Systems may be critical to the operations of certain of our tenants. We own and manage some of these IT Systems but also rely on third parties for a range of IT Systems and related products and services. And we collect, maintain and process confidential, sensitive, and proprietary information about investors, tenants, partners, businesses, our employees, and others, including personally identifiable information, as well as confidential, sensitive, and proprietary information belonging to our business such as trade secrets (collectively, “Confidential Information”). We face numerous and evolving cybersecurity risks that threaten the confidentiality, integrity and availability of our IT Systems and Confidential Information. The risk of a cyber incident has generally increased as the number, intensity and sophistication of attempted attacks have increased globally, including by computer hackers, foreign governments, information service interruptions and cyber terrorists, opportunistic hackers and hacktivists, as well as through diverse attack vectors, such as social engineering/phishing, malware (including ransomware), malfeasance by insiders, human or technological error, and as a result of bugs, misconfigurations or exploited vulnerabilities in software or hardware. Techniques used in cyber incidents evolve frequently, may originate from less regulated and remote areas of the world and be difficult to detect and may not be recognized until launched against a target. Accordingly, we may be unable to anticipate these techniques or to implement adequate security barriers or other preventative measures, and thus it is impossible for us to entirely mitigate this risk. For example, unauthorized parties, whether within or outside the Company, may disrupt or gain access to our IT Systems, those of our tenants, or those of other third parties with whom we do business, through human error, misfeasance, fraud, trickery, or other forms of deceit, including break-ins, use of stolen credentials, social engineering, phishing, computer viruses or other malicious codes, and similar means of unauthorized and destructive tampering. The risk of a security breach or significant disruption has generally increased due to our increased reliance on technology, a rise in the number, intensity, and sophistication of attempted attacks globally, and the permanent nature of remote work as business travel has resumed and people now routinely work remotely outside of normal business hours. A breach or significant and extended disruption in the functioning of our systems, including our primary website, could damage our reputation and cause us to lose customers, tenants and revenues, generate third party claims, cause operational disruption, result in the unintended and/or unauthorized public disclosure or the misappropriation of Confidential Information, and require us to incur significant expenses to address and remediate or otherwise resolve these kinds of issues. We may not be able to recover these expenses in whole or in any part from our service providers or responsible parties, or their or our insurers. Additionally, cyber-attacks perpetrated against our tenants, including unauthorized access to customers’ credit card data and other confidential information, could diminish consumer confidence and spending at our tenants, or negatively impact consumer perception of shopping at our properties, all of which could materially and adversely affect us. As have many companies, we and our third party vendors have been impacted by security incidents in the past and will likely continue to experience security incidents of varying degrees. While we do not believe these incidents have had a material impact to date, as our reliance on technology increases, so do the risks of a security incident. The occurrence of any of the foregoing risks could have a material adverse effect on us. In addition, our processing of Confidential Information, including personally identifiable information, subjects us to various federal, state and local laws, regulations and industry standards governing the collection, use, storage, sharing, transmission and other processing of personal information. The regulatory environment surrounding information security and privacy is increasingly demanding, with frequent imposition of new and changing requirements that are subject to differing interpretations. Any failure or perceived failure by us to comply with laws, regulations, policies or regulatory guidance relating to privacy or data security may result in governmental investigations and enforcement actions, litigation, fines and penalties or adverse publicity and could cause our investors to lose trust in us, which could have an adverse effect on our reputation and business. There can be no assurance that our cybersecurity risk management program and processes, including our policies, controls or procedures, will be fully implemented, complied with or effective in protecting our systems and information. Our international activities may subject us to risks that are different from or greater than those associated with our domestic operations. As of December 31, 2023, we held interests in consolidated and joint venture properties that operate in Austria, Canada, France, Italy, Germany, Japan, Malaysia, Mexico, the Netherlands, South Korea, Spain, Thailand, and the United Kingdom. We also have an equity stake in Klépierre, a publicly traded European real estate company which operates in 14 countries in Europe, and in TRG, which has an interest in regional, super-regional, and outlet malls in the United States and Asia. Accordingly, our operating results and the value of our international operations may be impacted by any unhedged movements in the foreign currencies in which those operations transact and in which our net investment in those international operations is held. While we occasionally enter into hedging agreements to manage our exposure to changes in foreign exchange rates, these agreements may not eliminate foreign currency risk entirely.
25
Powered by FlippingBook