ARBOR REALTY TRUST INC - (ABR)
10-K Filing Date: February 20, 2024
Item 1C. Cybersecurity
Our management recognizes the critical importance of addressing cybersecurity threats and risks to our business and operations. Therefore, we have established a comprehensive framework to assess, respond to, and manage material risks arising from cybersecurity threats.
Our chief technology officer and the Cybersecurity Incident Response Team (“IRT”) are responsible for assessing and managing cybersecurity risks. The IRT is comprised of individuals with expertise in information security, technology, legal and risk management. The IRT continually monitors cybersecurity incidents and potential threats. It liaises with external cybersecurity experts and industry partners to stay current on emerging threats and best practices. The diverse expertise of the IRT members enables comprehensive risk assessment and swift responses to mitigate the potential impact of breaches or other cybersecurity incidents.
We actively engage consultants, outside counsel and other technology experts to enhance our cybersecurity risk management processes, who perform regular assessments and evaluations of the effectiveness of our cybersecurity measures. In addition to third party engagements, we maintain rigorous oversight of cybersecurity risks associated with our use of third party service providers. Vendor management processes are employed to evaluate vendors' cybersecurity practices, assess risk position and implement measures to mitigate potential threats arising from these external relationships.
The Board of Directors has been designated to oversee cybersecurity risk management. Its members possess diverse expertise, which enables them to effectively evaluate the adequacy of our cybersecurity measures and challenge management's approach when necessary. The chief technology officer provides regular updates to our chief executive officer and Board of Directors on cybersecurity risks, ongoing initiatives, incidents, response activities and strategies. The Board of Directors acknowledges cybersecurity as a strategic risk and a priority for the Company. The Board of Directors is actively involved in the oversight of our cybersecurity risk management efforts, ensuring alignment with our overall business objectives.
Our commitment to cybersecurity resilience is rooted in the collaborative efforts between management, the IRT and the Board of Directors. We continuously strive to strengthen our cybersecurity measures to protect our systems, data, customers and stakeholders from evolving threats. To date, cybersecurity incidents and risks have not materially affected us, including our business strategy, results of operations, or financial condition.
For more details on our cybersecurity risk management, please refer to the relevant sections of this Form 10-K.