Quiver Quantitative

Risk Factors Dashboard

Once a year, publicly traded companies issue a comprehensive report of their business, called a 10-K. A component mandated in the 10-K is the ‘Risk Factors’ section, where companies disclose any major potential risks that they may face. This dashboard highlights all major changes and additions in new 10K reports, allowing investors to quickly identify new potential risks and opportunities.

View risk factors by ticker

Search filings by term

Risk Factors - CIEN

-New additions in green
-Changes in blue
-Hover to see similar sentence in last filing

Item 1A. Risk Factors

Investing in our securities involves a high degree of risk. Before investing in our securities, you should consider carefully the information contained in this report, including the information in this “Risk Factors” section.

Risks Related to Financial Performance and Strategy

Our revenue, gross margin, and operating results can be adversely impacted by a number of factors that would cause our results to fluctuate.

Our results of operations are subject to significant, and often difficult to predict, quarterly fluctuations due to a variety of factors. A portion of our quarterly revenue is generated from customer orders received during that same quarter (which we refer to as “book to revenue”) and therefore may be less certain. Additionally, our customer contracts generally do not include minimum or guaranteed purchases and may allow customers to modify or cancel purchase orders. We must regularly compete for business with existing customers and there is no assurance that we will maintain our incumbency or revenue level with any particular customer in future periods. Our results can be materially adversely affected by factors set forth in this “Risk Factors” section including:

•order timing and volume, including book to revenue and backlog levels;

•changes in spending or deployment plans by customers;

•the level of competition we face and the impact of unfavorable transactions or commercial terms;

•customer, product and geographic mix;

•supply chain performance and costs;

•the financial stability of our customers; and

•consolidation activity involving us, our customers, suppliers, and competitors.

As a result, our historical financial results may not be indicative of future performance.

Our revenue is concentrated among a small number of customers and reductions in their spending could materially adversely impact our results of operations.

For example, in fiscal 2025, our five largest customers contributed approximately 50% of our revenue, a cloud provider customer accounted for approximately 18% of our revenue, and a service provider accounted for approximately 11% of our revenue. Moreover, our revenue is concentrated within the cloud provider and service provider customer segments. Adverse economic, business or regulatory dynamics within these industries or market segments affecting spending levels could materially adversely impact our results of operations.

Our growth is dependent on executing our strategy and expanding our addressable market, and we may not be successful.

Our growth depends on the successful execution of our business strategy and our ability to grow our addressable market, or to expand into new markets, technologies, or customer segments. Many of these markets are nascent or dynamic, and it is difficult to predict trends of these markets, including any potential growth. Moreover, we have a more limited history in commercializing and selling solutions into these markets.

Table of Contents

We operate in an intense and evolving competitive landscape and the level of competitive pressure we face may adversely impact our results of operations.

Many of these competitors have substantially greater resources, broader product offerings and more established customer relationships than we have. Because of their scale and resources, they may be perceived to be a better fit for the procurement or network strategies of larger network operators. We also face competition from certain smaller companies for specific products, applications, customer segments, or geographic markets that may be more attractive to customers in a particular opportunity.

Generally, competition in our industry is based on various factors, including:

•price and total cost of ownership;

•product features and functionality;

•incumbency and strength of existing business relationships;

•technology roadmap;

•financial stability and investment capacity;

•ability to address preferred customer consumption models;

•delivery lead-times; and

•services and support capabilities.

Additionally, as we address evolving customer consumption models or expand into adjacent market segments, we expect to compete with a broader range of suppliers, including existing business partners in our supply chain.

Acquisitions and other strategic transactions could disrupt our operations and expose us to increased costs and unexpected liabilities.

We may pursue strategic transactions, including mergers, acquisitions, investments and other strategic partnerships, to advance our business strategy. These transactions inherently involve significant risks and uncertainties, including:

•failure to achieve the intended benefits or anticipated return on investment, including operational synergies;

•significant use of cash, assumption of debt, or dilution of stockholders;

•exposure to unexpected costs or liabilities;

•challenges integrating technology, operations and personnel, and loss of key employees;

•disruption of relationships with customers, suppliers, or other business partners;

•diversion of management attention;

•challenges obtaining required regulatory or third-party approvals; and

•adverse tax, internal control or financial reporting impacts.

If we are unable to successfully execute acquisitions and other strategic transactions our business, results of operations, and financial condition could be negatively impacted.

Risks Related to Technology Development and Intellectual Property

Misaligned or delayed technology investments may adversely impact our return on innovation, impair our strategy and weaken our competitive position.

The success of our business depends on our ability to develop and deliver products that align with customer needs and demands, technological advancements, and market trends. Accordingly, there is no guarantee of market acceptance, and some of our development decisions will be unprofitable. Failure to develop timely new, innovative solutions that are attractive to customers could have a material adverse effect on our competitive position and results of operations.

Table of Contents

We may experience difficulties in the development and production of our products that may negatively affect our competitive position and results of operations.

Our networking solutions are based on complex hardware and software, and we can experience unanticipated challenges or delays in developing, manufacturing and introducing these solutions. We regularly introduce new products and enhancements, and each development cycle step presents serious risks of failure, rework or delay that can be expensive and time-consuming.

Problems affecting the performance, interoperability, reliability or security of our products could damage our business reputation and negatively affect our results of operations.

We may experience defects or problems affecting quality, interoperability, reliability, security and performance of our products or the third-party technologies and software we incorporate in our products. Such problems could relate to the design, manufacturing, installation, operation and interoperability of our products. These product-related risks could result in:

•damage to our reputation, reduced demand, or order cancellations;

•payment of liquidated damages, contractual or similar penalties, or other claims;

•write-offs of inventory;

•regulatory enforcement penalties or settlements;

•disruption to the operation of our network operator customers;

•reporting and other publication to customers or regulatory bodies; and

•delays in introducing new products, recognizing revenue, or collecting accounts receivable.

These and other consequences could negatively affect our business and results of operations.

Our intellectual property rights may be difficult and costly to enforce.

There can be no assurance that our proprietary rights will not be challenged, invalidated or circumvented. Our intellectual property strategy must continually evolve to protect our proprietary rights. There can be no assurance that our pending patent applications will succeed or that our patents will sufficiently protect our technology, and the laws of some countries may not protect our proprietary rights to the same extent as in the United States.

We are subject to the risk that third parties may attempt to access, divert or use our intellectual property without authorization. Protecting our proprietary rights is difficult, time-consuming and expensive, and we cannot be certain that the steps that we are taking will detect, prevent or minimize the risks of such unauthorized use. Such litigation could result in substantial cost and diversion of management time and resources, and there can be no assurance that we will obtain a successful result. Any inability to protect and enforce our intellectual property rights could harm our ability to compete effectively.

Third parties may assert claims or initiate litigation or other proceedings related to intellectual property rights in technologies and related standards that are relevant to our business. We have been subject to several claims related to patent infringement, and we have been requested to indemnify customers pursuant to contractual indemnity obligations relating to infringement claims made by third parties. We could also be adversely affected by intellectual property litigation or claims against our manufacturers, suppliers or customers, and the rate of such claims by patent assertion entities remains high, particularly in the United States. These claims, if successful, could require us to:

•pay substantial damages or royalties;

•stop offering certain of our products;

•seek a license for the use of another’s intellectual property;

•develop non-infringing technology or modify certain products; and

Table of Contents

•indemnify our customers or other third parties.

Third party claims and their related consequences could adversely affect our business, results of operations and financial condition.

Risks Related to Operations

Our failure to effectively align our supply chain capacity and inventory levels with customer demand can adversely impact our results of operations and customer relationships.

Our growth and ability to meet customer demand depends in part on our ability to adequately plan and ensure appropriate supply chain capacity and inventory levels. We have experienced supply chain capacity shortages that have affected our operations and financial results, including longer than normal lead times. Significant economic growth, and the unprecedented nature of AI related demand, can make it more difficult for us and our suppliers to accurately forecast demand and to set optimized levels of manufacturing capacity and inventory. Conversely, if actual demand is meaningfully less than our forecasts, we may spend unnecessarily on capital related to our supply chain or purchase more inventory than needed. This could lead to increased excess or obsolete inventory requiring us to incur significant write-offs. As of November 1, 2025, we had $826.2 million in inventory and $2.1 billion in purchase commitments, many of which are non-cancellable, across our supply chain. Our inability to effectively manage our supply chain capacity and inventory levels with customer demand could adversely impact our results of operations and customer relationships.

Our business may be adversely affected by risks associated with our third-party contract manufacturers’ businesses, financial condition, and the geographies in which they operate.

We rely on third-party manufacturers, including those with facilities in Canada, Mexico, Thailand, Vietnam and the United States, to perform many of our critical supply chain activities. There are a number of risks associated with our dependence on these manufacturers, including:

•constraints in their manufacturing capacity and other operational challenges;

•logistics disruption and reduced control over delivery schedules and planning;

•reliance on their quality assurance procedures and limited warranties provided to us;

•uncertainty regarding manufacturing yields and costs;

•exposure to their financial condition or labor practices;

•natural disasters or climate change in the regions in which they operate;

•the impact of commercial or contractual disputes; and

•lack of primary control of cyber and data security.

We have previously and may in the future experience significant challenges that require us to seek alternative partners and transition manufacturing operations. The process of qualifying a new contract manufacturer and commencing volume production is complex and time-consuming, and such transitions can be disruptive and costly. Our inability to effectively manage the risks associated with our third-party contract manufacturers could materially adversely impact our business and results of operations.

Our dependence upon third-party suppliers and limited sources of supply could adversely impact our business and results of operations.

We rely on a global network of third-party suppliers for products, components, related raw materials, and embedded software. Our products include optical and electronic components for which reliable, high-volume supply is often available only from sole or limited sources. We do not have any guarantees of supply from our third-party suppliers, and in certain cases we have limited contractual arrangements or are relying on standard purchase orders. Our reliance on these suppliers exposes us to risks of supply shortages, delays and increased costs. Increases in market demand and scarcity of raw materials and components have resulted, and may in the future result, in shortages of components, deployment delays, increased cost, and extended delivery timelines. For example, the electro-optical component and semiconductor industries have been experiencing increased demand as a result of significant spending related to AI and other cloud-based applications, which has led to a constrained supply environment. These constraints have resulted, and could further result in shortages, extended lead times, or increased costs that adversely impact our revenue and gross margin. Our inability to secure the required volumes of components or necessary licenses could result in lost revenue, additional product costs, increased lead times and deployment delays that could harm our results of operations and customer relationships.

Table of Contents

We depend on the effective functioning and scalability of our internal business processes, information systems and internal controls to support key business functions and manage growth.

Additionally, our business processes and information systems must be sufficiently scalable to support the growth of our business. We regularly pursue initiatives to scale, transform and optimize our business operations and IT systems through the reengineering of certain processes and investment in automation, including the use of AI. In addition, our IT systems, and those of third-party IT providers, may be vulnerable to disruption from catastrophic events, power anomalies, data security incidents, and computer system or network failures. Our inability to effectively manage risks associated with our business systems or those of our third-party business partners could result in significant operational disruption and cost, which could damage our business and harm our ability to profitably grow our business.

If we fail to effectively manage the third-party resellers and service partners we use to support our sales and operations, our business, financial results and relationships with customers could be adversely affected.

We rely on a number of domestic and international third-party resellers, distributors, and sales agents to extend our sales reach, and service partners to perform certain installation, maintenance and support functions. We may not be able to manage our relationships with these third parties effectively, and we cannot be certain that they will be able to perform their necessary activities in the manner or time required. If we do not effectively manage our relationships with these third-party business partners, our business, financial results and relationships with customers could be adversely affected.

If we are unable to attract and retain qualified personnel, we may be unable to manage our business and execute our strategy effectively.

Our future success depends upon our ability to recruit and retain qualified people, particularly in talent segments critical to the execution of our business strategy. Competition to attract and retain highly skilled technical, engineering and other personnel with experience in our industry is intense, and our employees have been the subject of targeted hiring by our competitors. We may experience difficulty retaining and motivating existing employees and attracting qualified personnel to fill key positions. None of our executive officers is bound by an employment agreement for any specific term.

Restructuring activities could be costly or disrupt our business and affect our results of operations.

These changes could be disruptive to our business and could result in significant expense, including employee-related costs, inventory and technology-related write-offs, and other charges. Substantial expense or charges resulting from restructuring activities could adversely affect our results of operations and use of cash in those periods in which we undertake such actions.

Risks Related to the Macroeconomic and Geopolitical Environment

Unfavorable changes in macroeconomic conditions could adversely impact our business and results of operations.

Market volatility and weakness in the regions in which we operate have previously resulted in sustained periods of decreased demand that have adversely affected our operating results. Macroeconomic volatility, instability, or weakness could also result in:

•increased competitive or pricing pressure;

•decreased ability to forecast and make decisions about budgeting and investments;

•increased overhead and production costs as a percentage of revenue;

Table of Contents

•customer financial difficulty, including order cancellations, delivery deferrals, and difficulties collecting accounts receivable; and

•business and financial difficulties faced by, and changes in spending levels of, our customers, their end users, our suppliers, or other partners.

Due to our concentration of revenue in the United States, we would expect to incur a more significant impact from any change impacting the capital spending environment or causing market weakness in the United States. Consequences of an unfavorable or uncertain macroeconomic environment, globally or in a particular region, could adversely affect customer spending and our results of operations and financial condition.

Unfavorable changes in geopolitical conditions could adversely impact our business and results of operations.

Our global operations and supply chain expose us to risks associated with geopolitical developments, including instability or disruption in particular region, war, terrorism, riot, civil insurrection, and social or political unrest. We are also exposed to a wide range of shifting economic, regulatory or national security priorities in the countries we operate. Increasing tensions between the United States and China—including tariffs, export controls, investment restrictions, and evolving data security or technology transfer requirements—could disrupt our supply chain. Any escalation of these tensions, or similar geopolitical volatility in other regions, could result in reduced demand, increased costs, supply shortages, product delays or other adverse consequences to our business and operations. Our success depends on our ability to anticipate and manage these risks effectively. Failure to mitigate these risks could reduce our sales, or give rise to incremental costs that could adversely affect our results of operations.

Risks Related to Cybersecurity, Legal, and Regulatory Matters

Cyber-attacks could compromise our technology and information, damaging our business and reputation and disrupting our operations.

Our network environment and assets, and those of our third-party business partners, maintain information that is confidential, regulated, proprietary or sensitive to our business. Companies in the technology, communications and networking industries have been subjected to data security incidents, including cyber-attacks, attacks against products, and other attempts to gain unauthorized access to network assets, infrastructure or sensitive information.

We and our business partners have been, and may be in the future, subjected to cybersecurity incidents including ransomware attacks, exploitation, intrusion, disruption and other attempts to gain unauthorized access. These incidents could cause us to incur significant costs, risk to our technology, disruption of our operations, harm to customers and stakeholders, and reputational damage. Additionally, a data security incident may result in significant remediation expenses and increased cybersecurity protection and insurance costs.

While we employ policies, training, controls, and other safeguards to mitigate these risks, there is no assurance they will be sufficient to prevent future data security incidents or insider threats. We have experienced, and may further experience, a range of incidents, including phishing, emails purporting to come from a company executive or vendor seeking payment requests, malware, and communications from look-alike corporate domains, as well as risks from malicious insiders and third-party software and services. We have also faced unauthorized access and exfiltration of confidential data through exploitation of vulnerabilities in third-party applications. While these incidents have not resulted in material cost or had a material effect on our business, operations, technology, or data to date, they could in the future. While we maintain cybersecurity insurance, there is no assurance that the coverage would be sufficient to cover any losses.

Increased regulation of product security, cybersecurity and data practices could adversely affect our business and results of operations

We operate in a regulatory environment that is rapidly evolving with respect to product security, cybersecurity, and the collection, use, and retention of data. Governments around the world continue to adopt new, and expand existing, laws and regulations imposing heightened requirements on companies related to these topics. Further expansion of product security, cybersecurity, or data protection regulations, whether through new legislation, more stringent industry standards, or increased enforcement activity, could require us to modify our products, enhance our security controls, or change our data practices, potentially resulting in increased costs.

Table of Contents

Tariffs and other import measures imposed by the United States or other countries may adversely affect our business and results of operations.

Significant changes to trade policy, international trade agreements, export controls, sanctions, or tariffs have adversely impacted and could materially adversely impact our business, operations, and financial results. The tariff policy environment has been and is expected to continue to be dynamic. Our revenue is concentrated, with approximately 72% of our revenue in fiscal 2025 coming from the United States. Tariffs recently implemented that have impacted or could materially impact our business include tariffs on U.S. imports:

•from Canada and Mexico, as products making up a significant portion of our revenue are manufactured in or distributed from Mexico, and we generally introduce new products and conduct related early volume manufacturing in Canada;

•of steel, aluminum, and copper, including derivative goods that include certain of our products;

•from China, as our supply chain includes certain China-based suppliers; and

•from a wide range of countries globally, including Thailand and Vietnam, where we also rely on third-party manufacturing operations for a significant portion of our revenue.

Additionally, we currently rely upon certain trade agreements and product or technology-based exemptions that reduce our tariff exposure. However, the U.S. government is currently investigating imports of products, including semiconductors and derivative products relevant to our business, which could result in material additional tariffs. There can be no guarantee as to which of our products will be impacted by new or changing tariffs, or that they will remain eligible for exceptions under existing or future trade agreements or executive orders.

We have taken steps, and may take additional steps, to mitigate the impact of tariffs on our business, including: by availing ourselves of certain exemptions to tariffs; by making changes to our supply chain practices, sources of supply, or manufacturing locations; and by passing the cost of tariffs to customers. These mitigation strategies generally take considerable time to implement, can result in significant costs, and can disrupt our supply chain. Moreover, customer reaction to the imposition of new tariffs, or any tariff mitigation steps we elect to take is uncertain and may result in reduced spending, deferred orders or delivery of existing orders, or shifting of purchases to other vendors, each of which would adversely impact our financial results and competitive position.

Our development and use of AI technology in our products and operations remains in the early phases. While we aim to develop and use AI responsibly and attempt to mitigate ethical and legal issues presented by its use, we may ultimately be unsuccessful in identifying or resolving issues before they arise. AI technologies are complex and rapidly evolving, and the technologies that we develop or use may ultimately be flawed. Moreover, AI technology is subject to rapidly evolving domestic and international laws and regulations, including executive orders by the U.S. government and the EU’s Artificial Intelligence Act, which could impose significant costs and obligations on the Company. Emerging regulations may also pertain to data privacy, data protection, and the ethical use of AI, as well as clarifying intellectual property considerations. Our use of AI could give rise to legal or regulatory action or increased scrutiny or liability, and may damage our reputation or otherwise materially harm our business.

Legal proceedings, including government investigations and other claims or disputes, may be costly to defend and could adversely affect our business.

We are, from time to time, subject to claims, lawsuits, government investigations, and other legal proceedings that may arise in the ordinary course of business. These matters can be complex, involve uncertain outcomes, and require significant management time and resources. These proceedings could result in substantial costs to defend, monetary damages, fines, penalties, or injunctive relief, and could adversely affect our reputation, financial condition, or operating results.

Government regulations affecting our industry could harm our business and results of operations.

Our global operations are subject to complex U.S. and foreign laws and regulations, including trade controls, anti-corruption laws, antitrust regulations, sovereignty and localization requirements, and environmental and sustainability regulations. Compliance with these laws may impose significant costs, and violations could result in fines, penalties, criminal sanctions, restrictions on our operations, and harm to our reputation. While we maintain policies and procedures to promote compliance, they may not fully prevent violations or mitigate risks from employee misconduct, third-party actions, or evolving interpretations of these laws. Moreover, our customers are subject to these and a wide range of other global regulations, including communications regulations, impacting their network operations and their business more generally. These regulations may adversely affect customer spending and, by extension, also negatively impact our operations or financial results.

Table of Contents

Changes in tax law or regulation, effective tax rates and other adverse outcomes with taxing authorities could adversely affect our results of operations.

We are subject to complex, evolving, and sometimes conflicting tax laws and regulations in the jurisdictions where we operate. Changes in tax legislation, interpretations, or enforcement practices, including those related to global minimum tax regimes, transfer pricing, or the allocation of profits among countries, could increase our effective tax rate, result in additional tax liabilities, or impact our profitability. Changes in tax regulation could also adversely impact our go-to-market approach, global sourcing strategy, manufacturing practices, or competitiveness of our products. It is possible that tax authorities may disagree with certain positions we have taken, and an adverse outcome of such a review or audit could have a negative effect on our financial position and operating results. There can be no assurance that the outcomes from such examinations, or changes in tax law or regulation impacting our effective tax rates, will not have an adverse effect on our business, financial condition and results of operations.

Failure to maintain effective internal controls over financial reporting could have a material adverse effect on our business, operating results and stock price.

We cannot be certain that our current design for internal control over financial reporting, or any future changes thereto, will be sufficient to enable management to determine that our internal controls are effective for any period, or on an ongoing basis.

Risks Related to Common Stock, Debt, and Assets

Our stock price is volatile.

The market price and trading volume of our securities has been and may be subject to significant volatility, influenced by a variety of factors, many of which are outside our control. Our stock price has experienced significant fluctuations in the past and may continue to do so. Stock price volatility can result from any of the factors discussed in this “Risk Factors” section, including overall market and economic conditions, industry trends, investor sentiment, variations in operating results compared to expectations, announcements by us or our competitors, and changes in financial forecasts or guidance.

Volatility and uncertainty in the capital markets could limit our access to funding on favorable terms or at all.

We have accessed the capital markets in the past and have successfully raised funds, including through the issuance of equity, convertible notes and other indebtedness. We regularly evaluate our liquidity position, debt obligations and anticipated cash needs to fund our long-term operating plans, and we may consider it necessary or advisable to raise additional capital or incur additional indebtedness in the future. If we raise additional funds, our existing stockholders could suffer dilution in their percentage ownership of our company, or our leverage and outstanding indebtedness could increase. Our ability to access capital, and the cost of that capital, can be affected by a range of factors, including market conditions, interest rates, inflation, and ratings agency evaluation of our company. As such, there can be no assurance that financing alternatives will be available to us on favorable terms or at all.

Outstanding indebtedness may adversely affect our liquidity and results of operations and could limit our business.

We are a party to credit agreements governing a revolving credit facility, a term loan, and unsecured senior notes. These agreements contain certain covenants that limit our operational flexibility and include customary remedies that would apply should we default on our obligations. We may also enter into additional debt transactions or credit facilities which may increase our indebtedness and result in additional restrictions on our business. Our indebtedness could have important negative consequences, including: increasing our vulnerability to adverse economic and industry conditions; limiting our ability to obtain additional financing; debt service and repayment obligations that may reduce the availability of cash resources; limiting our flexibility in planning for, or reacting to, changes in our business and the markets; and placing us at a possible competitive disadvantage to competitors.

Table of Contents

Certain assets on our balance sheet are subject to impairment or write-down.

We have a number of assets on our balance sheet with significant values that can be adversely impacted by factors related to our business and operating performance, as well as factors outside of our control, including that: the value of receivables may be impacted by difficulty collecting amounts owed by customers, suppliers or partners due to their financial conditions; the value of certain fixed assets can be materially impacted by changes in our business operations or strategy; the value of the deferred tax asset can be significantly impacted by changes in tax policy, changes in future tax rates, or by our tax planning strategy; and the value of our goodwill or our long-lived assets may be impaired if market conditions for our business change.

Unresolved Staff Comments

Not applicable.

Item 1C. Cybersecurity

Oversight and Governance

Our Board of Directors and the Audit Committee of our Board of Directors (the “Audit Committee”) are responsible for overseeing and assessing management’s execution of and approach to cybersecurity risk management. Our Chief Information Security Officer (“CISO”), who reports directly to our General Counsel, is primarily responsible for assessing cybersecurity risks and managing our cybersecurity program on a day-to-day basis, with support from other members of senior management.

Our CISO is an accomplished security professional with 20 years of experience in cybersecurity and risk management across numerous industries and holds degrees in computer science and information assurance, and additional executive education in building and leading cybersecurity programs. The CISO and his team (the “Security Team”), which includes trained cybersecurity professionals, are responsible for implementing and maintaining our cybersecurity strategy and program and its related processes. We also maintain a Security Advisory Committee (“SAC”), which is chaired by our General Counsel and composed of members of executive leadership and other functional leaders, including our Chief Financial Officer, CISO, Chief Digital Information Officer, and Vice President of Internal Audit. The SAC meets regularly to, among other things, review cybersecurity program developments and serves as a path of escalation and decision-making in certain situations, including incident response.

We, and our managed security partners, regularly monitor our environment for indicators of malicious or suspicious activity and security relevant events. The potential risk and impact of certain events is evaluated by a cross-functional team that includes members of our Security Team, legal department and other business functions as necessary and appropriate. Materiality determinations related to escalated events are made by the SAC without unreasonable delay.

As part of our Board of Directors’ oversight of risk management, they devote time and attention to cybersecurity related risks. The Audit Committee is responsible for overseeing cybersecurity, data privacy, and information technology-related programs, policies and other efforts to manage or mitigate cybersecurity risks. As part of its standing agenda, the Audit Committee receives quarterly updates on cybersecurity risks and initiatives from our CISO. These updates have included reviews of our cybersecurity risk management efforts, including the development of relevant processes and policies, the implementation of technologies and systems, or use of third-party partners to safeguard our information systems, the conduct of education and training initiatives with employees and business partners, and incident response preparedness, including simulations and tabletop exercises. The Audit Committee regularly updates the Board of Directors on such matters. Separately, and in addition to such quarterly reporting, our Board of Directors also receives an annual update from our CISO on information and cybersecurity risks and related initiatives. These Board updates have included briefings from our CISO, as well as external counsel and third-party security advisors, which have included continuing education sessions as our Board of Directors seeks to enhance its understanding of cybersecurity risk, leading practices and an evolving cyber threat landscape.

Risk Management and Strategy

The safeguarding of information systems, that store employee and customer data, and proprietary information, are of paramount importance to us, our business and our reputation. We strive to maintain a robust and proactive enterprise cybersecurity program designed to identify, assess and manage cybersecurity risks that may impact our business or assets.

Table of Contents

Cybersecurity Strategy

Our cybersecurity strategy focuses on (i) maintaining a cybersecurity framework and set of controls to assess and manage security risks and (ii) protecting against threats by deploying and monitoring security controls and mitigating exposures and potential threats. We maintain a security program designed to align with industry standards, principles, and frameworks, such as those set by the National Institute of Standards and Technology (NIST) and the International Organization for Standardization (ISO). Our program is also informed by various legal requirements, including contractual requirements from our customers. In addition, we maintain internal policies and procedures that govern the measures we take to secure our information technology environment. These include a wide variety of capabilities designed to prevent, detect, or address risks to systems and data.

Security Risk Management

Our Security Team regularly assesses cybersecurity risks, including their likelihood and potential impact, to develop mitigation strategies. The team utilizes enterprise governance, risk, and compliance solutions and tools licensed from third-party vendors to conduct various analytic assessments, including cloud and container security, detection and response, threat intelligence, and application security assessments. We also routinely evaluate and update our understanding of our cybersecurity threat landscape and evolve our related assessments and mitigation strategies accordingly.

We regularly review our cybersecurity program for compliance with evolving regulations and to protect against emerging cyber threats. Because we operate in a dynamic threat landscape, we conduct regular reviews of our program and procedures, and we periodically engage third parties to supplement and review our cybersecurity practices. We also maintain a cybersecurity risk insurance policy as part of our risk management efforts, and regularly engage and collaborate with peers, industry groups, and U.S. government partners relating to cybersecurity risk management and the evolving threat environment.

We seek to identify and address cybersecurity threats and risks that can arise from our use of third parties, including those that comprise our information systems, supply chain operations or who have access to certain data. We utilize supplier risk management practices, including enhanced due diligence assessments, that seek to identify cybersecurity risks associated with our use of third-party providers and the scope and nature of their work with us. These risks are assessed and prioritized based on, among other things, supplier assessments, threat intelligence, and industry practices. We consider these risks at the time of supplier onboarding and endeavor to assess changes in risk throughout the lifecycle of our relationship with suppliers.

Promoting an engaged and aware workforce is a key part of our cybersecurity defense program. We carry out regular security awareness training for our personnel to help them better identify and address potential cybersecurity issues. This includes regular exercises to simulate and detect phishing attempts, various awareness and communication initiatives, and required online security awareness training at the time of hire and generally on an annual basis thereafter.

Incident Response Readiness

We utilize a combination of internal and third-party resources to monitor for threats to our network, systems and data. To promote cybersecurity readiness and advance the preparedness of our teams, our cross-functional incident response teams maintain an incident response plan, in addition to more technical response playbooks, and meet regularly to assess these resources. Among other things, they perform “tabletop” simulation exercises, internally and with third-party experts, to outline their roles and responsibilities during a cybersecurity event and to refine risk identification and management practices.

We have in the past, and may in the future, utilize third-party cyber security assessors or consultants to review our program, to share their findings with our Board of Directors or leadership, and to help identify opportunities for continuous improvement.

While we continue to monitor, identify, investigate, respond to, and manage cybersecurity threats, risks and incidents, to date we have not experienced cybersecurity risks, including as a result of previous cybersecurity incidents, that have had a material effect. There can be no assurance that we will not experience such risks in the future.

Table of Contents

Recently Filed

Click on a ticker to see risk factors

Ticker *	File Date
NX	an hour ago
FSFG	an hour ago
EDSA	an hour ago
PRKA	an hour ago
ODRS	2 hours ago
AMAT	2 hours ago
JOUT	3 hours ago
CIEN	4 hours ago
PFX	11 hours ago
CMP	21 hours ago
FWDI	1 day, 1 hour ago
NGVC	1 day, 1 hour ago
MITK	1 day, 2 hours ago
HPQ	2 days ago
DLHC	2 days, 1 hour ago
ASYS	2 days, 2 hours ago
GNVR	2 days, 6 hours ago
REVG	2 days, 10 hours ago
GENC	3 days, 2 hours ago
TSBK	3 days, 4 hours ago
SGU	4 days ago
SRXH	1 week ago
JANL	1 week ago
COO	1 week ago
HRL	1 week ago
NOTV	1 week ago
AZTA	1 week, 1 day ago
XRPN	1 week, 1 day ago
RGCO	1 week, 1 day ago
HNNA	1 week, 2 days ago
PAPL	1 week, 2 days ago
VSTS	1 week, 3 days ago
SLP	1 week, 4 days ago
JCTC	1 week, 4 days ago
ABQQ	1 week, 4 days ago
ESE	1 week, 4 days ago
CNBX	1 week, 4 days ago
SNEX	2 weeks ago
TMRC	2 weeks ago
ALTX	2 weeks ago
DBMM	2 weeks ago
LEDS	2 weeks ago
LEXX	2 weeks, 1 day ago
JJSF	2 weeks, 2 days ago
UTI	2 weeks, 2 days ago
IMKTA	2 weeks, 2 days ago
MOG-A	2 weeks, 2 days ago
LEE	2 weeks, 2 days ago
CFFN	2 weeks, 2 days ago
CENT	2 weeks, 2 days ago

OTHER DATASETS

House Trading

Dashboard

Corporate Flights

Dashboard

App Ratings

Dashboard

Strategies

Alerts

Browse Data

Risk Factors Dashboard

View risk factors by ticker

Search filings by term

Risk Factors - CIEN

-New additions in green
-Changes in blue
-Hover to see similar sentence in last filing

Recently Filed

OTHER DATASETS

House Trading

Corporate Flights

App Ratings

TRADE SMARTER

TRADE SMARTER

Strategies

Alerts

Browse Data

Risk Factors Dashboard

View risk factors by ticker

Search filings by term

Risk Factors - CIEN

-New additions in green-Changes in blue-Hover to see similar sentence in last filing

Recently Filed

OTHER DATASETS

House Trading

Corporate Flights

App Ratings

TRADE SMARTER

TRADE SMARTER

-New additions in green
-Changes in blue
-Hover to see similar sentence in last filing