Sila Realty Trust, Inc. 10-K Cybersecurity GRC - 2026-02-25

Page last updated on February 25, 2026

Sila Realty Trust, Inc. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2026-02-25 16:32:10 EST.

Filings

10-K filed on 2026-02-25

Sila Realty Trust, Inc. filed a 10-K at 2026-02-25 16:32:10 EST
Accession Number: 0001567925-26-000008

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. Cybersecurity. We have developed, implemented, and integrated a cybersecurity program, or the Cybersecurity Program, into our broader risk management structure to protect our information systems by using physical, technical, and administrative safeguards. This includes measures designed to assess, identify, monitor, report, and remediate cybersecurity threats. The Cybersecurity Program aims to prevent unauthorized data exfiltration, manipulation, and destruction, as well as system and transactional disruption. The Cybersecurity Program utilizes a threat-centric and risk-based approach to identify and assess cybersecurity threats that could affect our business and information systems based on industry frameworks such as the National Institute of Standards and Technology Cybersecurity Framework, or the NIST Framework. Our Cybersecurity Program includes the following processes: - Conducting annual control reviews, annual policy reviews and annual investments in our security infrastructure; - Periodically testing our information systems to assess our vulnerability to cyber risk, including targeted penetration testing and vulnerability scanning; - Collaborating with our internal audit team to evaluate the effectiveness of our Cybersecurity Program and communicating results to our executive officers; - Providing mandatory cybersecurity training to all employees, including regular phishing awareness campaigns and regular security awareness trainings; - Leveraging the NIST Framework for an annual assessment of the Cybersecurity Program; - Maintaining business continuity, contingency and recovery plans to promptly respond to and recover from cybersecurity incidents; - Conducting security assessments of third-party service providers with access to personal, confidential or proprietary information before engagement and engaging in ongoing monitoring of such providers; - Implementing processes to confirm that agreements with third parties contain data security and privacy terms as appropriate; - Retaining a third-party cybersecurity provider for incident response services for certain cybersecurity incidents and conducting a table top response exercise with the third-party cybersecurity provider and certain company personnel at lease annually; and - Maintaining cybersecurity risk insurance that could help defray the costs of a cybersecurity incident. Through our incident response plan, we have designated a cybersecurity management team, or the Cybersecurity Management Team, composed of our executive officers and management representatives. Led by our Vice President of Information Technology & Corporate Facilities , our Cybersecurity Management Team is responsible for the management of the Cybersecurity Program and for the day-to-day investigation of and response to potential cybersecurity incidents. The goals of the incident response plan are to prevent, detect and contain cybersecurity incidents, determine their scope and risk, respond appropriately to the incident, communicate the results and risk to relevant stakeholders, and reduce the likelihood of the incident reoccurring. Our Vice President of Information Technology & Corporate Facilities has served in this role since 2018. In this role, he manages and oversees the Company's network and information systems. Additionally, he works with the executive officers, management representatives and third-party experts to maintain the Company's Cybersecurity Program. Our Vice President of Information Technology & Corporate Facilities possesses extensive experience in technology and cybersecurity gained over his career spanning more than 25 years, including service as the Executive Director of Business Applications as well as a senior implementer and business consultant. The Board plays a role in overseeing risks associated with cybersecurity threats and has delegated to the Audit Committee primary oversight of the Cybersecurity Program. Our executive officers report on our Cybersecurity Program to the Audit Committee at least four times per year (including as part of our discussions regarding enterprise risk management) and provide updates to the full Board regarding these topics as appropriate. Our quarterly updates to the Audit Committee include a discussion of our Cybersecurity Program measures and controls, including our internal auditor's review and our internal monitoring of cybersecurity risks. As part of the incident response plan discussed above, in the event we experience a cybersecurity incident that could materially affect us, including our business strategy, results of operations, or financial condition, our executive officers (who are also a part of the Cybersecurity Management Team) will review the cybersecurity incident with the Audit Committee and full Board as appropriate. We face risks from cybersecurity threats that could have a material adverse effect on our business strategy, results of operations or financial conditions. See "Risk Factors - General Risk Factors - Cybersecurity risks and incidents may adversely affect our business by causing a disruption to our operations, a compromise or corruption of our confidential information, and/or damage to our business relationships, all of which could negatively impact our financial results" in Part I, Item 1A of this Annual Report on Form 10-K for a discussion of these risks. As of December 31, 2025 we have not had any known instances of material cybersecurity incidents, including third-party incidents, during any of the prior three fiscal years.

Company Information