Seaport Entertainment Group Inc. 10-K Cybersecurity GRC - 2025-03-10

Page last updated on March 10, 2025

Seaport Entertainment Group Inc. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2025-03-10 16:50:56 EDT.

Filings

10-K filed on 2025-03-10

Seaport Entertainment Group Inc. filed a 10-K at 2025-03-10 16:50:56 EDT
Accession Number: 0001558370-25-002600

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

ITEM 1C. CYBERSECURITY Risk Management and Strategy We regularly assess risks from cybersecurity threats, monitor our information systems for potential vulnerabilities and test those systems pursuant to our cybersecurity policies and procedures, which are integrated into the Company’s overall risk management framework . To protect our information systems from cybersecurity threats, we use various security tools that help us identify, escalate, investigate, resolve, and recover from security incidents in a timely manner. We also conduct annual risk-based penetration testing and provide cybersecurity training for applicable employees. Where appropriate, we engage external advisors and consultants to assist with various aspects of our cybersecurity program and processes . We rely on our systems and networks to support our business activities. As some of these networks and systems are managed by third parties, our cybersecurity program also includes evaluation and monitoring of cybersecurity risks associated with our use of third-party service providers. Based on their risk profiles, we contractually require certain third parties with access to our information systems or data to maintain cybersecurity programs and to report actual or suspected security incidents to us. Additionally, we monitor and identify cybersecurity risks posed by third-party vendors based on their criticality and risk profile, who provide software and/or hardware to the Company or otherwise have access to our Company systems and have a cyber review process that is part of vendor onboarding. Additionally, the management team of the Company has developed a cyber incident response plan to deploy in the event of a cyber incident. This plan is reviewed at least annually and tested from time to time through tabletop exercises involving management and other key personnel, and may also include participation from the Board and outside experts. As part of regular business continuity planning, department heads are required to consider key technology systems used by their respective teams and the impact to the Company and other stakeholders in the event that such systems become compromised or unavailable. To date, we have not identified any risks from cybersecurity threats , including as a result of previous cybersecurity incidents, that have materially affected or that we believe are reasonably likely to materially affect the Company, including our business strategy, results of operations or financial condition. Refer to the risk factor captioned “Cybersecurity risks and incidents, such as a breach of the Company’s privacy or information security systems, or those of our vendors or other third parties, could compromise our information and expose us to liability, which would cause our business and reputation to suffer.” in Part I, ITEM 1A. “Risk Factors” for additional description of cybersecurity risks and potential related impacts on the Company. Governance Our Board of Directors oversees our risk management process, including with respect to cybersecurity risks, directly and through its committees. The Audit Committee of the Board oversees our risk management program, which focuses on the most significant risks we face in the short-, intermediate-, and long-term timeframe. Audit Committee meetings include discussions of specific risk areas throughout the year, including, among others, those relating to cybersecurity, and reports on our enterprise risk profile. Our SVP of Technology , who reports directly to the Chief Financial Officer and has over 25 years of experience managing information technology and cybersecurity matters , is primarily responsible for leading the assessment and management of cybersecurity risks and reports periodically to the Audit Committee on cybersecurity strategy and risks. Our SVP of Technology stays informed about and monitors the prevention, detection, mitigation and remediation of security incidents through various channels, including but not limited to briefings from the operational team members, threat intelligence sources, and alerts from security tools deployed in our IT environment .

Company Information