Risk Factors Dashboard
Once a year, publicly traded companies issue a comprehensive report of their business, called a 10-K. A component mandated in the 10-K is the ‘Risk Factors’ section, where companies disclose any major potential risks that they may face. This dashboard highlights all major changes and additions in new 10K reports, allowing investors to quickly identify new potential risks and opportunities.
View risk factors by ticker
Search filings by term
Risk Factors - VZ
-New additions in green
-Changes in blue
-Hover to see similar sentence in last filing
Item 1A. Risk Factors
Integrated Cybersecurity Risk Management
The Audit Committee of the Board of Directors (Board) has primary responsibility for overseeing Verizon’s risk management and compliance programs relating to cybersecurity and data protection and privacy.
We have implemented processes to identify and manage risks from cybersecurity threats associated with our use of third-party service providers. The Verizon Third Party Risk Management Program establishes governance, processes and tools for managing various supplier-related risks, including information security. As a condition of working with Verizon, suppliers who access sensitive business or customer information are expected to meet certain information security requirements.
We are subject to increasing and evolving cybersecurity threats as cyberattacks against companies, including Verizon, have increased in frequency, scope and potential harm in recent years. While none of the cyberattacks to which we have been subject to date have been material to Verizon's operations or financial condition, there can be no guarantee that we will not experience a material cyberattack in the future. For more information on the risks from cybersecurity threats that we face, refer to “Risk Factors — Operational Risks — Cyberattacks impacting our networks or systems could have an adverse effect on our business” in Part I, Item 1A of this Annual Report on Form 10-K.
The following discussion of "Risk Factors" identifies factors that may adversely affect our business, operations, financial condition or future performance. This information should be read in conjunction with "Management’s Discussion and Analysis of Financial Condition and Result of Operations" and the consolidated financial statements and related notes. The following discussion of risks is not all-inclusive but is designed to highlight what we believe are the material factors to consider when evaluating our business and expectations. These factors could cause our future results to differ materially from our historical results and from expectations reflected in forward-looking statements.
Economic and Strategic Risks | ||
We face significant competition that may negatively affect our operating results.
We face significant competition in our industries. The rapid development of new technologies, services and products has eliminated many of the traditional distinctions among wireless, cable, internet and other communication services and brought new competitors to our markets, including other telecommunications companies, cable companies, wireless service providers, satellite providers, technology companies and application and device providers. The rapid development of new technologies, services and products has eliminated many of the traditional distinctions among wireless, cable, internet and local and long distance communication services and brought new competitors to our markets, including other telecommunications companies, cable companies, wireless service providers, satellite providers, technology companies and application and device providers. While these changes have enabled us to offer new types of products and services, they have also allowed other providers to broaden the scope of their own competitive offerings. If we are unable to successfully differentiate our services and products from our competitors, it could adversely affect our competitive position and market share. If we are unable to limit future increases in the costs of our benefit plans, those costs could reduce our profitability and increase our funding commitments.
Our competitors commonly offer aggressive pricing, promotions, premium content options and other incentives – in some cases specifically targeting our customers and putting pressure on our pricing and margins. In addition, we expect the wireless industry’s customer growth rate to moderate over time in comparison to historical growth rates, leading to increased competition for customers. In addition, the wireless industry’s customer growth rate could moderate in comparison to historical growth rates, leading to increased competition for customers. Our ability to compete effectively will depend on, among other things, our network reliability, speed, capacity and coverage, the pricing of our products and services, our and our competitors' promotional strategies, the quality of our customer service, our development of new and enhanced products and services, the reach and quality of our sales and distribution channels, our ability to market our products and services effectively and our capital resources. Our ability to compete effectively will depend on, among other things, our network quality, capacity and coverage, the pricing of our products and services, the quality of our customer service, our development of new and enhanced products and services, the reach and quality of our sales and distribution channels, our ability to market our products and services effectively and our capital resources. It will also depend on how successfully we anticipate and respond to various factors affecting our industries, including regulatory changes, new technologies and business models, such as the increasing use of AI and machine learning technologies, changes in consumer preferences and demand for existing services, demographic trends and evolving geopolitical and economic conditions, including inflation. It will also depend on how successfully we anticipate and respond to various factors affecting our industries, including new technologies and business models, changes in consumer preferences and demand for existing services, demographic trends and evolving economic conditions, including inflation. If we are not able to respond successfully to these competitive challenges, our results of operations and financial condition could be adversely impacted. In addition, a sustained decline in a reporting unit's revenues and earnings has resulted in the past, and may again result in the future, in a significant negative impact on its fair value requiring us to record an impairment charge, which could have an adverse impact on our results of operations. In addition, a projected sustained decline in a reporting unit's revenues and earnings could have a significant negative impact on its fair value and result in an impairment charge, which could have an adverse impact on our results of operations.
If we are not able to take advantage of developments in technology and address changing consumer demand on a timely basis, or if the ongoing deployment of our 5G network is delayed or hindered for any reason, we may experience a decline in the demand for our services, be unable to implement our business strategy and experience reduced profits.If we are not able to take advantage of developments in technology and address changing consumer demand on a timely basis, or if the deployment of our 5G network is delayed or hindered for any reason, we 14Table of Contentsmay experience a decline in the demand for our services, be unable to implement our business strategy and experience reduced profits.
Our industries are rapidly changing as new technologies are developed that offer consumers an array of choices for their communications needs and allow new entrants into the markets we serve. In order to grow and remain competitive, we will need to adapt to future changes in technology, enhance our existing offerings and introduce new offerings to address our customers’ changing demands. If we are unable to meet future challenges from competing technologies on a timely basis or at an acceptable cost, we could lose customers to our competitors. We may not be able to accurately predict technological trends or the success of new services in the market. If our new services fail to gain acceptance in the marketplace, or if costs associated
13
with the implementation and introduction of these services materially increase, our ability to retain and attract customers could be adversely affected.
The deployment of our 5G network is subject to a variety of risks, including those related to equipment availability, unexpected costs, and regulatory matters that could cause deployment delays or network performance issues. In addition, certain advanced use cases for 5G technologies and related ecosystems are still in the early phases of adoption and their ultimate adoption or success is uncertain. These issues could result in significant costs, put us at a competitive disadvantage, or reduce the anticipated benefits of the enhancements to our networks.
As we introduce new offerings and technologies, we expect to phase out outdated and unprofitable technologies and services. If we are unable to do so on a cost-effective basis, we could experience reduced profits. In addition, there could be legal or regulatory restraints on our ability to phase out current services.
Finally, we are using AI in our network deployment and maintenance as well as our customer and employee support services. There are technological, regulatory, ethical and other risks involved in deploying and using AI, particularly generative AI models. There can be no assurance that the usage of AI will meaningfully enhance our products or services or be beneficial to our business, including our efficiency or profitability. Our investments in AI and related technologies may not result in the benefits we anticipate or enable us to obtain or maintain a competitive advantage.
Adverse conditions in the U.S. and international economies could impact our results of operations and financial condition.
Unfavorable economic conditions, such as a recession or economic slowdown in the U.S. or elsewhere, or inflation in the markets in which we operate, could negatively affect the affordability of and demand for some of our products and services and our cost of doing business. In difficult economic conditions, consumers may seek to reduce discretionary spending by forgoing purchases of our products, electing to use fewer higher margin services, dropping down in price plans or obtaining lower-cost products and services offered by other companies. Similarly, under these conditions, business customers may delay purchasing decisions, or full implementation of our service offerings, reduce their use of our services or choose lower-cost offerings from our competitors. Similarly, under these conditions, the business customers that we serve may delay purchasing decisions, delay full implementation of service offerings or reduce their use of services. In addition, adverse economic conditions may lead to an increased number of our consumer and business customers that are unable to pay for services. Unfavorable economic conditions could also amplify other risks discussed in this report, including, but not limited to, those related to our competitive position and margins. Unfavorable economic conditions could also amplify other risk factors discussed in this section, including, but not limited to, our competitive position and margins. Furthermore, our initiatives designed to reduce costs and improve operating efficiencies may be ineffective or insufficient.
Over the last several years, as a result of the inflationary environment in the U.S., we experienced increases in our direct costs, including electricity and other energy-related costs for our network operations, and transportation and labor costs, as well as increased interest expense related to changing interest rates. In 2022, these factors, along with impacts of the intense competition in our industries, resulted in lower earnings per share and caused us to lower our growth expectations and related financial guidance for that year. These factors, along with impacts of the intense competition in our industries, resulted in increased costs and lower earnings per share during 2022, and caused us to lower our growth expectations and related financial guidance. Similarly, unfavorable economic conditions in the future could have a material adverse effect on our results of operations and financial condition.
Operational Risks | ||
Cyberattacks impacting our networks or systems could have an adverse effect on our business.
Cyberattacks, including through the use of ransomware and other forms of malware, distributed denial of services attacks, credential harvesting, social engineering and other means for obtaining unauthorized access to or disrupting the operation of our networks and systems and those of our suppliers, vendors and other service providers, could have an adverse effect on our business.Cyber attacks, including through the use of malware, computer viruses, distributed denial of services attacks, ransomware attacks, credential harvesting, social engineering and other means for obtaining unauthorized access to or disrupting the operation of our networks and systems and those of our suppliers, vendors and other service providers, could have an adverse effect on our business. Cyberattacks against companies, including Verizon, have increased in frequency, scope and potential harm in recent years. Cyber attacks against companies, including Verizon, have increased in frequency, scope and potential harm in recent years. Cyberattacks may be perpetrated by a variety of groups or persons, including nation-state and state-sponsored actors, malicious actors, employees, contractors, or other unrelated third parties. Nation-state and state-sponsored actors can sustain malicious activities for extended periods and deploy significant resources to plan and carry out attacks. For example, in September 2024, we became aware that we were one of several telecommunications companies that were the subject of a cyberattack by a highly sophisticated nation-state actor known as Salt Typhoon. In that case, the threat actor was able to access portions of our network as part of what we determined to be a narrowly focused effort to obtain information about a limited number of individuals primarily involved in government or political activity. While we were able to contain the Salt Typhoon attack, we may be unable to contain or mitigate the impacts of a significant cyberattack in the future.
Cyberattacks may cause equipment failures, loss of information, including sensitive personal information of customers or employees or valuable technical, financial and marketing information. Such attacks may also result in disruptions to our customers’ operations or our own business operations, including our ability to operate our networks and systems, activate customers or take payments. Cyberattacks may occur alone or in conjunction with physical attacks, especially where disruption of service is an objective of the attacker. They may occur alone or in conjunction with physical attacks, especially where disruption of service is an objective of the attacker. Further, the use of AI and machine learning by threat actors may increase the frequency and severity of cyberattacks against us or other companies. The inability to operate or use our networks and systems or those of our suppliers, vendors and other service providers as a result of cyberattacks, even for a limited period of time, may result in significant expenses to Verizon, a loss of current or future customers and/or a loss of market share to our competitors.The inability to operate or use our networks and systems or those of our suppliers, vendors and other service providers as a result of cyber attacks, even for a limited period of time, may result in significant expenses to Verizon and/or a loss of market share to our competitors. The costs associated with a cyberattack on Verizon could include expensive incentives offered to existing customers and business partners
14
to retain their business, increased expenditures on cybersecurity measures and the use of alternate resources, lost revenues from business interruption and the costs of investigations and litigation, including potential damages. Further, certain of Verizon’s businesses, such as those offering security solutions and infrastructure and cloud services to business customers, could be negatively affected if our ability to protect our own networks and systems is called into question as a result of a cyberattack. Further, certain of Verizon’s businesses, such as those offering security solutions and infrastructure and cloud services to business customers, could be negatively affected if 15Table of Contentsour ability to protect our own networks and systems is called into question as a result of a cyber attack. Our presence in the IoT industry, which includes offerings of telematics products and services, could also increase our exposure to potential costs and expenses and reputational harm in the event of cyberattacks impacting these products or services. Any of these occurrences could damage our reputation, adversely impact customer and investor confidence and result in a material adverse effect on Verizon’s results of operation or financial condition.
The development and maintenance of systems to prevent and detect cyberattacks is costly and requires ongoing monitoring and updating to address the increasing prevalence and sophistication of cyberattacks. The development and maintenance of systems to prevent such attacks is costly and requires ongoing monitoring and updating to address their increasing prevalence and sophistication. In addition, due to the sophistication of threat actors, an attack may persist for an extended period of time before it is detected, and it may be difficult and time consuming to ascertain the extent of an attack once detected.
While none of the cyberattacks to which we have been subject to date have been material to Verizon's operations or financial condition, there can be no guarantee that we will not experience a material cyberattack in the future. The actions we take to reduce the risks associated with cyberattacks, including protecting our systems and networks, may be insufficient to repel or mitigate the effects of a cyberattack in the future.
Natural disasters, extreme weather conditions, acts of war, terrorist or other hostile acts could cause damage to our infrastructure and result in significant disruptions to our operations.
Our business operations are subject to interruption by power outages, acts of war, terrorist or other hostile acts, natural disasters or the potential impacts of climate change, including the increasing prevalence and intensity of hurricanes, wildfires, flooding, hail and storms. Such events could cause significant damage to our infrastructure upon which our business operations rely, resulting in degradation or disruption of service to our customers, as well as significant recovery time and expenditures to resume operations. Our system redundancy may be ineffective or inadequate to sustain our operations through all such events. We are implementing, and will continue to implement, measures to protect our infrastructure and operations from the impacts of these events in the future, but these measures and our overall disaster recovery planning may not be sufficient for all eventualities. These events could also damage the infrastructure of the suppliers that provide us with the equipment and services that we need to operate our business and provide products to our customers. These occurrences could result in lost revenues from business interruption, damage to our reputation and reduced profits.
We depend on key suppliers and vendors to provide services and equipment that we need to operate our business.We depend on key suppliers and vendors to provide equipment that we need to operate our business.
We depend on various key suppliers and vendors to provide us, directly or through other suppliers, with equipment and services, such as fiber, switch and network equipment, smartphones and other wireless devices, customer service support and other services that we need in order to operate our business. For example, our smartphone and other device suppliers often rely on one vendor for the manufacture and supply of critical components, such as chipsets, used in their devices, and there are a limited number of companies capable of supplying the network infrastructure equipment on which we depend.
Our suppliers or vendors could fail to provide equipment or service on a timely basis, or fail to meet our performance expectations, for a number of reasons, including, for example, disruption to the global supply chain as a result of geopolitical factors, public health crises, natural disasters or the potential impacts of global climate change. If such failures occur, we may be unable to provide products and services as and when requested by our customers, or we may be unable to continue to maintain or upgrade our networks. Due to the cost and time lag that can be associated with transitioning from one supplier to another, our business could be substantially disrupted if we were required to, or chose to, replace the products or services of one or more major suppliers with products or services from another source, especially if the replacement became necessary on short notice. Any such disruption could increase our costs, decrease our operating efficiencies and have a material adverse effect on our business, results of operations and financial condition.
A significant number of our suppliers and vendors are located or rely on operations outside of the U.S., which carries additional risks and regulatory obligations, including those related to cybersecurity, data privacy and compliance. Certain business practices in foreign countries may not align with U.S. laws and regulations. In addition, international operations increase our exposure to other risks, such as economic and geopolitical instability, fluctuations in exchange rates, and labor-related risks.
The suppliers and vendors on which we rely are and may in the future be subject to litigation with respect to technology on which we depend, including litigation involving claims of patent infringement.The suppliers and vendors on which we rely may also be subject to litigation with respect to technology on which we depend, including litigation involving claims of patent infringement. Such claims are frequently made in the communications industry. We are unable to predict whether our business will be affected by any such litigation. We expect our dependence on key suppliers to continue as we develop and introduce more advanced generations of technology.
15
A significant portion of our workforce is represented by labor unions, and we could incur additional costs or experience work stoppages as a result of the renegotiation of our labor contracts.
As of December 31, 2024, approximately 25% of our workforce is represented by the Communications Workers of America or the International Brotherhood of Electrical Workers. While we have labor contracts in place with these unions, with subsequent negotiations we could incur additional costs and/or experience work stoppages, which could adversely affect our business operations. In addition, while a small percentage of the workforce outside of our traditional wireline operations is represented by unions for bargaining, we cannot predict what impact increased union density in this workforce could have on our operations.
Damage to our reputation or brands could adversely affect our business.
We believe that our reputation and brands significantly contribute to the success of our business and our relationships with our customers, employees and other stakeholders.
Our reputation and brands could be negatively affected by a number of factors, including actual or alleged quality or reliability issues related to our services and products; cybersecurity incidents and data breaches; allegations of legal noncompliance; litigation or regulatory activity; incidents involving unethical behavior or misconduct; material weaknesses in our internal controls over financial reporting; safety, human rights, workplace or labor issues; environmental incidents or impacts; allegations related to the safety of our products, services and equipment; governance issues; our sustainability goals and practices; our actual or perceived position or lack of position on social and other sensitive matters; the conduct of our employees, representatives or partners; activists’ campaigns; negative sentiment about us shared over social media or the press; and other issues, incidents, or statements that, whether based on actual or perceived circumstances, result in adverse publicity. In addition, changes to the content standards of social media platforms could impact our marketing and advertising initiatives on such platforms and increase risks related to our brand.
Damage to our reputation and brands could undermine our customers’ confidence in us and reduce demand for our products and services, which could result in decreased revenue and adversely affect our business and financial results. If our reputation or brands are damaged, it could also attract regulatory scrutiny, increase litigation risks, affect our ability to attract and retain top talent, and reduce investor confidence in us.
Public health crises could materially adversely affect our business, financial condition and results of operations.
We are subject to risks related to public health crises, which have in the past, and may in the future, have an adverse effect on our business, financial condition and operating results. For example, in 2020, the COVID-19 pandemic and resulting policies, initiatives and impacts, along with the related global slowdown in economic activity, resulted in our decreased revenues, increased costs and lower earnings per share. Negative effects of a public health crisis may include, but are not limited to, closure of our retail stores, impacts on customers' use of our networks, products and services and their ability to pay for them, employees' health and safety concerns, limitation of customer-focused field operations, and vendor and supply chain disruptions. In addition, such a crisis could significantly increase the probability or consequences of the risks our business faces in ordinary circumstances, such as risks associated with our supplier and vendor relationships, risks of an economic slowdown, regulatory risks, and the costs and availability of financing.
Regulatory and Legal Risks | ||
Changes in the regulatory framework under which we operate could adversely affect our business prospects or results of operations.
Our domestic operations are subject to regulation by the FCC and other federal, state, and local agencies, and our international operations are regulated by various foreign governments and international bodies. These regulatory regimes frequently restrict or impose conditions on our ability to operate in designated areas and provide specified products or services. We are frequently required to maintain licenses for our operations and conduct our operations in accordance with prescribed standards. We are often involved in regulatory and other governmental proceedings or inquiries related to the application of these requirements. It is impossible to predict with any certainty the outcome of pending federal and state regulatory proceedings relating to our operations, or the reviews by federal or state courts of regulatory rulings. Without relief, existing laws and regulations may inhibit our ability to expand our business and introduce new products and services. Similarly, we cannot guarantee that we will be successful in obtaining the licenses needed to carry out our business plan or in maintaining our existing licenses. For example, the FCC grants wireless licenses for terms generally lasting 10 years, subject to renewal. The loss of, or a material limitation on, certain of our licenses could have a material adverse effect on our business, results of operations and financial condition.
New laws or regulations or changes to the existing regulatory framework at the federal, state, and local, or international level, such as those described below, those that incentivize business models or technologies different from ours or requirements limiting our ability to continue or discontinue service to customers could restrict the ways in which we manage our wireline and wireless networks and operate our businesses, impose additional costs, diminish revenue opportunities, and potentially impede our ability to provide services in a manner that would be attractive to us and our customers.
16
•Privacy and data protection – We are subject to local, state, federal and international laws and regulations related to privacy and data protection. In particular, the California Consumer Privacy Act, Europe's General Data Protection Regulation and a number of other privacy laws more recently adopted by other states and countries include significant penalties for non-compliance. In particular, the California Consumer Privacy Act, Europe's General Data Protection Regulation and a number of other privacy laws recently adopted by other states and countries include significant penalties for non-compliance. Generally, attention to privacy and data security requirements is increasing at all levels of government globally, and privacy-related legislation has been introduced or is under consideration in many locations. These regulations could have a significant impact on our businesses.
•Regulation of broadband internet access services – Verizon offers many different broadband services. In early January 2025, based on litigation filed by the broadband industry, a federal appeals court overturned the FCC's April 2024 final decision to regulate broadband services via utility-style common carriage regulation under Title II of the Communications Act. Absent further action in the courts, this decision will remain in effect and limit the risk of burdensome FCC broadband regulation. In addition to federal activity, several states have adopted or are considering adopting laws or executive orders that would impose net neutrality and other requirements on some of our broadband services, including a law in New York that requires discounted broadband pricing for low income customers. Some states may also impose pricing or other rules related to broadband built with the assistance of federal or state funding. The FCC also adopted broad rules related to "digital discrimination" that could further increase regulatory oversight of broadband services; industry groups have appealed those rules in court.
•"Open access" – We hold certain wireless licenses that require us to comply with so-called "open access" FCC regulations, which generally require licensees of particular spectrum to allow customers to use devices and applications of their choice. Moreover, certain services could be subject to conflicting regulation by the FCC and/or various state and local authorities, which could significantly increase the cost of implementing and introducing new services.
•Climate-related regulation and policy – Due to the nature of our operations, we have been, and expect to continue to be impacted by regulatory developments related to climate change, including, for example, the direct regulation of greenhouse gas emissions or carbon policies that could result in a tax on such emissions. In addition, policy-driven changes in the prices of fuel or energy in geographies in which we operate could make it more expensive for us to purchase energy to power our networks and data centers, and any increase in taxes on fuel could increase our costs associated with operating those vehicles in our fleet that are dependent on traditional fuels.
These developments and the further regulation of broadband, wireless, and our other activities and any related court decisions could result in significant increases in costs for us or restrict our ability to compete in the marketplace and limit the return we can expect to achieve on past and future investments in our networks.
Our business may be impacted by changes in tax laws and regulations, or their interpretations, and challenges to our tax positions.
Tax laws and regulations are complex, dynamic, and subject to change and varying interpretations, especially when evaluated against new technologies and telecommunications services. In addition, tax legislation has been introduced or is being considered in various jurisdictions that could significantly impact our tax rate, tax liabilities, and the carrying value of deferred tax assets or deferred tax liabilities. Any of these changes could materially impact our financial performance and our tax provision, net income and cash flows.
We are also subject to ongoing audits, examinations and other tax controversies in various jurisdictions. Although we regularly assess the likelihood of an adverse outcome resulting from these controversies to determine the adequacy of provisions for taxes, the final outcome of any such controversy may be materially different from our expectations. In the event that we have not accurately or fully described, disclosed or determined, calculated or remitted amounts that were due to taxing authorities or if the ultimate determination of our taxes owed is for an amount in excess of amounts previously accrued, we could be subject to additional taxes, penalties and interest, which could materially impact our business, financial condition and operating results.
We are subject to a substantial amount of litigation, which could require us to pay significant damages or settlements.
We are subject to a substantial amount of litigation and claims in arbitration, including, but not limited to, shareholder lawsuits, patent and copyright infringement lawsuits, wage and hour class actions, contract and commercial claims, personal injury claims, property claims, environmental claims, and lawsuits relating to our advertising, sales, billing and collection practices.We are subject to a substantial amount of litigation and claims in arbitration, including, but not limited to, shareholder derivative suits, patent infringement lawsuits, wage and hour class actions, contract and commercial claims, personal injury claims, property claims, environmental claims, and lawsuits relating to our advertising, sales, billing and collection practices. We may incur significant expenses in defending these lawsuits. In addition, we may be required to pay significant awards of damages or settlements. In addition, we may be required to pay significant awards or settlements. We also could be subject to court-ordered injunctions and other remedies that could negatively impact our business operations. Our wireless business is also subject to lawsuits relating to alleged adverse health effects of wireless phones and radio frequency transmitters. Any of these allegations or changes in government agencies’ assessment of the risks associated with using wireless devices could result in significant legal and regulatory liability and other remedies, and could have a material adverse effect on our business, financial condition and operating results.
17
Allegations related to lead sheathed copper cables in our copper network infrastructure could expose us to regulatory scrutiny, litigation, penalties, removal and compliance costs, operational impact or reputational damage.
There have been media reports alleging that certain lead sheathed copper cables that are part of our copper-based network infrastructure may present health or environmental risks in areas where those facilities are deployed. These allegations have resulted in government investigations, regulatory inquiries and litigation, and could further result in legislative or regulatory actions, penalties and other liability, remediation and compliance costs or negative operational impacts. Additional legal proceedings and other contingencies may arise in the future. Our insurance policies may not cover or may not be sufficient to fully cover the costs of these claims. Accordingly, we may incur substantial expenses as a result of these allegations, which cannot be reasonably estimated at this time but could be material.
In addition, negative assertions about the health or environmental impact of our lead sheathed cables may harm our reputation, which could adversely affect our business and our relationship with various stakeholders, even if such allegations ultimately prove to be inaccurate.
Financial Risks | ||
Verizon has significant debt, which could increase further if we incur additional debt in the future and do not retire existing debt.
As of December 31, 2024, Verizon had approximately $117.9 billion of outstanding unsecured indebtedness, $12.0 billion of unused borrowing capacity under our existing revolving credit facility and $26.1 billion of outstanding secured indebtedness. Our debt level and related debt service obligations could have negative consequences, including:
•requiring us to dedicate significant cash flow from operations to the payment of principal, interest and other amounts payable on our debt, which would reduce the funds we have available for other purposes, such as working capital, capital expenditures, dividend payments and acquisitions;
•making it more difficult or expensive for us to obtain any necessary future financing for working capital, capital expenditures, debt service requirements, debt refinancing, acquisitions or other purposes and limiting our ability to repurchase common stock;
•reducing our flexibility in planning for or reacting to changes in our industries and market conditions;
•making us more vulnerable in the event of a downturn in our business; and
•exposing us to increased interest rate risk to the extent that (i) our debt obligations are subject to variable interest rates or (ii) we need to refinance existing debt that bears interest at a rate lower than current market rates.
Our initiatives aimed at reducing our indebtedness and achieving any target leverage ratio may be unsuccessful due to macroeconomic, business and other factors.
Adverse changes in the financial markets and other factors could increase our borrowing costs and reduce the availability of financing.
We require a significant amount of capital to operate and grow our business. We fund our capital needs in part through borrowings in the public and private credit markets. Adverse changes in the financial markets, including increases in interest rates or changes in exchange rates, could increase our cost of borrowing, require us to post a significant amount of collateral, and/or make it more difficult for us to obtain financing for our operations or refinance existing indebtedness. In addition, our ability to obtain funding under asset-backed debt transactions is subject to our ability to continue to originate a sufficient amount of assets eligible to be securitized. Our borrowing costs also can be affected by short- and long-term debt ratings assigned by independent rating agencies, which are based, in significant part, on our performance as measured by customary credit metrics. A decrease in these ratings would likely increase our cost of borrowing and/or make it more difficult for us to obtain financing. A severe disruption in the global financial markets could impact some of the financial institutions with which we do business, and such instability could also affect our access to financing.
Increases in costs for pension benefits and active and retiree healthcare benefits may reduce our profitability and increase our funding commitments.
With approximately 99,600 employees and approximately 179,700 retirees as of December 31, 2024 eligible to participate in Verizon’s benefit plans, the costs of pension benefits and active and retiree healthcare benefits have a significant impact on our profitability. Our costs of maintaining these plans, and the future funding requirements for these plans, are affected by several factors, including increases in healthcare costs, decreases in investment returns on funds held by our pension and other benefit plan trusts and changes in the discount rate and mortality assumptions used to calculate pension and other postretirement
18
expenses. If we are unable to limit future increases in the costs of our benefit plans, those costs could reduce our profitability and increase our funding commitments.
We are subject to risks associated with mergers, acquisitions, divestitures and other strategic transactions.
From time to time, we pursue mergers, acquisitions, joint ventures, assets transfers and other strategic transactions that we believe may expand our business or are consistent with our strategy. We may also occasionally divest assets and businesses. Any such transaction entails certain risks and could present financial, managerial and operational challenges. If we are unable to consummate planned strategic transactions and successfully integrate acquired businesses into our existing operations, or if we are not able to achieve cost savings, synergies and other anticipated benefits of any such transaction, our business could be negatively affected. Divestitures may result in asset impairment and disposition charges, and loss of income from divested assets and businesses, or require continued financial involvement in the divested business for a period following the transaction, including through indemnification arrangements. In addition, strategic transactions may involve significant expenses, require additional financing or expose us to liabilities not discovered in the due diligence process or as a result of transaction-related litigation. These and other risks related to our mergers, acquisitions, divestitures and other strategic transactions, including our pending acquisition of Frontier, may have an adverse effect on our business, financial condition, and operating results.
| Item 1B. Unresolved Staff Comments | ||
None.
| Item 1C.Item 1A. Cybersecurity | ||
Cybersecurity Program
Verizon’s comprehensive cybersecurity program is designed to identify and protect against cybersecurity risks and to position Verizon to rapidly detect, respond to, and recover from cybersecurity incidents that impact our company. The program is built on the following pillars:
•NIST Cybersecurity Framework - Our program is aligned to the National Institute of Standards and Technology’s (NIST) Cybersecurity Framework, which outlines the core components and responsibilities necessary to sustain a healthy and well-balanced cybersecurity program.
•Risk identification - We continually assess the cybersecurity threat and vulnerability landscape using various commercial, government and publicly available information sources.
•Risk detection - We use both manual and automated detection methods on a scheduled and ad-hoc basis to identify vulnerabilities within, and threats to, our operations and network infrastructure.
•Risk evaluation - Once a cybersecurity vulnerability is detected, we assign a threat severity classification based on the risk profile associated with the vulnerability.
•Remediation - Verizon’s information security team reports all cybersecurity vulnerabilities and their associated threat classification to the appropriate business team for remediation. Deadlines for remediation are set based on the severity of the threat and closely tracked in a central system of record. In the instances when a remediation deadline cannot be met, the information security team and the business team work together to deploy appropriate mitigating or compensating controls until the remediation work is complete.
•Metrics and analysis - We track the performance of our cybersecurity program by collecting, retaining and analyzing a broad range of data related to our threat identification, detection and response activity. We use this data to assess threat trends, for strategic planning purposes and to enhance management accountability for cybersecurity.
Our processes for assessing, identifying, and managing cybersecurity risks include tabletop exercises to test and reinforce our incident response controls, control gap analyses, penetration tests, data recovery testing, internal and external security assessments, and threat intelligence monitoring. We also conduct annual cybersecurity and data privacy training, which is mandatory for all our full- and part-time employees.
In addition to our in-house cybersecurity capabilities, we also engage assessors, consultants and other third parties to assist with various cybersecurity matters. For example, Verizon validates enterprise cybersecurity maturity every two years through a third-party maturity assessment. This assessment measures Verizon’s ability to identify, prevent, detect, respond to, and recover from threats to systems, assets and data. The results of the assessment serve as the baseline for enterprise cybersecurity across the company. In addition to this baseline, certain subsets of our technology environment are subject to incremental cybersecurity certification and periodic third party validation under applicable regulatory or contractual requirements.
19
Verizon has a comprehensive enterprise cybersecurity incident response plan, which is activated in the event of a cybersecurity incident. The plan is a detailed playbook that specifies how Verizon classifies, responds to, and recovers from cybersecurity incidents and includes notification procedures that vary depending on the significance of the incident. When warranted by the severity of the incident, our Chief Executive Officer (CEO) and other senior executives are part of the notification chain.
Verizon’s Senior Vice President and Chief Information Security Officer (CISO) has responsibility for the management of cybersecurity risks at Verizon. The CISO and her team are responsible for Verizon’s information security strategy, policy, standards, architecture and processes.
The CISO brings nearly two decades of cybersecurity experience to her work at Verizon. Prior to joining Verizon, she held executive-level cybersecurity roles at other large public companies, where she was responsible for cybersecurity strategy and operations, including incident response, threat intelligence, security services, architecture, commercial operational technology security, and regulatory and compliance matters.
Verizon effectuates cybersecurity management by providing for close cooperation among the CISO’s team and other teams within the company, as well as by integrating cybersecurity risk into Verizon’s overall enterprise risk management structures and processes. Each of our business units and certain functional groups have a Business Information Security Officer, who is an integral member of that unit or group, but reports to the CISO. This structure provides the CISO with line of sight across the enterprise. The CISO and members of her leadership team also meet regularly with business unit senior leaders, including the CEO, the Chief Financial Officer (CFO) and the Chief Human Resources Officer, to discuss business priorities, emerging threats and trends, and the performance of the cybersecurity program.
The Verizon Executive Security Council (VESC) oversees and evaluates the work of the CISO and their team. The VESC is jointly chaired by the head of Verizon Global Services and the President of Global Networks and Technology and includes Verizon’s Chief Compliance Officer, Chief Legal Officer, Senior Vice President of Internal Audit and senior executives in business and technology functions. The VESC provides oversight of all aspects of Verizon’s cybersecurity program and, at regular intervals throughout the year, evaluates key cybersecurity metrics as well as planned and ongoing initiatives to reduce cybersecurity risks.
Verizon’s Management Audit Committee (VMAC), which includes our CFO, Senior Vice President of Internal Audit and other senior executives, is responsible for overseeing components of our overall risk management strategy. The VMAC receives quarterly updates from the CISO on Verizon’s cybersecurity program.
Verizon also operates a robust internal audit program. Each year, Verizon’s internal audit team conducts an overall business risk assessment, which includes an evaluation of cybersecurity risks. The results of the assessment are presented to the leaders of the relevant business teams, who are responsible for prioritizing and addressing the risks identified.
Board Oversight of Cybersecurity Risk
As part of the Board’s oversight of risks from cybersecurity threats, the CISO leads an annual review and discussion with the full Board dedicated to Verizon’s cybersecurity risks, threats and protections. The CISO provides a mid-year update to this annual review to the Audit Committee and, as warranted, additional updates throughout the year. The Audit Committee also receives a report from senior management on Verizon’s cybersecurity posture and related matters at each of its other meetings during the year at which the CISO is not present.
Third Party Risk Management
Risks from Cybersecurity Threats
20
Recently Filed
Click on a ticker to see risk factors
| Ticker * | File Date |
|---|---|
| SAFX | 1 day, 4 hours ago |
| RVRC | 1 day, 4 hours ago |
| AIRS | 1 day, 4 hours ago |
| CYCU | 1 day, 4 hours ago |
| CBDY | 1 day, 4 hours ago |
| GEMI | 1 day, 4 hours ago |
| SOLC | 1 day, 4 hours ago |
| ZVSA | 1 day, 4 hours ago |
| LCGMF | 1 day, 4 hours ago |
| TRNR | 1 day, 4 hours ago |
| SLSN | 1 day, 4 hours ago |
| LTUM | 1 day, 4 hours ago |
| SVAQ | 1 day, 4 hours ago |
| INKT | 1 day, 4 hours ago |
| GNLN | 1 day, 4 hours ago |
| NCNO | 1 day, 4 hours ago |
| CEPS | 1 day, 4 hours ago |
| STSS | 1 day, 4 hours ago |
| BDCO | 1 day, 4 hours ago |
| SKAS | 1 day, 4 hours ago |
| TE | 1 day, 4 hours ago |
| JWSMF | 1 day, 4 hours ago |
| AQMS | 1 day, 4 hours ago |
| FCCI | 1 day, 4 hours ago |
| INIS | 1 day, 4 hours ago |
| DUOT | 1 day, 4 hours ago |
| GOCO | 1 day, 4 hours ago |
| PED | 1 day, 4 hours ago |
| BLNK | 1 day, 4 hours ago |
| HTCR | 1 day, 4 hours ago |
| SRG | 1 day, 4 hours ago |
| ADTX | 1 day, 4 hours ago |
| ALTI | 1 day, 4 hours ago |
| SVIX | 1 day, 4 hours ago |
| PLAY | 1 day, 4 hours ago |
| TCRT | 1 day, 4 hours ago |
| ACRG | 1 day, 4 hours ago |
| BNZI | 1 day, 4 hours ago |
| TOGI | 1 day, 4 hours ago |
| RPMT | 1 day, 4 hours ago |
| SKVI | 1 day, 4 hours ago |
| ISRLF | 1 day, 4 hours ago |
| SCWO | 1 day, 4 hours ago |
| CRAQ | 1 day, 4 hours ago |
| BITF | 1 day, 4 hours ago |
| UAVS | 1 day, 4 hours ago |
| CNTA | 1 day, 4 hours ago |
| DSS | 1 day, 4 hours ago |
| FCAP | 1 day, 4 hours ago |
| AMOD | 1 day, 4 hours ago |
