LGI Homes, Inc. 10-K Cybersecurity GRC - 2024-02-20

Page last updated on April 11, 2024

LGI Homes, Inc. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-02-20 17:02:08 EST.

Filings

10-K filed on 2024-02-20

LGI Homes, Inc. filed an 10-K at 2024-02-20 17:02:08 EST
Accession Number: 0001580670-24-000012

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

ITEM 1C. CYBERSECURITY Risk Management and Strategy We have strategically integrated cybersecurity risk management into our broader risk management framework to promote a company-wide culture of cyber risk awareness. Our Vice President, Information Technology and our information technology group endeavor to evaluate and address cyber risks in alignment with our business objectives, operational needs and industry-accepted standards, such as the National Institute of Standards and Technology (NIST) and CIS Critical Security Controls frameworks. We have processes and procedures in place to monitor the prevention, detection, mitigation and remediation of cybersecurity risks. These include but are not limited to: Maintaining a defined and practiced incident response plan; Employing appropriate incident prevention and detection safeguards; 31 Table of Contents Maintaining a defined disaster recovery policy and employing disaster recovery software, where appropriate; Educating, training and testing our user community on information security practices and identification of potential cybersecurity risks and threats; and Reviewing and evaluating new developments in the cyber threat landscape. Recognizing the complexity and evolving nature of cybersecurity risk, we engage with a range of external support, including cybersecurity consultants, in evaluating, monitoring and testing our cyber management systems and related cyber risks. Our collaboration with these third parties includes audits, threat and vulnerability assessments, company-wide monitoring of cybersecurity risks and consultation on security enhancements. We recognize the risks associated with the use of vendors, service providers and other third parties that provide information system services to us, process information on our behalf, or have access to our information systems, and we have processes in place to oversee and manage these risks. We conduct annual and periodic assessments of these third-party engagements to evaluate compliance with our cybersecurity standards. To our knowledge, we have not been subject to cybersecurity incidents that have materially affected, or are reasonably likely to materially affect, the Company, its operations or financial standing. Governance Our cybersecurity risk management program is overseen by management at multiple levels. Our Vice President, Information Technology plays a key role in assessing, monitoring and managing our cybersecurity risks with support from dedicated information technology and security personnel. Our cybersecurity and risk management protocols are led by our Vice President of IT, who has served in this role since 2019. Our Vice President, Information Technology has an MS in Engineering and Technology Management and over 20 years of experience in managing and leading information technology or cybersecurity teams and oversees a team of information technology professionals who identify, assess, and manage cybersecurity threats on an ongoing basis. Our information technology group monitors the latest developments in cybersecurity, including emerging threats and innovative risk management techniques. We have implemented and oversee processes for the regular monitoring of our information systems. This includes the deployment of advanced security measures and regular system audits to identify potential vulnerabilities. In the event of a cybersecurity incident, we are equipped with a defined and practiced incident response plan, which includes immediate actions to mitigate the impact and long-term strategies for remediation and prevention of future incidents. Our Board of Directors is responsible for overseeing our cyber risk. Our Vice President, Information Technology or other members of our information technology group provide at least semi-annual in-person updates to the Board that encompass a broad range of topics, including: Current cybersecurity threat landscape and emerging threats; Status of ongoing cybersecurity initiatives and strategies; Incident reports and learnings from unique cybersecurity events, including those of other companies; and Compliance status and efforts with regulatory requirements and industry standards. Furthermore, at the Board meetings at which our Vice President, Information Technology or other members of our information technology group do not provide in-person updates to the Board, our CEO or another executive team member provides current updates to the Board. In addition, our information technology group provides updates to the full Board upon request, or timely updates regarding unique developments such as regulatory updates or vulnerability developments. Our Board is composed of directors with diverse qualifications, skills and expertise, including risk management, technology and finance, that equips them to oversee cybersecurity risks effectively. For additional information concerning cybersecurity risks we face, see General Risk Factors Information system failures, cyber incidents or breaches in security could adversely affect us in Item 1A. Risk Factors in Part I of this Annual Report on Form 10-K.

Company Information