PB Bankshares, Inc. 10-K Cybersecurity GRC - 2024-04-01

Page last updated on July 16, 2024

PB Bankshares, Inc. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-04-01 16:22:46 EDT.


10-K filed on 2024-04-01

PB Bankshares, Inc. filed a 10-K at 2024-04-01 16:22:46 EDT
Accession Number: 0001558370-24-004533

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. Cybersecurity The Company has developed an information security program to assess, identify, and monitor cybersecurity risks. The Company regularly assesses cybersecurity risks arising from the operating environment and attempts to identify the likelihood and severity of the risk and the possible impact of the risk on the Company, its customers, and employees. The Company conducts periodic testing of software, hardware, defensive capabilities, and other information security systems utilizing both internal processes and third-party consultants. Testing procedures are supplemented by regular cyber threat exercises and employee training. Threat simulation exercises are used to develop and refine the Company’s incident response plans and employees undergo cybersecurity awareness training on a regular basis. The Company also addresses cyber risks posed by its relationships with third-party vendors. The Company assesses vendor risk as a part of its vendor management process, which requires a pre-acquisition diligence review, including the review of the vendor’s information security policy for all vendors determined to be a “critical vendor”. The vendor management process also requires a review of all critical vendors annually and all critical vendors are reported to the Board of Directors. The Corporation’s information security program is led by the Chief Information Officer in conjunction with Management and Board of Director IT Steering Committee. The Chief Information Officer has over 25 years of technology and cyber experience at community and regional banks. The Chief Information Officer currently serves as a member of the ISACA Harrisburg chapter for IT professionals and on the IT Steering Committee for the PA Bankers Association. The Board IT Steering Committee is responsible for oversight of the Company’s cybersecurity and information security program and regularly reviews and evaluates information security and cybersecurity risks provided by management. The IT Steering Committee meets quarterly to evaluate and review the information presented by management. The Board Members on the IT Steering Committee or Chief Information Officer present a summary of the IT Steering Committee meetings to the Board on a quarterly basis. To date, the Company has not experienced any cybersecurity threats or incidents that have materially affected or are reasonably likely to affect its business strategy, results of operations, or financial condition. However, the sophistication of and risks from cybersecurity threats and incidents continues to increase, and the preventative actions the Company has taken and continues to take to reduce the risk of cybersecurity threats and incidents and protect its systems and information may not successfully protect against all cybersecurity threats and incidents.

Company Information

NamePB Bankshares, Inc.
SIC DescriptionSavings Institutions, Not Federally Chartered
TickerPBBK - Nasdaq
Emerging growth company
Fiscal Year EndDecember 30