FTAI Aviation Ltd. - (FTAI)
10-K Filing Date: February 26, 2024
Item 1C. Cybersecurity
Risk Management and Strategy
The Company’s cybersecurity is overseen by the Chief Executive Officer, who receives reports directly from other officers and individuals who perform services for the Company, including, but not limited to, the Manager’s Information Security Steering Committee (“ISSC”), employing a risk-based methodology designed to safeguard the security, confidentiality, integrity, and availability of its information. The ISSC is tasked with developing an effective cyber strategy, establishing policies, and managing cyber risks within the organization. The Manager’s Chief Financial Officer and General Counsel, along with the Chief Operating Officer, Chief Human Resources Officer, Chief Compliance Officer, Chief Technology Officer, Chief Information Security Officer and Chief of Intelligence collaborate with the Company’s Chief Financial Officer to formulate, implement, and enforce these policies. They help ensure that the ISSC considers best practices in its decision-making, and convenes quarterly or as needed to assess cybersecurity issues and supervise matters related to information security, fraud, vendors, data protection, and privacy risks.
To help identify and assess risks, we and our Manager engage third-party advisors, leveraging standards such as the National Institute of Standards and Technology security framework (“NIST”). The results of these assessments inform the development of cybersecurity controls and risk mitigation strategies, which are then implemented throughout the Company.
We have taken proactive measures intended to minimize the likelihood of successful cyberattacks, including the establishment of incident response procedures designed to address potential cyber threats that may arise. These response procedures are structured with the aim to identify, analyze, contain, and remediate any cyber incidents that occur. We also have risk management processes to oversee and help identify risks from cybersecurity threats associated with our use of third-party providers.
To date, cybersecurity threats, including as a result of any previous cybersecurity incidents, have not materially affected and we believe are not reasonably likely to affect the Company, including its business strategy, results of operations or financial condition. Refer to the risk factor captioned “A cyberattack that bypasses our information technology (“IT”), security systems or the IT security systems of our third-party providers, causing an IT security breach, may lead to a disruption of our IT systems and the loss of business information which may hinder our ability to conduct our business effectively and may result in lost revenues and additional costs.” in Part I, Item 1A. “Risk Factors” for additional description of cybersecurity risks and potential related impacts on the Company.
Governance
Material risks are identified and prioritized by management, and material risks are discussed periodically or as needed with the Board of Directors. The Board of Directors regularly reviews information regarding the Company’s credit, liquidity and operations, including risks and contingencies associated with each area, including cybersecurity. In addition to the formal compliance program, the Board of Directors encourages management to promote a corporate culture that incorporates risk management into the Company’s corporate strategy and day-to-day business operations.