Nuveen Global Cities REIT, Inc. 10-K Cybersecurity GRC - 2025-03-21

Page last updated on March 21, 2025

Nuveen Global Cities REIT, Inc. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2025-03-21 10:12:29 EDT.

Filings

10-K filed on 2025-03-21

Nuveen Global Cities REIT, Inc. filed a 10-K at 2025-03-21 10:12:29 EDT
Accession Number: 0001628280-25-014230

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

ITEM 1C. Cybersecurity As an externally managed company, our day-to-day operations are managed by our Advisor and our executive officers under the oversight of our board of directors. Our executive officers are senior Nuveen Real Estate professionals and our Advisor is a subsidiary of TIAA. As such, we are reliant on TIAA for assessing, identifying and managing material risks to our business from cybersecurity threats. Below are details TIAA has provided to us regarding its cybersecurity program that are relevant to us. Cybersecurity Program Overview TIAA, on our behalf, has a program and formal processes in place to assess, identify, and manage material risks from cybersecurity threats. Our business is dependent on the communications and information technology (“IT”) systems of TIAA and other third-party IT service providers to TIAA. TIAA and the Advisor manage our day-to-day operations and have implemented a cybersecurity program that applies to us and our operations. We depend on and engage various third parties and service providers, including suppliers, custodians, transfer agents, property management companies, and joint venture partners, to operate its commercial real estate and investment business. We rely on the expertise of risk management, legal, information technology, and compliance personnel of TIAA when identifying and overseeing risks from cybersecurity threats associated with our use of such entities. TIAA has instituted an enterprise cybersecurity program designed to identify, assess, and mitigate cyber risks applicable to TIAA, the Company, and other products, subsidiaries and affiliates of TIAA and their respective third-party service providers. This cyber risk management program is integrated into TIAA’s overall risk management program. It involves risk assessments, implementation of security measures, and ongoing monitoring of systems and networks, including networks on which we rely. TIAA relies on its internal subject matter experts and external experts, as needed, including but not limited to cybersecurity assessors, consultants, and auditors, to evaluate cybersecurity measures and risk management processes, applicable to the Company and other products, subsidiaries, and affiliates of TIAA. TIAA actively monitors the current cyber threat landscape in an effort to identify material risks arising from new and evolving cybersecurity threats, including material risks faced by the Company in connection with its day-to-day commercial real estate, investment, and other operations. Assessment of Cybersecurity Risk The potential impact of risks from cybersecurity threats on us are assessed on an ongoing basis, and how such risks could materially affect our business strategy, operational results, and financial condition are regularly evaluated. TIAA maintained appropriate cyber security policies and procedures during the 12-month period covered by this report and there were no material cybersecurity issues that affected us. Cybersecurity risk remains heightened to the financial industry, including us, and a failure in or breach of our systems or infrastructure, or those of a material third party or service provider, could cause disruption and adversely impact our operations. TIAA continues to invest in the cybersecurity program to protect against emerging threats, including threats against third parties and service providers. Cybersecurity Governance Our board of directors oversees risks from cybersecurity threats and has delegated responsibility for such oversight of cybersecurity matters to the audit committee. The audit committee receives periodic updates from TIAA’s cybersecurity leadership regarding the overall state of TIAA’s cybersecurity program, information on the current threat landscape, and risks from cybersecurity threats and cybersecurity incidents impacting us. TIAA’s management, including its Chief Information Security Officer , is responsible for assessing and managing material risks from cybersecurity threats to the TIAA organization, including us. TIAA’s Chief Information Security Officer and cybersecurity leaders have significant expertise in in this area, including in IT and cybersecurity engineering as well as cybersecurity leadership experience in other major financial institutions. Management of the Advisor is informed about and monitors the prevention, detection, mitigation, and remediation of cybersecurity incidents impacting us, including through the receipt of notifications from third party service providers and reliance on communications with cybersecurity, risk management, legal, IT, and/or compliance personnel of TIAA.

Company Information