Annual report [Section 13 and 15(d), not S-K Item 405]

Cybersecurity Risk Management and Strategy Disclosure

v3.25.1
Cybersecurity Risk Management and Strategy Disclosure
 12 Months Ended
Dec. 31, 2024
Cybersecurity Risk Management, Strategy, and Governance [Line Items]  
Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]

NSTS Bancorp, Inc. relies extensively on various information systems and other electronic resources to operate our business. In addition, nearly all of our customers, service providers and other business partners on whom we depend, including the providers of our online banking, mobile banking, and accounting systems, use their own information systems and electronic resources. Any of these systems can be compromised, including through the employees, customers, and other individuals who are authorized to use them, and bad actors who use a sophisticated and constantly evolving set of software, tools, and strategies to do so. Moreover, the nature of our business, as a financial services provider, make us and our business partners high-value targets for these bad actors to pursue. 

 

Accordingly, we have devoted significant resources to assessing, identifying and managing risks associated with cybersecurity threats, including:

 

 

internal regular assessments of our information systems, existing controls, vulnerabilities and potential improvements;

 

 

continuous monitoring tools that can detect and help respond to cybersecurity threats in real-time;

 

 

performing due diligence with respect to our third-party service providers, including their cybersecurity practices, and requiring contractual commitments from our service providers to take certain cybersecurity measures;

 

 

third-party cybersecurity consultants, who conduct periodic penetration testing, vulnerability assessments and other procedures to identify potential weaknesses in our systems and processes; and

 

 

periodic cybersecurity training for our workforce.

 

This information security program is a key part of our overall risk management system, which is administered by our VP Information Technology. The program includes administrative, technical and physical safeguards to help ensure the security and confidentiality of customer records and information. These security and privacy policies and procedures are in effect across the Bank and each of its locations. The VP Information Technology reports directly to the board of directors on a quarterly, or more frequently if necessary, basis.

 

We face a number of cybersecurity risks in connection with our business. From time-to-time, we have identified cybersecurity threats that require us to make changes to our processes and to implement additional safeguards. While none of these identified threats have materially affected us, it is possible that threats and incidents we identify in the future could have a material adverse effect on our business, results of operations, and financial condition.

 

 
Cybersecurity Risk Management Processes Integrated [Flag] true
Cybersecurity Risk Management Processes Integrated [Text Block] NSTS Bancorp, Inc. relies extensively on various information systems and other electronic resources to operate our business. In addition, nearly all of our customers, service providers and other business partners on whom we depend, including the providers of our online banking, mobile banking, and accounting systems, use their own information systems and electronic resources. Any of these systems can be compromised, including through the employees, customers, and other individuals who are authorized to use them, and bad actors who use a sophisticated and constantly evolving set of software, tools, and strategies to do so. Moreover, the nature of our business, as a financial services provider, make us and our business partners high-value targets for these bad actors to pursue.
Cybersecurity Risk Management Third Party Engaged [Flag] true
Cybersecurity Risk Third Party Oversight and Identification Processes [Flag] true
Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag] false
Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Text Block] We face a number of cybersecurity risks in connection with our business. From time-to-time, we have identified cybersecurity threats that require us to make changes to our processes and to implement additional safeguards. While none of these identified threats have materially affected us, it is possible that threats and incidents we identify in the future could have a material adverse effect on our business, results of operations, and financial condition.
Cybersecurity Risk Management Positions or Committees Responsible [Flag] true
Cybersecurity Risk Management Positions or Committees Responsible [Text Block] This information security program is a key part of our overall risk management system, which is administered by our VP Information Technology. The program includes administrative, technical and physical safeguards to help ensure the security and confidentiality of customer records and information. These security and privacy policies and procedures are in effect across the Bank and each of its locations. The VP Information Technology reports directly to the board of directors on a quarterly, or more frequently if necessary, basis.
Cybersecurity Risk Management Expertise of Management Responsible [Text Block]  
Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag] true