Cybersecurity
Our Approach
Our cybersecurity strategy emphasizes mitigating cyber risk exposure and continuous improvement of cyber defense and resilience capabilities.
Peabody’s cybersecurity strategy emphasizes:
- Proactive management of cyber risk to ensure compliance with contractual, legal and regulatory requirements;
- Performing due diligence on third parties to ensure they have sound cybersecurity practices;
- Ensuring essential business services remain available during a business disruption;
- Implementing data policies and standards to protect sensitive company information; and
- Exercising cyber incident response plans and risk mitigation strategies to address potential incidents should they occur.
Cybersecurity is a significant pillar of risk management at Peabody.
The Board maintains direct oversight over cybersecurity risks and oversees an enterprise-wide approach to risk management, designed to support the achievement of organizational objectives to enhance long-term performance and stockholder value. The Board, as a whole, and through its committees, is responsible for the oversight of risk management and Peabody’s management is responsible for the day-to-day management of the risks the Company faces. Senior leadership, including Peabody’s Chief Information Security Officer, regularly briefs the Board on cybersecurity matters and the Board is informed of cybersecurity incidents deemed to have a moderate or higher business impact, even if such incidents are determined to be immaterial, on an ongoing basis.
Our Performance
In 2023, there were no breaches that resulted in loss of privacy, data or company information for customers or employees. All Peabody employees who have access to Peabody data or systems are required to complete annual cybersecurity training. The board of directors also completes annual training. Employees who have access to sensitive data complete targeted training that addresses specific security risks.
While Peabody has experienced cybersecurity incidents in the past, to date none have materially affected the Company’s business strategy, results of operations or financial condition. Peabody continues to invest in the cybersecurity and resiliency of its networks and to enhance its internal controls and processes, which are designed to help protect its systems and infrastructure, and the information they contain. Peabody’s global cybersecurity department is responsible for overall cybersecurity strategy, policy, operations and cybersecurity incident response. As part of the Company’s information security training program, all employees and directors participate in annual cybersecurity awareness training, including formal training and simulated phishing events. We maintain an updated cybersecurity policy and incident response plan.