MAXLINEAR, INC - (MXL)
10-K Filing Date: January 31, 2024
ITEM 1C. CYBERSECURITY
Risk Management and Strategy
We have established policies and processes for assessing, identifying, and managing material risk from cybersecurity threats, and have integrated these processes into our overall risk management systems and processes. We routinely assess material risks from cybersecurity threats, including any potential unauthorized occurrence on or conducted through our information systems that may result in adverse effects on the confidentiality, integrity, or availability of our information systems or any information residing therein.
We conduct quarterly risk assessments to identify cybersecurity threats. These risk assessments include identifying reasonably foreseeable potential internal and external risks, the likelihood of occurrence and any potential damage that could result from such risks, and the sufficiency of existing policies, procedures, systems, controls, and other safeguards in place to manage such risks. As part of our risk management process, we may engage third party experts to help identify and assess risks from cybersecurity threats. Our risk management process also encompasses cybersecurity risks associated with our use of third-party service providers.
Following these risk assessments, we design, implement, and maintain reasonable safeguards to minimize the identified risks; reasonably address any identified gaps in existing safeguards; update existing safeguards as necessary; and monitor the effectiveness of our safeguards. We have allocated adequate resources and have designated high-level personnel, including our Chief Information Security Officer, to manage the cybersecurity risk assessment and mitigation process.
As part of our overall risk management program, we regularly provide required training to employees at all levels and in all departments on cybersecurity.
The Company also participates in a cybersecurity risk insurance policy.
For additional information regarding whether any risks from cybersecurity threats, including as a result of any previous cybersecurity incidents, have materially affected or are reasonably likely to materially affect our company, including our business strategy, results of operations, or financial condition, please refer to Item 1A, “Risk Factors,” in this annual report on Form 10-K , including the risk factors entitled “We have been and may in the future be subject to information technology failures, including security breaches, cyber-attacks, design defects or system failures, that could disrupt our operations, damage our reputation and adversely affect our business, operations, and financial results,” “We are subject to governmental laws, regulations and other legal obligations related to privacy, data protection, and cybersecurity,” and “We face risks related to security vulnerabilities in our products.”
Governance
One of the key functions of our Board of Directors is informed oversight of our risk management process, including risks from cybersecurity threats. Our Board of Directors is responsible for monitoring and assessing strategic risk exposure, and our executive officers are responsible for the day-to-day management of the material risks we face. Our Board of Directors administers its cybersecurity risk oversight function directly as a whole, as well as through the Cybersecurity Committee of the Board of Directors (the “Cybersecurity Committee”). Members of the Cybersecurity Committee are appointed by, and serve at the discretion of, the Board. The Cybersecurity Committee consists of at least three members of the Board, all of whom are independent. Each member has a working familiarity and/or experience with cybersecurity, IT strategy, IT development and deployment, or IT risk assessment and management, including information security management.
Our Chief Information Security Officer and the Cybersecurity Committee are primarily responsible to assess and manage material risks from cybersecurity threats. Our Chief Information Security Officer has twenty-five years of cybersecurity experience, has completed a Masters in Information Security Engineering, and holds several cybersecurity certifications.
52
Our Chief Information Security Officer and the Cybersecurity Committee oversee key cybersecurity policies and processes, including those described in “Risk Management and Strategy” above. Our Chief Information Security Officer and the Cybersecurity Committee are informed about policies and processes to monitor the prevention, detection, mitigation, and remediation of cybersecurity incidents.
Our Chief Information Security Officer and representatives from the Cybersecurity Committee provide quarterly briefings to the Audit Committee of the Board regarding our company’s cybersecurity risks and activities, including but not limited to any recent cybersecurity incidents and related responses, and any cybersecurity systems testing. The Audit Committee provides regular updates to the Board on relevant information regarding cybersecurity. In addition, our Chief Information Security Officer and representatives from the Cybersecurity Committee provide annual briefings to the Board on cybersecurity risks, related mitigation, and other related responses and activities.
Breaches
The last known cybersecurity breach occurred in 2020. The Company has not experienced any material cybersecurity breach in the years ended December 31, 2023, 2022 and 2021. The Company also has not incurred any net expenses from penalties and/or settlements from any material cybersecurity breaches during the years ended December 31, 2023, 2022, and 2021.