Risk Factors Dashboard
Once a year, publicly traded companies issue a comprehensive report of their business, called a 10-K. A component mandated in the 10-K is the ‘Risk Factors’ section, where companies disclose any major potential risks that they may face. This dashboard highlights all major changes and additions in new 10K reports, allowing investors to quickly identify new potential risks and opportunities.
View risk factors by ticker
Search filings by term
Risk Factors - SAIC
-New additions in green
-Changes in blue
-Hover to see similar sentence in last filing
Item 1A. Risk Factors
We expend considerable resources on our cybersecurity management and oversight program designed to identify, manage, and mitigate cybersecurity risks. This program is integrated into our overall risk management systems and processes and includes continuous monitoring of cybersecurity threats, regular assessments of information systems, vulnerability management, penetration testing, employee training on cybersecurity best practices, and ongoing assessments of risk. We have established an incident response plan to promptly and effectively address cybersecurity incidents. The incident response plan provides steps to identify, mitigate, and recover from incidents, and procedures to escalate issues to senior management, legal, and, when appropriate, our Board of Directors. The plan includes procedures for investigating and containing incidents, notifying affected parties, as appropriate, and implementing corrective actions. The plan includes procedures for investigating and containing incidents, notifying affected parties, and implementing corrective actions to prevent future occurrences. We rely on various third-party providers, such as vendors, suppliers and other business partners for certain aspects of our operations.The Company relies on various third party providers, such as vendors, suppliers and other business partners for certain aspects of its operations. These third parties are also susceptible to cybersecurity risks. These third parties may also be susceptible to cybersecurity risks. We conduct due diligence on the cybersecurity practices and controls on these providers and include provisions in our contracts requiring appropriate cybersecurity measures. In addition, in the case of a third-party cybersecurity incident, we identify and mitigate risks to minimize impacts to us from third-party incidents. In addition, in the case of a third-party cybersecurity incident, the Company identifies and mitigates risks to minimize impacts to us from third party incidents. Our information security program is led by our corporate Chief Information Security Officer ("CISO") , who works closely in a cross-functional capacity with key corporate and operational business stakeholders, including our Chief Information Officer. They and the other individuals supporting our information security program demonstrate their cybersecurity expertise through qualifications such as prior work experience, possession of a cybersecurity certification, degree, or other cybersecurity experience.
We describe whether and how risks from identified cybersecurity threats have materially affected or are reasonably likely to materially affect us, including our organizational strategy, results of operations, or financial condition as part of our risk factor disclosures in Part I, Item 1A of this report.We describe whether and how risks from identified cybersecurity threats, including as a result of any previous cybersecurity incidents, have materially affected or are reasonably likely to materially affect us, including our organizational strategy, results of operations, or financial condition as part of our risk factor disclosures in Part I, Item 1A of this report.
In your evaluation of our Company and business, you should carefully consider the risks and uncertainties described below, together with information included elsewhere within this report and other documents we file with the SEC. These risks, as well as additional risks and uncertainties not currently known to us or that we currently believe are immaterial also may materially harm our business, financial condition or operating results and thus result in a decline in the price of our stock.
Industry and Economic Risks
We depend on U.S. government agencies as our primary customers and, if our reputation or relationships with these agencies were to be harmed, it could adversely impact our financial performance.
We generated 98% of our total revenues during each of the last three fiscal years from contracts with the U.S. government, either as a prime contractor or as a subcontractor to other companies performing prime contracts for the U.S. government. We expect to continue to derive substantially all of our revenues from work performed under U.S. government contracts. Our relationship with the U.S. government – particularly with DoD agencies – is key to maintaining these contracts, winning new work, and growing our revenues. Negative press reports or publicity, regardless of accuracy, could harm our reputation and jeopardize our business with our customers, potentially adversely affecting our revenues, cash flows, and financial results. Negative press reports or publicity, regardless of accuracy, could harm our reputation.
Reduced U.S. government defense spending, changes in acquisition priorities, significant delays in U.S. government appropriations, and delays in contract awards, program starts, and other procurement activity, could adversely affect our future revenues, cash flow, and financial results.
Because we generate substantially all of our revenues from contracts with U.S. government agencies, our operating results could be adversely affected by spending caps, changes in budgetary priorities, or delays in the government budget process, program starts, or the award of contracts or task orders under contracts. Current U.S. government spending levels for defense-related and other programs may not be sustained through government fiscal year ("GFY") 2025. Future spending and program authorizations may be stagnant or decrease, or spending priorities may shift to programs in areas in which we do not provide services or are less likely to be awarded contracts. A change in administration or changing national priorities may reduce defense-related and other programs due to competing demands for federal funds and the number and intensity of military conflicts or other factors. A change in administrations or changing national priorities may reduce defense-related and other programs as a result of competing demands for federal funds and the number and intensity of military conflicts or other factors.
When Congress fails to pass a budget before the end of the fiscal year, government operations typically are funded through one or more continuing resolutions ("CRs"), which enable government agencies to continue operating but do not allow new spending initiatives. CRs can lead to contract awards being delayed, canceled, or funded at lower levels, which could adversely impact our operations, cash flows, and financial results.
In addition, it is possible that an impasse on policy issues could threaten continuous government funding through September 30, 2025, or result in another federal government shutdown, which could cause us to incur labor or other costs without reimbursement under customer contracts or the delay or cancellation of key programs, and could adversely affect our operations, cash flows, and financial results.In addition, it is possible that an impasse on policy issues could threaten continuous government funding through September 30, 2024 or result in another federal government shutdown, which could cause us to incur labor or other costs without reimbursement under customer contracts or the delay or cancellation of key programs, and could adversely affect our operations, cash flows and financial results.
The U.S. government also conducts periodic reviews of U.S. defense strategies and priorities, which may shift DoD budgetary priorities, reduce overall spending or delay contract or task order awards for defense-related programs from which we would otherwise expect to derive a significant portion of our future revenues. A significant decline in overall U.S. government spending, a significant shift in spending priorities, the substantial reduction or elimination of defense-related programs or significant budget-related delays in contract or task order awards for large programs could adversely affect our future revenues and limit our growth prospects.
9
We face aggressive competition that can impact our ability to obtain contracts and may affect our future revenues, profitability, and growth prospects.
We expect that most of the contracts we pursue in the foreseeable future will be awarded through a competitive bidding process as the U.S. government increasingly relies on IDIQ, GSA Schedule, and other multi-award contracts, which has led to greater competition and increased pricing pressure. The competitive bidding process involves substantial resources and a number of risks, including significant cost and managerial time to prepare bids and proposals for contracts that may not be awarded to us, or that may be awarded but for which we do not receive meaningful task orders. The competitive bidding process involves substantial costs and a number of risks, including significant cost and managerial time to prepare bids and proposals for contracts that may not be awarded to us, or that may be awarded but for which we do not receive meaningful task orders. Following contract award, we may encounter significant expense, delay, contract modifications, or even contract loss in the event our competitors protest the award of contracts to us in competitive bidding. Following contract award, we may encounter significant expense, delay, contract modifications or even contract loss as a result of our competitors protesting the award of contracts to us in competitive bidding. Any resulting loss or delay of startup and funding of work under protested contract awards may adversely affect our revenues and/or profitability. In addition, multi-award contracts require that we make sustained post-award efforts to obtain task orders under the contract, failure of which may result in us not recognizing revenues under these multi-award contracts. In addition, multi-award contracts require that we make sustained post-award efforts to obtain task orders under the contract. Our failure to compete effectively in this procurement environment could adversely affect our revenues and profitability.
We compete with larger companies that have more name recognition, greater financial resources, and larger technical staffs, and we also compete with smaller, more specialized companies that concentrate their resources on particular areas.We compete with larger companies that have greater name recognition, financial resources and larger technical staffs and with smaller, more specialized companies that are able to concentrate their resources on particular areas. Additionally, we may compete with the U.S. government’s own capabilities. To remain competitive, we must consistently provide superior service, technology, and performance on a cost-effective basis to our customers. To remain competitive, we must consistently provide superior service, technology and performance on a cost-effective basis to our customers and there is no assurance that we will do so.
Our earnings and profitability may vary based on the mix of our contracts and may be adversely impacted if we fail to estimate and manage costs, time, and resources accurately.Our earnings and profitability may vary based on the mix of our contracts and may be adversely affected by our failure to accurately estimate and manage costs, time and resources.
Our profitability and cash flow may vary materially depending on the types of government contracts we are awarded, the nature of services performed under those contracts, the costs incurred in performing the work, the achievement of performance objectives, and the stage of performance at which the right to receive fees is determined, particularly under incentive and award fee contracts. Our earnings and profitability may vary materially depending on changes in the proportionate amount of revenues derived from each type of contract, the nature of services or solutions provided, as well as the achievement of performance objectives and the stage of performance at which the right to receive fees, particularly under incentive and award fee contracts, is finally determined. Failure to perform to customer expectations and contract requirements may result in reduced fees or losses and may adversely affect our financial performance.
We generate revenues under several contract types, including cost-reimbursable, T&M, and FFP contracts. Under cost-reimbursable contracts, the government pays allowable costs incurred during performance of the contract plus a fee up to a ceiling based on the amount that has been funded. Cost, schedule, or technical performance issues on cost-reimbursable contracts could result in reduced fees, decreased profit, or program cancellation. Under T&M contracts, the government pays for the exact cost of all materials, plus a predetermined hourly rate for the labor involved. Under FFP contracts, the government pays a fixed price regardless of the actual costs of performance, meaning that we bear the risk of cost overruns, but we also have the opportunity for profit if we manage the program efficiently. Cost-reimbursable and T&M contracts are generally less profitable than FFP contracts. In fiscal 2025, approximately 16%, 22% and 62% of our total revenues came from FFP contracts, T&M and cost-reimbursable contracts, respectively.
To varying degrees, there is financial risk with each of these contract types if we underestimate the costs of performance or fail to manage the program efficiently and cost-effectively. Unexpected expenses and/or unanticipated delays (including those caused by contract disputes or other factors outside our control, such as poor performance by our subcontractors, rising inflation, natural disasters, or other force majeure events) could result in reduced profits or losses.
We use estimates in recognizing revenues, and our profitability may be adversely affected if we make changes to those estimates.We use estimates in recognizing revenues and, if we make changes to estimates used in recognizing revenues, our profitability may be adversely affected.
A significant portion of our revenues are recognized on contracts using a cost input measure, which requires estimates of total costs at completion, fees earned, or both. Due to the technical nature of our services and the length of certain contracts, this estimation process is complex and involves significant judgment. Adjustments to original estimates are often required as work progresses, experience is gained, and additional information becomes known, even though the scope of the work required under the performance obligation may not have changed. Changes in the underlying assumptions, circumstances, or estimates could necessitate adjustments that may adversely affect future financial results. Changes in the underlying assumptions, circumstances or estimates could result in adjustments that may adversely affect future financial results.
10
Legal and Regulatory Risks
Our failure to comply with the laws and regulations governing organizational conflicts of interest (“OCIs”) could lead to penalties including, potentially, termination of one or more of our U.S. government contracts.
Many of our U.S. government contracts contain organizational conflict of interest ("OCI") clauses that may limit our ability to compete for or perform certain other contracts or other types of services for particular customers. OCI arises when we engage in activities that may make us unable to render impartial assistance or advice to the U.S. government, impair our objectivity in performing contract work, or provide us with an unfair competitive advantage. Existing OCI, and any OCI that may develop, could preclude our competition for or performance on a significant project or contract, which could limit our opportunities.
The U.S. government may issue or revise existing rules, regulations, and directives at any time, creating uncertainty and requiring unanticipated investments in related compliance efforts.
In recent quarters, the U.S. government customer has increasingly focused on affordability, efficiencies, and cost recovery when contracting with private companies. The new Department of Government Efficiency (“DOGE”) is currently evaluating federal agencies and existing government contracts, grants, and programs for affordability, efficiency, and alignment with U.S. government objectives. DOGE’s efforts to reduce federal spending create uncertainty and risk for government contractors, including potentially resulting in change in budgetary priorities and timing on issuing awards. Decreases in, or delays in contract awards and in government spending on the types of programs that we support, and terminations or stop-work-orders on government contracts on which we are currently performing could adversely affect our future revenues and profitability. At the same time, given the nature of our business, the administration’s focus on efficiency, along with the potential for certain traditionally government functions to be transferred to private entities, may present business opportunities for us.
Federal legislation, regulations, executive orders, and other initiatives dealing with, among other things, procurement reform, the mitigation of potential OCIs, the deterrence of fraud, the elimination of diversity, equity, and inclusion (“DEI”), and changes in corporate environmental obligations, could affect our business. Additionally, we are subject to the laws and regulations of the states in which we operate, which, at times, may conflict with federal laws and regulations, introducing ambiguity.
Recent executive orders relating to DEI and other social issues and “return-to-office” requirements, along with pending legal challenges, create uncertainty and may be temporarily unsettling for portions of our workforce. As always, we are committed to complying with all applicable laws and regulations, and we do not anticipate an adverse impact on our future operations and revenues related to these executive orders.
The ongoing reforms to the U.S. government acquisition process, including changes to procurement rules and regulations, could transform how contracts are awarded, negotiated, and managed, which could lead to delays in contract awards and/or modifications to the scope or terms of contracts we hold. We could face increased competition, greater scrutiny, a more complex regulatory environment, heightened compliance requirements, and additional administrative burdens, all of which have the potential to affect our profitability.
The FAR Council recently proposed significant revisions to the FAR related to OCIs, which, if adopted, could limit our ability to bid on certain contracts and/or require us to modify or restructure some business relationships. They could also impose additional compliance burdens and constraints on our business operations. Increased costs related to identifying, assessing, and mitigating OCI's could negatively impact our profitability.
Similarly, recent executive orders related to energy and the environment suggest a shift towards deregulation at the federal level. Although deregulation initiatives could provide short-term relief from regulatory obligations, the executive orders introduce uncertainty and risk, including the potential for legal challenges and the possibility of new environmental policies at the state or local levels that may impose stricter regulations. We are actively monitoring and adapting to changes in environmental laws, assessing the physical risks posed by climate change, and implementing sustainability initiatives aimed at reducing the environmental impact of our operations. However, the full extent of these risks and their potential impact on our business remains uncertain and could materially affect its financial performance.
11
We are subject to government audits, cost adjustments, reviews, and investigations that could adversely affect our profitability, cash flows, or growth prospects.
The DCAA, the DCMA, and others routinely audit a contractor’s performance on government contracts, indirect cost rates and pricing practices, and compliance with applicable government contracting and procurement laws, regulations, and standards.The DCAA, DCMA and others routinely audit and review a contractor’s performance on government contracts, indirect cost rates and pricing practices, and compliance with applicable contracting and procurement laws, regulations and standards. They also review the adequacy of the contractor’s compliance with government standards for its business systems, including its accounting, earned value management, estimating, materials management, property management, and purchasing systems. They also review the adequacy of the contractor’s compliance with government standards for its business systems, which are defined as the contractor’s accounting, earned value management, estimating, materials management, property management and purchasing systems. A finding of significant control deficiencies in a contractor’s business systems or a finding of noncompliance with the CAS can result in decremented billing rates until the control deficiencies are corrected and DCMA approves their remediation. A finding of significant control deficiencies in a contractor’s business systems or a finding of noncompliance with CAS can result in decremented billing rates to US government customers until the control deficiencies are corrected and their remediation is accepted by the DCMA. Government audits and reviews have become more rigorous as the agencies that conduct them have come under increased scrutiny, leading to stricter interpretations of the standards to which government contractors are held and the increased likelihood of adverse outcomes.
Government audits may conclude that our practices are not consistent with applicable laws and regulations, leading to adjustments to contract costs and mandatory customer refunds. Such adjustments can be applied retroactively. Such adjustments can be applied retroactively, which could result in significant customer refunds. Adverse audit findings or the failure to obtain an “approved” determination on our systems could adversely affect our business by, among other things, restricting our ability to bid on new contracts and diminishing our competitive position for proposals under evaluation. Receipt of adverse audit findings or the failure to obtain an “approved” determination on our various business systems could significantly and adversely affect our business by, among other things, restricting our ability to bid on new contracts and, for those proposals under evaluation, diminishing our competitive position. A determination of noncompliance could also result in the U.S. government imposing penalties and sanctions against us, including withholding of payments, suspension of payments, and increased government scrutiny. Increased scrutiny could adversely impact contract performance, impede our invoicing for work performed, delay our receipt of timely payment, and weaken our ability to compete for new contracts.
As is typical in our industry, DCAA’s indirect cost audits of our business remain open for certain prior years and the current year. We have recorded contract revenues based on an estimate of costs that we believe will be approved. However, we cannot guarantee the outcome of any ongoing or future audits or that any required adjustments will not exceed our reserves. However, we do not know the outcome of any ongoing or future audits or whether future adjustments will exceed our reserves for potential adjustments.
We are also subject to government reviews and investigations relating to all aspects of our business, including our contracts and operations. If a review or investigation identifies improper or illegal activities, we may be subject to civil or criminal penalties or administrative sanctions, which could include the termination of contracts, forfeiture of profits, triggering of price reduction clauses, suspension of payments, imposition of fines, and/or suspension or debarment from doing business with the U.S. government. Allegations of impropriety, even if untrue, may cause us reputational harm and impede our ability to win new contract awards or receive contract renewals. Fines, penalties, and other sanctions are not uncommon in our industry and could negatively impact our profitability, cash position, and future opportunities.
Our business is subject to governmental review and investigation, which could adversely affect our profitability, cash position and growth prospects. Our business is subject to governmental review and investigation, which could adversely affect our profitability, cash position and growth prospects.
We are routinely subject to governmental investigations relating to all aspects of our business including our contracts and operations. If a review or investigation identifies improper or illegal activities, we may be subject to civil or criminal penalties or administrative sanctions, which could include the termination of contracts, forfeiture of profits, the triggering of price reduction clauses, suspension of payments, fines, and suspension or debarment from doing business with governmental agencies. We may suffer harm to our reputation if allegations of impropriety are made against us, which would impair our ability to win new contract awards or receive contract renewals. Penalties and sanctions are not uncommon in our industry. If we incur a material penalty or administrative sanction or otherwise suffer harm to our reputation, our profitability, cash position and future prospects could be adversely affected.
12
The U.S. government may terminate, cancel, modify, or curtail our contracts at any time and, if we do not replace them, we may be unable to achieve or sustain revenue growth and may suffer a decline in revenues and profitability.
Many of the U.S. government programs for which we are a prime contractor or subcontractor may extend for several years, and may include one or more base years and one or more option years. The U.S. government generally has the right not to exercise options to extend or expand our contracts, and may otherwise terminate, cancel, modify, or curtail our contracts at its convenience. Any decision by the U.S. government not to exercise contract options or to terminate, cancel, modify, or curtail our major programs or contracts would adversely affect our revenues, revenue growth, and profitability.
We have experienced, and will continue to experience in the normal course of business, periodic performance issues under certain of our contracts. If a government customer terminates a contract for default, we may be exposed to liability, including for excess costs incurred by the customer in procuring undelivered services and solutions from another source. Depending on the nature and value of the contract, a performance issue or termination for default could cause our actual results to differ from those anticipated and could harm our reputation.
Our use of net operating loss carryforwards and other tax attributes to offset future taxable income may become limited if we or the IRS determine that we have experienced an ownership change.Our use of net operating loss carryforwards and other tax attributes to offset future taxable income may become limited in the event that we or the IRS determines that we have experienced an ownership change.
As of January 31, 2025, we have estimated $223 million of gross net operating loss carryforwards and gross tax basis in our acquired amortizable goodwill, as well as other intangible assets of approximately $1.0 billion.As of February 2, 2024, we have estimated $251 million of gross net operating loss carryforwards and tax basis in our acquired amortizable goodwill and other intangible assets of approximately $1.2 billion. Net operating loss carryforwards and other tax attributes are subject to various annual limitations under Sections 382 and 383 of the Internal Revenue Code, which restricts a corporation’s ability to use such carryforwards and attributes following an ownership change.
Changes in tax laws and regulations or exposure to additional tax liabilities could adversely affect our financial results.
Changes in federal or state tax regulations or in their interpretation and application, including those with retroactive effect, could cause increases in our tax expense and affect profitability and cash flows.Changes in US (federal or state) regulations, or their interpretation and application, including those with retroactive effect, could result in increases in our tax expense and affect profitability and cash flows. For example, beginning in fiscal 2023, the Tax Cuts and Jobs Act of 2017 eliminated the option to deduct research and development expenditures in the year incurred, instead requiring taxpayers to amortize such expenditures over five years for tax purposes. For example, beginning in fiscal 2023, the Tax Cuts and Jobs Act of 2017 eliminated the option to deduct research and development expenditures immediately in the year incurred and requires taxpayers to amortize such expenditures over five years for tax purposes. The impact of this change is dependent on the amount of research and development expenses we incur, as well as the potential for Congress to modify or repeal the provision or for the U.S. Treasury Department to release new guidance or interpretive rules. The impact to our income taxes payable was most significant in fiscal 2023 decreasing over the five-year amortization period. By year six, we anticipate any impact to be immaterial.
Legal disputes could require us to pay potentially large damage awards and could be costly to defend, which could adversely affect our cash balances and profitability, and could damage our reputation. Legal disputes could require us to pay potentially large damage awards and could be costly to defend, which would adversely affect our cash balances and profitability, and could damage our reputation.
We are subject to several lawsuits and claims described under “Legal Proceedings” in Part I, Item 3 of this report.We are subject to a number of lawsuits and claims described under “Legal Proceedings” in Part I, Item 3 of this report. We are also subject to, and may become a party to, a variety of other immaterial litigation or claims arising from time to time in the ordinary course of our business. We are also subject to, and may become a party to, a variety of other litigation or claims and suits that arise from time to time in the ordinary course of our business. The Department of Justice and other U.S. or foreign enforcement agencies may bring claims or lawsuits in connection with our performance of government contracts or our billing or record-keeping relating to those contracts. Although rare, government agencies can seek to suspend or debar government contractors they believe have engaged in misconduct. The government has considerably more resources at its disposal to pursue these matters than we do to defend ourselves against them, and certain statutes under which the Department of Justice may bring claims (like the False Claims Act) provide for treble damages and penalties on a per invoice basis. Consequently, the government generally has more leverage against us than a commercial plaintiff or other private party would have. Settlements or adverse judgments may result in significant monetary damages or injunctions, and litigation and claims could be costly to defend. Even if we are successful, fully indemnified, or insured, we could suffer damage to our reputation that impedes our ability to compete for work or obtain adequate insurance in the future. The outcome of litigation and other claims, including those described under “Legal Proceedings” in Part I, Item 3 of this report, is inherently uncertain, and management’s view of these matters may change in the future. Litigation and other claims, including those described under “Legal Proceedings” in Part I, Item 3 of this report, are subject to inherent uncertainties and management’s view of these matters may change in the future.
13
Our business is subject to numerous legal and regulatory requirements, and any violation of these requirements, or any misconduct by our employees, subcontractors, agents, or business partners, could harm our business and reputation.
In addition to government contract procurement laws and regulations, we are subject to numerous other federal, state, and foreign legal requirements related to, among other things, fraud (including but not limited to falsifying time and other records), data privacy and protection, employment and labor relations, immigration, taxation, anticorruption, import/export controls, trade restrictions, internal and disclosure control obligations, securities regulations, and antitrust.In addition to government contract procurement laws and regulations, we are subject to numerous other federal, state and foreign legal requirements on matters as diverse as data privacy and protection, employment and labor relations, immigration, taxation, anti-corruption, import/export controls, trade restrictions, internal and disclosure control obligations, securities regulation and anti-competition. Compliance with diverse and changing legal requirements is costly, time-consuming, and requires significant resources. Violations can result in fines, penalties, restitution, or other damages (which can be significant), criminal sanctions against our Company and/or our officers, the loss of security clearances, the cancellation of current contracts and the ineligibility for future contracts, and suspension or debarment from federal, state, or local contracting – any of which could adversely affect our business and financial results. Examples of events or changes in circumstances indicating that the carrying value of goodwill may not be recoverable could include a significant adverse change in legal factors or in the business climate, an adverse action or assessment by a regulator, unanticipated competition, loss of key contracts, significant decrease in the Company's stock price, customer relationships, or personnel that affect current and future operating cash flows of the reporting unit. Additionally, depending on the circumstances, our Company can be held liable for the misconduct of its employees, subcontractors, agents, or business partners.
Business and Operational Risks
A failure to attract, train, retain, and utilize skilled employees and our senior management team would adversely affect our ability to execute our strategy and may disrupt our operations.
Our business relies heavily on the expertise and skills of our employees.Our business relies heavily upon the expertise and services of our employees. Many government programs require our personnel to have security clearances. Our continued success depends on the ability to recruit and retain highly trained, skilled and, at times, cleared engineering, technical, and professional personnel. Our continued success depends on our ability to recruit and retain highly trained and skilled engineering, technical and professional personnel. Competition for talent is intense, and competitors aggressively recruit key employees. Competition for skilled personnel is intense and competitors aggressively recruit key employees. Security clearances can be difficult and time-consuming to obtain, and cleared talent is in demand. Particularly in highly specialized areas, it has become more difficult to recruit and retain qualified employees, which could affect our growth in the current and future fiscal years. Particularly in highly specialized areas, it has become more difficult to retain employees and meet all of our needs for employees in a timely manner, which may affect our growth in the current and future fiscal years. We will continue to devote significant resources to recruiting, training, and retaining top talent, but we cannot guarantee the outcome of these efforts. The failure to timely secure qualified employees could impair our ability to win new business or meet existing contractual obligations, which could adversely affect our future financial performance. In addition, salaries and related expenses are a significant portion of the cost of our services and, accordingly, our ability to utilize our workforce efficiently can impact our profitability. In addition, salaries and related costs are a significant portion of the cost of providing our services and, accordingly, our ability to efficiently utilize our workforce impacts our profitability. If our employees are under-utilized, our profitability could suffer.
Our success also depends on the continued employment of a highly qualified and experienced senior management team that focuses on retaining existing business and generating new business. Although we have succession plans in place, the loss of key personnel in critical functions could temporarily impair our ability to win new contracts or perform existing work.
We may make acquisitions, investments, joint ventures, and divestitures in the future that involve numerous risks, which, if realized, may adversely affect our business and financial performance.We may make acquisitions, investments, joint ventures and divestitures in the future that involve numerous risks, which if realized, may adversely affect our business and our future results.
Subject to the limitations of our credit facility (as further described in “Management’s Discussion and Analysis of Financial Condition and Results of Operations” in Part II, Item 7 of this report), we may make strategic acquisitions or investments, engage in joint ventures, or divest existing businesses, which could cause unforeseen expenses, disrupt our business, fail to yield the anticipated benefits, or pose other risks that could adversely affect our reputation, operations, or financial results, including:
•we may not retain key employees (including those with needed security clearances), customers, and business partners of an acquired business in the future;
•we may fail to successfully integrate acquired businesses, such as failing to successfully implement IT and other control systems relating to the operations of any acquired business;
•we may not generate sufficient earnings to meet the required Leverage Ratio under the Credit Facility, which would give lenders the right to, among other things, foreclose on our assets;
14
•acquisitions normally require a significant investment of time and resources, which may disrupt our business and distract our management from other important responsibilities;
•we may not be able to accurately estimate the financial effect of any acquisitions and investments on our business and we may not realize anticipated revenue opportunities, cost savings, or other synergies or benefits, or acquisitions may not result in improved operating performance; and
•we may assume known and unknown material liabilities, including legal or regulatory risks that were not identified as part of our due diligence or for which we are unable to receive a purchase price adjustment or reimbursement through indemnification.
If any acquisitions, investments, or joint ventures fail, perform poorly, or their value is otherwise impaired for any reason, including contractions in credit markets and global economic conditions, our business and financial results could be adversely affected.
In addition, we may periodically divest businesses, including businesses that are no longer a part of our ongoing strategic plan. These divestitures similarly require significant investment of time and resources. They may disrupt our business, distract management from other responsibilities, and create losses on disposal or continued financial involvement in the divested business, including through indemnification, guarantee, or other financial arrangements, for a period of time following the transaction, which could adversely affect our financial results. Federal and state laws, regulations and mandates that require significant progress to reduce the impact of climate change through carbon pollution-free electricity, net-zero emissions in vehicles, buildings, procurement and operations, and similar actions could diminish or weaken our ability to attain new contracts or garner renewals.
We use and deploy AI solutions for our customers that could harm our reputation or create liability if they do not function as predicted.We use and deploy AI solutions for our customers which may result in harm to our reputation or liability if they do not function as predicted.
We deploy and integrate AI solutions for our business operations and for customers, including AI solutions that assist with the design, deployment, and management of AI applications that allow customers to work with their complex and sensitive data to power the most demanding analytics, data science, and AI use cases. These AI solutions may be vulnerable to misuse or cyberattack. Additionally, because this technology is developing so rapidly, we may be unable to keep up with new AI developments. We use some AI solutions that we develop and some that we obtain others from third parties. The development methods and algorithms of these solutions could be flawed, and the datasets could contain incorrect or biased information. Content or code generated by AI systems may be vulnerable to cyberattack, require human review, be unreliable, illegal, or offensive, and could result in the AI solution not working as intended. Content or code generated by AI systems may be vulnerable to cyber attack, require human review, be unreliable, illegal, or offensive, and could result in the AI solution not working as intended. If we deploy AI solutions that have unintended consequences or are more controversial than we anticipate, our customers may seek redress, and we may experience reputational harm that could affect our business or financial results. Our use of AI solutions could be limited by, or subject to regulatory action or legal liability under, proposed rules or legislation regarding privacy, intellectual property, and other laws. Our use of AI solutions could be limited or subject to regulatory action or legal liability under proposed rules or legislation regarding privacy, intellectual property and other laws.
We face various risks related to health epidemics, pandemics, and similar outbreaks, which may have material adverse effects on our business, financial position, results of operations, and/or cash flows.We face various risks related to health epidemics, pandemics and similar outbreaks, which may have material adverse effects on our business, financial position, results of operations and/or cash flows.
We face various risks related to health epidemics, pandemics, and similar outbreaks such as the global outbreak of COVID-19. If significant portions of our workforce cannot work effectively due to illness, quarantines, government actions, facility closures, or for other reasons in connection with an epidemic, our operations will be impacted.We face various risks related to health epidemics, pandemics and similar outbreaks like the global outbreak of COVID-19. If significant portions of our workforce are unable to work effectively due to illness, quarantines, government actions, facility closures or other reasons in connection with an epidemic, our operations will likely be impacted. We may be unable to perform fully on our contracts and some of our costs may not be fully recoverable or adequately covered by insurance. Another epidemic could cause disruption in our supply chain, could delay or limit the operations of the U.S. government and other customers to perform (including making timely payments to us), could impact investment performance, and could cause other negative events.
In addition, the resulting volatility in the global capital markets could restrict our access to capital and/or increase our cost of capital.
Customer systems failures could damage our reputation and adversely affect our revenues and profitability.
Many of the systems and networks that we develop, install, and maintain for our customers involve managing and protecting personal information and information relating to national security and other sensitive government functions. While we have programs designed to comply with relevant privacy and security laws and restrictions, if a system or network that we develop, install, or maintain were to fail or experience a security breach or service interruption (whether caused by us, third-party service providers, cybersecurity threats, or other events), we may
15
experience loss of revenue, remediation costs, claims for damages, or contract termination. This could cause serious harm to our reputation and prevent us from having access to, or being eligible for, further work involving these systems and networks. Any such event could cause serious harm to our reputation and prevent us from having access to or being eligible for further work on such systems and networks. Our errors and omissions liability insurance may not adequately compensate us for the damages that we incur, and our results could be adversely affected. Our errors and omissions liability insurance may be inadequate to compensate us for all of the damages that we may incur and, as a result, our future results could be adversely affected.
We depend on our teaming arrangements and relationships with other contractors and subcontractors. If we are not able to maintain these relationships, or if these parties fail to satisfy their obligations to us or the customer, our revenues, profitability, and growth prospects could be adversely affected.
We rely on teaming relationships with other prime contractors and subcontractors to bids on large procurements and other opportunities when we believe the combination of services, products, and solutions we can offer with teammates will help us win and perform the contract.We rely on teaming relationships with other prime contractors and subcontractors in order to submit bids for large procurements or other opportunities where we believe the combination of services, products and solutions provided by us and our teammates will help us to win and perform the contract. Our future revenues and growth could be adversely affected if our partners reduce or end their contract relationships with us, or if the U.S. government terminates or reduces programs of prime contractors to which we subcontract, does not award them new contracts, or refuses to pay under a contract. We may contract with subcontractors that do not have experience on U.S. government contracts or with our customers, providing them with the experience, relationships, and past performance to compete with us on future contracts and potential result in contract losses. If subcontractors fail to timely meet their contractual obligations or have regulatory compliance or other problems, our ability to fulfill our obligations as a prime contractor or higher tier subcontractor may be jeopardized. Whenever our subcontractors fail to timely meet their contractual obligations, have regulatory compliance or other problems, our ability to fulfill our obligations as a prime contractor or higher tier subcontractor may be jeopardized.
We have only a limited ability to protect our intellectual property rights, which are important to our success. We have only a limited ability to protect our intellectual property rights, which are important to our success. Our failure to adequately protect our proprietary information and intellectual property rights could adversely affect our competitive position.
We rely principally on trade secrets to protect much of our intellectual property in cases where we do not believe that patent protection is appropriate or obtainable. However, trade secrets are difficult to protect. Although our employees are subject to confidentiality obligations, this protection may be inadequate to deter or prevent misappropriation of our confidential information. We may be unable to detect unauthorized use of our intellectual property or otherwise take appropriate steps to enforce our rights. Failure to obtain or maintain trade secret protection could adversely affect our competitive business position. If we are unable to prevent third parties from infringing or misappropriating our copyrights, trademarks, or other proprietary information, our competitive position could be adversely affected. In addition, in connection with the performance of services, the U.S. government has certain rights to inventions, data, software codes, and related material that we develop under government-funded contracts and subcontracts, which may permit the U.S. government to disclose or license this information to third parties, including, in some instances, our competitors.
In the course of conducting our business, we may inadvertently infringe the intellectual property rights of others, resulting in claims against us or our customers. Our contracts generally indemnify our customers for third-party claims for intellectual property infringement by the services and solutions we provide. The expense of defending these claims may adversely affect our financial results.
We face risks related to climate change if extreme weather events adversely affect our ability to work or our customers’ requirements or priorities.We face risks related to climate change if associated increases in extreme weather events prohibit or adversely affect our employees’ ability to work.
Severe storms, increased precipitation and flooding, heat waves, forest fires, and other natural disasters tied to climate change could adversely affect our ability to execute our strategy and may disrupt our operations.Severe storms, increased precipitation and flooding, heat waves and other weather-related obstacles due to climate change could adversely affect our ability to execute our strategy and may disrupt our operations. Any climate event limiting our employees’ ability to work could potentially impair our capability to perform and meet our contractual obligations, address our customers’ needs, and ultimately win new business, all of which could adversely affect our business, financial position, results of operations, and/or cash flows. Any failure of our employees’ ability to work could potentially impair our capability to efficiently perform and meet our contractual obligations, timely address our customers’ needs and ultimately win new business, all of which could adversely affect our business, financial position, results of operations, and/or cash flows. While we have a distributed workforce with employees working remotely across the U.S., we do have employees who, because of client requirements or contractual obligations, must work at specified locations. In these instances, if there were a severe weather event that impacted such a location, we might not be able to meet the client’s requirements or our contractual obligations. In these instances, if there was a severe weather event that impacted such a location we may not be able to meet the client’s requirements or our contractual obligations. In the shorter term, a climate-related event could temporarily impede our ability to do the required work in person, produce operational or other unforeseen challenges, and in the longer term, threaten our performance of contracts, any of which could harm our business and its results. In the shorter term, a climate-related event could temporarily suspend our ability to do the required work in person, produce operational or other unforeseen challenges, and in the longer term, threaten our ability to perform contracts in a timely manner or meet other requirements of the contract, any of which could harm our business and its results.
Although we have business continuity plans and other safeguards in place, there is no assurance that such plans and safeguards will be effective in preventing adverse impacts on our operations or long-term plans. Local conditions and regulations may delay the return of employees to business sites, which could undermine our efforts
16
to meet our contractual obligations. Climate-related limitations on individual employees may also create obstacles to meeting customer requirements or our contractual obligations.
Additionally, our customers could change priorities or direction due to a direct climate-change impact, concerns about long-term sustainability, legislative or regulatory pressure, or market factors such as investor, consumer, or societal requests or demands. Such changes and responses by our customers have the potential to adversely impact our future revenues, profitability, and prospects.
We could incur significant liabilities and suffer negative publicity if our detection systems fail to operate as intended or our assessment reports prove to be inaccurate.
We have developed and sold tsunami buoys and related services that are designed to assist in the detection of tsunamis or large waves that may have catastrophic consequences to coastal communities. Our buoys have been deployed by the U.S. National Oceanic and Atmospheric Administration and non-U.S. governments in other areas around the world. There are many factors, some of which are beyond our control, that could result in the failure of these buoys. We may develop other products or provide services for the detection of catastrophic natural or man-made threats. We may develop other products or provide services for the detection of natural or man-made threats that could have catastrophic consequences if the threats are realized.
Some of our contracts involve evaluating and/or assessing the likelihood or potential consequences of natural disasters and other threats. The failure of our products and services to help detect the threats for which they were designed, or the failure of our reports to accurately assess the consequences of certain threats could contribute to injury, death, or extensive property damage, potentially leading to product liability, professional liability, or other claims against us. The failure of our products and services to help detect the threats for which they were designed or the failure of our reports to accurately assess the consequences of certain threats could contribute to injury, death and extensive property damage and may lead to product liability, professional liability, or other claims against us. Further, if our products, services, or reports fail to (or are perceived to have failed to) help detect or adequately assess a threat, the negative publicity could have a material adverse effect on our business. Further, if our products, services or reports fail to, or are perceived to have failed to help detect or adequately assess a threat, the negative publicity from such incident could have a material adverse effect on our business.
Our services and operations sometimes involve using, handling, or disposing of hazardous substances or dangerous materials, which could expose us to potentially significant liabilities.
Some of our services and operations involve the use, handling, or disposal of hazardous substances or dangerous materials, including explosive, chemical, biological, radiological, or nuclear materials.Some of our services and operations involve the use, handling or disposal of hazardous substances or dangerous materials, including explosive, chemical, biological, radiological or nuclear materials. These activities generally subject us to extensive foreign, federal, state, and local environmental protection and health and safety laws and regulations, which, among other things, require us to incur compliance costs and the risk of liability. These activities generally subject us to extensive foreign, federal, state and local environmental protection and health and safety laws and regulations, which, among other things, require us to incur costs to comply with these regulations and could impose liability on us for handling or disposing of hazardous substances or dangerous materials. Failure to comply with these environmental protection and health and safety laws and regulations could result in civil, criminal, regulatory, administrative, or contractual sanctions, including but not limited to fines, penalties, and/or suspension or debarment actions. We could be required to incur costs to change, upgrade, remediate, and/or close some of our operations or properties. Although we do not have extensive real estate holdings, our ownership and operation of real property also subjects us to environmental protection laws, some of which create liability for current or previous owners or operators of businesses and real property liable for hazardous substance releases, even if they did not know of and were not responsible for the releases. Although we do not have extensive real estate holdings, our ownership and operation of real property also subjects us to environmental protection laws, some of which hold current or previous owners or operators of businesses and real property liable for hazardous substance releases, even if they did not know of and were not responsible for the releases. If we have any violations of, or incur liabilities pursuant to, these laws or regulations, our financial condition and operating results could be adversely affected.
We face risks associated with our international business.
Our international operations, which have historically generated a small portion of our revenues, may be subject to additional and different risks than our domestic operations. Failure to comply with U.S. government laws and regulations applicable to international business, such as the Foreign Corrupt Practices Act and U.S. export control regulations, could have an adverse impact on our business with the U.S. government and could expose us to administrative, civil, or criminal penalties, and potentially significant contract losses.
We provide services and solutions in support of U.S. government customers in countries that are politically unstable, active conflict zones, or subject to high-risk intelligence operations. Operating in these environments may increase the risk of an incident resulting in injury or loss of life, property damage or destruction, or the inability to meet our contractual obligations. Operating in such environments may increase the risk of an incident resulting in injury or loss of life, or damage or destruction of property, or inability to meet our contractual obligations. It is impossible to predict the impact that these regulatory, geopolitical, and other factors may have on our business in the future.
17
Pension funding and costs are dependent upon several economic assumptions, which, if changed, may cause our future earnings and cash flow to fluctuate significantly.
Through our acquisition of Engility Holdings, Inc. ("Engility") in fiscal 2019, we assumed obligations under Engility's defined benefit pension plan (the "Pension Plan"). ("Engility") in fiscal 2019, we assumed the obligations under Engility's defined benefit pension plan (the "Pension Plan"). The impact of the Pension Plan on our generally accepted accounting principles ("GAAP") earnings may be volatile. Because our calculations are sensitive to funding levels and rely on several key economic assumptions, including interest rates, rates of return on plan assets, and participant mortality estimates, the expenses we record for the Pension Plan may materially change from year to year. Changes in these factors also affect our plan funding, cash flow, and stockholders’ equity. In addition, the Pension Plan funding may be subject to changes caused by legislative or regulatory actions. In addition, the funding of the Pension Plan may be subject to changes caused by legislative or regulatory actions.
We will make contributions to fund the Pension Plan when considered necessary or advantageous to do so. The macro-economic factors discussed above, including the return on assets and the minimum funding requirements established by government funding or taxing authorities, or established by other agreement, may influence future funding requirements. A significant decline in the fair value of the assets in the Pension Plan, or other adverse changes to the Pension Plan, could require us to make significant funding contributions and affect cash flows in future periods.
We also, in the acquisition of Engility, assumed obligations under a Retiree Health Reimbursement Account plan ("RHRA").As a result of the acquisition of Engility, we also assumed the obligations under a Retiree Health Reimbursement Account plan ("RHRA"). The impact of Engility’s RHRA on our GAAP earnings may be volatile in that the amount of expense we record for the plan may materially change from year to year because those calculations are sensitive to several key economic assumptions, including interest rates and actuarial assumptions related to participant mortality, retirement, and termination.
CAS govern the extent to which postretirement costs and plan contributions are allocable to and recoverable under contracts with the U.S. government. On December 27, 2011, the CAS Board published a final rule that harmonizes CAS pension cost reimbursement rules with the Pension Protection Act of 2006 ("PPA") funding requirements. On December 27, 2011 the US government’s Cost Accounting Standards Board published a final rule that harmonizes CAS pension cost reimbursement rules with the Pension Protection Act of 2006 ("PPA") funding requirements. The rule is expected to mitigate the mismatch between CAS costs and minimum funding requirements under PPA-amended Employee Retirement Income Security Act of 1974 ("ERISA"), which should accelerate allowable CAS pension costs as compared to prior rules. The rule is expected to eventually mitigate the mismatch between CAS costs and PPA-amended Employee Retirement Income Security Act of 1974 ("ERISA") minimum funding requirements, and result in an acceleration of allowable CAS pension costs as compared to the prior rules. We anticipate that government contractors will be entitled to an equitable adjustment for any additional CAS contract costs resulting from the final rule. We have sought, and expect to continue seeking, reimbursement from the U.S. government for a portion of our postretirement costs and plan contributions. For additional information related to our pension funding and costs, see Note 9—Retirement Plans to the consolidated financial statements contained within this report.
Goodwill and intangible assets represent a significant amount of our total assets and any impairment of these assets would negatively affect our results of operations.
Goodwill is tested for impairment annually or whenever events or changes in circumstances indicate that the carrying value may not be recoverable. This includes, for example, significant adverse changes in the legal or regulatory landscape or in the business climate, adverse actions or assessments by regulators, unanticipated competition, the loss of key contracts, significant decreases in our stock price, or disruptions in customer relationships that affect current and future operating cash flows of the reporting unit. We assess intangible assets with finite lives for impairment whenever events or changes in circumstances indicate that the carrying value may not be recoverable at the asset group level. Intangible assets with finite lives are assessed for impairment whenever events or changes in circumstances indicate that the carrying value may not be recoverable at the asset group level. Any future impairment of goodwill or other intangible assets would have a negative impact on our profitability and financial results.
We maintain our cash at financial institutions, often in balances that exceed federally insured limits.
Most of our cash is held in accounts at U.S. banking institutions that we believe are of high quality. Cash held in depository accounts may exceed the $250,000 Federal Deposit Insurance Corporation ("FDIC") insurance limits. If these banking institutions were to fail, we could lose part or all of the amounts in excess of the insurance limits. If such banking institutions were to fail, we could lose all or a portion of those amounts held in excess of such insurance limitations. A material loss related to a bank failure could have a material adverse effect on our financial position and could impact our ability to pay operational expenses or make other payments. Any material loss that we may experience in the future could have a material adverse effect on our financial position and could materially impact our ability to pay our operational expenses or make other payments. Additionally, if our customers, suppliers, insurers, joint venture partners, sureties, or other parties with which we partner are materially impacted by a bank failure or other issues in the banking industry, including changes in legislation and regulation, it may have an adverse impact on our operational and financial performance.
18
Cybersecurity Risks
Our business and financial results could be negatively affected by cyber or other security threats.
We encounter cybersecurity and physical security threats as part of the work we do for our customers and our internal business. Our IT systems contain a variety of sensitive and classified information which attract adversaries including nation-state threat actors. Our IT systems contain a variety of sensitive and classified information which attract adversaries including nation-state threat actors and we face cybersecurity threats including attempts to disrupt our critical systems, gain unauthorized access to data, release or corrupt sensitive information, and interfere with operations. We face cybersecurity threats including attempts to disrupt our critical systems, gain unauthorized access to data, release or corrupt sensitive information, and interfere with operations. Adversaries that acquire unauthorized access to customer accounts can use that information to compromise data. Adversaries that acquire unauthorized access to customer accounts can use that information to compromise data and inadequate account security practices which could potentially result in malicious activity effecting customer use of our solutions. Inadequate account security practices could result in malicious activity affecting customer use of our solutions. We work cooperatively with our customers to address cybersecurity threats and we are subject to extensive regulations related to cybersecurity. We work cooperatively with our customers to seek to address cybersecurity threats and often must rely on the safeguards used or required by those customers.
Actual or perceived cybersecurity vulnerabilities may lead to claims against us. Our customers, their employees, or third parties may seek to hold us liable for any costs or other damages associated with unauthorized access to sensitive information for which we are responsible under customer contracts.
We develop custom software code and our products may utilize or include open source or AI-generated code, which may make our products susceptible to cyberattacks. We also rely on our supply chain to deliver products and services to our customers. Threat actors have and may continue to seek and gain access to our systems through our business partners and suppliers. A cybersecurity incident affecting our business partners and suppliers could materially adverse impact on our business.
Our information security staff manage cybersecurity risks by implementing security controls in accordance with industry standards and conducting regular employee cybersecurity training. Our cybersecurity policies, procedures and maturity are subject to review and audit by third parties. Although we have implemented and regularly update cybersecurity controls, there can be no assurance that these measures will successfully prevent or mitigate cybersecurity incidents.
We have been subject to cybersecurity incidents, disruptions and data loss targeting our data and systems of the data and systems of our customers. None of these incidents has had a material impact on us or, to our knowledge, our customers. We report cybersecurity incidents, as appropriate, to affected customers and the cognizant regulatory, law enforcement, and national security authorities. Future cybersecurity incidents could damage our reputation, expose us to liability, or prevent us from winning future work, and could have a material adverse impact on our business.
Because of the rapidly evolving nature of these threats, there can be no assurance that our policies, procedures and security controls will detect or prevent them, mitigate their affects and we cannot predict their full impact.
In addition, government agencies investigate and may bring actions against us for noncompliance with legal, contractual, or regulatory requirements regarding cybersecurity controls and disclosure of cybersecurity incidents to customers, regulators, law enforcement, or the public. Any remediation costs, damages or other liabilities related to cybersecurity incidents may not be fully insured or indemnified by other means.
Forward-Looking Statement Risks
This report contains forward-looking statements within the meaning of the Private Securities Litigation Reform Act of 1995. In some cases, you can identify forward-looking statements by words such as “may,” “will,” “should,” “expects,” “projects,” “intends,” “plans,” “anticipates,” “believes,” “estimates,” “predicts,” “potential,” “continue,” “outlook,” and similar words or phrases. The forward-looking statements in this report relate to anticipated events and future operating results and financial performance. These statements are not guarantees of future performance and are subject to risks and uncertainties, including but not limited to changes in market conditions, regulatory and legal developments, governmental and political conditions, competitive pressures, technological advancements, economic conditions, supply chain disruptions, and the risk factors discussed above that could cause actual results to differ materially from those expressed or implied in this report.
Except where required by law, we expressly disclaim a duty to update or revise any forward-looking statements after the date of this Form 10-K to reflect subsequent events, changed circumstances or expectations, or revised
19
estimates and assumptions. The forward-looking statements in this Form 10-K are intended to be subject to the safe harbor protections in the federal securities laws.
Item 1B. Unresolved Staff Comments
No information is required in response to this item.
Item 1C. Cybersecurity
Risk Management and Strategy
We are subject to various cybersecurity risks and continuously monitor and assess our cybersecurity measures to protect against a multitude of cyber threats from adversaries, including nation state actors, that target critical infrastructure sectors such as the defense industrial base. A cybersecurity incident impacting us or our subcontractors or suppliers could materially adversely affect our operations, performance, and results.
As a defense contractor, we must comply with DoD cybersecurity requirements for handling Controlled Unclassified Information ("CUI") and requirements in the Defense Federal Acquisition Regulation Supplement ("DFARS") regarding reporting cybersecurity incidents to the DoD, including the DoD’s Cybersecurity Maturity Model Certification ("CMMC") program. We are prepared to participate in this program and obtain associated CMMC certification. We also adhere to the standards set forth by the National Institute of Standards and Technology (“NIST”) and the International Organization for Standardization (“ISO”) to ensure the highest level of security and operational excellence. Our commitment to compliance with these rigorous frameworks is integral to maintaining the confidentiality, integrity, and availability of our services and products.
We share and receive threat intelligence with our peers in the defense industrial base, government agencies, information sharing and analysis centers, and cybersecurity associations. We have relationships with third-party service providers who also assess our security controls through penetration testing, independent audits, and consulting on best practices to address emerging challenges. These assessments evaluate the effectiveness of our security controls.
Governance
Management's Responsibilities
20
maintaining our cybersecurity program, and other information security incidents. The CISO provides regular updates on our cybersecurity posture and preparedness to senior management. The CISO provides regular updates on the Company's cybersecurity posture and preparedness to senior management.
Board of Directors' Roles and Responsibilities
Our cybersecurity risks and associated mitigations, as part of our enterprise risk management, are continually monitored by senior leadership. These risks and mitigations are also subject to oversight by the Audit Committee and the Risk Oversight Committee (“ROC”) of our Board of Directors. These risks and mitigations are also subject to oversight by the Audit Committee and the ROC of our Board of Directors The ROC is the primary committee that oversees enterprise cybersecurity risks and reviews cybersecurity matters. The ROC is the primary committee that oversees enterprise cybersecurity risks and reviews cybersecurity matters, including our policies and procedures for protecting our cybersecurity infrastructure and for compliance with data protection and security regulations, and related risks. The ROC receives information regarding such risks from management, including our CISO, and reports to the Board on a quarterly basis. The ROC also oversees the Board’s response to any significant cybersecurity incidents.
Cybersecurity Threats
While we have taken significant steps to manage cybersecurity risks, there can be no assurance that these measures will prevent all potential incidents. A material cybersecurity incident could have material adverse effect on our financial condition, results of operations, or cash flows. A material cybersecurity incident could have material adverse effect on the Company’s financial condition, results of operations, or cash flows. We are committed to addressing cybersecurity risks in an ever-evolving technological landscape. The Company is committed to addressing cybersecurity risks in an ever-evolving technological landscape. Management will continue to evaluate and enhance its cybersecurity measures to adapt to emerging threats and comply with evolving regulatory requirements.
Recently Filed
Click on a ticker to see risk factors
| Ticker * | File Date |
|---|---|
| HWBK | 15 hours ago |
| TRSO | 16 hours ago |
| SAIC | 16 hours ago |
| BHRB | 16 hours ago |
| NUVR | 17 hours ago |
| TETEF | 17 hours ago |
| NRC | 17 hours ago |
| PACK | 18 hours ago |
| CVGI | 19 hours ago |
| NEWT | 20 hours ago |
| PACB | 20 hours ago |
| CTGO | 20 hours ago |
| SNDA | 20 hours ago |
| CRVO | 20 hours ago |
| MBX | 20 hours ago |
| PLX | 21 hours ago |
| TSQ | 22 hours ago |
| FMCB | 3 days, 8 hours ago |
| ANIK | 3 days, 10 hours ago |
| ACR | 3 days, 10 hours ago |
| BGSF | 3 days, 11 hours ago |
| NXU | 3 days, 11 hours ago |
| SSBK | 3 days, 11 hours ago |
| BPRN | 3 days, 11 hours ago |
| HNVR | 3 days, 11 hours ago |
| MUX | 3 days, 11 hours ago |
| HYAC | 3 days, 11 hours ago |
| LPSN | 3 days, 11 hours ago |
| NEN | 3 days, 11 hours ago |
| HSON | 3 days, 11 hours ago |
| BMRC | 3 days, 11 hours ago |
| UHG | 3 days, 11 hours ago |
| AMTX | 3 days, 11 hours ago |
| GRI | 3 days, 11 hours ago |
| GAN | 3 days, 11 hours ago |
| USCB | 3 days, 11 hours ago |
| LSBK | 3 days, 11 hours ago |
| SKYT | 3 days, 11 hours ago |
| XPOF | 3 days, 11 hours ago |
| MYPS | 3 days, 11 hours ago |
| FRAF | 3 days, 11 hours ago |
| HBIA | 3 days, 11 hours ago |
| AROW | 3 days, 11 hours ago |
| WMT | 3 days, 12 hours ago |
| MCHX | 3 days, 12 hours ago |
| BZFD | 3 days, 12 hours ago |
| MX | 3 days, 12 hours ago |
| MNTK | 3 days, 12 hours ago |
| KBSR | 3 days, 12 hours ago |
| NRXP | 3 days, 12 hours ago |
