XML 51 R30.htm IDEA: XBRL DOCUMENT v3.25.0.1

Cybersecurity Risk Management and Strategy Disclosure	12 Months Ended
	Dec. 31, 2024
Cybersecurity Risk Management Strategy And Governance [Abstract]
Cybersecurity Risk Management Processes For Assessing Identifying And Managing Threats [Text Block]	Cybersecurity threats pose a risk to the Company as crimes committed through or involving the internet. Examples of those threats are malware, phishing, hacking, denial of service attacks, stealing information, unauthorized intrusions into internal systems or the systems of third-party vendors that could adversely impact operations or damage reputations.   We utilize third party service providers to support and facilitate business and operational activities to achieve strategic goals. However, third parties may expose us and our customers to various risks. We have implemented a Vendor Risk Management (“VRM”) framework, which provides the tools and practices utilized in the oversight of third-party service providers, with an objective to meet legal and regulatory obligations, contractual requirements, performance expectations, and our own principles and values. For the 2024 period, there were no material incidents affecting the VRM framework or controls. We have developed cybersecurity and data privacy programs designed to enable and safeguard the confidentiality, integrity and availability of our information systems and data by providing proactive security expertise and risk assessments, creating and maintaining a resilient and secure environment, and fostering a culture of security awareness and compliance throughout our organization.  We maintain a robust Information Security Program that sets forth our commitment to the continual review and improvement of policies, processes, procedures, and standards for evaluating electronic and physical methods of accessing, collecting, storing, using, transmitting, disposing of, and protecting sensitive information, including customer information under guidelines established as part of the Gramm Leach-Bliley Act (GLBA). The Bank manages cybersecurity threats proactively and maintains robust controls to protect its critical systems and data by investing in secure, reliable and resilient technology infrastructure, fostering a culture of technology risk awareness and continuously improving its technology risk management practices. Our process for monitoring and mitigating cybersecurity risk is designed in conjunction with our overall Risk Management Policy and Information Security Program.  One of the key aspects of these programs are various risk assessments that are used to identify industry and company-specific risks, measure control effectiveness, identify any gaps that need to be addressed, and linking our controls with applicable policies, standards and guidelines to ensure that responsible parties are aware of their obligations with respect to this program.  Annually, we engage a third party to perform penetration testing and ongoing analysis to identify potential vulnerabilities and areas for additional enhancements as well as a full-scope independent audit of IT and Information Security processes. All of our employees also have a responsibility to protect the privacy of Company and Bank confidential and proprietary information. They are required to undergo periodic information security awareness training to ensure a clear understanding of their roles in protecting information assets and to create a security-minded culture. Additionally, the Company carries out regular phishing simulation tests throughout the year to keep employees alert, spread awareness and ensure that employees have the knowledge and resources necessary to report suspicious activity. The management of cybersecurity risks is ultimately the responsibility of Company management and is governed by the Board. They devote significant time and attention to the oversight of cybersecurity and information security risks. The Board through its BRC reviews monthly information technology and Information Security and Vendor Management reports that highlight key areas of focus and risk. The Board also reviews and approves the Information Security Program, the central program outlining cyber-security processes and controls annually and frequently receives presentations on and discusses cybersecurity and information security risks, industry trends and best practices. We are subject to extensive federal and state regulation of customer privacy and the security of financial information. Our federal regulator, the FDIC, is part of the Federal Financial Institutions Examination Council (FFIEC), which publishes extensive guidelines and examination procedures that are used to review the security of financial institutions. To date, we have not experienced a cybersecurity incident or data breach that has materially affected us or our business strategy, results of operations, or financial condition.
Cybersecurity Risk Management Processes Integrated [Flag]	true
Cybersecurity Risk Management Processes Integrated [Text Block]	We have developed cybersecurity and data privacy programs designed to enable and safeguard the confidentiality, integrity and availability of our information systems and data by providing proactive security expertise and risk assessments, creating and maintaining a resilient and secure environment, and fostering a culture of security awareness and compliance throughout our organization.  We maintain a robust Information Security Program that sets forth our commitment to the continual review and improvement of policies, processes, procedures, and standards for evaluating electronic and physical methods of accessing, collecting, storing, using, transmitting, disposing of, and protecting sensitive information, including customer information under guidelines established as part of the Gramm Leach-Bliley Act (GLBA).
Cybersecurity Risk Management Third Party Engaged [Flag]	true
Cybersecurity Risk Third Party Oversight And Identification Processes [Flag]	true
Cybersecurity Risk Materially Affected Or Reasonably Likely To Materially Affect Registrant [Flag]	false
Cybersecurity Risk Board Of Directors Oversight [Text Block]	The management of cybersecurity risks is ultimately the responsibility of Company management and is governed by the Board. They devote significant time and attention to the oversight of cybersecurity and information security risks. The Board through its BRC reviews monthly information technology and Information Security and Vendor Management reports that highlight key areas of focus and risk. The Board also reviews and approves the Information Security Program, the central program outlining cyber-security processes and controls annually and frequently receives presentations on and discusses cybersecurity and information security risks, industry trends and best practices. We are subject to extensive federal and state regulation of customer privacy and the security of financial information. Our federal regulator, the FDIC, is part of the Federal Financial Institutions Examination Council (FFIEC), which publishes extensive guidelines and examination procedures that are used to review the security of financial institutions. To date, we have not experienced a cybersecurity incident or data breach that has materially affected us or our business strategy, results of operations, or financial condition.
Cybersecurity Risk Board Committee Or Subcommittee Responsible for Oversight [Text Block]	BRC
Cybersecurity Risk Process For Informing Board Committee Or Subcommittee Responsible For Oversight [Text Block]	The Board through its BRC reviews monthly information technology and Information Security and Vendor Management reports that highlight key areas of focus and risk. The Board also reviews and approves the Information Security Program, the central program outlining cyber-security processes and controls annually and frequently receives presentations on and discusses cybersecurity and information security risks, industry trends and best practices.
Cybersecurity Risk Role Of Management [Text Block]	The management of cybersecurity risks is ultimately the responsibility of Company management and is governed by the Board. They devote significant time and attention to the oversight of cybersecurity and information security risks. The Board through its BRC reviews monthly information technology and Information Security and Vendor Management reports that highlight key areas of focus and risk. The Board also reviews and approves the Information Security Program, the central program outlining cyber-security processes and controls annually and frequently receives presentations on and discusses cybersecurity and information security risks, industry trends and best practices.
Cybersecurity Risk Management Positions Or Committees Responsible [Flag]	false

X

- Definition

n/a

+ References

No definition available.

+ Details

Name:	bhb_CybersecurityRiskBoardCommitteeOrSubcommitteeResponsibleForOversightTextBlock
Namespace Prefix:	bhb_
Data Type:	dtr-types:textBlockItemType
Balance Type:	na
Period Type:	duration

X

- Definition

n/a

+ References

No definition available.

+ Details

Name:	bhb_CybersecurityRiskBoardOfDirectorsOversightTextBlock
Namespace Prefix:	bhb_
Data Type:	dtr-types:textBlockItemType
Balance Type:	na
Period Type:	duration

X

- Definition

n/a

+ References

No definition available.

+ Details

Name:	bhb_CybersecurityRiskManagementPositionsOrCommitteesResponsibleFlag
Namespace Prefix:	bhb_
Data Type:	xbrli:booleanItemType
Balance Type:	na
Period Type:	duration

X

- Definition

n/a

+ References

No definition available.

+ Details

Name:	bhb_CybersecurityRiskManagementProcessesForAssessingIdentifyingAndManagingThreatsTextBlock
Namespace Prefix:	bhb_
Data Type:	dtr-types:textBlockItemType
Balance Type:	na
Period Type:	duration

X

- Definition

n/a

+ References

No definition available.

+ Details

Name:	bhb_CybersecurityRiskManagementProcessesIntegratedFlag
Namespace Prefix:	bhb_
Data Type:	xbrli:booleanItemType
Balance Type:	na
Period Type:	duration

X

- Definition

n/a

+ References

No definition available.

+ Details

Name:	bhb_CybersecurityRiskManagementProcessesIntegratedTextBlock
Namespace Prefix:	bhb_
Data Type:	dtr-types:textBlockItemType
Balance Type:	na
Period Type:	duration

X

- Definition

n/a

+ References

No definition available.

+ Details

Name:	bhb_CybersecurityRiskManagementStrategyAndGovernanceAbstract
Namespace Prefix:	bhb_
Data Type:	xbrli:stringItemType
Balance Type:	na
Period Type:	duration

X

- Definition

n/a

+ References

No definition available.

+ Details

Name:	bhb_CybersecurityRiskManagementThirdPartyEngagedFlag
Namespace Prefix:	bhb_
Data Type:	xbrli:booleanItemType
Balance Type:	na
Period Type:	duration

X

- Definition

n/a

+ References

No definition available.

+ Details

Name:	bhb_CybersecurityRiskMateriallyAffectedOrReasonablyLikelyToMateriallyAffectRegistrantFlag
Namespace Prefix:	bhb_
Data Type:	xbrli:booleanItemType
Balance Type:	na
Period Type:	duration

X

- Definition

n/a

+ References

No definition available.

+ Details

Name:	bhb_CybersecurityRiskProcessForInformingBoardCommitteeOrSubcommitteeResponsibleForOversightTextBlock
Namespace Prefix:	bhb_
Data Type:	dtr-types:textBlockItemType
Balance Type:	na
Period Type:	duration

X

- Definition

n/a

+ References

No definition available.

+ Details

Name:	bhb_CybersecurityRiskRoleOfManagementTextBlock
Namespace Prefix:	bhb_
Data Type:	dtr-types:textBlockItemType
Balance Type:	na
Period Type:	duration

X

- Definition

n/a

+ References

No definition available.

+ Details

Name:	bhb_CybersecurityRiskThirdPartyOversightAndIdentificationProcessesFlag
Namespace Prefix:	bhb_
Data Type:	xbrli:booleanItemType
Balance Type:	na
Period Type:	duration