Risk Factors Dashboard
Once a year, publicly traded companies issue a comprehensive report of their business, called a 10-K. A component mandated in the 10-K is the ‘Risk Factors’ section, where companies disclose any major potential risks that they may face. This dashboard highlights all major changes and additions in new 10K reports, allowing investors to quickly identify new potential risks and opportunities.
View risk factors by ticker
Search filings by term
Risk Factors - T
-New additions in green
-Changes in blue
-Hover to see similar sentence in last filing
ITEM 1A. RISK FACTORS
We maintain a Chief Security Office (CSO) , which is charged with management-level responsibility for all aspects of network and information security within the Company. Led by our CISO and comprised of a large team of highly trained security professionals across multiple countries , the CSO is responsible for:
Our CISO plays the key management role in assessing and managing our material risks from cybersecurity threats. The CISO also works closely with AT&T Legal to oversee compliance with legal, regulatory and contractual security requirements. The CISO has extensive technical leadership experience and cybersecurity expertise, gained from over 20 years of experience, including serving as the Chief Information Security Officer and Director of the Office of Cybersecurity at a U.S. government agency, in addition to serving as the Chief Information Security Officer of two large public companies. Prior to that, he served for 20 years in the U.S. military, in various information technology roles of increasing seniority. The security professionals in the CSO have cybersecurity backgrounds and expertise relevant to their roles, including, in certain circumstances, relevant industry certifications.
The IRPs set out a coordinated, multi-functional approach for investigating, containing and mitigating incidents, including reporting findings to senior management and other key stakeholders and keeping them informed and involved as appropriate. In general, our incident response process follows the NIST (National Institute of Standards and Technology) framework and focuses on four phases: preparation; detection and analysis; containment, eradication and recovery; and post-incident remediation.
In 2025, we did not identify and were not aware of any risks from cybersecurity threats, including as a result of any previous cybersecurity incidents, that we believe have materially affected or are reasonably likely to materially affect our business strategy, results of operations or financial condition. For a discussion of cybersecurity risk, please see the information contained under the heading “Cyberattacks impacting our networks, systems or data or those of our suppliers or vendors may have a material adverse effect on our operations or results of operations” of Item 1A.
In addition to the other information set forth in this document, including the matters contained under the heading “Cautionary Language Concerning Forward-Looking Statements,” you should carefully read the matters described below. We believe that each of these matters could materially affect our business. Most, if not all, of these factors are beyond our ability to control.
Macro-Economic Factors:
Adverse changes in the U.S. securities markets, a higher interest rate environment, rising inflation and medical costs could materially increase our benefit plan costs and future funding requirements.
Our costs to provide current benefits and funding for future benefits are subject to increases, primarily due to continuing increases in medical and prescription drug costs, in part due to inflation, and can be affected by lower returns on assets held by our pension and other benefit plans, which are reflected in our financial statements for that year. In calculating the recognized benefit costs, we have made certain assumptions regarding future investment returns, interest rates and medical costs. These assumptions could change significantly over time and could be materially different than originally projected. Lower than assumed investment returns, an increase in our benefit obligations, and higher than assumed medical and prescription drug costs will increase expenses.
The Financial Accounting Standards Board (FASB) requires companies to recognize the funded status of defined benefit pension and postretirement plans as an asset or liability in their statement of financial position and to recognize changes in that funded status in the year in which the changes occur. We have elected to reflect the annual adjustments to the funded status in our consolidated statement of income. Therefore, an increase in our costs or adverse market conditions will have a negative effect on our operating results.
Significant adverse changes in capital markets could result in the deterioration of our defined benefit plans’ funded status.
Inflationary pressures on costs, such as inputs for devices we sell and network components, labor and distribution costs, may impact our network construction, our financial condition or results of operations.
As a provider of telecommunications and technology services, we sell handsets, wireless data cards, wireless computing devices and customer premises equipment manufactured by various suppliers for use with our voice and data services and depend on suppliers to provide us, directly or through other suppliers, with items such as network equipment, customer premises equipment, and wireless-related equipment such as mobile hotspots, handsets, wirelessly enabled computers, wireless data cards and other connected devices for our customers. In recent years, the costs of these inputs and the costs of labor necessary to develop, deploy and maintain our networks and our products and services have increased. In addition, many of these inputs are subject to price fluctuations from a number of factors, including, but not limited to, market conditions, demand for raw
7
materials used in the production of these devices and network components, severe weather, energy costs, currency fluctuations, supplier capacities, governmental actions, import and export requirements (including tariffs), and other factors beyond our control. Recent spending by hyperscalers and others to support AI is beginning to pressure supply chains for goods such as semiconductors and other network components. Inflationary and supply pressures may continue into the future and could have an adverse impact on our ability to source materials.
Our attempts to offset these cost and supply pressures, such as through increases in the selling prices of some of our products and services, may not be successful.Our attempts to offset these cost pressures, such as through increases in the selling prices of some of our products and services, may not be successful. Higher product or service prices may result in reductions in sales volume or increases in subscriber churn. Consumers may be less willing to pay a price differential for our products and services and may increasingly purchase lower-priced offerings from us or our competitors, or may forego some purchases altogether, during a period of inflationary pressure or an economic downturn. Consumers may be less willing to pay a price differential for our products and may increasingly purchase lower-priced offerings, or may forego some purchases altogether, during a period of inflationary pressure or an economic downturn. To the extent that price increases are not sufficient to offset these increased costs adequately or in a timely manner, and/or if they result in significant decreases in sales volume, our business, financial condition or operating results may be adversely affected. Furthermore, we may not be able to offset any cost increases through productivity and cost-saving initiatives.
Adverse changes in global financial markets could limit our ability and our larger customers’ and suppliers’ ability to access capital or increase the cost of capital needed to fund business operations.8Adverse changes in global financial markets could limit our ability and our larger customers’ ability to access capital or increase the cost of capital needed to fund business operations.
In recent years, uncertainty surrounding global growth rates, inflation and the interest rate environment produced volatility in the credit, currency and equity markets. Volatility may affect companies’ access to the credit markets, leading to higher borrowing costs, or, in some cases, the inability to fund ongoing operations. In addition, we contract with large financial institutions to support our own treasury operations, including contracts to hedge our exposure to interest rates and foreign exchange and the funding of credit lines and other short-term debt obligations, including commercial paper. These financial institutions face stricter capital-related and other regulations in the United States and Europe, as well as ongoing legal and financial issues concerning their loan portfolios, which may hamper their ability to provide credit or raise the cost of providing such credit.
While we have been successful in continuing to access the credit and fixed income markets when needed, adverse changes in the financial markets could render us either unable to access these markets or able to access these markets only at higher interest costs and with restrictive financial or other conditions, severely affecting our business operations. While we have been successful in continuing to access the credit and fixed income markets when needed, adverse changes in the financial markets could render us either unable to access these markets or able to access these markets only at higher interest costs and with restrictive financial or other conditions, severely affecting our business operations. Additionally, downgrades of our credit rating by the major credit rating agencies could increase our cost of borrowing and also impact the collateral we would be required to post under certain agreements we have entered into with our derivative counterparties, which could negatively impact our liquidity. Further, valuation changes in our derivative portfolio due to interest rates and foreign exchange rates could require us to post collateral and thus may negatively impact our liquidity.
Our international operations increase our exposure to political instability, to changes in the international economy and to regulation on our business, and these risks could offset our expected growth opportunities.
We have international operations, particularly in Mexico, and other countries worldwide where we need to comply with a wide variety of complex local laws, regulations and treaties, and are subject to evolving political environments.We have international operations, particularly in Mexico, and other countries worldwide where we need to comply with a wide variety of complex local laws, regulations and treaties. In addition, we are exposed to, among other factors, fluctuations in currency values, changes in relationships between U.S. and foreign governments, war or other hostilities, and other regulations that may materially affect our earnings. Involvement with foreign firms also exposes us to the risk of being unable to control the actions of those firms and therefore exposes us to risks associated with our obligation to comply with the Foreign Corrupt Practices Act (FCPA). Violations of the FCPA could have a material adverse effect on our operating results.
Industry-Wide Factors:
Changes to federal, state and foreign government regulations and decisions in regulatory proceedings, as well as private litigation, could further increase our operating costs and/or alter customer perceptions of our operations, which could materially adversely affect us.
Our subsidiaries providing wired services are subject to significant federal and state regulation, while many of our competitors are not. In addition, our subsidiaries and affiliates operating outside the United States are also subject to the jurisdiction of national and supranational regulatory authorities in the markets where service is provided. Our wireless subsidiaries are regulated to varying degrees by the FCC and in some instances, by state and local agencies. Adverse regulations and rulings by the courts, the FCC or states relating to broadband and wireless deployment could impede our ability to manage our networks and recover costs and lessen incentives to invest in our networks. Adverse regulations and rulings by the FCC relating to broadband and wireless deployment could impede our ability to manage our networks and recover costs and lessen incentives to invest in our networks. The continuing growth of IP-based services, especially when accessed by wireless devices, has created or potentially could create conflicting regulation between the FCC and various state and local authorities, which may involve lengthy litigation to resolve and may result in outcomes unfavorable to us. In addition, increased public focus on a variety of issues related to our operations, such as privacy issues, government requests or orders for customer data, state rate regulation of broadband and concerns about global climate change, have led to proposals or new
8
legislation at state, federal and foreign government levels to change or increase regulation on our operations, which could result in additional costs of compliance or litigation. Enactment of new privacy laws and regulations could, among other things, adversely affect our ability to collect data and offer targeted advertisements or result in additional costs of compliance or litigation. Enactment of new privacy laws and regulations could, among other things, adversely affect our ability to collect and offer targeted advertisements or result in additional costs of compliance or litigation. Should customers decide that our competitors offer a more customer-friendly environment, our competitive position, results of operations or financial condition could be materially adversely affected.
Extreme weather events and other potential effects of climate change may impose risk of damage to our infrastructure, our ability to provide services, and may cause changes in federal, state and foreign government regulation, all of which may result in potential adverse impact to our financial results.Effects of climate change may impose risk of damage to our infrastructure, our ability to provide services, and may cause changes in federal, state and foreign government regulation, all of which may result in potential adverse impact to our financial results.
The potential physical effects of extreme weather events and other potential effects of climate change, such as increased frequency and severity of storms, floods, fires, freezing conditions, sea-level rise and other climate-related events, could damage our networks and cause disruptions in our services, which could adversely affect our operations, infrastructure and financial results. Operational impacts resulting from the potential physical effects of climate change, such as damage to our network infrastructure, could result in increased costs and loss of revenue. While we currently do not believe the potential losses or costs associated with the physical effects of climate change will be material, it is difficult to accurately and precisely calculate the future impacts of the physical effects of climate change given the dynamic nature of its impacts on the environment.
Continuing growth in and the converging nature of wireless and broadband services will require us to deploy significant amounts of capital and require ongoing access to spectrum in order to provide attractive services to customers.
Wireless and broadband services are undergoing rapid and significant technological changes and a dramatic increase in usage, including, in particular, the demand for faster and seamless usage of data across mobile and fixed devices. Recent world events and trends accelerated these changes and also resulted in higher network utilization, as more customers consumed bandwidth. Streaming, augmented reality, “smart” technologies, user generated content and AI are expected to continue to drive greater demand for broadband. We must continually invest in our networks in order to improve our wireless and broadband services to meet this increasing demand and changes in customer expectations while remaining competitive. Improvements in these services depend on many factors, including continued access to and deployment of adequate spectrum and the capital needed to expand our wireline network to support transport of these services. In order to stem broadband connectivity losses to cable competitors in our non-fiber wireline areas, we have been expanding our all-fiber wireline network and where we offer our fixed wireless access product. In order to stem broadband subscriber losses to cable competitors in our non-fiber wireline areas, we have been expanding our all-fiber wireline network. We must maintain and expand our network capacity and coverage for transport of data, including video, and voice between cell and fixed landline sites. To this end, we participate in spectrum auctions and continue to deploy software and other technology advancements in order to efficiently invest in our network.
We have spent, and plan to continue spending, significant capital and other resources on the ongoing development and deployment of our 5G and fiber networks. This deployment and other network service enhancements and product launches may not occur as scheduled or at the cost expected due to many factors, including unexpected inflation, delays in determining equipment and wireless handset operating standards, supplier delays, software issues, increases in network and handset component costs, regulatory permitting delays for tower sites or enhancements, or labor-related delays. Deployment of new technology also may adversely affect the performance of the network for existing services. If we cannot acquire needed spectrum, if our 5G and fiber standalone or converged offerings fail to gain acceptance in the marketplace or if we otherwise fail to deploy the services customers desire on a timely basis with acceptable quality and at reasonable costs, then our ability to attract and retain customers, and, therefore, maintain and improve our operating margins, could be materially adversely affected. If we cannot acquire needed spectrum, our 5G and fiber offerings fail to gain acceptance in the marketplace or we otherwise fail to deploy the services customers desire on a timely basis with acceptable quality and at reasonable costs, then our ability to attract and retain customers, and, therefore, maintain and improve our operating margins, could be materially adversely affected.
Increasing competition could materially adversely affect our operating results.10Increasing competition for wireless customers could materially adversely affect our operating results.
We have multiple wireless competitors in each of our service areas and compete for customers based principally on service/device offerings, price, network quality, reliability, speed, coverage area and customer service. In addition, we are facing growing competition from providers offering services using advanced wireless technologies and IP-based networks, among others. We expect market saturation to continue, which may cause the wireless industry’s customer growth rate to moderate in comparison with historical growth rates, leading to increased competition for customers, including from strategic alliances in converged connectivity. Our share of industry sales could be reduced due to aggressive pricing or promotional strategies pursued by competitors. We also expect that our customers’ growing demand for high-speed video and data services will place constraints on our network capacity. These competition and capacity constraints will continue to put pressure on pricing and margins as companies compete for potential customers. Additionally, we may not be able to accurately predict future consumer demands or the success of new services in markets. Our ability to address these issues will depend, among other things, on continued improvement in network quality and customer service and our ability to price our products and services competitively as well as effective marketing of attractive products and services. Our ability to respond will depend, among other things, on continued improvement in network quality and customer service and our ability to price our products and services competitively as well as effective marketing of attractive products and services. These efforts will involve significant expenses and require strategic management decisions on, and timely implementation of, equipment choices, network deployment and service offerings. In addition, a sustained decline in a reporting unit’s revenues and earnings has resulted in the past, and may
9
again result in the future, in a significant negative impact on its fair value, requiring us to record an impairment charge, which could have an adverse impact on our results of operations.
Intellectual property rights may be inadequate to take advantage of business opportunities, which may materially adversely affect our operations.
We may need to spend significant amounts of money to protect our intellectual property rights. Any impairment of our intellectual property rights, including due to changes in U.S. or foreign intellectual property laws or the absence of effective legal protections or enforcement measures, could materially adversely impact our operations.
Incidents or public assertions leading to damage to our reputation or questions about our business conduct, and any resulting lawsuits, claims or other legal proceedings, could have a material adverse effect on our business. Further, climate change regulations may require us to alter our proposed business plans or increase our operating costs due to increased regulation or environmental considerations, and could adversely affect our business and reputation.
We believe that our brand image, awareness and reputation strengthen our relationship with consumers and contribute significantly to the success of our business. Our reputation and brand image could be negatively affected by a number of factors, including the safety, quality or reliability of our services, products and operations; cybersecurity incidents and data breaches, including our actual or perceived responses thereto; regulatory compliance; governance issues; our actual or perceived position or lack of position on social and other sensitive matters; and the conduct of our employees and former employees. Our ability to attract and retain employees is highly dependent upon our commitment to an inclusive workplace, ethical business practices and other qualities. Our ability to attract and retain employees is highly dependent upon our commitment to a diverse and inclusive workplace, ethical business practices and other qualities.
We currently are, and may in the future be, named as a defendant in lawsuits, claims and other legal proceedings that arise in or outside the ordinary course of our business based on alleged acts of misconduct by employees, contractors or other third parties. These actions seek, among other things, compensation for alleged personal injury (including claims for loss of life), workers’ compensation, employment discrimination, sexual harassment, workplace misconduct, wage and hour claims and other employment-related damages, compensation for breach of contract, statutory or regulatory claims, negligence or gross negligence, punitive damages, consequential damages, and civil penalties or other losses or injunctive or declaratory relief. The outcome of any allegations, lawsuits, claims or legal proceedings is inherently uncertain and could result in significant costs, damage to our brands or reputation and diversion of management’s attention from our business. In 2023, The Wall Street Journal published a series of articles alleging that lead-clad telecommunications cables are a public health hazard or may pose environmental risks. We are currently subject to litigation and have received inquiries from government authorities as a result of these assertions. We may be subject to additional litigation, government investigations and potentially new regulation or legislation relating to lead-clad cables. Any damage to our reputation or payments of significant amounts as a result of any of these issues, even if reserved, could materially and adversely affect our business, ability to serve customers, reputation, financial condition, results of operations and cash flows. Any damage to our reputation or payments of significant amounts, even if reserved, could materially and adversely affect our business, reputation, financial condition, results of operations and cash flows.
Our business is subject to risks related to public health crises.
Public health crises and resulting mitigation measures have in the past, and may in the future, cause a negative effect on our operating results. These effects include, but are not limited to, closure of retail stores; impact on our customers’ ability to pay for our products and services; reduction in international roaming revenue; and reduced staffing levels in call centers and field operations. We also have in the past, and may in the future, incur significantly higher expenses attributable to infrastructure investments and increased labor costs due to public health crises.
Company-Specific Financial Factors:
Customer adoption of new software-based technologies may require higher-quality services from us, and meeting these demands could create supply chain issues and could increase capital costs.
The communications industry has experienced rapid changes in the past several years. An increasing number of our customers are using mobile devices for using AI-enabled applications and as their primary means of viewing video. An increasing number of our customers are using mobile devices as their primary means of viewing video. In addition, businesses and government bodies are broadly shifting to wireless-based services for homes and infrastructure to improve services to their respective customers and constituencies. We have spent, and continue to spend, significant capital to shift our wired network to software-based technology and are expanding 5G wireless technology to address these demands. We have spent, and continue to spend, significant capital to shift our wired network to software-based technology to manage this demand and are expanding 5G wireless technology to address these consumer demands. We have entered and continue to enter into a significant number of software licensing agreements and continue to work with software developers to provide network functions in lieu of installing switches or other physical network equipment in order to respond to rapid developments in wireless demand. We are entering into a significant number of software licensing agreements and working with software developers to provide network functions in lieu of installing switches or other physical network equipment in order to respond to rapid developments in wireless demand. While software-based functionality can be changed much more quickly than, for example, physical switches, the rapid pace of development means that we may increasingly need to rely on single-source and software solutions that have not previously been deployed in production environments. Should this software not function as intended or our license agreements provide inadequate protection from intellectual property infringement claims, we could be forced to either substitute (if available) or else spend time to develop alternative technologies at a much higher cost and incur harm to our reputation for reliability, and, as a result, our ability to remain competitive could be materially adversely affected.
10
We depend on various suppliers to provide equipment to operate our business and satisfy customer demand, and interruption or delay in supply can adversely impact our operating results.
We depend on suppliers to provide us, directly or through other suppliers, with items such as network equipment, customer premises equipment and wireless-related equipment such as mobile hotspots, handsets, wirelessly enabled computers, wireless data cards and other connected devices for our customers. In some instances, we depend on key single-source suppliers to provide important inputs where there are few alternative suppliers available. These suppliers could fail to provide equipment on a timely or cost-effective basis, or fail to meet our performance expectations, for a number of reasons, including difficulties in obtaining export licenses for certain technologies, inflationary pressures, inability to secure component parts, general business disruption, natural disasters, safety issues, economic and political instability, including the outbreak of war and other hostilities, and public health emergencies. These suppliers could fail to provide equipment on a timely or cost effective basis, or fail to meet our performance expectations, for a number of reasons, including difficulties in obtaining export licenses for certain technologies, inflationary pressures, inability to secure component parts, general business disruption, natural disasters, safety issues, economic and political instability, including the outbreak of war and other hostilities, and public health emergencies such as the COVID-19 pandemic. In certain circumstances, we could be liable for the actions of our suppliers and other third parties we do business with. These factors have caused, and may again cause, delays in the development, manufacturing (including the sourcing of key components) and shipment of products to the extent that we or our suppliers are impacted. In certain limited circumstances, suppliers have been unable to supply products in a timely fashion, affecting our ability to provide products and services precisely as and when requested by our customers. It is possible that, in some circumstances, we could be forced to switch to a different key supplier or be unable to meet customer demand for certain products or services. Because of the cost and time lag that can be associated with transitioning from one supplier to another, our business could be substantially disrupted if we were required to, or chose to, replace the products of one or more key suppliers with products from another source, especially if the replacement became necessary on short notice. Any such disruption could increase our costs, decrease our operating efficiencies and have a negative effect on our operating results.
Increasing costs to provide services and failure to renew agreements on favorable terms, or at all, could adversely affect operating margins.
Our operating costs, including customer acquisition and retention costs, could continue to put pressure on margins and customer retention levels.
A number of our competitors offering comparable legacy services that rely on alternative technologies and business models are typically subject to less regulation, and therefore are able to operate with lower costs. These competitors generally can focus on discrete customer segments since they do not have regulatory obligations to provide universal service. Also, these competitors have cost advantages compared to us, due in part to operating on newer, more technically advanced and lower-cost networks with a nonunionized workforce, lower employee benefits and fewer retirees. We are transitioning services from our copper-based network and seeking regulatory approvals, where needed, at both the state and federal levels. We are transitioning services from our old copper-based network and seeking regulatory approvals, where needed, at both the state and federal levels. If we do not obtain regulatory approvals for our network transition or obtain approvals with onerous conditions, we could experience significant cost and competitive disadvantages.
A significant portion of our workforce is represented by labor unions, and we could incur additional costs or experience work stoppages as a result of the renegotiation of our labor contracts.
As of December 31, 2025, approximately 43% of our workforce was represented by the Communications Workers of America (CWA), the International Brotherhood of Electrical Workers (IBEW) or other unions. While we have labor contracts in place with these unions, with subsequent negotiations we have in the past and could in the future incur additional costs and/or experience work stoppages, which could adversely affect our business operations.
We may not realize or sustain the expected benefits from acquisitions, joint ventures or our business transformation initiatives, including dispositions, which could have a material adverse effect on our business, operations, financial condition, results of operations and competitive position.We may not realize or sustain the expected benefits from our business transformation initiatives and these efforts could have a materially adverse effect on our business, operations, financial condition, results of operations and competitive position.
We have been and will be undertaking certain transformation initiatives and investments, which are designed to reduce costs, enable legacy rationalization, streamline and modernize distribution and customer service, improve our products and services, remove redundancies and simplify and improve processes and support functions.We have been and will be undertaking certain transformation initiatives, including the WarnerMedia/Discovery Transaction, which are designed to reduce costs, streamline and modernize distribution and customer service, remove redundancies and simplify and improve processes and support functions. Our focus is on supporting added customer value with an improved customer experience. We intend for these efficiencies to enable increased investments in our strategic areas of focus, which include improving broadband connectivity (for example, fiber and 5G). We also expect these initiatives to drive efficiencies and improved margins. If we do not successfully manage and timely execute these initiatives and investments, which may include acquisitions, joint ventures, particularly those aimed at enhancing our fiber serviceable locations, and other strategic transactions, or if they are inadequate or ineffective, we may fail to meet our financial goals and achieve anticipated benefits, improvements may be delayed, not sustained or not realized, and our business, operations and competitive position could be adversely affected. In addition, any such initiative or investment entails certain risks and could present financial, managerial and operational challenges. Further, we are using and intend to further use AI-driven efficiencies in our network design and operations, software development, sales, marketing, customer support services and general and administrative costs. The models used in those products or operations, particularly generative AI models, may produce output or take action that is incorrect, release private or confidential information, reflect biases included in the data on which they are trained, infringe on the intellectual property rights of others, or be otherwise harmful. AI-related laws and regulations continue to remain uncertain and may vary from jurisdiction to jurisdiction. There can be no assurance that the usage of AI will meaningfully enhance our
11
products or operations, and any of these risks could expose us to liability or adverse legal or regulatory consequences and harm our reputation and the public perception of our business or the effectiveness of our security measures.
Unfavorable litigation or governmental investigation results could require us to pay significant amounts or lead to onerous operating procedures.
We are subject to a number of lawsuits both in the United States and in foreign countries, including, at any particular time, claims relating to antitrust, patent infringement, wage and hour, personal injury, environmental, customer data and privacy violations, cyberattacks, regulatory proceedings, breach of contract, and selling and collection practices.We are subject to a number of lawsuits both in the United States and in foreign countries, including, at any particular time, claims relating to antitrust, patent infringement, wage and hour, personal injury, customer privacy violations, regulatory proceedings, breach of contract, and selling and collection practices. We also spend substantial resources complying with various government standards, which may entail related investigations and litigation. In the wireless and wireline area, we also face current and potential litigation relating to alleged adverse health effects on customers or employees who use such technologies including, for example, wireless devices. In the wireless area, we also face current and potential litigation relating to alleged adverse health effects on customers or employees who use such technologies including, for example, wireless devices. We may incur significant expenses defending such suits or government charges and may be subject to injunctions or required to pay amounts or otherwise change our operations in ways that could materially adversely affect our operations or financial results. We may incur significant expenses defending such suits or government charges and may be required to pay amounts or otherwise change our operations in ways that could materially adversely affect our operations or financial results.
Cyberattacks impacting our networks, systems or data or those of our suppliers or vendors may have a material adverse effect on our operations or results of operations.
Cyberattacks – including through the use of malware, computer viruses, distributed denial of services attacks, ransomware attacks, credential harvesting, social engineering and other means for obtaining unauthorized access to or disrupting the operation of our networks and systems or accessing our data and those of our suppliers, vendors and other service providers – could have a material adverse effect on our operations or results of operations.Cyberattacks, including through the use of malware, computer viruses, distributed denial of services attacks, ransomware attacks, credential harvesting, social engineering and other means for obtaining unauthorized access to or disrupting the operation of our networks and systems and those of our suppliers, vendors and other service providers, could have a material adverse effect on our operations. As a critical infrastructure service provider, we believe that we are a particularly attractive target for such cyberattacks, including from nation states and highly sophisticated, state-sponsored, or otherwise well-funded actors, and we experience heightened risk from time to time as a result of geopolitical events.
Cyberattacks have caused, and may in the future cause, equipment or network failures, copying or loss of information, including sensitive personal information of customers or employees or proprietary information, as well as disruptions to our or our customers’, suppliers’ or vendors’ operations, which have and in the future could result in significant expenses, potential investigations and legal liability, a loss of current or future customers and reputational damage. Cyberattacks can cause equipment or network failures, loss of information, including sensitive personal information of customers or employees or proprietary information, as well as disruptions to our or our customers’, suppliers’ or vendors’ operations, which could result in significant expenses, potential investigations and legal liability, a loss of 12current or future customers and reputational damage. Additional resources and management attention may be necessary to respond to government inquiries and requirements, including potentially conflicting demands and requirements from multiple government agencies. Moreover, the amount and scope of insurance that we maintain against losses resulting from any such events or security breaches may not be sufficient to cover our losses or otherwise adequately compensate us for any disruptions to our business that may result. As our networks evolve, they are becoming increasingly reliant on software and cloud technologies to handle growing demands for data consumption. Cyberattacks against us and our suppliers and vendors have occurred in the past, including from highly sophisticated, state-sponsored actors as noted above, and will continue to occur in the future and are increasing in frequency, scope and potential harm over time. For example, in July 2024, we disclosed a cybersecurity incident on Item 1.05 of Form 8-K relating to the copying of mobile customer call data.
Due to the complexity and interconnectedness of our systems and those of our suppliers, vendors and other service providers, the process of enhancing our protective measures can itself create a risk of systems disruptions and security issues. Further, the use of artificial intelligence and machine learning by cybercriminals may increase the frequency and severity of cybersecurity attacks against us or our suppliers, vendors and other service providers. In addition, despite our efforts to detect unlawful intrusions, an attack may persist for an extended period of time before being detected, and, following detection, it may take considerable time for us to obtain sufficient information about the nature, scope and timing of the incident as well as the impact or reasonably likely impact on us. Indeed, as cyberattacks become increasingly sophisticated, a post-attack investigation may not be able to ascertain the entire scope of the attack’s impact.
Extensive and costly efforts are undertaken to develop and test systems before deployment and to conduct ongoing monitoring and updating to prevent and withstand such attacks. While we may have contractual rights to assess the effectiveness of many of our suppliers’ and vendors’ systems and protocols, we cannot know or assess the effectiveness of all of our providers’ systems and controls at all times. While, to date, we have not been subject to a cyberattack that has had a material adverse effect on our operations or results of operations, the preventive actions we take, or our suppliers or vendors take, to reduce the risks associated with cyberattacks may be insufficient to repel or mitigate the effects of a major cyberattack in the future. While, to date, we have not been subject to cyberattacks that, individually or in the aggregate, have been material to our operations or financial condition, the preventive actions we take to reduce the risks associated with cyberattacks may be insufficient to repel or mitigate the effects of a major cyberattack in the future.
Natural disasters, extreme weather conditions or terrorist or other hostile acts could cause damage to our infrastructure and result in significant disruptions to our operations.
Our business operations could be subject to interruption by equipment or network failures caused by human error, system failures, unauthorized access to our network and critical infrastructure, power outages, terrorist or other hostile acts, including acts of war, and natural disasters, such as flooding, hurricanes and forest fires.Our business operations could be subject to interruption by equipment failures, power outages, terrorist or other hostile acts, and natural disasters, such as flooding, hurricanes and forest fires, whether caused by discrete severe weather events and/or precipitated by long-term climate change. Such events could cause significant damage to the infrastructure upon which our business operations rely, resulting in degradation or disruption of service to our customers, as well as significant recovery time and expenditures to resume operations. Our system redundancy and other measures we take to
12
protect our infrastructure and operations from the impacts of such events may be ineffective or inadequate to sustain our operations through all such events. Any of these occurrences could result in lost revenues from business interruption, damage to our reputation and reduced profits.
Increases in our debt levels to fund spectrum purchases, or other strategic decisions could adversely affect our ability to finance future debt at attractive rates and reduce our ability to respond to competition and adverse economic trends.
We intend to and have incurred debt to fund significant acquisitions, as well as spectrum purchases needed to compete in our industry.We have incurred debt to fund significant acquisitions, as well as spectrum purchases needed to compete in our industry. While we believe such decisions were prudent and necessary to take advantage of both growth opportunities and respond to industry developments, we did experience credit rating downgrades from historical levels. Banks and potential purchasers of our publicly traded debt may decide that these strategic decisions and similar actions we may take in the future, as well as expected trends in the industry, will continue to increase the risk of investing in our debt and may demand a higher rate of interest, impose restrictive covenants or otherwise limit the amount of potential borrowing. Additionally, our capital allocation plan is focused on, among other things, managing our debt level. Any failure to successfully execute this plan could adversely affect our cost of funds, liquidity, competitive position and access to capital markets.
Our business may be impacted by changes in tax laws and regulations, judicial interpretations of the same or administrative actions by federal, state, local and foreign taxing authorities.
Tax laws are dynamic and subject to change as new laws are passed and new interpretations of the law are issued or applied. In many cases, the application of existing, newly enacted or amended tax laws may be uncertain and subject to differing interpretations, especially when evaluated against ever-changing products and services provided by our global telecommunications and technology businesses. In many cases, the application of existing, newly enacted or amended tax laws (such as the US Tax Cuts and Jobs Act of 2017 and the Inflation Reduction Act of 2022) may be uncertain and subject to differing interpretations, especially when evaluated against ever changing products and services provided by our global telecommunications and technology businesses. In addition, tax legislation has been introduced or is being considered in various jurisdictions that could significantly impact our tax rate, tax liabilities and carrying value of deferred tax assets or deferred tax liabilities. Any of these changes could materially impact our financial performance and our tax provision, net income and cash flows.
We are also subject to ongoing examinations by taxing authorities in various jurisdictions. Although we regularly assess the likelihood of an adverse outcome resulting from these examinations to determine the adequacy of provisions for taxes, there can be no assurance as to the outcome of these examinations. In the event that we have not accurately or fully described, disclosed or determined, calculated or remitted amounts that were due to taxing authorities or if the ultimate determination of our taxes owed is for an amount in excess of amounts previously accrued, we could be subject to additional taxes, penalties and interest, which could materially impact our business, financial condition and operating results.
13
CAUTIONARY LANGUAGE CONCERNING FORWARD-LOOKING STATEMENTS
Information set forth in this report contains forward-looking statements that are subject to risks and uncertainties, and actual results could differ materially. Many of these factors are discussed in more detail in the “Risk Factors” section. We claim the protection of the safe harbor for forward-looking statements provided by the Private Securities Litigation Reform Act of 1995.
The following factors could cause our future results to differ materially from those expressed in the forward-looking statements:
•Adverse economic and political changes, public health emergencies and our ability to access financial markets on favorable terms.
•Increases in our benefit plans’ costs, including due to worse-than-assumed investment returns and discount rates, mortality assumptions, medical cost trends, or healthcare laws or regulations.
•The final outcome of FCC and other federal, state or foreign government agency proceedings (including judicial review of such proceedings) and legislative and regulatory efforts involving issues important to our business, including, without limitation, results of pending governmental investigations; the transition from legacy technologies to IP-based infrastructure, including the withdrawal of legacy TDM-based services; universal service; broadband deployment; wireless equipment siting regulations; E911 services; rules concerning digital discrimination; competition policy; privacy; net neutrality; copyright protection; availability of new spectrum on fair and reasonable terms; and wireless and satellite license awards and renewals, and our response to such legislative and regulatory efforts.
•Enactment of or changes to state, local, federal and/or foreign tax laws and regulations, and actions by tax agencies and judicial authorities, and the resolution of disputes with any taxing jurisdictions.
•U.S. and foreign laws and regulations regarding intellectual property rights protection and privacy, personal data protection and user consent.
•Our ability to compete in a competitive industry and against competitors that can offer product/service offerings at lower prices due to lower cost structures and regulatory and legislative actions adverse to us, including non-regulation of comparable alternative technologies and/or government-owned or subsidized networks, and our response to such competition and emerging technologies, including artificial intelligence.
•Disruptions in our supply chain that have a material impact on our ability to acquire needed goods and services.
•The development and delivery of attractive and profitable wireless and broadband offerings and devices, including our ability to match speeds offered by competitors; and the availability, cost and/or reliability of technologies required to provide such offerings.
•Our ability to adequately fund additional wireless spectrum and network development, deployment and maintenance; and regulations and conditions relating to spectrum use, licensing, obtaining additional spectrum, technical standards and deployment and usage, including network management rules.
•Our ability to manage growth in wireless data services, including network quality.
•The outcome of pending, threatened or potential litigation and arbitration.
•The impact from major equipment, software or other failures or errors that disrupt our networks or cyber incidents; the effect of security breaches related to the network or customer information; our inability to obtain handsets, equipment/software or have handsets, equipment/software serviced in a timely and cost-effective manner; severe weather conditions or other natural disasters including earthquakes and forest fires; public health emergencies; energy shortages; or wars or terrorist attacks.
•The issuance by the FASB or other accounting oversight bodies of new or revised accounting standards.
•The imposition of tariffs and their duration and uncertainty surrounding further tariffs and congressional action regarding spending and taxation, which may result in changes in government spending and affect business and consumer spending trends.
•Our ability to realize or sustain the expected benefits of our business transformation initiatives, which are designed to reduce costs, enable legacy rationalization, streamline distribution, remove redundancies and simplify and improve processes and support functions.
•Our ability to successfully complete acquisitions, divestitures and joint venture transactions, as well as achieve our expectations regarding the financial impact of completed and/or pending transactions.
Readers are cautioned that other factors discussed in this report, although not enumerated here, also could materially affect our future earnings.
14
ITEM 1B. UNRESOLVED STAFF COMMENTS
Not applicable.
ITEM 1C.ITEM 1A. CYBERSECURITY
Governance
Board and Audit Committee Oversight
Our Board of Directors has delegated to the Audit Committee the oversight responsibility to review and discuss with management the Company’s privacy and data security, including cybersecurity, risk exposures, policies and practices, and the steps management has taken to detect, monitor and control such risks and the potential impact of those exposures on our business, financial results, operations and reputation. The full Board and Audit Committee regularly receive reports and presentations on privacy and data security, which address relevant cybersecurity issues and risks and span a wide range of topics. These reports and presentations are provided by officers with responsibility for privacy and data security, who include our Chief Information Security Officer (CISO), Chief Technology Officer (CTO) and AT&T’s Legal team . In addition to regular reports to the Audit Committee, we have protocols by which certain security incidents are escalated within the Company and, where appropriate, reported in a timely manner to the Audit Committee.
Chief Security Office/CISO
a.establishing the policies, standards and requirements for the security of AT&T’s computing and network environments;
b.protecting AT&T-owned and -managed assets and resources against unauthorized access by monitoring potential security threats, correlating network events and overseeing the execution of corrective actions;
c.promoting compliance with AT&T’s security policies and network and information security program in a consistent manner on network systems and applications; and
d.providing security thought leadership in the global security arena.
Risk Management and Strategy
We maintain a network and information security program that is reasonably designed to protect our information, and that of our customers, from unauthorized risks to their confidentiality, integrity or availability. Our program encompasses the CSO and its policies, platforms, procedures and processes for assessing, identifying and managing risks from cybersecurity threats, including third-party risk from vendors and suppliers. The program is integrated into our overall risk management framework and is generally designed to identify and respond to security incidents and threats in a timely manner to minimize the loss or compromise of information assets and to facilitate incident resolution.
We maintain continuous and near-real-time security monitoring of the AT&T network for investigation, action and response to network security events. This security monitoring leverages tools, where available, such as near-real-time data correlation, situational awareness reporting, active incident investigation, case management, trend analysis and predictive security alerting. We assess, identify and manage risks from cybersecurity threats through various mechanisms, which from time to time may include tabletop exercises to test our preparedness and incident response process, business unit assessments, control gap analyses, threat modeling, impact analyses, internal audits, external audits, penetration tests and engaging third parties to conduct analyses of our information security program. When circumstances warrant, we also retain external cybersecurity experts to assist the CSO. We conduct vulnerability testing and assess identified vulnerabilities for severity, the potential impact to AT&T and our customers, and likelihood of occurrence. We regularly evaluate security controls to maintain their functionality in accordance with security policy. We also obtain cybersecurity threat intelligence from recognized forums, third parties and other sources as part of our risk assessment process. In addition, as a critical infrastructure entity, we collaborate
15
with numerous agencies in the U.S. government to help protect U.S. communications networks and critical infrastructure, which, in turn, informs our cybersecurity threat intelligence.
With respect to incident response, the Company has adopted a Cybersecurity Incident Response Plan, as well as a Data Privacy Incident Response Plan that applies if customer information has been compromised (together, the “IRPs”), to provide a common framework for responding to security incidents. This framework establishes procedures for identifying, validating, categorizing, documenting and responding to security events that are identified by or reported to the CSO. The IRPs apply to all AT&T personnel (including contractors and partners) that perform functions or services that require securing AT&T information and computing assets, and to all devices and network services that are owned or managed by the Company.
Impact of Cybersecurity Risk
Recently Filed
Click on a ticker to see risk factors
| Ticker * | File Date |
|---|---|
| T | an hour ago |
| BE | an hour ago |
| SIGI | an hour ago |
| UTL | 2 hours ago |
| RXO | 2 hours ago |
| APAD | 2 hours ago |
| ITT | 2 hours ago |
| CLF | 2 hours ago |
| VNO | 2 hours ago |
| ON | 2 hours ago |
| PI | 2 hours ago |
| BSAA | 2 hours ago |
| ZWS | 3 hours ago |
| BRX | 3 hours ago |
| KN | 3 hours ago |
| MRSH | 3 hours ago |
| FCFS | 3 hours ago |
| WM | 3 hours ago |
| NSC | 7 hours ago |
| OHI | 8 hours ago |
| LADR | 10 hours ago |
| ALX | 10 hours ago |
| AAT | 3 days, 2 hours ago |
| LVS | 3 days, 2 hours ago |
| RTX | 3 days, 2 hours ago |
| APTV | 3 days, 2 hours ago |
| SYF | 3 days, 2 hours ago |
| POWI | 3 days, 2 hours ago |
| MAA | 3 days, 2 hours ago |
| CHAC | 3 days, 2 hours ago |
| VTR | 3 days, 3 hours ago |
| ELV | 3 days, 4 hours ago |
| MSCI | 3 days, 4 hours ago |
| HNOI | 3 days, 5 hours ago |
| HAL | 3 days, 5 hours ago |
| AXP | 3 days, 6 hours ago |
| RLEA | 3 days, 7 hours ago |
| ATR | 3 days, 7 hours ago |
| MTD | 3 days, 7 hours ago |
| TXN | 3 days, 8 hours ago |
| UNP | 3 days, 9 hours ago |
| OMF | 3 days, 10 hours ago |
| BIIB | 3 days, 11 hours ago |
| PM | 3 days, 11 hours ago |
| AMZN | 4 days ago |
| RDDT | 4 days, 1 hour ago |
| CCIX | 4 days, 1 hour ago |
| VRSN | 4 days, 2 hours ago |
| CUZ | 4 days, 2 hours ago |
| XPO | 4 days, 2 hours ago |
