NewLake Capital Partners, Inc. 10-K Cybersecurity GRC - 2026-03-06

Page last updated on March 6, 2026

NewLake Capital Partners, Inc. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2026-03-06 20:59:46 EST.

Filings

10-K filed on 2026-03-06

NewLake Capital Partners, Inc. filed a 10-K at 2026-03-06 20:59:46 EST
Accession Number: 0001854964-26-000006

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

ITEM 1C. CYBERSECURITY Risk Management and Strategy We employ a risk management strategy for the assessment, identification and management of material risks stemming from cybersecurity threats. Our methodologies involve a systematic evaluation of potential threats, vulnerabilities, and their potential impacts on our organization's operations, data, and systems. Our cybersecurity risk management program includes: - Risk assessments designed to help identify material cybersecurity risks to our critical systems, data and our IT environment; - The use of third-party service providers to assess, test or otherwise assist with aspects of our security controls; - Cybersecurity awareness training for our employees and senior management through the use of third-party providers for regular mandatory trainings; - A cybersecurity incident response plan that includes procedures for responding to cybersecurity incidents; and - Designing and assess our program using the National Institute of Standards and Technology ("NIST") Cybersecurity Framework as a set of guiding principles. Our third-party service providers are primarily responsible for the security of their own information technology environments and we rely on third-party service providers to supply and store our sensitive data in a secure manner. All of these third parties face potential risks relating to cybersecurity similar to ours which could disrupt their businesses and therefore adversely impact us. While we provide guidance and specific requirements in some cases, we do not directly control any of these parties' information technology security operations, or the amount of investment they place in guarding 45 against cybersecurity threats. Accordingly, we are subject to any flaws or breaches of their information technology systems, or those which they operate for us, which could have a material adverse effect on our financial condition or results of operations. Incident Risk We face certain ongoing risks from cybersecurity threats that, if realized, are reasonably likely to materially affect us, including our operations, business strategy, results of operations, or financial condition. See "Risk Factors - The occurrence of cyber incidents or cyberattacks could disrupt our operations, result in the loss of confidential information and/or damage our business relationships and reputation." We maintain an incident response process that includes escalation criteria for potentially material events, coordination with external advisors where appropriate, and procedures for timely evaluation of disclosure obligations. Governance Our board of directors considers cybersecurity risk as part of its risk oversight function and has delegated to the Audit Committee (the "Committee") oversight of cybersecurity and other information technology risks. The Committee oversees management's implementation of our cybersecurity risk management program. The Committee receives periodic reports from management on our potential cybersecurity risks and threats and receives presentations on cybersecurity topics. In addition, management oversees and identifies such risks from cybersecurity threats associated with our use of third-party service providers and works collaboratively with our third-party providers to test our systems security processes and prevent, monitor, detect, mediate and remediate cybersecurity threats and incidents, and will report such threats and incidents to the Committee when appropriate. The Committee reports to the full board of directors regarding its activities, including those related to cybersecurity. Our Chief Executive Officer , Anthony Coniglio, leads our cybersecurity risk assessment and management processes. Previously, Mr. Coniglio was the Chief Executive Officer of Primary Capital Mortgage Company ("PCM"), a residential mortgage company, where he was responsible for overseeing information technology, including cybersecurity, for the highly regulated business. Mr. Coniglio currently serves on the board of St. Mary's Hospital for Children, as chair of the IT & cybersecurity committee and as chair of the audit committee. Mr. Coniglio oversees the development and enhancement of internal controls designed to prevent, detect, address, and mitigate the risk of cyber incidents. Since 2021, we have retained a third-party information technology provider to develop and maintain our information technology infrastructure, cloud network, and assist in the development of cybersecurity and information technology policies. Our third-party provider is independently examined under the MSPAlliance(R) Cyber Verify program. Management plays a key role in incorporating cybersecurity risk considerations into our broader risk management framework and ensuring that essential priorities are communicated to the appropriate personnel. Management is responsible for approving cybersecurity processes, reviewing cybersecurity assessments and other cybersecurity-related matters, and responding to cybersecurity incidents, including reporting cybersecurity incidents to the Committee as described above. Our management team also evaluates the potential impact of cybersecurity incidents. If any such incidents occur, management's evaluation considers factors such as the nature. scope and materiality of the incident, and its effects on the Company's operations. As of the date of this Annual Report on Form 10-K, we have not identified of any risks from cybersecurity threats, including as a result of any previous cybersecurity incidents, that have materially affected or are reasonably likely to materially affect us, including our operations, business strategy, results of operations, or financial condition.

Company Information