EASTGROUP PROPERTIES INC 10-K Cybersecurity GRC - 2024-02-14

Page last updated on July 16, 2024

EASTGROUP PROPERTIES INC reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-02-14 16:54:47 EST.

Filings

10-K filed on 2024-02-14

EASTGROUP PROPERTIES INC filed a 10-K at 2024-02-14 16:54:47 EST
Accession Number: 0000049600-24-000021

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. Cybersecurity" for further discussion. We may be impacted by changes in U.S. social, political, regulatory and economic conditions or laws and policies. Any changes to U.S. tax laws, foreign trade, manufacturing, and development and investment in the territories and countries where our customers operate could adversely affect our operating results and our business. ITEM 1B. UNRESOLVED STAFF COMMENTS. None. ITEM 1C. CYBERSECURITY. Cyber Risk Management and Strategy EastGroup incorporates cybersecurity processes, which include periodic tests of its information security processes and systems by external firms, into the Company’s overall risk management program. EastGroup has processes and policies regarding incident response, identity and access management, employee training on cybersecurity matters, device management, and patch and vulnerability management, among others. We also maintain processes regarding third-party vendor risk management, including, as appropriate, conducting a review of security ratings of and System and Organization Controls (“SOC”) reports provided by potential vendors. Additionally, EastGroup works with cybersecurity consulting firms to help manage the Company’s cybersecurity risks. The cyber consulting firms currently conduct testing of EastGroup’s controls and environment, including penetration testing, to identify and remediate cybersecurity risks. They also currently provide EastGroup with advice on technology, infrastructure, management, and productivity in relation to its information technology capabilities, including conducting phishing exercises with the Company’s employees. Additionally, EastGroup has information technology general controls in place in support of internal control over financial reporting. These controls are tested by the Company’s internal audit function and control deficiencies, if any, would be reported to senior management and the Audit Committee of the Board of Directors. Governance Related to Cybersecurity Risks EastGroup’s cybersecurity risk management process is assessed and managed by a cyber risk committee (“Cyber Risk Committee”), which includes the Company’s Chief Financial Officer (“CFO”), Chief Information Officer (“CIO”) and members of management within the information technology, finance and accounting, legal and internal audit functions. The CIO is a Certified Public Accountant (“CPA”), a Certified Information Technology Professional with the American Institute of CPAs and has 20 years of experience in the areas of cybersecurity and information technology. Collectively, other members of the Cyber Risk Committee have technical expertise and experience in accounting, financial reporting and auditing, and law and compliance. 16 The Company’s Board of Directors oversees EastGroup’s risk management process. Specifically, the Board of Directors has delegated to the Audit Committee, as reflected in the charter of the Audit Committee, responsibility for periodic review and oversight of the Company’s cybersecurity and other information technology risks, controls and procedures, including the Company’s plans to mitigate cybersecurity risks and to respond to data breaches. The Audit Committee receives periodic updates from the Cyber Risk Committee regarding these topics. Both senior management, including members of the Cyber Risk Committee, and the Audit Committee Chairperson report periodically on cybersecurity risk management to the full Board of Directors. Additionally, management conducts comprehensive risk surveys annually and presents the results of these surveys to the Board of Directors for discussion.
ITEM 1C. CYBERSECURITY. Cyber Risk Management and Strategy EastGroup incorporates cybersecurity processes, which include periodic tests of its information security processes and systems by external firms, into the Company’s overall risk management program. EastGroup has processes and policies regarding incident response, identity and access management, employee training on cybersecurity matters, device management, and patch and vulnerability management, among others. We also maintain processes regarding third-party vendor risk management, including, as appropriate, conducting a review of security ratings of and System and Organization Controls (“SOC”) reports provided by potential vendors. Additionally, EastGroup works with cybersecurity consulting firms to help manage the Company’s cybersecurity risks. The cyber consulting firms currently conduct testing of EastGroup’s controls and environment, including penetration testing, to identify and remediate cybersecurity risks. They also currently provide EastGroup with advice on technology, infrastructure, management, and productivity in relation to its information technology capabilities, including conducting phishing exercises with the Company’s employees. Additionally, EastGroup has information technology general controls in place in support of internal control over financial reporting. These controls are tested by the Company’s internal audit function and control deficiencies, if any, would be reported to senior management and the Audit Committee of the Board of Directors. Governance Related to Cybersecurity Risks EastGroup’s cybersecurity risk management process is assessed and managed by a cyber risk committee (“Cyber Risk Committee”), which includes the Company’s Chief Financial Officer (“CFO”), Chief Information Officer (“CIO”) and members of management within the information technology, finance and accounting, legal and internal audit functions. The CIO is a Certified Public Accountant (“CPA”), a Certified Information Technology Professional with the American Institute of CPAs and has 20 years of experience in the areas of cybersecurity and information technology. Collectively, other members of the Cyber Risk Committee have technical expertise and experience in accounting, financial reporting and auditing, and law and compliance. 16 The Company’s Board of Directors oversees EastGroup’s risk management process. Specifically, the Board of Directors has delegated to the Audit Committee, as reflected in the charter of the Audit Committee, responsibility for periodic review and oversight of the Company’s cybersecurity and other information technology risks, controls and procedures, including the Company’s plans to mitigate cybersecurity risks and to respond to data breaches. The Audit Committee receives periodic updates from the Cyber Risk Committee regarding these topics. Both senior management, including members of the Cyber Risk Committee, and the Audit Committee Chairperson report periodically on cybersecurity risk management to the full Board of Directors. Additionally, management conducts comprehensive risk surveys annually and presents the results of these surveys to the Board of Directors for discussion.


Company Information

NameEASTGROUP PROPERTIES INC
CIK0000049600
SIC DescriptionReal Estate Investment Trusts
TickerEGP - NYSE
Website
CategoryLarge accelerated filer
Fiscal Year EndDecember 30