Cybersecurity Risk Management and Strategy Disclosure |
12 Months Ended | |||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Dec. 31, 2024 | ||||||||||||||||
Cybersecurity Risk Management, Strategy, and Governance [Line Items] | ||||||||||||||||
Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block] |
NSTS Bancorp, Inc. relies extensively on various information systems and other electronic resources to operate our business. In addition, nearly all of our customers, service providers and other business partners on whom we depend, including the providers of our online banking, mobile banking, and accounting systems, use their own information systems and electronic resources. Any of these systems can be compromised, including through the employees, customers, and other individuals who are authorized to use them, and bad actors who use a sophisticated and constantly evolving set of software, tools, and strategies to do so. Moreover, the nature of our business, as a financial services provider, make us and our business partners high-value targets for these bad actors to pursue.
Accordingly, we have devoted significant resources to risks associated with cybersecurity threats, including:
This information security program is a key part of our overall risk management system, which is administered by our VP Information Technology. The program includes administrative, technical and physical safeguards to help ensure the security and confidentiality of customer records and information. These security and privacy policies and procedures are in effect across the Bank and each of its locations. The VP Information Technology reports directly to the board of directors on a quarterly, or more frequently if necessary, basis. We face a number of cybersecurity risks in connection with our business. From time-to-time, we have identified cybersecurity threats that require us to make changes to our processes and to implement additional safeguards. While none of these identified threats have materially affected us, it is possible that threats and incidents we identify in the future could have a material adverse effect on our business, results of operations, and financial condition.
|
|||||||||||||||
Cybersecurity Risk Management Processes Integrated [Flag] | true | |||||||||||||||
Cybersecurity Risk Management Processes Integrated [Text Block] | NSTS Bancorp, Inc. relies extensively on various information systems and other electronic resources to operate our business. In addition, nearly all of our customers, service providers and other business partners on whom we depend, including the providers of our online banking, mobile banking, and accounting systems, use their own information systems and electronic resources. Any of these systems can be compromised, including through the employees, customers, and other individuals who are authorized to use them, and bad actors who use a sophisticated and constantly evolving set of software, tools, and strategies to do so. Moreover, the nature of our business, as a financial services provider, make us and our business partners high-value targets for these bad actors to pursue. | |||||||||||||||
Cybersecurity Risk Management Third Party Engaged [Flag] | true | |||||||||||||||
Cybersecurity Risk Third Party Oversight and Identification Processes [Flag] | true | |||||||||||||||
Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag] | false | |||||||||||||||
Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Text Block] | We face a number of cybersecurity risks in connection with our business. From time-to-time, we have identified cybersecurity threats that require us to make changes to our processes and to implement additional safeguards. While none of these identified threats have materially affected us, it is possible that threats and incidents we identify in the future could have a material adverse effect on our business, results of operations, and financial condition. | |||||||||||||||
Cybersecurity Risk Management Positions or Committees Responsible [Flag] | true | |||||||||||||||
Cybersecurity Risk Management Positions or Committees Responsible [Text Block] | This information security program is a key part of our overall risk management system, which is administered by our VP Information Technology. The program includes administrative, technical and physical safeguards to help ensure the security and confidentiality of customer records and information. These security and privacy policies and procedures are in effect across the Bank and each of its locations. The VP Information Technology reports directly to the board of directors on a quarterly, or more frequently if necessary, basis. | |||||||||||||||
Cybersecurity Risk Management Expertise of Management Responsible [Text Block] | ||||||||||||||||
Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag] | true |