Frontier Communications Parent, Inc. 10-K Cybersecurity GRC - 2024-02-23

Page last updated on April 18, 2024

Frontier Communications Parent, Inc. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-02-23 16:14:31 EST.

Company Summary

Frontier Communications Parent, Inc. is an American telecommunications company that offers broadband internet, digital television, and computer technical support to residential and business customers in 25 states. In some areas it also offers home phone services. (Source: Wikipedia)

Filings

10-K filed on 2024-02-23

Frontier Communications Parent, Inc. filed an 10-K at 2024-02-23 16:14:31 EST
Accession Number: 0001562762-24-000034

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. Cybersecurity Risk management and strategy We have established processes designed to identify, assess and manage material risks associated with cybersecurity threats. Our information technology, networks, and infrastructure may be subject to damage, disruptions, or shutdowns due to cyber-attacks, malware, employee or third-party error or malfeasance, power outages, communication or utility failures, systems failures, natural disasters or other catastrophic events. These risks include, among other things, operational risks, intellectual property theft, fraud, extortion, harm to employees or customers, violation of privacy or security laws and other litigation and legal risks, and reputational risks. Cybersecurity risk management is embedded in the annual enterprise risk management ( ERM ) process, which is jointly administered by the Chief Financial Officer and head of Internal Audit and overseen by the Board of Directors, primarily through the Audit Committee. As part of the ERM process, senior management annually, or more frequently as necessary, identifies, assesses and evaluates enterprise level risks using a range of tools and services. In order to manage identified cybersecurity risks, we evaluate a range of remediation options and determine the appropriate course of action for effective monitoring, mitigation and treatment. Areas that have a higher level of likelihood and potentially higher level of impact are prioritized. Periodic monitoring, self-assessment and reporting to the Audit Committee are performed by senior management to evaluate, among other things, the effectiveness of mitigation strategies in minimizing or managing identified risks. In addition to critical risk management, we work to upgrade our existing technology systems, enhance our overall security posture and provide employee training around cyber risks, which are constantly evolving. Our processes also address cybersecurity risks associated with our use of third-party service providers and other external parties and circumstances. External risks to our network and information systems may arise from third parties and other parties we may not fully control. For example, we use vendors for encryption and authentication technology and cloud storage, and have adopted controls around, among other things, vendor risk assessment, access and acceptable use and backup and recovery. We engage outside providers to monitor our network and conduct periodic internal and external security testing and to assist in the ongoing evaluation and enhancement of our cyber security preparedness and protocols. We use the NIST Cybersecurity Framework to audit our cybersecurity controls. As of the date of this report, we have not experienced any cybersecurity incidents that have materially affected or are reasonably likely to materially affect the Company, including our business strategy, results of operations or financial condition. We describe whether and how risks from identified cybersecurity threats, including as a result of any previous cybersecurity incidents, have materially affected or are reasonably likely to materially affect us, including our business strategy, results of operations, or financial condition, in our risk factor disclosures under the heading We rely on n etwork and information systems and other technology, and a disruption or failure of such networks, systems or technology as a result of cyber-attacks, malware, misappropriation of data or other malfeasance, as well as outages, accidental releases of information or similar events, may disrupt our business and materially impact our results of operations, financial condition and cash flows in Item 1A of this Annual Report on Form 10-K. Governance Frontier s management is primarily responsible for governing and overseeing cybersecurity risks. Operational responsibility for ensuring the adequacy and effectiveness of the Company s cybersecurity risk management, control and governance processes is assigned to the SVP, Cyber Security (CISO). Our CISO has over 20 years of experience in IT, cyber security and data privacy and data management and reports directly to the EVP, Chief Data and Information Officer (CDIO). Our CDIO has over 25 years of experience, having previously held senior leadership positions in technology, IT and operations at large public companies prior to joining Frontier. To assist with management oversight, the CDIO chairs a security council which supports risk management by providing input into cyber security strategy and helps prioritize monitoring, mitigation and remediation across operational groups. This security council is comprised of senior leaders from a cross-functional group of departments including Legal and Regulatory, Corporate Security, Network Engineering, Internal Audit, Finance & Accounting and Risk and IT Infrastructure. In addition, we have established processes and response teams that are responsible for monitoring and making determinations regarding the materiality of cybersecurity incidents. The members of these teams have extensive expertise in evaluating the potential impact and materiality of events in the context of Frontier s business and financial position, reputational and industry risk, and legal and regulatory environment, and there are procedures in place to escalate material incidents for consideration by the Audit Committee. While material risks are generally overseen by the full Board, the Audit Committee has a key role in cybersecurity risk monitoring and oversight as set forth in its charter. In establishing Audit Committee membership, the Nominating & Corporate Governance Committee identifies directors with relevant IT, network and cyber expertise to serve on the Committee. The CDIO and CISO provide periodic reports to the Audit Committee on the Company s data privacy and information and infrastructure security programs, including cybersecurity risks. In addition, senior management reports to the Board at least annually on cybersecurity risks. 22

Company Information