William Penn Bancorporation 10-K Cybersecurity GRC - 2024-09-05

Page last updated on September 5, 2024

William Penn Bancorporation reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-09-05 13:38:54 EDT.

Filings

10-K filed on 2024-09-05

William Penn Bancorporation filed a 10-K at 2024-09-05 13:38:54 EDT
Accession Number: 0001828376-24-000030

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

ITEM 1C. CYBERSE CURITY Cybersecurity is a material part of the Company’s business. As a financial institution offering products through multiple digital delivery channels, cybersecurity incidents could have a material effect on the Company, its results of operations and its reputation. To date, the Company has not experienced any cybersecurity events which have had a material effect (or are reasonably likely to have a material effect) on the Company’s business strategy, results of operations, or financial condition. Notwithstanding, the impact of a cyber-incident could have a future impact on the Company’s results of operations or financial condition. Cyber-attacks or other security breaches could adversely affect our operations, net income, or reputation. Our information security program is managed by our dedicated Chief Technology Officer, whose team is responsible for leading enterprise-wide cybersecurity strategy, policy, standards, architecture, and processes. The specific experience of management who oversee cybersecurity are as follows: ● Our Chief Technology Officer, who has over 40 years of industry experience and has facilitated the management of information security programs at financial institutions for the past 35 years. Our Chief Technology Officer is responsible for technology vendor selection and managing efficiency initiatives, including the implementation and upgrades of core banking technology. ● Our Vice President and Director of Information Technology, who has over 20 years of industry experience and is a technology subject matter expert responsible for enterprise program management and information technology service management. ● Our Chief Risk Officer, who oversees entity-side risk management, including cybersecurity related risk. To ensure that cybersecurity risk management is integrated into the Company’s overall risk management plans, systems and processes, management provides regular cybersecurity reports to the Board of Directors on a monthly basis. These reports include updates on the Company’s cyber risks and threats, the status of projects to strengthen our information security systems, assessments of the information security program, and updates on the emerging threat landscape. Our program is regularly evaluated by internal and external experts with the results of those reviews reported to senior management and the Board. The Company’s cybersecurity risk mitigation program involves a combination of internal resources and the use of third parties. Through a third-party vendor, the Company’s internal information technology team performs monthly vulnerability scanning and performs an annual risk assessment based on best practices from the Cybersecurity and Infrastructure Security Agency (“CISA”). We also use a third-party vendor to, among other things, undertake periodic penetration and vulnerability testing, and the results of all internal and third-party assessments and testing are reported to the Board of Directors. We actively engage with key vendors, industry participants, and intelligence and law enforcement communities as part of our continuing efforts to evaluate and enhance the effectiveness of our information security policies and procedures. The Company also maintains insurance which may provide coverage for expenses and certain losses incurred in connection with a cybersecurity incident.

Company Information