Cybersecurity

Crestwood recognizes that there are ever-evolving, inherent risks associated with cybersecurity in the industry in which we operate. To mitigate the risks of cyber threats across the organization, we continuously train our employees as an extension of our defense in identifying and reporting suspicious activity. 

Our Approach

As with any key operational risk, Crestwood has a robust governance structure around cybersecurity. Our approach is governed at the Board level through the Audit Committee where our senior vice president of internal audit, technology and implementation services provides frequent updates to the committee and executive management. Internally, a Cybersecurity Steering Committee, which is represented by a cross-section of leaders, meets on a quarterly basis and is responsible for developing Crestwood’s cybersecurity goals and objectives, executing penetration tests and monitoring current trends and threats. Our framework extends to all stakeholders at Crestwood where our goal is to protect privacy, equipment and sensitive information in both the corporate network and throughout the field. 

Our Journey and Progress

Since the inception of our cybersecurity program in 2018, we have continued to strengthen the program, systems and methodology to remain agile as the threat landscape continuously changes. Crestwood’s Cybersecurity team has matured our program using advanced artificial intelligence technology, robust back-up solutions and by partnering with industry leading vendors. 

In response to recent industry-related cyber breaches, we proactively evaluated our security footprint which included a review of services, systems and vendors. Executive leadership strongly supported the recommendations identified by the technology department to enhance our cybersecurity incident detection and response resources, resulting in an elevated program. We approach the program with a continuous improvement mindset to remain nimble, allowing us to enhance, modify and respond to the changing landscape. 

To further mitigate threats, we collaborate with regulatory agencies and take part in external events to learn and share best practices. We actively participated in establishing the Energy Infrastructure Council’s cybersecurity committee and continue leading industry-wide workshops.

Employees: Our Best Defense Against Cyber Attacks

At Crestwood, everyone has the responsibility to protect and secure our business activities. We educate our employees through a variety of cybersecurity trainings and awareness programs. We distribute monthly technology tips to keep work and personal-use devices safe and conduct simulated cybersecurity attacks as practice exercises. 

 

100% of our employees participated in cybersecurity training

Due to the serious nature and risk of a cybersecurity attack, training is required annually by all employees. Recognizing that our success is directly tied to each of our employees’ actions, we tied the success of our external cybersecurity penetration testing to our employee and executive compensation. In 2021, 100% of our employees participated in cybersecurity training. Part of this training included our Cybersecurity team proactively conducting 12 simulated phishing campaigns and information privacy scams on approximately 600 users with a 95% success rate. 

Looking Ahead

Building upon our robust approach to risk management and cybersecurity in 2021, we will focus on: