Operational Excellence

Physical/Cyber Security & Data Privacy

New technology brings new challenges, and cybersecurity has been identified as a key enterprise risk for the company. Our information security group works with local, state, and federal agencies, as well as our peers in the energy business, to identify and employ the latest technological tools to protect our customers and our equipment. We collaborate with these partners to share threat information and best practices, and conduct large-scale joint cybersecurity drills to help protect the electric industry against cyber attacks.

Internally, as disclosed in our Proxy Statement, Con Edison has cybersecurity key performance indicators that are tied to executive compensation. An annual presentation on cybersecurity risks continues to be provided to the Board of Directors and the Audit Committee of the Board has commenced reviewing more in-depth cybersecurity matters on a semi- annual basis. In addition, the Board of Directors receives regular updates as to cybersecurity risks from management.

With the threat of cybercrime constantly becoming more acute, we continue to strengthen our data-protection efforts. They include 24/7 monitoring, vulnerability assessments, employee education, regular drills, and phishing tests. We consistently earn passing grades on audits that assess our cybersecurity and data-protection standards, and we are in compliance with reporting requirements from the Federal Energy Regulatory Commission and North American Electric Reliability Corporation. As for grid resiliency, there have been no material violations or fines due to non-compliance with physical and/or cybersecurity standards or regulations.

To hear more about our cybersecurity program and other topics, visit https://soundcloud.com/con-edison