Kilroy Realty, L.P. 10-K Cybersecurity GRC - 2026-02-11

Page last updated on February 11, 2026

Kilroy Realty, L.P. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2026-02-11 19:50:00 EST.

Filings

10-K filed on 2026-02-11

Kilroy Realty, L.P. filed a 10-K at 2026-02-11 19:50:00 EST
Accession Number: 0001628280-26-007051

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

ITEM 1C. CYBERSECURITY Cybersecurity Our Board of Directors recognizes the critical importance of maintaining the trust and confidence of our tenants, investors, business partners, and employees, and is actively involved in the oversight of our enterprise risk management ("ERM"). As a key component of our ERM framework, the Board of Directors oversees cybersecurity risk as part of its overall risk oversight responsibilities. The Board of Directors has delegated primary oversight of cybersecurity and other information technology risks to the Audit Committee, which monitors management's implementation and administration of our cybersecurity risk management program. Our cybersecurity policies, standards, processes, and practices are integrated into our enterprise risk strategy and are explicitly mapped to the NIST Cybersecurity Framework (Identify, Protect, Detect, Respond, Recover). This framework defines how we structure, implement, and govern our controls, including risk assessments, monitoring, incident response, and recovery activities, alongside other applicable standards. In general, we seek to address cybersecurity risks through a cross-functional approach that is focused on preserving the confidentiality, integrity, and availability of the information systems and information that we collect and store by identifying, preventing and mitigating cybersecurity threats and effectively responding to any incidents. Risk Management and Strategy Our cybersecurity program is focused on the following areas: Governance. The Board of Directors' oversight of cybersecurity risk management is supported by the Audit Committee, which regularly interacts with members of Kilroy's executive team including our Senior Vice President, Chief Technology Officer ("CTO"), Executive Vice President, General Counsel and Secretary, and Senior Director, Cybersecurity. Collaborative Approach. We have implemented a cross-functional approach to identifying, preventing, and mitigating cybersecurity threats and incidents. Safeguards. We deploy technical and non-technical safeguards that are designed to protect our information systems from cybersecurity threats, including anti-malware, firewalls, intrusion prevention and detection systems, and privilege access controls, which are evaluated and improved through vulnerability assessments and control testing. We operate a security operations center which monitors our environment in a continuous manner. Incident Response and Recovery Planning. We have established and maintain business continuity and technical recovery plans of critical systems and resources in the event of a cybersecurity incident, and such plans are tested and evaluated on a recurring basis. We also maintain a cybersecurity insurance policy, though the cost related to cybersecurity incidents or disruptions may not fully be covered. Third Party Risk Management. We maintain a third-party cyber risk management program to identify and oversee cybersecurity risks presented by third-party providers , including vendors, consultants, service providers, and other external users of our system, as well as systems of third parties that could adversely impact our business in the event of a cybersecurity incident. We may conduct upfront diligence and ongoing monitoring and/or seek contractual protections depending on our assessment of each provider's criticality to our operations, access to our systems and information, and overall risk profile. In the event that we identify a risk, we communicate the risk to the third party and monitor remediation. Education and Awareness. We provide regular training, including ongoing end-user security awareness training and attack simulation assessments for employees regarding cybersecurity threats to equip our employees with tools 31 to address cybersecurity threats, and to communicate our evolving information security policies, standards, processes, and practices. We are aware of known risks, including as a result of prior cybersecurity incidents, that have not materially affected us, including our operations, business strategy, results of operations, or financial condition. We face certain ongoing risks from cybersecurity threats that, if realized, are reasonably likely to materially affect us, including our operations, business strategy, results of operations, or financial condition. See "Part 1. Item 1A. Risk Factors - We face risks associated with perceived or actual security breaches through cyberattacks, cyber intrusions or otherwise, as well as other significant disruptions of our information technology (IT) networks and related systems or those of our critical service providers." Cybersecurity Governance In connection with their oversight responsibilities, the Audit Committee receives periodic updates and the Board of Directors is briefed at least annually by our CTO on cybersecurity risks and related risk management, which includes topics such as the status of and specific metrics related to our cybersecurity program, recent developments, evolving standards and regulations, vulnerability assessments, third-party and independent reviews, the current threat environment, technology trends, and information security considerations arising with respect to our peers and third parties. Additionally, the Audit Committee receives prompt and ongoing information regarding significant cybersecurity incidents. The CTO and Senior Director, Cybersecurity are primarily responsible for assessing and managing cybersecurity risks and work collaboratively across the business to implement a program designed to protect our information systems from cybersecurity threats and to promptly respond to any future cybersecurity incidents in accordance with our incident response and business continuity plans. Through ongoing communications, the CTO and Senior Director, Cybersecurity help our Executive Vice President, General Counsel and Secretary, among others, to stay informed of, and monitor the prevention, detection, mitigation, and remediation of cybersecurity threats and incidents. Our CTO has more than 15 years of experience in senior information technology leadership roles spanning enterprise data, analytics, and corporate applications, with responsibilities that have included technology platform strategy, cybersecurity risk management, and operational resilience. The CTO also holds industry-recognized credentials, including the Certified Information Security Manager (CISM) certification and a graduate certificate in Information Technology and Information Systems. Our Senior Director, Cybersecurity, brings extensive leadership experience in information security, having served as the Chief Information Security Officer for three public companies, and holds an undergraduate degree in Information Systems, a master's degree in Cybersecurity and Information Assurance, and multiple professional certifications, including Certified Chief Information Security Officer and Certified Chief Risk Officer. 32

Company Information