Page last updated on July 16, 2024
ALASKA AIR GROUP, INC. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-02-14 16:02:52 EST.
Filings
10-K filed on 2024-02-14
ALASKA AIR GROUP, INC. filed a 10-K at 2024-02-14 16:02:52 EST
Accession Number: 0000766421-24-000012
Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!
Item 1C. Cybersecurity.
ITEM 1C. CYBERSECURITY Air Group’s management and Board consider cybersecurity to be a critical component of the Company’s risk management plan. Our systems are subject to increasing and evolving cybersecurity risks. Unauthorized parties have attempted and continue to attempt to gain access to our systems and information, including through fraudulent misrepresentation and other means of deception. The systems of our suppliers, vendors, and other business partners are also at risk. The threat of cybersecurity incidents is included within our company’s annual enterprise risk management (ERM) program that assesses the most significant risks to the enterprise. Because of the industry in which we operate, we are subject to extensive regulatory requirements connected to cybersecurity, including but not limited to those overseen by the FAA, TSA, and DOT. As a result, it is imperative our cybersecurity risk management is well-planned and sufficiently robust to maintain compliance with these regulations. The Company’s Chief Information Security Officer (CISO) is responsible for management of material risks from cybersecurity threats. The CISO has multiple years of experience working in information and network security management, and has in-depth knowledge of compliance requirements and standards set by various regulatory agencies. The CISO leads a team dedicated to the prevention, mitigation, detection, and remediation of any cybersecurity incidents. If a potential incident is identified, the CISO is notified and engages the cybersecurity incident response team (CyberSIRT). This team is responsible for declaring a cybersecurity incident and is comprised of individuals from multiple relevant departments. In the event the CyberSIRT declares an incident, the CISO provides overall direction for the response and mitigation of the threat. This response includes actions 31 taken to protect our data and networks, evaluation of the potential materiality of the incident, and the communication of the incident to critical parties, including senior leadership and the Board of Directors. As part of our annual review of our cybersecurity risk management, we engage third-parties for a variety of processes including external audits, vulnerability assessments, and penetration tests. These processes help ensure our overarching strategy remains effective over time. The Board of Directors is responsible for overseeing management’s processes to identify and mitigate risks, including cybersecurity risks. The Board’s Audit Committee leads the review and discussion of cybersecurity threats with management and receives updates from the CISO each quarter. Senior management, including the CISO, are available to address questions or concerns from the Audit Committee related to our risk management plan. In 2023, we did not identify any cybersecurity threats that have materially affected or are reasonably likely to materially affect our organization. For additional discussion related to the Company’s consideration of cybersecurity risks and their potential impact on our business strategy, results of operations, or financial condition, please refer to Part I, Item 1A. “Risk Factors” in this document.
Company Information
Name | ALASKA AIR GROUP, INC. |
CIK | 0000766421 |
SIC Description | Air Transportation, Scheduled |
Ticker | ALK - NYSE |
Website | |
Category | Large accelerated filer |
Fiscal Year End | December 30 |