Risk Factors - NSTS

-New additions in green
-Changes in blue
-Hover to see similar sentence in last filing

$NSTS Risk Factor changes from 00/03/22/22/2022 to 00/03/28/24/2024

Item 1A. Risk Factors Not required for smaller reporting companies. Item 1B. Unresolved Staff Comments None. Item 1C. Item 1B. Cybersecurity NSTS Bancorp, Inc. relies extensively on various information systems and other electronic resources to operate our business. In addition, nearly all of our customers, service providers and other business partners on whom we depend, including the providers of our online banking, mobile banking, and accounting systems, use their own information systems and electronic resources. Any of these systems can be compromised, including through the employees, customers, and other individuals who are authorized to use them, and bad actors who use a sophisticated and constantly evolving set of software, tools, and strategies to do so. Moreover, the nature of our business, as a financial services provider, make us and our business partners high-value targets for these bad actors to pursue. Accordingly, we have devoted significant resources to assessing, identifying and managing risks associated with cybersecurity threats, including: ● internal regular assessments of our information systems, existing controls, vulnerabilities and potential improvements; ● continuous monitoring tools that can detect and help respond to cybersecurity threats in real-time; ● performing due diligence with respect to our third-party service providers, including their cybersecurity practices, and requiring contractual commitments from our service providers to take certain cybersecurity measures; ● third-party cybersecurity consultants, who conduct periodic penetration testing, vulnerability assessments and other procedures to identify potential weaknesses in our systems and processes; and ● periodic cybersecurity training for our workforce. This information security program is a key part of our overall risk management system, which is administered by our AVP Information Technology. The program includes administrative, technical and physical safeguards to help ensure the security and confidentiality of customer records and information. These security and privacy policies and procedures are in effect across the Bank and each of its locations. The AVP Information Technology reports directly to the Board of Directors on a quarterly, or more frequently if necessary, basis. We face a number of cybersecurity risks in connection with our business. From time-to-time, we have identified cybersecurity threats that require us to make changes to our processes and to implement additional safeguards. While none of these identified threats have materially affected us, it is possible that threats and incidents we identify in the future could have a material adverse effect on our business, results of operations, and financial condition. 27 Table of Contents . 25 Table of Contents .