CISCO SYSTEMS, INC. 10-K Cybersecurity GRC - 2024-09-05

Page last updated on September 5, 2024

CISCO SYSTEMS, INC. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-09-05 16:41:20 EDT.

Filings

10-K filed on 2024-09-05

CISCO SYSTEMS, INC. filed a 10-K at 2024-09-05 16:41:20 EDT
Accession Number: 0000858877-24-000017

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. Cybersecurity We recognize the critical importance of maintaining the trust and confidence of our customers, employees, and other stakeholders. To help mitigate the cybersecurity risks that we face, we maintain processes for identifying, assessing, and managing such risks. Our incident response functions, which include our Security and Trust Organization (“S&TO”) under the leadership of our Chief Security and Trust Officer, have established internal policies, processes, and procedures to monitor, detect, investigate, respond to, and escalate management of internal and external cybersecurity threats and incidents. We maintain policies and procedures for the escalation of cybersecurity incidents, assessed as potentially being or becoming material, to designated members of our senior management for further assessment. We also, as necessary, inform our independent registered public accounting firm of significant cybersecurity matters and any relevant developments. To help identify, assess, and mitigate cybersecurity threats that we face to our business, S&TO, in addition to its own capabilities, partners with Cisco’s Talos Threat Intelligence Group and third parties, including governments and peer companies, to share and receive threat intelligence and other information. S&TO actively monitors for and evaluates cybersecurity vulnerabilities, threats, and incidents observable on the internet and the dark web. In addition to monitoring risks from threats to our own business, we operate third-party risk management programs to help identify and manage risks from cybersecurity threats arising from third-party suppliers and service providers on which we rely. These programs leverage on-going security-focused risk assessments based on industry practices, audits, and contractual requirements. We strive to embed security into our products and services through the Cisco Secure Development Lifecycle (CSDL). The CSDL introduces security and privacy considerations throughout the lifecycle of our products and services. In addition, S&TO advises business units and functional areas on addressing cybersecurity risks and monitors initiatives to mitigate and manage such risks over time. Our business units or functional areas are responsible for managing risks and ensuring that security policies and standards are implemented within the respective business unit or function. S&TO also conducts mandatory cybersecurity training for our employees and provides employees with tools to report suspected incidents. S&TO engages third parties in connection with our cybersecurity risk management processes, including cybersecurity consultants and auditors, to conduct evaluations of our IT security controls and provide certifications for industry-standard security frameworks. In addition, we maintain a global privacy program to assess and manage privacy risks related to how we are collecting, using, sharing, and storing personal data, which is subject to assessment by an independent, third-party privacy assessor. Our Chief Security and Trust Officer, who reports to our Executive Vice President, Operations, works collaboratively across our business to implement policies and procedures designed to protect our IT environment and our products and services from cybersecurity threats, and to promptly respond to cybersecurity incidents in accordance with our incident response policies and procedures. Our Chief Security and Trust Officer has extensive cybersecurity experience and has served in various roles in information technology and information security for over 25 years. The Chief Security and Trust Officer provides regular reports on the status of cybersecurity risks, priorities, and focus areas to our executive leadership team. In addition, information on cybersecurity risks is further integrated into our broader enterprise risk management program through our internal audit function, which incorporates such information in regular audits of our cybersecurity and data protection controls and processes. Our Board of Directors oversees risks related to cybersecurity threats to our business directly and through its Audit Committee. The Audit Committee receives regular reports on cybersecurity risks, priorities, and focus areas from our Chief Security and Trust Officer at least four times a year and receives a live presentation at least twice a year. Our Board of Directors also regularly receives updates from the Audit Committee on its oversight activities and, on occasion, receives updates directly from our Chief Security and Trust Officer. Additionally, the Chief Security and Trust Officer provides more frequent updates to the Board of Directors and Audit Committee if necessary due to a cybersecurity threat, incident, or other development. As of the date of this Annual Report on Form 10-K, we do not believe our business, operating results, or financial condition have been materially affected by cybersecurity risks, including as a result of previously identified cybersecurity incidents. For more information on our cybersecurity related risks, see “Item 1A. Risk Factors” of this Annual Report on Form 10-K.

Company Information