TRANSCONTINENTAL REALTY INVESTORS INC - (TCI)

10-K Filing Date: March 21, 2024
ITEM 1C. CYBERSECURITY

We rely on the information technology and systems maintained by Pillar and their employees to identify and manage material risks from cybersecurity threats. Pillar takes various actions, and incurs significant costs, to maintain and manage the operation and security of information technology and systems, including the data maintained in those systems. We believe that Pillar’s Director of Information Technology and his associates endeavor to evaluate and address cyber risks in alignment with our business objectives, operational needs and industry-accepted standards, such as the National Institute of Standards and Technology and CIS Critical Security Controls frameworks. Since we rely on accounting, financial, operational, management and other information systems, including the Internet and third-party hosted services to conduct our operations, store personal and sensitive data, process financial information and results of operations for internal reporting purposes and comply with financial reporting, legal and tax requirements, we have processes and procedures in place to monitor the prevention, detection, mitigation and remediation of cybersecurity risks. These include, but are not limited to (i) maintaining a defined and practiced incident response plan; (ii) employing appropriate incident prevention and detection safeguards; (iii) maintaining a defined disaster recovery policy and employing disaster recovery software, where appropriate; (iv) educating, training and testing our user community on information security practices and identification of potential cybersecurity risks and threats; and (v) reviewing and evaluating new developments in the cyber threat landscape. Recognizing the complexity and evolving nature of cybersecurity risk, we engage with a range of external support in evaluating, monitoring and testing our cybersecurity management systems and related cyber risks.

The Audit Committee of the Board of Directors oversees cybersecurity matters, including the material risks related thereto, and regularly receives updates from Pillar’s Director of Information Technology regarding the development and advancement of its cybersecurity strategy, as well as the related risks. In the event of a cybersecurity incident, a detailed incident response plan is in place for contacting authorities and informing key stakeholders, including management. We do not believe we are reasonably likely to be materially affected from cybersecurity threats, including as a result of previous incidents.
11