• a team comprised of IT security, infrastructure, and compliance personnel principally responsible for directing (1) our cybersecurity risk assessment processes, (2) our security processes, and (3) our response to cybersecurity incidents, supported by legal, human resources, corporate security and other internal resources; • the use of external cybersecurity service providers, where appropriate, to assess, test or otherwise assist with aspects of our security processes, which enable us to leverage specialized knowledge and insights, with the goal of ensuring our cybersecurity strategies and processes remain at the forefront of industry best practices; • cybersecurity awareness training of employees with access to our IT systems; • a cybersecurity incident response plan and Security Operations Center (“SOC”) to respond to cybersecurity incidents; and • a third-party risk management process for service providers. We have not identified risks from known cybersecurity threats, including as a result of any prior cybersecurity incidents, that have materially affected us, including our operations, business strategy, results of operations, or financial condition. We face certain ongoing risks from cybersecurity threats that, if realized, are reasonably likely to materially affect us, including our operations, business strategy, results of operations, or financial condition. See further discussion in Item 1A. Risk Factors. Cybersecurity Governance Our Board of Directors considers cybersecurity risk as critical to the enterprise and delegates the cybersecurity risk oversight function to the Audit Committee. The Audit Committee oversees and is regularly updated on management’s design, implementation and enforcement of our cybersecurity risk management program. The Audit Committee is composed of board members with diverse expertise including, risk management, technology, and finance, equipping them to oversee cybersecurity risks. Our Chief Financial Officer periodically provides reports to the Audit Committee, and, together with our Chief Technology Officer and Director of Cybersecurity, leads the Company’s overall cybersecurity function. The Audit Committee receives regular reports on our cybersecurity risks, including briefings on our cyber risk management program and cybersecurity incidents. Audit Committee members also receive periodic presentations on cybersecurity, IT and data protection topics. Our Chief Financial Officer oversees our CSIRT, whose members have years of experience working in cybersecurity and certifications including CISSP (Certified Information Systems Security Professional), CCSP (Certified Cloud Security Professional), CGRC (Certification in Governance of Enterprise IT), GIAC (Global Information Assurance Certification) and GCED (GIAC Certified Enterprise Defender). Our CSIRT supervises efforts to prevent, detect, mitigate, and remediate cybersecurity risks and incidents through various means, which include briefings from internal security personnel; threat intelligence and other information obtained from governmental, public or private sources, including external cybersecurity service providers; and alerts and reports produced by security tools deployed in the IT environment. The CSIRT is responsible for assessing and managing our material risks from cybersecurity threats. They have primary responsibility for leading our overall cybersecurity risk management program and supervise both our internal cybersecurity personnel and our external cybersecurity service providers. Item 2. Properties United States Properties Our U.S. properties primarily consist of malls, Premium Outlets, The Mills, lifestyle centers and other retail properties. These properties contain an aggregate of approximately 171.8 million square feet of gross leasable area, or GLA. Malls typically contain at least one department store anchor or a combination of anchors and big box retailers with a wide variety of smaller stores connecting the anchors. Additional stores are usually located along the perimeter of the parking area. Our 93 malls are generally enclosed centers and range in size from approximately 270,000 to 2.7 million square feet of GLA. Premium Outlets generally contain a wide variety of designer and manufacturer stores located in open-air centers. Our 69 Premium Outlets range in size from approximately 150,000 to 920,000 square feet of GLA. The Premium Outlets are generally located within a close proximity to major metropolitan areas and/or tourist destinations.
27
Powered by FlippingBook