Page last updated on February 11, 2026
ARROW ELECTRONICS, INC. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2026-02-10 17:37:33 EST.
Filings
10-K filed on 2026-02-10
ARROW ELECTRONICS, INC. filed a 10-K at 2026-02-10 17:37:33 EST
Accession Number: 0001104659-26-012765
Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!
Item 1C. Cybersecurity.
Item 1C. Cybersecurity. Risk Management and Strategy The company leverages technology and human oversight to maintain a multi-layered approach to cybersecurity risk management that is integrated into the company's broader risk management framework. As part of this process, the company uses active and passive methods designed to continuously monitor information systems and identify, assess, and manage potential vulnerabilities and threats. The company utilizes active monitoring techniques (e.g., penetration testing), designed to leverage multiple sources of threat intelligence and vulnerability scanning complemented by endpoint protection and network security. The company has a rapid-response protocol designed to investigate cybersecurity threat alerts, and the company's incident response plan provides a structured approach to inter-departmental assessment, mitigation, and resolution of cybersecurity threats. The company also conducts regular tabletop exercises to test and fortify the controls of its cybersecurity incident response program. The company maintains strategic relationships with third-party cybersecurity experts and coordinates with various law-enforcement partners, each of whom may be engaged to provide additional investigative and remediation support. The company's senior security leadership conducts periodic, in-depth reviews with the company's enterprise risk management team and internal and external auditors to evaluate the effectiveness of the company's cybersecurity systems, controls, and management processes. Before engaging with a new supplier or service provider , the company conducts a security assessment that includes detailed interviews, questionnaires, and cyber-risk scoring. Following the initial engagement, the company continues to monitor on an ongoing basis to identify emerging security risks or changes in suppliers' risk profiles. To date, the company is not aware of any cybersecurity threats or incidents that have materially affected, or are reasonably likely to materially affect , the company, including its financial condition, results of operations, or business strategies. For more information about risks related to cybersecurity threats, refer to " Cybersecurity incidents may hurt the company's business, damage its reputation, increase its costs, and cause losses, " within the company's risk factor disclosures in Item 1A of this Annual Report on Form 10-K. Governance The Board of Directors of the company (the "Board"), primarily through its Audit Committee , oversees the company's cybersecurity program. The company's CIO and CSO regularly report to the Audit Committee on the current state of the company's cybersecurity program (including the current threat landscape, cybersecurity risks, and any significant incidents). The Audit Committee may provide updates to the Board on the substance of these reports and any recommendations for enhancements that the Audit Committee deems appropriate. The CIO and CSO receive regular reports from the company's cybersecurity division about the company's global cybersecurity status, enabling the CIO and CSO to identify, assess, and manage cybersecurity threats. The company has established policies and procedures requiring that potentially material cybersecurity incidents are immediately investigated and addressed through the coordination of internal departments. The company's cybersecurity division utilizes a risk-based approach to assess the severity and priority of potential cybersecurity incidents on a rolling basis and provides timely notification to the company's management upon detecting any potentially material cybersecurity incidents. Members of the company's management will notify the Board Chair and Audit Committee Chair if they determine that a material cybersecurity incident has occurred. Under the direction of the CIO, the CSO is responsible for global cybersecurity and business continuity, which includes security architecture, security operations, incident response, IT risk analysis and compliance, physical security, and security awareness and training. The CSO has over twenty years of security experience and holds a degree in IT and cybersecurity, along with maintaining certifications in risk analysis, information security, data privacy, data-security legal investigations, and information systems auditing, among other disciplines. The other members of the company's cybersecurity division also have extensive cybersecurity, business, and technology experience and all hold certifications in their areas of expertise.
Company Information
| Name | ARROW ELECTRONICS, INC. |
| CIK | 0000007536 |
| SIC Description | Wholesale-Electronic Parts & Equipment, NEC |
| Ticker | ARW - NYSE |
| Website | |
| Category | Large accelerated filer |
| Fiscal Year End | December 31 |