CORRESP 1 filename1.htm Document
image.jpg
April 25, 2024

VIA EDGAR

United States Securities and Exchange Commission
Washington, D.C. 20549
Attention: Suzanne Hayes and James Lopez

RE:     Tyler Technologies, Inc. (the “Company”) CIK 0000860731

Ladies and Gentlemen:

Per your instructions received on April 24, 2024, after we returned our written response to your information request, we are also filing that response via Edgar. Please see the enclosed copy. 


Sincerely,

Brian Miller
Chief Financial Officer

Enclosure


image.jpg
April 24, 2024


United States Securities and Exchange Commission
Washington, D.C. 20549
Attention: Suzanne Hayes and James Lopez

RE:     Tyler Technologies, Inc. (the “Company”) CIK 0000860731

Ladies and Gentlemen:

Thank you for your letter dated April 22, 2024, regarding a cybersecurity incident that impacted STAR system client data (the “Cybersecurity Incident”).

We investigated the Cybersecurity Incident with the help of an external forensic team and other third-party advisors. Consistent with our established processes for such incidents, we also engaged high-level Company executives, including our Chief Legal Officer (“CLO”), Chief Financial Officer (“CFO”), and Chief Information Security Officer (“CISO”). The CLO, CFO, CISO and other leaders immediately began meeting, and met on a daily basis thereafter, to assess the Cybersecurity Incident’s impact on the Company and evaluate the Company’s related legal obligations, including our reporting obligations under the SEC’s Rule on Cybersecurity Risk Management, Strategy, Governance, and Incident Disclosure. The chair of the Audit Committee of the Board of Directors1 and our Chief Executive Officer were, and have remained, routinely briefed on the Cybersecurity Incident and potential risks and legal obligations arising therefrom.

Consistent with our reporting obligations and our disclosures to investors,2 we endeavored to take into consideration all relevant facts and circumstances when evaluating our reporting obligations, including quantitative and qualitative factors. We continuously re-evaluated our conclusions as new information concerning the incident became available to us. Among other things, we considered both the immediate impacts and any longer-term effects the Cybersecurity Incident could reasonably be expected to have on our operations, finances, brand perception, and customer relationships.

1 Tyler’s Audit Committee is charged with oversight of the Company’s information security risk management.
2 Tyler Technologies, Inc., Annual Report (Form 10-K) (Feb. 21, 2024) at 23, available at https://www.sec.gov/ix?doc=/Archives/edgar/data/860731/000086073124000006/tyl-20231231.htm.


image.jpg
At every turn, we concluded the Cybersecurity Incident was not material to the Company because: (i) there was not a substantial likelihood that a reasonable shareholder would consider the Cybersecurity Incident important in making an investment decision; and (ii) notification of the Cybersecurity Incident would not have significantly altered the “total mix” of information made available. As such, we did not report the Cybersecurity Incident under Item 1.05 of Form 8-K.

While we remain confident the Cybersecurity Incident was not and is not material to the Company, we will of course re-evaluate that conclusion if new information concerning the Cybersecurity Incident becomes available to us. We take this incident and our obligations under applicable securities laws very seriously.

Please let me know if you have any additional questions.

Sincerely,

Brian Miller
Chief Financial Officer

Cc: Abigail Diaz, Chief Legal Officer