Page last updated on February 12, 2026
ALASKA AIR GROUP, INC. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2026-02-12 16:07:36 EST.
Company Summary
Alaska Airlines is the eighth-largest U.S. airline based on passenger traffic and is the dominant U.S. West Coast air carrier.
Filings
10-K filed on 2026-02-12
ALASKA AIR GROUP, INC. filed a 10-K at 2026-02-12 16:07:36 EST
Accession Number: 0000766421-26-000010
Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!
Item 1C. Cybersecurity.
ITEM 1C. CYBERSECURITY Air Group's management and Board consider cybersecurity to be a critical component of the Company's risk management plan. Our systems are subject to increasing and evolving cybersecurity risks. While we have not experienced a material breach of our systems and information to date, unauthorized parties have previously gained access to our systems and information, including through fraudulent misrepresentation and other means of deception. The systems of our suppliers, vendors, and other business partners are also at risk. The threat of cybersecurity incidents is included within our company's annual Enterprise Risk Management (ERM) program that assesses the most significant risks to the enterprise. Because of the industry in which we operate, we are subject to extensive cybersecurity regulation, including but not limited to those regulations imposed by the FAA, TSA, and DOT. Our cybersecurity risk management is designed to maintain compliance with these regulations. The Company's Chief Information Security Officer (CISO) is responsible for management of material risks from cybersecurity threats. The CISO has multiple years of experience working in information and network security management, and has in-depth knowledge of compliance requirements and standards set by various regulatory agencies. The CISO leads a team dedicated to the prevention, mitigation, detection, and remediation of any cybersecurity incidents. If a potential incident is identified, the CISO is notified and engages the cybersecurity incident response team (CyberSIRT), which includes individuals from multiple departments. This team is responsible for assessing the incident and declaring a cybersecurity incident, if appropriate. When an incident is declared, the CISO provides overall direction for the response and mitigation of the threat. This response may include taking action to protect our data and networks, evaluation of the potential materiality of the incident, and communicating the incident to critical parties, including senior leadership and the Board of Directors. As part of our annual review of our cybersecurity risk management, we engage third-parties for a variety of processes including external audits, vulnerability assessments, and penetration tests. These processes help ensure our overarching strategy remains effective over time. The Board of Directors of Alaska Air Group is responsible for overseeing management's processes to identify and mitigate risks, including cybersecurity risks. The Board's Audit Committee leads the review and discussion of cybersecurity threats with management and receives updates from the CISO each quarter. Senior management, including the CISO, are available to address questions or concerns from the Audit Committee related to our risk management plan. For additional discussion related to the Company's consideration of cybersecurity risks and their potential impact on our business strategy, results of operations, or financial condition, please refer to Part I, Item 1A. "Risk Factors" in this document.
Company Information
| Name | ALASKA AIR GROUP, INC. |
| CIK | 0000766421 |
| SIC Description | Air Transportation, Scheduled |
| Ticker | ALK - NYSE |
| Website | |
| Category | Large accelerated filer |
| Fiscal Year End | December 31 |