|
Cybersecurity Risk Management and Strategy Disclosure
|12 Months Ended
Dec. 31, 2024
|Cybersecurity Risk Management, Strategy, and Governance [Line Items]
|Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]
|Risk management and strategy
We have established processes designed to identify, assess and manage material risks associated with cybersecurity threats. Our information technology, networks, and infrastructure have been and may in the future be subject to damage, disruptions, or shutdowns due to cyber-attacks, malware, employee or third-party error or malfeasance, power outages, communication or utility failures, systems failures, natural disasters or other catastrophic events. These risks include, among other things, operational risks, intellectual property theft, fraud, extortion, harm to employees or customers, violation of privacy or security laws and other litigation and legal risks, and reputational risks.
Cybersecurity risk management is embedded in the annual enterprise risk management (“ERM”) process, which is jointly administered by the Chief Financial Officer and head of Internal Audit and overseen by the Board of Directors, primarily through the Audit Committee. As part of the ERM process, senior management annually, or more frequently as necessary, identifies, assesses and evaluates enterprise level risks using a range of tools and services.
In order to manage identified cybersecurity risks, we evaluate a range of remediation options and determine the appropriate course of action for effective monitoring, mitigation and treatment. Areas that have a higher level of likelihood and potentially higher level of impact are prioritized. Periodic monitoring, self-assessment and reporting to the Audit Committee are performed by senior management to evaluate, among other things, the effectiveness of mitigation strategies in minimizing or managing identified risks. In addition to critical risk management, we conduct regular exercises and simulations to review and continuously improve our incident response protocols, we work to upgrade our existing technology systems to enhance our overall security posture and we provide ongoing employee training around cyber risks. For example, employees are required to complete cybersecurity training and receive ongoing education which includes simulated phishing attacks and communications for recognizing evolving threats.
Our processes also address cybersecurity risks associated with our use of third-party service providers and other external parties and circumstances. External risks to our network and information systems may arise from third parties and other parties we may not fully control. For example, we use vendors for encryption and authentication technology and cloud storage, and have adopted controls around, among other things, vendor risk assessment, access and acceptable use and backup and recovery. We engage outside providers to monitor our network and conduct periodic internal and external security testing and to assist in the ongoing evaluation and enhancement of our cyber security preparedness and protocols. We use the NIST Cybersecurity Framework to audit our cybersecurity controls.
As of the date of this report, we have not experienced any cybersecurity incidents that [we have determined] have materially affected or are reasonably likely to materially affect the Company, including our business strategy, results of operations or financial condition. We describe whether and how risks from identified cybersecurity threats, including as a result of previous cybersecurity incidents, have materially affected or are reasonably likely to materially affect us, including our business strategy, results of operations, or financial condition, in our risk factor disclosures under the heading “We rely on network and information systems and other technology, and a disruption or failure of such networks, systems or technology as a result of cyber-attacks, malware, misappropriation of data or other malfeasance, as well as outages, accidental releases of information or similar events, may disrupt our business and materially impact our results of operations, financial condition and cash flows” in Item 1A of this Annual Report on Form 10-K.
|Cybersecurity Risk Management Processes Integrated [Flag]
|true
|Cybersecurity Risk Management Processes Integrated [Text Block]
|We have established processes designed to identify, assess and manage material risks associated with cybersecurity threats. Our information technology, networks, and infrastructure have been and may in the future be subject to damage, disruptions, or shutdowns due to cyber-attacks, malware, employee or third-party error or malfeasance, power outages, communication or utility failures, systems failures, natural disasters or other catastrophic events. These risks include, among other things, operational risks, intellectual property theft, fraud, extortion, harm to employees or customers, violation of privacy or security laws and other litigation and legal risks, and reputational risks.
Cybersecurity risk management is embedded in the annual enterprise risk management (“ERM”) process, which is jointly administered by the Chief Financial Officer and head of Internal Audit and overseen by the Board of Directors, primarily through the Audit Committee. As part of the ERM process, senior management annually, or more frequently as necessary, identifies, assesses and evaluates enterprise level risks using a range of tools and services.
|Cybersecurity Risk Management Third Party Engaged [Flag]
|true
|Cybersecurity Risk Third Party Oversight and Identification Processes [Flag]
|true
|Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag]
|true
|Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Text Block]
|As of the date of this report, we have not experienced any cybersecurity incidents that [we have determined] have materially affected or are reasonably likely to materially affect the Company, including our business strategy, results of operations or financial condition. We describe whether and how risks from identified cybersecurity threats, including as a result of previous cybersecurity incidents, have materially affected or are reasonably likely to materially affect us, including our business strategy, results of operations, or financial condition, in our risk factor disclosures under the heading “We rely on network and information systems and other technology, and a disruption or failure of such networks, systems or technology as a result of cyber-attacks, malware, misappropriation of data or other malfeasance, as well as outages, accidental releases of information or similar events, may disrupt our business and materially impact our results of operations, financial condition and cash flows” in Item 1A of this Annual Report on Form 10-K.
|Cybersecurity Risk Board of Directors Oversight [Text Block]
|While material risks are generally overseen by the full Board of Directors, the Audit Committee has a key role in cybersecurity risk monitoring and oversight as set forth in its charter.
|Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block]
|In establishing Audit Committee membership, the Nominating & Corporate Governance Committee identifies directors with relevant IT, network and cyber expertise to serve on the Committee.
|Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block]
|The CDIO and CISO provide periodic reports to the Audit Committee on the Company’s data privacy and information and infrastructure security programs, including cybersecurity risks. In addition, senior management reports to the Board of Directors at least annually on cybersecurity risks.
|Cybersecurity Risk Role of Management [Text Block]
|Frontier’s management is primarily responsible for governing and overseeing cybersecurity risks. Operational responsibility for ensuring the adequacy and effectiveness of the Company’s cybersecurity risk management, control and governance processes is assigned to the SVP, Cyber Security (CISO). Our CISO has over 20 years of experience in IT, cyber security and data privacy and data management and reports directly to the EVP, Chief Digital and Information Officer (CDIO). Our CDIO has over 25 years of experience, having previously held senior leadership positions in technology, IT and operations at large public companies prior to joining Frontier.
To assist with management oversight, the CDIO chairs a security council which supports risk management by providing input into cyber security strategy and helps prioritize monitoring, mitigation and remediation across operational groups. This security council is comprised of senior leaders from a cross-functional group of departments including Legal and Regulatory, Corporate Security, Network Engineering, Internal Audit, Finance & Accounting and Risk and IT Infrastructure. In addition, we have established processes and response teams that are responsible for monitoring and making determinations regarding the materiality of cybersecurity incidents. The members of these teams have extensive expertise in evaluating the potential impact and materiality of events in the context of Frontier’s business and financial position, reputational and industry risk, and legal and regulatory environment, and there are procedures in place to escalate potentially material incidents for consideration by the Audit Committee. For example, the Audit Committee was actively involved in the review, disclosure and mitigation of the reported April 2024 cyber-attack. See Item 1A “Risk Factors” for a further discussion of cybersecurity risks.
|Cybersecurity Risk Management Positions or Committees Responsible [Flag]
|true
|Cybersecurity Risk Management Positions or Committees Responsible [Text Block]
|Frontier’s management is primarily responsible for governing and overseeing cybersecurity risks.
|Cybersecurity Risk Management Expertise of Management Responsible [Text Block]
|Operational responsibility for ensuring the adequacy and effectiveness of the Company’s cybersecurity risk management, control and governance processes is assigned to the SVP, Cyber Security (CISO). Our CISO has over 20 years of experience in IT, cyber security and data privacy and data management and reports directly to the EVP, Chief Digital and Information Officer (CDIO). Our CDIO has over 25 years of experience, having previously held senior leadership positions in technology, IT and operations at large public companies prior to joining Frontier.
|Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block]
|While material risks are generally overseen by the full Board of Directors, the Audit Committee has a key role in cybersecurity risk monitoring and oversight as set forth in its charter. In establishing Audit Committee membership, the Nominating & Corporate Governance Committee identifies directors with relevant IT, network and cyber expertise to serve on the Committee. The CDIO and CISO provide periodic reports to the Audit Committee on the Company’s data privacy and information and infrastructure
security programs, including cybersecurity risks. In addition, senior management reports to the Board of Directors at least annually on cybersecurity risks.
|Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag]
|true
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef