Inland Real Estate Income Trust, Inc. 10-K Cybersecurity GRC - 2024-03-13

Page last updated on April 11, 2024

Inland Real Estate Income Trust, Inc. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-03-13 16:52:35 EDT.

Filings

10-K filed on 2024-03-13

Inland Real Estate Income Trust, Inc. filed an 10-K at 2024-03-13 16:52:35 EDT
Accession Number: 0000950170-24-030856

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. Cybersecurity Assessment, Identification and Management of Material Risks from Cybersecurity We rely on the cybersecurity strategy and policies implemented by Inland. Inland s cybersecurity strategy prioritizes detection and analysis of and response to known, anticipated or unexpected threats, effective management of security risks and resilience against cyber incidents. Inland s cybersecurity risk management processes include technical security controls, policy enforcement mechanisms, monitoring systems, tools and related services, which include tools and services from third-party providers, and management oversight to assess, identify and manage risks from cybersecurity threats. Inland has implemented and continues to implement risk-based controls designed to prevent, detect and respond to information security threats and we rely on those controls to help us protect our information, our information systems, and the information of our investors, and other third parties who entrust us with their sensitive information. Inland s cybersecurity program includes physical, administrative and technical safeguards, as well as plans and procedures designed to help our sponsor and Business Manager to prevent and timely and effectively respond to cybersecurity threats and incidents, including threats or incidents that may impact us and our Business Manager. Inland s cybersecurity risk management process seeks to monitor cybersecurity vulnerabilities and potential attack vectors, evaluate the potential operational and financial effects of any threat and mitigate such threats. The assessment of cybersecurity risks, including those which may impact us and our Business Manager, is integrated into Inland s risk management program. In addition, Inland periodically engages with third-party consultants and key vendors to assist it in assessing, enhancing, implementing, and monitoring its cybersecurity risk management programs, including performing penetration testing of Inland s networks, and security assessments of the effectiveness of Inland s information technology environment to identify potential vulnerabilities. Inland s cybersecurity risk management and awareness programs include periodic identification and testing of vulnerabilities as well as regular phishing simulations for all of the employees of the Business Manager and its affiliates. Inland undertakes periodic internal security reviews of its information systems and related controls, including systems affecting personal data and the cybersecurity risks of our Business Manager and our critical third-party vendors (including the transfer agent) and other partners. Inland has established a Computer Security Incident Response Team ( Inland CSIRT ), which aims to manage and mitigate the impact of cybersecurity breach events, including those arising from or impacting our Business Manager and service providers (including the transfer agent), tenants, and other business contacts. Members of the Inland CSIRT include Inland s VP Director of IT Infrastructure & Information Security, who has more than 19 years of experience in information technology security and leads Inland s cybersecurity program, and its Head of Technology Strategy, as well as members of the firm s legal, risk, and communications groups. Inland has established a notification decision framework to determine when the Inland CSIRT will provide notifications regarding certain cybersecurity incidents, with different severity thresholds triggering notifications to different recipient groups, including members of our Business Manager s management, and our Board and Audit Committee, as appropriate. Oversight of Cybersecurity Risks The board and our audit committee oversee our cybersecurity risk exposures and the steps taken by management to identify, monitor and mitigate cybersecurity risks to align our risk exposure with our strategic objectives. With respect to such cybersecurity risk oversight, our board and/or our audit committee receive periodic reports and/or updates from management on the primary cybersecurity risks facing us and the Business Manager and the measures we, and the Business Manager are taking to mitigate such risks. In addition to such reports and updates, our board and/or our audit committee receive updates from management as to changes to our and the Business Manager s cybersecurity risk profile or certain newly identified risks. In the event of an incident, we intend to follow Inland s incident response plan, which outlines the steps to be followed from incident identification, mitigation, recovery and notification to legal counsel, senior leadership and the board or audit committee, as appropriate. Impact of Cybersecurity Risks As of the date of this filing, we have not experienced a material information security breach incident and the expenses we have incurred from information security breach incidents have been immaterial, and we are not aware of any cybersecurity risks that are reasonably likely to materially affect our business. However, we may not be successful in preventing or mitigating a cybersecurity incident that 34 could have a material adverse effect on our business, financial condition, results of operations, or cash flows. See Part I, Item 1A, Risk Factors, General Risks for more information regarding cybersecurity risks.

Company Information