SILICON LABORATORIES INC. 10-K Cybersecurity GRC - 2025-02-04

Page last updated on February 4, 2025

SILICON LABORATORIES INC. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2025-02-04 15:18:01 EST.

Filings

10-K filed on 2025-02-04

SILICON LABORATORIES INC. filed a 10-K at 2025-02-04 15:18:01 EST
Accession Number: 0001038074-25-000003

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. Cybersecurity Risk Management and Strategy Our Board of Directors oversees our risk management program, and because information security is a top priority and an important component of our day-to-day operations, cybersecurity is part of our overall approach to enterprise risk management. The scope of cybersecurity risk management encompasses all aspects of business operations, including supply chain risks and production manufacturing operations. Our cybersecurity practices are based on industry practices and frameworks such as those established by the International Organization for Standardization and the National Institute of Standards and Technology. We recognize the importance of the continued protection of our employee, customer, supplier and partner data and address operational risks from cybersecurity threats through a cross-functional approach focused on preserving the confidentiality, integrity and availability of the information that we collect, process and store. We have implemented cybersecurity policies, processes, and controls to assist management in our assessment, identification and management of risks from cybersecurity threats. Our Security Operations team scans the infrastructure, monitors events, analyzes threats, and coordinates our incident response pursuant to our incident response plan, which includes the process to be followed for reporting of incidents. Our cybersecurity risk management involves identifying information assets, their sensitivity and potential threats, followed by assessing and prioritizing risks. We employ various tools and techniques like threat modeling, vulnerability scanners, and penetration testing. Based on the assessment, security measures are planned, prioritized and implemented. We have implemented regular security awareness training programs for employees to educate them on cybersecurity best practices and to recognize social engineering and phishing attempts. We also assess and manage cybersecurity risks associated with relevant third-party service providers, including those in our supply chain or who have access to our data or systems. Our cybersecurity process is iterative, with regular reviews and updates to help improve and keep abreast of a dynamic and continuously evolving threat landscape. We describe whether and how risks from cybersecurity threats have materially affected or are reasonably likely to materially affect us, our business strategy, results of operations, or financial condition under the headings “We may be the victim of business disruptions and security breaches, including cyber-attacks, which could lead to liability or could damage our reputation and financial results” and “We may be subject to information technology failures that could damage our reputation, business operations and financial condition” included as part of our risk factors disclosures in “Risk Factors” above. In the last three fiscal years, we have not identified material cybersecurity incidents, and the expenses we have incurred from cybersecurity incidents were immaterial, including penalties and settlements, of which there were none. Governance Our Board of Directors is responsible for risk management oversight and has delegated to our Audit Committee oversight responsibility for reviewing the effectiveness of our governance and management of cybersecurity risks. The Audit Committee regularly reviews our policies and practices with respect to risk management, including cybersecurity risks, and reports to the full Board of Directors based on these reviews. The Audit Committee also receives a report containing information security risk posture details, remediation plan execution progress and pertinent threat intelligence updates from the Chief Security Officer (“CSO”) on a quarterly basis. At least annually, but more frequently as necessary, threats from cybersecurity risks and our action plans relating to those risks also are considered by the full Board during meeting discussions of enterprise risks. Members of management, including the Chief Executive Officer, Chief Financial Officer and Chief Legal Officer may also report directly to the Board of Directors on significant risk management issues, including cybersecurity threats and incidents. We have an Executive Security Steering Council (the “ESC”) comprised of members of our executive team, our Chief Information Officer, and CSO. Our CSO, in coordination with the ESC, works collaboratively to implement our enterprise-wide cybersecurity strategy, policy, standards, architecture, and processes. Our Security Operations, Security Engineering, and Governance teams communicate with and report to the CSO, enabling the CSO and the ESC to monitor the detection, mitigation, and remediation of cybersecurity incidents . Our CSO has over 27 years of security experience in multiple relevant technology and leadership disciplines, including prior work experience leading cybersecurity teams, business strategies and security solution architecture. He also holds several relevant degrees and certifications, including as a Certified Information Systems Security Professional (“CISSP”) and a Certified Secure Software Lifecycle Professional (“CSSLP”), and holds Honors BSc degrees in Computer Science and Physics.

Company Information