XML 47 R33.htm IDEA: XBRL DOCUMENT v3.26.1
Cybersecurity Risk Management and Strategy Disclosure
 12 Months Ended
Dec. 31, 2025
Cybersecurity Risk Management, Strategy, and Governance [Line Items]  
Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]
The Company’s cybersecurity program is designed to provide resilience and secure the continuity of operations and protect the privacy of company, guest and team member data. The Company uses multiple layers of security controls and unique threat intelligence within the “Center for Internet Security v8 Cybersecurity Framework” across five core security functions: Identify risks and threats, Protect, Detect, Respond and Recover. In addition, the Company requires that its employees complete annual compliance training on cybersecurity and online habits.

The Company’s cybersecurity program is managed by a dedicated cybersecurity function reporting to the Chief Information Security Officer (“CISO”) who reports to the Chief Information Officer (“CIO”) and is responsible for the Company’s cybersecurity strategy, policies, standards, architecture and process. The CISO has over 20 years of executive experience in IT operations and security, primarily in the airline industry, and maintains several active certifications in Risk and Information Security including CISSP-ISSMP, CISM, CRISC, and CISSP, as well as a U.S. government security clearance. The program includes periodic and ad hoc reporting on relevant developments, including monitoring, prevention, detection, mitigation and remediation of the current cybersecurity landscape as well as reporting on any cybersecurity incidents to the Company’s CEO and the Safety, Security and Operations Committee of the Board, which has oversight of management’s cybersecurity function. The CISO also engages external government and commercial expertise to continuously evaluate, test and adapt the program. External vendors participate in in-depth security assessments based on the Company’s vendor management security policy.
Cybersecurity Risk Management Processes Integrated [Flag] true
Cybersecurity Risk Management Processes Integrated [Text Block] The Company uses multiple layers of security controls and unique threat intelligence within the “Center for Internet Security v8 Cybersecurity Framework” across five core security functions: Identify risks and threats, Protect, Detect, Respond and Recover. In addition, the Company requires that its employees complete annual compliance training on cybersecurity and online habits.
Cybersecurity Risk Management Third Party Engaged [Flag] true
Cybersecurity Risk Third Party Oversight and Identification Processes [Flag] true
Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag] false
Cybersecurity Risk Board of Directors Oversight [Text Block] The program includes periodic and ad hoc reporting on relevant developments, including monitoring, prevention, detection, mitigation and remediation of the current cybersecurity landscape as well as reporting on any cybersecurity incidents to the Company’s CEO and the Safety, Security and Operations Committee of the Board, which has oversight of management’s cybersecurity function. The CISO also engages external government and commercial expertise to continuously evaluate, test and adapt the program. External vendors participate in in-depth security assessments based on the Company’s vendor management security policy.
Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block] The Company’s cybersecurity program is managed by a dedicated cybersecurity function reporting to the Chief Information Security Officer (“CISO”) who reports to the Chief Information Officer (“CIO”) and is responsible for the Company’s cybersecurity strategy, policies, standards, architecture and process.
Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block] The program includes periodic and ad hoc reporting on relevant developments, including monitoring, prevention, detection, mitigation and remediation of the current cybersecurity landscape as well as reporting on any cybersecurity incidents to the Company’s CEO and the Safety, Security and Operations Committee of the Board, which has oversight of management’s cybersecurity function.
Cybersecurity Risk Role of Management [Text Block] The Company’s cybersecurity program is managed by a dedicated cybersecurity function reporting to the Chief Information Security Officer (“CISO”) who reports to the Chief Information Officer (“CIO”) and is responsible for the Company’s cybersecurity strategy, policies, standards, architecture and process.
Cybersecurity Risk Management Positions or Committees Responsible [Flag] true
Cybersecurity Risk Management Positions or Committees Responsible [Text Block] The Company’s cybersecurity program is managed by a dedicated cybersecurity function reporting to the Chief Information Security Officer (“CISO”) who reports to the Chief Information Officer (“CIO”) and is responsible for the Company’s cybersecurity strategy, policies, standards, architecture and process.
Cybersecurity Risk Management Expertise of Management Responsible [Text Block] The CISO has over 20 years of executive experience in IT operations and security, primarily in the airline industry, and maintains several active certifications in Risk and Information Security including CISSP-ISSMP, CISM, CRISC, and CISSP, as well as a U.S. government security clearance.
Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block] The program includes periodic and ad hoc reporting on relevant developments, including monitoring, prevention, detection, mitigation and remediation of the current cybersecurity landscape as well as reporting on any cybersecurity incidents to the Company’s CEO and the Safety, Security and Operations Committee of the Board, which has oversight of management’s cybersecurity function.
Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag] true