APPLIED MATERIALS INC /DE 10-K Cybersecurity GRC - 2024-12-13

Page last updated on December 13, 2024

APPLIED MATERIALS INC /DE reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-12-13 16:01:17 EST.

Filings

10-K filed on 2024-12-13

APPLIED MATERIALS INC /DE filed a 10-K at 2024-12-13 16:01:17 EST
Accession Number: 0000006951-24-000044

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C: Cybersecurity Risk Management and Strategy We have implemented processes for assessing, identifying and managing material risks from cybersecurity threats as part of our cybersecurity risk management program. This program includes processes for continuous cybersecurity risk and advanced persistent cybersecurity threat monitoring; cybersecurity attack, vulnerability and cloud security management; and penetration testing. Our cybersecurity risk management program includes a cybersecurity incident response plan and escalation protocols; cybersecurity and data protection policies and training to our employees; a supply chain cybersecurity program to increase awareness, assess supplier security controls, help improve supplier security controls and manage security incidents; a program to protect company, customer and supplier intellectual property by operationalizing strategy, policy and awareness; a privacy and data protection program to keep pace with rapidly evolving global data laws and regulations as well as emerging technologies; engagement of third-party auditors to help assure the effectiveness of internal controls, including cybersecurity controls; and partnership with industry groups, government agencies and third-party experts in an effort to continuously improve our cybersecurity risk management program. We conduct assessments based on the National Institute of Standards and Technology Cybersecurity (“NIST”) Framework to evaluate our program, and we engage third-parties for assistance and to independently assess, proactively monitor, and provide an external view of our cybersecurity program. We conduct risk assessments and tabletop exercises to evaluate the effectiveness of our systems and processes in addressing cybersecurity threats, including threats associated with our use of third-party service providers, and to identify areas for improvements. Our cybersecurity risk management program is integrated with our enterprise risk management (“ERM”) program, and information about cybersecurity risks and our cybersecurity risk management program is reviewed as part of our ERM program, sharing common risk governance and reporting processes that apply across our ERM program. While we are not aware of having directly experienced a cybersecurity incident that has materially impacted our business, financial condition or results of operations, we face risks from cybersecurity threats that, if realized, could reasonably likely materially affect us, our business strategy, results of operations, or financial condition. See “Risk Factors - Operational and Financial Risks - We are exposed to cybersecurity threats and incidents” for additional information about cybersecurity related risks. Governance Our Board of Directors is responsible for overseeing the assessment of major risks facing us, and its Audit Committee oversees our ERM program, including oversight of cybersecurity risks and of our cybersecurity risk management program. The Audit Committee receives quarterly reports from management on our cybersecurity risks and cybersecurity risk management program, and our management regularly updates the Chair of the Audit Committee regarding cybersecurity incidents where appropriate in accordance with our cybersecurity incident response plan and escalation protocols. The Audit Committee reports to the full Board regarding its activities, including those related to cybersecurity, and management reports to the full Board on our cybersecurity risks and cybersecurity risk management program at least annually. Our management has day-to-day responsibility for assessing and managing material risks from cybersecurity threats, including implementing risk mitigation plans, processes and controls, and managing our cybersecurity risk management program. Our Chief Information Security Officer (“CISO”), who has more than 20 years of experience in information security management, is primarily responsible for managing our cybersecurity risk management program, cybersecurity incident response plan and escalation protocols, and reports at least quarterly to the Audit Committee and at least annually to the full Board on our cybersecurity, data and intellectual property security programs, policies, risks and controls. The CISO reports to our Chief Information Officer (“CIO”), who has more than 30 years of experience in information technology and is responsible for administering secure and scalable security infrastructure. The CIO reports to our Chief Digital Officer, who has more than 37 years of experience in information technology. Our management team’s efforts to prevent, detect, mitigate and remediate cybersecurity risks and incidents are informed by reviews with our information technology security teams, receipt of threat intelligence and other information obtained from governmental, public or private sources, including external consultants engaged by us, periodic assessments against the NIST Framework and through alerts and reports produced by security tools deployed in our information technology environment.

Company Information