LTC PROPERTIES INC - (LTC)

10-K Filing Date: February 15, 2024
Item 1C. CYBERSECURITY

Cybersecurity is an integral part of risk management at our company. Cybersecurity is overseen by LTC’s Board of Directors (the “Board”) and the Audit Committee of the Board (the “Audit Committee”), along with subject matter experts serving our company including our information technology director. Pursuant to its charter, the Audit Committee has the responsibility and duty to review and discuss with management on a regular basis our company’s programs, policies and procedures related to information security and data protection, including data privacy and network security, as they relate to financial reporting. The Board and the Audit Committee receive reports on cybersecurity from management at least quarterly and more often as needed. These reports on cybersecurity typically encompasses the nature and threats, defense and detection capabilities, and training activities at our company.

We routinely provide education, such as simulated phishing campaigns, to our employees to mitigate material risks from cybersecurity threats. This education includes cybersecurity training for new employees and training modules sent monthly to all employees. We also use various authentication technologies and third-party monitoring to mitigate material risks from cybersecurity threats. We annually retain a third-party vendor to test our information systems security and we annually review information systems security protocols of our vendors that interact with our financial data. We maintain insurance coverage that may, subject to policy terms and conditions, including deductibles, cover particular aspects of cybersecurity risk, such as social engineering and computer system fraud. However, it is possible such coverage may not fully insure all future costs or losses associated with all types of cybersecurity incidents such as ransomware.

We are not aware of any material losses to our business or results of operations in the past three years due to information technology systems failures, data breaches, or other cybersecurity incidents.

26