UNITED STATES CELLULAR CORP 10-K Cybersecurity GRC - 2024-02-16

Page last updated on July 16, 2024

UNITED STATES CELLULAR CORP reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-02-16 07:44:09 EST.

Filings

10-K filed on 2024-02-16

UNITED STATES CELLULAR CORP filed a 10-K at 2024-02-16 07:44:09 EST
Accession Number: 0000821130-24-000007

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. Cybersecurity of this Form 10-K for additional information. 26) Disruption in credit or other financial markets, a deterioration of U.S. or global economic conditions or other events could, among other things, impede UScellular’s access to or increase the cost of financing its operating and investment activities and/or result in reduced revenues and lower operating income and cash flows, which would have an adverse effect on UScellular’s business, financial condition or results of operations. Disruptions in the credit and financial markets, declines in consumer confidence, increases in unemployment, declines in economic growth, increased tariffs on import goods, sudden increases in inflation and uncertainty about corporate earnings could have a significant negative impact on the U.S. and global financial and credit markets and the overall economy. Such events could have an adverse impact on financial institutions resulting in limited access to capital and credit for many companies. Furthermore, economic uncertainties make it very difficult to accurately forecast and plan future business activities. Changes in economic conditions, changes in financial markets, changes in U.S. trade policies, deterioration in the capital markets or other factors could have an adverse effect on UScellular’s business, financial condition, revenues, results of operations and cash flows. 27) The impact of public health emergencies on UScellular’s business is uncertain, but depending on duration and severity could have a material adverse effect on UScellular’s business, financial condition or results of operations. Public health emergencies pose the risk that UScellular or its associates, agents, partners and suppliers may be unable to conduct business activities for an extended period of time and/or provide the level of service expected. UScellular’s ability to attract customers, maintain an adequate supply chain and execute on its business strategies and initiatives could be negatively impacted by public health emergencies. Additionally, public health emergencies could cause increased unemployment and an economic downturn, both of which could negatively impact UScellular. The extent of the impact of public health emergencies on UScellular’s business, financial condition and results of operations will depend on the severity and duration of the emergency, actions taken by governmental authorities and other possible direct and indirect consequences, all of which are uncertain and cannot be predicted. Item 1B. Unresolved Staff Comments None. Item 1C. Cybersecurity The UScellular information security program aligns with the National Institute of Standards and Technology (NIST) cybersecurity framework. Risk assessments are conducted periodically leveraging this standard and are integrated into the UScellular Enterprise Risk Management (ERM) program. The assessment results are used to drive continuous improvement in the UScellular cybersecurity control environment, as well as to manage potential data security risks of third-party service providers. UScellular assesses the threat and vulnerability landscape using various commercial, government, vendor and publicly available information sources and tools. UScellular manages these evolving risks through ongoing investments in the security program including active monitoring of the internal data environment and the environments of third-party service providers who manage sensitive data. In addition, UScellular Information Technology leaders conduct regular cyber incident simulations to ensure preparedness in the event of a cyber-attack. UScellular leverages external parties to perform independent assessments and tests of security controls in the environment. UScellular’s Information Technology Security leaders are responsible for assessing and managing cybersecurity risks. Management has a depth of cybersecurity experience focused on increasing the organization’s resilience to security threats and stays current on new developments through continuing education and monitoring of the cybersecurity landscape. The UScellular environment is monitored for potential security threats and security events are investigated and acted on to minimize potential risk to the environment. The full Board of Directors engages in oversight of UScellular’s cybersecurity risks. The Board of Directors receives regular updates from management on technology and security updates and UScellular’s assessment of cybersecurity threats and mitigation plans. The UScellular Audit Committee oversees the processes over internal controls and financial reporting that includes controls and procedures that are designed to ensure that significant cybersecurity incidents are communicated to both senior management and the Audit Committee. Cybersecurity is also discussed with the Technology Advisory Group of the Board of Directors as warranted, at least on an annual basis.
Item 1C. Cybersecurity The UScellular information security program aligns with the National Institute of Standards and Technology (NIST) cybersecurity framework. Risk assessments are conducted periodically leveraging this standard and are integrated into the UScellular Enterprise Risk Management (ERM) program. The assessment results are used to drive continuous improvement in the UScellular cybersecurity control environment, as well as to manage potential data security risks of third-party service providers. UScellular assesses the threat and vulnerability landscape using various commercial, government, vendor and publicly available information sources and tools. UScellular manages these evolving risks through ongoing investments in the security program including active monitoring of the internal data environment and the environments of third-party service providers who manage sensitive data. In addition, UScellular Information Technology leaders conduct regular cyber incident simulations to ensure preparedness in the event of a cyber-attack. UScellular leverages external parties to perform independent assessments and tests of security controls in the environment. UScellular’s Information Technology Security leaders are responsible for assessing and managing cybersecurity risks. Management has a depth of cybersecurity experience focused on increasing the organization’s resilience to security threats and stays current on new developments through continuing education and monitoring of the cybersecurity landscape. The UScellular environment is monitored for potential security threats and security events are investigated and acted on to minimize potential risk to the environment. The full Board of Directors engages in oversight of UScellular’s cybersecurity risks. The Board of Directors receives regular updates from management on technology and security updates and UScellular’s assessment of cybersecurity threats and mitigation plans. The UScellular Audit Committee oversees the processes over internal controls and financial reporting that includes controls and procedures that are designed to ensure that significant cybersecurity incidents are communicated to both senior management and the Audit Committee. Cybersecurity is also discussed with the Technology Advisory Group of the Board of Directors as warranted, at least on an annual basis.


Company Information

NameUNITED STATES CELLULAR CORP
CIK0000821130
SIC DescriptionRadiotelephone Communications
TickerUSM - NYSEUZD - NYSEUZE - NYSEUZF - NYSE
Website
CategoryAccelerated filer
Fiscal Year EndDecember 30