GLEN BURNIE BANCORP - (GLBZ)
10-K Filing Date: March 22, 2024
Glen Burnie Bancorp maintains a cyber risk management program that is designed to prevent, detect, and respond to information security threats. The Board of Directors is responsible for oversight of the Company’s information security program, which is designed and implemented by management under the direction of the Senior Vice President, Director of Information Technology. In addition, the Internal Auditor and Compliance Officer consider cybersecurity threat risks alongside other company risks as part of our overall risk assessment and management process.
The Senior Vice President of Information Technology supervises the information security team, which is responsible for maintaining and implementing our enterprise-wide cybersecurity strategy, policy, standards, and architecture processes. The Director of Information Technology, in coordination with compliance and human resources, conducts at least annual and ongoing company-wide information security awareness training . We have developed processes to identify and oversee risks from cybersecurity threats associated with third-party service providers, which include the information security team assessing cybersecurity robustness during vendor onboarding, the inclusion of protective provisions in vendor agreements, and risk-based monitoring of vendors on an ongoing basis.
The Board of Directors receives regular reports from the Senior Vice President, Director of Information Technology and the Information Security Officer on Glen Burnie Bancorp’s cyber risks and threats, the status of projects to strengthen Glen Burnie Bancorp’s information security systems, assessments of Glen Burnie Bancorp’s security program, and the emerging threat landscape. Additionally, the Information Technology Committee drives awareness, ownership, and alignment across all business functions for effective cybersecurity risk management and reporting. Glen Burnie Bancorp annually engages third parties to audit its information security programs, whose findings are reported to the Audit and Information Technology Committees of the Board. The Company also engages with key vendors, industry participants, government agencies, and intelligence and law enforcement communities as part of our efforts, which are reported to the Information Technology Committee and Board of Directors.
The Company has experienced and expects that it will continue to experience cyber-based attempts to compromise its information systems, although none, to its knowledge, has had a material adverse effect on its business, financial condition, or results of operations. Like all financial institutions, the Company faces the risks of such threats, the consequences of which could be material. In addition, given the constant and evolving threat of cyber-based attacks, the Company incurs significant costs in its efforts to detect and prevent security breaches and incidents, and these costs may increase in the future.
15