Risk Factors - KD

-New additions in green
-Changes in blue
-Hover to see similar sentence in last filing

$KD Risk Factor changes from 00/05/26/23/2023 to 00/05/30/24/2024

Item 1A. Risk Factors.Our operations and financial results are subject to various risks and uncertainties, including but not limited to those described below, that could adversely affect our business, reputation, financial condition, results of operations, cash flows and the trading price of our common stock.​Risks Relating to Our Business ​An inability to attract new customers, retain existing customers and sell additional services to customers could adversely impact our revenue and results of operations. Risk Factors:Risks Relating to Our Business An inability to attract new customers, retain existing customers and sell additional services to customers could adversely impact our revenue and results of operations. ​Our ability to maintain or increase our revenues and profit may be impacted by a number of factors, including our ability to attract new customers, retain existing customers and sell additional, comparable or, in the case of accounts with substandard margins, services with greater gross margins to our customers. We may incur higher customer acquisition or retention costs as we seek to grow our customer base and expand our markets. We may incur higher customer 15 Table of Contentsacquisition or retention costs as we seek to grow our customer base and expand our markets. Moreover, to the extent we are unable to retain and sell additional services to existing customers, including as part of our initiative to address existing accounts that have substandard margins, our revenue and results of operations may decrease. Our customer contracts typically have an average duration of over five years and, unless terminated, may be renewed or automatically extended on a month-to-month basis. Our customers have no obligation to renew their services after their initial contract periods expire, and any termination fees associated with an early termination may not be sufficient to recover our costs associated with such contracts. The loss of business from any of our major customers, whether by the cancellation of existing contracts, the failure to obtain new business or lower overall demand for our services, could adversely impact our revenue and results of operations. ​We may not meet our growth and productivity objectives.We may not meet our growth and productivity objectives. ​Our goals for profitability and growth rely upon a number of assumptions, including our ability to make successful investments to grow and further develop our business and simplify our operations. The risks and challenges we face in connection with our strategies include expanding our professional services capability, expanding in areas where we currently have a small presence and ensuring that our services remain competitive in a rapidly changing technological environment. The risks and challenges we face in connection with our strategies include expanding our professional services capability, expanding in geographies where we currently have a small presence and ensuring that our services remain competitive in a rapidly changing technological environment. We may invest significantly in key strategic areas to drive long-term revenue growth and share gains. These investments may adversely affect our near-term revenue growth and results of operations, and we cannot guarantee that they will ultimately be successful or produce any or all of the long-term benefits that we expect. These investments may adversely affect our near-term revenue growth and results of operations, and we cannot guarantee that they will ultimately be successful. Additionally, emerging business and delivery models may unfavorably impact demand and profitability for our solutions or services. If we are unable to find partners to develop cutting-edge innovations in a highly competitive and rapidly 15 Table of Contentsevolving environment or are unable to implement and integrate such innovations with sufficient speed and versatility, we could fail in our ongoing efforts to maintain and increase our revenue and profit margins. If we are unable to find partners to develop cutting-edge innovations in a highly competitive and rapidly evolving environment or are unable to implement and integrate such innovations with sufficient speed and versatility, we could fail in our ongoing efforts to maintain and increase our revenue and profit margins. Competition in the markets in which we operate may adversely impact our results of operations.​Our competitors include incumbents that have expanded their offerings to migration and management of cloud-based environments; companies that use labor-based models and leverage talent pools primarily in lower-cost countries that have grown to offer a broad range of services with a worldwide presence; and advisory-focused system integrators specializing in bringing together disparate technology environments. Our competitiveness is based on factors including quality of services, technical skills and capabilities, industry knowledge and experience, financial value, ability to innovate, intellectual property and methods, contracting flexibility, and speed of execution. If we are unable to compete based on such factors, our results of operations and business prospects could be harmed. ​This competition may decrease our revenue and place downward pressure on operating margins in our industry, particularly for contract extensions or renewals. As a result, we may not be able to maintain our current revenue and operating margins, or achieve favorable operating margins, for contracts extended or renewed in the future. If we fail to create and sustain an efficient and effective cost structure that scales with revenues during periods with declining revenues, our margins and results of operations may be adversely affected.​Companies with whom we have alliances in certain areas are or may become competitors in other areas. In addition, companies with whom we have alliances also may acquire or form alliances with competitors, which could reduce their business with us. If we are unable to effectively manage these complicated relationships with alliance peers, our business and results of operations could be adversely affected. ​Our business could be adversely impacted if we do not successfully manage and/or develop our relationships with critical suppliers and partners. Our business could be adversely impacted by our relationships with critical suppliers and partners. ​Our business employs a wide variety of products and services from a number of suppliers and partners around the world. Our relationships with them are critical to our ability to provide many of our services and solutions, and our relationships with alliance partners allow us to enter new markets and take advantage of existing ecosystems built and sustained by our alliance partners. There can be no assurance that we will be able to maintain such relationships or that the financial terms of our relationships will remain affordable. There can be no assurance that we will be able to maintain such relationships. Among other things, such partners may in the future decide to compete with us, form exclusive or more favorable arrangements with our competitors or otherwise reduce our access to their products or services. Among other things, such partners may in the future decide to compete with us, form exclusive or more favorable arrangements with our competitors or otherwise reduce our access to their products, impairing our ability to provide the services and solutions 16 Table of Contentsdemanded by customers. If we are not able to maintain, or realize the expected benefits from, our relationships for any reason, we may be less competitive, and our ability to offer attractive services and solutions to address the needs and demands of our customers and our results of operations could be adversely affected. If we are unable to implement this ERP as planned, the effectiveness of our internal control over financial reporting could be adversely affected, our ability to assess those controls adequately could be delayed, and our business, results of operations, financial condition and cash flows could be negatively impacted. Further, changes in the business condition (financial or otherwise) of our suppliers or partners could subject us to losses and affect our ability to bring our offerings to market. Further, changes in the business condition (financial or otherwise) of these suppliers or partners could subject us to losses and affect our ability to bring our offerings to market. Additionally, the failure of our suppliers and partners to deliver products and services in sufficient quantities, in a timely manner, and in compliance with all applicable laws and regulations could adversely affect our business. Any defective products or inadequate services received from suppliers or partners could reduce the reliability of our services and harm our reputation. ​If we are not able to continue addressing and adapting to technological developments and trends that serve customer demands, our growth plans, market share and financial performance could be negatively affected.​Our growth strategy depends in part on our ability to continue to develop and implement services and solutions that anticipate and respond to rapid and continuing changes in technology, offerings and industry standards to serve the evolving demands of our customers. If we fail to respond successfully to technology challenges and customer demands in a timely or cost-effective manner or fail to effectively leverage new technologies into our services and solutions, or if our competitors or other third parties respond to such challenges more quickly or successfully than we do, the demand for our services and solutions may diminish. We have made and expect to continue to make investments in new technologies, including in AI and generative AI. We sometimes dedicate a significant amount of resources to our development efforts before knowing to what extent our investments will result in services and solutions the market will accept. In addition, investments in technology systems may not deliver the benefits or perform as expected, or may be 16 Table of Contentsreplaced or become obsolete more quickly than expected, which could result in operational difficulties or additional costs. If we do not sufficiently invest in new technologies and adapt to industry developments, if we are unable to commercialize them in our services and solutions, evolve, expand and scale them with sufficient speed and versatility, or if we do not make the right strategic investments to respond to these developments and successfully drive innovation, our results of operations and our ability to develop and maintain a competitive advantage and to execute on our growth strategy could be negatively affected. ​If we are unable to attract and retain key personnel and other skilled employees, our business could be harmed.​If any of our key employees were to leave, we could face substantial difficulty in hiring qualified successors and could experience a loss in productivity while any successor obtains the necessary training and experience. Although we have arrangements with some of our executive officers designed to promote retention, our employment relationships are generally at-will, and key employees may leave us. We intend to continue to hire additional highly qualified personnel but may not be able to attract, assimilate or retain similarly qualified personnel in the future. ​In addition, much of our future success depends on the continued service, availability and integrity of skilled employees, including technical, sales and staff resources. Skilled and experienced personnel in the areas where we compete often are in high demand, and competition for their talents is often intense. Our inability to retain skilled employees could intensify the adverse impact of a shortage of critical skills. Changing demographics and labor workforce trends also may result in a shortage of or insufficient knowledge and skills. Further, as global opportunities and industry demand shift, realignment, training and scaling of skilled resources may not be sufficiently rapid or successful. Any failure to attract, integrate, motivate and retain these employees could harm our business. Alternatively, from time to time, we may have more people than we need in certain skill sets, geographies or compensation levels. In such cases, we have, and may in the future, rebalance our workforce, including reducing the rate of new hires and increasing involuntary terminations, which actions could negatively impact employee engagement and retention.​Due to our global presence, our business and operations could be adversely impacted by economic, political, public health and other conditions.Due to our global presence, our business and operations could be adversely impacted by local legal, economic, political, health and other conditions. ​We are a globally integrated company and have operations worldwide. Our results of operations could be affected by economic and political changes in those countries and by macroeconomic changes, including recessions, inflation, currency fluctuations between the U. Our results of operations also could be affected by economic and political changes in those countries and by macroeconomic changes, including recessions, inflation, currency fluctuations between the U. S. dollar and non-U.S. currencies and adverse changes in trade relationships among those countries. Further, international trade disputes could create uncertainty. Tariffs and international trade sanctions resulting from these disputes could affect our ability to move goods and services across borders, or could impose added costs to those activities. Measures taken to date by us to mitigate these impacts could be made less effective should trade sanctions or tariffs change. In addition, any widespread outbreak of an illness, pandemic or other local or global health issue, natural disasters including those that could be related to climate change impacts, or uncertain political climates, international hostilities, geopolitical conflict or any terrorist activities, could adversely affect customer demand, our operations and supply chain, and our ability to source and deliver solutions to our customers. In addition, any widespread outbreak of an illness, pandemic or other local or global health issue, natural disasters including those that could be related to climate change impacts, or uncertain political climates, international hostilities, or any terrorist activities, could adversely affect customer demand, our operations and supply chain, and our ability to source and deliver solutions to our customers. For example, the COVID-19 pandemic created significant volatility, uncertainty and economic disruption. In the current macroeconomic environment, customers continue to balance short-term challenges and opportunities for transformation. While some customers have accelerated their digital transformation and increased their expenditures, the short-term priorities of other customers continue to be focused on operational stability, flexibility and cash preservation, and as such, we may experience some disruptions in transactional performance. While some customers have begun to accelerate their digital transformation and increase their expenditures, the short-term priorities of other customers continue to be focused on operational stability, flexibility and cash preservation, and as such, we may experience some disruptions in transactional performance. ​Damage to our reputation could adversely impact our business. Damage to our reputation could adversely impact our business. ​Our reputation may be susceptible to damage by events such as significant disputes with customers, internal control deficiencies, delivery failures, cybersecurity incidents, government investigations or legal proceedings or actions of current or former customers, directors, employees, competitors, vendors, alliance partners or joint venture partners. If we fail to gain a positive reputation as leader in our field, or if our brand image is tarnished by negative perceptions, our ability to attract and retain customers and talent could be impacted. ​17 Table of ContentsIf we are unable to accurately estimate the cost of services and the timeline for completion of contracts, the profitability of our contracts may be materially and adversely affected. If we are unable to accurately estimate the cost of services and the timeline for completion of contracts, the profitability of our contracts may be materially and adversely affected. ​Our commercial contracts are typically awarded on a competitive or “sole-source” basis. Our bids are priced upon, among other items, the expected cost to provide the services. We are dependent on our internal forecasts and predictions about our projects and the marketplace, and, to generate an acceptable return on our investment in these contracts, we must be able to accurately estimate our costs to provide the services required by the contract and to complete the contracts in a timely manner. We face a number of risks when pricing our contracts, as many of our projects entail the coordination of operations and workforces in multiple locations and utilizing workforces with different skill sets and competencies across geographically diverse service locations. In addition, revenues from a small portion of our contracts are recognized using the percentage-of-completion method, which requires estimates of total costs at completion, fees earned on the contract, or both. In addition, revenues from some of our contracts are recognized using the percentage-of-completion method, which requires estimates of total costs at completion, fees earned on the contract, or both. This estimation process, particularly due to the technical nature of the services being performed and the long-term nature of certain contracts, is complex and involves significant judgment. Adjustments to original estimates are often required as work progresses, experience is gained and additional information becomes known, even though the scope of the work required under the contract may not change. Moreover, as inflation can increase both our labor and non-labor input costs, the profitability of our contracts could be negatively impacted if we are unable to adjust our pricing or costs to take inflation into account. Moreover, as inflation can increase both our labor and non-labor input costs, the profitability of our contracts could be negatively impacted if we are unable to adjust our pricing or costs to take inflation into account. Furthermore, if we fail to accurately estimate the effort, costs or time required to complete a contract, the profitability of our contracts may be materially and adversely affected. Furthermore, if we fail to accurately estimate our costs or the time required to complete a contract, the profitability of our contracts may be materially and adversely affected. ​Service delivery issues could adversely impact our business and operating results.​We have customer agreements in place that include certain service-level commitments. If we are unable to meet such commitments, we may be contractually obligated to pay penalties or provide these customers with service credits for a portion of the service fees paid by our customers. However, we cannot be assured that our customers will accept these penalties or credits in lieu of other legal remedies that may be available to them. Our failure to meet our commitments could also result in customer dissatisfaction or loss and have an adverse effect on our business, reputation, financial condition and results of operations. Our failure to meet our commitments could also result in customer dissatisfaction or loss and have an adverse effect on our business, financial condition and results of operations. ​In addition, as we work on projects to advance the digital transformations of our customers’ businesses, the scale and complexity of these IT transformation projects present risks in management and execution. Our profitability depends on the ability of subcontractors, vendors and service providers to deliver their products and services in a timely manner, at the anticipated cost, and in accordance with the project requirements, as well as on our effective oversight of their performance. Certain customer work requires the use of unique and complex structures and alliances, some of which require us to assume responsibility for the performance of third parties whom we do not control. Any of these factors could adversely affect our ability to perform and subject us to additional liabilities, which could have an adverse effect on our relationships with customers and on our results of operations. ​Risks from acquisitions and dispositions include integration challenges, failure to achieve objectives, the assumption of liabilities and higher debt levels. Risks from acquisitions, alliances and dispositions include integration challenges, failure to achieve objectives, the assumption of liabilities and higher debt levels. ​We may decide to make acquisitions and dispositions in furtherance of our strategy. Such transactions can present significant challenges and risks, and there can be no assurances that we will identify or manage such transactions successfully or that strategic opportunities will be available to us on acceptable terms or at all. The related risks include our failure to achieve strategic objectives, our failure to achieve anticipated revenue improvements and cost savings, our failure to retain key strategic relationships of acquired companies, our failure to retain key personnel and our assumption of liabilities related to litigation or other legal proceedings involving the businesses in such transactions, as well as our failure to close planned transactions. The related risks include our failure to achieve strategic objectives, our failure to achieve anticipated revenue improvements and cost savings, our failure to retain key strategic relationships of acquired companies, our 18 Table of Contentsfailure to retain key personnel and our assumption of liabilities related to litigation or other legal proceedings involving the businesses in such transactions, as well as our failure to close planned transactions. Such transactions may require us to secure financing, and our indebtedness may limit the availability of financing to us or the favorability of the terms of available financing. If we do acquire other companies, we may not realize all the economic benefit from those acquisitions, which could cause an impairment of goodwill or intangible assets. ​18 Table of ContentsWe could be adversely impacted by our business with government customers. ​Our customers include numerous governmental entities within and outside the United States, including foreign governments and U.S. state and local entities. Some of our agreements with these customers are subject to periodic funding approval or other government budgetary issues. Some of our agreements with these customers may be subject to periodic funding approval. Funding reductions or delays could adversely impact public sector demand for our services and can result in payment delays, payment reductions or contract terminations, any of which would have an adverse effect on our business, financial condition, results of operations and/or cash flows.As an independent publicly-traded company, we are smaller and less diversified with a narrower business focus than IBM and may be more vulnerable to changing market conditions, which could materially and adversely affect our business, financial condition and results of operations. Also, government contracts are generally subject to extensive and evolving procurement regulations and tend to have additional requirements beyond commercial contracts and, for example, may contain provisions providing for higher liability limits for certain losses and non-performance. Also, compliance violations in one state or locality could result in suspension or debarment as a governmental contractor, could incur civil and criminal fines and penalties, or could impact our ability to compete for new contracts, which could negatively impact our competitive position, results of operations, financial results and reputation. Also, compliance violations in one state or locality could result in suspension or debarment as a governmental contractor and could incur civil and criminal fines and penalties, which could negatively impact our results of operations, financial results and reputation. ​Intellectual property matters could adversely impact our business. ​Our intellectual property rights may not prevent competitors from independently developing services similar to or duplicative of ours, nor can there be any assurance that the resources invested by us to protect our intellectual property will be sufficient or that our intellectual property portfolio will adequately deter misappropriation or improper use of our technology. Our ability to protect our intellectual property could also be impacted by changes to existing laws, legal principles and regulations governing intellectual property. Further, we rely on third-party intellectual property rights, open-source software and other third-party software in providing some of our services and solutions, and there can be no assurances that we will be able to obtain from third parties the licenses we need in the future or retain all of these intellectual property rights upon renewal, expiration or termination of such licenses. Further, we rely on third-party intellectual property rights, open-source software, and other third-party software in providing some of our services and solutions, and there can be no assurances that we will be able to obtain from third parties the licenses we need in the future. If we cannot obtain, renew or extend licenses to third-party intellectual property on commercially reasonable terms, or if we must obtain alternative or substitute technology or redesign services, our business may be adversely affected. If we cannot obtain licenses to third party intellectual property on commercially reasonable terms, or if we must obtain alternative or substitute technology or redesign services, our business may be adversely affected. Additionally, we cannot be sure that our services and solutions, or the solutions of others that we offer to our customers, do not infringe on the intellectual property rights of third parties (including competitors as well as non-practicing holders of intellectual property assets), and these third parties could claim that we, our customers or parties indemnified by us are infringing upon their intellectual property rights. As we expand our use of AI, there may be uncertainty regarding intellectual property ownership and license rights of AI algorithms and content generated by AI, and we may become subject to similar claims of infringement. In addition, we may be the target of aggressive and opportunistic enforcement of patents by third parties, including patent assertion entities and non-practicing entities. These claims, even if we believe they have no merit, could subject us to a temporary or permanent injunction or damages, harm our reputation, divert management attention and resources and cause us to incur substantial costs or prevent us from offering some services or solutions in the future. Even if we have an agreement providing for third parties to indemnify us for the foregoing claims, the indemnifying parties may be unwilling or unable to fulfill their contractual obligations.​We may be required to record impairment charges to future earnings if our goodwill or long-lived assets become impaired. ​We are required under accounting principles generally accepted in the United States of America (“GAAP”) to review our goodwill for impairment at least annually, and to review goodwill and long-lived assets when events or changes in circumstances indicate the carrying value may not be recoverable. Some factors that may be considered events or changes in circumstances that would require our long-lived assets and/or goodwill to be reviewed for impairment include a sustained decline in stock price, a substantial decline in business performance or other entity-specific events such as changes in business management and strategy. We may be required to record non-cash impairment charges during any period in which we determine that our goodwill or long-lived assets are impaired, which could adversely affect our results of operations. As of March 31, 2024, our goodwill balance was $805 million, which represented 8% of total consolidated assets. See Note 10 – Intangible Assets Including Goodwill to our financial statements included elsewhere in this report for additional information about our goodwill impairment.​19 Table of ContentsRisks Relating to Cybersecurity, Data Governance and Privacy ​Cybersecurity, data governance and privacy considerations could adversely impact our business.19 Table of ContentsRisks Relating to Cybersecurity and Data Privacy Cybersecurity and privacy considerations could adversely impact our business. ​We maintain information, including confidential and proprietary information, in digital form regarding our business and the business of our customers, business partners, vendors, employees, contractors and other third parties. We also rely on third-party vendors to provide certain digital services in connection with our business. There are numerous and evolving risks relating to cybersecurity, data governance and privacy, including risks originating from intentional acts of criminal hackers, nation states and hacktivists; from intentional and unintentional acts of customers, business partners, vendors, employees, contractors, competitors and other third parties; and from errors and omissions in processes or technologies, as well as the risks associated with an increase in the number of customers, business partners, vendors, employees, contractors and other third parties working remotely. There are numerous and evolving risks relating to cybersecurity and data privacy, including risks originating from intentional acts of criminal hackers, nation states and hacktivists; from intentional and unintentional acts of customers, business partners, vendors, employees, contractors, competitors and other third parties; and from errors and omissions in processes or technologies, as well as the risks associated with an increase in the number of customers, business partners, vendors, employees, contractors and other third parties working remotely. Computer hackers and others routinely attack the security of technology products, services, systems and networks using a wide variety of methods, including ransomware or other malicious software and attempts to exploit vulnerabilities in hardware, software and infrastructure. Attacks also include social engineering to fraudulently induce customers, business partners, vendors, employees, contractors and other third parties to disclose information, transfer funds or unwittingly provide access to systems or data. We are at risk of security breaches not only of our own services, systems and networks, but also those of customers, business partners, vendors, employees, contractors and other third parties. ​Cyber threats are continually evolving, making it more challenging to defend against certain threats and vulnerabilities that can persist undetected over extended periods of time. Cyber threats are continually evolving, making it challenging to defend against certain threats and vulnerabilities that can persist undetected over extended periods of time. Our services, systems and networks, including cloud-based systems and other third-party systems and technologies that we maintain on behalf of our customers, may be used in critical Company, customer or third-party operations, and involve the storage, processing and transmission of sensitive data, including proprietary or confidential data, regulated data, personal information and intellectual property of employees, customers and others. These services, systems and networks are also used by customers in heavily regulated industries, including those in the financial services, healthcare, critical infrastructure and government sectors. Cybersecurity attacks or other security incidents relating to our systems or those of our vendors could result in, for example, one or more of the following: unauthorized access to, disclosure, modification, misuse, loss or destruction of Company, customer or other third-party data or systems; theft or import or export of sensitive, regulated or confidential data including personal information and intellectual property; the loss of access to critical data or systems through ransomware, destructive attacks or other means; and business delays, service or system disruptions or denials of service. Cybersecurity attacks or other security incidents relating to our systems or those of our third-party vendors could result in, for example, one or more of the following: unauthorized access to, disclosure, modification, misuse, loss or destruction of Company, customer or other third-party data or systems; theft or import or export of sensitive, regulated or confidential data including personal information and intellectual property; the loss of access to critical data or systems through ransomware, destructive attacks or other means; and business delays, service or system disruptions or denials of service. In the event of such actions, we, our customers and other third parties could be exposed to liability (whether contractual or otherwise), litigation, and regulatory or other government inquiries, enforcement actions, fines or penalties, as well as the loss of existing or potential customers, negative publicity, damage to brand and reputation, damage to our competitive position and other financial loss. In the event of such actions, we, our customers and other third parties could be exposed to liability, litigation, and regulatory or other government action, as well as the loss of existing or potential customers, damage to brand and reputation, damage to our competitive position, and other financial loss. ​The cost and operational consequences of responding to cybersecurity incidents and implementing remediation measures could be significant. In our industry, security vulnerabilities are increasingly discovered, publicized and exploited across a broad range of hardware, software or other infrastructure, elevating the risk of attacks and the potential cost of response and remediation for us and our customers. In addition, the fast-paced, evolving, pervasive and sophisticated nature of certain cyber threats and vulnerabilities, including increased risks posed by generative AI, and the scale and complexity of our business and infrastructure, make it possible that certain threats or vulnerabilities will be undetected or unmitigated in time to prevent or minimize the impact of an attack on us or our customers. In addition, the fast-paced, evolving, pervasive, and sophisticated nature of certain cyber threats and vulnerabilities, as well as the scale and complexity of our business and infrastructure, make it possible that certain threats or vulnerabilities will be undetected or unmitigated in time to prevent or minimize the impact of an attack on us or our customers. Cybersecurity risk to us and our customers also depends on factors such as the actions, practices and investments of customers, business partners, vendors, employees, contractors and other third parties. Cybersecurity attacks or other catastrophic events resulting in disruptions to or failures in power, information technology, communication systems or other critical infrastructure could result in interruptions or delays to Company, customer or other third-party operations or services, financial loss, injury or death to persons or property, potential liability, and damage to brand and reputation. Although, to date, we have not experienced a cybersecurity incident that has had a material adverse effect on us and we continuously take steps to mitigate cybersecurity risk across a range of functions, such measures cannot eliminate the risk entirely or provide absolute security. Although, to date, we have not experienced a cybersecurity incident that has had a material adverse effect on us and we continuously take significant steps to mitigate cybersecurity risk across a range of functions, such measures cannot eliminate the risk entirely or provide absolute security. While we continue to monitor for, identify, investigate, respond to, remediate and develop plans to quickly recover from cybersecurity incidents, notwithstanding our efforts, we may experience a cybersecurity incident in the future that may have a material adverse impact on the Company. While we continue to monitor for, identify, investigate, respond to, remediate and develop plans to quickly recover from cybersecurity incidents, notwithstanding our efforts, we may be subject to a cybersecurity incident in the future that has a material adverse impact. ​20 Table of ContentsAs we are a global enterprise, the regulatory environment with regard to cybersecurity, data governance and privacy issues to which we are subject is increasingly complex and will continue to impact our business, including through increased risk, increased compliance costs, and expanded or otherwise altered compliance obligations. 20 Table of ContentsAs we are a global enterprise, the regulatory environment with regard to cybersecurity and data privacy issues to which we are subject is increasingly complex and will continue to impact our business, including through increased risk, increased compliance costs, and expanded or otherwise altered compliance obligations. As our reliance on data grows, the potential impact of regulations on our business, risks and reputation will grow accordingly. The enactment and expansion of cybersecurity, data governance and privacy laws and regulations around the globe, including an increased focus on international data transfer mechanisms and supply chain management; the lack of harmonization of such laws and regulations; the increase in associated litigation and enforcement activity; the potential for damages, fines and penalties; and the potential regulation of emerging and new technologies, such as AI and generative AI, will continue to result in increased compliance costs and increased risks. The enactment and expansion of cybersecurity and data privacy laws and regulations around the globe, including an increased focus on international data transfer mechanisms; the lack of harmonization of such laws and regulations; the increase in associated litigation and enforcement activity; the potential for damages, fines and penalties; and the potential regulation of new and emerging technologies, such as artificial intelligence, will continue to result in increased compliance costs and increased risks. Any additional costs and penalties associated with increased compliance, enforcement and risk reduction could make certain offerings less profitable or increase the difficulty of bringing certain offerings to market. ​Risks Relating to Laws and Regulations ​Our global operations expose us to numerous and sometimes conflicting legal and regulatory requirements, and violation of these regulations could harm our business.​We are subject to numerous, evolving, and sometimes conflicting, legal regimes on matters as diverse as anticorruption, import/export controls, content requirements, cybersecurity, data governance and privacy, trade restrictions, tariffs, taxation, sanctions, immigration, internal and disclosure control obligations, securities regulation, anti-competition, anti-money-laundering, wage-and-hour standards, employment and labor relations, environmental, human rights, machine learning and AI.We are subject to numerous, evolving, and sometimes conflicting, legal regimes on matters as diverse as anticorruption, import/export controls, content requirements, cybersecurity and data privacy, trade restrictions, tariffs, taxation, sanctions, immigration, internal and disclosure control obligations, securities regulation, ESG initiatives, anti-competition, anti-money-laundering, wage-and-hour standards, employment and labor relations and human rights. Further, we and the services we provide to customers may be impacted directly or indirectly by the development and enforcement of laws and regulations in the U.S. and globally that are specifically targeted at the technology and services sectors. As we expand our customer base and the scope of our offerings, both within the U. As we expand our customer base and the scope of our offerings, both within the United States and globally, we may be further impacted by additional regulatory or other risks, including compliance with U. S. and globally, we may be further impacted by additional regulatory or other risks, including compliance with laws relating to corporate taxation, import, export and trade restrictions on technology and services. The global nature of our operations, including jurisdictions where legal systems may be less developed or understood by us, business practices and standards which deviate from international standards, and the diverse nature of our operations across a number of regulated industries, further increases the difficulty of compliance. Additionally, certain laws and regulations including the U.S. Foreign Corrupt Practices Act and the U.K. Bribery Act 2010 could make us responsible for acts of our employees, subcontractors, vendors, agents, alliance or joint venture partners, the companies we may acquire and their employees, subcontractors, vendors and agents, and other third parties with which we associate if they take actions that violate applicable anti-corruption laws or regulations (whether or not we participated or knew about the actions leading to the violations). ​Compliance with diverse legal requirements is costly and time-consuming and requires significant resources. New and changing laws can also adversely affect the Company’s business by limiting the Company’s ability to offer a service or feature to customers, imposing changes to the design of the Company’s products and services, impacting customer demand for the Company’s products and services, and requiring changes to the Company’s supply chain and business. New and changing laws and regulations can also create uncertainty about how such laws and regulations will be interpreted and applied. Violations of one or more of these regulations in the conduct of our business could result in significant fines and penalties, disgorgement of profits, enforcement actions or criminal sanctions against us and/or our employees, contractors or agents, prohibitions on doing business, unfavorable publicity and damage to our reputation. Violations of one or more of these regulations in the conduct of our business could result in significant fines, and penalties, disgorgement of profits, enforcement actions or criminal sanctions against us and/or our employees, prohibitions on doing business, unfavorable publicity and damage to our reputation. Violations of these regulations in connection with the performance of our obligations to our customers also could result in liability for significant monetary damages and restrictions on our ability to effectively carry out our contractual obligations and thereby expose us to potential claims from our customers. Due to the varying degrees of development of the legal systems of the countries in which we operate, local laws may not be well developed or provide sufficiently clear guidance and may be insufficient to protect our rights.​Changes in laws and regulations could also mandate significant and costly changes to the way we implement our services or could impose additional taxes on our services. For example, changes in laws and regulations to limit using off-shore resources in connection with our work or to penalize companies that use off-shore resources, which have been proposed from time to time in various jurisdictions, could adversely affect our results of operations. Such changes may result in contracts being terminated or work being transferred on-shore, resulting in greater costs to us. 21 Table of ContentsAdditionally, changes in laws and regulations, including expanding export controls and sanctions resulting from geopolitical developments, could impact our business, including imposing limits on where we can conduct operations, parties with whom we can conduct business, and the nature of work that can be performed. Additionally, changes in laws and regulations, including expanding export controls and sanctions resulting from geopolitical developments, could impact our business, including imposing limits on where we can conduct operations, parties with whom we can conduct business, and the nature of work that can be performed. Such changes may result in limitations on existing or future business operations in certain markets, and violations of such laws and regulations could result in significant fines, penalties and enforcement actions.​Tax matters could impact our results of operations and financial condition. ​We are subject to income taxes and withholding taxes in both the United States and numerous foreign jurisdictions. We are subject to income taxes in both the United States and numerous foreign jurisdictions. We calculate and provide for taxes in each tax jurisdiction in which we operate. Tax accounting often involves complex matters and requires our judgment to determine our worldwide provision for income taxes and other tax liabilities. Our provision for income taxes and cash tax liability in the future could be adversely affected by numerous factors including, but not limited to, income before taxes being lower than anticipated in countries with lower statutory tax rates and higher than anticipated in countries with higher statutory tax rates, changes in the valuation of deferred tax assets and liabilities, and changes in tax laws, regulations, accounting principles or interpretations thereof, which could adversely impact our results of operations and financial condition in future periods. Our provision for income taxes and cash tax liability in the future could be adversely affected by numerous factors including, but not 21 Table of Contentslimited to, income before taxes being lower than anticipated in countries with lower statutory tax rates and higher than anticipated in countries with higher statutory tax rates, changes in the valuation of deferred tax assets and liabilities, and changes in tax laws, regulations, accounting principles or interpretations thereof, which could adversely impact our results of operations and financial condition in future periods. The Organization for Economic Cooperation and Development (the “OECD”) continues to issue guidelines that are different, in some respects, than long-standing international tax principles. As countries unilaterally amend their tax laws to adopt certain parts of the OECD guidelines, this may increase tax uncertainty and may adversely impact our income taxes. Local country, state, provincial or municipal taxation may also be subject to review and potential override by regional, federal, national or similar forms of government, which may also adversely impact our income taxes. In addition, we are subject to periodic examinations of our domestic and foreign tax returns by taxing authorities in the jurisdictions in which we do business. While we regularly assess the likelihood of adverse outcomes resulting from these examinations in order to determine the adequacy of our provision for income taxes, there can be no assurance that the outcomes from these examinations will not have an adverse effect on the Company’s provision for income taxes and cash flows.​We are subject to legal proceedings and investigatory risks.​As a multinational company with customers and employees around the world, we are or may become involved as a party and/or may be subject to a variety of claims, demands, suits, investigations, tax matters and other proceedings that arise from time to time in the ordinary course of our business.As a company with approximately 90,000 employees and with customers in over 100 countries, we are or may become involved as a party and/or may be subject to a variety of claims, demands, suits, investigations, tax matters and other proceedings that arise from time to time in the ordinary course of our business. In addition, our former Parent may obtain, or may seek to obtain, indemnity from us for judgments against it relating to events that occurred prior to the Separation pursuant to agreements put in place in connection with the Separation. In addition, IBM may obtain indemnity from us for judgments against it relating to events that occurred prior to the Separation pursuant to agreements put in place in connection with the Separation. The risks associated with such legal proceedings are described in more detail in Note 13 – Commitments and Contingencies in the financial statements elsewhere in this report. We believe that we have adopted appropriate risk management and compliance programs. Legal and compliance risks, however, will continue to exist, and additional legal proceedings and other contingencies, the outcome of which cannot be predicted with certainty, may arise from time to time.​We could incur costs for regulated environmental matters. We could incur costs for regulated environmental matters. ​We are subject to various federal, state, local and foreign laws and regulations concerning the discharge of materials into the environment or otherwise related to environmental protection. We could incur costs, including cleanup costs, fines and civil or criminal sanctions, as well as third-party claims for property damage or personal injury, if we were to violate or become liable under environmental laws and regulations. In addition, if we were to violate or become liable under these laws and regulations our reputation could be harmed, which could have a negative impact on demand for our products and services. ​Expectations relating to environmental, social and governance considerations could expose us to potential liabilities, increased costs and reputational harm. ​There has been an increasing focus by governments, regulators, investors, employees, customers and other stakeholders on environmental, social and governance considerations relating to businesses. This includes climate change and carbon emissions, human rights, diversity, equity and inclusion, responsible supply chain management, ethics, cybersecurity and privacy concerns. ESG includes not only environmental issues but also human rights, diversity, responsible supply chain management, ethics, cybersecurity and privacy concerns. We have established and publicly announced certain goals, commitments and 22 Table of Contentsinitiatives that reflect our current plans and aspirations on corporate citizenship matters, which are based on available data and estimates and are not guarantees that we will be able to achieve them. The implementation of these goals, commitments and initiatives is subject to numerous risks, many of which are beyond our control. Examples of such risks include but are not limited to: the availability and cost of resources and related technologies; the availability of suppliers and partners that can meet our standards; reliance on third-party performance and data; and our ability to manage geopolitical disruptions and natural disasters that could impact our employees, customers and businesses. Our failure, or perceived failure, to achieve our corporate citizenship and other related goals and commitments, maintain our practices, adhere to our public statements, comply with existing and new laws and regulations or meet evolving and varied stakeholder expectations and standards could adversely affect our reputation, our financial condition and our ability to attract and retain customers and talent, and expose us to increased scrutiny from the investment community, enforcement authorities and others. ​Risks Relating to Financing and Capital Markets Activities ​A lowering or withdrawal of the ratings, outlook or watch assigned to our debt securities by rating agencies may increase our future borrowing costs, reduce our access to capital and adversely impact our financial performance.Risks Relating to Financing and Capital Markets Activities A lowering or withdrawal of the ratings, outlook or watch assigned to our debt securities by rating agencies may increase our future borrowing costs, reduce our access to capital and adversely impact our financial performance. ​Any rating, outlook or watch assigned could be lowered or withdrawn entirely by a rating agency if, in that rating agency’s judgment, current or future circumstances relating to the basis of the rating, outlook or watch, such as adverse changes to our business, so warrant. Any future lowering of our ratings, outlook or watch likely would make it more difficult or more expensive for us to refinance or obtain additional debt financing. Any future lowering of our ratings, outlook or watch likely would make it more difficult or more expensive for us to obtain additional debt financing. Moreover, a reduction in our rating to below certain levels could potentially cause certain customers to reduce or cease to do business with us, which would adversely impact our financial performance. Moreover, a reduction in our rating to below certain levels could cause certain customers to reduce or cease to do business with us, which would adversely impact our financial performance. ​The commercial and credit environment may adversely affect our access to capital. ​Our ability to issue debt or enter into other financing arrangements on acceptable terms could be adversely affected if there is a material decline in the demand for our services or in the solvency of our customers or suppliers or if there are other significantly unfavorable changes in economic conditions. Volatility in the world financial markets could increase borrowing costs or affect our ability to access the capital markets. These conditions may adversely affect our credit ratings. ​Our financial performance could be adversely impacted by changes in market liquidity conditions and by customer credit risk on receivables. ​Our customer base includes many worldwide enterprises, from the world’s largest organizations and governments to smaller businesses, with a significant portion of our revenue coming from global customers across many sectors. Our customer base includes many worldwide enterprises, from small and medium businesses to the world’s largest organizations and governments, with a significant portion of our revenue coming from global customers across many sectors. As a result, our financial performance is exposed to a wide variety of industry sector dynamics worldwide, including sudden shifts in regional or global economic activity. Our earnings and cash flows, as well as our access to funding, could be negatively impacted by changes in market liquidity conditions. Additionally, if we become aware of information related to the creditworthiness of a major customer, or if future actual default rates on receivables in general differ from those currently anticipated, we may have to adjust our allowance for credit losses, which could affect our net income in the period the adjustments are made.​Our results of operations and financial condition could be negatively impacted by our pension plans. ​Adverse financial market conditions and volatility in the credit markets may have an unfavorable impact on the value of our pension trust assets and our future estimated pension liabilities. As a result, our financial results in any period could be negatively impacted. In addition, in a period of an extended financial market downturn, we could be required to provide incremental pension plan funding with resulting liquidity risk which could negatively impact our financial flexibility. Further, our results could be negatively impacted by premiums for mandatory pension insolvency insurance coverage outside the United States. Premium increases could be significant due to the level of insolvencies of unrelated companies in the country at issue. ​23 Table of ContentsWe are exposed to currency risk that can adversely impact our revenue and business. ​We derive a significant percentage of our revenues and costs in non-U. We derive a significant percentage of our revenues and costs from our affiliates operating in non-U. S. dollar currency environments, and our results are affected by changes in the relative values of non-U. dollar currency environments, and results from these affiliates are affected by changes in the relative values of non-U. S. currencies and the U.S. dollar, as well as sudden shifts in regional or global economic activity. Fluctuations in foreign currency exchange rates can have adverse effects on our revenues, income from operations and net income when items denominated in other currencies are translated or remeasured into U.S. dollars for presentation of our consolidated financial statements. In addition, we have labor and product supply agreements where the currency in which our costs are denominated differs from the currency of the customer contract. Our hedging strategies may not fully mitigate our currency risk or may prove disadvantageous. Additionally, large changes in currency exchange rates relative to our functional currencies can increase the costs of our services to customers relative to local competitors, thereby causing us to lose existing or potential customers to these local competitors. 23 Table of ContentsAdditionally, large changes in currency exchange rates relative to our functional currencies could increase the costs of our services to customers relative to local competitors, thereby causing us to lose existing or potential customers to these local competitors. ​Risks Relating to our Spin-off from IBM ​If the Spin-off were determined not to qualify as tax-free for U. Risks Relating to our Spin-off from IBM The Spin-off may not achieve some or all of the anticipated benefits. S. federal income tax purposes, we could have an indemnification obligation to IBM, which could adversely affect our business, financial condition and results of operations. ​If the Distribution were determined not to qualify for non-recognition of gain or loss under Section 355 and related provisions of the Internal Revenue Code of 1986 (the “Code”), each stockholder that is subject to U.S. federal income tax who received our common stock in the Distribution would generally be treated as having received a distribution in an amount equal to the fair market value of our common stock received, which would generally result in: (i) a taxable dividend to such stockholder to the extent of that such stockholder’s pro rata share of IBM’s current or accumulated earnings and profits; (ii) a reduction in such stockholder’s basis (but not below zero) in IBM common stock to the extent the amount received exceeds the stockholder’s share of IBM’s earnings and profits; and (iii) taxable gain from the exchange of IBM common stock to the extent the amount received exceeded the sum of such stockholder’s share of IBM’s earnings and profits and such stockholder’s basis in its IBM common stock. ​If, as a result of any of our representations being untrue or our covenants being breached, the Spin-off were determined not to qualify for non-recognition of gain or loss under Section 355 and related provisions of the Code, we could be required to indemnify IBM for the resulting taxes and related expenses. Those amounts could be material. Any such indemnification obligation could adversely affect our business, financial condition and results of operations. ​In addition, if we or our stockholders engaged in transactions that resulted in a 50% or greater change by vote or value in the ownership of our stock during the four-year period beginning on the date that begins two years before the date of the Distribution, the Distribution would generally be taxable to IBM, but not to its stockholders, under Section 355(e) of the Code, unless it were established that such transactions and the Distribution were not part of a plan or series of related transactions. In addition, if we or our stockholders were to engage in transactions that resulted in a 50% or greater change by vote or value in the ownership of our stock during the four-year period beginning on the date that begins two years before the date of the Distribution, the Distribution would generally be taxable to IBM, but not to its stockholders, under Section 355(e) of the Code, unless it were established that such transactions and the Distribution were not part of a plan or series of related transactions. If the Distribution were taxable to IBM due to such a 50% or greater change in ownership of our stock, IBM would recognize a gain equal to the excess of the fair market value on the Distribution Date of our common stock distributed to IBM stockholders over IBM’s tax basis in our common stock, and we generally would be required to indemnify IBM for the tax on such gain and related expenses. If the Distribution were taxable to IBM due to such a 50% or greater change in ownership of our stock, IBM would recognize gain equal to the excess of the fair market value on the Distribution Date of our common stock distributed to IBM stockholders over IBM’s tax basis in our common stock, and we generally would be required to indemnify IBM for the tax on such gain and related expenses. Those amounts could be material. Any such indemnification obligation could adversely affect our business, financial condition and results of operations. ​We may experience difficulties as we continue to integrate and update our new enterprise resource planning (“ERP”) system, and we have identified deficiencies in our internal control related to the information technology general controls in our new ERP environment, which, if not remediated appropriately or timely, could result in adverse effects to the Company. ​During the fiscal year ended March 31, 2024, we implemented a new enterprise resource planning system (“ERP”), which replaced the financial and administrative systems that were provided by IBM following the Spin-off.

As discussed in Part II, Item 9A, in the course of preparing this Annual Report on Form 10-K, management identified certain control deficiencies associated with the Company’s current year implementation of our ERP in the area of our information technology general control (“ITGCs”) related to (i) user access and segregation of duty controls that restrict 24 Table of Contentsuser and privileged access to appropriate personnel; (ii) program development and change management controls; and (iii) certain computer operations controls that, when aggregated, are considered to be a material weakness, as that term is defined in the relevant standards. While the Company has found no evidence that the deficiencies gave rise to systems changes that were improper or impacted our financial statements for the fiscal year ended March 31, 2024, management is implementing remedial measures with additional controls and procedures to address the deficiencies. To the extent management is unable to remediate the identified issue timely, our ability to record, process and report financial information accurately, and to prepare financial statements within required time periods, could be adversely affected, which could subject us to litigation or investigations requiring management resources and other expenses, and could negatively affect investor confidence. As we continue to integrate and update our ERP, we may experience delays, increased costs, the diversion of management’s attention from day-to-day business operations and other difficulties. Extended delays could also introduce operational and business risk, including cybersecurity risks, business operations risks and other complications.​We continue to face a number of risks related to our separation from IBM, which could adversely affect our business, results of operations and financial condition.​In connection with the Separation, we and IBM entered into various transaction agreements related to the Spin-off. In connection with the Separation, we and IBM entered into various transaction agreements related to the Spin-off. These agreements also govern our relationship with IBM following the Spin-off. We rely on IBM to satisfy its performance obligations under these agreements. Since the Spin-off, certain contractual disputes have arisen between us and IBM. We and IBM have commenced arbitration proceedings related to certain of these matters. If the outcome of those arbitrations is unfavorable to Kyndryl, if a mutually acceptable commercial resolution cannot be found, if the terms of any resolution of these matters are unfavorable to us, or if IBM is unable or unwilling to satisfy its respective obligations under these agreements, including indemnification obligations, our business, results of operations and financial condition could be adversely affected. If the outcome of those arbitrations is unfavorable to Kyndryl, if a mutually acceptable commercial resolution cannot be found, or if we or IBM are or remain otherwise unable or unwilling to satisfy our or its respective obligations under these agreements, including indemnification obligations, our business, results of operations and financial condition could be adversely affected. ​Risks Relating to Our Common Stock and the Securities Market ​Certain provisions in our Amended and Restated Certificate of Incorporation and Amended and Restated By-Laws and Delaware law may discourage takeovers and limit the power of our stockholders. ​Several provisions of our Amended and Restated Certificate of Incorporation, Amended and Restated By-Laws and Delaware law may discourage, delay or prevent a merger or acquisition. These include, among others, provisions that (i) provide for staggered terms for directors on our Board for a period following the Spin-off; (ii) establish advance notice requirements for stockholder nominations and proposals; (iii) provide for the removal of directors only for cause during the time the Board is classified; (iv) limit the ability of stockholders to call special meetings or act by written consent; and (v) provide the Board the right to issue shares of preferred stock without stockholder approval. In addition, we are subject to Section 203 of the Delaware General Corporation Law (“DGCL”), which could have the effect of delaying or preventing a change of control that some stockholders may favor. ​These and other provisions of our Amended and Restated Certificate of Incorporation, Amended and Restated By-Laws and Delaware law may discourage, delay or prevent certain types of transactions involving an actual or a threatened acquisition or change in control, including unsolicited takeover attempts, even though the transaction may offer our stockholders the opportunity to sell their shares of our common stock at a price above the prevailing market price. These and other provisions of our Amended and Restated Certificate of Incorporation, Amended and Restated By-Laws and Delaware law may discourage, delay or prevent certain types of transactions involving an actual or a 25 Table of Contentsthreatened acquisition or change in control, including unsolicited takeover attempts, even though the transaction may offer our stockholders the opportunity to sell their shares of our common stock at a price above the prevailing market price. Our Board believes these provisions will protect our stockholders from coercive or otherwise unfair takeover tactics by requiring potential acquirers to negotiate with the Board and by providing the Board with more time to assess any acquisition proposal. These provisions will apply even if the offer may be considered beneficial by some stockholders and could delay or prevent an acquisition that the Board determines is not in our and our stockholders’ best interests. ​25 Table of ContentsOur Amended and Restated Certificate of Incorporation provides that certain courts in the State of Delaware or the federal district courts of the United States will be the sole and exclusive forum for substantially all disputes between us and our stockholders, which could limit our stockholders’ ability to obtain a favorable judicial forum for disputes with us or our directors, officers or employees. Our Amended and Restated Certificate of Incorporation provides that certain courts in the State of Delaware or the federal district courts of the United States will be the sole and exclusive forum for substantially all disputes between us and our stockholders, which could limit our stockholders’ ability to obtain a favorable judicial forum for disputes with us or our directors, officers or employees. ​Our Amended and Restated Certificate of Incorporation provides, in all cases to the fullest extent permitted by law, unless we consent in writing to the selection of an alternative forum, the Court of Chancery located within the State of Delaware will be the sole and exclusive forum for any derivative action or proceeding brought on behalf of us, any action asserting a claim of breach of a fiduciary duty owed by any director, officer or other employee or stockholder to us or our stockholders, any action asserting a claim arising pursuant to the DGCL or as to which the DGCL confers jurisdiction on the Court of Chancery located in the State of Delaware or any action asserting a claim governed by the internal affairs doctrine or any other action asserting an “internal corporate claim” as that term is defined in Section 115 of the DGCL, or any action asserting a claim arising under the DGCL, our Amended and Restated Certificate of Incorporation or our Amended and Restated By-Laws. However, if the Court of Chancery within the State of Delaware does not have jurisdiction, the action may be brought in the United States District Court for the District of Delaware. The exclusive forum provision provides that it will not apply to claims arising under the Securities Act, the Exchange Act or other federal securities laws for which there is exclusive federal or concurrent federal and state jurisdiction. Unless we consent in writing to the selection of an alternative forum, the federal district courts of the United States of America shall be the exclusive forum for the resolution of any complaint asserting a cause of action arising under the Securities Act. ​Any person or entity purchasing or otherwise acquiring any interest in shares of our capital stock will be deemed to have notice of and, to the fullest extent permitted by law, to have consented to the provisions of our Amended and Restated Certificate of Incorporation described above. The choice of forum provision may limit a stockholder’s ability to bring a claim in a judicial forum that it finds favorable for disputes with us or our directors, officers, other employees or stockholders, which may discourage such lawsuits against us and our directors, officers, other employees or stockholders. However, the enforceability of similar forum provisions in other companies’ certificates of incorporation has been challenged in legal proceedings. If a court were to find the exclusive choice of forum provision contained in our Amended and Restated Certificate of Incorporation to be inapplicable or unenforceable in an action, we may incur additional costs associated with resolving such action in other jurisdictions.Item 1B. Unresolved Staff Comments. Unresolved Staff Comments:None. None.​Item 1C.Item 1A. Cybersecurity.Cybersecurity Risk Management and Strategy​We recognize the critical importance of cybersecurity in upholding the safety and security of our systems, services and data and maintaining the trust of our customers. Cybersecurity risk management is an important part of, and is integrated into, the Company’s overall enterprise risk management program. We maintain a cybersecurity risk management program that is designed to identify, assess, manage and mitigate cybersecurity risks and provides a framework for responding to cybersecurity threats and incidents. We continually assess and enhance our cybersecurity risk management program and our cybersecurity posture to protect the confidentiality, integrity and availability of the Company’s infrastructure, resources and information and the information that our customers entrust to us. ​We designed a multi-faceted risk-management approach based on the National Institute of Standards and Technology (NIST) Cybersecurity Framework and informed by other industry standards and industry-recognized practices to identify and address cybersecurity risks. Our key cybersecurity processes include the following: ​●Risk-based, layered controls – We regularly assess and adjust our technical controls and methods to identify, respond to and mitigate emerging cybersecurity risks and use a layered approach with overlapping controls to defend against cybersecurity attacks and threats to our networks, end-user devices, servers, applications, data and cloud solutions and the data that our customers entrust to us.26 Table of Contents●Cybersecurity incident response plan and testing – We have a global incident response process and a dedicated team responsible for monitoring, detecting and responding to cybersecurity threats and attacks, whether external or internal, coordinating across multiple functions, periodically testing our protocols and regularly communicating and providing reports to our CISO. ​●Information sharing and collaboration – We utilize threat intelligence and security information collected from various sources, including but not limited to partners, suppliers, governments and information sharing and analysis centers, to identify, protect against, detect and respond to potential cybersecurity threats and events. ​●Training and awareness – We use a combination of online training, including mandatory annual cybersecurity and privacy courses, educational tools, videos and other ongoing awareness initiatives, including phishing simulation exercises, throughout the year to foster a culture of security awareness and responsibility among our workforce. ●Third-party supplier risk assessments – Recognizing that our suppliers can be subject to cybersecurity incidents which may impact us and our customers, our procurement process includes security and risk assessments to identify and evaluate risk associated with certain key suppliers, including reviewing relevant cybersecurity certifications and third-party audit results, assessing technical and organizational controls and evaluating their risk profile. ​We periodically engage third-party security consultants to conduct evaluations of our cybersecurity controls and procedures, including through penetration testing, third-party audits or consulting on best practices to address new challenges. These evaluations include testing the design and operational effectiveness of our cybersecurity controls and procedures. Our internal audit function conducts additional reviews and assessments of our cybersecurity controls and procedures. Certain results of such assessments and reviews are reported to the Audit Committee and the Board of Directors as appropriate. We use the findings from these efforts to improve our practices, procedures, and technologies. ​Cybersecurity Risk Oversight and Governance ​Our Board of Directors is responsible for the overall oversight of our enterprise risk management. The Audit Committee semi-annually reviews the Company’s enterprise risk management framework, including enterprise risk management processes, and assists the Board of Directors in its oversight over certain key areas of risks, including overseeing cybersecurity, data governance and privacy risk and regularly reporting on such matters to the Board. The Audit Committee and full Board of Directors receive periodic updates from our CISO about Kyndryl’s cybersecurity policies and practices, cybersecurity developments, trends, risks, notable incidents, mitigation strategies, maturity initiatives and other developments throughout the year, as well as periodic updates from our CIO, Security & Resiliency global practice leader and other senior leaders on cybersecurity-related matters. ​Our information security program is led by our CISO, who reports to the CIO. Our CISO organization collaborates closely with key stakeholders across the businesses, including our Security & Resiliency and other global practice organizations, in developing and implementing our cybersecurity strategy, policy, operations, threat detection and incident response and remediation. Our information security teams that support these efforts are comprised of cybersecurity professionals with many years of experience in cybersecurity across multiple sectors, including heavily regulated industries such as financial services and defense, and many of them hold relevant industry certifications.​Under our global incident response process, cybersecurity incidents are assessed and classified by severity, and significant incidents are escalated as appropriate to senior executive leadership. In addition, we have a risk-based escalation process outside of our regular reporting process to promptly notify the Board of Directors in the event of any material cybersecurity incident impacting the Company.

​Based on the information we have as of the date of this Form 10-K, we do not believe that any cybersecurity incident experienced by the Company has materially affected or is reasonably likely to materially affect Kyndryl, including our business strategy, results of operations or financial condition. For additional information about cybersecurity risks, see Item 1A. “Risk Factors.” 27 Table of Contents.​26 Table of Contents.