Xperi Inc. 10-K Cybersecurity GRC - 2026-02-26

Page last updated on February 26, 2026

Xperi Inc. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2026-02-26 16:27:41 EST.

Filings

10-K filed on 2026-02-26

Xperi Inc. filed a 10-K at 2026-02-26 16:27:41 EST
Accession Number: 0001193125-26-076849

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. Cyb ersecurity We maintain a cybersecurity risk management program that encompasses processes designed to identify, assess, and manage material risks from cybersecurity threats (as such term is defined in Item 106(a) of Regulation S-K) as part of our broader enterprise risk management program under the oversight of the Audit Committee of the Company's Board of Directors. Our cybersecurity risk management program shares common methodologies, reporting channels and governance processes that apply across the risk management program to other legal, compliance, strategic, operational, and financial risk areas. These processes include a wide variety of mechanisms, controls, technologies, systems, and methods that are designed to prevent, detect, or mitigate data loss, theft, misuse, unauthorized access, or other security incidents or vulnerabilities affecting data. Key elements of our cybersecurity risk management program include, but are not limited to, the following: - risk assessments designed to help identify material risks from cybersecurity threats to our critical systems and information; - a security team principally responsible for managing (1) our cybersecurity risk assessment processes, (2) our security controls, and (3) our response to cybersecurity incidents; - cybersecurity awareness training of our employees, including incident response personnel, and senior management; - a cybersecurity incident response plan that includes procedures for responding to cybersecurity incidents; and - a third-party risk management process for key service providers based on our assessment of their criticality to our operations and respective risk profile. Our corporate information security organization is led by our Chief Information Officer ("CIO") , who brings over 30 years of information technology experience across a wide range of industry sectors, including semiconductor and technology. Before joining Xperi, our CIO was the Chief Information Security Officer for a large technology company. Our CIO oversees our cybersecurity strategy and the development of our cybersecurity capabilities, encompassing risk management and mitigation, incident prevention, detection, and remediation. Our CIO and corporate information security organization collaborate with technical and business stakeholders across our businesses to analyze risks and devise detection, mitigation, and remediation strategies. Additionally, they engage outside legal counsel, experts, consultants, and other third parties to conduct regular audits, assist with forensic investigations, and address cybersecurity threats and incidents. When necessary, they seek input from external experts and consultants on security industry and threat trends. Incidents that we deem significant are reviewed by a cross-functional working group to determine whether further escalation is appropriate. Senior management is responsible for assessing the materiality of an incident, complying with any regulatory requirements , and communicating relevant information to the Audit Committee , as appropriate. We consult with outside counsel as appropriate, including on materiality analysis and disclosure matters. Although the risks from cybersecurity threats have not materially affected our business strategy, results of operations, or financial condition to date, there can be no assurance that they will not be materially affected by such risks or a material incident in the future, or that we have not experienced an undetected cybersecurity incident. As discussed under "Risk Factors" in Part I, Item 1A of this Annual Report, cybersecurity threats pose multiple risks to the Company, including potentially to our results of operations and financial condition. See " Risk Factors - If we or our third-party providers experience significant disruptions of our IT Systems or data security incidents, this could result in harm to our reputation, subject us to liability, cause us to modify our business practices, and otherwise materially adversely affect our business, results of operations, and financial conditions." The Company's Board of Directors has oversight of our strategic and business risk management and has delegated cybersecurity risk management oversight to the Audit Committee of the Board. The Audit Committee oversees the guidelines and policies governing the process by which management assesses and manages our exposure to risk, including material risks from cybersecurity threats. The Audit Committee receives regular updates from management, including our CIO, regarding our cybersecurity risk management program, including cybersecurity risks, threats, incidents, and mitigation strategies.

Company Information