InterDigital, Inc. 10-K Cybersecurity GRC - 2025-02-06

Page last updated on February 6, 2025

InterDigital, Inc. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2025-02-06 08:34:12 EST.

Filings

10-K filed on 2025-02-06

InterDigital, Inc. filed a 10-K at 2025-02-06 08:34:12 EST
Accession Number: 0001405495-25-000011

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. CYBERSECURITY. We take a defense-in-depth approach, leveraging multiple, layered security measures, to protect our data, our customers’ data, our infrastructure, and our employees. We embed data protection throughout our operations and information technology programs, relying on multiple and various controls to prevent and detect threats, with the goal of safeguarding our assets, data and personnel. InterDigital evaluates cybersecurity risks as part of our overall enterprise risk management . A cybersecurity steering committee of senior executives is responsible for assessing and managing cybersecurity risks. The steering committee meets annually to evaluate any changes to the Company’s exposure to cybersecurity risks, discuss potential mitigation plans and provide updates on mitigation efforts already underway. The steering committee is led by the Director of Cybersecurity & Networks, a cybersecurity professional with 20 years of experience and industry-recognized certifications. The Director of Cybersecurity & Networks reports directly to the Chief Information Officer (“CIO”) and manages our cybersecurity team, which uses multiple internal and external sources to keep up to date on the latest threats and risks and manages a process to evaluate cybersecurity risks associated with third-party service providers. Our cybersecurity team also maintains a comprehensive set of cybersecurity policies and standards. We continually reassess and review our cybersecurity strategy and policies, including through tabletop exercises, to identify and proactively address the constant changes in the global threat landscape. We also engage external vendors to assess the cybersecurity program as needed, including annual multi-stage penetration testing of our IT environment by independent third parties. The Audit Committee of our Board oversees risk from cybersecurity threats. The Audit Committee of the Board and the full Board each receive quarterly updates on cybersecurity risks identified through the enterprise risk management processes described above. The comprehensive set of cybersecurity policies and standards maintained by the cybersecurity team includes a security incident response framework. The framework is a set of coordinated procedures and tasks that the InterDigital incident response team executes to ensure timely and accurate reporting and resolution of computer security incidents. The framework details who, how and when appropriate persons or committees, including the CIO, cybersecurity steering committee, and Audit Committee are kept informed on the status of potential cybersecurity incidents. The CIO also presents a summary of recent incidents at each regular Audit Committee meeting. Notwithstanding the extensive approach we take to cybersecurity, we may not be successful in preventing or mitigating a cybersecurity incident that could have a material adverse effect on us. However, to date, cybersecurity threats have not materially affected us , including our business strategy, results of operations, or financial condition. We identify nation state-sponsored threat actors and the rise in sophistication and proliferation of criminal cyber threat actors and ransomware campaigns as top reasonable material risks to the business. The theft, unauthorized use or publication of our intellectual property and/or confidential business or personal information (whether through a breach of our own systems or the breach of a system of a third party that provides services to us) could harm our competitive or negotiating positions, reduce the value of our investment in research and development and other strategic initiatives, compromise our patent enforcement strategies or outlook, damage our reputation or otherwise adversely affect our business. See Item 1A. “Risk Factors” for a discussion of cybersecurity risks.

Company Information