To protect our technology advantage and sustain our operations, we safeguard our data and systems with sophisticated tools and processes.

Devon mitigates cybersecurity risk with an industry-leading corporate information security policy and program.

Devon’s digital security team deploys an array of processes and tools including artificial intelligence, process automation, data analytics and other techniques to sustain our technology advantage in the field and in the office. Our investment in tools and processes that establish security inside and outside of Devon’s walls, as well as our cloud-based productivity suite, enabled Devon employees to quickly and safely adapt to working remotely during the COVID-19 pandemic in 2020.

As our use of technology and reliance on data have increased, we’ve expanded our cybersecurity measures to include the involvement of the audit committee of our board of directors, which oversees the company’s enterprise-risk-management program. The audit committee and full board receive regular updates on technology and cybersecurity risks and trends from Devon management. The chair of the audit committee has completed the NACD Cyber-Risk Oversight Program and earned Carnegie Mellon’s *CERT Certificate in Cybersecurity. In addition, five Devon directors have experience with technology or cybersecurity.

We mitigate cybersecurity risk with an industry-leading corporate information security policy and program aligned with the National Institute of Standards and Technology (NIST) Cybersecurity Framework, which is assessed by third- party experts. We exercise and test our incident response and disaster-recovery plans as part of Devon’s corporate level emergency preparedness program. In 2019, our exercises included hiring a third party to infiltrate our system to test our response.

Our information systems are managed by a team of highly trained security professionals who have weekly discussions about cyberthreats, incidents and effective prevention. The team proactively develops, uses and shares cyberthreat intelligence, augmenting human intelligence with appropriate levels and layers of automation.

In addition, we encourage a culture of prevention in our workforce. Devon provides cybersecurity awareness training for all employees and contractors, specific training for teams that have access to sensitive data, and recognition of employees who help us avoid cybersecurity events. We enforce responsible use of information systems as described in our Code of Business Conduct and Ethics, the Information System General Usage Policy and related policies.

Devon had no business interruptions from cyberattacks in 2019 and has not suffered material losses from cyberattacks to date. We’ll continue to focus on prevention and best practices to secure our technology assets.