ELECTRONIC ARTS INC. 10-K Cybersecurity GRC - 2024-05-22

Page last updated on July 16, 2024

ELECTRONIC ARTS INC. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-05-22 16:12:19 EDT.

Filings

10-K filed on 2024-05-22

ELECTRONIC ARTS INC. filed a 10-K at 2024-05-22 16:12:19 EDT
Accession Number: 0000712515-24-000023

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C: Cybersecurity In the ordinary course of our business, we collect, use, store, and digitally transmit confidential and personal information. The secure maintenance of this information and our information technology systems is important to our operations, business strategy, and maintaining the trust of our players, employees, and partners. To this end, we have implemented policies, practices and programs designed to assess, identify, and manage risks from potential unauthorized occurrences on or through our information technology systems that may result in adverse effects on the confidentiality, integrity, and availability of these systems and the data residing therein. These processes are managed and monitored by dedicated information technology security teams, which are led by our Chief Information Security Officer. They include mechanisms, controls, technologies, systems, and other processes designed to maintain a stable information technology environment and protect against unauthorized access, use, destruction, modification or disclosure of confidential and personal information, and other information security incidents affecting our operations or the availability of our products and services. For example, we invest in tools to detect suspicious activity in accounts, give players the ability to use two-factor authentication and work to prevent the creation of mass user accounts. We also regularly test our defenses through penetration and vulnerability testing. We implement controls and procedures designed to mitigate risk with third-party vendors and business partners who have access to confidential and personal information, including by conducting a formalized security risk assessment. Security risks identified in security risk assessments are remediated, and/or formally documented, and in some cases the business relationship may be ended or not pursued. Our employees and certain contractors are required to complete mandatory annual security training. These trainings raise awareness of security practices and educates employees to protect information assets and infrastructure. We consult with outside advisors and experts when appropriate to assist in assessing, identifying and managing cybersecurity risks, including providing an independent analysis of our preparedness, assessing and managing the current risk environment and assisting us in preparing for future threats and trends. Our Chief Information Security Officer, who reports directly to our Chief Technology Officer, Enterprise & Platform Services, has extensive experience managing information technology and cybersecurity matters and is responsible for assessing and managing cybersecurity risks. Risks associated with cybersecurity are integrated into our overall enterprise-wise enterprise risk assessment and more closely monitored by our information technology security teams. We face ongoing cybersecurity risks that, if realized, could materially impact our business, operations and financial results. During the reporting period, we did not experience any cybersecurity incident that has had, or is reasonably likely to have, a material impact on our operations or financial results. Additional information on cybersecurity risks we face is discussed in Part I, Item 1A, “Risk Factors,” under the heading “We have and may continue to experience security breaches and cyber threats.” Our Board of Directors maintains ultimate oversight over risks associated with cybersecurity and receives updates at least annually from our Chief Information Security Officer. In addition, our Audit Committee, which is composed solely of independent directors, receives updates from our Chief Information Security Officer on a quarterly basis, and more frequently as appropriate, that provide additional detail about the steps we take to monitor and mitigate these risks.

Company Information