FIRST REAL ESTATE INVESTMENT TRUST OF NEW JERSEY 10-K Cybersecurity GRC - 2025-01-29

Page last updated on January 29, 2025

FIRST REAL ESTATE INVESTMENT TRUST OF NEW JERSEY reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2025-01-29 09:12:16 EST.

Filings

10-K filed on 2025-01-29

FIRST REAL ESTATE INVESTMENT TRUST OF NEW JERSEY filed a 10-K at 2025-01-29 09:12:16 EST
Accession Number: 0001174947-25-000074

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

ITEM 1C CYBERSECURITY Cybersecurity Risk Management, Strategy and Governance As a company externally managed by Hekemian & Co., we rely on Hekemian & Co.’s information technology (“IT”) systems. Hekemian & Co.’s IT, communication networks, system applications, accounting and financial reporting platforms and related systems are integral to the operation of FREIT’s business. In its role as FREIT’s management company, Hekemian & Co. utilizes IT systems for financial analysis, management and reporting, facilitation of operations, including monitoring and optimization of various building management systems, and for initiation, generation and completion of residential and commercial leasing, internal communications, and various other aspects of FREIT’s business. Hekemian & Co.’s cybersecurity strategy is focused on detection, protection, incident response, security risk management and mitigation, and resiliency of the cybersecurity infrastructure. Hekemian & Co. evaluates, tests and updates various information security processes and policies designed to identify, assess and manage material risks from cybersecurity threats to its critical computer networks, third-party hosted services, communications systems, hardware and software, critical data, including confidential information that is proprietary, strategic or competitive in nature, as well as any personally identifiable information related to FREIT’s residents’, tenants’ and employees’ personal data. Hekemian & Co.’s cybersecurity risk management relies on a multidisciplinary team, including its information technology team, legal advisors, executive management, and third-party service providers to identify, assess, and manage cybersecurity threats and risks. Hekemian & Co.’s Chief Technology Officer (“CTO”) is responsible for managing the internal and external resources dedicated to cybersecurity. The CTO has been an integral part of the implementation of resources used and the security around the technology implemented. Hekemian & Co. identifies and assesses risks from cybersecurity threats by monitoring and evaluating the cybersecurity threat environment and the risk profile of Hekemian & Co. and FREIT. This multi-faceted approach to cybersecurity includes physical, administrative, and technical safeguards. To operate its IT systems, Hekemian & Co. engages certain third-party vendors to perform a variety of functions. Hekemian & Co. seeks to engage reliable, reputable service providers. Depending upon the nature of the services and the sensitivity of the data that a third-party service provider processes, Hekemian & Co.’s vendor management procedures may include reviewing certain aspects of a vendor’s operations where possible. Hekemian & Co.’s IT Security Incident Management Policy details the process and procedures to be followed in the event of a potential breach or a breach that occurred at a third-party provider. Additionally, Hekemian & Co. maintains a cybersecurity insurance policy to mitigate certain risks associated with cybersecurity incidents. FREIT and Hekemian & Co. are not currently aware of any risks from cybersecurity threats nor in the last fiscal year has FREIT or Hekemian & Co. had a previous cybersecurity incident that in either case has materially affected or is reasonably likely to materially affect FREIT, its business strategy, results of operations or financial condition. Any failure in or breach of operational or information security systems or those of our vendors as a result of cyber attacks or other security incidents, could materially adversely impact our operations and financial position, including disruption of our operations caused by an inability to access network systems, disclosure or misuse of confidential or proprietary information, damage to our reputation, and/or potentially significant legal and/or financial liabilities and penalties. FREIT’s Board of Directors considers cybersecurity risk as part of its risk oversight function and has delegated to the Audit Committee oversight responsibility over the cybersecurity strategy and risk management. The Audit Committee engages in regular discussions with executive management, including Hekemian & Co.’s CTO, regarding FREIT’s significant financial risk exposures and the measures implemented to monitor and control these risks, including those that may result from material cybersecurity threats. The Audit Committee reports to FREIT’s Board of Directors regarding its activities and cybersecurity matters as needed. Refer to Part 1, Item 1A, “Risk Factors” of this Form 10-K for a discussion of the risks to FREIT related to cybersecurity. 15

Company Information