Princeton Bancorp, Inc. 10-K Cybersecurity GRC - 2024-03-25

Page last updated on April 11, 2024

Princeton Bancorp, Inc. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-03-25 16:32:35 EDT.

Filings

10-K filed on 2024-03-25

Princeton Bancorp, Inc. filed an 10-K at 2024-03-25 16:32:35 EDT
Accession Number: 0001193125-24-076546

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. Cybersecurity We rely extensively on various information systems and other electronic resources to operate our business. In addition, nearly all our customers, service providers and other business partners on whom we depend, including the providers of our online banking, mobile banking, and accounting systems, use their own information systems and electronic resources. Any of these systems can be compromised, including through the employees, customers, and other individuals who are authorized to use them, and bad actors who use a sophisticated and constantly evolving set of software, tools, and strategies to do so. Moreover, the nature of our business as a financial services provider, and our relative size, make us and our business partners high-value targets for these bad actors to pursue. For additional information see Item 1A. Risk Factors Operational Risks. Accordingly, we have long devoted significant resources to assessing, identifying, and managing risks associated with cybersecurity threats, including: an in-house team dedicated to information and cybersecurity, responsible for conducting regular evaluations of our information systems, existing controls, vulnerabilities, and potential enhancements tools for continuous monitoring capable of detecting and aiding in the response to cybersecurity threats in real-time conducting thorough due diligence on our third-party service providers, evaluating their cybersecurity practices, and requiring contractual commitments from them to implement specific cybersecurity measures collaboration with third-party cybersecurity experts who perform periodic penetration testing, vulnerability assessments, and other procedures to pinpoint potential weaknesses in our systems and processes and regular cybersecurity training sessions for our staff. This information security program is a key part of our overall risk management system, which is administered by our Information Security Officer. The program includes administrative, technical and physical safeguards to help ensure the security and confidentiality of customer records and information. These security and privacy policies and procedures are in effect across all of our businesses and geographic locations. We face a number of cybersecurity risks in connection with our business. From time-to-time, we have identified cybersecurity threats and cybersecurity incidents that require us to make changes to our processes and to implement additional safeguards. While none of these identified threats or incidents have materially affected us, it is possible that threats and incidents we identify in the future could have a material adverse effect on our business strategy, results of operations, and financial condition. Our management team is responsible for the day-to-day management of risks we face, including our Chief Information Officer ( CIO ). Our CIO has been in the role since May 2021, and has 30 years of experience in technology risk management and cybersecurity, primarily within the financial services sector. 30 Table of Contents In addition, our board of directors is responsible for the oversight of risk management. In that role, our board of directors, with support from our cybersecurity advisors, are responsible for ensuring that the risk management processes designed and implemented by management are adequate and functioning as designed. To carry out those duties, our board of directors receives quarterly reports from our management team regarding cybersecurity risks, and our efforts to prevent, detect, mitigate, and remediate any cybersecurity incidents.

Company Information