IBM Corp has implemented a robust cybersecurity infrastructure to manage and mitigate risks. The company employs a layered defense strategy, utilizing its own security solutions and services, as well as third-party tools, to protect against attacks on its networks, devices, servers, applications, data, and cloud solutions. IBM's Security Operations Center (SOC) monitors threats, drawing intelligence from the IBM Security X-Force Exchange platform. Additionally, IBM engages third parties to review its cybersecurity practices and has a global incident response process managed by its Computer Security Incident Response Team (CSIRT). The company fosters a culture of security awareness through training and educational initiatives and manages third-party supplier risks through a dedicated program. Despite the evolving cybersecurity threats, IBM...Show More

IBM Corp has implemented a robust cybersecurity infrastructure to manage and mitigate risks. The company employs a layered defense strategy, utilizing its own security solutions and services, as well as third-party tools, to protect against attacks on its networks, devices, servers, applications, data, and cloud solutions. IBM's Security Operations Center (SOC) monitors threats, drawing intelligence from the IBM Security X-Force Exchange platform. Additionally, IBM engages third parties to review its cybersecurity practices and has a global incident response process managed by its Computer Security Incident Response Team (CSIRT). The company fosters a culture of security awareness through training and educational initiatives and manages third-party supplier risks through a dedicated program. Despite the evolving cybersecurity threats, IBM has not experienced any incidents with a material adverse effect on the company. Governance of cybersecurity is overseen by the Enterprise & Technology Security (E&TS) organization, with a dedicated Chief Information Security Officer (CISO) leading the strategy. The CISO oversees the CSIRT and the Product Security Incident Response Team (PSIRT), focusing on product vulnerabilities. Business Information Security Officers (BISO) coordinate with the CISO on security issues specific to business segments. IBM's Cybersecurity Advisory Committee (CAC) oversees the management of cybersecurity risk, setting governance structures and reviewing incidents to prevent recurrence.