10-K Filing Date: July 16, 2024
Cybersecurity is a significant and integrated component of the Company’s risk management strategy, designed to protect the confidentiality, integrity, and availability of sensitive information contained within the Company’s information systems. The Company is exposed to cybersecurity threats and incidents that are aimed at gaining unauthorized access to bank systems as a way to misappropriate assets and sensitive information, corrupt and destroy data, or cause operational disruptions. While we have experienced and identified cybersecurity threats, there has been no incident which has had a material effect on the Company's business strategy, results of operations or financial condition.
The Company maintains a comprehensive information technology and cybersecurity program which includes frameworks, policies, and procedures to prevent or limit the impact of cybersecurity threats and incidents. The program includes administrative, technical and physical safeguards to help ensure the security and confidentiality of customer records and information. The Bank's Information Security Officer and Vice President of Information Technology is responsible for implementation of the information technology security program, while the management team is responsible for administering and enforcing the policies and procedures in the program. Third party vendors are utilized to help validate our security posture and controls, and we have developed a third party vendor management program to assess and monitor risks arising from third party vendor systems. In addition, the Board of Directors and Information Security Planning Committee (ISPC) is responsible for the risk management oversight and ensuring that the processes are being implemented and functioning as designed. The ISPC Committee provides monthly reports and updates to the Board of Directors. The Board of Directors and/or ISPC Committee approves updates relating to substantial changes in technology related policies and procedures and reviews the status of Business Continuity Programs, Testing plans and results on no less than an annual basis.
While the Company, with the help of third-party service providers, has implemented security technology and established operational procedures designed to prevent or limit the impact of cybersecurity threats and incidents, such events may still occur and safeguards may not fully protect our systems from comprises or breaches which could have a material adverse effect on Carver’s financial condition and results of operations.