|
Cybersecurity Risk Management, Strategy and Governance
|12 Months Ended
Dec. 31, 2024
|Cybersecurity Risk Management, Strategy, and Governance [Line Items]
|Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]
|
ITEM 1C. CYBERSECURITY
Risk Management and Strategy
City Office REIT recognizes the importance of developing, implementing, and maintaining robust cybersecurity measures to safeguard our information systems and protect the confidentiality, integrity, and availability of our data.
The Company has integrated cybersecurity risk management into our overall risk assessment framework to identify, evaluate and manage cybersecurity threats and risks. Our CFO works closely with our IT service provider and internal auditors to continuously evaluate and address cybersecurity risks in alignment with our business objectives and operational needs.
Recognizing the complexity and evolving nature of cybersecurity threats, the Company engages with internal auditors and a range of external experts, including cybersecurity assessors and consultants, in evaluating and testing our systems and security processes. These partnerships enable us to leverage specialized knowledge and insights, ensuring our cybersecurity strategies and processes remain at the forefront of industry best practices. Our collaboration with these third-parties includes reviews of cybersecurity-related processes and controls in line with current international cybersecurity standards to evaluate the maturity and risks of our current cybersecurity program and consults on security enhancements. The Company further collaborates with these third-parties to conduct threat assessments, penetration testing and social engineering testing to assess the Company’s systems, applications and personnel education and awareness regarding cybersecurity threats. As we are aware of the risks associated with third-party service providers, the Company maintains ongoing monitoring to ensure compliance with our service level requirements.
We do not believe that our Company, including our business strategy, results of operations, or financial condition, have been materially affected by any cybersecurity incidents for the reporting period covered by this Annual Report on Form 10-K. For further discussion of the risks we face from cybersecurity threats, including those that could materially affect us, refer to “Item 1A. Risk Factors” in this Annual Report on Form 10-K, including “We face risks associated with security breaches through cyber-attacks, cyber intrusions or otherwise, as well as other significant disruptions of our IT networks and related systems.”
Governance
The Board of Directors and Audit Committee are acutely aware of the critical nature of managing risks associated with cybersecurity threats. The Audit Committee is composed of Board members with diverse expertise, including in risk management, technology and finance, equipping them to oversee cybersecurity risks effectively. The Audit Committee is central to the Board’s oversight of cybersecurity risks and bears the primary responsibility for this domain.
The CFO and CEO play a pivotal role in informing the Audit Committee on cybersecurity risks. The CFO regularly informs the CEO of all aspects related to cybersecurity risks and incidents ensuring the highest levels of management are kept abreast of the cybersecurity posture and potential risks facing the Company. They provide briefings to the Audit Committee as needed, with a minimum frequency of once per year. These briefings encompass a broad range of topics, including:
•
Current cybersecurity landscape and emerging threats;
•
Status of ongoing cybersecurity initiatives and strategies;
•
Incident reports and learnings from any cybersecurity events; and
•
Compliance with regulatory requirements and industry standards.
Monitoring
While we have not had any material cybersecurity breaches to our knowledge, the CFO is continually informed about the latest developments in cybersecurity, including potential threats and risk management techniques. The CFO implements and oversees processes for the regular monitoring of our information systems. This includes the deployment of security measures and system audits as needed to identify potential vulnerabilities. In the event of a cybersecurity incident, the CFO is equipped with an incident response plan. This plan includes immediate actions to mitigate the impact and long-term strategies for remediation and prevention of future incidents.
|Cybersecurity Risk Management Processes Integrated [Flag]
|true
|Cybersecurity Risk Management Processes Integrated [Text Block]
|The Company has integrated cybersecurity risk management into our overall risk assessment framework to identify, evaluate and manage cybersecurity threats and risks.
|Cybersecurity Risk Role of Management [Text Block]
|Our CFO works closely with our IT service provider and internal auditors to continuously evaluate and address cybersecurity risks in alignment with our business objectives and operational needs.
|Cybersecurity Risk Management Third Party Engaged [Flag]
|true
|Cybersecurity Risk Third Party Oversight and Identification Processes [Flag]
|true
|Cybersecurity Risk Board of Directors Oversight [Text Block]
|
Governance
The Board of Directors and Audit Committee are acutely aware of the critical nature of managing risks associated with cybersecurity threats. The Audit Committee is composed of Board members with diverse expertise, including in risk management, technology and finance, equipping them to oversee cybersecurity risks effectively. The Audit Committee is central to the Board’s oversight of cybersecurity risks and bears the primary responsibility for this domain.
The CFO and CEO play a pivotal role in informing the Audit Committee on cybersecurity risks. The CFO regularly informs the CEO of all aspects related to cybersecurity risks and incidents ensuring the highest levels of management are kept abreast of the cybersecurity posture and potential risks facing the Company. They provide briefings to the Audit Committee as needed, with a minimum frequency of once per year. These briefings encompass a broad range of topics, including:
•
Current cybersecurity landscape and emerging threats;
•
Status of ongoing cybersecurity initiatives and strategies;
•
Incident reports and learnings from any cybersecurity events; and
•
Compliance with regulatory requirements and industry standards.
|Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block]
|
The Board of Directors and Audit Committee are acutely aware of the critical nature of managing risks associated with cybersecurity threats. The Audit Committee is composed of Board members with diverse expertise, including in risk management, technology and finance, equipping them to oversee cybersecurity risks effectively. The Audit Committee is central to the Board’s oversight of cybersecurity risks and bears the primary responsibility for this domain.
|Cybersecurity Risk Management Positions or Committees Responsible [Flag]
|true
|Cybersecurity Risk Management Positions or Committees Responsible [Text Block]
|The CFO and CEO play a pivotal role in informing the Audit Committee on cybersecurity risks. The CFO regularly informs the CEO of all aspects related to cybersecurity risks and incidents ensuring the highest levels of management are kept abreast of the cybersecurity posture and potential risks facing the Company.
|Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block]
|They provide briefings to the Audit Committee as needed, with a minimum frequency of once per year.
|Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block]
|The CFO regularly informs the CEO of all aspects related to cybersecurity risks and incidents ensuring the highest levels of management are kept abreast of the cybersecurity posture and potential risks facing the Company.
|Cybersecurity Risk Management Expertise of Management Responsible [Text Block]
|the CFO is continually informed about the latest developments in cybersecurity, including potential threats and risk management techniques.
|Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag]
|false
|Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag]
|true
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef