Quiver Quantitative

Risk Factors Dashboard

Once a year, publicly traded companies issue a comprehensive report of their business, called a 10-K. A component mandated in the 10-K is the ‘Risk Factors’ section, where companies disclose any major potential risks that they may face. This dashboard highlights all major changes and additions in new 10K reports, allowing investors to quickly identify new potential risks and opportunities.

View risk factors by ticker

Search filings by term

Risk Factors - LDOS

-New additions in green
-Changes in blue
-Hover to see similar sentence in last filing

Item 1A. Risk Factors

In your evaluation of our company and business, you should carefully consider the risks and uncertainties described below, together with information disclosed elsewhere in this Annual Report on Form 10-K, including our consolidated financial statements and the related notes and “Management’s Discussion and Analysis of Financial Condition and Results of Operations” in Part II of this Annual Report, and other documents we file with the SEC. The risks and uncertainties described below are those that we have identified as material but are not the only risks and uncertainties facing us. If any of these risks or uncertainties actually occurs, our business, financial condition or operating results could be materially harmed, and our stock price could decline. Our business is also subject to general risks and uncertainties that affect many other companies, such as our ability to collect receivables, overall U.S. and global economic and industry conditions, geopolitical events, changes in laws or accounting rules, fluctuations in interest, exchange rates and inflation, terrorism, international conflicts, major health concerns, climate change or other disruptions of expected economic and business conditions. Additional risks and uncertainties not currently known to us or that we currently believe are immaterial also may materially harm our business, financial condition or operating results. In that event, the trading price of our stock could decline, and you could lose part or all of your investment.


14			Leidos Holdings, Inc. Annual Report

Table of Contents

PART I

SUMMARY OF RISK FACTORS

This risk factor summary contains a high-level summary of risks associated with our business. It does not contain all of the information that may be important to you, and you should read this risk factor summary together with the more detailed discussion of risks and uncertainties set forth following this summary. A summary of our risks includes, but is not limited to, the following:

uWe depend on government agencies as our primary customers and if our reputation or relationships with these agencies were harmed, our future revenues and growth prospects could be adversely affected.

uA decline in the U.S. government budget, changes in spending or budgetary priorities or delays in contract awards may significantly and adversely affect our future revenues and limit our growth prospects.

uBecause we depend on U.S. government contracts, a delay in the completion of the U.S. government’s budget and appropriations process could delay procurement of the products, services and solutions we provide and adversely affect our future revenues.

uDue to the competitive process to obtain contracts and the likelihood of bid protests, we may be unable to achieve or sustain revenue growth and profitability.

uThe U.S. government may terminate, cancel, modify, renew on less favorable terms or curtail our contracts at any time prior to their completion and, if we do not replace them, this may adversely affect our future revenues and profitability.

uWe face intense competition that can impact our ability to obtain contracts and therefore affect our future revenues and growth prospects.

uDeterioration of economic conditions or weakening in credit or capital markets may have a material adverse effect on our business, results of operations and financial condition.

uWe cannot predict the consequences of current or future geopolitical events, but they may adversely affect the markets in which we operate and our results of operations.

uGlobal supply chain issues and inflationary pressures have disrupted supply and increased the prices of goods and services, which could raise the costs associated with providing our services, diminish our ability to compete for new contracts or task orders and reduce customer buying power.

uOur failure to comply with various complex procurement rules and regulations could result in our being liable for penalties, including termination of our U.S. government contracts, disqualification from bidding on future U.S. government contracts and suspension or debarment from U.S. government contracting.

uThe U.S. government may adopt new contract rules and regulations or revise its procurement practices in a manner adverse to us at any time.

uApplication of the U.S. government's organizational conflict of interest (OCI) rules could limit our ability to successfully compete for new contracts or task orders, which would adversely affect our results of operations.

uAs a U.S. government contractor, our partners and we are subject to reviews, audits and cost adjustments by the U.S. government, which could adversely affect our profitability, cash position or growth prospects if resolved unfavorably to us.

uOur business is subject to governmental review and investigation, which could adversely affect our financial position, operating results and growth prospects.

uInvestigations, audits, claims, disputes, enforcement actions, litigation, arbitration or other legal proceedings could require us to pay potentially large damage awards or penalties and could be costly to defend, which would adversely affect our cash balances and profitability, and could damage our reputation.

uOur business and operations expose us to numerous legal and regulatory requirements, and any violation of these requirements could harm our business.

uOur business is subject to complex and evolving laws and regulations regarding data privacy and security which could subject us to investigations, claims or monetary penalties against us, require us to change our business practices or otherwise adversely affect our revenues and profitability.

uMisconduct of employees, subcontractors, agents, suppliers, business partners or joint ventures and others working on our behalf could cause us to lose existing contracts or customers and adversely affect our ability to obtain new contracts and could have a material adverse impact on our business, reputation and future results.


Leidos Holdings, Inc. Annual Report			15

Table of Contents

PART I

uA failure to attract, retain, and develop talent with critical skills, including our leadership team, would adversely affect our ability to execute our strategy and may disrupt our operations.

uWe may not realize the full amounts reflected in our backlog as revenues, which could adversely affect our expected future revenues and growth prospects.

uOur earnings and profitability may vary based on the mix of our contracts and may be adversely affected by our failure to estimate and manage costs, time and resources accurately.

uWe use estimates in recognizing revenues, and if we make changes to estimates used in recognizing revenues, our profitability may be adversely affected.

uCybersecurity breaches and other information security incidents could negatively impact our business and financial results, impair our ability to effectively provide our services to our customers and cause harm to our reputation or competitive position.

uInternal system or service failures, or failures in the systems or services of third parties on which we rely, could disrupt our business and impair our ability to effectively provide our services and products to our customers, which could damage our reputation and adversely affect our revenues and profitability.

uCustomer systems failures could damage our reputation and adversely affect our revenues and profitability.

uOur success depends, in part, on our ability to work with complex and rapidly changing technologies to meet the needs of our customers.

uWe utilize artificial intelligence, which could expose us to liability or adversely affect our business, especially if we are unable to compete effectively with others in adopting artificial intelligence.

uWe have classified contracts with the U.S. government, which may limit investor insight into portions of our business.

uWe have made and continue to make acquisitions, investments, joint ventures and divestitures that involve numerous risks and uncertainties.

uGoodwill represents a significant asset on our balance sheet and any impairment of this asset could negatively impact our results of operations, and shareholders’ equity.

uWe depend on our teaming arrangements and relationships with other contractors and subcontractors. If we are not able to maintain these relationships, or if these parties fail to satisfy their obligations to us or the customer, our revenues, profitability and growth prospects could be adversely affected.

uWe could incur significant liabilities and suffer negative publicity if our inspection or detection systems fail to detect bombs, explosives, weapons, contraband or other threats.

uWe face risks associated with our international business.

uChanges in tax laws and regulations or exposure to additional tax liabilities could adversely affect our financial results.


16			Leidos Holdings, Inc. Annual Report

Table of Contents

PART I

INDUSTRY AND ECONOMIC RISKS

We depend on government agencies as our primary customers and if our reputation or relationships with these agencies were harmed, our future revenues and growth prospects could be adversely affected.

Our revenues from contracts with the U.S. government (including all branches of the U.S. military), either as a prime contractor or a subcontractor to other contractors engaged in work for the U.S. government, generated approximately 87% of our total revenue in both fiscal 2024 and 2023, and 86% in fiscal 2022. We expect to continue to derive most of our revenues from work performed under U.S. government contracts. Our reputation and relationships with the U.S. government, particularly with the agencies of the DoD and the U.S. Intelligence Community, are key factors in maintaining and growing our revenues, and enable us to provide informal input and advice to government entities and agencies prior to the development of a formal bid. In addition, negative publicity, including reports from the press or social media coverage, regardless of accuracy or completeness, and which could pertain to employee or subcontractor misconduct, conflicts of interest, poor contract performance, deficiencies in services, reports, products or other deliverables, security breaches or other security incidents or other aspects of our business, could harm our reputation with these agencies and with certain non-U.S. customers. Due to the sensitive nature of our work and our confidentiality obligations to our customers, and despite our ongoing efforts to provide transparency, we may be unable to or limited in our ability to respond to such negative publicity, which could also harm our reputation and our business. If our reputation is negatively affected or if we are unable to successfully maintain our relationships with government entities and agencies, certain customers could cease to do business with us and our ability to bid successfully for new business may be adversely affected, which could cause our actual results to differ materially and adversely from those anticipated. In addition, our ability to hire or retain employees and our standing in professional communities, to which we contribute and receive expert knowledge, could be diminished. If any of the foregoing occurs, the amount of business with the U.S. government and other customers could decrease, and our business, future revenues, financial condition, and growth prospects could be adversely affected.

A decline in the U.S. government budget, changes in spending or budgetary priorities or delays in contract awards may significantly and adversely affect our future revenues and limit our growth prospects.

Revenues under contracts with the DoD and U.S. Intelligence Community, either as a prime contractor or subcontractor to other contractors, represented approximately 48% of our total revenues for fiscal 2024, 49% of our total revenues for fiscal 2023 and 44% of our total revenues for fiscal 2022. U.S. government and DoD spending levels are difficult to predict and subject to significant risk. Laws and plans adopted by the U.S. government relating to, along with pressures on and uncertainty surrounding the U.S. federal budget, potential changes in budgetary priorities and defense spending levels, the appropriations process and the permissible federal debt limit, could adversely affect the funding for individual programs and delay purchasing or payment decisions by our customers. Considerable uncertainty exists regarding how future budget and program decisions will unfold, including the defense spending priorities of the U.S. Presidential Administration and Congress and what challenges potential budget reductions will present for us and our industry generally.

Current U.S. government spending levels for defense-related or other programs may not be sustained. Future spending and program authorizations may not increase or may decrease or shift to programs in areas where we do not provide services or are less likely to be awarded contracts. Such changes in spending authorizations and budgetary priorities may occur as a result of uncertainty surrounding the federal budget and the federal government’s ability to meet its debt obligations, changes in the priorities of the U.S. Presidential Administration as a result of the recent election cycle, increasing political pressure and legislation, shifts in spending priorities from defense-related or other programs as a result of competing demands for federal funds, the number and intensity of military conflicts or other factors. For example, the conflicts between Russia and Ukraine and in the Middle East have resulted in increased security assistance to each of Ukraine and Israel to help preserve their territorial integrity, secure their borders, and with respect to the Russia/Ukraine conflict, improve interoperability with NATO. Changes in the priorities of the U.S. Presidential Administration in respect thereto could have an adverse impact on our results. In addition, if government funding relating to our contracts with the U.S. government or DoD becomes unavailable, or is reduced or delayed, or planned orders are reduced, our contracts or subcontracts under such programs may be terminated or adjusted by the U.S. government or the prime contractor. Our operating results could also be adversely affected by spending caps or changes in the U.S. government or the DoD’s budgetary priorities, as well as delays in program starts or the award of contracts or task orders under contracts.


Leidos Holdings, Inc. Annual Report			17

Table of Contents

PART I

The U.S. government also conducts periodic reviews of U.S. defense strategies and priorities, which may shift DoD or other budgetary priorities, reduce overall U.S. government spending, or delay contract or task order awards for defense-related or other programs from which we would otherwise expect to derive a significant portion of our future revenues. In addition, changes to the federal or DoD acquisition system and contracting models could affect whether and how we pursue certain opportunities and the terms under which we are able to do so. A significant decline in overall U.S. government spending, including in the areas of national security, intelligence, homeland security, and health and civilian services, a significant shift in its spending priorities, the substantial reduction or elimination of particular defense-related programs or significant delays in contract or task order awards for large programs could adversely affect our future revenues and results of operations and limit our growth prospects. In addition, our ability to grow in advanced technology areas, such as hypersonics programs, space systems, maritime and undersea systems, and classified programs, will also be affected by the overall budget environment, whether development programs transition to production and the timing of such transition, all of which are dependent on U.S. Government authorization and funding.

Because we depend on U.S. government contracts, a delay in the completion of the U.S. government’s budget and appropriations process could delay procurement of the products, services, and solutions we provide and adversely affect our future revenues.

The funding of U.S. government programs is subject to an annual congressional budget authorization and appropriations process. In years when the U.S. government does not complete its appropriations before the beginning of the new fiscal year on October 1, government operations are typically funded pursuant to a “continuing resolution,” which allows federal government agencies to operate at spending levels approved in the previous appropriations cycle but does not authorize new spending initiatives. When the U.S. government operates under a continuing resolution, delays can occur in the procurement of the products, services and solutions that we provide and may result in new initiatives being canceled. From time to time, we have experienced a decline in revenues in our fourth quarter as a result of this annual appropriations cycle, and we could experience similar declines in revenues from future delays in the appropriations process. When the U.S. government fails to complete its appropriations process or provide for a continuing resolution, a full or partial federal government shutdown may result. Congress appropriates funds on an annual fiscal year basis for many programs, even though the program performance period may extend over several years. Consequently, programs are often partially funded initially, and additional funds are committed only as Congress makes further appropriations. If we incur costs in excess of funds obligated on a contract, we may be at risk for reimbursement of those costs unless or until additional funds are obligated to the contract. In addition, if and when supplemental appropriations are required to operate the U.S. government or fund specific programs and passage of legislation needed to approve any supplemental appropriations bill is delayed, the overall funding environment for our business could be adversely affected.

Due to the competitive process to obtain contracts and the likelihood of bid protests, we may be unable to achieve or sustain revenue growth and profitability.

We expect that a majority of the business that we seek in the foreseeable future will be awarded through a competitive bidding process. The U.S. government has increasingly relied on contracts that are subject to a continuing competitive bidding process, including GSA Schedule and other multi-award contracts, which has resulted in greater competition and increased pricing pressure. Any resulting loss or delay of start-up and funding of work under protested contract awards may adversely affect our revenues and profitability. As a result, we may not be able to obtain these task orders or recognize revenues under these multiple-award contracts.” Our failure to compete effectively in this procurement environment would adversely affect our revenues and profitability.


18			Leidos Holdings, Inc. Annual Report

Table of Contents

PART I

The U.S. government may terminate, cancel, modify, renew on less favorable terms or curtail our contracts at any time prior to their completion, and if we do not replace them, this may adversely affect our future revenues and profitability.

Many of the U.S. government programs in which we participate as a contractor or subcontractor extend for several years and include one or more base years and one or more option years. These programs are typically funded on an annual basis. Under our contracts, the U.S. government generally has the right not to exercise options to extend or expand our contracts and may otherwise terminate, cancel, modify or curtail our contracts at its convenience. Any decisions by the U.S. government to not exercise contract options or to terminate, cancel, modify, renew on less favorable terms or curtail our major programs or contracts would adversely affect our revenues, revenue growth and profitability.

In addition, we have experienced performance issues under certain of our contracts. Some of our contracts involve developing complex systems and products to achieve challenging customer goals in a competitive procurement environment. If a government customer terminates a contract for default, we may be exposed to liability, including for excess costs incurred by the customer in procuring undelivered services and products from another source. Depending on the nature and value of the contract, a performance issue or termination for default could cause our actual results to differ from those anticipated and could harm our reputation.

We face intense competition that can impact our ability to obtain contracts and, therefore, affect our future revenues and growth prospects.

We also compete with smaller, more specialized companies that can concentrate their resources on particular areas. Additionally, we compete with the U.S. government’s own capabilities and federal non-profit contract research centers. For example, some customers, including the DoD, are turning to commercial contractors, rather than traditional defense contractors, for some products and services, and may utilize small business contractors or source work internally rather than hiring a contractor. The markets in which we operate are characterized by rapidly changing customer needs and technology and our success depends on our ability to invest in and develop products and services that address such needs. Our competitors may be able to provide our customers with different or greater capabilities or technologies or better contract terms than we can provide, including technical qualifications, past contract experience, geographic presence, price and the availability of qualified professional personnel, or be willing to accept more risk or lower profitability in competing for contracts.

Some of our competitors have made or could make acquisitions of businesses or establish teaming or other agreements among themselves or third parties, which could allow them to offer more competitive and comprehensive solutions. As a result of such acquisitions or arrangements, our current or potential competitors may be able to accelerate the adoption of new technologies that better address customer needs, devote more significant resources to bring these products and services to market, initiate or withstand substantial price competition, develop and expand their product and service offerings more quickly than we do or limit our access to certain suppliers. These competitive pressures in our market or our failure to compete effectively may result in fewer orders, reduced revenue and margins, and loss of market share. Further industry consolidation may also impact customers’ perceptions of the viability of smaller or even mid-size software firms and, consequently, customers’ willingness to purchase from such firms.

Deterioration of economic conditions or weakening in credit or capital markets may have a material adverse effect on our business, results of operations and financial condition.

Volatile, negative, or uncertain economic conditions, an increase in the likelihood of a recession, or concerns about these or other similar risks may negatively impact our customers’ ability and willingness to fund their projects. For example, declines in state and local tax revenues, as well as other economic declines, may result in lower government spending. Our customers reducing, postponing, or canceling spending on projects in respect of which we provide services may reduce demand for our services quickly and with little warning, which could have a material adverse effect on our business, results of operations, and financial condition.


Leidos Holdings, Inc. Annual Report			19

Table of Contents

PART I

Moreover, instability in the credit or capital markets in the U.S. and related market-wide reduction in liquidity, or concerns or rumors about events of these kinds or similar risks, could affect the availability of credit or our credit ratings, making it relatively difficult or expensive to obtain additional capital at competitive rates, on commercially reasonable terms or in sufficient amounts, or at all, thus making it more difficult or expensive for us to access funds or refinance our existing indebtedness, or obtain financing for strategic projects and acquisitions. Such instability could also cause counterparties, including vendors, suppliers, and subcontractors, to be unable to perform their obligations or to breach their obligations to us under our contracts with them.

We cannot predict the consequences of current or future geopolitical events, but they may adversely affect the markets in which we operate and our results of operations.

Ongoing instability and current conflicts in global markets, including in Eastern Europe, the Middle East, and Asia, and the potential for other conflicts and future terrorist activities and other recent geopolitical events throughout the world, including the ongoing conflict between Russia and Ukraine, the ongoing conflict in the Middle East, which continues to expand, and increased tensions in Asia, have created and may continue to create economic and political uncertainties and impacts that could have a material adverse effect on our business, operations, and profitability. These types of matters cause uncertainty in financial markets and may significantly increase the political, economic and social instability in the geographic areas in which we operate.

In addition, in connection with the current status of international relations with Russia, particularly in light of the conflict between Russia and Ukraine, the U.S. government has imposed enhanced export controls on certain products and sanctions on certain industry sectors and parties in Russia. The governments of other jurisdictions in which we operate, such as the European Union and Canada, may also implement sanctions or other restrictive measures. These potential sanctions and export controls, as well as any responses from Russia, could adversely affect us and/or our supply chain, business partners, or customers.

Global supply chain issues and inflationary pressures have disrupted supply and increased the prices of goods and services, which could raise the costs associated with providing our services, diminish our ability to compete for new contracts or task orders and reduce customer buying power.

For a variety of reasons, the global economy in which we operate has faced, and may continue to face, heightened inflationary pressure, impacting the cost of doing business in both supply and labor markets. Although inflation has moderated somewhat in 2024, these inflationary pressures have been and could continue to be exacerbated by geopolitical turmoil and economic policy actions. We generate revenue through various fixed-price and multi-year government contracts, our primary customer being the U.S. government, which has traditionally been viewed as less affected by inflationary pressures. However, our approach to include modest annual price escalations in our bids for multi-year work may be insufficient to account for and mitigate inflationary cost pressures, which may result in cost overruns on contracts. This could result in reduced profits or even losses if inflation increases, particularly for fixed-priced contracts and our longer-term multi-year contracts as contractual prices become less favorable to us over time. In the competitive environment in which we operate as a government contractor, the lack of pricing leverage and power to renegotiate long-term, multi-year contracts, coupled with reduced customer buying power as a result of inflation, could reduce our profits, disrupt our business or otherwise materially adversely affect our results of operations.

LEGAL AND REGULATORY RISKS

Our failure to comply with various complex procurement rules and regulations could result in our being liable for penalties, including termination of our U.S. government contracts, disqualification from bidding on future U.S. government contracts and suspension or debarment from U.S. government contracting.

We must comply with laws and regulations relating to the formation, administration and performance of U.S. government contracts, which affect how we do business with our customers. Such laws and regulations may impose added costs on our business and our failure to comply with them may lead to civil or criminal penalties, termination of our U.S. government contracts, or suspension or debarment from contracting with federal agencies. For additional background on the regulations that apply to our business and the related compliance risks, see “Regulation” within Item 1 of this Annual Report on Form 10-K and the risk factor “Our business is subject to governmental review and investigation, which could adversely affect our financial position, operating results and growth prospects.”


20			Leidos Holdings, Inc. Annual Report

Table of Contents

PART I

Government contract laws and regulations can impose terms or obligations that are different than those typically found in commercial transactions. One of the significant differences is that the U.S. Government may terminate any of our government contracts, not only for default based on our performance but also at its convenience. Generally, prime contractors have a similar right under subcontracts related to government contracts. If a contract is terminated for convenience, we typically would be entitled to receive payments for our allowable costs incurred and the proportionate share of fees or earnings for the work performed, but we would receive no payment or other consideration for the loss of revenue or profit associated with the future work that was cancelled. If a contract is terminated for default, the U.S. Government could seek the return of any amounts previously paid to us under the contract and also seek to recover from us any added costs for having another contractor complete the work, exposing us to liability and adversely affecting our ability to compete for future contracts and orders. In addition, the U.S. Government could terminate a prime contract under which we are a subcontractor, notwithstanding the fact that our performance and the quality of the products or services we delivered were consistent with our contractual obligations as a subcontractor. Similarly, the U.S. Government could indirectly terminate a program or contract by not funding it, or by reducing the amount of funding previously obligated to the program or contract. The decision to terminate programs or contracts for convenience or default could adversely affect our business and future financial performance.

The U.S. government may adopt new contract rules and regulations or revise its procurement practices in a manner adverse to us at any time.

Our industry has experienced, and we expect it will continue to experience, significant changes to business practices as a result of an increased focus on affordability, efficiencies, and recovery of costs, among other items. From time to time, new laws and regulations are enacted, and government agencies adopt new interpretations and enforcement priorities relative to laws and regulations already in effect. U.S. government agencies may face restrictions or pressure regarding the type and amount of services that they may obtain from private contractors. Legislation, regulations and initiatives dealing with procurement reform, mitigation of potential conflicts of interest and environmental responsibility or sustainability as well as any resulting shifts in the buying practices of U.S. government agencies (such as increased usage of fixed-price contracts, multiple-award contracts and small business set-aside contracts) could have adverse effects on government contractors, including us. Any of these changes could impair our ability to obtain new contracts or renew our existing contracts when customers recompete those contracts. Any new contracting requirements or procurement methods could be costly or administratively difficult to implement and could adversely affect our future revenues, profitability, and prospects.

Additionally, the DoD and other customers are increasingly pursuing rapid acquisition pathways and procedures for new technologies, including through so-called “other transaction authority” agreements ("OTAs"). OTAs are exempt from many traditional procurement laws, including the FAR, and an OTA award may be subject, in certain cases, to the condition that a significant portion of the work under the OTA is performed by a non-traditional defense contractor or that a portion of the cost of the prototype project is funded by non-governmental sources. If we cannot successfully adapt to our customers’ rapid acquisition processes, then we may lose strategic new business opportunities in high-growth areas, and our future performance and results could be adversely affected.

Application of the U.S. government's organizational conflict of interest (OCI) rules could limit our ability to successfully compete for new contracts or task orders, which would adversely affect our results of operations.

The U.S. government has adopted rules and practices that are designed to avoid or mitigate organizational conflicts of interest ("OCIs"). OCIs may arise from circumstances in which a contractor has:

uimpaired objectivity during performance;

uunequal access to non-public information; or

uthe ability to set the “ground rules” for another procurement for which the contractor intends to compete.

U.S. federal contacting rules require that government contracting officers identify, analyze and address potential OCIs for each acquisition they conduct. The rules specify a number of methods contracting officers may use to address OCIs, and each contracting officer has significant discretion in deciding whether an OCI exists, and if so, how it should be addressed. As a result, it may be difficult for us to predict whether a given contracting opportunity will be found to pose an actual or potential OCI, whether such an OCI will be determined to be disqualifying, and if not disqualifying what steps we would be required to take in order to be found eligible to compete for and perform the work.


Leidos Holdings, Inc. Annual Report			21

Table of Contents

PART I

Similarly, OCIs remain an active area of bid protest litigation, increasing the likelihood that competitors may leverage such arguments in an attempt to overturn agency award decisions. To the extent that the U.S. government's OCI laws, regulations, and rules or interpretations thereof limit our ability to successfully compete for new contracts or task orders with the U.S. government, either because of OCI issues arising from our business, or because companies with which we are affiliated, or with which we otherwise conduct business, create OCI interest issues for us, our financial metrics and results of operations could be materially and adversely affected.

As a U.S. government contractor, our partners and we are subject to reviews, audits and cost adjustments by the U.S. government, which could adversely affect our profitability, cash position or growth prospects if resolved unfavorably to us.

U.S. government contractors (including their subcontractors and others with whom they do business) operate in a highly regulated environment and are routinely audited and reviewed by the U.S. government and its agencies, including the DCAA, DCMA, the DoD Inspector General, and others. These agencies review a contractor’s performance on government contracts, cost structure, indirect rates and pricing practices, compliance with applicable contracting and procurement laws, regulations, terms, and standards, and the adequacy of our systems and processes in meeting government requirements. They also review the adequacy of the contractor’s compliance with government standards for its business systems, including a contractor’s accounting system, earned value management system, estimating system, materials management and accounting system, property management system, and purchasing system.

As a result of increased scrutiny on contractors and U.S. government agencies, audits and reviews are conducted rigorously and the applicable standards are strictly interpreted, increasing the likelihood of an audit or review resulting in an adverse outcome. A finding of significant control deficiencies in our business system audits or other reviews can result in the suspension of payments or lower billing rates to our U.S. government customers until the control deficiencies are corrected and the DCMA accepts our remediations. Government audits and reviews may conclude that our practices are not consistent with applicable laws and regulations and result in adjustments to contract costs and mandatory customer refunds. Such adjustments can be applied retroactively, which could result in significant customer refunds. Our receipt of adverse audit findings or the failure to obtain an “approved” determination of our various business systems from the responsible U.S. government agency could significantly and adversely affect our business, including our ability to bid on new contracts and our competitive position in the bidding process. A determination of noncompliance could also result in the U.S. government imposing penalties and sanctions against us, including reductions of the value of contracts, contract modifications reflecting less favorable terms or termination, withholding of payments, the loss of export/import privileges, administrative or civil judgments and liabilities, criminal judgments or convictions, liabilities and consent or other voluntary decrees or agreements, other sanctions, the assessment of penalties, fines or compensatory, treble or other damages or non-monetary relief or actions, suspension or debarment, suspension of payments and increased government scrutiny that could negatively impact our reputation, delay or adversely affect our ability to invoice and receive timely payment on contracts, perform contracts or compete for contracts with the U.S. government. Although we have recorded contract revenues based upon our estimate of costs that we believe will be approved upon final audit or review, we cannot predict the outcome of any ongoing or future audits or reviews and adjustments and, if future adjustments exceed our estimates, our profitability may be adversely affected.

Our business is subject to governmental review and investigation, which could adversely affect our financial position, operating results and growth prospects.

We are routinely subject to governmental investigations relating to compliance with various laws and regulations with respect to our role as a contractor to federal, state and local government customers and in connection with performing services in countries outside the United States. If a review or investigation identifies improper or unlawful activities, we may be subject to disgorgement of profits, fines, damages, litigation, civil or criminal penalties, exclusion from sales channels or sales opportunities, injunctions, or administrative sanctions, including the termination of contracts, the triggering of price reduction clauses, suspension of payments, suspension or debarment from doing business with governmental agencies or other consequences. We may suffer harm to our reputation if allegations of impropriety are made against us, which would impair our ability to win new contract awards or receive contract renewals. Penalties and sanctions are not uncommon in our industry. If we incur a material penalty or administrative sanction or otherwise suffer harm to our reputation, our revenues, profitability, cash position and future prospects could be adversely affected. For a description of our current legal proceedings, see “Item 3. Legal Proceedings” along with “Note 21—Commitments and Contingencies” of the notes to the consolidated financial statements contained within this Annual Report on Form 10-K.


22			Leidos Holdings, Inc. Annual Report

Table of Contents

PART I

Investigations, audits, claims, disputes, enforcement actions, litigation, arbitration, or other legal proceedings could require us to pay potentially large damage awards or penalties and could be costly to defend, which would adversely affect our cash balances and profitability, and could damage our reputation.

We are subject to and may become a party to various other litigation, claims, investigations, audits, enforcement actions, arbitrations, or other legal proceedings that arise from time to time in the ordinary course of our business. Adverse judgments or settlements in some or all of these legal disputes may result in significant monetary damages, penalties, or injunctive relief against us. Any claims or litigation could be costly to defend, and even if we are successful or fully indemnified or insured, they could damage our reputation and make it more difficult to compete effectively or obtain adequate insurance in the future, and responding to any action may result in a significant diversion of management’s attention and resources. Litigation and other claims are subject to inherent uncertainties and management’s view of these matters may change in the future. For a description of our current legal proceedings, see “Item 3. Legal Proceedings” along with “Note 21—Commitments and Contingencies” of the notes to the consolidated financial statements contained within this Annual Report on Form 10-K.

Our business and operations expose us to numerous legal and regulatory requirements, and any violation of these requirements could harm our business.

We are subject to numerous state, federal and international laws and directives and regulations in the U.S. and abroad that involve matters central to our business, including but not limited to, data privacy and security, employment and labor relations, immigration, taxation, anti-corruption, anti-bribery, import-export controls, trade restrictions, internal and disclosure control obligations, securities regulation and anti-competition restrictions. Compliance with legal requirements is costly, time-consuming and requires significant resources. We also conduct business in certain identified growth areas, such as health information technology, energy and environmental services, which are highly regulated and may expose us to increased compliance risk. Violations of one or more of these legal requirements in the conduct of our business could result in significant fines and other damages, criminal sanctions against us or our officers, prohibitions on doing business and damage to our reputation. Violations of these regulations or contractual obligations related to regulatory compliance in connection with the performance of customer contracts could also result in liability for significant monetary damages, fines and criminal prosecution, unfavorable publicity, and other reputational damage, restrictions on our ability to compete for certain work and allegations by our customers that we have not performed our contractual obligations.

Our business is subject to complex and evolving laws and regulations regarding data privacy and security, which could subject us to investigations, claims, or monetary penalties against us, require us to change our business practices, or otherwise adversely affect our revenues and profitability.

We are subject to various laws and regulations in the U.S. and globally relating to data privacy and security. These laws and regulations are complex, constantly evolving, and may be subject to significant change in the future.

In the U.S., numerous federal, state, and local data privacy and security laws and regulations govern the collection, sharing, use, retention, disclosure, security, storage, transfer, and other processing of personal information, including protected health information. Numerous other states also are enacting or considering, comprehensive state-level data privacy and security laws.

Under DFARS and other federal regulations, we are required to implement the security and privacy controls in National Institute of Standards and Technology Special Publications on certain of our networks and information technology systems. We will also be subject to numerous emerging and as yet unspecified cybersecurity requirements under the FAR and through federal regulation, to include the DOD Cybersecurity Maturity Model Certification (“CMMC”) program, which, once implemented, will require successful assessment by a third party against specified cyber controls. We are in the process of evaluating our readiness against these new requirements and while we have confidence we will meet or


Leidos Holdings, Inc. Annual Report			23

Table of Contents

PART I

exceed requirements, to the extent we do not, we will be unable to bid on such contract awards, which could adversely impact our revenue and our profitability.

We also expect that there will continue to be new proposed laws, regulations, and industry standards concerning data privacy and security, and we cannot yet determine the impact such future laws, regulations and standards, or amendments to or re-interpretations of existing laws, regulations or standards, may have on our business. Any failure or perceived failure by us, our service providers, suppliers, subcontractors, or other business partners to comply with applicable laws, regulations, our public privacy policies and other public statements about data privacy and security and other obligations in these areas could result in regulatory or government actions lawsuits against us (including civil claims, such as representative actions and other class action-type litigation), legal liability, monetary penalties, fines, sanctions, damages and other costs, orders to cease or change our processing of data, changes to our business practices, diversion of internal resources, and harm to our reputation, all of which could adversely affect our business, financial condition and results of operations. We may also incur substantial expenses in implementing and maintaining compliance with such laws, regulations, and other obligations.

Environmental matters, including unforeseen costs associated with compliance and remediation efforts and government and third-party claims, could have a material adverse effect on our reputation and our financial position, results of operations, and cash flows.

Our operations are subject to and affected by various federal, state, local, and foreign environmental laws and regulations, as they may be expanded, changed, or enforced differently over time. Compliance with these existing and evolving environmental laws and regulations requires and is expected to continue to require significant operating and capital costs. We may be subject to substantial administrative, civil, or criminal fines, penalties, or other sanctions (including suspension and debarment) for violations. If we are found to be in violation of the Federal Clean Air Act or the Clean Water Act, the facility or facilities involved in the violation could be placed by the Environmental Protection Agency on a list of facilities that generally cannot be used in performing on U.S. government contracts until the violation is corrected.

Stricter or different remediation standards or enforcement of existing laws and regulations; new requirements, including regulation of new substances; discovery of previously unknown contamination or new contaminants; imposition of fines, penalties, or damages (including natural resource damages); a determination that certain remediation or other costs are unallowable; rulings on allocation or insurance coverage; and/or the insolvency, inability or unwillingness of other parties to pay their share, could require us to incur material additional costs in excess of those anticipated.

We may become a party to legal proceedings and disputes involving government and private parties (including individual and class actions) relating to alleged impacts from pollutants released into the environment, including bodily injury and property damage. These matters could result in material compensatory or other damages, remediation costs, penalties, non-monetary relief, and adverse allowability or insurance coverage determinations.

The impact of these factors is difficult to predict, but one or more of them could harm our reputation and business and have a material adverse effect on our financial position, results of operations and cash flows.

Increasing attention and changing expectations from governmental authorities, customers, and our employees with respect to our ESG-related practices may impose additional costs on us or expose us to new or additional risks.

There is increased attention from governmental organizations, customers, employees, and other stakeholders globally on companies’ environmental, social, and governance (“ESG”) practices and disclosures such as diversity, equity and inclusion, workplace culture, community investment, environmental management, climate impact, and information security. We may be expected to expend resources to monitor, report on, and adopt policies and practices that we believe will improve alignment with our evolving ESG strategy and goals, as well as ESG-related standards and expectations of legal regimes and stakeholders such as customers, investors, stockholders, raters, employees, and business partners.


24			Leidos Holdings, Inc. Annual Report

Table of Contents

PART I

If our practices and disclosures do not meet evolving rules and regulations or our stakeholder expectations and standards (or if we are viewed negatively based on positions we do or do not take or work we do or do not perform or cannot publicly disclose for certain customers and industries), then our reputation, our ability to attract or retain leading experts, employees and other professionals and our ability to attract new business and customers could be negatively impacted, as could our attractiveness as an investment, service provider, employer, or business partner. Similarly, our failure or perceived failure in our efforts to execute our ESG strategy, or to satisfy various reporting standards within the timelines expected by us and stakeholders or at all, could also result in similar negative impacts. Organizations that provide information to investors on corporate governance and related matters have developed rating processes for evaluating companies on their approach to ESG matters, and unfavorable ratings of our ESG efforts may lead to negative investor sentiment, diversion of investment to other companies, and difficulty in hiring skilled employees. In addition, our share price and demand for our securities could be adversely affected.

BUSINESS AND OPERATIONAL RISKS

The effects of an epidemic, pandemic, or similar outbreak have negatively impacted and could negatively impact, our business and financial results.

Any epidemics, pandemics, or similar outbreaks have in the past created (as in the case of COVID-19 and its variants) and could again create economic uncertainty and disruptions to the global economy that could adversely affect our businesses, or could lead to operational difficulties, including travel limitations, that could impair our ability to manage or conduct our business. Any future epidemic, pandemic, or similar outbreak may have similar impacts, and we cannot currently anticipate the potential impact on our business and results of operations.

Misconduct of employees, subcontractors, agents, suppliers, business partners or joint ventures and others working on our behalf could cause us to lose existing contracts or customers and adversely affect our ability to obtain new contracts and could have a material adverse impact on our business, reputation and future results.

Misconduct encompasses a wide range of improper activities that could pose risks to our business. This includes fraud, falsifying time records or other documentation, and violations of laws such as the Anti-Kickback Act. Non-compliance with our internal policies and procedures, as well as failure to adhere to federal, state, or local government procurement regulations—including those related to the use and protection of classified or sensitive information—also constitute misconduct. Examples include failure to comply with legislation on labor pricing and costs in government contracts, violating environmental, health, or safety laws, engaging in bribery of foreign government officials, breaching import-export controls, and participating in improper lobbying or similar activities.

Any incidents of data loss or information security lapses that compromise personal information or lead to the improper use or disclosure of sensitive or classified data could negatively impact us. We could face legal claims, incur remediation costs, and be subjected to regulatory investigations or sanctions. The damage to our reputation could be significant, leading to other potential liabilities. See also the risk factor: “Cybersecurity breaches and other information security incidents could negatively impact our business and financial results, impair our ability to effectively provide our services to our customers and cause harm to our reputation or competitive position.”

While we have established policies, procedures, training programs, and other compliance controls designed to prevent and detect misconduct, these measures may not be effective, exposing us to unforeseen risks or losses. This risk may increase as we continue to grow and engage with new partners. In our regular business operations, we form and participate in joint ventures—joint efforts or business arrangements of various types—which can introduce additional compliance complexities. Failure to comply with applicable laws or regulations could damage our reputation and subject us to administrative, civil, or criminal investigations and enforcement actions. Potential repercussions include fines and penalties, restitution or other damages, and the loss of security clearances. We might also face the loss of current and future customer contracts, revocation of privileges, and other sanctions such as suspension or debarment from contracting with federal, state, or local government agencies. Any of these outcomes would adversely affect our business, reputation, and future results.


Leidos Holdings, Inc. Annual Report			25

Table of Contents

PART I

A failure to attract, retain, and develop talent with critical skills, including our leadership team, would adversely affect our ability to execute our strategy and may disrupt our operations.

In addition, many U.S. government programs require contractors to have security clearances, some of which can be difficult and time-consuming to obtain and talent with such security clearances are in great demand. As a result, it is difficult to retain employees and meet all of our needs for employees in a timely manner, which may affect our growth. We believe our success will also depend on the continued employment of a highly qualified and experienced senior leadership team and its ability to retain existing business, generate new business, execute our business plans in an efficient and effective manner, and our ability to adequately plan for the succession of our senior leadership team and continually develop new members of senior leadership.

We may not realize the full amounts reflected in our backlog as revenues, which could adversely affect our expected future revenues and growth prospects.

Due to the U.S. government’s ability to not exercise contract options or to terminate, modify, or curtail our programs or contracts and the rights of our non-U.S. government customers to terminate contracts and purchase orders in certain circumstances, we may realize less than expected revenues or may never realize revenues from some of the contracts that are included in our backlog. Our unfunded backlog, in particular, contains management’s estimate of amounts expected to be realized on unfunded contract work that may never be realized as revenues. If we fail to realize as revenues amounts included in our backlog, our future revenues, profitability and growth prospects could be adversely affected.

Our earnings and profitability may vary based on the mix of our contracts and may be adversely affected by our failure to estimate and manage costs, time, and resources accurately.

We generate revenues under various types of contracts, including cost-reimbursement, FPIF, T&M, FPLOE and FFP contracts. Cost-reimbursement and T&M contracts are generally less profitable than FFP contracts. Our operating results in any period may also be affected, positively or negatively, by customers’ variable purchasing patterns of our more profitable proprietary products.

Our profitability is adversely affected when we incur contract costs that we cannot bill to our customers. While FFP contracts allow us to benefit from cost savings, these contracts also increase our exposure to the risk of cost overruns. Revenues from FFP contracts represented approximately 43% of our total revenues for fiscal 2024. When making proposals on these types of contracts, we rely heavily on our estimates of costs and timing to complete the associated projects, as well as assumptions regarding technical issues. In each case, our failure to accurately estimate costs or the resources and technology needed to perform our contracts or to effectively manage and control our costs during performance could result, and in some instances has resulted, in reduced profits or losses.


26			Leidos Holdings, Inc. Annual Report

Table of Contents

PART I

We use estimates in recognizing revenues, and if we make changes to estimates used in recognizing revenues, our profitability may be adversely affected.

We recognize revenue on our service-based contracts primarily over time as there is a continuous transfer of control to the customer throughout the contract as we perform the promised services, which generally requires estimates of total costs at completion, fees earned on the contract, or both. This estimation process, particularly due to the technical nature of the services performed, and the long-term nature of certain contracts, is complex and involves significant judgment. Adjustments to original estimates are often required as work progresses, experience is gained and additional information becomes known, even though the scope of the work required under the contract may not change. Any adjustment as a result of a change in estimate is recognized as events become known. Changes in the underlying assumptions, circumstances or estimates could result in adjustments that may adversely affect our future financial results. For a discussion of our use of estimates in the preparation of our consolidated financial statements, see “Critical Accounting Estimates” in “Item 7. Management’s Discussion and Analysis of Financial Condition and Results of Operations” of this Report, “Note 3—Summary of Significant Accounting Policies” of the notes to the consolidated financial statements contained within this Annual Report on Form 10-K.

Cybersecurity breaches and other information security incidents could negatively impact our business and financial results, impair our ability to effectively provide our services to our customers and cause harm to our reputation or competitive position.

Therefore, we are continuously exposed to unauthorized attempts to compromise access, release or otherwise compromise such information through cyber-attacks and other information security threats, including, among other things, physical break-ins, theft, denial-of-service attacks, worms, computer viruses, software bugs, malicious or destructive code, social engineering, phishing attacks and impersonating authorized users, credential stuffing, account takeovers, insider threats, malfeasance or improper access by employees or service providers, human error, fraud, use of AI, “bots” or other automation software, or other similar disruptions. We are also exposed to hackers who have requested “ransom” in exchange for not disclosing information or restoring access to information or systems. These techniques may be perpetrated by internal bad actors, such as employees or contractors, or by third parties (including traditional computer hackers, persons involved with well-funded organized crime or state-sponsored actors). This could lead to disruptions in mission-critical systems, unauthorized access to or release of personal, confidential, proprietary, sensitive or otherwise protected information and corruption of data or systems. Many statutory requirements, both in the U.S. and abroad, also include different obligations for companies to provide notice of information security incidents involving certain types of information (including obligations to notify affected individuals and regulators in the event of cybersecurity breaches involving certain personal information), which could result from breaches of our service providers, our suppliers or subcontractors.

We cannot guarantee that future incidents will not occur, and if an incident does occur, our incident response planning may not prove fully adequate. We may also not be able to mitigate its impacts successfully. Techniques used by others to gain unauthorized access to personal, confidential, proprietary, or sensitive information or disrupt systems and networks for economic or strategic gain are constantly evolving, increasingly sophisticated, increasingly difficult to detect and successfully defend against and may see their frequency increased, and effectiveness enhanced, by the use of AI. Further, cybersecurity risks may be heightened as a result of ongoing global conflicts such as the military conflict between Russia and Ukraine and the related sanctions imposed by the United States and other countries, or the ongoing conflict in the Middle East, which continues to expand.


Leidos Holdings, Inc. Annual Report			27

Table of Contents

PART I

We do not control our service providers and our ability to monitor their cybersecurity is limited, so we cannot ensure the cybersecurity measures they take will be sufficient to protect any information we share with them. Due to applicable laws and regulations or contractual obligations, we may be held accountable for cybersecurity breaches or other information security incidents attributed to our service providers as they relate to the information we share with them.

We seek to detect and investigate all information security incidents and to prevent their occurrence, prolongation, or recurrence. We continue to invest in and improve our threat protection, detection and mitigation policies, procedures and controls. In addition, we work with other companies in the industry and government participants on increased awareness and enhanced protections against information security and malicious insider threats. However, because of the evolving nature and sophistication of these security threats, which can be difficult to detect, there can be no assurance that our policies, procedures and controls, or those of our service providers, suppliers, or subcontractors, have protected against, detected, mitigated or will detect, prevent or mitigate, any of these threats and we cannot predict the full impact of any such past or future incident. As cybersecurity threats continue to evolve, we may be required to expend significant additional resources to continue to modify or enhance our protective measures or to investigate or remediate any information security vulnerabilities, cybersecurity breaches or other information security incidents.

We may also experience similar security threats to the information technology systems we develop, install, or maintain under customer contracts. Although we work cooperatively with our customers and other business partners, including our service providers, suppliers, and subcontractors, to seek to minimize the potential for and impact of cyber-attacks and other security threats, we must rely on the safeguards put in place by those entities. See also the risk factor “Internal system or service failures, or failures in the systems or services of third parties on which we rely, could disrupt our business and impair our ability to effectively provide our services and products to our customers, which could damage our reputation and adversely affect our revenues and profitability.”

The occurrence of any unauthorized access to, attacks on cybersecurity breaches of other information security threats to our or our service providers’, suppliers’ or subcontractors’ information technology infrastructure, systems or networks or data, or our failure to make adequate or timely disclosure to the public, regulators, or law enforcement agencies following any such event, could disrupt our infrastructure, systems, or networks or those of our customers, impair our ability to provide services to our customers and may jeopardize the security of data collected, stored, transmitted or otherwise processed through our information technology infrastructure, systems and networks. Any of the foregoing could adversely affect our reputation, ability to win work on sensitive contracts or loss of current and future contracts (including sensitive U.S. government contracts), business operations and financial results. While we have insurance against some cyber-risks and attacks, our insurer may deny coverage as to any future claim, our insurance coverage may not be sufficient to offset the impact of a material loss event, and such insurance may increase in cost or cease to be available on commercial terms in the future.

Internal system or service failures, or failures in the systems or services of third parties on which we rely, could disrupt our business and impair our ability to effectively provide our services and products to our customers, which could damage our reputation and adversely affect our revenues and profitability.

In addition, the failure or disruption of our communications, or those of our service providers, suppliers or subcontractors, could cause us to interrupt or suspend our operations or otherwise adversely affect our business. Our property and business


28			Leidos Holdings, Inc. Annual Report

Table of Contents

PART I

interruption insurance may be inadequate to compensate us for all losses resulting from any system or operational failure or disruption.

Although we maintain crisis management and disaster response plans, such events could make it difficult or impossible for us to deliver our services to our customers, could decrease demand for our services, could make existing customers unable or unwilling to fulfill their contractual requirements to us, including their payment obligations, and could cause us to incur substantial expense, including expenses or liabilities arising from potential litigation. If insurance or other risk transfer mechanisms are unavailable or insufficient to recover all costs or if we experience a significant disruption to our business due to a natural disaster, it could adversely affect our financial position, results of operations, and cash flows.

In addition to physical risks, climate change risks include longer-term shifts in climate patterns, such as extreme heat, rising sea levels, and more frequent and prolonged drought. We could also incur significant costs to improve the climate resiliency of our infrastructure and supply chain and otherwise prepare for, respond to, and mitigate the effects of climate change. We monitor developments in climate change-related laws, regulations and policies for their potential effect on us. However, we currently are not able to accurately predict the materiality of any potential costs associated with such developments.

In addition, our reputation and customer relationships may be negatively impacted as a result of our practices and policies, actual or perceived, related to climate change, including our involvement, or our customers’ involvement, in certain industries or projects associated with causing or exacerbating climate change, as well as any decisions we make to continue to conduct or change our activities in response to considerations relating to climate change.

Customer systems failures could damage our reputation and adversely affect our revenues and profitability.

Many of the systems and networks that we develop, install and maintain for our customers involve managing and protecting personal information and information relating to national security and other sensitive government functions. While we have programs designed to comply with relevant data privacy and security laws and restrictions, if a system or network that we develop, install, or maintain were to fail or experience a security breach or service interruption, whether caused by us, third-party service providers, cybersecurity threats or other events, we may experience loss of revenue, remediation costs or face claims for damages or contract termination. Any such event could cause serious harm to our reputation and prevent us from having access to or being eligible for further work on such systems and networks. Our errors and omissions liability insurance may be inadequate to compensate us for all of the damages that we may incur, and, as a result, our future results could be adversely affected.

Our success depends, in part, on our ability to work with complex and rapidly changing technologies to meet the needs of our customers.

We design and develop technologically advanced and innovative products and services applied by our customers in various environments. Our success depends upon our ability to identify emerging technological trends, develop technologically advanced, innovative, and cost-effective products and services, and market these products and services to our customers. Our success also depends on our continued access to suppliers of important technologies and components. Many of our contracts contain performance obligations that require innovative design capabilities, are technologically complex, or depend on factors not wholly within our control. Problems and delays in development or delivery as a result of issues with respect to design, technology, licensing and patent rights, labor, learning curve assumptions, or materials and components could prevent us from achieving such contractual requirements. Failure to meet these obligations could adversely affect our profitability and future prospects. In addition, our offerings cannot be tested and proven in all situations and are otherwise subject to unforeseen problems that could negatively affect revenue and profitability, such as problems with quality and


Leidos Holdings, Inc. Annual Report			29

Table of Contents

PART I

workmanship, country of origin, delivery of subcontractor components or services, unplanned degradation of product performance, and unauthorized use or modifications of our products and services. Among the factors that may affect revenue and profits could be unforeseen costs and expenses not covered by insurance or indemnification from the customer, diversion of management focus in responding to unforeseen problems, loss of follow-on work, and, in the case of certain contracts, repayment to the government customer of contract costs and fee payments we previously received.

We utilize artificial intelligence, which could expose us to liability or adversely affect our business, especially if we are unable to compete effectively with others in adopting artificial intelligence.

We utilize artificial intelligence, including generative artificial intelligence, machine learning, and similar tools and technologies that collect, aggregate, analyze, or generate data or other materials or content (collectively, “AI”) in connection with our business. There are significant risks involved in using AI and no assurance can be provided that our use of AI will enhance our products or services, produce the intended results, or keep pace with our competitors. For example, AI algorithms may be flawed, insufficient, of poor quality, rely upon incorrect or inaccurate data, reflect unwanted forms of bias, or contain other errors or inadequacies, any of which may not be easily detectable; AI has been known to produce false or “hallucinatory” inferences or outputs; our use of AI can present ethical issues and may subject us to new or heightened legal, regulatory, ethical, or other challenges; and inappropriate or controversial data practices by developers and end-users, or other factors adversely affecting public opinion of AI, could impair the acceptance of AI solutions, including those incorporated in our products and services. If the AI tools that we use are deficient, inaccurate, or controversial, we could incur operational inefficiencies, competitive harm, legal liability, brand or reputational harm, or other adverse impacts on our business and financial results. If we do not have sufficient rights to use the data or other material or content on which the AI tools we use rely, we also may incur liability through the violation of applicable laws and regulations, third-party intellectual property, data privacy, or other rights, or contracts to which we are a party.

In addition, AI regulation is rapidly evolving worldwide as legislators and regulators increasingly focus on these powerful emerging technologies. AI is the subject of ongoing review by various U.S. governmental and regulatory agencies, and various U.S. states and other foreign jurisdictions are applying, or are considering applying, their platform moderation, data privacy, and security laws and regulations to AI or are considering general legal frameworks for AI. For example, the EU’s Artificial Intelligence Act (the “AI Act”), which entered into force on August 1, 2024, establishes, among other things, a risk-based governance framework for regulating AI systems operating in the EU. We may not be able to anticipate how to respond to these rapidly evolving frameworks, and we may need to expend resources to adjust our operations or offerings in certain jurisdictions if the legal frameworks are inconsistent across jurisdictions. Furthermore, because AI technology itself is highly complex and rapidly developing, it is not possible to predict all of the legal, operational, or technological risks that may arise relating to the use of AI.

We have classified contracts with the U.S. government, which may limit investor insight into portions of our business.

We derive a portion of our revenues from programs with the U.S. government and its agencies that are subject to security restrictions (e.g., contracts involving classified information and classified programs), which preclude the dissemination of information and technology that is classified for national security purposes under applicable law and regulation. In general, access to classified information, technology, facilities, or programs requires appropriate personnel security clearances, is subject to additional contract oversight and potential liability, and may also require appropriate facility clearances and other specialized infrastructure. In the event of a security incident involving classified information, technology, facilities, programs, or personnel holding clearances, we may be subject to legal, financial, operational and reputational harm. We are limited in our ability to provide information about these classified programs, their risks or any disputes or claims relating to such programs. As a result, investors have less insight into our classified business or our business overall. However, historically the business risks associated with our work on classified programs have not differed materially from those of our other government contracts.


30			Leidos Holdings, Inc. Annual Report

Table of Contents

PART I

We have made and continue to make acquisitions, investments, joint ventures and divestitures that involve numerous risks and uncertainties.

From time to time, we pursue strategic acquisitions, investments and joint ventures. We also may enter into relationships with other businesses to expand our products or our ability to provide services. These transactions require a significant investment of time and resources and may disrupt our business and distract our management from other responsibilities. Acquisitions, investments and joint ventures pose many other risks that could adversely affect our reputation, operations, or financial results, including that:

uwe may not be able to identify, compete effectively for or complete suitable acquisitions and investments at prices we consider attractive;

uwe may not be able to accurately estimate the financial effect of acquisitions and investments on our business or realize anticipated synergies, business growth, or profitability and may be unable to recover investments in any such acquisitions and investments;

uwe may not be able to manage the integration process for acquisitions successfully, and the integration process may divert management time and focus from operating our business, including as a result of incompatible accounting, information management, or other control systems;

uacquired technologies, capabilities, products, and service offerings, particularly those that are still in development when acquired, may not perform as expected, may have defects or may not be integrated into our business as expected;

uwe may have trouble retaining key employees and customers of an acquired business;

uwe may need to implement or improve controls, procedures and policies at a business that prior to the acquisition may have lacked sufficiently effective controls, procedures and policies, including those relating to financial reporting, revenue recognition or other financial or control deficiencies;

uwe may assume legal or regulatory risks, particularly with respect to smaller businesses that have immature business processes and compliance programs, or may be required to comply with additional laws and regulations or to engage in remediation efforts to cause the acquired company to comply with applicable laws and regulations, or result in liabilities resulting from the acquired company’s failure to comply with applicable laws or regulations;

uwe may face litigation or material liabilities that were not identified or were underestimated as part of our due diligence or for which we are unable to receive a purchase price adjustment or reimbursement through indemnification, including intellectual property claims and disputes or claims from terminated employees, customers, former stockholders or other third parties, or there may be other unanticipated write-offs or charges;

uwe may be required to spend a significant amount of cash or to incur debt, resulting in limitations on other potential uses for cash, increased fixed payment obligations or covenants or other restrictions on us, or issue shares of our common stock or convertible debt, resulting in dilution of ownership;

uwe may not be able to influence the operations of our joint ventures effectively, or we may be exposed to certain liabilities if our joint venture partners do not fulfill their obligations; and

uif our acquisitions, investments, or joint ventures fail, perform poorly, or their value is otherwise impaired for any reason, including contractions in credit markets and global economic conditions, our business and financial results could be adversely affected.

In addition, we periodically divest businesses, including businesses that are no longer a part of our ongoing strategic plan. These divestitures similarly require a significant investment of time and resources, may disrupt our business, distract management from other responsibilities and may result in losses on disposal or continued financial involvement in the divested business, including through indemnification, guarantee or other financial arrangements, for a period of time following the transaction, which would adversely affect our financial results.


Leidos Holdings, Inc. Annual Report			31

Table of Contents

PART I

Goodwill represents a significant asset on our balance sheet and any impairment of this asset could negatively impact our results of operations, and shareholders’ equity.

As of January 3, 2025, goodwill was 46% of our total assets. The amount of our goodwill may substantially increase in the future as a result of any acquisitions that we make. Goodwill is tested for impairment whenever events or changes in circumstances indicate that the carrying value may not be recoverable and at least annually. The impairment test is based on several factors requiring judgment. Adverse changes in fiscal and economic conditions, such as those related to federal budget cuts and the nation’s debt ceiling, deteriorating market conditions for companies in our industry and unfavorable changes in discount rates could result in an impairment of goodwill. For example, during fiscal 2023, the SES reporting unit refined its portfolio and made strategic business decisions to exit certain product offerings, and cease operations in certain countries in order to align the operations of the reporting unit with its strategic business plan. These decisions, along with the delays in airline travel infrastructure projects and higher than anticipated costs of servicing, contributed to a significant reduction in the reporting unit’s forecasted revenue and cash flows. As a result, we conducted a quantitative goodwill impairment analysis, and our estimates led us to determine that the carrying value of the SES reporting unit exceeded its estimated fair value. Accordingly, we recognized a non-cash goodwill impairment charge of $596 million in fiscal 2023. Any future impairment of goodwill could have a negative impact on our results of operations and shareholders’ equity in the period in which they are recognized. For additional information on our accounting policies related to impairment of goodwill, see our discussion under “Critical Accounting Estimates” in “Item 7. Management’s Discussion and Analysis of Financial Condition and Results of Operations” of this Annual Report on Form 10-K, “Note 3—Summary of Significant Accounting Policies” and “Note 8—Goodwill and Intangible Assets” of the notes to the consolidated financial statements contained within this Annual Report on Form 10-K.

We depend on our teaming arrangements and relationships with other contractors and subcontractors. If we are not able to maintain these relationships, or if these parties fail to satisfy their obligations to us or the customer, our revenues, profitability and growth prospects could be adversely affected.

Our future revenues and growth prospects could be adversely affected if other contractors eliminate or reduce their contract relationships with us or if the U.S. government terminates or reduces these other contractors’ programs, does not award them new contracts, or refuses to pay under a contract. Companies that do not have access to U.S. government contracts may perform services as our subcontractor, and that experience could enhance such companies’ prospect of securing a future position as a prime U.S. government contractor, which could increase competition for future contracts and impair our ability to perform on contracts. We may have disputes with our subcontractors arising from, among other things, the quality and timeliness of work performed by the subcontractor, customer concerns about the subcontractor, our failure to extend existing task orders or issue new task orders under a subcontract, our hiring of a subcontractor’s personnel or the subcontractor’s failure to comply with applicable law. Significant losses could arise in future periods and subcontractor performance deficiencies could result in our termination for default. A termination for default could eliminate a revenue source, expose us to liability and have an adverse effect on our ability to compete for future contracts and task orders, especially if the customer is an agency of the U.S. government.

Our services and operations, which sometimes involve using, handling, or disposing of hazardous substances, are subject to numerous environmental, health and safety laws and regulations, pursuant to which we could face potentially significant liabilities, costs or obligations.

Our services are subject to numerous environmental, health, and safety laws and regulations. These activities and our operations generally subject us to complex and stringent foreign, federal, state, and local environmental, health, and safety laws and regulations, which have tended to become more stringent over time. Among other things, these laws and regulations require us to incur costs to comply and could impose liability on us for handling or disposing of hazardous substances. For example, we provide infrastructure and site services necessary to accomplish critical waste management and the continued environmental cleanup of the Hanford Site in southeastern Washington. In addition, some of our work sites put our employees and others in close proximity with mechanized


32			Leidos Holdings, Inc. Annual Report

Table of Contents

PART I

equipment, moving vehicles, chemical and manufacturing processes, and highly regulated materials. On some work sites, we may be responsible for safety and have an obligation to implement effective safety procedures. If we fail to implement these procedures, or if the procedures we implement are ineffective, we may suffer the loss of or injury to our employees, as well as expose ourselves to possible litigation.

Failure to comply with these environmental, health and safety laws and regulations could result in civil, criminal, regulatory, administrative, or contractual sanctions, including fines, penalties, suspension or debarment from contracting with the U.S. government, or reputational harm. In addition, our failure to maintain adequate safety standards and equipment could result in reduced profitability and loss of work or customers. Past business practices at companies that we have acquired may also expose us to future unknown environmental liabilities. Liabilities related to environmental contamination, human exposure to hazardous substances, or violations of these laws or regulations, could result in substantial costs to us, including cleanup costs, fines, civil or criminal sanctions, and third-party claims for property loss or damage or personal injury. Our continuing work in the areas governed by these laws and regulations exposes us to the risk of substantial liability and may adversely affect our financial condition and operating results.

We could incur significant liabilities and suffer negative publicity if our inspection or detection systems fail to detect bombs, explosives, weapons, contraband or other threats.

We design, develop, manufacture, sell, service, and maintain various inspection systems and related integration and automation systems designed to assist in detecting bombs, explosives, weapons, contraband, or other threats. In some instances, we also train operators of such systems. Such algorithms are probabilistic in nature and are generally designed to meet requirements established by regulatory agencies. Many of these systems require that an operator interpret an image of suspicious items within a bag, parcel, container, vehicle, or other vessel. Others signal to the operator that further investigation is required, and the training, reliability, and competence of the customer’s operator are crucial to the detection of suspicious items. Nevertheless, if such a system were to fail to signal to an operator when an explosive or other contraband was, in fact, present, resulting in significant damage, we could become the subject of significant product liability claims. There are many factors, some of which are beyond our control, that could result in the failure of our products to help detect the presence of bombs, explosives, weapons, contraband, or other threats. Some of these factors could include inherent limitations in our systems and misuse or malfunction of our systems. The failure of our systems to help detect the presence of any of these dangerous materials could lead to injury, death, and extensive property damage and may lead to product liability, professional liability, or other claims against us.

Our insurance, customer indemnifications or other liability protections may be insufficient to protect us from product and other liability claims or losses.

Our insurance may be insufficient to protect us from significant product and other liability claims or losses. Moreover, there is a risk that commercially available liability insurance will not continue to be available to us at a reasonable cost, if at all. In some circumstances, we are entitled to certain legal protections or indemnifications from our customers through contractual provisions, laws, regulations, or otherwise. However, these protections are not always available, can be difficult to obtain, are typically subject to certain terms or limitations, including the availability of funds, and may not be sufficient to cover all losses or liabilities incurred. If liability claims or losses exceed our current or available insurance coverage, customer indemnifications, or other legal protections, our business, financial position, operating results and prospects may be harmed.


Leidos Holdings, Inc. Annual Report			33

Table of Contents

PART I

We face risks associated with our international business.

During fiscal 2024, revenue attributable to our services provided outside of the United States to non-U.S. customers was approximately 8% of our total revenue. Our international business operations may be subject to additional and different risks than our U.S. business. These risks and challenges include:

ufailure to comply with U.S. government and foreign laws and regulations applicable to international business, including, without limitation, those related to employment, data privacy and security, taxes, technology transfer, information security, environment, data transfer, import and export controls (including the International Traffic in Arms Regulations (“ITAR”) administered by the U.S. Department of State and the anti-boycott provisions of the Export Administration Regulations (“EAR”) administered by the U.S. Department of Commerce’s Bureau of Industry and Security), sanctions, and other administrative, legislative or regulatory actions that could materially interfere with our ability to offer our products or services in certain countries or have an adverse impact on our business with the U.S. government, and expose us to risks and costs of noncompliance with such laws and regulations, in addition to administrative, civil or criminal penalties;

uincreased financial and legal risks arising, for example, from foreign exchange rate variability, imposition of tariffs or additional taxes, inflation, restrictive trade policies, longer payment cycles, delays or failures to collect amounts due to us and differing legal systems, and which may adversely affect the performance of our services, sale of our products or repatriation of our profits;

upolitical or economic instability, international security concerns and geopolitical conflict in countries where we provide services and products in support of the U.S. government and other customers in countries, which increases the risk of an incident resulting in injury or loss of life, damage or destruction of property, inability to meet our contractual obligations or retaliatory measures taken in respect thereof;

uthe ongoing conflict between Russia and Ukraine, which has resulted in the imposition by the U.S. and other nations of restrictive actions against Russia, Belarus and certain banks, companies and individuals; and

uthe ongoing conflict in the Middle East, which continues to expand.

We are also subject to the U.S. Foreign Corrupt Practices Act (“FCPA”), the U.K. Bribery Act of 2010 (the “U.K. Bribery Act”) and other anti-corruption and anti-bribery laws and regulations in jurisdictions where we do business. These laws and regulations generally prohibit improper payments or offers of improper payments to government officials, political parties, or commercial partners to obtain or retain business or secure an improper business advantage. We have operations, and deal with and make sales to governmental or quasi-governmental entities in non-U.S. countries, including those known to experience corruption, and further expansion of our non-U.S. sales efforts may involve additional regions. In many countries, particularly countries with developing economies, it may be common for businesses to engage in practices prohibited by the FCPA or other applicable laws and regulations. Our activities in these countries pose a heightened risk of unauthorized payments or offers of payments by one of our employees or third-party business partners, representatives, and agents that could violate various laws, including the FCPA. The FCPA, U.K. Bribery Act and other applicable anti-bribery and anti-corruption laws may also hold us liable for acts of corruption and bribery committed by our third-party business partners, representatives, and agents. We and our third-party business partners, representatives, and agents may have direct or indirect interactions with officials and employees of government agencies or state-owned or affiliated entities, and we may be held liable for the corrupt or other illegal activities of our employees or such third parties even if we do not explicitly authorize such activities. The FCPA or other applicable laws and regulations also require that we keep accurate books and records and maintain internal controls and compliance procedures designed to prevent any such actions. While we have implemented policies and procedures to address compliance with such laws, we cannot assure you that our employees or other third parties working on our behalf have not engaged or will not engage in conduct in violation of our policies or applicable law for which we might ultimately be held responsible.

Violations of any of these laws or regulations, including the FCPA and the U.K. Bribery Act, may result in whistleblower complaints, negative media coverage, investigations, imposition of significant legal fees, loss of export privileges, as well as severe criminal or civil sanctions, including suspension or debarment from U.S. government contracting. We may also be subject to other liabilities and adverse effects on our reputation, which could negatively affect our business, results of operations, financial condition, and growth prospects. In addition, responding to any enforcement action may result in a significant diversion of management’s attention and resources and significant defense costs and other professional fees. Our exposure for violating these laws will increase as our non-U.S. presence expands and as we increase sales and operations in foreign jurisdictions.


34			Leidos Holdings, Inc. Annual Report

Table of Contents

PART I

For additional information regarding government investigations and reviews we are subject to, see “Government Investigations and Reviews” in “Note 21—Commitments and Contingencies” of the notes to the consolidated financial statements contained within this Annual Report on Form 10-K.

We have only a limited ability to protect or exploit intellectual property rights, which are important to our success.

Despite our efforts to protect our intellectual property and other proprietary rights, third parties may attempt to obtain, copy, use, or disclose our intellectual property or other proprietary information or technology without our authorization. Although our employees and contractors are subject to confidentiality obligations and use restrictions, this protection may be inadequate to deter or prevent them from infringing, misappropriating, or otherwise violating our confidential information, technology, or other intellectual property or proprietary rights, and can be difficult to enforce. In addition, trade secrets are generally difficult to protect, and some courts inside and outside the United States may be less willing or unwilling to protect trade secrets.

Our intellectual property rights may be challenged by others, invalidated, narrowed in scope, or held unenforceable through administrative process or litigation in the United States or foreign jurisdictions. Additionally, because of the substantial amount of discovery required in connection with intellectual property litigation, there is a risk that some of our confidential information could be compromised by disclosure during this type of litigation. Also, in connection with our performance of services for the U.S. government, the U.S. government has certain rights to inventions, data, software codes and related material and intellectual property that we develop under government-funded contracts and subcontracts, which means that the U.S. government may disclose or license our information and intellectual property to third parties, including, in some instances, our competitors. Any exercise of such rights by the U.S. government could adversely affect our competitive position, business, financial condition, results of operations and prospects. We also may be limited in our ability to disclose or license such information and intellectual property to third parties and the U.S. government may also decline to make the intellectual property of others available to us under acceptable terms.

Even if we believe that intellectual property-related claims are without merit, litigation may be necessary to determine the scope and validity of intellectual property or proprietary rights of others or to protect or enforce our intellectual property rights. If, with respect to any claim against us for violation of third-party intellectual property rights, we are unable to prevail in the litigation, retain or obtain sufficient rights, develop non-infringing solutions or otherwise alter our business practices on a timely or cost-efficient basis, our business and competitive position may be adversely affected. In addition, our contracts generally indemnify our customers for third-party claims for intellectual property infringement by our services and products. Besides the expense and time to defend such claims and the cost of any large indemnity payments, any dispute with a customer with respect to such obligations could also have adverse effects on our relationship with that customer and other existing and new customers, requiring us to pay substantial royalty or licensing fees, and divert management’s attention, any of which could harm our business, financial condition and results of operations.


Leidos Holdings, Inc. Annual Report			35

Table of Contents

PART I

Changes in tax laws and regulations or exposure to additional tax liabilities could adversely affect our financial results.

We are subject to income taxes in the U.S. and numerous foreign jurisdictions. Changes in U.S. (federal or state) or foreign tax laws and regulations, or their interpretation and application, including those with retroactive effect, could result in increases in our tax expense and adversely affect our financial results. See “Liquidity and Capital Resources” in “Item 7. Management’s Discussion and Analysis of Financial Condition and Results of Operations” contained within this Annual Report on Form 10-K for additional information on the impact of this change.

Significant judgment is required in determining our worldwide provision for income taxes. In the ordinary course of our business, there are many transactions and calculations where the ultimate tax determination is uncertain. We are regularly under audit by tax authorities. Although we believe that our tax estimates and tax positions are reasonable, they could be materially affected by many factors, including the final outcome of tax audits and related litigation, the introduction of new tax accounting standards, legislation, regulations, and related interpretations, our global mix of earnings, the realizability of deferred tax assets and changes in uncertain tax positions. An increase or decrease in our effective tax rate, or an ultimate determination that we owe more taxes than the amounts previously accrued, could have a material adverse impact on our financial condition and results of operations.

The U.S. government may prefer minority-owned, small and small disadvantaged businesses; therefore, we may have fewer opportunities to bid on certain contracts.

As a result of the Small Business Administration set-aside program, the U.S. government may decide to restrict certain procurements only to bidders that qualify as minority-owned, small, or small disadvantaged businesses. As a result, we would not be eligible to perform as a prime contractor on those programs and would be restricted to a maximum of 49% of the work as a subcontractor on those programs. An increase in the number of procurements under the Small Business Administration set-aside program may impact our ability to bid on new procurements as a prime contractor or restrict our ability to re-compete on incumbent work that is placed in the set-aside program.

We might be adversely impacted by fluctuations in foreign currency exchange rates.

We conduct our business in various currencies, including the U.S. dollar, the British pound and the Australian dollar. Changes in foreign currency exchange rates could reduce our revenues, increase our costs or otherwise adversely affect our financial results reported in U.S. dollars. We may from time to time enter into foreign currency contracts, foreign currency borrowings or other techniques intended to hedge a portion of our foreign currency exchange rate risks. These hedging activities may not completely offset the adverse financial effects of unfavorable movements in foreign currency exchange rates during the time hedges are in place. Any of these risks might have an adverse impact on our business operations and our financial position, results of operations or cash flows.

RISKS RELATING TO OUR STOCK

We cannot assure you that we will continue to pay or increase dividends on our common stock or to repurchase shares of our common stock.

Decreases in asset values or increases in liabilities, including liabilities associated with employee benefit plans and assets and liabilities associated with taxes, can reduce cash, net earnings, and stockholders’ equity. In addition, the timing and amount of share repurchases under Board-approved share repurchase plans are within the discretion of management and will depend on many factors, including our ability to generate sufficient cash flows from operations in the future or to borrow money from available financing sources, results of operations, capital requirements, general business conditions, and applicable law. Our payment of dividends and share repurchases could vary from historical practices or our stated expectations. A change in our dividend or share repurchase programs could have an adverse effect on the market price of our common stock.

Provisions in our charter documents and under Delaware law could delay or prevent transactions that many stockholders may favor.

These restrictions, which may also make it more difficult for our stockholders to elect directors not endorsed by our current directors and management, include mergers and certain other business combinations between a related person and


36			Leidos Holdings, Inc. Annual Report

Table of Contents

PART I

us requiring approval by the holders of a majority of the voting power of such securities that are not owned by the related person unless approved by a majority of continuing directors or certain other exceptions; our stockholders may not act by written consent; our Board may issue, without stockholder approval, shares of undesignated preferred stock, the terms of which may be determined by the Board; and we are also subject to certain restrictions on business combinations under Section 203 of the Delaware General Corporation Law, which imposes additional requirements for business combinations, and may prevent our stockholders from receiving the benefit from any premium to the market price of our common stock offered by a bidder in a takeover context.

Unresolved Staff Comments

None.

Cybersecurity

RISK MANAGEMENT AND STRATEGY

Cybersecurity risk management is an integral part of our digital posture and enterprise risk management strategy. Cybersecurity is critical to maintaining the trust of our customers and business partners, and we are committed to protecting our and their confidential and sensitive information, including personal information, and mitigating cybersecurity risks that impact our systems and networks. We maintain technologies, programs and processes designed to assess, identify, manage and mitigate cybersecurity risks. Our efforts include regular monitoring of Leidos-managed systems and networks for internal and external cybersecurity threats, providing cybersecurity training to our employees during the onboarding process and annually, and continually reviewing and refining formal policies and procedures designed to deter, identify and remediate cybersecurity incidents. We regularly perform evaluations of our cybersecurity program and continue to invest in our capabilities to keep our customers, partners, suppliers and information assets in our possession safe.

Our Chief Information Security Officer leads our Cybersecurity Intelligence and Response Team (“CSIRT”) whose function is to stay apprised of existing and emerging cyber threats and monitor our global enterprise and proactively identify and protect against cybersecurity risk. The CSIRT uses intelligence collected from various sources, fused with intelligence collected from analysis and response actions, to proactively search for, and address adversary activity against the Leidos network. The CSIRT possesses in-depth knowledge of network, endpoint, perimeter security systems, identity, data protection, threat intelligence, forensics, penetration testing and malware reverse engineering, as well as the functioning of specific applications or underlying information technology infrastructure.

Leidos CSIRT owns the incident response process and provides direction and guidance to users of Leidos computing resources when responding to cybersecurity incidents. Leidos CSIRT also provides intrusion monitoring of networks and information systems and continuously monitors the Leidos computing environments and performs triage and analysis of events to identify potential incidents.

We employ multiple security and monitoring systems and applications throughout the Company to identify, alert, report and log authorized and unauthorized access to the Leidos systems and networks. We use an application that collects, correlates, and notifies CSIRT analysts regarding any item meeting an electronic intrusion event. We categorize anomalous cyber events into discrete levels in which cybersecurity matters are escalated to certain levels of management, as well as our Board, based on the severity of the incident, as appropriate. Sharing cyber threat information at these levels supports the Company’s ability to integrate cybersecurity considerations into its overarching risk management system and processes.

We also conduct periodic internal and third-party assessments to test our cybersecurity controls, perform cyber simulations and exercises, and continually evaluate our internal governing policies and procedures to help detect and respond to cybersecurity events in order to reduce harms or impacts from breaches and other information security incidents.


Leidos Holdings, Inc. Annual Report			37

Table of Contents

PART I

GOVERNANCE

MANAGEMENT’S RESPONSIBILITIES

Our global information security program is led by our corporate Chief Information Security Officer, who works closely with key corporate functional and line of business stakeholders. The Chief Information Security Officer partners with these functions for the purpose of identifying, considering and assessing material cybersecurity risks on an ongoing basis, establishing processes to ensure that such potential cybersecurity risks are monitored, implementing appropriate mitigation measures, reporting cybersecurity breaches and other information security incidents, and maintaining our cybersecurity program. The team of senior management officers, who support our information security program, have expertise with cybersecurity, as demonstrated qualifications such as by prior work experience, possession of a cybersecurity certification, degree, or other cybersecurity experience. Our management team receives regular updates on our cybersecurity posture and reviews detailed information about our cybersecurity preparedness. Additionally, we have a Leidos Security Council that is co-chaired by the Chief Information Security Officer and the Chief Security Officer to address “all security hazards” across our global enterprise to ensure cohesion and effectiveness of our combined security governance and risk mitigations.

BOARD’S ROLES AND RESPONSIBILITIES

We have a Technology and Information Security Committee, comprised of six board members, with relevant backgrounds and experience, that oversees and advises the Board and management on matters involving the Company’s overall strategic direction and significant business risks and opportunities in the areas of technology and information security.

At least quarterly, management provides our Board and the Technology and Information Security Committee with updates about our cybersecurity and related risk exposures, our policies and procedures to mitigate such exposures and the status of projects to strengthen our information security infrastructure and program maturity and defend against and respond to cybersecurity threats. In addition, we use a risk-based escalation process to notify the Board and the Technology and Information Security Committee outside of the regular reporting cycle should we identify a significant emerging risk or potentially material issue that should be brought to their attention.

CYBERSECURITY THREATS

To date, we have not identified any cybersecurity threats that have materially affected or are reasonably likely to materially affect our business strategy, results of our operations, or our financial condition. However, despite our efforts to identify and respond to cybersecurity threats, we cannot eliminate all risks from cybersecurity threats, or provide assurances that we have not experienced an undetected cybersecurity incident. For more information about these risks, please see “Risk Factors – Cybersecurity breaches and other information security incidents could negatively impact our business and financial results, impair our ability to effectively provide our services to our customers and cause harm to our reputation or competitive position” in this Annual Report on Form 10-K.

Recently Filed

Click on a ticker to see risk factors

Ticker *	File Date
BZYR	7 hours ago
DOCS	7 hours ago
CSWC	7 hours ago
TTWO	17 hours ago
EDUC	1 day, 6 hours ago
QRVO	1 day, 7 hours ago
AREC	1 day, 17 hours ago
KCRD	4 days, 5 hours ago
RBC	4 days, 7 hours ago
SGRP	4 days, 7 hours ago
PNXP	5 days, 5 hours ago
GEN	5 days, 6 hours ago
ESSI	5 days, 6 hours ago
HLI	5 days, 6 hours ago
NTCT	5 days, 7 hours ago
BOOT	5 days, 7 hours ago
WMS	5 days, 7 hours ago
GWLL	5 days, 8 hours ago
EZOO	5 days, 17 hours ago
DXC	6 days, 3 hours ago
STAI	6 days, 6 hours ago
HWKN	6 days, 7 hours ago
SNRG	6 days, 15 hours ago
MESA	1 week ago
RGBP	1 week ago
GAIN	1 week ago
EA	1 week ago
EBF	1 week ago
WNS	1 week ago
WAST	1 week, 1 day ago
CEIN	1 week, 1 day ago
HMBL	1 week, 4 days ago
LIMX	1 week, 4 days ago
PBH	1 week, 4 days ago
MCK	1 week, 5 days ago
CELU	1 week, 5 days ago
MINR	1 week, 5 days ago
TBH	1 week, 6 days ago
NVEC	1 week, 6 days ago
SAR	1 week, 6 days ago
AIXN	1 week, 6 days ago
SUAC	2 weeks ago
NCRA	2 weeks ago
HIGR	2 weeks ago
LVPA	2 weeks ago
CVLT	2 weeks, 1 day ago
JOCM	2 weeks, 1 day ago
OAKU	2 weeks, 4 days ago
LGSP	2 weeks, 4 days ago
DGLY	2 weeks, 4 days ago

OTHER DATASETS

House Trading

Dashboard

Corporate Flights

Dashboard

App Ratings

Dashboard

Strategies

Alerts

Browse Data

Risk Factors Dashboard

View risk factors by ticker

Search filings by term

Risk Factors - LDOS

-New additions in green
-Changes in blue
-Hover to see similar sentence in last filing

Recently Filed

OTHER DATASETS

House Trading

Corporate Flights

App Ratings

TRADE SMARTER

TRADE SMARTER

Strategies

Alerts

Browse Data

Risk Factors Dashboard

View risk factors by ticker

Search filings by term

Risk Factors - LDOS

-New additions in green-Changes in blue-Hover to see similar sentence in last filing

Recently Filed

OTHER DATASETS

House Trading

Corporate Flights

App Ratings

TRADE SMARTER

TRADE SMARTER

-New additions in green
-Changes in blue
-Hover to see similar sentence in last filing