WEST PHARMACEUTICAL SERVICES INC 10-K Cybersecurity GRC - 2026-02-17

Page last updated on February 17, 2026

WEST PHARMACEUTICAL SERVICES INC reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2026-02-17 16:28:34 EST.

Filings

10-K filed on 2026-02-17

WEST PHARMACEUTICAL SERVICES INC filed a 10-K at 2026-02-17 16:28:34 EST
Accession Number: 0000105770-26-000010

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

ITEM 1C. CYBERSECURITY Our Cybersecurity Risk Management Governance Strategy The Company has implemented the Committee of Sponsoring Organizations ("COSO") Enterprise Risk Management ("ERM") Framework, which provides a comprehensive view of the risks and opportunities relevant to our business portfolio, confirming that they are appropriately identified, measured, managed, and monitored. The COSO ERM Framework also applies to cybersecurity risk. The cybersecurity program is led by our Vice President of Digital & Transformation ("D&T"), Cybersecurity and Infrastructure and Site Support , who provides regular reports to senior Management, periodic updates to the Audit Committee, and at least annual updates to the Board of Directors . 21 We follow the National Institute of Standards and Technology Cybersecurity Framework with layered security controls to help identify, protect against, detect, respond to, and recover from cyber attacks. To safeguard our information assets, we have put various procedures and technologies in place. Another example is our Cybersecurity Incident Response Plan. This plan clearly defines roles and responsibilities for the investigation of and response to information security incidents to minimize disruption of critical computing services and operations and prevent the loss or theft of sensitive or mission-critical information. This plan covers various cyber incidents like ransomware attacks, cyber-intrusions, data loss, denial of service, insider threats, malware attacks, and others. In a material cybersecurity incident, our D&T team, inclusive of our Chief Digital Officer and our VP of D&T, Cybersecurity and Infrastructure and Site Support, would address the threat via established escalation procedures, roles, responsibilities and communication . Any cybersecurity incident that is declared as a crisis would follow our global Incident and Crisis Response and Management Procedure, which includes escalation to the West Leadership Team and the Board of Directors. We have not encountered cybersecurity challenges that have materially impacted our operations or financial condition. In addition, we retain an external cybersecurity consultancy company to assist with a cybersecurity event as needed and maintain appropriate cybersecurity liability insurance. The Company also educates and shares best practices globally with its employees to raise awareness of cybersecurity threats. As part of our onboarding process, we train all new employees on cybersecurity and conduct an annual retraining of all employees on cybersecurity standards. Our cybersecurity defenses also utilize robust technologies to ensure the security of West's intellectual properties and customer and vendor data. In addition, we have a dedicated 24/7 Security Operations Center to facilitate the monitoring of the Company's cybersecurity landscape and associated applications. 22

Company Information