First Savings Financial Group, Inc. 10-K Cybersecurity GRC - 2024-12-13

Page last updated on December 13, 2024

First Savings Financial Group, Inc. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-12-13 17:21:32 EST.

Filings

10-K filed on 2024-12-13

First Savings Financial Group, Inc. filed a 10-K at 2024-12-13 17:21:32 EST
Accession Number: 0001410578-24-002091

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. CYBERSECURITY Risk Management and Strategy Our risk management program is designed to identify, assess, and mitigate risk across various aspects of our company in which cybersecurity is a critical component. Our Chief Information Officer and Information Security Officer are primarily responsible for the cybersecurity program. The Chief Information Officer reports directly to the CEO and the Information Security Officer reports directly to the Chief Risk Officer to maintain independence. Our Information Security Officer provides periodic reports to the Board Audit Committee, the Enterprise Risk Management Committee, Operational Risk Committee and Information Security Committee regarding the Cybersecurity/Information Security Program. We engage in regular monitoring and assessments of our technology infrastructure utilizing our internal staff and third-party specialist. Our independent auditors periodically review our processes, systems and controls related to our information security program to ensure they are operating effectively. Measures Taken to Mitigate Cybersecurity Risks To mitigate the risk of cyber threats, we have implemented a comprehensive set of technical, organizational, and procedural safeguards that are designed utilizing the Cybersecurity Framework of the National Institute and Standards and Technology (U.S. Department of Commerce), industry standards and regulatory guidance that include the following: Governance and Oversight: A dedicated Information Security Committee oversees our cybersecurity strategy, with executive leadership providing strategic direction. The Information Security Committee reports up to our Operational Risk Committee comprised of Executive Management and subsequently reports up to the Board Audit Committee. ● Data Protection: We utilize advanced encryption and access controls to protect sensitive data both in transit and at rest. Regular audits are conducted to identify and address any vulnerabilities in our data storage and transmission practices. ● Employee Training and Awareness: We conduct regular cybersecurity training and awareness programs for employees at all levels to ensure they understand and follow best practices in identifying and reporting potential cyber threats, including phishing attacks and social engineering tactics. ● Third-Party Risk Management: We assess the cybersecurity practices of third-party vendors and partners, particularly those with access to sensitive information or critical systems and require them to adhere to security standards that align with our own policies. ● Incident Response: We have a detailed Incident Response Plan that outlines how we would respond to an actual or potential cybersecurity incident. The plan includes the appropriate notification and escalation requirements including timely reporting to our CEO and Board of Directors and engagement of appropriate third parties such as insurance providers and incident response professionals. ● Resilience and Recovery: We have developed and regularly test our business continuity and disaster recovery plans to ensure a swift recovery in the event of a cybersecurity incident. This includes regular backups, redundant systems, and an established communication protocol. Ongoing Efforts and Improvements We continue to enhance our cybersecurity posture by investing in the latest technologies and partnering with leading cybersecurity experts. Our information technology department consists of technology professionals with varying degrees of education and experience. Our information technology management team has significant technology and operational experience, including experience in mitigating and responding to cybersecurity threats. Our Information Security Officer has extensive bank operations experience, has attained Certified Information Security Manager certification with the Information Systems Audit and Control Association, and attends relevant cybersecurity training sessions on a regular basis. Our CIO brings over 25 years of extensive experience in the banking industry, encompassing a diverse range of expertise, including software development, managed services and support, independent consulting, penetration testing, and bank management. This multifaceted background equips them with a unique perspective and deep understanding of both the technical and operational aspects of the financial sector. We remain committed to continually improving our cybersecurity infrastructure and to monitoring for new and evolving threats.

Company Information