Modiv Industrial, Inc. 10-K Cybersecurity GRC - 2024-03-07

Page last updated on April 11, 2024

Modiv Industrial, Inc. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-03-07 16:01:50 EST.

Filings

10-K filed on 2024-03-07

Modiv Industrial, Inc. filed an 10-K at 2024-03-07 16:01:50 EST
Accession Number: 0001645873-24-000030

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

ITEM 1C. CYBERSECURITY We believe we maintain an information technology and cybersecurity program appropriate for a company our size, taking into account our operations and risks. We are committed to cybersecurity and vigilantly protecting all our resources and information from unauthorized access. Our cybersecurity approach incorporates a layered portfolio of employee training programs, multiple resources to manage and monitor the evolving threat landscape, effective board oversight of cybersecurity risks and knowledgeable teams responsible for preventing and detecting cybersecurity risks. Management and Board Oversight Our board of directors has delegated oversight of our cybersecurity program to our audit committee. Our audit committee, which consists of solely independent directors, reviews our enterprise risk and cybersecurity risks on a regular basis. It also reviews steps management has taken to protect against threats to our information systems and security and receives updates on cybersecurity from our information technology team on a periodic basis. The full board of directors also periodically reviews our cybersecurity risks with management and the actions we are taking to mitigate such risks. The CAO or their designee reports to the audit committee on a periodic basis on the status of our cybersecurity program. These actions include implementing industry-recognized practices for protecting systems, third-party monitoring of certain systems and cybersecurity training for employees. 28 Tabl e of Contents With oversight from our audit committee and our board of directors, our management team including our Chief Executive Officer ( CEO ), Chief Financial Officer ( CFO ) and Chief Operating Officer and General Counsel ( COO/GC ), is responsible for managing all cybersecurity risks and overseeing our security programs. Our information technology team is comprised of our Chief Accounting Officer ( CAO ) and other knowledgeable employees, and is responsible for management of our cybersecurity programs. Our information technology team consists of individuals with experience in assessing and addressing cybersecurity risk and is responsible for executing our cybersecurity programs as well as communicating regularly with senior management. Our CEO, CFO and COO/GC have familiarity and oversight experience, appropriate for their positions, regarding general cybersecurity matters and threats affecting business-to-business software and cloud services vendors. In addition, our cybersecurity program includes engagement of other Company management and employees and outside service providers to oversee or perform specific roles in connection with cybersecurity risk assessment and management, and incident management. Processes for Assessing, Identifying and Managing Material Risks from Cybersecurity Threats The principal objectives of our cybersecurity program ( Cybersecurity Program ) are to minimize the risks associated with cybersecurity threats to our business operations, financial performance and financial condition, and protect confidential information, our intellectual property and other assets, and those of our investors, tenants, vendors, partners and employees that may be at risk due to our cybersecurity threats. We use industry recognized cybersecurity frameworks and standards as a guide to help us identify, assess, and manage cybersecurity risks relevant to our business. Recognizing that the nature of cybersecurity threats and the particular threat vectors we face continually change, our board, audit committee, senior management, and information technology team continually evaluate and invest in updating and enhancing our Cybersecurity Program. Under our Cybersecurity Program, our information technology team and our senior management, with input where appropriate from our third-party advisors, work to identify our cybersecurity threats, assess the risks, and deploy appropriate technologies and processes to manage those risks. Cybersecurity incidents may be detected through a variety of means, including but not limited to automated event-detection notifications or similar technologies which are monitored by our cybersecurity provider, notifications from employees, vendors or service providers, and notifications from third-party information technology system providers. When cybersecurity incidents occur, our actions are guided by an incident response plan to (i) detect, contain and eradicate threats, (ii) notify the executive management and the Audit Committee Chairman as appropriate based on the severity level of the cybersecurity incident, (iii) recover compromised data and information systems, (iv) limit impacts of any such incident on our operations and (v) report any such incident as required by law or as otherwise appropriate. We have relationships with a number of third-party service providers to assist with cybersecurity containment and remediation efforts, including outside legal counsel and vendors. We consider our cybersecurity risk and related management processes when assessing risk across the Company. Our risk management systems and processes comprise numerous components, including policies and procedures, risk detection systems, tools and protocols, internal auditing, management review, defined lines of communications, cybersecurity awareness training for employees, phishing simulation tests, penetration testing, engagement of outside advisors and experts to assess, test or otherwise assist with aspects of our security controls, regular operations reviews with the CEO, and board (and audit committee) oversight. We use a number of means to assess and manage cyber risks related to our third-party service providers, such as conducting due diligence in connection with onboarding new vendors and legal review of vendor engagements and new products. We utilize the foregoing systems and processes to manage our risks and associated cybersecurity threats. Cybersecurity Risks As of December 31, 2023, we are not aware of any risks from cybersecurity threats, including as a result of any previous cybersecurity incidents that have materially affected the business strategy, results of operations or financial condition of the Company or are reasonably likely to have such a material effect. However, any future potential risks from cybersecurity threats, including but not limited to exploitation of vulnerabilities, ransomware, unauthorized transactions, or other similar threats may materially affect us, including our execution of business strategy, reputation, results of operations and/or financial condition. See Item 1A, Risk Factors - Risks Related to Our Business - Cybersecurity. 29 Tabl e of Contents

Company Information