Whitestone REIT - (WSR)
10-K Filing Date: March 13, 2024
Risk Management and Strategy
Ensuring the protection of sensitive data is fundamental to our operational integrity and strategic vision. Cybersecurity and data protection form essential pillars of our long-term strategy, safeguarding confidential information concerning our business, employees, customers, suppliers, and shareholders.
Our corporate infrastructure, including information technology systems, communication networks, enterprise applications, and financial platforms, serves as vital tools for our business operations. These systems support crucial functions such as tenant and vendor management, internal communications, and financial record-keeping, underscoring the criticality of secure data collection, storage, and transmission.
To mitigate material risks posed by cybersecurity threats to our critical networks, third-party services, and data assets, we have instituted a comprehensive suite of information security processes. These measures encompass the diligent identification, assessment, and management of potential risks, threat monitoring services, and vulnerability assessments.
Our cybersecurity risk management strategy is underpinned by three key principles:
• | Cross-Functional Collaboration and Coordination: We foster collaboration among various departments, including our information security function, legal team, management, and third-party service providers, to effectively identify, assess, and manage cybersecurity risks. |
• | Ongoing Evaluation and Assessment of Systems and Processes: We continuously evaluate and enhance our systems and processes to adapt to evolving cybersecurity threats, ensuring the resilience and effectiveness of our security measures. |
• | Security Awareness Program: We conduct regular training and testing programs to enhance the cybersecurity awareness and readiness of our personnel, empowering them to actively contribute to our cybersecurity efforts. |
Additionally, we engage third-party providers to augment our cybersecurity capabilities. These partnerships entail ongoing assistance for threat monitoring and mitigation, as well as targeted support for specialized security expertise.
As of December 31, 2023, we have not detected any cybersecurity threats, including prior incidents, that have materially impacted the Company, our business strategy, our financial results, or our financial health. For an examination of cybersecurity threats that could potentially have a material impact on us, please refer to our Risk Factors discussion in the section titled "We face risks relating to Cybersecurity attacks, loss of confidential information and other business disruptions" in this Form 10-K.
Governance
Aligned with our risk management governance structure, our management team oversees the daily management of cybersecurity risk, while our Board and its Audit Committee maintain an active and ongoing oversight role, with the Audit Committee receiving regular reports from management regarding cybersecurity risks and countermeasures being undertaken or considered, including updates to the internal and external cybersecurity landscape and relevant technical developments.