COGNIZANT TECHNOLOGY SOLUTIONS CORP 10-K Cybersecurity GRC - 2025-02-12

Page last updated on February 12, 2025

COGNIZANT TECHNOLOGY SOLUTIONS CORP reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2025-02-12 16:46:32 EST.

Filings

10-K filed on 2025-02-12

COGNIZANT TECHNOLOGY SOLUTIONS CORP filed a 10-K at 2025-02-12 16:46:32 EST
Accession Number: 0001058290-25-000017

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C . Cybersecurity Risk Management and Strategy Cybersecurity risk management is an integral part of our overall enterprise risk management program. Our cybersecurity risk management program, which is managed by Cognizant’s Corporate Security team, is designed to identify, assess and manage risks from cybersecurity threats and provides a framework for handling cybersecurity threats and incidents. The program is also aligned with the risk assessment framework established by the enterprise risk management team. Our cybersecurity risk management framework includes steps for assessing the severity of a cybersecurity threat (including an escalation process for potentially material cybersecurity threats and incidents to an internal committee comprised of members of senior management), identifying the source of a cybersecurity threat (including whether the cybersecurity threat is associated with a third-party service provider), implementing cybersecurity countermeasures and mitigation strategies. The internal committee is responsible for assessing the materiality of cybersecurity threats and incidents and informs designated members of executive leadership and of the Board of Directors of material cybersecurity threats and incidents. Cognizant’s cybersecurity risk management program is guided by industry-recognized security frameworks, including ISO/IEC 27001, TISAX and NIST. The program is periodically audited as part of external certification audits. We also engage third-party cybersecurity experts to assist with risk assessment and conduct penetration testing among other items. Key findings from the audits and third-party risk assessments are summarized and communicated to the Company’s senior leadership and the Audit Committee, and remediation actions are implemented to enhance our overall cybersecurity program. We require our vendors to comply with privacy and cybersecurity requirements, and we perform risk assessments of vendors, including their ability to protect data from unauthorized access. We include data protection and security content as part of annual training required of employees. In 2024, we did not identify any cybersecurity threats that have materially affected or are reasonably likely to materially affect our business strategy, results of operations, or financial condition. For further discussion of the cybersecurity risks and threats we face, please see Item 1A. “Risk Factors” . Governance As part of our overall enterprise risk management program, we prioritize the identification and management of cybersecurity risk at several levels. Our Board of Directors has overall oversight responsibility for our risk management, and delegates cybersecurity risk management oversight to the Audit Committee, which is responsible for ensuring that management has processes in place designed to identify and evaluate cybersecurity risks and implement processes and programs to manage cybersecurity risks and mitigate cybersecurity incidents. Management is responsible for identifying, considering and assessing material cybersecurity risks on an ongoing basis, establishing processes to ensure that such potential cybersecurity risk exposures are monitored, putting in place appropriate mitigation measures and maintaining cybersecurity programs. Cognizant 24 December 31, 2024 Form 10-K Table of Contents Our cyber risk assessment program is managed by our Corporate Security team, which is led by our CSO, who has over 25 years of experience in the cybersecurity and technology industry. The CSO reports to Cognizant’s Executive Vice President, Chief Legal Officer, Chief Administrative Officer and Corporate Secretary. The CSO manages multiple teams within Corporate Security that are operationally responsible for the security of the Company, including Global Cyber Operations, Business Information Security, Global Business Resilience and Integrated Risk Management, each of which provides regular updates to the CSO regarding cyber threat intelligence, cyber incidents and cyber risk metrics as part of their security responsibilities. The CSO works closely with the CIO, who is responsible for Cognizant’s information technology and digital transformation strategy. Together, the CSO and CIO have a mutual set of responsibilities to align, implement and govern security policies, standards and technology controls throughout the enterprise. On a periodic basis, the CSO and CIO provide updates to the Audit Committee on, among other things, key cybersecurity metrics, status of projects to strengthen the Company’s information security systems and assessments of the Company’s security program. The Audit Committee reports to the Board of Directors, which also receives periodic updates on such matters.

Company Information