EASTGROUP PROPERTIES INC - (EGP)
10-K Filing Date: February 14, 2024
ITEM 1C. CYBERSECURITY.
Cyber Risk Management and Strategy
EastGroup incorporates cybersecurity processes, which include periodic tests of its information security processes and systems by external firms, into the Company’s overall risk management program. EastGroup has processes and policies regarding incident response, identity and access management, employee training on cybersecurity matters, device management, and patch and vulnerability management, among others. We also maintain processes regarding third-party vendor risk management, including, as appropriate, conducting a review of security ratings of and System and Organization Controls (“SOC”) reports provided by potential vendors. Additionally, EastGroup works with cybersecurity consulting firms to help manage the Company’s cybersecurity risks. The cyber consulting firms currently conduct testing of EastGroup’s controls and environment, including penetration testing, to identify and remediate cybersecurity risks. They also currently provide EastGroup with advice on technology, infrastructure, management, and productivity in relation to its information technology capabilities, including conducting phishing exercises with the Company’s employees.
Additionally, EastGroup has information technology general controls in place in support of internal control over financial reporting. These controls are tested by the Company’s internal audit function and control deficiencies, if any, would be reported to senior management and the Audit Committee of the Board of Directors.
Governance Related to Cybersecurity Risks
EastGroup’s cybersecurity risk management process is assessed and managed by a cyber risk committee (“Cyber Risk Committee”), which includes the Company’s Chief Financial Officer (“CFO”), Chief Information Officer (“CIO”) and members of management within the information technology, finance and accounting, legal and internal audit functions. The CIO is a Certified Public Accountant (“CPA”), a Certified Information Technology Professional with the American Institute of CPAs and has 20 years of experience in the areas of cybersecurity and information technology. Collectively, other members of the Cyber Risk Committee have technical expertise and experience in accounting, financial reporting and auditing, and law and compliance.
16
The Company’s Board of Directors oversees EastGroup’s risk management process. Specifically, the Board of Directors has delegated to the Audit Committee, as reflected in the charter of the Audit Committee, responsibility for periodic review and oversight of the Company’s cybersecurity and other information technology risks, controls and procedures, including the Company’s plans to mitigate cybersecurity risks and to respond to data breaches. The Audit Committee receives periodic updates from the Cyber Risk Committee regarding these topics. Both senior management, including members of the Cyber Risk Committee, and the Audit Committee Chairperson report periodically on cybersecurity risk management to the full Board of Directors. Additionally, management conducts comprehensive risk surveys annually and presents the results of these surveys to the Board of Directors for discussion.