DYNEX CAPITAL INC 10-K Cybersecurity GRC - 2024-02-26

Page last updated on July 16, 2024

DYNEX CAPITAL INC reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-02-26 16:30:42 EST.

Filings

10-K filed on 2024-02-26

DYNEX CAPITAL INC filed a 10-K at 2024-02-26 16:30:42 EST
Accession Number: 0000826675-24-000011

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

ITEM 1C. CYBERSECURITY The Company recognizes cybersecurity as crucial to protecting its business and employees’ sensitive information. The Company has implemented and maintains a Security Incident Response Policy, as part of its enterprise-wide risk management system, which is intended to ensure that the Dynex information technology (“IT”) systems function properly and successfully assess, identify, contain, investigate, remedy, report, and respond to information security risks, threats or incidents. The Company’s IT services including, but not limited to, service desk support, endpoint management, network and server administration, cloud engineering, and cybersecurity and incident management, are provided by third-party consultants who are employed on a contract basis. Our IT consultants report directly to the Company’s CFO for executive oversight and accountability. To mitigate the risk of a cybersecurity incident both internally and with third-parties, the Company’s IT consultants provide mandatory cybersecurity training for all employees and contractors. They also conduct periodic training and awareness campaigns by sending employees simulated phishing attacks. Results of these simulated phishing attacks are reviewed and reported to management and the Board of Directors. In addition to training of its employees and consultants, the Company’s devices and servers are equipped with cybersecurity software applications, which are continuously monitored by an expert third-party managed security service provider that has numerous certifications recognized in the IT industry and provides security services for several Fortune 100 companies and certain highly secure government agencies. Different data analytics techniques are used to detect suspicious system behavior, provide contextual information, and block malicious activity. Any detected threat or malicious activity will immediately alert the security team for further investigation and remediation. The Audit Committee oversees the Company’s enterprise risk management program, which includes an annual assessment of cybersecurity risk. As a part of this assessment, the Audit Committee reviews and discusses the risks identified by management and the Company’s policies and practices in place to mitigate those cybersecurity-related risks. Management presents to the Board of Directors on our cybersecurity strategy, results of testing and training and, as needed, to inform the Board of Directors and Audit Committee of any new or emerging threats or risks. The Company is not aware of any material breaches in its cybersecurity operations during the three years ended December 31, 2023. Further, the Company has not identified any cybersecurity threats likely to materially affect the Company’s business strategy, results of operations, or financial conditions. For more information, please also refer to our risk factor related to our reliance on third-party service providers under Item 1A, “Risk Factors” of this Annual Report on Form 10-K. 23


Company Information

NameDYNEX CAPITAL INC
CIK0000826675
SIC DescriptionReal Estate Investment Trusts
TickerDX - NYSEDX-PC - NYSE
Website
CategoryAccelerated filer
Fiscal Year EndDecember 30