COGNIZANT TECHNOLOGY SOLUTIONS CORP 10-K Cybersecurity GRC - 2026-02-12

Page last updated on February 12, 2026

COGNIZANT TECHNOLOGY SOLUTIONS CORP reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2026-02-12 08:31:54 EST.

Filings

10-K filed on 2026-02-12

COGNIZANT TECHNOLOGY SOLUTIONS CORP filed a 10-K at 2026-02-12 08:31:54 EST
Accession Number: 0001058290-26-000008

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C . Cybersecurity Risk Management and Strategy Cybersecurity risk management is an integral part of our overall enterprise risk management program. Our cybersecurity risk management program, which is managed by Cognizant's Corporate Security team, is designed to identify, assess and manage risks from cybersecurity threats and provides a framework for handling cybersecurity threats and incidents. The program is also aligned with the risk assessment framework established by the enterprise risk management team. Our cybersecurity risk management framework includes steps for assessing the severity of a cybersecurity threat (including an escalation process for potentially material cybersecurity threats and incidents to an internal committee comprised of members of senior management), identifying the source of a cybersecurity threat (including whether the cybersecurity threat is associated with a third-party service provider), implementing cybersecurity countermeasures and mitigation strategies. The internal committee is responsible for assessing the materiality of cybersecurity threats and incidents and informs designated members of executive leadership and of the Board of Directors of material cybersecurity threats and incidents. Cognizant's cybersecurity risk management program is guided by industry-recognized security frameworks, including NIST SP 800-37 (Risk Management Framework), NIST SP 800-30 (Risk Assessment Guide), and NIST SP 800-53 (Security and Privacy Controls). In addition, Cognizant maintains global and regional information security certifications such as ISO 27001, UK Cyber Essentials Plus, and ENS, which collectively help demonstrate Cognizant's commitment to a robust, independently validated security program. Cognizant considers the NIST Cybersecurity Framework (CSF 2.0) in designing our cybersecurity program and engages an independent third party to assess program maturity. Additionally, we also engage third-party cybersecurity experts to conduct penetration testing among other items. Key findings from the third-party assessments are Cognizant 24 December 31, 2025 Form 10-K Table of Contents summarized and communicated to the Company's senior leadership and the Audit Committee, and remediation actions are implemented to enhance our overall cybersecurity program. We require our vendors to comply with privacy and cybersecurity requirements, and we perform risk assessments of vendors, including their ability to protect data from unauthorized access. We include data protection and security content as part of annual training required of employees. In 2025, we did not identify any cybersecurity threats that have materially affected or are reasonably likely to materially affect our business strategy, results of operations, or financial condition. For further discussion of the cybersecurity risks and threats we face, please see Item 1A. "Risk Factors" . Governance As part of our overall enterprise risk management program, we prioritize the identification and management of cybersecurity risk at several levels. Our Board of Directors has overall oversight responsibility for our risk management, and delegates cybersecurity risk management oversight to the Audit Committee, which is responsible for reviewing that management has processes in place designed to identify and evaluate cybersecurity risks and implement processes and programs to manage cybersecurity risks and mitigate cybersecurity incidents. Management is responsible for identifying, considering and assessing material cybersecurity risks on an ongoing basis, establishing processes designed to ensure that such potential cybersecurity risk exposures are monitored, putting in place appropriate mitigation measures and maintaining cybersecurity programs. Our cyber risk assessment program is managed by our Corporate Security team, which is led by our CSO, who has over 25 years of experience in the cybersecurity and technology industry. The CSO reports to Cognizant's CLO. The CSO manages multiple teams within Corporate Security that are operationally responsible for the security of the Company, including Global Cyber Operations, Business Information Security, Global Business Resilience, Integrated Risk Management and Security Architecture (including AI Security), each of which provides regular updates to the CSO regarding cyber threat intelligence, cyber incidents and cyber risk metrics as part of their security responsibilities. The CSO works closely with the CIO, who is responsible for Cognizant's information technology and digital transformation strategy. Together, the CSO and CIO have a mutual set of responsibilities to align, implement and govern security policies, standards and technology controls throughout the enterprise. On a quarterly basis, the CSO and CIO provide updates to the Audit Committee on, among other things, key cybersecurity metrics, status of projects to strengthen the Company's information security systems and assessments of the Company's security program. The Audit Committee reports to the Board of Directors, which also receives periodic updates on such matters.

Company Information