Cybersecurity

Operating the world’s leading airline in a dynamic and fast-evolving digital landscape requires an unwavering focus on safety and security. United’s mission of connecting people and uniting the world can only be fulfilled when we effectively prioritize and maintain cyber resilience. By embedding advanced cybersecurity measures into our operations, United not only takes steps to defend against evolving threats, but also to help ensure continuity, reliability and trust in a rapidly changing technological ecosystem.

Key Highlights

2024CSO Award Winner from Foundry’s CSO for our innovative approach to securing critical airport operational technology systems

NEWcybersecurity rotational program designed to build technical expertise for early-career talent

NEWResponsible AI framework supports ethical, transparent and accountable AI use

The importance of cybersecurity

Our digital infrastructure forms the backbone of our operations, powering everything from flight management systems to passenger data management. As we continue to move forward with innovative digital transformation, such as leveraging AI-powered systems to enhance transparency, improve decision-making and create seamless travel experiences, we remain focused on adapting to ongoing and emerging threats. This focus enables us to continue enhancing our cybersecurity strategy and endeavor to safeguard the critical systems that keep our airline running and our passengers connected through every step of their travel journey.

Managing cybersecurity

At United, managing cybersecurity and digital risk is fundamental to our success. The Chief Information Security Officer (CISO) leads the Cybersecurity and Digital Risk (CDR) organization within United, which drives the Company’s approach to identifying and mitigating cybersecurity and digital risks. The CDR organization includes dedicated teams specializing in cyber defense, secure products and solutions, identity and digital trust, and digital risk management and compliance. With support and oversight from United executives and the Board of Directors, the CISO collaborates closely with cross-functional teams across Safety, Security, Government Affairs, Communications, Digital Technology, Legal, Audit, Human Resources, Facilities and Corporate Risk.

The Board’s Audit Committee provides oversight of United’s risk assessment and management strategies for significant business risks, including cybersecurity and digital risk. As part of this oversight, the Audit Committee regularly receives reports from the CISO or designated representatives on cybersecurity risk management efforts, including significant threats or incidents impacting the aviation sector, results of independent third-party assessments, key program metrics, capabilities and resourcing. These reports also include updates on regulatory developments and strategic initiatives, aligning United’s cybersecurity capabilities with its broader risk management framework.

Our approach

United’s CDR organization established a risk-based approach to enable a cyber-safe, secure and resilient airline operation. Guided by industry-standard cybersecurity and risk management frameworks developed by the National Institute of Standards and Technology (NIST), which incorporates functions to govern, identify, protect, detect, respond and recover from cybersecurity threats, United is well positioned to appropriately manage and reduce cybersecurity risks. By strategically investing in people, processes and technology, United seeks to integrate cybersecurity across the enterprise to support business outcomes.

United’s cybersecurity strategy reinforces our unwavering commitment to operational excellence while fostering a culture of cyber safety and resilience; we aim to:

Collaborate with the industry
We actively collaborate with regulators, industry peers and cybersecurity experts through partnerships like Airlines for America’s Cybersecurity Council and multiple Information Sharing and Analysis Centers (ISACs). As members of the Aviation and Retail and Hospitality ISACs, we collectively enhance threat intelligence sharing and resilience. Our Vulnerability Disclosure Program(VDP) further strengthens our cybersecurity posture by encouraging security researchers to identify and report potential vulnerabilities. These efforts help safeguard our operations and customers while reinforcing the broader aviation ecosystem and U.S. critical infrastructure.
Foster cybersecurity education and professional development
We empower our employees with knowledge and training that enables them to recognize and thwart potential cyber incidents, enhancing the safety and security of our operation and data. As part of this effort, our annual corporate compliance training includes dedicated modules on cybersecurity and privacy, reinforcing our commitment to protecting sensitive information and maintaining a strong security culture.

Initiatives such as Innovate, a full-time program that allows interns and new college graduates to explore different areas of the business and long-term career at United, have laid the foundation for building a highly capable and skilled workforce by identifying and nurturing talent. Building on this success, we launched the cybersecurity pathway, a rotational program designed to help individuals from nontraditional educational backgrounds break into cybersecurity. This program provides specialized training, hands-on experience across key cybersecurity domains and mentorship to develop expertise and advance within the field.
Promote responsible AI and emerging technology
At United, we embrace AI as a powerful tool to enhance customer and employee experiences. AI enables us to provide clearer communication, improve customer support and optimize travel experiences—whether through proactive flight updates, AI-supported contact centers or smart baggage tracking. For our employees, AI-supported tools provide real-time insights, optimize workflows and facilitate feedback, allowing them to deliver exceptional results.

As we integrate AI into our operations, we remain committed to using it responsibly. This includes prioritizing fairness, transparency and accountability in AI-driven decisions and helping ensure our technology empowers people. Our responsible AI principles guide the Company on how we develop and deploy these innovations to maintain trust and create meaningful benefits for our customers and employees.
Support supply chain cybersecurity
United relies on many suppliers and governmental entities to accomplish our mission, so we necessarily extend our vigilance to our supply chain and collaborating with our partners to improve the resilience of our entire ecosystem. Through seeking appropriate commercial and legal protections and monitoring of supplier cybersecurity risk, we assess and mitigate potential vulnerabilities that could impact our operations and customers. Our risk management framework includes security assessments, compliance reviews and threat intelligence sharing, to identify and address emerging risks. Additionally, we drive accountability by setting clear security expectations, seeking adherence to industry best practices and working closely with vendors to strengthen their cybersecurity posture.

Data protection

We recognize the importance of protecting personal data and are committed to complying with applicable privacy laws and regulations. United relies on our data privacy principles to guide our actions and build trust amongst our employees, customers and business partners. These principles include providing clear notice at the time of collection of personal data, limiting the collection and retention of personal data, implementing access controls and managing third-party use of personal data. We also employ technical measures and controls designed to mitigate the risk of loss and unauthorized access to personal data. Adherence to these principles and safeguards keeps us accountable and strengthens our commitment to data privacy and cybersecurity.

Learn more about our privacy practices.