To build the world’s biggest and best airline in an era of evolving complexity and increased digital threats, safety and security are more important than ever. The cybersecurity strategy is designed to enable the Company to fulfill its mission to connect people and unite the world in a cyber-safe and secure way. By integrating robust cybersecurity measures, United safeguards against cyber threats and cultivates operational resiliency.

The importance of cybersecurity

Our robust digital infrastructure forms the backbone of our operations, from flight management systems to passenger data management. Our innovative digital transformation, along with the evolving and dynamic threat landscape, has accelerated our roadmap to further strengthen our approach to cybersecurity.

Managing cybersecurity

United considers management of cybersecurity and digital risk as essential for enabling success. The Chief Information Security Officer (The CISO) leads the Cybersecurity and Digital Risk (CDR) organization, which oversees the approach to identifying and managing cybersecurity and digital risk, and includes teams focusing on cyber defense, secure products and solutions, and identity and digital trust. The CISO is supported by the Company at the highest levels, and regularly engages with cross-functional teams at the Company, including Safety, Security, Government Affairs, Communications, Digital Technology, Legal, Audit, Human Resources, Facilities and Corporate Risk.

The Board and the Audit Committee also regularly review the Company’s management of cybersecurity and digital risk. Both receive reports from the CISO on a quarterly basis regarding the identification and management of cybersecurity risks, including when applicable, notable cybersecurity threats or incidents impacting the aviation sector or the Company, assessments of the Company’s cybersecurity program, key metrics, capabilities, resourcing and strategy regarding the Company’s cybersecurity program and updates related to cybersecurity regulatory developments.

Our approach

United’s CDR organization established a risk-based approach to enable a cyber-safe, secure and resilient airline operation. Using guiding principles from industry standard cybersecurity and risk management frameworks published by the National Institute of Standards and Technology, the Company is equipped to manage threats and vulnerabilities, and respond and recover quickly. Through sensible investments in people, process and technology, the Company seeks to integrate cybersecurity across the enterprise to enable outcomes and growth.

In essence, our cybersecurity strategy reinforces our unwavering commitment to operational excellence and passenger safety and promotes a cyber-safe and secure culture. In conjunction with the execution of the risk manager and operational activities of our cybersecurity program, the Company aims to:

  1. Collaborate with the industry
    We actively engage with industry peers, regulators, and cybersecurity experts to exchange knowledge and best practices. Through these partnerships, we fortify critical infrastructure, protecting not only our operations and customers, but also those of our partners and the broader aviation ecosystem.
  2. Increase diversity and inclusion in cybersecurity
    We recognize the invaluable contribution of diversity and inclusion in cybersecurity. Initiatives such as our Innovate Cyber track aim to cultivate a diverse workforce, enhancing our cyber capabilities with a variety of perspectives and experiences.
  3. Foster cybersecurity education and awareness
    We empower our employees and customers with the knowledge and tools needed to recognize and thwart potential cyber incidents, ensuring the safety and security of our operation and data.
  4. Promote responsible AI and emerging technology
    As we leverage emerging technologies to enhance efficiency and the overall customer experience, we do so with a commitment to responsible innovation. By promoting ethical development and deployment of technologies like artificial intelligence, we safeguard the value derived from these innovations while upholding the trust of our customers.
  5. Support supply chain cybersecurity
    We extend our vigilance to our supply chain, collaborating with our partners to ensure the resilience of our entire ecosystem.

Data protection

We recognize the importance of protecting personal data and are committed to complying with applicable privacy laws and regulations. The Company relies on our data privacy principles to guide our actions and enable trust amongst our employees and customers. These principles include providing notice at the time of collection of personal data, limiting the collection and retention of personal data, implementing access controls, and managing third party use of personal data. We also employ technical measures and controls to mitigate risk of loss and unauthorized access to personal data. Adherence to these principles and safeguards keeps us accountable and strengthens our commitment to data privacy and cybersecurity.