XML 101 R27.htm IDEA: XBRL DOCUMENT v3.25.1
Cybersecurity Risk Management and Strategy Disclosure
 12 Months Ended
Dec. 31, 2024
Cybersecurity Risk Management, Strategy, and Governance [Line Items]  
Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]
Risk Management and Strategy

We maintain an Enterprise Risk Management (“ERM”) program to identify and respond to the most critical risks to our business, including cybersecurity risks. Risks and vulnerabilities from our increased reliance on information technology systems are assessed at least annually as part of our ERM program. In response to such assessments, controls are embedded into our processes and technology by our Director of Operations & Information Technology to seek to mitigate risks to our systems and processes from cybersecurity incidents. We continuously evaluate if we have adequate controls in place utilizing a risk-based approach that aligns with the National Institute of Standards and Technology Cybersecurity Framework (NIST).
Our information technology department diligently monitors our daily operations, overseeing the security of our computer networks through implemented systems and processes aimed at safeguarding sensitive data. Utilizing encryption and authentication technologies, we fortify our systems against unauthorized access and data loss. This proactive approach ensures the integrity and confidentiality of our data, mitigating potential risks posed by cyber threats.
In assessing cybersecurity risks, we adopt a risk-based approach, particularly concerning third-party vendors integral to our operations. Vendors meeting specific criteria, including ownership and operation of information technology networks critical to our operations, undergo evaluation across various domains such as data security and operations management. Effective communication channels with these vendors are maintained to enable timely notification of any cybersecurity incidents that could impact our company.
Although risks from cybersecurity threats have to date not materially affected, and we do not believe they are reasonably likely to materially affect, us, our business strategy, results of operations or financial condition, like other companies in our industry, we could, from time to time, experience threats and security incidents related to our and our third-party vendors’ information systems. For more information, please see Item 1A. Risk Factors - Increased Information Technology (“IT”) security threats and more sophisticated computer crime could pose a risk to our systems, networks, and services.
Our Director of Operations & Information Technology regularly evaluates the Company’s cybersecurity risk profile and leads the development of strategies to mitigate risks and address cybersecurity issues that may arise, in consultation with members of our senior management team.
We have formal policies and procedures that address cybersecurity incident response and disaster recovery from interference with our critical applications. Our Cybersecurity Incident Response Plan provides a documented framework for responding to cybersecurity incidents in coordination across multiple departments. In the event of such an incident, our Cybersecurity Incident Response Team (“CIRT”), which is comprised of our Director of Operations & Information Technology, Director of Risk Management and representatives from Risk Management, Legal and Financial Reporting, would respond to such incident in accordance with our Cybersecurity Incident Response Plan. Any cybersecurity incident that meets certain criteria will be communicated by the CIRT to senior management and the Board in a timely manner, and will be evaluated by our Executive Management Team, comprised of certain executives, to assess the impact of the incident on the Company, considering qualitative and quantitative factors. In conducting this assessment and responding to an incident, the CIRT and Executive Management Team may utilize the services of third-party consultants.
Cybersecurity user awareness training is mandatory for all new hires and for existing employees on an annual basis to help protect our employees and the Company against cybersecurity threats. This annual training is customized to address specific cybersecurity challenges and scenarios that we may face within the real estate investment industry. Novel cybersecurity threats to the Company that are identified by our Information Technology team are communicated to all employees by email, as needed, in an effort to promote awareness and protect the Company from cyber-attacks.
Cybersecurity Risk Management Processes Integrated [Flag] true
Cybersecurity Risk Management Processes Integrated [Text Block]
Our information technology department diligently monitors our daily operations, overseeing the security of our computer networks through implemented systems and processes aimed at safeguarding sensitive data. Utilizing encryption and authentication technologies, we fortify our systems against unauthorized access and data loss. This proactive approach ensures the integrity and confidentiality of our data, mitigating potential risks posed by cyber threats.
Cybersecurity Risk Management Third Party Engaged [Flag] true
Cybersecurity Risk Third Party Oversight and Identification Processes [Flag] true
Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag] false
Cybersecurity Risk Board of Directors Oversight [Text Block]
Our Board of Directors assigned specific oversight responsibility for cybersecurity to our Audit Committee, which also oversees our general risk management. The Audit Committee reviews and discusses with management our policies, practices, and risks related to information security and cybersecurity.
Our Chief Executive Officer has primary responsibility for assessing, monitoring, and managing cybersecurity risks. To strengthen our cybersecurity posture, we engage with external consultants for regular risk assessments, penetration testing, and vulnerability analyses, allowing for proactive identification and mitigation of potential threats. We also rigorously verify the cybersecurity practices of our third-party service providers, vendors, and partners, conducting due diligence before establishing relationships and ongoing monitoring to verify compliance with our cybersecurity standards.
Our Principal Financial Officer provides an update to the Audit Committee on any risks related to cybersecurity on a quarterly basis. Our incident response plan includes notifying the Audit Committee, and then the Board of Directors, of any material threats or incidents that arise.
Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block] Our Board of Directors assigned specific oversight responsibility for cybersecurity to our Audit Committee, which also oversees our general risk management.
Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block]
Our Chief Executive Officer has primary responsibility for assessing, monitoring, and managing cybersecurity risks. To strengthen our cybersecurity posture, we engage with external consultants for regular risk assessments, penetration testing, and vulnerability analyses, allowing for proactive identification and mitigation of potential threats. We also rigorously verify the cybersecurity practices of our third-party service providers, vendors, and partners, conducting due diligence before establishing relationships and ongoing monitoring to verify compliance with our cybersecurity standards.
Our Principal Financial Officer provides an update to the Audit Committee on any risks related to cybersecurity on a quarterly basis. Our incident response plan includes notifying the Audit Committee, and then the Board of Directors, of any material threats or incidents that arise.
Cybersecurity Risk Role of Management [Text Block]
Our Chief Executive Officer has primary responsibility for assessing, monitoring, and managing cybersecurity risks. To strengthen our cybersecurity posture, we engage with external consultants for regular risk assessments, penetration testing, and vulnerability analyses, allowing for proactive identification and mitigation of potential threats. We also rigorously verify the cybersecurity practices of our third-party service providers, vendors, and partners, conducting due diligence before establishing relationships and ongoing monitoring to verify compliance with our cybersecurity standards.
Cybersecurity Risk Management Positions or Committees Responsible [Flag] true
Cybersecurity Risk Management Positions or Committees Responsible [Text Block] Our Chief Executive Officer has primary responsibility for assessing, monitoring, and managing cybersecurity risks. To strengthen our cybersecurity posture, we engage with external consultants for regular risk assessments, penetration testing, and vulnerability analyses, allowing for proactive identification and mitigation of potential threats.
Cybersecurity Risk Management Expertise of Management Responsible [Text Block] We also rigorously verify the cybersecurity practices of our third-party service providers, vendors, and partners, conducting due diligence before establishing relationships and ongoing monitoring to verify compliance with our cybersecurity standards.
Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block] Our Principal Financial Officer provides an update to the Audit Committee on any risks related to cybersecurity on a quarterly basis.
Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag] true