LCNB CORP - (LCNB)

10-K Filing Date: March 15, 2024
Item 1C. Cybersecurity

Cybersecurity Risk Management and Strategy

We recognize the critical importance of cybersecurity in safeguarding our business operations, intellectual property, and sensitive information. Our cybersecurity risk management and strategy are integral to our overall risk management framework. The following outlines our approach to identifying, assessing, and mitigating cybersecurity risks.

We conduct regular risk assessments to identify and evaluate potential cybersecurity threats and vulnerabilities. Our assessments consider the evolving threat landscape, the sensitivity of our data, and the potential impact on business operations. These risk assessments help us develop our Information Security Program.

We leverage threat intelligence sources to stay informed about emerging cyber threats. This proactive approach allows us to anticipate and respond to potential risks promptly.

Our cybersecurity controls are designed to protect against unauthorized access, data breaches, and other cyber threats. These controls encompass a multi-layered defense strategy, including firewalls, intrusion detection systems, encryption, and continuous monitoring.

We recognize that employees are a critical line of defense. Regular training programs ensure that our staff is aware of cybersecurity best practices, social engineering tactics, and the importance of safeguarding sensitive information. In the event of a cybersecurity incident, we have a well-defined incident response plan. This plan includes a structured approach to containing, eradicating, and recovering from the incident, as well as communication protocols with stakeholders.

To further mitigate the potential financial impacts of cybersecurity incidents, we maintain cybersecurity insurance coverage. This coverage is regularly reviewed and adjusted to align with the evolving threat landscape and our risk profile.

We are committed to a culture of continuous improvement in our cybersecurity practices. Regular evaluations, feedback mechanisms, and participation in industry collaborations help us adapt and enhance our strategy in response to emerging threats.

Our cybersecurity risk management and strategy reflect our dedication to maintaining the confidentiality, integrity, and availability of our information assets. We believe that our proactive approach positions us well to navigate the evolving cybersecurity landscape.

Governance

Our cybersecurity strategy is underpinned by a robust governance framework overseen by the Board of Directors. The Board plays an active role in shaping cybersecurity policies, conducting regular reviews of the effectiveness of our cybersecurity program, and ensuring its alignment with overarching business objectives. This governance ensures a comprehensive and proactive approach to managing cybersecurity risks.

The Privacy Committee, in conjunction with the Information Security Officer, plays a pivotal role in the assessment and management of cybersecurity risks. Regular committee meetings are conducted to discuss and analyze the evolving threat landscape. These meeting minutes are systematically reported up to the Executive and Board levels, ensuring that key decision-makers are well-informed and can provide strategic guidance.
-25-


LCNB CORP. AND SUBSIDIARIES


Our first line of defense against cybersecurity threats involves leveraging our workforce and engaging various Third Parties. Employees play a crucial role in maintaining a vigilant stance, while external partners contribute specialized expertise to enhance our overall cybersecurity posture. This collaborative approach strengthens our defense mechanisms against evolving cyber threats.

Internal and external audits serve as essential tools to evaluate the efficacy of our cybersecurity processes. These audits are conducted periodically to identify vulnerabilities, assess compliance with established policies, and ensure the effectiveness of implemented security controls. The insights gained from audits contribute to the continuous improvement and refinement of our cybersecurity measures.

Our bank is equipped with a cadre of IT professionals boasting extensive industry experience in cybersecurity. These dedicated individuals bring years of knowledge to the table, staying abreast of the latest developments in the field. Their expertise enhances our ability to address emerging threats proactively and reinforces the resilience of our cybersecurity framework.

In summary, our governance structure ensures that cybersecurity is a top-level priority, with the Board, committees, employees, and external partners collaborating seamlessly to safeguard our systems and data. Through continuous evaluation, robust defense mechanisms, and a skilled workforce, we remain committed to maintaining the highest standards of cybersecurity in alignment with our business objectives.