CAMDEN PROPERTY TRUST 10-K Cybersecurity GRC - 2025-02-20

Page last updated on February 20, 2025

CAMDEN PROPERTY TRUST reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2025-02-20 15:21:20 EST.

Filings

10-K filed on 2025-02-20

CAMDEN PROPERTY TRUST filed a 10-K at 2025-02-20 15:21:20 EST
Accession Number: 0000906345-25-000008

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. Cybersecurity Addressing cybersecurity risks is a priority for us. We have in place systems of internal controls as well as business continuity and disaster recovery plans, and we regularly perform assessments of these systems and plans to address cybersecurity and technology. Our cybersecurity program has been developed based on industry standards set by the National Institute of Standards and Technology (“NIST”) and includes a comprehensive set of security policies and procedures which guide our protection strategy against threats by utilizing the following measures: identifying critical assets and high-risk threats; implementing cybersecurity detection, controls, and remediation practices; implementing a third-party risk management program to evaluate our cyber position; and, evaluating our cybersecurity program effectiveness by auditing risk and performing both internal and external testing. In addition to a dedicated information technology cybersecurity team monitoring our daily operations, we annually assess our cybersecurity program against the NIST framework and engage outside security firms to conduct penetration tests and assist with monitoring of daily operations. We require annual cybersecurity awareness training for all of our employees to aid in promptly identifying and reporting potential or actual issues. Additionally, our dedicated information technology cybersecurity team undertakes regular robust cybersecurity training to increase cybersecurity awareness, internal expertise, and readiness efforts. We install and regularly update antivirus software on all Company managed systems and workstations in an effort to detect and prevent malicious code. We conduct ongoing security breach and phishing simulations to raise awareness of various critical security threats. Periodically, we run tabletop exercises involving members of the Company’s management team intended to simulate a response to a cybersecurity incident and use the findings to improve our policies and procedures. In addition to these procedures we have in place, we also maintain cybersecurity insurance to cover certain losses and damages caused by a cybersecurity incident. All third-party service providers or vendors utilized as part of the Company’s cybersecurity framework are required to comply with our policies regarding non-public personal information and information security. Our cybersecurity program is led by our Senior Vice President - Strategic Services and Chief Information Officer (“CIO”) and our Chief Information Security Officer (“CISO”). Our CIO also serves as the Chair of our Cybersecurity Executive Oversight Committee (“CEOC”), comprised of our CISO and other senior executives representing various teams and functions of the Company including legal, finance, accounting, investor relations, and operations. The CEOC supports efforts to evaluate the materiality of any incidents, determines whether notice to third parties such as residents or vendors is required, and determines whether any disclosures to stakeholders are required. The CEOC is also responsible for ensuring the Company’s management and Board of Trust Managers (“Board”) are fully aware of key activities and events associated with our cybersecurity program on an ongoing basis. Our entire Board is actively involved in overseeing risk management and the Audit Committee Charter tasks the Audit Committee with providing oversight of management’s guidelines and policies to govern the process by which risk assessments and risks are managed, including the Company’s major financial risk exposures and the steps management has taken to monitor and control such exposures. The Audit Committee also discusses with management the processes undertaken to evaluate our systems of disclosure controls and procedures, including those relating to cybersecurity risk management. Our CIO reports quarterly to the Audit Committee and Board regarding cybersecurity matters, which includes emerging cybersecurity threats and the risk landscape as well as updates on our cybersecurity program and related readiness, resiliency, and response efforts. Like other businesses, we have been, and expect to continue to be, subject to attempts on unauthorized access, mishandling or misuse, computer viruses or malware, cyber-attacks, and intrusions and other events of varying degrees. To date, we have not experienced a material cybersecurity incident nor are we aware of any of our third-party outside service providers experiencing such an incident. For a discussion on certain of the Company’s cybersecurity-related risks, see Item 1A under the heading “Risk Factors-Risks Associated with Our Operations - A cybersecurity incident and other technology disruptions could negatively impact our business. "

Company Information