Kilroy Realty, L.P. 10-K Cybersecurity GRC - 2024-02-09

Page last updated on April 11, 2024

Kilroy Realty, L.P. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-02-09 17:14:24 EST.

Filings

10-K filed on 2024-02-09

Kilroy Realty, L.P. filed an 10-K at 2024-02-09 17:14:24 EST
Accession Number: 0001025996-24-000094

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

ITEM 1C. CYBERSECURITY Cybersecurity Risk Management and Strategy We have developed and implemented a cybersecurity risk management program intended to protect the confidentiality, integrity and availability of our critical systems and information. Our cybersecurity risk management program is integrated with our overall enterprise risk management program and shares common methodologies, reporting channels and governance processes that apply across the enterprise risk management program to other legal, compliance, strategic, operational and financial risk areas. Our overall cybersecurity program includes, amongst other things: security tools, technologies and processes, control reviews, policy reviews, penetration tests and investments in our security infrastructure; cybersecurity awareness training exercises for our employees, including phishing simulations to raise awareness of spoofed or manipulated electronic communications and other critical security threats; annual review of System and Organization ( SOC ) reports for our core third-party providers based on our assessment of their respective criticality and risk profile; and a Cybersecurity Incident Response Plan that provides a framework and guidelines for responding to cybersecurity incidents that may compromise the confidentiality, integrity and availability of our critical systems and information. Our Board has delegated to the Audit Committee oversight of cybersecurity and other information technology risks. The Audit Committee receives periodic reports from management on our cybersecurity risks. We have not identified known risks, including as a result of prior cybersecurity incidents, that have materially affected us, including our operations, business strategy, results of operations or financial condition. We face certain ongoing risks from cybersecurity threats that, if realized, are reasonably likely to materially affect us, including our operations, business strategy, results of operations or financial condition. See Risk Factors We face risks associated with perceived or actual security breaches through cyberattacks, cyber intrusions or otherwise, as well as other significant disruptions of our information technology (IT) networks and related systems or those of our critical service providers. Cybersecurity Governance Our Board considers cybersecurity risk as critical to the enterprise and delegates the cybersecurity risk oversight function to the Audit Committee. The Audit Committee oversees management s design, implementation and enforcement of our cybersecurity risk management program. The Audit Committee reports to the full Board regarding its activities, including those related to cybersecurity risk oversight. The full Board also receives briefings from management on our cyber risk management program. Board members receive presentations on cybersecurity topics from our Executive Vice President, Chief Administrative Officer, Senior Vice President, Corporate Counsel and Vice President, Enterprise Applications as part of the Board s continuing education. Our cybersecurity risk management team - including our Executive Vice President, Chief Administrative Officer, Senior Vice President, Chief Accounting Officer and Controller, Senior Vice President, Corporate Counsel and Senior Vice President, Information Technology - is responsible for assessing and managing our material risks from cybersecurity threats. The team has primary responsibility for our overall cybersecurity risk management program and supervises our internal cybersecurity personnel, our retained external cybersecurity consultants, and the simulated exercises of our Cybersecurity Incident Response Plan, conducted at least annually to ensure our team is prepared to respond to any future cybersecurity incidents. The team is informed about and monitors the prevention, 39 detection, mitigation, and remediation of cybersecurity incidents through briefings with internal and external personnel, publicly available information about cybersecurity risks and threats and through alerts from security tools deployed in our IT environment. Our Vice President, Enterprise Application s experience includes a Certified Information Systems Security Professional ( CISSP ) certification, which is designed for security professionals with extensive knowledge in contemporary cybersecurity and information security practices. In addition, our Chief Executive Officer has broad expertise in overseeing cybersecurity programs, incident response teams and information technology departments. 40

Company Information