2024 SUSTAINABILITY REPORT Cybersecurity 33 Cybersecurity is a top priority for Liberty, as such, we have deployed a proactive approach to protecting systems, data, and operations. Overseen by our Chief Information Officer (CIO), Liberty actively maintains an Incident Response Plan, reviewed annually. Systems are classified by business impact to align recovery and response times with business criticality. In 2024, Liberty conducted four cybersecurity tests—one internal vulnerability test and three external penetration tests—resolving all critical vulnerabilities. Cyber risks are managed through Information Technology Infrastructure Library (ITIL) problem management, with bi-monthly risk reviews. All vulnerabilities are entered as problems and tracked until a resolution has been confirmed. In 2024, we partnered with Ontinue as our 24/7 Security Operations Center (SOC), which monitors threats and possible incidents. This resulted in zero data breaches in 2024. Knowing that employees are the front line in any cybersecurity attack. Employee awareness remains a priority, with quarterly phishing tests and more than 400 hours of cybersecurity training completed in 2024. The foundation for the training is a strong framework of cybersecurity policies, accessible via the intranet, covering everything from incident response and data classification to acceptable use guidelines and business continuity planning. These policies provide clear guidance on handling security incidents, protecting sensitive data, and ensuring business resilience. Sustainable Procurement Liberty conducts annual supplier surveys to assess risks and ensure alignment with sustainable vendors. The process begins by identifying suppliers above a specific spend threshold. This process focuses on direct material suppliers due to potential supply chain disruptions, manufacturing and logistics suppliers which contribute largely to Scope 3 emissions, waste disposal providers to address environmental compliance risks, laborintensive subcontractors due to human rights concerns, and suppliers headquartered outside the U.S. and Canada due to potential supply chain interruptions. Key suppliers receive surveys, including a request for a signed Supplier Code of Conduct, available on our website. The surveys collect data on social factors such as minority business ownership and human rights policies, environmental practices including emissions, water usage, and waste disposal, and governance topics related to sustainable supply chain management. Increased supplier engagement, with more responses to the supplier survey than in previous years Minority-owned suppliers increased by 150% when compared to responses from 2023 70% of suppliers that responded reported providing regular health, safety, and environmental training to employees 71% of suppliers that responded reported having at least one policy related to sustainability topics BY THE NUMBERS Data is based on suppliers that responded to the 2024 survey.
RkJQdWJsaXNoZXIy NzU3OTQ=