MACOM Technology Solutions Holdings, Inc. 10-K Cybersecurity GRC - 2025-11-14

Page last updated on November 14, 2025

MACOM Technology Solutions Holdings, Inc. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2025-11-14 16:04:07 EST.

Filings

10-K filed on 2025-11-14

MACOM Technology Solutions Holdings, Inc. filed a 10-K at 2025-11-14 16:04:07 EST
Accession Number: 0001493594-25-000054

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

ITEM 1C. Cybersecurity. Risk management and strategy. We have adopted processes designed to identify, assess and manage material risks from cybersecurity threats. Those processes include regular risk assessments and control testing conducted at least annually or whenever there are material changes to our systems or operations. We have strategically integrated cybersecurity risk management into our broader risk management framework to promote a company-wide culture of cybersecurity risk management. Our risk management team collaborates with our Chief Information Security Officer ("CISO") to evaluate and address cybersecurity risks in alignment with our business objectives and operational needs. We have processes designed to detect potential vulnerabilities and anomalies through technical safeguards and have adopted policies and procedures around internal and external notification of cybersecurity incidents. As part of our risk management process, we engage with a range of outside providers, including cybersecurity assessors, consultants, legal advisors and auditors, to conduct periodic internal and external assessments, including, but not limited to, penetration testing. Our collaboration with these third parties also includes regular audits, threat assessments and consultation on security enhancements. Overseeing Third-party Risk 25 We rely on third parties for various business functions. In certain circumstances, our third-party services providers have access to some of our information systems and data, depending on the nature of their engagements with us, and we rely on such third parties for the continuous operation of our business operations. Because of the risks associated with third-party service providers, we conduct vendor diligence and security assessments of certain third-party providers before engagement and maintain ongoing monitoring to oversee compliance with our cybersecurity standards. Monitoring Cybersecurity Incidents The CISO implements and oversees processes for the monitoring of our information systems supported by a security operations center (SOC) and automated monitoring tools. We conduct continuous vulnerability scanning, incident simulations and proactive threat hunting. In the event of a cybersecurity incident, we have implemented an incident response plan, which includes actions to mitigate the impact and long-term strategies for remediation and prevention of future incidents. Risks from Cybersecurity Threats The semiconductor industry faces heightened cybersecurity risks, and we have experienced and expect to continue to experience cyber-attacks. To-date, we have been successful in defending and protecting against such attacks. However, there is no assurance that we will continue to be able to be successful in protecting and defending against such attacks in the future. As of the date of this report, we are not aware of a cybersecurity incident that resulted in a material effect on our business strategy, results of operations or financial condition, but we cannot provide assurance that we will not be materially affected in the future by such risks or any future material incidents. Despite our continuing efforts, we cannot guarantee that our cybersecurity safeguards will prevent breaches or breakdowns of our or our third-party service providers' information technology systems, particularly in the face of continually evolving cybersecurity threats and increasingly sophisticated threat actors. A cybersecurity incident may materially affect our business, results of operations or financial condition, including where such an incident results in reputational, competitive or business harm or damage to our brand, lost sales, reduced demand, loss of intellectual property rights, significant costs or the Company being subject to government investigations, litigation, fines or damages. For more information, see "Our business and operations could suffer in the event of a security breach, cybersecurity incident or disruption of our information technology systems" under Item 1A. Risk Factors. Governance. Board of Directors Oversight Our Board of Directors has established oversight mechanisms to manage risks from cybersecurity threats. Our Audit Committee has primary responsibility for oversight of cybersecurity. At least quarterly and following any material cybersecurity incidents, the Audit Committee reviews management's assessments and management of information security, cybersecurity and technology risks, including the information security and risk management programs and strategies and mitigation strategies. The Audit Committee also reviews the response to data security incidents and breaches as well as the management of third-party cybersecurity risk. At the management level, our cybersecurity program is managed by our CISO , who reports to our Senior Vice President and Chief Financial Officer. Our CISO has over twenty-five years of information security experience.

Company Information