Our comprehensive cybersecurity program maintains a strong focus on protecting the Company, our customers, partners, and vendors.

Cybersecurity continues to be a priority for PotlatchDeltic, and we have assembled a strong, multi-disciplined team to address current and future cybersecurity and privacy challenges faced by our industry. Our team has implemented certain best practices to secure system and network resources, and to protect the confidentiality of customer, vendor, and employee information.

We have strong governance, controls, policies, and practices, led by the Information Technology Director, who works with our Information Security Director and regularly reports to the Audit Committee of the Board of Directors. Our cybersecurity defense strategy includes access controls, monitoring, employee training, and breach response.

We devote significant resources to protecting and improving the security of our systems, and we partner with leading security firms to periodically review our program to help adjust priorities to the fast-evolving threat landscape. During 2021, we conducted an external cybersecurity assessment that concluded our program maturity is above the average of other manufacturing and natural resource peers.

PotlatchDeltic’s Information Security Program is aligned with the National Institute of Standards and Technology’s (NIST) Framework for Improving Critical Infrastructure Cybersecurity and uses a robust process to identify, detect, evaluate, and mitigate cyber risk. We continually evaluate threat levels for the most prevalent attack types and strengthen our controls to reduce the likelihood and impact of advanced malware, data leakage, and denial of service attacks. We continue to enhance our cybersecurity capabilities, including advanced threat detection, access controls, vulnerability management processes, and back-up and recovery structures.

A key component of our defense strategy is ensuring employees are aware of cybersecurity threats and can recognize and report issues. As part of this ongoing effort, all computer users receive annual cybersecurity training to learn how to spot and report potential threats. In addition, PotlatchDeltic uses continuous internal phishing campaigns to test our employees’ cyber knowledge and provides supplemental training when necessary. These efforts are paying dividends as we continue to see successful phishing incidents decrease year over year, and employees recognize and report more phishing emails.

To reduce the risk and the potential impact of a cyber-attack on our manufacturing plants. We use logical separation to isolate our manufacturing environments from potential malware delivery vehicles such as email and VPN access. We continually evaluate vulnerabilities that impact the software and hardware used to run our manufacturing equipment, and appropriately mitigate those risks. We have replaced over 200 obsolete hardware endpoints in the last two years as we continue to strengthen our cyber defenses that protect our manufacturing assets. Finally, we ensure that adequate backup and disaster recovery structures are in place to make recovery from a cyber event more efficient.

In the event of a breach, we have robust incident response processes in place to ensure that strong forensic techniques are followed, and all regulatory and legal requirements are addressed. PotlatchDeltic is committed to protecting against and to detecting cyber threats but understands that having strong recovery and response processes in place is vital.