UNITY BANCORP INC /NJ/ 10-K Cybersecurity GRC - 2026-03-04

Page last updated on March 4, 2026

UNITY BANCORP INC /NJ/ reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2026-03-04 16:40:58 EST.

Filings

10-K filed on 2026-03-04

UNITY BANCORP INC /NJ/ filed a 10-K at 2026-03-04 16:40:58 EST
Accession Number: 0000920427-26-000012

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. Cybersecurity Disclosures Risk Management and Governance Cybersecurity is a material part of Unity Bank's business. As a technology forward financial institution offering products through multiple digital delivery channels, cybersecurity incidents could have a material effect on the Company, its results of operations and its reputation. To date, the Company has not experienced any cybersecurity incident which has had a material effect on the Company's business strategy, results of operations or financial condition, although increased use of technology will expose us to greater risk of breaches in security and or service disruptions. Cybersecurity risk is initially overseen by the management Information Technology Steering Committee (the "ITSC"). The members of this committee include the Company's Chief Information Officer, Chief Compliance Officer (who is also the Information Security Officer), Chief Executive Officer, Chief Financial Officer and other critical executive management members. The ITSC also includes a non-voting member that is an independent, outsourced cybersecurity expert. Over his 18-year career, the Company's Chief Information Officer has served in multiple Information Technology and Cybersecurity roles, such as Senior Engineer, responsible for implementing hardened infrastructure for both physical and cloud applications; Solutions Architect, designing infrastructures for highly regulated industries including Financial Services, Local/State Government and Healthcare; Director of Service Delivery, overseeing engineering, solutions architecture and maintaining the System and Organization Controls (SOC) program prior to joining Unity Bank. During his tenure at Unity Bank, he is a member of various Risk and Cybersecurity Committees of the New Jersey Bankers Association, is a member of FS-ISAC, The Independent Community Bankers of America and our primary banking vendors advisory and risk management committees. The Company's Chief Compliance Officer was appointed as the Company's Information Security Officer in 2016. The Virtual Information Security Officer (vISO), an outsourced consultant, has an over 20-year career in Information Technology, Cybersecurity and both Internal/External Audit experience. He presently holds a position of Partner of Cherry Bekaert, formerly Herbein & Company, Inc., COA Advisor & Audit, where he's held multiple positions within Information Technology and Cybersecurity. The Company's Information Technology Manager has an over 27-year career in Information Technology, the prior 14-years of which have been in Information Technology, Security and Cybersecurity, working primarily in regulated industries. In order to ensure that cybersecurity risk management is integrated into the Company's overall risk management plans, systems and processes, the ITSC and Chief Information Officer provide reports and updates to the Board of Directors , or a Committee thereof on a quarterly basis. To ensure employees are properly trained, annually all employees are required to take a Gramm-Leach-Bliley Act training. The Company's cybersecurity risk mitigation program involves a combination of internal resources and the use of third parties. The Company's internal IT team performs monthly vulnerability scanning and performs an annual risk assessment based on the National Institute of Standards and Technology Cybersecurity Framework. The results are reported to the ITSC, which is then reported to the Board of Directors. The Company's IT and compliance staff also review potential cybersecurity threats associated with the Company's third party vendors , including performing a review of and obtaining a System of Organization Controls report from all vendors rated as "high risk" by the Company's internal vendor management program. The Company also has an internal Incident Response Plan and Team, which is charged with overseeing the Company's response to any cybersecurity incident. The team performs a table top exercise at least annually to prepare to respond in the event of any actual cybersecurity incident. In addition to these internal resources, the Company uses a third party vendor to complete annual penetration and vulnerability testing, with the results reported to the ITSC. Finally, the Company's cybersecurity compliance program is audited by the Bank's outsourced internal auditor. The Company also maintains cyber liability insurance which may provide coverage for expenses and certain losses incurred in connection with a cybersecurity incident. Cybersecurity Incident Response Planning The Company has established a comprehensive cybersecurity incident response plan to ensure the swift and effective handling of any potential security breaches. This plan includes detailed procedures for identifying, assessing, and mitigating cybersecurity threats, as well as protocols for communication and coordination with relevant stakeholders. Regular training and simulations are conducted to keep the Company's response team prepared for various scenarios, ensuring minimal disruption to its operations and safeguarding the Company's customers' data.

Company Information