Altice USA, Inc. - (ATUS)

10-K Filing Date: February 14, 2024
Item 1C. Cybersecurity
Safeguarding the security and integrity of our systems, networks and data is an important element of our business activities. We continually invest in the development and implementation of various cybersecurity programs and processes that are designed to assess, identify and manage material risks from cybersecurity threats and to address the constantly evolving cybersecurity landscape.
Our cybersecurity program utilizes various risk mitigation techniques to manage cybersecurity risk, including network segmentation, deployment of enhanced detection tools, and monitoring compliance with security standards. We conduct cybersecurity risk assessments, penetration tests, purple team exercises, and data restoration testing through both internal subject matter experts and with the support of third parties to identify threats and vulnerabilities
43




that could adversely impact our business operations. We also attempt to assess the cybersecurity risk profile of, and threats related to, our business partners, vendors and service providers through various methods including the use of attestations and certifications of their security practices. In the normal course, we engage assessors, consultants and other third parties to assist in various cyber-related matters. The underlying controls of our cybersecurity program utilize recognized practices and standards for cybersecurity and information technology security, including the National Institute of Standards and Technology Cybersecurity Framework ("NIST Framework"). The risk-based approach of the NIST Framework enables us to design and implement cybersecurity programs that are specific to our network architectures, customer environments, and institutional resources.
Our senior management team oversees our cybersecurity strategy and has the overall responsibility for assessing and managing our exposure to cybersecurity risk, with the audit committee of the board of directors providing board level oversight of the activities conducted by management to monitor and mitigate cybersecurity risks. Our corporate information security organization, led by our Chief Information Security Officer ("CISO"), develops and directs our information security strategy and policy, security engineering, operations and cyber threat detection and response. Our CISO has 22 years of experience in cybersecurity and 16 years in cybersecurity management, received a bachelor of science in management information systems and a masters of business administration from Rochester Institute of Technology, and is a Certified Information Systems Security Professional. Cybersecurity strategy and updates are reviewed by our executive leadership team on a monthly basis and are presented to other internal committees. The audit committee receives a regularly scheduled report on cybersecurity matters and related risk exposure from our CISO, chief technology officer or other similar officers. When covered during an audit committee meeting, the chair of the audit committee reports on its discussion to the full board.
We have experienced, and will continue to experience, cyber incidents in the normal course of our business. Notwithstanding the approach we take to cybersecurity risk management, we may not be successful in preventing or mitigating a cybersecurity incident that could have a significant adverse impact on our business and reputation. See “Risk Factors” above for additional information on risks related our business, including from risks related to cyber attacks, data security incidents, information and system breaches, and technology disruptions and failures. As of the date of this report, we are not aware of any risks from cybersecurity threats that have materially affected or are reasonably likely to materially affect us, including our business strategy, results of operations or financial condition.