AMPHENOL CORP /DE/ 10-K Cybersecurity GRC - 2026-02-11

Page last updated on February 11, 2026

AMPHENOL CORP /DE/ reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2026-02-11 17:28:12 EST.

Filings

10-K filed on 2026-02-11

AMPHENOL CORP /DE/ filed a 10-K at 2026-02-11 17:28:12 EST
Accession Number: 0001104659-26-013549

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. Cybersecurity Cybersecurity Risk Management and Strategy We have developed and implemented an information security and cybersecurity risk management program ("Program") intended to protect and preserve the confidentiality, integrity and availability of our data and information technology systems. Our Program takes a risk-based approach and is integrated into our overall enterprise risk management program. We use the National Institute of Standards and Technology Cybersecurity Framework (the "NIST CSF") as a benchmark to align our Program with industry best practices. This does not imply that we meet any particular technical standards, specifications or requirements, but it does mean that we use the NIST CSF as a guide to help us identify, assess and manage cybersecurity risks relevant to our business. The Company maintains a decentralized information technology infrastructure, where each of our business units utilizes a separate and distinct information technology system. This means that if any business unit's systems are compromised, there is less risk that another business unit will be impacted by that event. This decentralized structure also allows our information security professionals embedded within an individual business unit to make quick, efficient decisions when changes or actions are needed and provides an additional safeguard for our data and systems. Our Program includes: ● periodic risk assessments and penetration tests, which are integrated within our enterprise risk management framework processes, designed to identify material cybersecurity and technology threats to our critical systems and information, as well as to formulate management actions to respond to, mitigate and remediate material issues (if any); ● annual management reporting to the Board; ● reporting of the scope, objectives and results of internal audits on the procedures performed to validate the effectiveness of our control environment related to our information security systems and security controls to the Audit Committee at least two times a year; ● annual cybersecurity awareness training of our employees, including incident response personnel and senior management, such as phishing simulation campaigns, to educate employees on recognizing cybersecurity threats and preventing actions that could unintentionally grant unauthorized access to our systems; ● deployment of endpoint protection software, supported by external managed services, to attempt to proactively detect and block malicious code from affecting our systems; ● a cross-functional team principally responsible for managing our cybersecurity risk assessment processes, our security controls and our response to cybersecurity incidents; ● the use of external service providers with subject matter expertise, where appropriate, to assess risk, monitor alerts, perform penetration testing or otherwise assist with aspects of our security controls and response to cybersecurity incidents; ● a documented framework and supporting processes for handling security incidents that facilitates coordination across multiple parts of the Company; ● a cybersecurity incident response process that includes defined escalation criteria that governs when cybersecurity events must be communicated to senior management and, when appropriate, to the Board within established timeframes; and ● evaluations and updates of our cybersecurity controls, investment in security monitoring tools, and enhancements of detection and response capabilities based on emerging threats and periodic assessments. We have not identified risks from known cybersecurity threats, including as a result of any previous cybersecurity incidents, that have materially affected us to date or are reasonably likely to materially affect us. However, cybersecurity risks could materially affect us in the future, including having a material impact on our business strategy, financial condition and results of operations. We face certain ongoing risks from cybersecurity threats that, if realized, are reasonably likely to materially affect us, including our operations, business strategy, results of operations or financial condition. For a discussion of certain risks related to cybersecurity, refer to the risk factor titled " Cybersecurity incidents affecting our information technology systems could disrupt business operations or cause the release of highly sensitive confidential or personal information, resulting in adverse impacts to our reputation and operating results and potentially leading to litigation and/or governmental investigations, fines and other penalties " in Part I, Item 1A. Risk Factors herein. Cybersecurity Governance Our Board maintains oversight responsibility relating to our Program, with assistance from the Audit Committee . At least annually, our management team (including the leaders of our Information Technology and Internal Audit teams) provides an update regarding our Program to the Board. This update provides an overall assessment of the effectiveness of our Program and a review of areas of focus for the upcoming year. The Board also receives periodic reports from our Vice President, Internal Audit, on the audit focus areas and control testing related to our information security systems and security controls, and our management team updates the Board, where it deems appropriate, regarding any significant cybersecurity incidents. Our management team, including our Executive Vice President and Chief Financial Officer, Executive Vice President and General Counsel, Vice President, Information Technology, and Vice President, Internal Audit , is responsible for assessing and managing our material risks from cybersecurity threats. The team has primary responsibility for our Program and our Vice President, Information Technology, supervises both our internal information security personnel and our retained external cybersecurity consultants. Our management team supervises efforts to prevent, detect, mitigate and remediate cybersecurity risks and incidents through various means, which may include briefings from internal information technology personnel and external consultants engaged by us, as well as alerts and reports produced by security tools deployed in our information technology environment. Our management team's experience includes knowledge related to information technology, cybersecurity and incidence response, risk management, control analysis and corporate governance. For additional details about our management team and their experience, refer to the Executive Leadership page on the Company's website at https://www.amphenol.com/governance/leadership.

Company Information