Millrose Properties, Inc. 10-K Cybersecurity GRC - 2025-03-31

Page last updated on March 31, 2025

Millrose Properties, Inc. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2025-03-31 16:18:06 EDT.

Filings

10-K filed on 2025-03-31

Millrose Properties, Inc. filed a 10-K at 2025-03-31 16:18:06 EDT
Accession Number: 0001193125-25-068773

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. Cybersecurity Risks Management and Strategy As an externally managed company, our day-to-day operations are managed by our Manager and our executive officers under the oversight of our Board. As such, we rely on our Manager’s cybersecurity program, as discussed herein, for assessing, identifying, and managing material risks to our business from cybersecurity threats. With oversight from our Board, the Manager and our executive officers have implemented an enterprise-wide information security program designed to identify, protect against, detect, assess, respond to, and manage reasonably foreseeable cybersecurity risks and threats to our systems, some of which are supported by third parties. These processes are integrated into our overall risk management systems. To protect our systems from cybersecurity threats, the Manager uses various security tools that help prevent, identify, escalate, investigate, resolve and recover from identified vulnerabilities and security incidents in a timely manner. These include, but are not limited to, internal reporting and monitoring and detection tools. Our risk management processes extend into the oversight and identification of threats associated with our use of third-party service providers, including through due diligence of such providers’ cybersecurity practices, contractual obligations to operate their IT systems in accordance with cybersecurity standards and ongoing monitoring. The Manager and our executive officers are responsible for establishing and monitoring the integrity and effectiveness of our controls and other procedures, which are designed to ensure that all information required to be disclosed is recorded, processed, summarized and reported accurately and on a timely basis, and all such information is accumulated and communicated to management and the Audit Committee, as appropriate, to allow for timely decisions regarding such disclosures. The controls and procedures subject to the Board’s oversight include processes related to managing material risks from cybersecurity threats. As of the date of this Form 10-K, we are not aware of any risks from cybersecurity threats, including as a result of any cybersecurity incidents, that have materially affected or are reasonably likely to materially affect us, including in our business strategy, results of operations or financial condition. However, our business is highly dependent on our ability to collect, use, store and manage organizational and property data. If any of our significant information and data management systems do not operate properly or are disabled, we could suffer a material disruption of our business or managing real estate, loss of sensitive data, regulatory intervention, breach of confidentiality or other contract provisions, or reputational damage. These systems may fail to operate properly or become disabled as a result of events wholly or partially beyond our control, including disruptions of electrical or communications services, natural disasters, political instability, terrorist attacks, sabotage, computer viruses, deliberate attempts to disrupt our computer systems through “hacking,” “phishing,” or other forms of both deliberate or unintentional cyber-attack, or our inability to occupy our office location. See “Part I, Item 1A. Risk Factors” for more information on risks from cybersecurity threats that are reasonably likely to materially affect our business strategy, results of operations and financial condition. Governance The Audit Committee oversees Millrose’s risk management policies, including the management of risks arising from cybersecurity threats and the steps that management has taken to protect against threats to Millrose’s information systems and security. Our Chief Technology Officer, works to conceive, implement and monitor the program designed to protect information systems from cybersecurity threats and to promptly respond to any security incidents. Our Chief Technology Officer will promptly notify the General Counsel and other executive officers of any cybersecurity events, with material cybersecurity events promptly communicated to the Audit Committee and publicly disclosed as deemed necessary.

Company Information