Liberty Global Ltd. 10-K Cybersecurity GRC - 2025-02-18

Page last updated on February 18, 2025

Liberty Global Ltd. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2025-02-18 16:16:10 EST.

Filings

10-K filed on 2025-02-18

Liberty Global Ltd. filed a 10-K at 2025-02-18 16:16:10 EST
Accession Number: 0001570585-25-000021

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. CYBERSECURITY Liberty Global and its subsidiaries are subject to risks from cyber-attacks that have the potential to cause significant interruptions to the operation of their businesses. The frequency of these attempted intrusions has increased in recent years and the sources, motivations and techniques of attack continue to evolve and change rapidly. We have developed a cybersecurity program that is designed to scan for, monitor and identify risks to our confidential or non-public information, protect such information, detect threats and events and maintain an appropriate response and recovery capability to help ensure resilience against cyber-attacks and other information security incidents. We have adopted a variety of measures to monitor and address cyber-related risks and continue to implement and explore additional cybersecurity measures. Our strategy for managing cyber-related risks is risk-based and, where appropriate, integrated within our comprehensive enterprise risk management processes. Our Chief Security Officer ( CSO ), who reports directly to our Chief Technology Officer ( CTO ), leads a dedicated cybersecurity team and is responsible for the design, implementation and execution of our cyber-risk management strategy. Our CSO and cybersecurity team actively monitor our systems, regularly review our policies, compliance, regulations and best practices, perform penetration testing, conduct incident response exercises and internal ethical phishing campaigns and provide periodic training and communication across our organization to strengthen security focused behavior and foster a culture of digital safety. Our cybersecurity team also routinely participates in industry-wide programs to further information sharing, intelligence gathering and unity of effort in responding to potential or actual attacks. We also periodically review our business continuity plan to develop an effective recovery strategy that seeks to decrease incident response times, limit financial impacts and maintain customer confidence during any business interruption. Our cybersecurity team also administers a third-party risk governance program that identifies potential risks introduced through third-party relationships, such as vendors, software and hardware manufacturers or professional service providers. We seek to obtain certain contractual security guarantees and assurances with these third-party relationships to help ensure the security and safety of our information. The cybersecurity team works closely with a broad range of departments, including legal, regulatory, corporate communications, audit services, information technology and operational technology functions critical to our operations, as well as engaging external vendors to help ensure our cybersecurity program operates effectively. Our current CSO has significant experience leading cybersecurity efforts at large enterprises, having held top information security positions at a number of international large- and mega-cap companies during her career. She also holds a master of science in security risk management and is qualified as a certified information security manager with the Information Systems Audit and Control Association. Our CSO has been with the company or its subsidiaries for over five years. I-42 Cybersecurity incidents detected by our cybersecurity team are evaluated internally based on their severity, with more serious incidents being escalated, as appropriate, to the highest levels of management, including our CTO, General Counsel and, ultimately, our CEO. These members of our executive leadership team are provided with details of the type and severity of the attack, the company’s planned response to the incident and are briefed on what information was accessed and the impact such incident has had or is expected to have on our operations, as well as any financial or regulatory implications resulting from the incident. Our Audit Committee is responsible for oversight of our cybersecurity measures, incident response management and risks related to cybersecurity and technology as well as the steps taken by management to mitigate such risks. Our CSO provides periodic updates to the Audit Committee on the state of our cybersecurity posture, new threats or threat actors that we are monitoring or developing defenses against and any potential areas of improvement. Our CEO, CTO, CSO and General Counsel will also provide ad hoc updates to the Audit Committee and full board of directors , as appropriate, in the case of a material cybersecurity incident, providing them a full briefing of the type and scope of the incident as well as our current and planned mitigation efforts. The Audit Committee has several members with significant direct and indirect cybersecurity experience, including Anthony Werner, the former CTO of Comcast Cable and the company, Paul Gould and Miranda Curtis CMG. Cybersecurity and the effectiveness of our cybersecurity strategy are regular topics of discussion at meetings of our Audit Committee and board of directors. In 2024, there were no cybersecurity threats, including as a result of any previous cybersecurity incidents, that materially affected or are reasonably likely to materially affect the company, including its business strategy, results of operations or financial condition.

Company Information