VWF Bancorp, Inc. 10-K Cybersecurity GRC - 2024-09-27

Page last updated on October 1, 2024

VWF Bancorp, Inc. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-09-27 12:23:00 EDT.

Filings

10-K filed on 2024-09-27

VWF Bancorp, Inc. filed a 10-K at 2024-09-27 12:23:00 EDT
Accession Number: 0001558370-24-013063

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

ITEM 1C. Cybersecurity The Bank has implemented an information security program aimed at protecting our customers, the Bank, and our shareholders. The program addresses risks identified by the Bank, including cybersecurity risks. Protecting confidential customer information and maintaining the availability of banking services are the primary objectives of the information security program. The board of directors is ultimately responsible for the oversight of the information security program. The status of the program is reported to the board throughout the year. Internally, the Bank’s Chief Information Officer (“CIO”) manages the status of the program and reports to the board. The CIO is a Certified Information Systems Security Professional (CISSP) since 2011 and has over 15 years of experience managing cybersecurity risks for financial institutions and healthcare organizations. The Technology Committee reviews and monitors the execution of the program. The Technology Committee consists of key stakeholders throughout the Bank, providing visibility into the risks posed to critical areas. The foundation of the information security program is based on risk management principles. The Bank has established a risk management framework that identifies, assesses, and manages risks, including cybersecurity risks, that could have a material impact on its business, operations, or financial condition. The Bank identifies new risks to the confidentiality, integrity, and availability of its sensitive information and services during the assessment of new processes, services, vendors, or changes in the banking industry. The mitigating controls of identified risks collectively create the information security program. The Bank’s cybersecurity strategy involves continuous monitoring of threats, maintaining updated defense mechanisms, and training employees on best practices in cybersecurity. The Bank engages with third-party experts and utilizes advanced cybersecurity tools to enhance defenses against emerging threats. The Bank also performs regular penetration testing, incident response planning, business continuity testing, and system audits to ensure the ongoing strength of its cybersecurity systems. The Bank utilizes a trusted third party to monitor for suspicious activity, including escalation procedures. The Bank also maintains cyber liability insurance that includes activation and escalation procedures should an incident occur. A vendor management program ensures third-party vendors and service providers adhere to the Bank’s security, compliance, and operational standards to mitigate risks. This program involves assessing potential risks associated with vendors, such as data breaches, compliance violations, or operational failures, by conducting thorough due diligence and regularly monitoring vendor performance. It includes setting performance expectations, performing ongoing audits, and ensuring vendors implement necessary safeguards to protect the organization’s sensitive data and maintain the availability of services. The goal is to ensure that third-party relationships do not introduce unacceptable levels of risk to the organization while maintaining business continuity and regulatory compliance. As of this filing, no material cybersecurity incidents have occurred that would have a significant impact on the Bank’s business, operations, or financial results. The Bank continues to monitor for any potential breaches and enhance its security protocols to prevent future incidents. While the Bank does not believe a cybersecurity threat is likely to materially affect the operations or financial condition, there can be no guarantee that the Bank will not experience such an incident in the future. The Bank recognizes that the cybersecurity landscape is constantly evolving and remains committed to adapting its risk management strategies to address new challenges. The Bank continues to invest in its cybersecurity infrastructure and strengthen controls to mitigate risks effectively.

Company Information