CIVISTA BANCSHARES, INC. - (CIVB)

10-K Filing Date: March 14, 2024
Item 1C. Cybersecurity

 

The Corporation understands the security of our banking operations is critical to protecting our customers, maintaining our reputation and preserving the value of the Corporation. The Corporation is focused on addressing cybersecurity risks on confidentiality, integrity, and the availability of the information the Corporation collects, transmits and stores

28


 

by identifying, preventing, and mitigating cybersecurity risks. The Board of Directors, through the Board Risk and Audit Committees, and Enterprise Risk Management Committee, provide direction and oversight of the enterprise-wide risk management program of the Corporation, which includes the Information Security Program. The Chief Information Officer and the Chief Risk Officer oversee these programs to accomplish the following:

assure the confidentiality, integrity and availability of our information and information systems;
protect against any anticipated threats or hazards to the confidentiality, integrity or availability of such information and information systems; and
protect against unauthorized access to or use of such information or information systems that could result in substantial harm or inconvenience to us, our clients and the value of the Corporation.

These programs establish policies (including vendor management), procedures, risk assessments, systems, monitoring, reporting, strategies, and training to effectively manage cybersecurity risks. Specifically, the Corporation deploys multiple layers of controls, including embedding security into our technology investments, designed to identify, protect, detect, respond to and recover from information security and cybersecurity incidents. The Corporation also performs simulations and drills to further ensure our readiness and preparedness for potential threats. In addition, the Corporation employs a nationally recognized firm with information security experts to annually perform audits that extensively test our program and controls, which are reviewed by the Board Audit Committee. These programs and controls align with Federal Financial Institutions Examination Council guidelines and standards.

While we do not believe that our business strategy, results of operations or financial condition have been materially adversely affected by any cybersecurity incidents, cybersecurity threats are present and similar to other financial institutions. The Corporation, as well as our customers, colleagues, regulators, service providers and other third parties, have seen an increase in information security and cybersecurity risk in recent years. We continue to assess the risks and threats in the cyber environment, invest in enhancements to our cybersecurity capabilities, and engage in industry and government forums to promote advancements in our cybersecurity collaboration and capabilities.