CNSREIT-AR-2024 Final - Flipbook - Page 95
"
Cohen & Steers9 Head of IT Infrastructure oversees the infrastructure and service desk within its IT department
and has served in various roles in information technology for over 13 years.
Members of Cohen & Steers9 Cybersecurity Management, including its CISO and its CTO, are responsible for hiring
appropriate personnel, helping to integrate cybersecurity risk considerations into the Cohen & Steers9 overall risk
management strategy and communicating key priorities to relevant personnel. Members of Cohen & Steers9 Cybersecurity
Management, including its CISO and its CTO, are responsible for approving budgets, helping prepare for cybersecurity
incidents, approving cybersecurity processes and reviewing security assessments and other security-related reports.
Cohen & Steers9 cybersecurity incident response plan is a key component of its cybersecurity program. The response
plan is designed to report certain cybersecurity incidents to members of Cybersecurity Management, who then work with
Cohen & Steers9 incident response team to help control, mitigate and remediate cybersecurity incidents. In addition, the
response plan includes prompt reporting to our Board (or the audit committee) of certain cybersecurity incidents and
related materiality and disclosure determinations.
Our Board has delegated the primary responsibility for oversight and review of the Company9s cybersecurity program
to the audit committee. The audit committee actively participates in discussions regarding cybersecurity risk exposures and
steps taken by management of Cohen & Steers to monitor and mitigate such risks, further to their responsibility to manage,
oversee and remain informed about the most significant risks to our Company and align our risk exposure with our
strategic and business objectives. At least annually, the audit committee reviews with the Advisor and Cohen & Steers9
CISO and its CTO Cohen & Steers9 cybersecurity program, including the robustness and efficacy of Cohen & Steers9
overall cybersecurity program, steps taken to enhance defenses and security measures in place and its established plans to
identify, detect and respond to threats Cohen & Steers may encounter. The audit committee also annually reviews and
discusses with the Advisor cyber insurance coverage. In addition, as necessary, our Board (or the audit committee) receives
reports and communications from the Advisor regarding material risks and specific developments that may cover topics
such as: the Advisor9s computerized information system controls; the impact of new cybersecurity-related rules and
regulations; changes in the threat environment including new and emergent risks; and evolving information security
standards and market practices, including with respect to peers and third parties. As of December 31, 2024, neither we nor
Cohen & Steers had experienced any cyber incidents that have materially affected or are reasonably likely to materially
affect our business strategy, results of operations or financial condition.
Item 2. Properties
Investments in Real Properties
For an overview of our real estate investments, see Part II. Item 7.
