Eastern Bankshares, Inc. 10-K Cybersecurity GRC - 2024-02-26

Page last updated on July 16, 2024

Eastern Bankshares, Inc. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-02-26 17:08:10 EST.

Filings

10-K filed on 2024-02-26

Eastern Bankshares, Inc. filed a 10-K at 2024-02-26 17:08:10 EST
Accession Number: 0001628280-24-006922

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

ITEM 1C. CYBERSECURITY We embrace a “defense in depth” approach to assess, identify, and manage cybersecurity threats. A defense in depth approach seeks to implement multiple layers of defenses in order to help reduce the risk that a single process or control failure might result in a material incident. We utilize a risk management framework to assess, manage, and report on material risks and threats. In light of the importance of cybersecurity matters, we have developed as part of this framework a risk domain specific to cybersecurity matters, including specifying applicable risk tolerances and metrics. The Executive Vice President, Chief Information Officer (CIO), who has served in information technology leadership roles with the Company since 2007 and has over 20 years of experience with matters related to cybersecurity, including as an executive leader and consultant, and Executive Vice President, Enterprise Risk Management (EVP, ERM), who has served in risk management leadership roles for the Company since 2015, have oversight over information technology and enterprise risk management matters, respectively, and receive monthly reports on cyber-related metrics and activities from their teams. In addition, we have implemented escalation procedures and protocols, including an incident response team that includes key members of management such as the CIO and EVP, ERM, to manage and coordinate responses to potentially significant cybersecurity incidents. Third party vendors are utilized to help validate our security posture and controls, and we have developed a third party vendor management program to assess and monitor risks arising from third party vendor systems. The Risk Management Committee of our Board of Directors has responsibility for oversight of the design, implementation, and operation of our enterprise risk management framework, including review and approval of risk management policies and review of our monitoring of risk, the effectiveness of its risk management processes, and material 48 changes in risk. As part of this enterprise risk management oversight, our management team, including the EVP ERM and his team, provides quarterly reporting on our cybersecurity risk domain to the Risk Management Committee. The Risk Management Committee in turn reports on significant enterprise risk management issues to the full Board. In 2023, no cybersecurity events were identified that materially impacted our business strategy, operations, or financial condition. As further detailed in the “Risk Factors” section In Part I, Item 1A of this Annual Report on Form 10-K, we believe cybersecurity matters could pose a material risk to our strategy, operations, or financial condition. For example, a significant breach of our system security, or that of our third-party service providers, could enable access to Company or customer sensitive or confidential information or assets or could disrupt our business operations. This could result in costs of investigation, remediation and/or payment of a ransom; reputational harm and impairment of customer relationships; loss of revenue and regulatory sanctions and penalties, lawsuits, and potential liability, which could have a material adverse effect on our financial condition and results of operations.


Company Information

NameEastern Bankshares, Inc.
CIK0001810546
SIC DescriptionSavings Institution, Federally Chartered
TickerEBC - Nasdaq
Website
CategoryLarge accelerated filer
Fiscal Year EndDecember 30