Xperi Inc. 10-K Cybersecurity GRC - 2025-02-27

Page last updated on February 27, 2025

Xperi Inc. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2025-02-27 16:45:35 EST.

Filings

10-K filed on 2025-02-27

Xperi Inc. filed a 10-K at 2025-02-27 16:45:35 EST
Accession Number: 0000950170-25-029159

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. Cyb ersecurity We maintain processes for identifying, assessing, and managing material risks from cybersecurity threats (as such term is defined in Item 106(a) of Regulation S-K) as part of our broader enterprise risk management program under the oversight of the Audit Committee of the Company’s Board of Directors. These processes include a wide variety of mechanisms, controls, technologies, systems, and methods that are designed to prevent, detect, or mitigate data loss, theft, misuse, unauthorized access, or other security incidents or vulnerabilities affecting data. We also use systems and processes to oversee and identify risks from cybersecurity threats associated with our third-party service providers . Our corporate information security organization is led by our Chief Information Officer (“CIO”) , who brings over 30 years of information technology experience across a wide range of industry sectors, including semiconductor and technology. Before joining Xperi, our CIO was the Chief Information Security Officer for a large technology company. Our CIO oversees our cybersecurity strategy and the development of our cybersecurity capabilities, encompassing risk management and mitigation, incident prevention, detection, and remediation. Our CIO and corporate information security organization collaborate with technical and business stakeholders across our businesses to analyze risks and devise detection, mitigation, and remediation strategies. Additionally, they engage outside legal counsel, experts, consultants, and other third parties to conduct regular audits, assist with forensic investigations, and address cybersecurity threats and incidents. When necessary, they seek input from external experts and consultants on security industry and threat trends. Significant incidents are reviewed by a cross-functional working group to determine whether further escalation is appropriate. Any incident assessed as being or becoming potentially material is promptly escalated for further assessment and reported to designated members of senior management. Senior management is responsible for assessing the materiality of an incident, complying with any regulatory requirements , and communicating relevant information to the Audit Committee , as appropriate. We consult with outside counsel as appropriate, including on materiality analysis and disclosure matters. Although the risks from cybersecurity threats have not materially affected our business strategy, results of operations, or financial condition to date, there can be no assurance that they will not be materially affected by such risks or a material 46 incident in the future, or that we have not experienced an undetected cybersecurity incident. As discussed under “Risk Factors” in Part I, Item 1A of this Annual Report, cybersecurity threats pose multiple risks to the Company, including potentially to our results of operations and financial condition. See " Risk Factors - If we or our third-party providers experience significant disruptions of our IT Systems or data security incidents, this could result in harm to our reputation, subject us to liability, cause us to modify our business practices, and otherwise materially adversely affect our business, results of operations, and financial conditions." The Company’s Board of Directors has oversight of our strategic and business risk management and has delegated cybersecurity risk management oversight to the Audit Committee of the Board. The Audit Committee oversees the guidelines and policies governing the process by which management assesses and manages our exposure to risk, including material risks from cybersecurity threats. The Audit Committee receives regular updates from management, including our CIO, regarding our cybersecurity risk management program, including cybersecurity risks, threats, incidents, and mitigation strategies.

Company Information