Risk Factors - MMS

-New additions in green
-Changes in blue
-Hover to see similar sentence in last filing

Item 1A. Risk Factors

Our operations are subject to many risks that could adversely affect our future financial condition, results of operations, and cash flows, and, therefore, the market value of our securities. The risks described below highlight some of the factors that have affected and, in the future, could affect our operations. Additional risks we do not yet know of or that we currently think are immaterial may also affect our business operations. If any of the events or circumstances described in the following risks actually occurs, our business, financial condition, or results of operations could be materially adversely affected.

Risks Pertaining to Our Client Relationships

We rely on key contracts with state, local, and federal governments for a significant portion of our revenue. A substantial reduction in those contracts would materially adversely affect our operating results.

In fiscal year 2025, approximately 55% of our total revenue was derived from the U.S. federal government, and approximately 33% of our total revenue was derived from contracts with state and local government agencies. Any significant disruption or deterioration in our relationship with federal, state, and local governments and a corresponding reduction in these contracts would significantly reduce our revenue and could substantially harm our business.

In fiscal year 2025, approximately 60% of our revenue came from our ten largest contracts. Furthermore, approximately one-fifth of our revenue came from contracts with a single federal agency. If any of our current significant contracts or significant contracts we enter into in the future were terminated or our work under those contracts was decreased, our revenues and net income could significantly decline. Additional potential impacts of the loss of a significant contract or contracts might include impairment charges related to tangible and intangible assets, including goodwill. Our success will depend on our continued ability to develop and manage relationships with significant customers and there is no assurance that we will be able to diversify our customer base in the near future, if at all.

The markets in which we sell our services are served by a relatively small number of governmental agencies, which limits the number of potential customers. We cannot provide assurance that we will be able to retain our largest customers, that we will be able to attract additional customers, or that our customers will continue to buy our services in the same volume as in prior years. The loss of one or more of our largest customers, any reduction or delay in sales to these customers, our inability to successfully develop relationships with additional customers, or future price concessions could impact our business.

Our contracts typically run for a fixed number of years and may be extended for an additional specified number of years if the contracting entity or its agent elects to do so. When these contracts expire, they may be opened for bidding to competing bidders, and there is no guarantee that the contracts will be renewed or extended. When these contracts expire, they may be opened for bidding by competing bidders, and there is no guarantee that the contracts will be renewed or extended. Our clients may elect to open bidding processes earlier than anticipated, resulting in increased competition prior to the anticipated end of contracts. Our clients may elect to open bidding processes up earlier than anticipated, resulting in increased competition prior to the anticipated end of contracts.

Our reputation and relationships with our clients are key factors in maintaining our business. Negative press reports or publicity, regardless of accuracy, could harm our reputation. If our reputation is negatively affected, our clients may decrease or cease business with us. In addition, we are subject to various reviews, audits, and investigations to verify our compliance with the terms of our contracts, as well as compliance with applicable laws and regulations. Any adverse review, audit, or investigation could result in, among other things, cancellation of contracts; refunding of amounts that have been paid pursuant to contracts; imposition of fines, penalties, and other sanctions; loss of rights to participate on various programs; loss of licenses; lowered quality ratings; or changes to the way we do business. In addition, under government procurement regulations and practices, a negative determination from a government audit could result in a contractor being fined, debarred, and/or suspended from being able to bid on, or be awarded new government contracts for a period of time.

15

---

Table of Contents

We obtain most of our business through competitive bidding in response to government Requests For Proposals (RFP). We may not be awarded contracts through this process at the same level in the future as in the past, and contracts we are awarded may not be profitable.

Substantially all of our customers are government agencies. To secure work with government customers, we are often required to respond to competitive government RFPs, and we will only be issued a contract award when we win such a competition. To do so effectively, we must accurately estimate our cost structure for providing the required services, the time required to establish operations, and attempt to submit a proposal that is more advantageous for the client than our competitors' proposals. To do so effectively, we must accurately estimate our cost structure for providing the required services, the time required to establish operations, and likely terms of the proposals submitted by competitors. We must also assemble and submit a large volume of information that must comply with the RFP's rigid requirements and relatively short timetable. We must also assemble and submit a large volume of information within an RFP's rigid timetable. Our ability to successfully respond to RFPs could greatly impact our business. Our ability to respond successfully to RFPs will greatly impact our business. There is no assurance that we will continue to be awarded contracts in response to government RFPs, and when we are awarded such contracts, they may not be profitable. There is no assurance that we will continue to obtain contracts in response to government RFPs, and our proposals may not result in profitable contracts. The competitive bidding process has substantial costs, including labor costs and management's time to prepare bids and proposals for contracts that may not be awarded to us, may be split among competitors, or that may be awarded but for which we do not receive a meaningful volume of task orders.

In addition, competitors may protest contracts awarded to us through the RFP process that may cause the award to be delayed, cancelled, or require the customer to reinitiate the RFP process. Any loss or delay of start-up and funding of work under protested contract awards may adversely affect our revenues and profitability. In addition, certain of our multiple-award contracts require that we make post-award efforts to obtain task orders under the contract. Because of these factors, we may not be able to obtain task orders or recognize revenue under these multiple-award contracts.

Even where we are an incumbent, our ability to secure continued work or work at similar margins may be affected by competitive rebids or contract changes and cancellations. If we do not win certain recompetes, this may adversely affect our revenues and profitability, potentially resulting in impairment of goodwill and other intangible assets. Although it is difficult to track all the reasons for changes in our contracts, we believe that this contract erosion has typically affected approximately 7% to 10% of our business annually, with the erosion largely being replaced by new or expanded work elsewhere.

Within our U.S. federal business, our ability to participate in many competitive bids in response to government RFPs is dependent on us maintaining our status as a contractor on, and/or winning new Government-Wide Acquisition Contracts (GWACs). GWACs are an important process by which agencies of the federal government purchase goods and services. Eligibility to remain on a GWAC changes over time. If we are unsuccessful in maintaining eligibility or are not awarded GWACs, this would have a negative impact on our future opportunities. If we are unsuccessful and not awarded GWAC contracts, this would have a negative impact on future opportunities.

A GWAC is a procurement instrument intended for use by multiple U.S. federal government agencies. GWACs are pre-competed, multiple-award, indefinite-delivery, indefinite-quantity (IDIQ) contracts that are intended to provide flexibility and streamline the acquisition process, enabling the U.S. federal government to buy total information technology (IT) solutions more efficiently. All IDIQs, including GWACs, are regulated by the FAR, which sets forth rules and regulations that must be followed by federal agencies and providers of goods and services to the government in the procurement process. This includes competing for the award of task orders pursuant to GWACs. For instance, in 2018, Maximus was named a recipient of the U.S. General Services Administration's (GSA) Alliant 2 GWAC. Alliant 2 is an unrestricted, multi-vendor IDIQ award with a contract ceiling of $50 billion. Later, we competed for and won a contract that was awarded as a task order under the Alliant 2 GWAC. If we are unable to adapt to changing eligibility requirements for strategic GWAC competitions, we would risk losing access to related contracts and awards. If we are unable to win task orders under GWACs, our profitability and results of operations could be adversely affected.

16

---

Table of Contents

Our business could be adversely affected by legislative or government budgetary and spending changes, including pricing changes.

The market for our services depends largely on domestic and international legislative programs and the budgetary capability to support programs, including the continuance of existing programs. Many of our contracts are not fully funded at inception and rely upon future appropriations of funds. Accordingly, a failure to receive additional anticipated funding for any reason, including as a result of government shutdowns, may result in early termination of a contract. Accordingly, a failure to receive additional anticipated funding may result in early termination of a contract. In addition, many of our contracts include clauses that allow clients to unilaterally modify or terminate contracts with little or no recompense.

Changes in state or federal government initiatives or in the level of government spending due to budgetary or deficit considerations may have a significant impact on our future financial performance. In recent quarters, the U.S. federal government has placed a significant focus on efficiency, including with respect to contracting with private companies. These efforts may have a number of effects on our business.

•Changes in priorities may result in procurement changes, delays or cancellations, as well as changes or cancellations of existing contracts.

•Changes in priorities may also affect the level of demand or funding for our state programs in the United States, which are typically mandated and fully or partially funded by the U.S. federal government.

•Changes to procurement rules may result in additional competition, scrutiny and costs of compliance.

•Changes in federal regulations may require us to change our existing business practices, may be disruptive to our business, may create a level of uncertainty within our workforce and may conflict with local laws and regulations.

•The U.S. Government may seek to lower barriers to entry to allow greater involvement by the private sector. While this may provide additional opportunities for us, it may also expose us to greater levels of competition.

These efficiency efforts are occurring in a highly volatile regulatory environment, which may limit our ability to make long-term planning decisions as these efforts may be curtailed or redirected with a change in administration or change in administration priorities. In addition, disputes over the efficiency efforts may result in legislative delays, including government shutdowns, which could result in additional costs and uncertainty. Furthermore, another prolonged government shutdown could adversely impact our operations, revenue, and cash flow, as the government may issue stop work orders on our contracts and delay payment on work already performed.

Government entities have in the past and may in the future conclude their contracts with us earlier than we expect, or they could terminate their contracts with us earlier than we expect, which may result in revenue shortfalls and unrecovered costs.

Many of our government contracts contain base periods of one or more years, as well as option periods covering more than half of the contract's potential duration. Government agencies do not have to exercise these option periods, and they may elect not to exercise them for budgetary, performance, or any other reason. Our contracts also typically contain provisions permitting a government customer to terminate the contract fully or partially without notice, with or without cause. Our contracts also typically contain provisions permitting a government customer to terminate the contract on short notice, with or without cause. Termination without cause provisions generally allow the government to terminate a contract entirely or partially for particular services at any time and enable us to recover only our costs incurred or committed and settlement expenses and profit, if any, on the work completed prior to termination. Termination without cause provisions generally allow the government to terminate a contract at any time and enable us to recover only our costs incurred or committed and settlement expenses and profit, if any, on the work completed prior to termination. We may not be able to recover all the costs incurred during the start-up phase of a terminated contract. We may or may not be able to recover all the costs incurred during the start-up phase of a terminated contract.

In addition, in the past, we have experienced performance issues under certain contracts. Some of our contracts involve the development and implementation of complex systems and products to achieve formidable customer goals in a competitive procurement environment. As a result, we sometimes experience technological, scheduling or other performance difficulties, which have in the past and may in the future result in delays, cost overruns and failures in our performance under these contracts. If a government customer terminates a contract for default, we could be exposed to liability, including for excess costs incurred by the customer in procuring undelivered services and products from another source.

The unexpected termination of significant contracts could result in significant declines in revenues. If revenue declines occur and are not offset by corresponding reductions in expenses, our business could be adversely affected. If revenue shortfalls occur and are not offset by corresponding reductions in expenses, our business could be adversely affected. We cannot anticipate if, when, or to what extent a customer might terminate their contracts with us.

17

---

Table of Contents

If we fail to establish and maintain important relationships with government officials, entities and agencies, our ability to successfully bid under RFPs, retain existing work, and secure new work on future procurements may be adversely affected.

To facilitate our ability to prepare bids in response to competitive procurements, retain existing work, and secure new work on future procurements, we rely in part on establishing and maintaining relationships with officials of various government entities and agencies.To facilitate our ability to prepare bids in response to RFPs and retain existing work and secure new work on future procurements, we rely in part on establishing and maintaining relationships with officials of various government entities and agencies. These relationships enable us to provide informal feedback and advice to government entities and agencies prior to the development of competitive procurement requirements, and our capabilities to support government objectives. These relationships enable us to provide informal input and advice to government entities and agencies prior to the development of an RFP and our capabilities to support government objectives. We also engage third-party consultants and coalitions to establish and maintain relationships with elected officials and appointed members of government agencies. We also engage marketing consultants and other third-party consultants to establish and maintain relationships with elected officials and appointed members of government agencies. The effectiveness of these resources may be reduced or eliminated if a significant political change or policy occurs. The effectiveness of these consultants may be reduced or eliminated if a significant political change occurs. In that circumstance, we may be unable to successfully manage our relationships with government entities and agencies and with elected officials and appointees. Any failure to maintain active relationships with government entities and agencies may adversely affect our business. Any failure to maintain positive relationships with government entities and agencies may adversely affect our business.

Our customers may limit or prohibit the outsourcing of certain programs or may refuse to grant consents and/or waivers necessary to permit contractors, such as us, to perform certain elements of government programs.

Governments could limit or prohibit private contractors like us from operating or performing elements of certain programs. Within the United States, state or local governments could be required to operate such programs with government employees as a condition of receiving federal funding. Within the US, state or local governments could be required to operate such programs with government employees as a condition of receiving federal funding. Moreover, under current law, in order to privatize certain functions of government programs, the U.S. federal government must grant a consent and/or waiver to the petitioning state or local agency. If the U.S. federal government does not grant a necessary consent or waiver, the state or local agency will be unable to outsource that function to a private entity, such as us. This situation could eliminate or reduce the value of an existing contract.

Risks Pertaining to the Performance of Our Business

If we fail to satisfy our contractual obligations or to meet performance standards, our contracts may be terminated, and we may incur significant costs or liabilities, including actual or liquidated damages and penalties, which could adversely impact our operating results, financial condition, cash flows, and our ability to compete for future contracts.

Our contracts may be terminated due to our failure to satisfy our contractual obligations or to meet performance standards and often require us to indemnify customers for their damages. In addition, some of our contracts contain substantial liquidated damages provisions and financial penalties related to performance failures. The policy coverage and limits in our errors and omissions insurance may not be adequate to provide protection against all potential liabilities. Further, for certain contracts, we may post significant performance bonds or issue letters of credit to secure our performance, indemnification, and other obligations. If a claim is made against a performance bond or letter of credit, we may be required to reimburse the issuer for the amount of the claim. Consequently, we may incur significant costs or liabilities, including penalties, which could adversely impact our operating results, cash flows, financial condition, and our ability to compete for future contracts. The resulting reputational damage may also affect our ability to compete for and win work elsewhere.

If we fail to accurately estimate the factors upon which we base our contract pricing, we may generate less profit than expected or incur losses on those contracts.

During fiscal year 2025, we derived approximately 54% of our revenue from performance-based contracts and 13% from fixed-price contracts. For performance-based contracts, we receive our fee on a per-transaction basis or upon meeting specified milestones. These contracts include contracts in which we receive a payment for performing an independent medical examination or placing a participant in sustained employment for a specified time period. These contracts include workforce services contracts in which we receive a payment for performing an independent medical examination or placing a participant in sustained employment for a specified time period. For fixed-price contracts, we receive our fee based on services provided. Those services include operating a Medicaid enrollment center pursuant to specified standards, designing and implementing information systems or applications, or delivering a planning document under a professional services arrangement. To earn a profit on these contracts, we must accurately estimate the likely volume of work that will occur, costs, and resource requirements involved, and assess the probability of completing individual transactions or milestones within the contracted time period. If our estimates prove to be inaccurate, we may not achieve the level of profit we expected, or we may incur a net loss on a contract.

18

---

Table of Contents

Our growth initiatives could adversely affect our profitability.

Our strategic plan seeks to expand our existing business and identify new organic growth opportunities. In seeking these opportunities, we may encounter start-up challenges, new compliance requirements, unforeseen costs, and other risks as we enter new markets, including identifying appropriate opportunities, differentiating ourselves from competitors, managing our ramp-up, recruiting and retaining appropriately experienced and qualified employees, managing customer expectations, and appropriately budgeting and pricing new work.

There are inherent risks in our expansion goals. Even if our efforts are successful, growth initiatives may divert management's focus from our core business, and we may be unable to realize the levels of profitability we anticipated. If we are unable to manage the risks of operating in these new markets, our reputation and profitability could be adversely affected.

Investments we make in the business may not be recovered on a timely basis, or at all.

We are continuously making investments in our business, enhancing resources for company-wide, business line or specific contract initiatives, including technology investments. These expenses include leasing and outfitting office space, purchasing office equipment, developing internal-use software, and hiring personnel. We may also make broad investments in resources, such as technology or personnel, to address new or adjacent markets.15Table of ContentsWe may also make broad investments in resources, such as technology or personnel, to address new or adjacent markets. These investments may not be recovered if we are unsuccessful in our entrance into these markets.

When making these investments we assume that we will be able to recover these costs through future revenues or anticipated cost savings. If these future revenues or cost savings do not materialize, or fall short of the amounts anticipated, or if our investments exceed our anticipated budgets, we may not be able to realize these anticipated benefits. If our anticipated benefits are delayed, this may result in greater cash outflows and cause us to increase our borrowings. In addition, payments due to us from government agencies may be delayed due to administrative delays, billing cycles, or as a result of failures by the government to approve governmental budgets in a timely manner. In addition, payments due to us from government agencies may be delayed due to billing cycles or as a result of failures by the government to approve governmental budgets in a timely manner. To the extent that we have deferred the cost of these upfront investments as balance sheet assets, an anticipated failure to realize the benefits of these costs may result in impairment charges.

We face competition from a variety of organizations, many of which have substantially greater financial resources than we do; we may be unable to compete successfully with these organizations.

We face competition from a number of different organizations depending upon the market and geographic location in which we are competing. Some of our most significant competitors are included in Item 1. Business of this Annual Report on Form 10-K. Some of our most significant competitors are included in Item 1 of this Annual Report on Form 10-K.

Many of these companies are international in scope, larger than us, and have greater financial resources, name recognition, and larger technical staff. Merger and acquisition activity is widespread in our industry and could result in the emergence of companies which are better able to compete against us. Substantial resources could enable certain competitors to initiate severe price cuts or take other measures in an effort to gain market share. In addition, we may be unable to compete for the limited number of large contracts because we may not be able to meet an RFP requirement to obtain and post a large performance bond. In addition, we may be unable to compete for the limited number of large contracts because we may not be able to meet a Request For Proposal's (RFP) requirement to obtain and post a large performance bond. In some cases, competitors may choose to take greater risks or lower profit margins in order to enter a market or build market share. Also, in some geographic areas, we face competition from smaller firms with established reputations and political relationships. We also compete with smaller, more specialized companies that concentrate their resources on particular areas. Additionally, we may compete with the U.S. federal government's own capabilities. There can be no assurance that we will be able to compete successfully against our existing or any new competitors.

We use third parties to assist us in providing services to our customers, and these third parties may not perform as expected.

From time to time, we engage subcontractors, teaming partners, or other third parties to provide our customers with a single-source solution. We cannot guarantee that those parties will comply with the terms set forth in their agreements or remain financially sound. We have in the past and may in the future have disputes with our subcontractors, teaming partners, or other third parties arising from the quality and timeliness of their work, customer concerns about them, or other matters. We may have disputes with our subcontractors, teaming partners, or other third parties arising from the quality and timeliness of their work, customer concerns about them, or other matters. Subcontractor or teaming partner performance deficiencies can result in a customer terminating our contract for default. Subcontractor or teaming partner performance deficiencies could result in a customer terminating our contract for default. We may be exposed to liability, and we and our clients may be adversely affected if a subcontractor or teaming partner fails to meet its contractual obligations.

19

---

Table of Contents

Risks Pertaining to Technology, Data and Data Security

Our use of AI involves risks such as potential liability, regulatory issues, competition, and reputational damage. AI technologies create specific risks that require tailored governance and use case specific review. Insufficient oversight could lead to legal liability, financial loss, and reputational harm.

We use AI to sort, organize, analyze, and generate data for business purposes. AI encompasses machine learning, generative AI, and other standard techniques. The comprehensive lifecycle utilization of AI, whether implemented directly by us or in collaboration with third parties, will necessitate ongoing investment in governance and security resources to help ensure our responsible use of AI and to safeguard against potential risks and vulnerabilities.

The use of AI carries considerable risks, and we cannot guarantee the achievement of intended outcomes. As an evolving technology, AI may occasionally produce incomplete or misleading results. Despite training and risk management efforts, there is a possibility that employees might misuse AI, either intentionally or unintentionally. Additionally, given the nature of our citizen-facing services, we are vulnerable to potential adversarial attacks. Should our AI generate suboptimal or contentious outcomes, or if public perception of AI shifts negatively due to perceived risks, we may encounter operational challenges, competitive disadvantages, legal liabilities, reputational harm, or other business impacts.

AI-related legal and regulatory frameworks are evolving due to concerns about bias, discrimination, transparency, and security. The use of AI technologies involves issues associated with intellectual property, data privacy, consumer protection, competition, and equal opportunity, with potential for new regulations. AI is under review by U.S. federal and state and international agencies, and changes in administration may influence the regulatory landscape for AI in the United States. New or expanded AI laws could raise compliance costs and pose unpredictable risks, potentially affecting our operations and results.

We may not be successful in our AI initiatives, which could adversely affect our business, reputation, and/or financial results.

AI presents new risks and challenges that may affect our business. We have made, and expect to continue to make, investments to integrate AI and machine learning technology into our products and solutions, as well as to use AI to enhance our own business operations. Given the nature of AI technology, we face significant competition from other companies and an evolving regulatory landscape. Our AI efforts may not be successful and our competitors may incorporate AI into their products more successfully than us, which could impair our ability to compete effectively and adversely affect our financial results. Our competitors may be larger, more diversified, better funded, and have access to more advanced technology, including AI. These competitive advantages may enable our competition to innovate better and more quickly and to compete more effectively on quality and price, causing us to lose business and profitability. Burgeoning interest in AI may increase our competition and disrupt our business model. AI may lower barriers to entry in our industry and we may be unable to effectively compete with the products or services offered by new competitors. AI-related changes to the products and services we offer may affect our customers’ expectations, requirements, or tastes in ways we cannot adequately anticipate or adapt to, causing our business to lose sales, customers, or the ability to operate profitably and sustainably.

Our systems and networks are and have been subject to cybersecurity breaches.

We are a trusted provider to government and other clients of critical health and human services that rely heavily upon technology systems, software, and networks to receive, input, maintain, and communicate participant and client data. The risk of a security breach, system disruption, ransom-ware attack, or similar cyber-attack or intrusion, including by computer hackers, cyber terrorists, or foreign governments, is persistent, substantial, and increases as the volume, intensity, and sophistication of attempted attacks, intrusions and threats from around the world increase daily. The risk of a security breach, system disruption, ransom-ware attack, or similar cyber-attack or intrusion, including by computer hackers, cyber terrorists, or foreign governments, is persistent and substantial as the volume, intensity, and sophistication of attempted attacks, intrusions and threats from around the world increase daily. If our systems or networks are compromised, we could be adversely affected by losing confidential or protected information of program participants and clients or by facing a demand for ransom to prevent disclosure of or to restore access to such information. If our systems or networks are compromised, we could be adversely affected by losing confidential or protected information of program participants 16Table of Contentsand clients or by facing a demand for ransom to prevent disclosure of or to restore access to such information. The loss, theft, or improper disclosure of that information could subject us to sanctions under the relevant laws, breach of contract claims, contract termination, class action, or individual lawsuits from affected parties, negative press articles, reputational damage, and a loss of confidence from our government clients, all of which could adversely affect our existing business, future opportunities, and financial condition. Additionally, if our internal networks were compromised, we could suffer the loss of proprietary, trade secret, or confidential technical and financial data. That could make us less competitive in the marketplace and adversely affect our existing business, future opportunities, and financial condition.

20

---

Table of Contents

We have experienced cybersecurity incidents in the past, and have continued to experience cybersecurity incidents, that were immaterial. In the third quarter of fiscal year 2023, we experienced a material cybersecurity incident as the personal information of a significant number of individuals was accessed by an unauthorized third party by exploiting a zero-day vulnerability in a third-party vendor's file transfer application used by many organizations, including us. We have recorded expenses in connection with our investigation and remediation activities related to this incident; further details are included in "Note 15. Commitments and Contingencies" in Item 8 of this Annual Report on Form 10-K. We may continue to experience cybersecurity incidents in the future. There can be no guarantee that our preventative and remediation efforts will be sufficient to protect our information systems, information, and other assets from significant harm and that future cybersecurity incidents will not have a material adverse effect on us or our results of operations or financial condition or cause reputational or other harm to us. There can be no guarantee that our preventative and remediation efforts will be sufficient to protect the company's information systems, information, and other assets from significant harm and that future cybersecurity incidents will not have a material adverse effect on the company or its results of operations or financial condition or cause reputational or other harm to the company. For more information regarding our cybersecurity risk management, see "Item 1C. Cybersecurity" of this Annual Report on Form 10-K.

Many of our projects handle protected health information or other forms of confidential personal information, the loss or disclosure of which has adversely affected, and in the future, could further adversely affect, our business, results of operations, and reputation.

As a provider of services under government health and human services programs, we often receive, maintain, and transmit protected health information or other types of confidential personal information. That information may be regulated by the Health Insurance Portability and Accountability Act (HIPAA) as amended by the Health Information Technology for Economic and Clinical Health Act of 2009 (HITECH), Internal Revenue Service regulations, the European Union General Data Protection Regulation (GDPR), or similar U.S. or foreign laws. The loss, theft, or improper use or disclosure of that information could subject us to sanctions under the relevant laws, breach of contract claims, class action or individual lawsuits from affected parties, negative press articles, and a loss of confidence from our government clients, all of which could adversely affect our existing business, future opportunities, and financial condition.

For instance, as a result of the cybersecurity incident described above, several class actions and lawsuits have been filed. The resolution of these matters may result in damages, costs, fines or penalties, which may adversely affect our existing business, future opportunities, and financial condition.

Risks Related to our Acquisitions

We may experience difficulties in integrating our operations with those of acquired businesses and realizing the expected benefits of these acquisitions.

Our growth strategy includes a program to identify and execute acquisitions to enable long-term, sustainable, organic growth by continuing to expand the business, enhance our clinical and digital capabilities, and extend into new and adjacent market areas. Although we anticipate that acquisitions will create long-term shareholder value, this expectation is based on assumptions about our acquisitions and preliminary estimates of their performance, which may change materially. The benefits of acquisitions depend, in part, on our ability to successfully integrate the acquired businesses and realize the anticipated benefits, including business opportunities and growth prospects from combining our businesses. We may not achieve these objectives within the anticipated time frame or may never realize these benefits, and the value of our common stock may be harmed. Integration of acquired businesses may result in material challenges, including, without limitation:

•Our management might have its attention diverted from ongoing business concerns while trying to integrate these operations, and we could experience performance shortfalls within our existing or acquired businesses as a result of the devotion of management's attention to integration efforts.

•The integration process could take longer than anticipated and could result in the loss of key employees, the disruption of each company's ongoing businesses, tax costs or inefficiencies, or inconsistencies in standards, controls, IT systems, compliance requirements, procedures, and policies, any of which could materially adversely affect our ability to maintain relationships with customers, employees, or other third parties, or our ability to achieve the anticipated benefits of the transactions, and could harm our financial performance.

•We could encounter unanticipated issues in integrating IT, communications, and other systems that could harm our financial performance.

•If we are unable to successfully or timely integrate our operations with those of the companies or assets we acquire, we may incur unanticipated liabilities and be unable to realize the revenue growth, synergies, and other anticipated benefits, and our business, results of operations, and financial condition could be materially adversely affected.

21

---

Table of Contents

We may face liabilities arising from divested or discontinued businesses.

We have divested a number of businesses. Similar to acquisitions, divestitures may divert attention and encounter issues as we complete the disposal. The transaction documents for those divestitures typically contain a variety of representations, warranties, and indemnification obligations, as well as ongoing financial arrangements and guarantees post-divestiture. The transaction documents for those divestitures typically contain a variety of representations, warranties, and indemnification obligations. We have faced, and continue to face, indemnification claims and liabilities, including those from alleged breaches of representations and warranties. We have faced, and continue to face, indemnification claims and liabilities from alleged breaches of representations or warranties.

In connection with our acquisitions, we may be required to take write-downs, write-offs, restructuring, impairment, or other charges that could negatively affect our business, assets, liabilities, prospects, outlook, financial condition, and results of operations.

The due diligence we conduct on our acquisitions may not reveal all material issues that may be present, nor does it preclude factors outside of our control from arising later. There is no assurance that our representations and warranties insurance policies that we purchase for certain acquisitions will cover any losses we might experience from breaches of the sellers' representations and warranties or otherwise arising from the acquisitions. Even if our due diligence successfully identifies certain risks, unexpected risks may arise, and previously known risks may materialize in a manner not consistent with our preliminary risk analysis. If acquisitions do not perform as anticipated, we may be required to take restructuring, impairment, or other charges that could negatively affect our business, assets, liabilities, prospects, financial position, results of operations and outlook.In connection with our acquisitions, we may be required to take write-downs, write-offs, restructuring, impairment, or other charges that could negatively affect our business, assets, liabilities, prospects, outlook, financial condition, and results of operations.

We are required to identify the fair value of assets acquired, such as customer relationships and technology, using estimates that are based upon factors such as expected future operations and the manner in which we will utilize these assets, which may be inaccurate or may change post-acquisition. We are required to identify the fair value of assets acquired, such as customer relationships and technology, using estimates that are based upon factors such as expected future operations and the manner in which we will utilize these assets, which may be inaccurate or may change post-acquisition. In addition, we have recorded $1.78 billion of goodwill at September 30, 2025. This balance represents the difference between the amount paid for acquisitions and the identifiable assets acquired. Goodwill is allocated to reporting units, consistent with our segments, and is regularly reviewed to ensure that the value of those segments exceeds the carrying value of the assets held, including goodwill. If the carrying value of our assets, including goodwill, exceeds their fair value, we may be required to impair our goodwill, which could result in a significant effect on our financial results and condition. If the carrying value of our assets, including goodwill, exceeds their fair value, we may be required to take write-offs, write-downs, restructuring, impairment, or other charges that could negatively affect business, assets, liabilities, prospects, outlook, financial condition, and results of operations.

Risks Pertaining to Legal Compliance

We are subject to review and audit by governments at their sole discretion and, if any improprieties are found, we may be required to refund revenue we have received or forego anticipated revenue, which could have a material adverse impact on our revenue and our ability to bid in response to RFPs.

We are subject to audits, investigations, and reviews relating to compliance with the laws and regulations that govern our role as a contractor to agencies and departments of the U.S. federal government, state, local, and foreign governments, and otherwise in connection with performing services in countries outside of the United States. Adverse findings could lead to criminal, civil, or administrative proceedings, and we could be faced with penalties, fines, suspension, or debarment. Adverse findings could also have a material adverse effect on us because of our reliance on government contracts. We are subject to periodic audits by U.S. federal, state, local, and foreign governments for taxes. We are also involved in various claims, arbitrations, and lawsuits arising in the normal conduct of our business, including but not limited to bid protests, employment matters, contractual disputes, and charges before administrative agencies.

We may be subject to fines, penalties, and other sanctions if we fail to comply with laws governing our business.

Our business operates within a variety of complex regulatory environments, including but not limited to the FAR, Federal Cost Accounting Standards, the Truth in Negotiations Act, the Fair Debt Collection Practices Act (and similar national, state, and foreign laws), the Foreign Corrupt Practices Act (FCPA), the United Kingdom Bribery Act, as well as the regulations governing Medicaid and Medicare and accounting standards. If a government audit finds improper or illegal activities by us or we otherwise determine that these activities have occurred, we may be subject to civil and criminal penalties and administrative sanctions, including termination of contracts, forfeiture of profits, suspension of payments, fines, and suspension or disqualification from doing business with various governments. Any such determination could adversely impact our ability to bid in response to RFPs in one or more jurisdictions. Further, as a government contractor subject to the types of regulatory schemes described above, we are subject to an increased risk of investigations, criminal prosecution, civil fraud, whistleblower lawsuits, and other legal actions and liabilities to which other private sector companies are not, the result of which could have a material adverse effect on our operating results, cash flows, and financial condition.

22

---

Table of Contents

Adverse judgments or settlements in legal disputes could harm our operating results, cash flows, and financial condition.

From time to time, we are subject to a variety of lawsuits and other claims. These may include lawsuits and claims related to contracts, subcontracts, securities compliance, employment and wage claims, and compliance with Medicaid and Medicare regulations, laws governing student loans and child support enforcement, and other matters. Adverse judgments or settlements in some or all of these legal disputes may result in significant monetary damages or injunctive relief. In addition, litigation and other legal claims are subject to inherent uncertainties, and management's view of these matters may change in the future. Those uncertainties include, but are not limited to, costs of litigation, unpredictable court or jury decisions, and the differing laws and attitudes regarding damage awards among the states and countries in which we operate.

We may be precluded from bidding and performing certain work due to other work we currently perform.

Various laws and regulations prohibit companies from performing work for government agencies that might be viewed as an actual or apparent conflict of interest. These laws limit our ability to pursue and perform certain types of work. For example, some of our businesses assist government agencies in developing RFPs for various government programs. In those situations, the divisions involved in operating such programs would likely be precluded from bidding on those RFPs. Similarly, regulations governing the independence of Medicaid enrollment brokers and Medicare appeal providers prevent us from providing services to other organizations such as health plans and providers.

Our employees or subcontractors may engage in misconduct or other improper activities, which could harm our business.

Although we make efforts to monitor our employees and subcontractors, it is not always possible to prevent or detect misconduct. Misconduct might include improper use of client information, failure to comply with government procurement operations, engaging in unauthorized activities, misusing authorized access, or falsifying time records. As a result of any such misconduct, we may be subject to fines and civil or criminal penalties, restrictions on bidding or performing work for our customers or potential customers, as well as damage to our reputation. These damages could materially affect the results of our operations and financial condition.

Requirements and expectations related to the manner in which we operate our business, particularly pertaining to environmental, social and governance practices, may differ between our stakeholders, exposing us to additional costs and risks.

Numerous stakeholders are taking a close interest in the manner in which we operate our business. Expectations are being set by our customers, employees, and investors on issues such as climate change and workplace culture. These expectations may affect us through specific laws or regulations in the markets in which we operate, conditions on which we bid for work or how we are evaluated as a bidder, in the manner in which we maintain our reputation with the communities we serve, and in criteria used by investors in evaluating our stock. In some cases, expectations between different parties may conflict and the expectations may evolve quickly. If we do not closely evaluate the policies we follow and clearly communicate them, we may be at risk of noncompliance with laws and regulations, reputational damage, challenges in bidding for or retaining work, difficulties in recruiting and retaining employees and business partners, and a decrease in the valuation of our stock.

23

---

Table of Contents

Risks Pertaining to our Human Resources

We may lose executive officers and senior managers on whom we rely to generate business and execute projects successfully.

The ability of our executive officers and our senior managers to generate business and execute projects effectively is important to our success. The loss of an executive officer or senior manager, including those who joined us through acquisitions, could impair our ability to secure and manage engagements, which could harm our business, prospects, financial condition, results of operations, and cash flows.

We may be unable to attract and retain sufficient qualified personnel to sustain our business.

Our delivery of services is labor-intensive. When we are awarded a government contract, we must quickly hire project leaders and operational staff. Some larger projects have required us to hire and train thousands of operational staff in a short time period. That effort can be especially challenging in geographic areas with low unemployment rates. The additional operational staff also creates a concurrent demand for increased administrative personnel. Our success requires that we attract, develop, motivate, and retain:

•experienced and innovative executive officers;

•senior managers who have successfully managed or designed government services programs; and

•IT professionals who have designed or implemented complex IT projects within and outside the United States.

Innovative, experienced, and technically proficient individuals are in great demand and are likely to remain a limited resource. There can be no assurance that we will be able to continue to attract and retain desirable executive officers, senior managers, management personnel, and IT professionals. Our inability to hire sufficient personnel on a timely basis or the loss of significant numbers of executive officers and senior managers could adversely affect our business.

Unions may oppose outsourcing of government programs to outside vendors such as us, which could limit our market opportunities and could impact us adversely. In addition, our unionized workers outside the United States could disrupt our operations, and our non-unionized workers could attempt to unionize, which could disrupt our operations and impose higher costs on us.

Our success depends in part on our ability to win profitable contracts to administer and manage programs often previously administered by government employees. Many government employees, however, belong to labor unions with considerable financial resources and lobbying networks. Further, unions that have historically not represented government employees may seek to unionize our workforce. Unions have in the past applied, and are likely to continue to apply, political pressure on legislators and other officials responsible for outsourced government programs.

Union activity in the United States has seen a resurgence in recent years. Maximus has been the subject of union-initiated press reports and walk-outs, work disruptions and other actions designed to promote union membership. Non-unionized workers at several of our U.S. locations initiate organizing efforts from time to time to unionize. Even if unsuccessful, such organizing efforts could be disruptive to our business operations and can result in adverse publicity.

The potential for adverse media coverage may have a negative effect on the willingness of government agencies to outsource or cause them to seek contract terms that could impact us adversely, which has happened in the past and could happen again in the future.The potential for adverse media coverage may have a negative effect on the willingness of government agencies to outsource or cause them to seek contract terms that could impact us adversely. A successful union organizing effort at one or more of our locations could substantially increase our costs and result in our inability to successfully recompete for existing business.

Outside the United States, we currently operate outsourced programs with unionized employees in the U.K. and Canada. We experienced opposition from unions in Canada, which objected to the outsourcing of government programs. Our unionized workers outside the United States could declare a strike or could bargain in a manner that could adversely affect our performance and financial results.

24

---

Table of Contents

General Risk Factors

A number of factors may cause our cash flows and results of operations to vary from quarter to quarter.

Factors that may cause our cash flows and results of operations to vary from quarter to quarter include:

•the commencement, completion, or termination of contracts;

•caseloads and other factors where revenue is derived on transactional volume on contracts;

•the levels of revenue earned and profitability of fixed-price and performance-based contracts;

•expenses related to certain contracts which may be incurred in periods prior to revenue being recognized;

•increasing rates of inflation, which may increase our costs of labor and other goods and services;

•the schedules of government agencies for awarding contracts;

•government budgetary delays or shortfalls;

•the timing of change orders being signed;

•delays in payments from customers for a variety of reasons, including updating payment systems and timing for contract updates;

•the terms of awarded contracts; and

•potential acquisitions.

Changes in the volume of activity and the number of contracts commenced, completed, or terminated during any quarter may cause significant variations in our cash flows and results of operations because a large amount of our expenses are fixed.

Our profitability may be constrained by the effects of inflation.

Demand for talent in certain elements of our business can be highly competitive. To the extent actual wage inflation exceeds our estimates or we are not able to incorporate wage increases in our contracts that cover the actual wage inflation we experience, our operations and financial results may be adversely affected. Our portfolio includes fixed-price, performance-based, and cost-plus contracts for which employment requirements are contract-specific and have varying impacts to financial results.

In cost-plus contracts, we work with our customers to come to an agreement for wage increases to meet the current demand and hiring needs, which generally does not impact profitability of these contracts. For fixed-price and performance-based contracts, large and/or sudden changes to the labor market may require us to hire talent at wage levels higher than budgeted, which can adversely impact results on what are often multi-year contracts. For example, our fixed-price and performance-based contracts typically include labor escalators but varying market conditions could require wage increases exceeding the priced escalators, which would adversely impact margins. This has happened in the past and may happen again in the future. This is one of many factors that may impact profitability on multi-year fixed-price and performance-based contracts.

Our indebtedness could adversely affect our business and our ability to meet our obligations.

At September 30, 2025, we owed $1.3 billion under our credit facilities. At September 30, 2025, our effective interest rate was 5.37%, compared to 5.52% at September 30, 2024. Our credit facilities are subject to variable rates that expose us to interest rate risk. When interest rates increase, our debt service obligations on the variable rate indebtedness increase even though the amount borrowed remains the same.

Our indebtedness contains financial or other covenants that limit our operational flexibility in a number of other ways, including:

•causing us to be less able to take advantage of business opportunities, such as other acquisition opportunities, and to react to changes in market or industry conditions;

•increasing our vulnerability to adverse economic, industry, or competitive developments;

25

---

Table of Contents

•affecting our ability to pay or refinance debts as they become due during adverse economic, financial market, and industry conditions;

•requiring us to use a larger portion of cash flow for debt service, reducing funds available for other purposes;

•decreasing our profitability and/or cash flow;

•causing us to be disadvantaged compared to competitors with less leverage; and

•limiting our ability to borrow additional funds in the future to fund working capital, capital expenditures, and other general corporate purposes.

Approximately half of our long-term debt is held at variable interest rates. Although interest rates in the United States have declined from recent highs, they remain close to their highest levels in over a decade. Higher interest rates have a detrimental effect on our profits and cash flows, as well as reducing the amount of cash we have available for servicing of debt or other transactions.

We may not be able to realize the full value of our backlog.

At September 30, 2025, our total backlog was $15.3 billion. This represents an estimate of potential revenue from our existing contract portfolio. We may not be able to realize all of this backlog or accurately estimate the timing of revenue from this backlog for a number of reasons.

•Our backlog may be dependent upon continued funding of our contracts, which may be subject to legislative or executive approvals.

•Almost all of our contracts may be canceled at the convenience of our customer, or might otherwise be reduced, modified, amended, or delayed.

•Many of our contracts include option years, which our customers may choose not to exercise.

•Where revenue is based upon factors tied to our performance, such as the number of transactions we perform, the quantity and type of personnel we provide, or the service penalties we incur, we may fall short of the amounts estimated within our current backlog and receive less revenue.

We are subject to the risks of doing business internationally.

For the year ended September 30, 2025, 11% of our revenue was driven from jurisdictions outside the United States. As a result, a significant portion of our business operations are subject to foreign financial, tax, and business risks which could arise in the event of:

•foreign currency exchange fluctuations, including unrealized foreign exchange gains and losses which may become realized in the event of a disposal or abandonment;

•unexpected increases in tax rates or changes in U.S. or foreign tax laws;

•non-compliance with international laws and regulations, such as data privacy, employment regulations, and trade barriers;

•non-compliance with U.S. laws affecting the activities of U.S. companies in international locations, including the FCPA;

•the absence in some jurisdictions of effective laws to protect our intellectual property rights;

•new regulatory requirements or changes in local laws that materially affect the demand for our services or directly affect our foreign operations;

•local economic and political conditions, including severe or protracted recessions in foreign economies and inflation risk;

•the length of payment cycles and potential difficulties in collecting accounts receivable;

•difficulty managing and communicating with teams outside the United States;

•difficulty in maintaining our control environment, including controls over financial reporting;

26

---

Table of Contents

•unusual or unexpected monetary exchange controls, price controls, or restrictions on transfers of cash; or

•civil disturbance, terrorism, or other geopolitical or catastrophic events that reduce business activity in other parts of the world.

These factors may lead to decreased revenues and profits, which could adversely affect our business, financial condition, and results of operations.

Our business could be materially and adversely impacted by natural or man-made factors outside of our control.24Table of ContentsOur business could be materially and adversely impacted by natural or man-made factors outside of our control.

We face various risks related to disruptions of our operations due to natural disasters, pandemics, global conflicts, and similar events beyond our control. Despite precautions and business interruption and disaster recovery procedures we currently have in place, we could face disruption to our operations due to the impact of natural disasters such as earthquakes, hurricanes, fires, floods, epidemics, pandemics and public health crises, and other catastrophic events such as terrorism, war, or global or regional economic, political and social conditions.

For example, the COVID-19 pandemic negatively impacted worldwide economic activity and resulted in travel and work restrictions, commercial disruptions, and affected companies' operations around the world. We were affected by the COVID-19 pandemic, including operational disruptions and changes in working practices. If significant portions of our workforce are unable to work effectively, including because of illness, quarantines, government actions, facility closures resulting from a natural disaster or public health crisis, failures in key networks or communications systems resulting from a natural disaster, or other limitations or restrictions in connection with a natural disaster or public health crisis, our operations will likely be adversely impacted. If our operations are materially restricted, we may be unable to perform fully on our contracts, and our costs may increase significantly. These cost increases may not be fully recoverable or adequately covered by insurance.

Inaccurate, misleading, or negative media coverage could adversely affect our reputation and our ability to bid for government contracts.

Because of the public nature of many of our business lines, the media frequently focuses their attention on our contracts with government agencies. If the media coverage is negative, it could influence government officials to slow the pace of outsourcing government services, which could reduce the number of RFPs. The media also focus their attention on the activities of political consultants engaged by us, and we may be tainted by adverse media coverage about their activities, even when those activities are unrelated to our business. Moreover, inaccurate, misleading, or negative media coverage about us could harm our reputation and, accordingly, our ability to bid for and win government contracts.

Our Articles of Incorporation and bylaws include provisions that may have anti-takeover effects.

Our Articles of Incorporation and bylaws include provisions that may delay, deter, or prevent a takeover attempt that shareholders might consider desirable. For example, our Articles of Incorporation provide that our shareholders may not take any action in writing without a meeting. This prohibition could impede or discourage an attempt to obtain control of us by requiring that any corporate actions initiated by shareholders be adopted only at properly called shareholder meetings.

Item 1B. Unresolved Staff Comments

None.

27

---

Table of Contents

Item 1C. Cybersecurity

Risk Management and Strategy

Cybersecurity forms a critical component of the services we provide to our customers. We collect and utilize many different types of information, including financial, medical, human resources, and other personal information. Federal and state laws and regulations, contractual obligations, and national and international industry standards, impose obligations on us to protect the confidentiality, integrity, and availability of information relating to employees, clients, vendors, patients, and citizens. We maintain an Information Security Office (ISO), whose mission is to protect the confidentiality, integrity, and availability of data through administrative, technical, and physical safeguards.

Identifying, assessing, and managing cybersecurity related risks are integrated into our overall enterprise risk management (ERM) process, which is our approach to identifying, assessing, and mitigating major risks. Cybersecurity threats are evaluated based on our perceived vulnerability to a particular threat and the potential impact such a threat could have, with mitigation efforts focused on the highest risks. This risk assessment is updated no less than annually and reviewed by the Board of Directors.

We have experienced cybersecurity incidents that were immaterial and, as previously disclosed, in the third quarter of fiscal year 2023, we experienced a material cybersecurity incident as the personal information of a significant number of individuals was accessed by an unauthorized third-party exploiting a zero-day vulnerability in a third-party vendor's file transfer application used by many organizations, including us. We recorded expenses in connection with the investigation and remediation activities related to this incident; further details are included in "Note 15. Commitments and Contingencies" in Item 8 of this Annual Report on Form 10-K. We have recorded expenses in connection with the investigation and remediation activities related to this incident; further details are included in "Note 15. Commitments and Contingencies" in Item 8 of this Annual Report on Form 10-K. To date, we are not aware of any other cybersecurity incidents that have had a material effect on our business. Despite our preventative and remediation efforts, we may continue to experience cybersecurity incidents in the future. There can be no guarantee that such efforts will be sufficient to protect our information systems, information, and other assets from significant harm and that future cybersecurity incidents will not have a material adverse effect on our results of operations or financial condition or cause reputational or other harm to us. There can be no guarantee that such efforts will be sufficient to protect the company's information systems, information, and other assets from significant harm and that future cybersecurity incidents will not have a material adverse effect on the company or its results of operations or financial condition or cause reputational or other harm to the company. Refer to Item 1A of this Form 10-K, which includes a section on "Risks Pertaining to Data and Data Security," for further discussion of the associated risks.

We engage third parties to conduct independent cybersecurity assessments. The assessments include technical control reviews of new technologies, penetration testing, and ongoing monitoring of our security posture. We also rely on third parties to conduct annual audits to maintain cybersecurity certifications, such as ISO27001 and Cyber Essentials. As a government contractor, we are also subject to numerous Service Organization Control (SOC) audits each year to fulfill contractual requirements.

The ISO manages our security vendor risk management program. Each vendor’s cybersecurity risk is ranked using a risk tiering calculator. The calculator is designed to provide a consistent methodology for evaluating key risk factors, such as the type of service or product the vendor provides and the location and classification of data. For high- and moderate-risk vendors, an assessment is completed that includes reviewing external audits and certifications (e.g., SOC 2 Type 2 audit, ISO27001 and associated Statement of Applicability, or FedRAMP). As needed, an industry-standard questionnaire is completed by the vendor and the results assessed by ISO in an effort to ascertain the vendor's information security maturity and overall posture. High-risk vendors are re-evaluated annually while moderate-risk vendors are evaluated every three years. Ongoing monitoring is in place for all high and moderate risk vendors using an external service that rates the cybersecurity posture of corporate entities using a scored analysis of cyber threats. Ongoing monitoring is in place for all high, moderate, and low risk vendors using an external service that rates the cybersecurity posture of corporate entities using a scored analysis of cyber threats.

We are in the process of implementing an enterprise-wide third-party risk management program that expands the review of vendors and includes financial and operational screening. This new solution is designed to help ensure compliance with the National Institute of Standards and Technology (NIST) supply chain risk framework that is required when supporting federal agencies.

Governance

Board's Roles and Responsibilities

Oversight for risk management and the overall enterprise risk management strategy of the Company, including cybersecurity, is the responsibility of the Board of Directors. Risks identified are monitored by the Board as a whole or the Board may delegate oversight to a specific subcommittee. Our Technology Committee, comprised of four board members possessing relevant background and experience, assists the Board of Directors in its oversight role with respect to strategy and risk management for our information systems, IT, and cybersecurity.

28

---

Table of Contents

The Technology Committee is briefed at least quarterly, on the quality and effectiveness of our cybersecurity practices and policies, information security program, and data governance and security program, along with key initiatives in these areas. The Technology Committee also periodically assesses the cybersecurity risk management strategy. The Technology Committee also assesses the cybersecurity risk management strategy. This assessment includes reviews of the results of audits, testing, and metrics, including reports of third-party reviewers.

In the event of a cybersecurity incident, we have an incident response process and an escalation process in place to promptly identify, notify and brief the Board, including the Chair of the Technology Committee, outside of the regular reporting process in the event of an emerging or potentially material cybersecurity incident. The Board of Directors may choose to delegate responsibility for oversight of a particular cybersecurity matter to the Technology Committee in its discretion.

Management's Roles and Responsibilities

Our cybersecurity response is handled by our information security team and managed by our Chief Information Security Officer (CISO), who reports to the Chief Financial Officer. Our CISO has over thirty years of business and technical experience in information risk, risk management, and regulatory compliance, including thirteen years in a CISO role. Our information security team manages risks by establishing policies and procedures that manage information system access appropriately. These policies and procedures are tested through internal exercises and with external assistance and supplemented by training and communication to our employees and subcontractors.

Cybersecurity threats are constantly evolving, which drives the evolution of our responses. Typical activities for our information security team include system monitoring, new hire and annual training, testing and evaluation, including "phishing" exercises, and publication of tips and best practices. The results of this testing are communicated to corporate leadership, including to the Technology Committee of the Board of Directors. The results of this testing are communicated company-wide, including to the Technology Committee of the Board of Directors. Our CISO reports to the Technology Committee as requested, but no less than quarterly.

29

---

Table of Contents

Recently Filed

Click on a ticker to see risk factors

Ticker *	File Date
NJR	6 hours ago
PXED	7 hours ago
TTEK	7 hours ago
NTIC	7 hours ago
CRNC	7 hours ago
EACO	9 hours ago
MMS	10 hours ago
ASH	10 hours ago
LQDT	11 hours ago
APD	12 hours ago
KLIC	14 hours ago
WMG	15 hours ago
J	16 hours ago
GFF	1 day, 5 hours ago
HI	1 day, 6 hours ago
JACK	1 day, 6 hours ago
ENTA	1 day, 6 hours ago
BV	1 day, 7 hours ago
PACS	1 day, 7 hours ago
DHI	1 day, 8 hours ago
POWL	1 day, 10 hours ago
MWA	1 day, 10 hours ago
FOR	1 day, 10 hours ago
BRBR	2 days, 10 hours ago
EPC	3 days, 1 hour ago
OCSL	3 days, 5 hours ago
HZO	3 days, 6 hours ago
GLAD	3 days, 7 hours ago
TWST	3 days, 15 hours ago
NMEX	6 days, 3 hours ago
ATO	6 days, 6 hours ago
SONO	6 days, 6 hours ago
AWCA	6 days, 6 hours ago
SBUX	6 days, 7 hours ago
MTSI	6 days, 7 hours ago
GAFC	6 days, 7 hours ago
SR	6 days, 8 hours ago
JCI	6 days, 12 hours ago
PLXS	6 days, 15 hours ago
QTZM	1 week ago
WNDW	1 week ago
BZH	1 week ago
EZPW	1 week ago
SBH	1 week ago
SANM	1 week ago
MYCB	1 week ago
DIS	1 week ago
PXPC	1 week, 1 day ago
TVE	1 week, 1 day ago
RMR	1 week, 1 day ago

OTHER DATASETS

House Trading

Dashboard

Corporate Flights

Dashboard

App Ratings

Dashboard

TRADE SMARTER

with our free, cutting-edge alternative data platform

Please enter user name

Password too short

Sign in

Don't have an account? Sign Up for Free

Forgot password?

TRADE SMARTER

with our free, cutting-edge alternative data platform

Please enter user name

Please enter valid email

Password too short

Password too short

Sign Up

I already have an account, Sign In

App Store (iOS)

Play Store (Android)