Clipper Realty Inc. - (CLPR)

10-K Filing Date: March 14, 2024
ITEM 1C. CYBERSECURITY

 

Risk management and strategy

 

Our corporate information technology, communication networks, enterprise applications, accounting and financial reporting platforms, and related systems are necessary for the operation of our business. We use these systems, among others, to manage our tenant and vendor relationships, for internal communications, for accounting to operate record-keeping function, and for many other key aspects of our business. Our business operations rely on the secure collection, storage, transmission, and other processing of proprietary, confidential, and sensitive data.

 

We rely on a third-party service providers, to identify, assess, and manage cybersecurity threats and risks. We identify and assess risks from cybersecurity threats by monitoring and evaluating our threat environment and our risk profile using various methods including, for example, subscribing to reports and services that identify cybersecurity threats and evaluating our industry’s risk profile.

 

To operate our business, we utilize certain third-party service providers to perform a variety of functions. We seek to engage reliable, reputable service providers that maintain cybersecurity programs.

 

We are not aware of any risks from cybersecurity threats, including as a result of any cybersecurity incidents, which have materially affected or are reasonably likely to materially affect our Company, including our business strategy, results of operations, or financial condition. See “Item 1A. Risk factors” in this Annual Report on Form 10-K, for additional discussion about cybersecurity-related risks.

 

Governance

 

Our Board of Directors holds oversight responsibility over the Company’s strategy and risk management, including material risks related to cybersecurity threats. This oversight is executed directly by the Board of Directors and through its committees. The Audit Committee of the Board of Directors (the “Audit Committee”) oversees process by which senior management of the Company assesses and manages the Company’s exposure to risk, including cybersecurity, in accordance with its charter. The Audit Committee engages in discussions with management regarding the Company’s significant financial risk exposures and the measures implemented to monitor and control these risks, including those that may result from material cybersecurity threats. These discussions include the Company’s risk assessment and risk management policies.

 

Our management, represented by our IT Director, and our third-party information technology provider lead our cybersecurity risk assessment and management processes and oversee their implementation and maintenance.

 

Our cybersecurity incident response and vulnerability management processes are designed to escalate certain cybersecurity incidents to members of management depending on the circumstances. In addition, the Company’s incident response processes include reporting to the Audit Committee for certain cybersecurity incidents.