COMMUNITY BANCORP /VT 10-K Cybersecurity GRC - 2024-03-29

Page last updated on April 11, 2024

COMMUNITY BANCORP /VT reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-03-29 09:34:48 EDT.

Filings

10-K filed on 2024-03-29

COMMUNITY BANCORP /VT filed an 10-K at 2024-03-29 09:34:48 EDT
Accession Number: 0001654954-24-003915

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. Cybersecurity Risk The banking industry is increasingly reliant on information technology systems and digital platforms to conduct business operations, process transactions, and interact with customers. As a result, we are exposed to various cybersecurity risks, including but not limited to : Cyber attacks: We are vulnerable to cyber attacks including malware, phishing, ransomware, and denial-of-service attacks, could disrupt operations, compromise sensitive information, and result in financial losses. Data Breaches: Despite implementing robust security measures, systems and networks may be breached, leading to unauthorized access to customer data, proprietary information, or intellectual property. Third-Party Risks: We rely on third-party service providers and vendors which exposes the Company to cybersecurity risks associated with systems and processes. A breach or failure in critical systems could impact operations and reputation. Regulatory Compliance: The Company is subject to various regulatory requirements related to cybersecurity, data protection, and privacy. Non-compliance with these regulations could result in financial penalties, legal liabilities, and reputational damage. Reputation Risk: A significant cybersecurity incident could damage the Company s reputation and erode customer trust, leading to customer attrition, negative publicity, and loss of business opportunities. Operational Disruption: Cybersecurity incidents may disrupt operations, including online banking services, payment processing, and customer support, resulting in financial losses and operational inefficiencies. Financial Impact: Cybersecurity incidents may result in direct financial losses, such as fraud-related expenses, remediation costs, and legal fees, as well as indirect costs associated with business interruption and reputational damage. We have implemented a comprehensive Information Security Program to mitigate these risks, which includes: Regular risk assessments and vulnerability testing of systems and networks. Deployment of advanced cybersecurity technologies, including firewalls, intrusion detection systems, and encryption protocols. Employee training and awareness programs to enhance cybersecurity awareness and promote best practices. Incident response and business continuity plans to ensure a timely and effective response to cybersecurity incidents. The Information Security Program is led by the Company s Information Security Officer (ISO) who works with the Privacy Officer, Security Officer, and IT Manager to review and identify security risks and controls within each functional area of the Bank. Risk assessments are updated at least annually or more frequently if circumstances warrant. Status and compliance with the program is reported by the ISO to the Information Technology Steering Committee and the Board annually or more frequently if circumstances warrant. The report discusses material matters relating to the program including the risk assessment risk management and control decisions service provider arrangements results of monitoring and testing security breaches and management s responses gaps and recommendations for changes to the program. 20 Table of Contents However, despite these efforts, we cannot guarantee that these cybersecurity measures will prevent all cyber threats or mitigate all potential impacts. Cybersecurity threats are constantly evolving, and the Company may be susceptible to new and unforeseen risks in the future. In conclusion, cybersecurity risks pose significant challenges to business operations and financial stability. The Company continuously monitors and evaluates its cybersecurity posture to adapt to emerging threats and safeguard customers information and assets.

Company Information