1895 Bancorp of Wisconsin, Inc. /MD/ 10-K Cybersecurity GRC - 2024-03-29

Page last updated on April 11, 2024

1895 Bancorp of Wisconsin, Inc. /MD/ reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-03-29 15:30:58 EDT.

Filings

10-K filed on 2024-03-29

1895 Bancorp of Wisconsin, Inc. /MD/ filed an 10-K at 2024-03-29 15:30:58 EDT
Accession Number: 0000950170-24-038577

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

ITEM 1C. Cybersecurity PyraMax Bank recognizes the critical importance of cybersecurity in maintaining the integrity, confidentiality, and availability of its systems and data. As a financial institution entrusted with sensitive customer information and financial assets, PyraMax Bank is committed to implementing robust cybersecurity risk management practices, strategies, and governance mechanisms. Our Information Security Officer is primarily responsible for this cybersecurity component and reports directly to the EVP-Chief Operations Officer. The Board of Directors has approved an Information Technology Steering Committee, which focuses on technology and business impact. The committee provides oversight and governance of the technology and information security programs. The committee is chaired by the ISO and compiled of managers throughout the entire company. The committee generally meets quarterly to provide oversight of the risk management strategy, standards, policies, practices, controls, mitigation and prevention efforts employed to manage security risks. More frequent meetings occur from time to time in accordance with the Incident Response Plan in order to facilitate timely information and monitoring efforts. The Information Security Officer reports summaries of key issues, including significant cybersecurity and/or privacy incidents, discussed at committee meetings and the actions taken in the IT Steering Committee to our board of directors on a quarterly basis (or more frequently as may be required by the Incident Response Plan). Cybersecurity Risk Management: PyraMax Bank employs a comprehensive approach to cybersecurity risk management to avoid or minimize the impacts of external threat events or other efforts to penetrate, disrupt or misuse our systems or information. 1. Risk Assessment: Regular assessments of cybersecurity risks are conducted annually to identify potential threats, vulnerabilities, and their potential impact on the Bank’s operations. These assessments encompass both internal and external factors affecting PyraMax’s IT infrastructure and systems. 2. Risk Mitigation: Upon identifying risks, PyraMax Bank s Information Security Program may be revised to protect against any anticipated threats or hazards to the security or integrity of such information. This involves deploying advanced security technologies, implementing security best practices, and ensuring compliance with industry standards and regulations. 3. Monitoring and Response: PyraMax Bank maintains continuous monitoring capabilities to detect and respond to cybersecurity incidents promptly. Automated tools, as well as internal and external dedicated security teams, are utilized to monitor network traffic, system logs, and other relevant indicators of compromise. 4. Audit and Testing: Independent third-party penetration testing, IT Control Audits, and vulnerability assessments are completed at least annually to test the effectiveness of security controls and preparedness measures (or more often if warranted by the risk assessment or other external factors). The Information Security Officer determines the scope and objectives of the penetration analysis. Results of audit and testing are reported to the IT Steering Committee for management and the board of directors for oversight. Cybersecurity Strategy: PyraMax Bank’s cybersecurity strategy is aligned with its overall business objectives and risk appetite. Key components of the Bank’s cybersecurity strategy include: 1. Defense-in-Depth: PyraMax Bank employs a multi-layered approach to cybersecurity, incorporating multiple defensive measures at various levels of its IT infrastructure. This includes firewalls, intrusion detection systems, endpoint protection, and data encryption. 2. Employee Awareness and Training: PyraMax Bank recognizes that employees are a critical line of defense against cyber threats. Therefore, the Bank invests in comprehensive cybersecurity awareness training programs to educate employees about potential risks and best practices for safeguarding sensitive information. 3. Vendor Risk Management: PyraMax Bank evaluates and manages the cybersecurity risks associated with third-party vendors. Vendor contracts include provisions for security requirements, regular assessments, and compliance with industry standards. 4. Incident Response Plan: PyraMax Bank maintains an Incident Response Plan that provides a documented framework for responding to actual or potential cybersecurity incidents. The Incident Response Plan is coordinated through the Information Security Officer and key members of management are embedded into the Plan by its design. The Incident 39 Response Plan if tested, reviewed, and approved by the IT Steering Committee annually and reported to the board of directors. Cybersecurity Governance: PyraMax Bank maintains a cybersecurity governance framework to ensure effective oversight and accountability. Key elements of the Bank’s cybersecurity governance structure include: 1. Board Oversight: The Board of Directors provides oversight of PyraMax Bank s cybersecurity posture, including reviewing and approving cybersecurity policies, strategies, testing, and investments. 2. Executive Leadership Involvement: Senior management actively participate in setting cybersecurity objectives, allocating resources, and monitoring performance against established goals through the IT Steering Committee. 3. Risk Committees: PyraMax Bank has established an IT Steering Committee responsible for overseeing cybersecurity risks and ensuring alignment with the Bank’s overall risk management framework. PyraMax Bank remains committed to maintaining the highest standards of cybersecurity to protect the interests of its customers, shareholders, and other stakeholders. By implementing robust risk management practices, strategic initiatives, and effective governance mechanisms, PyraMax Bank strives to mitigate cybersecurity risks and safeguard its operations against evolving threats.

Company Information