PLUMAS BANCORP - (PLBC)

10-K Filing Date: March 20, 2024
ITEM 1C. CYBERSECURITY

 

Plumas Bancorp maintains a cyber risk management program that is designed to prevent, detect, and respond to information security threats. The Board of Directors is responsible for oversight of the Company’s information security program, which is designed and implemented by management under the direction of the Chief Information Officer. In addition, the Internal Auditor and Risk Management Officer consider cybersecurity threat risks alongside other company risks as part of our overall risk assessment and management process.

 

The Chief Information Officer supervises the information security team, which is responsible for maintaining and implementing our enterprise-wide cybersecurity strategy, policy, standards, and architecture processes. The Information Security Officer, in coordination with compliance and human resources, conducts annual and ongoing company-wide information security awareness training. The Chief Information Officer and Information Security Officer have combined over 35 years of IT management experience. We have developed processes to identify and oversee risks from cybersecurity threats associated with third-party service providers, which include the information security team assessing cybersecurity robustness during vendor onboarding, the inclusion of protective provisions in vendor agreements, and risk-based monitoring of vendors on an ongoing basis.

 

The Board of Directors receives regular reports from the Chief Information Officer and the Information Security Officer on Plumas Bancorp’s cyber risks and threats, the status of projects to strengthen Plumas Bancorp’s information security systems, assessments of Plumas Bancorp’s security program, and the emerging threat landscape. Additionally, the Chief Information Officer chairs the Technology Steering Committee, which drives awareness, ownership, and alignment across all business functions for effective cybersecurity risk management and reporting. In addition to conducting internal audits, Plumas Bancorp annually engages third parties to audit its information security programs, whose findings are reported to the Audit and Executive Committees of the Board. The Company also engages with key vendors, industry participants, government agencies, and intelligence and law enforcement communities as part of our efforts, which are reported to the Technology Steering Committee and Board of Directors.

 

The Company has experienced and expects that it will continue to experience cyber-based attempts to compromise its information systems, although none, to its knowledge, has had a material adverse effect on its business, financial condition, or results of operations. Like all financial institutions, the Company faces the risks of such threats, the consequences of which could be material. See Item 1A – Risk Factors – “Cybersecurity breaches and technological discussions could damage our reputation and profitability,” above. In addition, given the constant and evolving threat of cyber-based attacks, the Company incurs significant costs in its efforts to detect and prevent security breaches and incidents, and these costs may increase in the future.

 

19