Every year, 36 million people trust United to fly them to over 330 global destinations. To build upon that trust and protect United’s customers, employees, and operations, United is focused on ensuring technology, systems, and processes are robust against cyber threats, which continue to evolve.
The importance of cybersecurity
The evolution of cyber threats, the pandemic, and digital transformation at United has accelerated our roadmap to further strengthen our approach to cybersecurity.
Within the last two years we have transformed our capabilities, teams, processes, and technology, including the establishment of a Cybersecurity and Digital Risk Organization, sponsored by United’s leadership team, to protect our operations, customers, and their data.
United’s Chief Information Security Officer oversees United’s approach to managing cybersecurity and digital risk. This officer is supported by the Company at the highest levels, and regularly engages with cross-functional teams at the Company, including Digital Technology, Legal, Audit, Human Resources, Facilities and Corporate Risk.
The Board and the Audit Committee also regularly review the Company’s management of cybersecurity and digital risk. Both receive reports from United’s Chief Information Security Officer at least twice annually regarding matters such as United’s adherence to leading industry standards, the progression of United’s cybersecurity maturity and compliance efforts related to emerging cybersecurity regulations.
United’s Cybersecurity and Digital Risk organization established our risk-based approach using guiding principles from well-regarded cybersecurity and risk management frameworks published by the National Institute of Standards and Technology. We take a risk-based approach with baseline security controls for all systems with additional controls for more critical systems and processes. Our approach is built around the following five pillars.