|
Cybersecurity Risk Management and Strategy Disclosure
|12 Months Ended
Sep. 28, 2025
|Cybersecurity Risk Management, Strategy, and Governance [Line Items]
|Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]
|Cybersecurity
Risk Management and Strategy
To identify, assess and manage cybersecurity risks, we maintain an IT security/cybersecurity program (Cybersecurity Program), which includes policies, procedures, processes and administrative, physical and technical controls designed to protect, defend and mitigate effects to us from cybersecurity threats and incidents. For example, we provide recurring employee cybersecurity training to help our employees better understand cybersecurity threats, our policies, actions and approach to managing this type of risk and how they can help increase our security posture.
Our Cybersecurity Program also includes an incident response process that is overseen by our Vice President of Cybersecurity and supported by an internal team of cybersecurity specialists, with involvement from business, legal and senior management as appropriate. In the event of a cybersecurity incident, a technical cybersecurity team investigates and
addresses the threat, while a cross-functional team assesses the incident to inform criticality determinations and response efforts, including escalations of the incident to senior management as appropriate.
We evaluate and update our cybersecurity risk profile through ongoing assessment of the cybersecurity threat landscape and security monitoring. Our cybersecurity risk profile is used as an input to identify, assess and update our Cybersecurity Program, and associated priorities are updated as new risk information becomes available. Information security, including cybersecurity, is also incorporated into our overall Enterprise Risk Management (ERM) program. Our ERM Operating Committee includes members in senior leadership positions across various functional areas that evaluate enterprise risks and develop and monitor associated mitigation plans. Cybersecurity related risks are included in the risk universe that the committee evaluates to assess top risks to the enterprise. As part of our ERM program, our executive leadership team receives annual updates on enterprise risks, including cybersecurity risks, as well as their potential impact, likelihood, potential mitigation plans and status.
Our Cybersecurity Program, and portions thereof, are periodically reviewed by third-party assessors, consultants, auditors or other firms. For example, we periodically conduct penetration tests and tabletop exercises to simulate attacks against our infrastructure, systems, or portions thereof, in order to validate the efficacy of our security controls and response capabilities. Such exercises are typically conducted with assistance from third-party advisors and experts. Incident response efforts are also supported by external resources such as legal advisors, cybersecurity forensic firms, communications specialists, and other outside advisors and experts as well as law enforcement support, as appropriate. We benefit from engaging third parties to provide specialized skills, knowledge, tools and resources, and such third parties may also help reduce costs, increase efficiency and/or improve the quality of our Cybersecurity Program.
Our supplier community (including suppliers of IT services and other third-party service providers) plays a large role in Qualcomm’s success, and we believe in engaging with our suppliers to help them protect against cybersecurity threats. We operate a supplier cybersecurity assurance program, which is integrated with our procurement processes and supported by the relevant groups within the legal organization, to assess and attempt to mitigate potential cybersecurity risks across our supplier community commensurate with their cybersecurity risk. Specifically, based on a risk classification of the supplier, our third-party risk management process includes steps such as the evaluation of a supplier’s security controls, posture and maturity as well as the identification and treatment of cybersecurity-related risks.
Notwithstanding our Cybersecurity Program as described above, we cannot anticipate, detect, repel or guarantee the effectiveness of our preventative measures against all cybersecurity threats, particularly because the techniques used are increasingly sophisticated and constantly evolving. Like many companies, we have encountered intrusions and attempts to gain unauthorized access to our IT systems or other attacks and incidents, and we have had third-party service providers who have encountered intrusions. However, during fiscal 2025, we did not identify any risks from cybersecurity threats that materially affected or are reasonably anticipated to materially affect our business strategy, results of operations or financial condition. For additional information about the cybersecurity risks we face, including how such risks could affect us in the future, see “Part I, Item 1A. Risk Factors” in this Annual Report, including the Risk Factors titled “Our business and operations could suffer in the event of security breaches of our IT systems, or other misappropriation of our technology, intellectual property or other proprietary or confidential information” and “Failures in our products, or in the products of our customers or licensees, including those resulting from security vulnerabilities, defects or errors, could harm our business.”
|Cybersecurity Risk Management Processes Integrated [Flag]
|true
|Cybersecurity Risk Management Processes Integrated [Text Block]
|Information security, including cybersecurity, is also incorporated into our overall Enterprise Risk Management (ERM) program. Our ERM Operating Committee includes members in senior leadership positions across various functional areas that evaluate enterprise risks and develop and monitor associated mitigation plans. Cybersecurity related risks are included in the risk universe that the committee evaluates to assess top risks to the enterprise.
|Cybersecurity Risk Management Third Party Engaged [Flag]
|true
|Cybersecurity Risk Third Party Oversight and Identification Processes [Flag]
|true
|Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag]
|false
|Cybersecurity Risk Board of Directors Oversight [Text Block]
|
Our Board of Directors has primary responsibility for oversight of our risk management efforts, with support from its standing committees. In particular, the Audit Committee assists the Board of Directors in fulfilling its oversight responsibilities with respect to our Cybersecurity Program. As part of its oversight of IT security/cybersecurity matters, the Audit Committee receives cybersecurity updates on a quarterly basis and an IT security/cybersecurity briefing from management, typically including our Chief Information Officer (CIO) and Vice President of Cybersecurity, on at least a semi-annual basis. In addition to this regular reporting, significant cybersecurity threats or incidents may also be escalated on an as-needed basis through our organizational structure in accordance with our incident response process.
|Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block]
|In particular, the Audit Committee assists the Board of Directors in fulfilling its oversight responsibilities with respect to our Cybersecurity Program.
|Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block]
|As part of its oversight of IT security/cybersecurity matters, the Audit Committee receives cybersecurity updates on a quarterly basis and an IT security/cybersecurity briefing from management, typically including our Chief Information Officer (CIO) and Vice President of Cybersecurity, on at least a semi-annual basis.
|Cybersecurity Risk Role of Management [Text Block]
|Key elements of our Cybersecurity Program, including defending against key cybersecurity threats and risks, are overseen by our CIO, Vice President of Cybersecurity, the Information Security and Risk Management (ISRM) organization and certain legal functions under the office of the General Counsel, which include subject matter experts focused on identifying and managing cybersecurity threats and consequences where technically feasible and commensurate with risk.
|Cybersecurity Risk Management Positions or Committees Responsible [Flag]
|true
|Cybersecurity Risk Management Positions or Committees Responsible [Text Block]
|
Key elements of our Cybersecurity Program, including defending against key cybersecurity threats and risks, are overseen by our CIO, Vice President of Cybersecurity, the Information Security and Risk Management (ISRM) organization and certain legal functions under the office of the General Counsel, which include subject matter experts focused on identifying and managing cybersecurity threats and consequences where technically feasible and commensurate with risk. Our CIO has over 30 years of experience in IT and telecommunications and previously held CIO or other IT leadership roles at DISH Network (now EchoStar), CenturyLink, Level 3 Communications and TW Telecom prior to joining Qualcomm. Our Vice President of Cybersecurity has over 20 years of experience in cybersecurity gained across numerous leadership roles in Qualcomm’s IT and Cybersecurity organization, including security architecture, risk and compliance, incident response, security operations and identity management. This experience is supplemented by the collective experience and expertise across the ISRM organization, which includes the Cyber Security Operations Center, Cyber Defense Engineering Services, Cyber Identity and Architecture, Cyber Governance Risk and Compliance, and Threat Intelligence teams, among others. The Cybersecurity Program is also supported by additional members of senior management, including our Chief Financial Officer and Chief Operating Officer, Chief Technology Officer, Chief Human Resources Officer and General Counsel, through regular reporting and review.
|Cybersecurity Risk Management Expertise of Management Responsible [Text Block]
|Our CIO has over 30 years of experience in IT and telecommunications and previously held CIO or other IT leadership roles at DISH Network (now EchoStar), CenturyLink, Level 3 Communications and TW Telecom prior to joining Qualcomm. Our Vice President of Cybersecurity has over 20 years of experience in cybersecurity gained across numerous leadership roles in Qualcomm’s IT and Cybersecurity organization, including security architecture, risk and compliance, incident response, security operations and identity management.
|Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block]
|Our ERM Operating Committee includes members in senior leadership positions across various functional areas that evaluate enterprise risks and develop and monitor associated mitigation plans. Cybersecurity related risks are included in the risk universe that the committee evaluates to assess top risks to the enterprise. As part of our ERM program, our executive leadership team receives annual updates on enterprise risks, including cybersecurity risks, as well as their potential impact, likelihood, potential mitigation plans and status.
|Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag]
|true
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef