EASTGROUP PROPERTIES INC 10-K Cybersecurity GRC - 2025-02-12

Page last updated on February 12, 2025

EASTGROUP PROPERTIES INC reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2025-02-12 16:02:58 EST.

Filings

10-K filed on 2025-02-12

EASTGROUP PROPERTIES INC filed a 10-K at 2025-02-12 16:02:58 EST
Accession Number: 0000049600-25-000019

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. Cybersecurity" for further discussion. We may be impacted by changes in U.S. social, political, regulatory and economic conditions or laws and policies. Any changes to U.S. tax laws, duties, tariffs, changes to bilateral or regional trade agreements, manufacturing, and development and investment in the territories and countries where we and our customers operate could adversely affect our operating results and our business. ITEM 1B. UNRESOLVED STAFF COMMENTS. None. ITEM 1C. CYBERSECURITY. Cyber Risk Management and Strategy Cybersecurity risk management policies and processes are integrated into EastGroup’s enterprise risk management program. These policies and processes include incident response, identity and access management, employee training on cybersecurity matters, device management, patch management and vulnerability assessment. The Company also maintains processes regarding third-party vendor risk management, including, as appropriate, conducting a review of security ratings of and System and Organization Controls (“SOC”) reports provided by potential vendors. Additionally, EastGroup works with cybersecurity consulting firms to help manage the Company’s cybersecurity risks. The cyber consulting firms currently conduct testing of EastGroup’s controls and environment, including network penetration testing, to identify and remediate cybersecurity risks. They also currently provide EastGroup with advice on technology, infrastructure, management, and productivity in relation to its information technology capabilities, including training for all employees. This training supports information security awareness and adherence to Company policies and guidance through regular, mandatory training and random simulated phishing tests. Additionally, EastGroup has information technology general controls in place in support of internal control over financial reporting. These controls are tested by the Company’s internal audit function and control deficiencies, if any, would be reported to senior management and the Audit Committee of the Board of Directors. 16 As of the date of this report, the Company has not identified breaches from any cybersecurity threats, including as a result of any prior cybersecurity incidents, that have materially affected or are reasonably likely to affect operations, business strategy or financial condition. For additional information regarding our cybersecurity risks, see “Item 1A. Risk Factors - We rely on information technology in our operations, and any material failure, inadequacy, interruption or cyber-attack of that technology could harm our business.” Governance Related to Cybersecurity Risks EastGroup’s cybersecurity risk management process is assessed and managed by a cyber risk committee (“Cyber Risk Committee”), which includes the Company’s Chief Financial Officer (“CFO”), Chief Information Officer (“CIO”) and members of management within the information technology, finance and accounting, legal and internal audit functions. The CIO is a Certified Public Accountant (“CPA”), a Certified Information Technology Professional with the American Institute of CPAs and has over 20 years of experience in the areas of cybersecurity and information technology. Collectively, other members of the Cyber Risk Committee have technical expertise and experience in accounting, financial reporting and auditing, and law and compliance. The Company’s Board of Directors oversees EastGroup’s risk management process. Specifically, the Board of Directors has delegated to the Audit Committee, as reflected in the charter of the Audit Committee, responsibility for periodic review and oversight of the Company’s cybersecurity and other information technology risks, controls and procedures, including the Company’s plans to mitigate cybersecurity risks and to respond to data breaches. The Audit Committee receives periodic updates from the Cyber Risk Committee regarding these topics. Both senior management, including members of the Cyber Risk Committee, and the Audit Committee Chairperson report periodically on cybersecurity risk management to the full Board of Directors. Additionally, management conducts comprehensive risk surveys annually and presents the results of these surveys to the Board of Directors for discussion.
ITEM 1C. CYBERSECURITY. Cyber Risk Management and Strategy Cybersecurity risk management policies and processes are integrated into EastGroup’s enterprise risk management program. These policies and processes include incident response, identity and access management, employee training on cybersecurity matters, device management, patch management and vulnerability assessment. The Company also maintains processes regarding third-party vendor risk management, including, as appropriate, conducting a review of security ratings of and System and Organization Controls (“SOC”) reports provided by potential vendors. Additionally, EastGroup works with cybersecurity consulting firms to help manage the Company’s cybersecurity risks. The cyber consulting firms currently conduct testing of EastGroup’s controls and environment, including network penetration testing, to identify and remediate cybersecurity risks. They also currently provide EastGroup with advice on technology, infrastructure, management, and productivity in relation to its information technology capabilities, including training for all employees. This training supports information security awareness and adherence to Company policies and guidance through regular, mandatory training and random simulated phishing tests. Additionally, EastGroup has information technology general controls in place in support of internal control over financial reporting. These controls are tested by the Company’s internal audit function and control deficiencies, if any, would be reported to senior management and the Audit Committee of the Board of Directors. 16 As of the date of this report, the Company has not identified breaches from any cybersecurity threats, including as a result of any prior cybersecurity incidents, that have materially affected or are reasonably likely to affect operations, business strategy or financial condition. For additional information regarding our cybersecurity risks, see “Item 1A. Risk Factors - We rely on information technology in our operations, and any material failure, inadequacy, interruption or cyber-attack of that technology could harm our business.” Governance Related to Cybersecurity Risks EastGroup’s cybersecurity risk management process is assessed and managed by a cyber risk committee (“Cyber Risk Committee”), which includes the Company’s Chief Financial Officer (“CFO”), Chief Information Officer (“CIO”) and members of management within the information technology, finance and accounting, legal and internal audit functions. The CIO is a Certified Public Accountant (“CPA”), a Certified Information Technology Professional with the American Institute of CPAs and has over 20 years of experience in the areas of cybersecurity and information technology. Collectively, other members of the Cyber Risk Committee have technical expertise and experience in accounting, financial reporting and auditing, and law and compliance. The Company’s Board of Directors oversees EastGroup’s risk management process. Specifically, the Board of Directors has delegated to the Audit Committee, as reflected in the charter of the Audit Committee, responsibility for periodic review and oversight of the Company’s cybersecurity and other information technology risks, controls and procedures, including the Company’s plans to mitigate cybersecurity risks and to respond to data breaches. The Audit Committee receives periodic updates from the Cyber Risk Committee regarding these topics. Both senior management, including members of the Cyber Risk Committee, and the Audit Committee Chairperson report periodically on cybersecurity risk management to the full Board of Directors. Additionally, management conducts comprehensive risk surveys annually and presents the results of these surveys to the Board of Directors for discussion.

Company Information