Page last updated on September 26, 2024
Marathon Bancorp, Inc. /MD/ reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-09-26 07:30:48 EDT.
Filings
10-K filed on 2024-09-26
Marathon Bancorp, Inc. /MD/ filed a 10-K at 2024-09-26 07:30:48 EDT
Accession Number: 0001558370-24-013026
Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!
Item 1C. Cybersecurity.
ITEM 1C: CYBERSECURITY The Company has developed an information security program to assess, identify, and monitor cybersecurity risks. The Company regularly assesses cybersecurity risks arising from the operating environment and attempts to identify the likelihood and severity of the risk and the possible impact of the risk on the Company, its customers, and employees. The Company conducts periodic testing of software, hardware, defensive capabilities, and other information security systems utilizing both internal processes and third-party consultants. Testing procedures are supplemented by regular cyber threat exercises and employee training. Threat simulation exercises are used to develop and refine the Company’s incident response plans and employees undergo cybersecurity awareness training on a regular basis. The Company also addresses cyber risks posed by its relationships with third-party vendors. The Company assesses vendor risk as a part of its vendor management process. The vendor management process also requires a review of all critical vendors annually and all critical vendors are reported to the Board of Directors. The Chief Administrative Officer in conjunction with Management, Board of Directors, and the IT Steering Committee leads the Company’s information security program. The IT Steering Committee is responsible for oversight of the Company’s cybersecurity and information security program and regularly reviews and evaluates information security and cybersecurity risks provided by Management. The IT Steering Committee meets at least quarterly to evaluate and review the information presented by Management. The IT Steering Committee meeting minutes are presented to the Board of Directors. The Company uses a third-party vendor for its managed IT services which includes cybersecurity. The vendor evaluates threat intelligence and response, patch management and vulnerability management among other things. To date, the Company has not experienced any cybersecurity threats or incidents that have materially affected or are reasonably likely to affect its business strategy, results of operations, or financial condition. However, the sophistication of and risks from cybersecurity threats and incidents continues to increase, and the preventative actions the Company has taken and continues to take to reduce the risk of cybersecurity threats and incidents and protect its systems and information may not successfully protect against all cybersecurity threats and incidents.
Company Information
| Name | Marathon Bancorp, Inc. /MD/ |
| CIK | 0001835385 |
| SIC Description | Savings Institutions, Not Federally Chartered |
| Ticker | MBBC - OTC |
| Website | |
| Category | Non-accelerated filer Smaller reporting company Emerging growth company |
| Fiscal Year End | June 29 |