Cybersecurity

Operating a leading global airline today requires a constant focus on safety and security. United can only connect people and unite the world when we protect our systems and data from increasingly persistent, brazen and creative attempts to test controls, manipulate individuals to gain unauthorized access or disrupt operations. We leverage tools, training and technologies to help safeguard the systems, people and processes that keep our airline running. United embeds cybersecurity measures into its operations through a risk-based, defense-in-depth approach designed to support continuity, reliability and trust in an evolving environment.

Key highlights

2025 CSO Award winnerThis award from Foundry’s CSO was for an initiative that redefined secure connectivity in aviation by turning each aircraft into a secure, intelligently segmented flying network

Established CECDLPThe established Cybersecurity Early Career Digital Leadership Program (CECDLP) includes 11 associates, with three new hires and eight existing early-career employees joining the program

Responsible AI frameworkOur Responsible AI framework continues to guide ethical, transparent, secure and accountable AI use

The importance of cybersecurity

Our digital infrastructure forms the backbone of our operations, powering everything from flight management systems to passenger data management. As we continue to move forward with innovative digital transformation, such as leveraging AI-powered systems to enhance transparency, improve decision-making and create seamless travel experiences, we remain focused on adapting to ongoing and emerging threats. This focus supports our efforts to strengthen our cybersecurity strategy and help safeguard the critical systems that keep our airline running and passengers connected through every step of their travel journey.

Like other global enterprises, United recognizes that cybersecurity threats cannot be eliminated entirely. Accordingly, we focus on prevention, rapid detection, effective response and recovery — to minimize potential impact.

Cybersecurity governance

At United, managing cybersecurity and digital risk is fundamental to our success. The Chief Information Security Officer (CISO) leads the Cybersecurity and Digital Risk (CDR) organization within United, which is responsible for the Company’s approach to preventing, detecting, mitigating and remediating cybersecurity and digital risks. The CDR organization includes dedicated teams specializing in cyber defense, secure products and solutions (including aircraft cybersecurity operations), identity and digital trust, and digital risk management and compliance. With support and oversight from the United executive team, the CISO collaborates closely with cross-functional teams across Safety, Security, Government Affairs, Communications, Digital Technology, Legal, Audit, Human Resources, Facilities and Corporate Risk.

The Audit Committee provides oversight of our risk assessment and risk management policies and strategies with respect to significant business risks, including cybersecurity and digital risk. As part of this oversight, the Audit Committee regularly receives reports from the CISO — as well as our Chief Information Officer, Chief Risk Officer, Chief Legal Officer and Chief Compliance Officer — regarding our processes for assessing, identifying and managing cybersecurity risks, including, when applicable, notable cybersecurity threats or incidents impacting the aviation sector and the Company; results of independent third-party assessments of the Company's cybersecurity; key program metrics, capabilities, resourcing and strategy regarding the Company's cybersecurity program; and updates related to cybersecurity regulatory developments.

Learn more

Find out about our Cybersecurity Risk Management and Strategy, Board and Management Oversight, and Incident Management by reviewing Item 1C of the United Annual Report for 2025.

Our approach

United continuously evolves its cybersecurity and digital risk capabilities to address emerging threats, regulatory expectations and technology change. This includes ongoing investments in governance, workforce development, resilience and risk-based decision-making, aligned with the Company’s broader enterprise risk-management framework. Informed by industry-standard cybersecurity and risk-management frameworks developed by the National Institute of Standards and Technology (NIST) (which encompass governance and the ability to identify, protect, detect, respond to and recover from cybersecurity threats), United is positioned to appropriately manage and reduce cybersecurity risks. Through strategic investments in people, processes and technology, United seeks to integrate cybersecurity across the enterprise to support safe, reliable business outcomes.

The United cybersecurity strategy reinforces our unwavering commitment to operational excellence and fosters a culture of cybersafety and resilience. We aim to:

Collaborate with the industry

We actively collaborate with regulators, industry peers and cybersecurity experts through partnerships like Airlines for America’s Cybersecurity Council and multiple Information Sharing and Analysis Centers (ISAC). As members of the Aviation and Retail and Hospitality ISACs, we collectively enhance threat intelligence sharing and resilience. Our Vulnerability Disclosure Program is designed to strengthen our cybersecurity posture by encouraging security researchers to identify and report potential vulnerabilities. These efforts are designed to help safeguard our operations and customers while reinforcing the broader aviation ecosystem and U.S. critical infrastructure.

View more about Collaborate with the industry

Foster cybersecurity education and professional development

We empower our employees with knowledge and training that helps them recognize and thwart potential cyber incidents, enhancing the safety and security of our operations and data. As part of this effort, our annual corporate compliance training includes dedicated modules on cybersecurity and privacy, reinforcing our commitment to protecting sensitive information and maintaining a strong security culture.

View more about Foster cybersecurity education and professional development

Invest in initiatives

We have established initiatives such as Innovate — a full-time program that allows interns, new college graduates and early-career professionals to explore the business and long-term careers at United — to help us build a highly capable and skilled workforce by identifying and nurturing talent. Building on this success, we have established the Cybersecurity Early Career Digital Leadership Program (CECDLP), a rotational program designed for early-career talent, including individuals without traditional STEM backgrounds and those from frontline roles. The rotational structure provides targeted training and hands-on exposure across key cybersecurity and digital risk functions (as well as mentorship) to build foundational expertise and long-term career mobility.

View more about Invest in initiatives

Promote responsible AI and emerging technology

At United, we embrace AI as a powerful tool to enhance customer and employee experiences. Artificial intelligence enables us to provide clearer communication, improve customer support and optimize travel experiences — whether through proactive flight updates or smart baggage tracking. For our employees, AI-supported tools provide real-time insights, optimize workflows and facilitate feedback, allowing them to deliver exceptional results.

As we integrate AI into our operations, we remain committed to using it responsibly. This includes prioritizing fairness, transparency and accountability in AI-driven decisions and helping ensure that our technology empowers people. Our responsible AI principles guide the Company in developing and deploying these innovations to maintain trust and create meaningful benefits for our customers and employees. These principles are supported by cybersecurity, privacy and data governance controls designed to help mitigate risks associated with AI technologies.

View more about Promote responsible AI and emerging technology

Support supply chain cybersecurity

United relies on many suppliers and governmental entities to accomplish our mission, so we necessarily extend our vigilance to our supply chain and work with our partners to improve the resilience of our entire ecosystem. By seeking appropriate commercial and legal protections and monitoring supplier cybersecurity risks, we assess and mitigate potential vulnerabilities that could impact our operations and customers. Our risk-management framework includes security assessments, compliance reviews and threat intelligence sharing — all intended to identify and address emerging risks. We also promote accountability by setting clear security expectations, seeking adherence to industry best practices and working closely with our key vendors to strengthen their cybersecurity posture.

Please refer to the Supply Chain Resilience section of this report for more details.

View more about Support supply chain cybersecurity

Data protection

We recognize the importance of protecting personal data and are committed to complying with applicable privacy laws and regulations. United relies on our data privacy principles to guide our actions and build trust among our employees, customers and business partners.

Adherence to these principles and safeguards supports accountability and strengthens our commitment to data privacy and cybersecurity.

Learn more about our privacy practices.

Building trust through responsible data practices

Clear notice

Provide clear communication at the time of collection of personal data.

Limited collection

Limit the collection and retention of personal data to needed business purposes only.

Access control

Implement access controls and manage third-party use of personal data.

Risk mitigation

Employ technical measures and controls to mitigate both the risk of loss and unauthorized access to personal data.