Cable One recognizes the importance of protecting customer data in order to do right by those we serve.
The Company has created a layered security approach leveraging people, process, and technology - structuring our cybersecurity
program to align with the National Institute of Standards and Technology (NIST) Cybersecurity Framework and with applicable laws,
regulatory requirements and acceptable industry best practices.
Cable One has a dedicated internal cybersecurity team that oversees information security, cyber and technology risk, and IT compliance.
This team maintains our readiness and security posture by working with independent external cybersecurity advisors to identify, assess,
mitigate and remediate material cyber risks and issues. Cable One conducts annual audits as required for compliance with Sarbanes-Oxley Act (SOX),
Payment Card Industry (PCI) and otherwise where applicable. The cybersecurity team also conducts annual incident response plan rehearsals as well
as third-party penetration testing and risk assessments based on NIST standards and the Cybersecurity Framework (CSF).
As part of our program, we require mandatory cybersecurity, privacy and information handling training for all new associates upon onboarding and
annually thereafter for all associates. We also conduct regular training throughout the year for our associates, including contractors, on topics such as
phishing, social engineering and general cybersecurity awareness. To validate the effectiveness of our training, simulated phishing campaigns are conducted
quarterly for all associates.
At least quarterly, Cable One’s cybersecurity team reports to either the Nominating and Governance Committee of the Cable One Board of Directors or the
full Board on the Company’s technology and cyber risk profile, programs and key initiatives, including the maturity of our cybersecurity framework and how
we compare to certain industry benchmarks.
As part of Cable One’s cybersecurity program, the Company incorporates intelligence sharing about emerging threats through collaboration with other companies
in our industry, consultants and public-private partnerships with government intelligence agencies, such as the Arizona Cyber Threat Response Alliance (ACTRA) and
The Internet and Television Association (NCTA).
In addition, all of Cable One’s business lines, including Sparklight® and each of the associated Cable One family of brands, maintain privacy policies governing data
protection that are publicly available on the commercial website of each Company brand.