Page last updated on August 21, 2025
Kearny Financial Corp. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2025-08-21 11:54:27 EDT.
Filings
10-K filed on 2025-08-21
Kearny Financial Corp. filed a 10-K at 2025-08-21 11:54:27 EDT
Accession Number: 0001617242-25-000056
Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!
Item 1C. Cybersecurity.
Item 1C. Cybersecurity Risk Management and Strategy We structure our information security program around Federal Financial Institutions Examinations Council (“FFIEC”) and Federal Deposit Insurance Corporation (“FDIC”) regulatory guidance, along with other applicable industry standards. We leverage industry and government associations, third-party benchmarking, audits and threat intelligence feeds to evaluate program effectiveness. Our Chief Technology and Innovation Officer (“CTIO”), along with key members of their team, regularly collaborate with peer banks, industry groups, and policymakers. We employ an in-depth, layered, defensive strategy with respect to our products, services and technology. We leverage people, processes and technology to manage and maintain information security controls. We employ a variety of preventative and detective tools designed to monitor, block, and provide alerts regarding suspicious activity, as well as to report on any suspected advanced persistent threats. We have established processes and systems to identify and mitigate information security risk, including regular education and training, preparedness simulations and tabletop exercises, and recovery and resilience tests. Our processes, systems and controls are reviewed periodically by internal and external auditors, Federal and State bank examiners, and independent external partners to assess design and operating effectiveness. We also maintain cyber risk insurance coverage commensurate for an institution of our size and complexity. We engage third party security experts to supplement our internal Information Security team for assessments, penetration tests and program enhancements, including vulnerability assessments, security framework maturity assessments and identification of areas for continued focus and improvement. In addition, our third-party experts work with us to conduct cybersecurity tabletop exercises and internal phishing awareness campaigns. We use the findings of these exercises to improve our practices, procedures, and technologies. We also engage third party security experts to support our cybersecurity threat and incident response management and maintain information security risk insurance coverage. The secure maintenance and transmission of confidential information, as well as execution of transactions over the systems of our third-party service providers, is essential to protect us and our customers against fraud and security breaches and to maintain customer confidence. Information security and risk management are an integral part of our new product and service implementation and vendor relationship management to confirm that they all meet the minimum standards and policies established and approved by our Board. We have developed processes to identify and oversee risks from cybersecurity threats associated with our third-party service providers, which includes the information security team assisting with and assessing cybersecurity robustness during vendor selection and onboarding as well as risk-based monitoring of vendors on an ongoing basis. We engage with a range of external experts, including cybersecurity assessors, consultants, auditors, and legal counsel in evaluating and testing our information security risk management systems. This enables us to leverage specialized knowledge and insights, ensuring our cybersecurity strategies and processes remain current. In the past three years, we have not experienced any material computer data security breaches as a result of a compromise of our information systems and we are not aware and have not had a significant cybersecurity breach or attack that had a material impact on our business or operating results to date. Governance Our Board is actively engaged in the oversight of our information security program. In 2025 the Board created an Information Security Committee, which is responsible for overseeing our information security program, including management’s actions to identify, assess, mitigate, and remediate material information security issues and risks. Our CTIO provides reports, at least quarterly, to the Information Security Committee regarding information security programs, key enterprise information security initiatives, and significant cybersecurity and privacy incidents. Our CTIO is part of the risk management function, reporting directly to our Chief Executive Officer (“CEO”).
Company Information
Name | Kearny Financial Corp. |
CIK | 0001617242 |
SIC Description | Savings Institution, Federally Chartered |
Ticker | KRNY - Nasdaq |
Website | |
Category | Accelerated filer |
Fiscal Year End | June 29 |