SILICON LABORATORIES INC. 10-K Cybersecurity GRC - 2024-02-20

Page last updated on April 11, 2024

SILICON LABORATORIES INC. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-02-20 16:20:48 EST.

Filings

10-K filed on 2024-02-20

SILICON LABORATORIES INC. filed an 10-K at 2024-02-20 16:20:48 EST
Accession Number: 0001104659-24-025535

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. Cybersecurity Risk Management and Strategy Our Board of Directors oversees our risk management program, and because information security is a top priority and an important component of our day-to-day operations, cybersecurity is part of our overall approach to enterprise risk management. The scope of cybersecurity risk management encompasses all aspects of business operations, including supply chain risks and production manufacturing operations. Our cybersecurity practices are based on industry practices and frameworks such as those established by the International Organization for Standardization and the National Institute of Standards and Technology. We recognize the importance of the secure protection of our employee, customer, supplier and partner data and address material risks from cybersecurity threats through a cross-functional approach focused on preserving the confidentiality, security and availability of the information that we collect and store. We have implemented cybersecurity processes, measures and controls to assist management in our assessment, identification and management of risks from cybersecurity threats. Our Security Operations ( SecOps ) team monitors events, analyzes threats, and coordinates our incident response pursuant to our incident response plan, which includes the process to be followed for reporting of incidents. Our cybersecurity risk management involves identifying information assets and potential threats, followed by assessing and prioritizing risks. We employ various tools and techniques like threat modeling, vulnerability scanners, and penetration testing. Based on the assessment, security measures are implemented. We have implemented regular security awareness training programs for employees to educate them on cybersecurity best practices and to recognize phishing attempts. We also assess and manage cybersecurity risks associated with third-party service providers, including those in our supply chain or who have access to our data or systems. Our cybersecurity process is iterative, with regular reviews and updates to help improve and respond to a dynamic and continuously evolving threat landscape. We describe whether and how risks from cybersecurity threats have materially affected or are reasonably likely to materially affect us, our business strategy, results of operations, or financial condition under the headings We may be the victim of business disruptions and security breaches, including cyber-attacks, which could lead to liability or could damage our reputation and financial results and We may be subject to information technology failures that could damage our reputation, business operations and financial condition included as part of our risk factors disclosures in Item 1A. Risk Factors of this Annual Report on Form 10-K. In the last three fiscal years, we have not identified any cybersecurity incidents and the expenses we have incurred from cybersecurity incidents were immaterial, including penalties and settlements, of which there were none. Governance Our Board of Directors is responsible for risk management oversight and has delegated to our Audit Committee oversight responsibility for reviewing the effectiveness of our governance and management of cybersecurity risks. The Audit Committee regularly reviews our policies and practices with respect to risk management, including cybersecurity risks, and reports to the full Board of Directors based on these reviews. The Audit Committee also receives a report containing information security risk posture details, remediation plan execution progress and pertinent threat intelligence updates from the Chief Security Officer ( CSO ) on a quarterly basis. At least annually, but more frequently as necessary, threats from cybersecurity risks and our action plans relating to those risks also are considered by the full Board during meeting discussions of enterprise risks. Members of management, including the Chief Executive Officer, Chief Financial Officer and Chief Legal Officer may also report directly to the Board of Directors on significant risk management issues, including cybersecurity threats and incidents. We have an Information Security Steering Committee (the ISSC ), comprised of members of our executive team, our Chief Information Officer, CSO, and Chief Legal Officer. Our CSO, in coordination with the ISSC, works collaboratively to implement our enterprise-wide cybersecurity strategy, policy, standards, architecture, and processes. Our SecOps team communicates with and reports to the CSO, enabling the CSO and the ISSC to monitor the prevention, detection, mitigation, and remediation of cybersecurity incidents. Our CSO has over 25 years of security experience in multiple technology disciplines, including prior work experience leading cybersecurity teams, technology strategies and security architecture. He also holds several relevant degrees and certifications, including as a Certified Information Systems Security Professional ( CISSP ) and a Certified Secure Software Lifecycle Professional ( CSSLP ), and holds Honors BSc degrees in Computer Science and Physics. 27 Table of Contents

Company Information