TEVA PHARMACEUTICAL INDUSTRIES LTD 10-K Cybersecurity GRC - 2026-02-03

Page last updated on February 4, 2026

TEVA PHARMACEUTICAL INDUSTRIES LTD reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2026-02-03 08:58:40 EST.

Filings

10-K filed on 2026-02-03

TEVA PHARMACEUTICAL INDUSTRIES LTD filed a 10-K at 2026-02-03 08:58:40 EST
Accession Number: 0001193125-26-034532

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

ITEM 1C. CYBERSECURITY Cybersecurity Risk Management Program Overview As cybersecurity threats rapidly evolve in sophistication and become more prevalent, especially with the increasing use of artificial intelligence ("AI") technology, we have implemented a cybersecurity risk management program as part of our oversight , evaluation and mitigation of enterprise-level risks. Our cybersecurity risk management program leverages a combination of processes, technologies and personnel with expertise in cybersecurity to comply with applicable regulations and detect and respond to cyber-attacks, data breaches, security incidents, and compromises of personal information, as well as to regularly and promptly inform management and our Board of Directors of any significant cybersecurity risks and developments. Our cybersecurity risk management program is led by our global Chief Information Security Officer ("CISO"), who is directly responsible for establishing cybersecurity strategies and structures and managing ongoing cybersecurity risk management activities through our cybersecurity organization, which is responsible for the day-to-day identification, monitoring and management of cybersecurity risks. Our CISO reports directly to our global Chief Information Officer ("CIO"). Our CISO has significant experience in managing cybersecurity risks at major global companies in the pharmaceutical and defense industries. Our CISO regularly meets with the CIO to provide updates on cybersecurity matters, and both update our executive management on a regular basis to share cybersecurity related matters and discuss strategies to proactively manage cybersecurity threats. Our CISO and CIO brief our Audit Committee on our cybersecurity and risk management programs. Our cybersecurity organization is supported by a team consisting of personnel with experience and expertise in cybersecurity risk management strategies, execution and operations, with domain expertise in cloud services security, infrastructure and operational technology security, cybersecurity incident response, and tactical governance risk compliance. Our CISO is also a member of our information and security governance group, led by our CIO, which is comprised of executive and senior leadership from a variety of functions, including information security, legal, finance, human resources, internal audit and compliance, as well as members of Teva's global situation room ("GSR") referred to below. Additionally, our CISO, CIO and other members of our cybersecurity organization may, from time to time, consult and coordinate with other Teva departments and members of management to manage cybersecurity risks, promote cybersecurity awareness and implement cybersecurity incident responses. In addition, management has worked, and expects to continue to work, with third-party service providers, as appropriate, to assess, identify and manage cybersecurity risks. We also conduct periodic and on-demand assessments of our cybersecurity risk management program with expert service providers to assess compliance with ISO 27001 standards. As part of our cybersecurity program, we conduct numerous periodic tabletop exercises to assess our cybersecurity incident response process. As part of its overall risk oversight function, the Audit Committee, which is comprised entirely of independent directors, oversees cybersecurity risks in connection with our overall enterprise risk management system. Management, including our CISO and CIO, provide updates on our cybersecurity risk management program and cybersecurity matters to the Audit Committee , and also report to the Board of Directors as necessary. These updates and reports include updates on Teva's cybersecurity risks and threats, the status of projects intended to strengthen its information systems, assessments of the cybersecurity program, and the emerging threat landscape. As part of our cybersecurity risk management program, we maintain industry standard procedures and policies, which are reviewed and revised periodically, and certified to comply with ISO 27001 standards, to proactively assess, identify and manage potential cybersecurity risks and respond to any actual cybersecurity threats and incidents, including those related to the use of AI. Such procedures and policies include: actively monitoring our information technology systems to oversee compliance with applicable legal and regulatory requirements; engaging third-party consultants and other service providers to monitor and, as appropriate, respond to cybersecurity risks; requiring our service providers and our business partners who connect directly to our information technology systems to comply with our cybersecurity standards and due diligence processes and be subject to our non-disclosure and other confidentiality agreements that include cybersecurity-related terms; providing and analyzing specialized industry sector intelligence on cybersecurity threats; regularly testing our cybersecurity systems and disaster preparedness, including our back-up information technology systems; developing, testing and updating incident response plans to address potential cybersecurity threats; and maintaining and training our personnel on cybersecurity incident reporting procedures. We engage with key vendors, and intelligence and law enforcement communities as part of our continuing efforts to obtain current threat intelligence, collaborate on security enhancements, and evaluate and improve the effectiveness of our cyber security program. Additionally, as part of our cybersecurity risk management program, we have developed awareness and protection procedures related to AI adoption and use. Cyber Threats and Incident Response In the ordinary course of our business, we collect and store confidential data, including intellectual property, proprietary business information and personally identifiable information (including of our employees, customers, clinical trial participants, suppliers and business partners). We rely extensively on information technology systems, including some systems that are managed by third-party service providers, to securely process, store and transmit such confidential data in order to conduct our business. These systems include programs and processes relating to internal and external communications, ordering and managing materials from suppliers, collecting, processing and storing data produced by our clinical trials and other research and development initiatives, converting materials to finished products, shipping products to customers, processing transactions, processing payments to employees and vendors, calculating sales receivables, generating our financial results for each reporting period, summarizing and reporting results of operations, and complying with information technology security compliance and other regulatory, legal or tax requirements. In addition, as cybersecurity attacks may become increasingly complex as they are enhanced or facilitated by the emergence of new technologies such as AI used to identify and target new vulnerabilities in our information technology systems or those of our customers, third-party vendors and other business partners, we are taking measures to manage these risks by utilizing new tools and capabilities, including AI. We have not been materially impacted by risks from cybersecurity incidents and, as of the date of this Annual Report on Form 10-K, we are not aware of any cybersecurity risks that are reasonably likely to materially affect our business. However, there can be no assurance that Teva will not be materially affected by such risks in the future. Our systems and networks have been, and are expected to continue to be, the target of increasingly advanced and evolving cyber-attacks and cybersecurity incidents in the future may adversely impact our business, financial condition and results of operations, and we are continuing to actively monitor such threats. For more information, see "Item 1A, Risk Factors-Risks related to our general business and operations-Significant disruptions of our information technology systems could adversely affect our business" and "Item 1A, Risk Factors-Risks related to our general business and operations-A data security breach could adversely affect our business and reputation." In the event that we experience a cybersecurity incident, we have a response playbook that sets forth the applicable processes, roles, engagements, escalations and notifications to be executed in order to promptly respond to such threats. Depending on its nature and scale, a cybersecurity threat may be managed within our cybersecurity organization, escalated to our CISO and CIO, management, and Audit Committee and Board of Directors, as appropriate. In certain instances, our GSR may be initiated and will collectively manage Teva's response to a crisis on a corporate level. The GSR is comprised of members from our various business units and regions, including senior leadership from a variety of functions, such as information security, legal, finance, human resources, communications and compliance. We carry insurance that provides protection against the potential losses arising from a cybersecurity incident. However, there is no assurance that our insurance coverage will cover or be sufficient to cover all losses or claims that may result from a cybersecurity incident.

Company Information