AMREP CORP. - (AXR)

10-K Filing Date: July 23, 2024
Item 1C. Cybersecurity

The Company has cybersecurity risk management processes, including physical, technological and administrative controls, intended to protect the confidentiality, integrity and availability of the Company’s information technology infrastructure and systems or any information residing therein. The Company relies on third party service providers to operate, maintain and monitor its information technology infrastructure and systems and to assess, identify and manage material risks from cybersecurity threats with respect thereto. The Company’s management monitors its service providers. The Company’s service providers are tasked with notifying the Company’s management of any material cybersecurity incident that negatively impacts the Company’s information technology infrastructure and systems or any information residing therein. Material and potentially material cybersecurity incidents would be assessed by the Company’s executive officers for remediation and future prevention and detection.

Notwithstanding the Company’s processes for assessing, identifying and managing risks from cybersecurity threats, the Company may not be successful in preventing or mitigating a cybersecurity incident that could have a material adverse effect on the Company. During 2024 and 2023, the Company is not aware of any risks from cybersecurity threats, including as a result of any previous cybersecurity incidents, that have materially affected or are reasonably likely to materially affect the Company, including its business strategy, results of operations or financial condition.

4

The Board of Directors of the Company oversees the Company’s risk management program as part of its general oversight function. The Board of Directors has delegated to the Audit Committee of the Board of Directors of the Company the responsibility for reviewing and discussing with management the Company’s policies with respect to risk assessment and risk management and for reviewing contingent risks that may be material to the Company, including cybersecurity risks. The Audit Committee engages in regular discussions with the Company’s executive officers regarding the Company’s significant risk exposures and the measures implemented to monitor and control these risks, including cybersecurity risks. The Audit Committee also reports relevant material information regarding any such risks to the Board of Directors. The Company’s executive officers are responsible for identifying and assessing material risks for the business on an ongoing basis, including cybersecurity risks. Although the Company’s executive officers do not have cybersecurity expertise, their experience managing the Company, which includes consulting and coordinating as necessary with its service providers, enables them to effectively assess and manage material risks from cybersecurity threats.