CAMDEN PROPERTY TRUST 10-K Cybersecurity GRC - 2026-02-12

Page last updated on February 12, 2026

CAMDEN PROPERTY TRUST reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2026-02-12 16:21:47 EST.

Filings

10-K filed on 2026-02-12

CAMDEN PROPERTY TRUST filed a 10-K at 2026-02-12 16:21:47 EST
Accession Number: 0001628280-26-007697

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. Cybersecurity Addressing cybersecurity risks is a priority for us. We maintain systems of internal controls, business continuity plans, and disaster recovery plans, and we regularly assess these systems to address cybersecurity and technology related risks. Our cybersecurity program ("CSP") is evaluated against the National Institute of Standards and Technology's Cybersecurity Framework ("NIST CSF") and the Center for Internet Security control framework. In addition to a dedicated information technology cybersecurity team monitoring daily operations, we conduct annual assessments of our CSP against NIST CSF benchmarks and prioritize continuous improvement. We apply factors such as business risk tolerance and external compliance requirements to determine whether a business asset, data, system, process, or service provider should fall within the scope of the CSP. We require annual cybersecurity awareness training for all employees to help identify and report potential or actual issues promptly. Our information technology cybersecurity team also undertakes regular advanced training to enhance awareness, internal expertise, and readiness. We install and routinely update antivirus software on all Company-managed systems and workstations to detect and prevent malicious code. To raise awareness of critical security threats, we conduct ongoing security breach and phishing simulations. Periodically, we run tabletop exercises involving members of the Company's management team to simulate responses to cybersecurity incidents and use the findings to strengthen our policies and procedures. Additionally, we maintain cybersecurity insurance to cover certain losses and damages caused by a cybersecurity incident. All third-party service providers or vendors within our cybersecurity framework are required to comply with our policies regarding non-public personal information and information security. Our CSP is led by our Senior Vice President - Strategic Services and Chief Information Officer ("CIO") and our Chief Information Security Officer ("CISO"). Our CIO also serves as the Chair of our Cybersecurity Executive Oversight Committee ("CEOC"), comprised of our CISO and other senior executives representing various teams and functions of the Company including legal, finance, accounting, investor relations, and operations. The CEOC supports efforts to evaluate the materiality of any incident, determines whether notice to third parties such as residents or vendors is required, and determines whether any disclosures to stakeholders are required. The CEOC is also responsible for ensuring Company's management and Board of Trust Managers ("Board") are fully aware of key activities and events associated with our CSP on an ongoing basis. Our entire Board is actively involved in overseeing risk management and the Audit Committee, in accordance with the Audit Committee Charter, provides oversight of management's guidelines and policies to govern the process by which risk assessments and risks are managed, including the Company's major financial risk exposures and the steps management has taken to monitor and control such exposures. The Audit Committee also discusses with management the processes undertaken to evaluate our systems of disclosure controls and procedures, including those relating to cybersecurity risk management. Our CIO reports quarterly to the Audit Committee and Board regarding cybersecurity matters, including emerging cybersecurity threats, the risk landscape, and updates on our CSP and related readiness, resiliency, and response efforts. We, like other businesses, have been, and expect to continue to be, subject to attempts of unauthorized access, mishandling or misuse, computer viruses or malware, cyber-attacks, intrusions, and other events of varying degrees. To date, we have not experienced a material cybersecurity incident nor are we aware of any of our third-party outside service providers experiencing such an incident. For a discussion on certain of the Company's cybersecurity-related risks, see Item 1A under the heading "Risk Factors-Risks Associated with Our Operations - A cybersecurity incident and other technology disruptions could negatively impact our business. "

Company Information