LGI Homes, Inc. 10-K Cybersecurity GRC - 2026-02-19

Page last updated on February 20, 2026

LGI Homes, Inc. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2026-02-19 18:35:52 EST.

Filings

10-K filed on 2026-02-19

LGI Homes, Inc. filed a 10-K at 2026-02-19 18:35:52 EST
Accession Number: 0001580670-26-000019

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

ITEM 1C. CYBERSECURITY Risk Management and Strategy We have strategically integrated cybersecurity risk management into our broader risk management framework to promote a company-wide culture of cyber risk awareness. Our Vice President, Information Technology and our information technology group endeavor to evaluate and address cyber risks in alignment with our business objectives, operational needs, and industry-accepted standards, such as the National Institute of Standards and Technology (NIST) and Center for Internet Security (CIS) Critical Security Controls frameworks. We have processes and procedures in place to monitor the prevention, detection, mitigation, and remediation of cybersecurity risks. These include but are not limited to: - Maintaining a defined and practiced incident response plan; - Employing appropriate incident prevention and detection safeguards; - Maintaining a defined disaster recovery policy and employing disaster recovery software, where appropriate; - Educating, training and testing our employees and user community on information security practices and identification of potential cybersecurity risks and threats; and - Reviewing and evaluating new developments in the cyber threat landscape. Recognizing the complexity and evolving nature of cybersecurity risk, we engage with a range of external support, including cybersecurity consultants, in evaluating, monitoring, and testing our cyber management systems and related cyber risks. Our collaboration with these third parties includes audits, threat and vulnerability assessments, company-wide monitoring of cybersecurity risks, and consultation on security enhancements. We recognize the risks associated with the use of vendors, service providers, and other third parties that provide information system services to us, process information on our behalf, or have access to our information systems, and we have processes in place to oversee and manage these risks. We conduct annual and periodic assessments of these third-party engagements to evaluate compliance with our cybersecurity standards. To our knowledge, we have not been subject to cybersecurity incidents that have materially affected, or are reasonably likely to materially affect, the Company, its operations or financial standing. Governance Our cybersecurity and risk management program is led by our Vice President of Information Technology , who has served in executive technology and cybersecurity leadership roles for over 20 years. She holds a Master of Science in Telecommunications Engineering & Management and is ITIL certified. She oversees enterprise cybersecurity strategy, architecture, and operations across a nationwide organization, directing a team responsible for identifying, assessing, and mitigating cybersecurity risks on an ongoing basis. Her experience includes leading incident response efforts, implementing disaster recovery capabilities, modernizing enterprise networks, supporting regulatory audits, and achieving strong third-party penetration testing and phishing resilience results. This leadership supports the Company's commitment to maintaining a secure, resilient, and well-governed technology environment. Under her direction, the Company establishes and executes enterprise-wide cybersecurity strategy, governance, and risk management practices designed to protect the confidentiality, integrity, and availability of our systems and data. She leads a dedicated team responsible for the continuous identification, assessment, and mitigation of cybersecurity threats and oversees incident response, disaster recovery, third-party security testing, and compliance with internal controls and audit requirements. Her oversight supports the Company's efforts to maintain a secure and resilient technology environment aligned with business objectives and regulatory expectations. Our information technology group monitors the latest developments in cybersecurity, including emerging threats and innovative risk management techniques. We have implemented and oversee processes for the regular monitoring of our information systems. This includes the deployment of advanced security measures and regular system audits to identify potential vulnerabilities. In the event of a cybersecurity incident, we are equipped with a defined and practiced incident response plan, which includes immediate actions to mitigate the impact and long-term strategies for remediation and prevention of future incidents. Our Board of Directors is responsible for overseeing our cyber risk. Our Vice President, Information Technology or other members of our information technology group provide at least semi-annual in-person updates to the Board that encompass a broad range of topics, including: - Current cybersecurity threat landscape and emerging threats; - Status of ongoing cybersecurity initiatives and strategies; - Incident reports and learnings from unique cybersecurity events, including those of other companies; and - Compliance status and efforts with regulatory requirements and industry standards. Furthermore, at the Board meetings at which our Vice President, Information Technology or other members of our information technology group do not provide in-person updates to the Board, our CEO or another executive team member typically provides current updates to the Board. In addition, our information technology group provides updates to the full Board upon request, or timely updates regarding unique developments such as regulatory updates or vulnerability developments. Our Board is composed of directors with diverse qualifications, skills and expertise, including risk management, technology and finance, that equips them to oversee cybersecurity risks effectively. For additional information concerning cybersecurity risks we face, see "General Risk Factors - Information system failures, cyber incidents or breaches in security could adversely affect us" in Item 1A. Risk Factors in Part I of this Annual Report on Form 10-K.

Company Information