|
Cybersecurity Risk Management, Strategy and Governance
|12 Months Ended
Dec. 31, 2024
|Cybersecurity Risk Management, Strategy, and Governance [Line Items]
|Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]
|
Item 1C. Cybersecurity
We maintain processes for identifying, assessing, and managing material risks from cybersecurity threats (as such term is defined in Item 106(a) of Regulation S-K) as part of our broader enterprise risk management program under the oversight of the Audit Committee of the Company’s Board of Directors. These processes include a wide variety of mechanisms, controls, technologies, systems, and methods that are designed to prevent, detect, or mitigate data loss, theft, misuse, unauthorized access, or other security incidents or vulnerabilities affecting data. We also use systems and processes to oversee and identify risks from cybersecurity threats associated with our third-party service providers.
Our corporate information security organization is led by our Chief Information Officer (“CIO”), who brings over 30 years of information technology experience across a wide range of industry sectors, including semiconductor and technology. Before joining Xperi, our CIO was the Chief Information Security Officer for a large technology company. Our CIO oversees our cybersecurity strategy and the development of our cybersecurity capabilities, encompassing risk management and mitigation, incident prevention, detection, and remediation. Our CIO and corporate information security organization collaborate with technical and business stakeholders across our businesses to analyze risks and devise detection, mitigation, and remediation strategies. Additionally, they engage outside legal counsel, experts, consultants, and other third parties to conduct regular audits, assist with forensic investigations, and address cybersecurity threats and incidents. When necessary, they seek input from external experts and consultants on security industry and threat trends.
Significant incidents are reviewed by a cross-functional working group to determine whether further escalation is appropriate. Any incident assessed as being or becoming potentially material is promptly escalated for further assessment and reported to designated members of senior management. Senior management is responsible for assessing the materiality of an incident, complying with any regulatory requirements, and communicating relevant information to the Audit Committee, as appropriate. We consult with outside counsel as appropriate, including on materiality analysis and disclosure matters.
Although the risks from cybersecurity threats have not materially affected our business strategy, results of operations, or financial condition to date, there can be no assurance that they will not be materially affected by such risks or a material
incident in the future, or that we have not experienced an undetected cybersecurity incident. As discussed under “Risk Factors” in Part I, Item 1A of this Annual Report, cybersecurity threats pose multiple risks to the Company, including potentially to our results of operations and financial condition. See “Risk Factors — If we or our third-party providers experience significant disruptions of our IT Systems or data security incidents, this could result in harm to our reputation, subject us to liability, cause us to modify our business practices, and otherwise materially adversely affect our business, results of operations, and financial conditions.”
The Company’s Board of Directors has oversight of our strategic and business risk management and has delegated cybersecurity risk management oversight to the Audit Committee of the Board. The Audit Committee oversees the guidelines and policies governing the process by which management assesses and manages our exposure to risk, including material risks from cybersecurity threats. The Audit Committee receives regular updates from management, including our CIO, regarding our cybersecurity risk management program, including cybersecurity risks, threats, incidents, and mitigation strategies.
|Cybersecurity Risk Management Third Party Engaged [Flag]
|true
|Cybersecurity Risk Third Party Oversight and Identification Processes [Flag]
|true
|Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag]
|false
|Cybersecurity Risk Board of Directors Oversight [Text Block]
|
The Company’s Board of Directors has oversight of our strategic and business risk management and has delegated cybersecurity risk management oversight to the Audit Committee of the Board. The Audit Committee oversees the guidelines and policies governing the process by which management assesses and manages our exposure to risk, including material risks from cybersecurity threats. The Audit Committee receives regular updates from management, including our CIO, regarding our cybersecurity risk management program, including cybersecurity risks, threats, incidents, and mitigation strategies.
|Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block]
|Our corporate information security organization is led by our Chief Information Officer (“CIO”),our cybersecurity capabilities, encompassing risk management and mitigation, incident prevention, detection, and remediation.
|Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block]
|The Audit Committee receives regular updates from management, including our CIO, regarding our cybersecurity risk management program, including cybersecurity risks, threats, incidents, and mitigation strategies.
|Cybersecurity Risk Role of Management [Text Block]
|
Significant incidents are reviewed by a cross-functional working group to determine whether further escalation is appropriate. Any incident assessed as being or becoming potentially material is promptly escalated for further assessment and reported to designated members of senior management. Senior management is responsible for assessing the materiality of an incident, complying with any regulatory requirements, and communicating relevant information to the Audit Committee, as appropriate. We consult with outside counsel as appropriate, including on materiality analysis and disclosure matters.
Although the risks from cybersecurity threats have not materially affected our business strategy, results of operations, or financial condition to date, there can be no assurance that they will not be materially affected by such risks or a material
incident in the future, or that we have not experienced an undetected cybersecurity incident. As discussed under “Risk Factors” in Part I, Item 1A of this Annual Report, cybersecurity threats pose multiple risks to the Company, including potentially to our results of operations and financial condition. See “Risk Factors — If we or our third-party providers experience significant disruptions of our IT Systems or data security incidents, this could result in harm to our reputation, subject us to liability, cause us to modify our business practices, and otherwise materially adversely affect our business, results of operations, and financial conditions.”
The Company’s Board of Directors has oversight of our strategic and business risk management and has delegated cybersecurity risk management oversight to the Audit Committee of the Board. The Audit Committee oversees the guidelines and policies governing the process by which management assesses and manages our exposure to risk, including material risks from cybersecurity threats. The Audit Committee receives regular updates from management, including our CIO, regarding our cybersecurity risk management program, including cybersecurity risks, threats, incidents, and mitigation strategies.
|Cybersecurity Risk Management Positions or Committees Responsible [Flag]
|true
|Cybersecurity Risk Management Positions or Committees Responsible [Text Block]
|Senior management is responsible for assessing the materiality of an incident, complying with any regulatory requirements
|Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block]
|Senior management is responsible for assessing the materiality of an incident, complying with any regulatory requirements, and communicating relevant information to the Audit Committee, as appropriate. We consult with outside counsel as appropriate, including on materiality analysis and disclosure matters.
|Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag]
|true
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef