Xperi Inc. - (XPER)
10-K Filing Date: March 01, 2024
We maintain processes for identifying, assessing, and managing material risks from cybersecurity threats (as such term is defined in Item 106(a) of Regulation S-K) as part of our broader enterprise risk management program under the oversight of the Audit Committee of the Company’s Board of Directors. These processes include a wide variety of mechanisms, controls, technologies, systems, and methods that are designed to prevent, detect, or mitigate data loss, theft, misuse, unauthorized access, or other security incidents or vulnerabilities affecting data. We also use systems and processes to oversee and identify risks from cybersecurity threats associated with our third-party service providers.
Our corporate information security organization, led by our Chief Information Officer (“CIO”), is responsible for our cybersecurity risk management and mitigation, incident prevention, detection, and remediation. This team’s leadership includes professionals with deep cybersecurity expertise. This team collaborates with technical and business stakeholders across our businesses to analyze risk and form detection, mitigation and remediation strategies. They engage outside legal counsel, experts, consultants, and other third parties to perform regular audits, assist with forensic investigations, or address cybersecurity threats and incidents. As appropriate, they obtain input on the security industry and threat trends from external experts and consultants.
Significant incidents are reviewed by a cross-functional working group to determine whether further escalation is appropriate. Any incident assessed as being or becoming potentially material is promptly escalated for further assessment and reported to designated members of senior management. Senior management is responsible for assessing the materiality of an incident, complying with any regulatory requirements, and communicating relevant information to the Audit Committee, as appropriate. We consult with outside counsel as appropriate, including on materiality analysis and disclosure matters.
Although the risks from cybersecurity threats have not materially affected our business strategy, results of operations, or financial condition to date, there can be no assurance that they will not be materially affected by such risks or a material incident in the future, or that we have not experienced an undetected cybersecurity incident. As discussed under “Risk Factors” in Part I, Item 1A of this Annual Report, cybersecurity threats pose multiple risks to the Company, including potentially to our results of operations and financial condition. See “Risk Factors — Our systems, networks and online business activities and those of third parties that we utilize in our operations are subject to cybersecurity and stability risks, information technology system failures, and security breaches.”
The Company’s Board of Directors has oversight of our strategic and business risk management and has delegated cybersecurity risk management oversight to the Audit Committee of the Board. The Audit Committee oversees the guidelines and policies governing the process by which management assesses and manages our exposure to risk, including material risks from cybersecurity threats. The Audit Committee receives regular updates from management, including our CIO, regarding our cybersecurity risk management program, including cybersecurity risks, threats, incidents, and mitigation strategies.