Page last updated on November 15, 2024
SKYWORKS SOLUTIONS, INC. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-11-15 16:37:43 EST.
Filings
10-K filed on 2024-11-15
SKYWORKS SOLUTIONS, INC. filed a 10-K at 2024-11-15 16:37:43 EST
Accession Number: 0000004127-24-000131
Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!
Item 1C. Cybersecurity.
ITEM 1C. CYBERSECURITY. Cybersecurity Risk Management and Strategy We have developed and implemented processes for identifying, assessing, and managing cybersecurity risks as part of our overall enterprise risk management program. These processes are designed to protect our information technology and operational systems against cybersecurity threats. In connection with the operation of our program, we take into consideration guidance from various recognized cybersecurity industry frameworks and standards such as the National Institute of Standards and Technology Cybersecurity Framework (“NIST CSF”) and the International Organization for Standardization (“ISO”) 27001 standards. This does not mean that we adhere to any particular frameworks or meet any particular standards, but rather that we use industry frameworks and standards as a guide to help us identify, assess, and manage cybersecurity risks relevant to our business. Information about cybersecurity risk is collected as part of our overall enterprise risk management program, including as part of the annual enterprise risk assessment survey conducted by our internal audit team, the results of which are summarized and provided to our Audit Committee. We devote significant resources and efforts to protecting the security of our information technology and operational systems, including utilizing threat monitoring and commissioning assessments by third parties, taking guidance from ISO information security standards, and conducting proactive risk and compliance reviews against regulatory, industry, and evolving data privacy requirements. We provide training to our employees on our acceptable use policy, our data protection methods, and social engineering tactics used by threat actors, including through simulated phishing attacks. We maintain a cross-functional cybersecurity incident management procedure with defined roles, responsibilities, and reporting protocols that is designed to timely respond to, investigate, mitigate, remediate, and if appropriate, disclose, a cybersecurity incident. Furthermore, we practice our response to potential cybersecurity incidents through tabletop exercises. As part of our selection process for certain third-party service providers, we evaluate components of their cybersecurity risk management programs using various factors. We engage third-party providers to provide ongoing threat monitoring, mitigation strategies, updates on emerging trends, security assessments, and penetration testing. We also receive updates from law enforcement and industry groups on emerging cybersecurity trends and the latest threats, and we have standing engagements with incident response experts. As of the date of this Annual Report on Form 10-K, we have not identified any risks from cybersecurity threats that have materially affected or are reasonably likely to materially affect our company, including our business strategy, results of operations, or financial condition. For additional information regarding risks we face, please refer to “We may not be able to prevent, or timely detect, information technology security breaches” in Item 1A, “Risk Factors,” in this Annual Report on Form 10-K. Cybersecurity Governance Our Board of Directors (“Board”) is responsible for our risk oversight, with the Audit Committee specifically overseeing management’s cybersecurity risk management program. In this role, the Audit Committee receives quarterly updates from members of management, including the vice president, information technology and CIO, who oversees our information technology function (“CIO”) and another vice president who supports the CIO in implementing, monitoring and updating the cybersecurity risk management program, as well as addressing existing and emerging cybersecurity threats and managing cybersecurity incidents (“Head of Information Security”). The Board receives regular reports from the Audit Committee, as well as an annual cybersecurity report from management, including the CIO, highlighting key activities of the Company’s cybersecurity team, including internal initiatives and updates and external engagements with third party cybersecurity firms, recent incidents throughout the industry and the emerging threat landscape. Our CIO has more than 25 years of experience in information technology and reports to our Chief Financial Officer. Our Head of Information Security, who reports to the CIO, has over 20 years of experience managing global information technology and cybersecurity operations and holds multiple industry-recognized certifications such as Certified Information Systems Security Professional and Certificate of Cloud Security Knowledge.
Company Information
| Name | SKYWORKS SOLUTIONS, INC. |
| CIK | 0000004127 |
| SIC Description | Semiconductors & Related Devices |
| Ticker | SWKS - Nasdaq |
| Website | |
| Category | Large accelerated filer |
| Fiscal Year End | September 26 |