Moody National REIT II, Inc. 10-K Cybersecurity GRC - 2024-04-11

Page last updated on April 11, 2024

Moody National REIT II, Inc. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-04-11 13:17:01 EDT.

Filings

10-K filed on 2024-04-11

Moody National REIT II, Inc. filed an 10-K at 2024-04-11 13:17:01 EDT
Accession Number: 0001999371-24-004693

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

ITEM 1C. Cybersecurity With oversight from our board of directors, our advisor and our senior management have implemented an enterprise-wide information security program designed to identify, protect against, detect, assess, respond to, and manage reasonably foreseeable cybersecurity risks and threats. Our cybersecurity processes have been integrated into our overall risk management system. To protect our information systems from cybersecurity threats, our advisor uses various security tools that help prevent, identify, escalate, investigate, resolve and recover from identified vulnerabilities and security incidents in a timely manner. These include, but are not limited to, internal reporting and monitoring and detection tools. Our advisor also employs third parties to identify, prioritize, assess, mitigate and remediate information system risks however, our advisor relies on such third parties to implement security programs commensurate with their risk, and our advisor cannot ensure in all circumstances that their efforts will be successful. Our advisor regularly assesses risks from cybersecurity and technology threats and monitors our information systems for potential vulnerabilities. Our advisor uses a risk quantification model to identify, measure and prioritize cybersecurity and technology risks and develop related security controls and safeguards. Our advisor conducts regular reviews and tests of our information security program to evaluate the effectiveness of our information security program and improve our security measures and planning. The results of these assessments are reported to our senior management. Our and our advisor s systems could potentially experience directed attacks intended to lead to interruptions and delays in our operations as well as loss, misuse or theft of personal information (of third parties, employees, and our members) and other data, confidential information or intellectual property. Any significant disruption to our or our advisor s operations or access to our or our advisor s systems could adversely affect our business and results of operation. Further, a penetration of our or our advisor s systems or a third-party s systems or other misappropriation or misuse of personal information could subject our advisor or us to business, regulatory, litigation and reputation risk, which could have a negative effect on our business, financial condition and results of operations. See Risk Factors - Operational risks, including the risk of cyberattacks, may disrupt our businesses, result in losses or limit our growth. Our advisor s Vice President - Communications leads our advisor s information security group responsible for overseeing our information security program. Our advisor s Vice President - Communications has over 18 years of industry experience. Team members who support our advisor s information security program have relevant educational and industry experience. The teams, led by our advisor s Vice President Communications, provide regular reports to our senior management and other relevant teams on various cybersecurity threats, assessments and findings. Our board of directors receives updates regarding cybersecurity issues as and when deemed necessary by our senior management. Our advisor experienced a security incident in January 2023 that impacted the operability of its computer systems. Our advisor promptly reported the incident to federal law enforcement and restored the functionality of its computer systems. We are unaware of any misuse of our information. 35 Senior management oversees our annual enterprise risk assessment, where we assess key risks within our company, including security and technology risks and cybersecurity threats, oversees our cybersecurity risk, and receives regular reports from our Vice President - Communications on various cybersecurity matters, including risk assessments, mitigation strategies, areas of emerging risks, incidents and industry trends, and other areas of importance.

Company Information