Kite Realty Group, L.P. 10-K Cybersecurity GRC - 2024-02-20

Page last updated on April 11, 2024

Kite Realty Group, L.P. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-02-20 16:16:56 EST.

Filings

10-K filed on 2024-02-20

Kite Realty Group, L.P. filed an 10-K at 2024-02-20 16:16:56 EST
Accession Number: 0001286043-24-000018

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

ITEM 1C. CYBERSECURITY Cybersecurity Risk Management Process The Company relies extensively on IT systems to operate and manage its business and process transactions. As a result, our business is at risk from, and may be impacted by, cybersecurity incidents. The Company s cybersecurity risk management program leverages the National Institute of Standards and Technology ( NIST ) Cybersecurity Framework. As risk management is an ongoing process, the Company regularly assesses its cybersecurity risks and adjusts its program accordingly. Via multiple monitoring solutions, potential cyber threats are automatically logged and proactively addressed. Our monitoring tools use well-established vulnerability scoring to aid in the overall risk assessment. The scoring ranks by potential severity and likelihood and includes a review of mitigating factors. The Company prioritizes its cybersecurity investments based on the likelihood and impact of potential threats. From onboarding and at least annually thereafter, the Company educates and trains its workforce on cybersecurity leading practices using a variety of methods. The Company regularly performs internal and external penetration testing and vulnerability scanning with the support of well-established third-party providers. Any identified deficiencies or vulnerabilities are reviewed by the IT staff and management and remediation steps are taken based on the criticality of the results. Cybersecurity tools and services are configured to identify threats and risks that may be associated with the use of third-party applications or solutions. The Company has developed incident response plans to contain, investigate, respond to and recover from cybersecurity incidents. Our response plans require prompt notification to members of senior management in the event of a significant cybersecurity incident and prompt briefings on further developments as appropriate. Risks And Impact From Cybersecurity Threats To date, we are not aware of any risks from cybersecurity threats or incidents that have materially affected or are reasonably likely to materially affect the Company, including our business strategy, results of operations or financial condition. However, evolving cybersecurity threats make it increasingly challenging to anticipate, detect, and defend against cybersecurity threats and incidents. For more information regarding our cybersecurity risks, refer to Item 1A. Risk Factors We and our tenants face risks related to cybersecurity attacks that could cause loss of confidential information and other business disruptions. included elsewhere within this Annual Report on Form 10-K. Board of Trustees Oversight Our Board of Trustees oversees various risks that the Company may face from time to time. While the full Board of Trustees has primary responsibility for risk oversight, it has delegated to the Audit Committee the responsibility for overseeing the Company s enterprise risk management and risk mitigation policies and programs, including matters related to privacy and cybersecurity. The Audit Committee reviews the Company s cybersecurity risks and the effectiveness of its cybersecurity program every quarter. Reports on these topics are provided to the Audit Committee by the Senior Vice President, Chief Technology Officer and the Vice President, Internal Audit and Enterprise Risk Management on a quarterly basis. In addition, when appropriate, cybersecurity risks and incidents will be reported to the Board of Trustees by the Company s Chief Financial Officer. 26 Management s Role The Company s management team is responsible for implementing and managing the Company s cybersecurity risk management program. The management team regularly reviews the Company s cybersecurity risks and adjusts the program as needed. Risk data analyzed includes summary and detailed data from monitoring and protection systems along with remediation reports to ensure the constant evolution of the program. Key members of the IT team responsible for information security include several individuals with over 20 years of experience within various industries including real estate, global retail, fintech and insurance along with experience working for several top IT service and solutions providers. The IT team provides quarterly reports to the Company s senior management. Such reports typically address, among other things, the Company s cybersecurity strategy, initiatives, key security metrics, business response plans, and the evolving cybersecurity threat landscape. The Company has cybersecurity insurance designed to cover certain expenses relating to cybersecurity incidents. The Company also carries other insurance that may cover ancillary aspects of a cybersecurity incident; however, damage and claims arising from a cybersecurity incident may exceed the amount of any insurance available. 27

Company Information