management and Credit Policy Committee. The Cyber Security Committee considers risks associated with Horizon’s overall cyber security and information technology programs information technology audits the security risk insurance that Horizon maintains for information technology, cyber security and privacy risks Horizon’s information security training programs and compliance with all rules and regulations and risk control policies and procedures relating to information technology and cyber security. Pursuant to the Cyber Security Committee Charter, the Cyber Security Committee is required to meet at least three times per year and report to the Board annually. The Cyber Security Committee met three times in 2023. In addition, the Cyber Security Committee Charter provides that a majority of the Cyber Security Committee’s voting members must qualify as independent directors under SEC rules and NASDAQ listing standards. During 2023, 80% of the Cyber Security Committee’s members qualified as independent. Horizon’s senior management briefs the Cyber Security Committee at each Cyber Security Committee meeting (see below for detailed discussion). In 2023, Horizon’s information technology/cyber security program was audited by Horizon’s internal and external auditors. The Cyber Security Committee Charter is posted on Horizon’s website at www.horizonbank.com in the section headed About Us Investor Relations Corporate Information under the caption Corporate Governance. Through Horizon’s enterprise risk management framework and reporting functions, the Board, its Committees and Management assess and manage cybersecurity risks created by cybersecurity threats. Horizon’s Vice President, Information Security and Audit Information Security officer ( Information Security Officer ) provides an annual Information Security Program report to the Board and as needed when cybersecurity risk is elevated. Horizon’s Senior Vice President, Senior Technology Officer is a member of the Cyber Security Committee and reports on cyber security risks at each meeting a minimum of three times a year. The Senior Vice President, Senior Technology Officer reports to the Executive Vice President, Senior Operations Officer, who also is a member of the Cyber Security Committee. For independence, the Information Security Officer reports to Horizon’s Senior Vice President, 31 Table of Contents HORIZON BANCORP, INC. 2023 Annual Report on Form 10 K Senior Auditor and Compliance Officer. Horizon’s risk escalation framework requires progressive escalation of cyber security risks to Management and its Committees, then to Board Committees and, ultimately, to the Board. Management’s Operations Committee meets monthly and provides oversight and governance of the technology and cyber security programs. The Senior Vice President, Senior Technology Officer and Information Security Officer are members of this committee and report monthly on the technology and cyber security programs. The Senior Vice President, Senior Technology Officer also is a member of Management’s Enterprise Risk & Disclosure Committee, which meets a minimum of four times a year, to report on the technology and cyber security programs. Horizon engages in regular assessments of its infrastructure, software systems, and network architecture, using internal cybersecurity experts and third party specialists. It also maintains a third party risk management program designed to identify, assess, and manage risk, including cybersecurity risks, associated with external service providers and our supply chain. The Executive Vice President, Senior Operations Officer has 34 years of experience in operations and technology with an educational background in Business Administration. In the role of Senior Bank Operations Officer and Executive for the past 23 years, she oversees and works closely with Horizon’s technology and security teams to develop and implement robust security measures to protect the Bank’s systems, networks, and customer data. The Senior Bank Operations Officer stays current on the latest industry trends and emerging cyber threats through publications, webinars, seminars and banking association training around cyber security. She also collaborates with external agencies, such as law enforcement and regulatory bodies, to address cyber threats and ensure compliance with industry best practices. The Senior Vice President, Senior Technology Officer has 27 years of experience in information technology, with the last 12 as the information technology leader for the Bank. He holds a Bachelor’s Degree in Computer Science. He is an active member of FS ISAC’s Mergers an Acquisition Working Group, and a named author of their 2023 Cybersecurity Best Practices in Mergers, Acquisitions and Divestiture Deals publication. He also serves as an advisory member of the Indiana Governor’s Executive Council on Cybersecurity. He attends numerous industry training sessions including those put on by the SANS Institute, PaloAlto, Cisco, Microsoft, the Cybersecurity and Infrastructure Security Agency (CISA), and FS ISAC. The Vice President, Information Security and Audit Information Security Officer has 27 years as an IT Professional, with the last 8 as the cybersecurity leader for Horizon Bank with an education background in Technology. He has achieved numerous certifications throughout his career including the Microsoft Certified Systems Engineer (MCSE) and Certified Novell Engineering (CNE 5/6), and has demonstrated a continued commitment to excellence and has attained certification as a Certified Information Systems Security Professional (CISSP) issued by ISC2 in 2022. Through continuous learning and professional development, the Information Security Officer has honed his expertise in cybersecurity frameworks, threat detection, incident response, and risk management. He also serves as a member of the Indiana Bankers Association (IBA) Cyber Security Committee and attends numerous industry training sessions including those put on by Microsoft, FS ISAC, SANS Institute. Notwithstanding our defensive measures and processes, the threat posed by cyber attacks is severe. Our internal systems, processes, and controls are designed to mitigate loss from cyberattacks and, while we have experienced cybersecurity incidents in the past, to date, risks from cybersecurity threats have not materially affected our Company. See Item 1A. Risk Factors for further discussion of risks related to cyber security in Horizon’s 2023 Annual Report on Form 10 K filed with the Securities and Exchange Commission. 32 Table of Contents HORIZON BANCORP, INC. 2023 Annual Report on Form 10 K

Company Information