Liberty Global Ltd. 10-K Cybersecurity GRC - 2024-02-15

Page last updated on April 11, 2024

Liberty Global Ltd. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-02-15 16:13:20 EST.

Filings

10-K filed on 2024-02-15

Liberty Global Ltd. filed an 10-K at 2024-02-15 16:13:20 EST
Accession Number: 0001570585-24-000022

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. CYBERSECURITY Liberty Global and its subsidiaries are subject to risks from cyber-attacks that have the potential to cause significant interruptions to the operation of their businesses. The frequency of these attempted intrusions has increased in recent years and the sources, motivations and techniques of attack continue to evolve and change rapidly. Liberty Global has developed a cybersecurity program that is designed to scan for, monitor and identify risks to company confidential or non-public information, protect such information, detect threats and events and maintain an appropriate response and recovery capability to help ensure resilience against cyber-attacks and other information security incidents. We have adopted a variety of measures to monitor and address cyber-related risks and continue to implement and explore additional cybersecurity measures. Our strategy for managing cyber-related risks is risk-based and, where appropriate, integrated within our comprehensive enterprise risk management processes. Liberty Global s Chief Security Officer ( CSO ), who reports directly to Liberty Global s Chief Technology Officer ( CTO ), leads a dedicated cybersecurity team and is responsible for the design, implementation and execution of our cyber-risk management strategy. Our CSO and cybersecurity team actively monitor Liberty Global s systems, regularly review its policies, compliance, regulations and best practices, perform penetration testing, conduct incident response exercises and internal ethical phishing campaigns and provide periodic training and communication across the organization to strengthen secure behavior and foster a culture of digital security. The cybersecurity team also routinely participates in industry-wide programs to further information sharing, intelligence gathering and unity of effort in responding to potential or actual attacks. Liberty Global also periodically reviews its business continuity plan to develop an effective recovery strategy that seeks to decrease incident response times, limit financial impacts and maintain customer confidence during any business interruption. Our cybersecurity team also administers a third-party risk governance program that identifies potential risks introduced through third-party relationships, such as vendors, software and hardware manufacturers or professional service providers. Liberty Global also seeks to obtain certain contractual security guarantees and assurances with these third-party relationships to help ensure the security and safety of its information. The cybersecurity team works closely with a broad range of departments, including legal, regulatory, corporate communications, audit services, information technology and operational technology functions critical to Liberty Global s operations, as well as engages external vendors to help ensure its cybersecurity program operates effectively. I-43 Liberty Global s current CSO has significant experience leading cybersecurity efforts at large enterprises, having held top information security positions at a number of international large- and mega-cap companies during her career. She also holds a master of science in security risk management and is qualified as a certified information security manager with the Information Systems Audit and Control Association. Our CSO has been with the company or its subsidiaries for over five years. Cybersecurity incidents detected by Liberty Global s cybersecurity team are evaluated internally based on their severity, with more serious incidents being escalated, as appropriate, to the highest levels of management, including the company s CTO, General Counsel, and, ultimately, its CEO. These members of the company s executive leadership team are provided with details of the type and severity of the attack, the company s planned response to the incident and are briefed on what information was accessed and the impact such incident has had or is expected to have on the company s operations, as well as any financial or regulatory implications resulting from the incident. Our Audit Committee is responsible for oversight of our cybersecurity measures, incident response management and risks related to cybersecurity and technology as well as the steps taken by management to mitigate such risks. Liberty Global s CSO provides periodic updates to the Audit Committee on the state of Liberty Global s cybersecurity posture, new threats or threat actors that the company is monitoring or developing defenses against and any potential areas of improvement. Our CEO, CTO, CSO and General Counsel will also provide ad hoc updates to the Audit Committee and full board of directors, as appropriate, in the case of a material cybersecurity incident, providing them a full briefing of the type and scope of the incident as well as the company s current and planned mitigation efforts. The Audit Committee has several members with significant direct and indirect cybersecurity experience, including Anthony Werner, the former CTO of Comcast Cable and the company, Paul Gould and Miranda Curtis CMG. Cybersecurity and the effectiveness of our cybersecurity strategy are regular topics of discussion at meetings of our Audit Committee and board of directors.

Company Information