LANDMARK BANCORP INC 10-K Cybersecurity GRC - 2024-03-27

Page last updated on April 11, 2024

LANDMARK BANCORP INC reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-03-27 16:26:31 EDT.

Filings

10-K filed on 2024-03-27

LANDMARK BANCORP INC filed an 10-K at 2024-03-27 16:26:31 EDT
Accession Number: 0001493152-24-011513

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

ITEM 1C. CYBERSECURITY Risk Management and Strategy . The Company relies extensively on various information systems and other electronic resources to operate its business. In addition, nearly all of the Company s customers, service providers and other business partners on whom the Company depends, including the providers of the Company s online banking, mobile banking and accounting systems, use these systems and their own electronic information systems. Any of these systems can be compromised, including by employees, customers and other individuals who are authorized to use them, and bad actors using sophisticated and constantly evolving set of software, tools and strategies to do so. Accordingly, the Company has devoted significant resources to assessing, identifying and managing risks associated with cybersecurity threats, as noted below: Identifying and assessing cybersecurity threats : The Company regularly evaluates its systems and data for potential vulnerabilities and analyzes the evolving cyber threat landscape, to ensure it proactively addresses risks before they materialize. The Company employs monitoring tools that can detect and help respond to cybersecurity threats in real-time. Integration with Overall Risk Management : Cybersecurity risks are seamlessly integrated into the Company s broader risk management framework, ensuring a holistic view and prioritized mitigation strategies. Management of Third-Party Risk : The Company s comprehensive third-party management process includes rigorous due diligence, oversight and identification of cybersecurity risks associated with vendors and service providers. Team : The Company has an internal committee that is responsible for conducting regular assessments of its information systems, existing controls, vulnerabilities and potential improvements. Engagement of Expert Assistance : The Company leverages the expertise of independent consultants, legal advisors, and audit firms to evaluate the effectiveness of our risk management systems and address potential cybersecurity incidents efficiently. Training : The Company conducts periodic cybersecurity training for its workforce. This information security program is a key part of the Company s overall risk management system. The program includes administrative, technical and physical safeguards to help protect the security and confidentiality of customer records and information. These security and privacy policies and procedures are in effect across all of the Company s businesses and geographic locations. 38 From time-to-time, the Company has identified cybersecurity threats and cybersecurity incidents that require the Company to make changes to its processes and to implement additional safeguards. While none of these identified threats or incidents have materially affected the Company, it is possible that threats and incidents the Company identifies in the future could have a material adverse effect on its business strategy, results of operations and financial condition. Governance . The Company s management team is responsible for the day-to-day management of cybersecurity risks it faces, including the Company s Chief Executive Officer and Chief Financial Officer. In addition, the Company s and the Bank s boards of directors, both as a whole and through the Bank s Enterprise Risk Management Committee ( ERM ) is responsible for the oversight of risk management, including cybersecurity risks. In that role, the boards of directors and the ERM, with support from the Bank s cybersecurity advisors, are responsible for ensuring that the risk management processes designed and implemented by management are adequate and functioning as designed.

Company Information