Liberty Latin America Ltd. 10-K Cybersecurity GRC - 2024-02-22

Page last updated on April 11, 2024

Liberty Latin America Ltd. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-02-22 16:42:18 EST.

Filings

10-K filed on 2024-02-22

Liberty Latin America Ltd. filed an 10-K at 2024-02-22 16:42:18 EST
Accession Number: 0001712184-24-000030

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. CYBERSECURITY Introduction We have established a cybersecurity program, which we view as a foundational business practice incorporated into our broader risk management framework, as well as into all planning, development, operations and administration objectives. We have benchmarked our cybersecurity program against recognized frameworks established by the NIST , the International Organization for Standardization and other applicable industry standards. Governance of Cybersecurity Risks From a governance perspective, our Audit Committee oversee our cybersecurity program, including the management of risks arising from cybersecurity threats. Our Audit Committee receives quarterly reports from both internal (e.g., management) and external sources (e.g., third-arty consultants), which cover topics that include, but are not limited to, recent cyber devel opments, evolving cyber standards, vulnerability assessments, third-party and independent reviews, the cyber threat environment, technological trends, and other cybersecurity considerations arising with respect to our company and third parties. Our GISO also keeps our executive team and our Audit Committee (if necessary) informed regarding any security incident that meets established reporting thresholds and ongoing updates regarding any such incident until it has been closed out. I-51 Management of Cybersecurity Risks From a management perspective, our GISO, led by our Chief Information Security Officer, operates our cybersecurity program . Our program aligns with the NIST cybersecurity standard functions (Identify, Protect, Detect, Respond, Recover) and aims to secure our networks, information systems, information resources, data, services, and products against internal and external threats and mitigate security vulnerabilities while efficiently operating our business. We have integrated our cybersecurity program into our overall enterprise risk management program. Our GISO has processes in place to stay informed of and monitor the prevention, detection, mitigation and remediation of cybersecurity risks, including but not limited to, employing appropriate incident prevention and detection software, employing industry-standard encryption protocols where appropriate, applying patches and implementing identified corrective actions in a timely manner, maintaining an incident response plan and related procedures and regularly conducting internal training, cybersecurity audits, assessments, tabletop exercises, threat modeling, vulnerability testing and other exercises focused on evaluating the effectiveness of our cybersecurity measures and planning. Engagement of Third-Parties Our GISO partners with third-party cybersecurity service and product vendors to provide protection of our networks, information resources, products, services and data for our customers and employees. Furthermore, our GISO engages third-party cybersecurity and data protection experts to perform assessments on the efficacy of our cybersecurity program and measures, including cybersecurity maturity assessments, audits and independent reviews of our cybersecurity control environment and operating effectiveness. Our Chief Information Security Officer reports the results of such assessments, audits and reviews to our executive team and our Audit Committee. We have implemented policies and practices to manage cybersecurity risks arising from our use of third-party service providers. For example, in general, we contractually require our third-party service providers to maintain cybersecurity controls to protect our confidential information, to share information with our company about their information security programs and to inform us of any security incidents on their systems that could impact our operations or confidential information. Although we rely on our third party service providers to implement security programs commensurate with their risk, we cannot ensure in all circumstances that their efforts will be successful. Our Senior Leadership Team s Qualifications Our current Chief Information Security Officer has served in various roles in information technology and information security for over 15 years, including as the Director of Information Security at the Colombian operations of a telecommunications company operating throughout Latin America and as the Head of Information Security in the Colombian operations of a large retail company operating in South America. Our Chief Information Security Officer holds undergraduate, graduate and master s degrees in risk management, business administration and information technology, as well as professional certification as a Certified Information Security Manager. Our current Chief Technology Officer has extensive experience in running and managing cyber risks at large U.S. telecommunication companies and, prior to joining our company, had led the cybersecurity practice at a business unit at a large telecommunications company and established cyber risk identification, detection and protection practices for enterprise and government customers. Our Chief Technology Officer holds undergraduate and master s degrees in electrical engineering and has served in various roles in information technology at several telecommunications companies for over 30 years, including serving as either the Chief Technology Officer, Chief Information Officer or Chief Product Officer of three public companies. Our Chief Executive Officer previously served as Chief Technology Officer at three other large media and telecommunications companies prior to becoming our Chief Executive Officer, which gave him significant security technology and operational responsibility over large networks. Our Chief Executive Officer had also led the venture arm at another leading telecommunications company which had invested in a number of IT security technology companies. The other members of our senior leadership team hold undergraduate and graduate degrees in their respective fields and have experience managing risks. Material Impact from Cybersecurity Threats At the time of filing of this Annual Report on Form 10-K, to our knowledge, we have not experienced any cybersecurity threats that have materially affected our company (or are reasonably likely to materially affect our company), including our business strategy, operations or financial condition. I-52 For more information regarding cybersecurity risks faced by our company, see Item 1A. Risk Factors Factors Relating to Cybersecurity Factors Relating to Cybersecurity , which are incorporated by reference into this section.

Company Information