Kite Realty Group, L.P. 10-K Cybersecurity GRC - 2026-02-17

Page last updated on February 17, 2026

Kite Realty Group, L.P. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2026-02-17 16:31:48 EST.

Filings

10-K filed on 2026-02-17

Kite Realty Group, L.P. filed a 10-K at 2026-02-17 16:31:48 EST
Accession Number: 0001286043-26-000009

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

ITEM 1C. CYBERSECURITY Cybersecurity Risk Management Process The Company relies extensively on IT systems to operate and manage its business and process transactions. Therefore, cybersecurity incidents pose a risk to our business and have the potential to impact it. The Company's cybersecurity risk management program leverages the National Institute of Standards and Technology ("NIST") Cybersecurity Framework, which is used to benchmark and tailor the Company's strategies and program to our risk profile and specific operational needs and goals. As risk management is an ongoing process, the Company regularly assesses its cybersecurity risks and adjusts its program accordingly. Multiple monitoring solutions automatically log potential cyber threats and proactively address them. Our monitoring tools use well-established scoring mechanisms to aid in the overall risk assessment. The scoring ranks potential threats by potential severity and likelihood and includes a review of mitigating factors. The Company prioritizes its cybersecurity investments based on the likelihood and impact of potential threats. We recognize that cybercriminals frequently target employees to gain unauthorized access to information systems. Therefore, from onboarding and at least annually thereafter, the Company educates and trains its employees on cybersecurity leading practices using a variety of methods, which is supplemented throughout the year with regular phishing and other cyber-related testing. The Company regularly performs internal and external penetration testing and vulnerability scanning with the support of well-established third-party providers. The IT staff and management review any identified deficiencies or vulnerabilities, and remediation steps are taken based on the criticality of the results. Cybersecurity tools and services are configured to identify threats and risks that may be associated with the use of third-party applications or solutions. We prioritize our cybersecurity efforts relating to third parties based on the likelihood and potential impact of cybersecurity threats. These efforts may include reviewing security documentation or protocols for key vendors, service providers, and external users of our systems. The Company has developed cybersecurity incident response plans to contain, investigate, respond to, and recover from cybersecurity incidents that may jeopardize the confidentiality, integrity, or availability of our IT systems. Key members of management, including the Company's Chief Financial Officer, Chief Operating Officer, Chief Administrative and Transformation Officer, and Chief Legal Officer, as well as employees from IT, internal audit, human resources, and marketing and communications, serve on the Company's security incident response team to help the Company mitigate and remediate cybersecurity incidents of which they are notified. Our response plans require prompt notification to members of senior management in the event of a significant cybersecurity incident and prompt briefings on further developments as appropriate. Risks And Impact From Cybersecurity Threats We have identified cyber attacks and other cybersecurity incidents on our IT systems and those of third parties, including through e-mail phishing attempts and scams, but none of the risks from cybersecurity threats or incidents identified as of December 31, 2025, including third-party incidents, during any of the prior three fiscal years, has materially affected or is reasonably likely to materially affect the Company, including our business strategy, results of operations, or financial condition. However, evolving cybersecurity threats make it increasingly challenging to anticipate, detect, and defend against them and any incidents. For more information regarding our cybersecurity risks, see "We and our tenants face risks related to cyber attacks that could cause loss of confidential information and other business disruptions" in Item 1A, "Risk Factors," within this Annual Report on Form 10-K. Board of Trustees Oversight Our Board of Trustees oversees various risks the Company may face from time to time. While the full Board of Trustees has primary responsibility for risk oversight, it has delegated to the Audit Committee the responsibility for overseeing the Company's enterprise risk management and risk mitigation policies and programs, including matters related to privacy and cybersecurity. The Audit Committee reviews the Company's cybersecurity risks and the effectiveness of its cybersecurity program every quarter, including current threat levels and ongoing program enhancements. The Audit Committee receives quarterly reports on these topics from the Senior Vice President - Chief Administrative and Transformation Officer and the Vice President - Internal Audit and Enterprise Risk Management . In addition, when appropriate, the Company's Chief Financial Officer will report cybersecurity risks and incidents to the Board of Trustees. Management's Role The Company's management team is responsible for implementing and managing the Company's cybersecurity risk management program. The management team regularly reviews the Company's cybersecurity risks and adjusts the program as needed. Risk data analyzed includes summary and detailed data from monitoring and protection systems along with remediation reports to help ensure the constant evolution of the program. Key members of the IT team responsible for information security include individuals with over 20 years of experience in industries such as real estate, global retail, fintech, and insurance, as well as backgrounds with top IT service and solutions providers. Our team is supported by a third-party company that we have retained to act as our chief information officer based on the third-party company's extensive experience in the industry and knowledge regarding appropriate cybersecurity processes and procedures, and its ability to assess the integrity of those processes and procedures. The IT team provides quarterly reports to the Company's senior management, which typically address, among other things, the Company's cybersecurity strategy, initiatives, key security metrics, business response plans, and the evolving cybersecurity threat landscape. The Company has cybersecurity insurance designed to cover certain expenses related to cybersecurity incidents. The Company also carries other insurance that may cover ancillary aspects of a cybersecurity incident; however, damage and claims arising from a cybersecurity incident may exceed the amount of any insurance available.

Company Information