Risk Factors Dashboard
Once a year, publicly traded companies issue a comprehensive report of their business, called a 10-K. A component mandated in the 10-K is the ‘Risk Factors’ section, where companies disclose any major potential risks that they may face. This dashboard highlights all major changes and additions in new 10K reports, allowing investors to quickly identify new potential risks and opportunities.
View risk factors by ticker
Search filings by term
Risk Factors - WDC
-New additions in green
-Changes in blue
-Hover to see similar sentence in last filing
Item 1A. Risk Factors
We have in the past experienced cybersecurity incidents of varying degrees involving our technology infrastructure and information systems, including incidents in which unauthorized parties have obtained access to our information systems and networks. While these incidents have at times resulted in some disruptions to our business operations, as of the date of this Annual Report on Form 10-K, we do not believe that known risks from cybersecurity threats, including as a result of any previous cybersecurity incident, have materially affected or are reasonably likely to materially affect us, including our business strategy, results of operations or financial condition. However, we can give no assurance that we have detected or protected against all such cybersecurity incidents or threats or that we will not experience such an incident in the future. Further details about the cybersecurity risks we face are described under “The compromise, damage or interruption of our technology infrastructure, information systems or products by cybersecurity incidents, data security breaches, other security problems, design defects, information system failures or other events could have a material negative impact on our business” in Part I, Item 1A, Risk Factors, of this Annual Report on Form 10-K.
Our management team is charged with managing cybersecurity risk and identifying material cybersecurity risk exposures to our company and carries out this function primarily through our Information Security organization, which is led by our Chief Information Security Officer who has a master’s degree in computer science, over a decade of information security leadership, and thirty years of combined IT leadership experience. Additionally, our Cyber Incident Response Plan discussed above calls for the establishment of a management Impact Assessment Committee, which consists of key leadership representatives from the organization and is convened on an ad hoc basis to assess the detailed business impact of a cybersecurity incident. The Impact Assessment Committee is led by our Chief Information Security Officer and includes key representatives from the Company’s functional groups, including human resources, ethics and compliance, labor, privacy, internal audit, finance, communications, legal, risk and accounting. The Impact Assessment Committee receives updates and communications from the Security Operations Center on a fixed cadence determined by incident severity and follows our pre-established escalation framework provided by our Security Incident Response Plan to communicate with and include executive leadership, outside counsel and our Board of Directors, as appropriate. The Impact Assessment Committee receives updates and communications from the Security Operations Center on a fixed cadence determined by incident severity and follows our pre-established escalation framework to communicate with and include executive leadership, outside counsel and the Board of Directors, as appropriate. The Impact Assessment Committee works with our internal and external legal counsel to determine and facilitate appropriate communications with our Board of Directors. The Impact Assessment Committee works with the Company’s internal and external legal counsel to determine and facilitate appropriate communications with the Board of Directors.
Our Board of Directors is responsible for overseeing the cybersecurity risk management process and exercises this risk oversight through both our full Board of Directors and its Audit Committee. Our Board of Directors has delegated to our Audit Committee the responsibility to oversee risks related to cybersecurity threats, and our Audit Committee Charter requires our Audit Committee to review and discuss with management the Company’s policies with respect to risk assessment and enterprise risk management and to review the risk exposure of the Company related to the Committee’s areas of responsibility, including with respect to cybersecurity. In carrying out this role, our Audit Committee meets with our Chief Information Security Officer regularly and receives at least quarterly reports on cybersecurity matters. In carrying out this role, the Audit Committee meets with our Chief Information Security Officer regularly and receives at least quarterly reports on cybersecurity matters.
Our business can be affected by a number of risks and uncertainties, any of which could cause material harm to our actual operating results and financial condition. The risks discussed below are not the only ones facing our business but represent risks that we believe are material to us. Additional risks not presently known to us or that we currently deem immaterial may also negatively affect our business.
OPERATIONAL RISKS
Adverse global or regional conditions could harm our business.
A large portion of our revenue is derived from our international operations, and many of our products and components are produced overseas. As a result, our business depends significantly on global and regional conditions. Adverse changes in global or regional economic and social conditions, including, but not limited to, volatility in the financial markets, reduced access to credit, recession, inflation, rising interest rates, trade wars or changes to tariffs, slower growth in certain geographic regions, political uncertainty, geopolitical tensions or conflicts, terrorism, other macroeconomic factors and new or changed regulations, could significantly harm demand for our products, increase credit and collectability risks, result in revenue reductions, reduce profitability as a result of underutilization of our assets, cause us to change our business practices, increase manufacturing and operating costs or result in impairment charges or other expenses. Adverse changes in global or regional economic and social conditions, including, but not limited to, volatility in the financial markets, reduced access to credit, recession, inflation, rising interest rates, slower growth in certain geographic regions, political uncertainty, geopolitical tensions or conflicts, terrorism, other macroeconomic factors and new or changed regulations, could significantly harm demand for our products, increase credit and collectability risks, result in revenue reductions, reduce profitability as a result of underutilization of our assets, cause us to change our business practices, increase manufacturing and operating costs or result in impairment charges or other expenses.
Our revenue growth is significantly dependent on the growth of international markets, and we may face challenges in international sales markets. We are also subject to risks that could harm our business associated with our global manufacturing operations, global sales efforts and our utilization of contract manufacturers, including: the need to obtain governmental approvals and compliance with evolving foreign regulations; the need to comply with regulations on international business, including the Foreign Corrupt Practices Act, the United Kingdom Bribery Act 2010, the anti-bribery laws of other countries and rules regarding conflict minerals; the effects of political and economic instability; exchange, currency and tax controls and reallocations; the ongoing development and applicability of global and local tax systems; weaker protection of IP rights; policies and financial incentives by governments in China, the United States, and countries in Europe and Asia designed to reduce dependence on foreign manufacturing capabilities; trade restrictions, such as export controls, export bans, import restrictions, embargoes, sanctions, license and certification requirements (including encryption and other technology), trade wars, tariffs and complex customs regulations; difficulties in managing international operations, including appropriate internal controls; and fluctuations in financial markets and interruptions to supply chains from public health crises. We are also subject to risks that could harm our business associated with our global manufacturing operations, global sales efforts and our utilization of contract manufacturers, including: the need to obtain governmental approvals and compliance with evolving foreign regulations; the need to comply with regulations on international business, including the Foreign Corrupt Practices Act, the United Kingdom Bribery Act 2010, the anti-bribery laws of other countries and rules regarding conflict minerals; exchange, currency and tax controls and reallocations; weaker protection of IP rights; policies and financial incentives by governments in China, the United States, and countries in Europe and Asia designed to reduce dependence on foreign semiconductor manufacturing capabilities; trade restrictions, such as export controls, export bans, import restrictions, embargoes, sanctions, license and certification requirements (including semiconductor, encryption and other technology), tariffs and complex customs regulations; and difficulties in managing international operations, including appropriate internal controls.
Changes in U.S. trade policy and the impact of tariffs and retaliatory actions may have a material adverse effect on our business and results of operations.
Our business, financial condition and results of operations may be adversely affected by uncertainty and changes in U.S. trade policies, including tariffs, trade agreements or other trade restrictions imposed by the United States or other governments. For example, the United States has announced changes to its trade policies, including increasing tariffs on imports, in some cases significantly. These actions have caused substantial uncertainty and have also resulted in retaliatory measures on U.S. goods and exports to the United States.
Any imposition of or increase in tariffs may increase the cost of importing our products or the costs for materials or components used in our products, which would increase our costs unless we are able to implement actions to offset these costs, such as leveraging tariff exemptions where possible, optimizing our supply chain, sourcing from alternative suppliers, or passing the costs to our customers through tariff surcharges or increased prices. There can be no assurance that we will be able to successfully offset or mitigate any resulting increase in our costs. If we are unable to pass on any cost increases or if supply and demand conditions will not support price increases for our products, our revenue and gross margin would be negatively impacted. In addition, retaliatory actions by other countries in response to U.S. trade policy could increase prices for our products, negatively affect demand for our products or restrict our ability to manufacture our products.
Tariffs or other trade restrictions may also lead to increased costs for our customers, declining consumer confidence, significant inflation and diminished expectations for the economy, as well as ultimately reduced demand for our products. Such conditions could have a material adverse impact on our business, results of operations and cash flows. In addition, tariff actions by the United States and retaliatory actions by other countries have caused, and may in the future cause, significant disruption and volatility in the financial markets, which could adversely affect the availability, terms and cost of capital, including to refinance our existing debt, and which in turn could reduce our cash flows and harm our business.
10
Changes in tariffs and trade restrictions can be announced with little or no advance notice. The adoption and expansion of tariffs or other trade restrictions, increasing trade tensions and retaliatory actions, or other changes in governmental policies related to tariffs, trade agreements or trade policies are difficult to predict, which makes risks difficult to anticipate and mitigate. If we are unable to navigate further changes in U.S. or international trade policy, it could have a material adverse impact on our business, financial condition and results of operations.
We are dependent on a limited number of qualified suppliers who provide critical services, materials or components, and a disruption in our supply chain could negatively affect our business.
We depend on an external supply base for technologies, software (including firmware), preamps, controllers, dynamic random-access memory, components, equipment and materials for use in our product design and manufacturing. We also depend on suppliers for a portion of our wafer testing, chip assembly, product assembly and product testing, and on service suppliers for providing technical support for our products. In addition, we use logistics partners to manage our worldwide just-in-time hubs and distribution centers and to meet our freight needs. Many of the components and much of the equipment we acquire must be specifically designed for use in our products or for developing and manufacturing our products and are only available from a limited number of suppliers, some of whom are our sole-source suppliers. We therefore depend on these suppliers to meet our business needs, including dedicating adequate engineering resources to develop components that can be successfully integrated into our products.
Our suppliers have in the past been, and may in the future be, unable or unwilling to meet our requirements, including as a result of events outside of their control such as trade restrictions (including tariffs, quotas and embargoes), geopolitical conflicts, terrorism, public health crises or natural disasters. If we are unable to purchase sufficient quantities from our current suppliers or qualify and engage additional suppliers, or if we cannot purchase materials at a reasonable price, we may not be able to meet demand for our products. Trade restrictions (including tariffs, quotas and embargoes), demand from other high-volume industries for materials or components used in our products, disruptions in supplier relationships or shortages in other components and materials used in our customers’ products could result in increased costs to us or decreased demand for our products, which could negatively impact our business. Delays, shortages or cost increases experienced by our suppliers in developing or sourcing materials and components for use in our products or incompatibility or quality issues relating to our products, could also harm our business.
We do not have long-term contracts with some of our existing suppliers, and we do not always have guaranteed manufacturing capacity with our suppliers, so we cannot guarantee that they will devote sufficient resources or capacity to manufacturing our products. Any significant problems that occur at our suppliers could lead to product shortages or quality assurance problems. When we do have contractual commitments with suppliers in an effort to stabilize the supply of our components, those commitments may require us to buy a substantial number of components or make significant cash advances to the supplier and may not result in a satisfactory supply of our components. We have cancelled or deferred, and may continue to cancel or defer, outstanding purchase commitments with certain suppliers due to changes in actual and forecasted demand, which has resulted, and may continue to result in, fees, penalties and other associated charges. Such cancellations or deferments can also negatively impact our relationships with certain suppliers or lead to a decline in the financial performance of certain suppliers, each of which could result in even more limited availability of components needed for our products.
In addition, our supply base has experienced industry consolidation. Our suppliers may be acquired by our competitors, decide to exit the industry or redirect their investments or increase costs to us. In addition, some of our suppliers have experienced a decline in financial performance, including as a result of cancelled or deferred purchase commitments. Where we rely on a limited number of suppliers or a single supplier, the risk of supplier loss due to industry consolidation or a decline in financial performance is increased. Some of our suppliers may also be competitors in other areas of our business, which could lead to difficulties in price negotiations or meeting our supply requirements.
Our operations, and those of certain of our suppliers and customers, are subject to substantial risk of damage or disruption.
We conduct our operations at large, high-volume, purpose-built facilities in California and throughout Asia. The facilities of many of our customers, our suppliers and our customers’ suppliers are also concentrated in certain geographic locations throughout Asia and elsewhere. If a fire, flood, earthquake, tsunami or other natural disaster, condition or event such as a power outage, contamination event, terrorist attack, cybersecurity incident, physical security breach, political instability, civil unrest, localized labor unrest or other employment issues or a health epidemic or pandemic negatively affects any of these facilities, it would significantly affect our ability to manufacture or sell our products and source components and would harm our business. If a fire (including a climate change-related fire), flood, earthquake, tsunami or other natural disaster, condition or event such as a power outage, contamination event, terrorist attack, cybersecurity incident, physical security breach, political instability, civil unrest, localized labor unrest or other employment issues or a health epidemic negatively affects any of these facilities, it would significantly affect our ability to manufacture or sell our products and source components and would harm our business. Possible impacts include work and equipment stoppages and damage to or closure of our facilities, or those of our suppliers or
11
customers, for an indefinite period of time. Climate change has in the past and is expected to continue to increase the incidence and severity of certain natural disasters, including wildfires, floods and other adverse weather events. In addition, the geographic concentration of our manufacturing sites could exacerbate the negative impacts resulting from any of these problems.
We may incur losses beyond the limits of, or outside the scope of, the coverage of our insurance policies. There can be no assurance that in the future we will be able to maintain existing insurance coverage or that premiums will not increase substantially. Due to market availability, pricing or other reasons, we may elect not to purchase insurance coverage or to purchase only limited coverage. We maintain limited insurance coverage and, in some cases, no coverage at all, for natural disasters and damage to our facilities, as these types of insurance are sometimes not available or available only at a prohibitive cost. Climate change may reduce the availability or increase the cost of certain types of insurance by contributing to an increase in the incidence and severity of certain natural disasters.
The loss of our key management, staff and skilled employees or the inability to hire and develop new employees could negatively impact our business prospects.
Our success depends upon the continued contributions of our talent. Changes in our key management team have resulted in and may in the future result in loss of continuity, loss of accumulated knowledge, departure of other key employees, disruptions to our operations and inefficiency during transitional periods. Changes in our key management team may result in loss of continuity, loss of accumulated knowledge, departure of other key employees, disruptions to our operations and inefficiency during transitional periods. Global competition for skilled employees in the technology industry is intense, and our business success is increasingly dependent on our ability to attract, develop and retain top talent, implement succession plans for key management and staff and replace aging skilled employees. Changes in immigration policies may also impair our ability to recruit and hire technical and professional talent.
Our ability to hire and retain employees also depends on our ability to build and maintain an inclusive workplace culture, provide opportunities for career development and fund competitive compensation and benefits, each of which contribute to being viewed as an employer of choice. Additionally, because a substantial portion of our key employees’ compensation is linked to the performance of our business, we may be at a competitive disadvantage for hiring and retaining talent when our operating results are negatively impacted. If we are unable to hire and retain key talent, our operating results would likely be harmed.
The compromise, damage or interruption of our technology infrastructure, information systems or products by cybersecurity incidents, data security breaches, other security problems, design defects, information system failures or other events could have a material negative impact on our business.
We experience cybersecurity incidents of varying degrees on our technology infrastructure and information systems and, as a result, unauthorized parties have obtained in the past, and may obtain in the future, access to our computer systems and networks, including cloud-based platforms. These incidents have in the past caused, and may in the future cause, disruption to parts of our business operations and result in various investigation, recovery and remediation expenses. In addition, the technology infrastructure and information systems of some of our suppliers, vendors, service providers, cloud solution providers and partners have in the past experienced, and may in the future experience, such incidents. Cybersecurity incidents can be caused by ransomware, computer denial-of-service attacks, worms and other malicious software programs or other attacks, including the covert introduction of malware to computers and networks, and the use of techniques or processes that change frequently, may be disguised or difficult to detect, or are designed to remain dormant until a triggering event, and may continue undetected for an extended period of time. Cybersecurity incidents have in the past resulted from, and may in the future result from, social engineering or impersonation of authorized users, and may also result from efforts to discover and exploit any design flaws, bugs, security vulnerabilities or security weaknesses, intentional or unintentional acts by employees or other insiders with access privileges, intentional acts of vandalism or fraud by third parties and sabotage. In some instances, efforts to correct vulnerabilities or prevent incidents have in the past, and may in the future, reduce the functionality or performance of our information systems and networks, which could negatively impact our business. We believe malicious cybersecurity acts are increasing in number and that cybersecurity threat actors are increasingly organized and well-financed or supported by state actors and are developing increasingly sophisticated systems and means to not only infiltrate information systems, but also to evade detection or to obscure their activities. Additionally, as AI capabilities continue to evolve and become more readily available, we may face increasingly sophisticated cyberattacks that leverage AI technologies. These may include highly convincing phishing or social engineering attacks that use AI-generated deepfakes, the exploitation of vulnerabilities in electronic identity validation security programs via AI-replicated images or voices, or the inadvertent incorporation of malicious or hallucinated content generated by AI tools into our systems or those of our customers or partners. Separately, the AI technologies that we employ for business purposes may be vulnerable to prompt-injection or other
12
adversarial attacks, which could result in unauthorized access to or leakage of sensitive information. Geopolitical tensions or conflicts may also create heightened risk of cybersecurity incidents. Geopolitical tensions or conflicts may create heightened risk of cybersecurity incidents.
Our products are also targets for malicious cybersecurity acts, including those products utilized in cloud-based environments as well as our cloud service offerings. Our cloud services have in the past and may in the future be taken offline as a result of or in order to prevent or mitigate cybersecurity incidents. While some of our products contain encryption or security algorithms to protect third-party content or user-generated data stored on our products, these products could still be hacked or the encryption schemes could be compromised, breached or circumvented by motivated and sophisticated attackers, which could harm our business by exposing us to litigation and indemnification claims and hurting our reputation.
When efforts to breach our infrastructure, information systems or products are successful or we are unable to protect against such attacks, we have in the past suffered, and could in the future suffer, interruptions, delays or cessation of operations of our information systems, and loss or misuse of proprietary or confidential information, IP, or sensitive or personal information. We may also experience disruptions or outages of our information systems due to internal or third-party mistakes or technical errors, including due to software updates, which could disrupt our business operations. Compromises of our infrastructure, information systems or products could also cause our customers and other affected third parties to suffer loss or misuse of proprietary or confidential information, IP, or sensitive or personal information and could harm our relationships with customers and other third parties and subject us to liability. As a result of actual or perceived cybersecurity incidents or other information system disruptions, we have in the past experienced and may in the future experience additional costs, notification requirements, civil and administrative fines and penalties, indemnification claims, litigation or damage to our brand and reputation. All of these consequences could harm our reputation and our business and materially and negatively impact our operating results and financial condition.
We are subject to risks related to product defects, which could result in product recalls or epidemic failures and could subject us to warranty, litigation or indemnification claims that exceed our expectations or estimates.
We warrant the majority of our products for periods of one to five years. We test our products in our manufacturing facilities through a variety of means. However, our testing may fail to reveal defects in our products that may not become apparent until after the products have been sold into the market. In addition, our products may be used in a manner that is not intended or anticipated by us, resulting in potential liability. Accordingly, there is a risk that product defects will occur, including as a result of third-party components or applications that we incorporate in our products, which could require a product recall. Product recalls can be expensive to implement. As part of a product recall, we may be required or choose to replace the defective product. Moreover, there is a risk that product defects may trigger an epidemic failure clause in a customer agreement. If an epidemic failure occurs, we may be required to replace or refund the value of the defective product and to cover certain other costs associated with the consequences of the epidemic failure. In addition, product defects, product recalls or epidemic failures may cause damage to our reputation or customer relationships, lost revenue, indemnification for a recall of our customers’ products, warranty claims, litigation or loss of market share with our customers, including our OEM and original design manufacturer (“ODM”) customers. Our business liability insurance may be inadequate, or future coverage may be unavailable on acceptable terms, which could negatively impact our operating results and financial condition.
Our standard warranties contain limits on damages and exclusions of liability for consequential damages and for misuse, improper installation, alteration, accident or mishandling while in the possession of someone other than us. We record an accrual for estimated warranty costs at the time revenue is recognized. We may incur additional expenses if our warranty provisions do not reflect the actual cost of resolving issues related to defects in our products, whether as a result of a product recall, epidemic failure or otherwise. If these additional expenses are significant, they could harm our business.
BUSINESS AND STRATEGIC RISKS
We are subject to risks related to the separation of Sandisk, our former Flash business, into an independent public company.
On February 21, 2025, we completed our planned spin-off of our Flash business unit from our remaining HDD business (which we refer to as the Separation), as a result of which Sandisk became an independent public company. There can be no assurance that the anticipated benefits of the Separation will be realized, or that the costs or dis-synergies of the Separation (including costs of related restructuring transactions) will not exceed the anticipated amounts, in each case in the monetary or other amounts or within the timeframes that were anticipated. The Separation has and may continue to impose challenges on us and our business, such as potential business disruption; the diversion of management time on matters relating to the Separation; the impact on our ability to retain talent; and potential impacts on our relationships with our customers, suppliers, employees,
13
and other counterparties. In addition, following the Separation, we are a smaller and less diversified company, which could make us more vulnerable to changing market conditions.
In connection with the Separation, we and Sandisk entered into various agreements to effect the Separation and provide for the temporary framework of the relationship between us and Sandisk following the Separation, including, among others, a separation and distribution agreement, a tax matters agreement, and a transition services agreement. Performance under these agreements or other related conditions outside of our control could materially affect our operations and future financial results.
We retained an equity interest in Sandisk in connection with the Separation, of which we divested a portion in June 2025 in a debt-for-equity exchange. As of June 27, 2025, we retain approximately 7 million shares of common stock in Sandisk. We cannot predict the trading price of shares of Sandisk’s common stock and the market value of the Sandisk shares is subject to market volatility and other factors outside of our control. We expect to monetize our remaining stake in Sandisk within one year from the Separation Date, but there can be no assurance regarding the timing of, or timeframe over which, such divestiture or divestitures may occur, or the amount of proceeds received by us in connection with any such divestitures.
In addition, while the Separation is intended to be tax-free to our stockholders for U.S. federal income tax purposes, there is no assurance that the Separation will qualify for this treatment. If the Separation is ultimately determined to be taxable, Western Digital, Sandisk, or our stockholders could incur income tax and/or other liabilities that could be significant. Any of these factors could have a material adverse effect on our business, financial condition, results of operations, cash flows, and the price of our common stock.
If we do not properly manage technology transitions and product development and introduction, our competitiveness and operating results may be negatively affected. If we do not properly manage technology transitions and product development and introduction, our competitiveness and operating results may be negatively affected.
The markets for our products continuously undergo technology transitions that can impact our product roadmaps and that we must anticipate in order to adapt our existing products or develop new products effectively. If we fail to adapt to or implement new technologies (including the transition to areal density recording technologies that use heat-assisted magnetic recording (“HAMR”) technology to increase HDD capacities), if we fail to quickly and cost-effectively develop new products that meet the specifications and requirements intended or desired by our customers or if technology transitions negatively impact our existing product roadmaps, our business may be harmed. Additionally, the impact of generative AI on the storage and data management markets and regulation thereof is still unfolding and could evolve unpredictably, and it is difficult to accurately forecast related demands.
In addition, the success of our technology transitions and product development depends on a number of other factors, including R&D expenses and results; difficulties faced in manufacturing ramp; market acceptance/qualification; effective management of inventory levels in line with anticipated product demand; the vertical integration of some of our products, which may result in more capital expenditures and greater fixed costs than if we were not vertically integrated; our ability to cost effectively respond to customer requests for new products or features (including requests for more efficient and efficiently-produced products with reduced environmental impacts) and software associated with our products; our ability to increase our software development capability; and the effectiveness of our go-to-market capability in selling new products.
Moving to new technologies and products may require us to align to, and build, a new supply base. Our success in new product areas may depend on our ability to enter into favorable supply agreements. In addition, if our customers choose to delay transition to new technologies, if demand for the products that we develop is lower than expected or if the supporting technologies to implement these new technologies are not available, we may be unable to achieve the cost structure required to support our profit objectives or may be unable to grow or maintain our market position. In addition, if our customers choose to delay transition to new technologies, if demand for the products that we develop is lower than expected or if the supporting 18Table of Contentstechnologies to implement these new technologies are not available, we may be unable to achieve the cost structure required to support our profit objectives or may be unable to grow or maintain our market position.
Additionally, new technologies could impact demand for our products in unforeseen or unexpected ways and new products could substitute for our current products and make them obsolete, each of which would harm our business. We also develop products to meet certain industry and technical standards, which may change and cause us to incur substantial costs as we adapt to new standards or invest in different manufacturing processes to remain competitive.
We participate in a highly competitive industry that is subject to variations in average selling prices (“ASPs”) and demand, technological change and lengthy product qualifications, all of which can negatively impact our business.
14
Demand for our devices, software and solutions, which we refer to in this Item 1A as our “products”, depends in large part on the demand for systems manufactured by our customers and on storage upgrades to existing systems. The demand for systems has been volatile in the past and often has had an exaggerated effect on the demand for our products in any given period. Demand for and prices of our products are influenced by, among other factors, the actual and projected growth of data to be stored, the spending plans of our large hyperscale customers, the balance between supply and demand in the storage market, macroeconomic factors (such as tariffs and actual or perceived threat of recessions), business conditions, the emergence or growth of new or existing technologies (including AI), technology transitions and other actions taken by us or our competitors. Demand for and prices of our products are influenced by, among other factors, the actual and projected growth of data to be stored, the balance between supply and demand in the storage market, including the effects of new fab capacity, macroeconomic factors, business conditions, the emergence or growth of new or existing technologies (including AI), technology transitions and other actions taken by us or our competitors. We also experience competition from other companies that produce alternative storage technologies such as flash memory, particularly in our legacy markets where we participate with our lower capacity, smaller form factor HDDs. Flash-based solutions also target our larger addressable market, i.e., Cloud. The storage market has in the past experienced, and may in the future experience, periods of excess capacity leading to our factories running below the desired utilization levels, resulting in us taking underutilization charges, inventory write-downs and reductions in ASPs, all of which lead to negative impacts on our revenue and gross margins. The storage market has recently experienced, and may continue to experience, periods of excess capacity leading to liquidation of excess inventories, inventory write-downs, significant reductions in ASPs and negative impacts on our revenue and gross margins and volatile product life cycles that harm our ability to recover the cost of product development.
While our ASPs tend to be relatively stable, we may experience periods during an industry downturn when we face adverse headwinds to our ASPs. Additionally, our gross margin may face downward pressure if we are unable to migrate our product mix to the higher capacity needs of our customers and/or to reach the desired manufacturing yield in our production. Our gross margin could also face pressure if we are unable to achieve the desired manufacturing yields when we ramp our new technologies. Further, technological changes can reduce the volume and profitability of sales of existing products.
We also face significant competition in the distribution channel (in which our distribution customers sell to small computer manufacturers, dealers, systems integrators and other resellers, as well as to Cloud customers in some cases) as a result of limited product qualification programs and a significant focus on price and availability of product. If we fail to respond to changes in demand in the distribution market, our business could suffer. Additionally, if the distribution market weakens as a result of technology transitions or a significant change in consumer buying preference, or if we experience significant price declines due to demand changes in the distribution channel, our operating results would be negatively impacted. Negative changes in the creditworthiness or the ability to access credit, or the bankruptcy or shutdown of any of our significant retail or distribution partners would harm our revenue and our ability to collect outstanding receivable balances.
As we compete in new product areas, the overall complexity of our business may increase and may result in increases in R&D expenses and substantial investments in manufacturing capability, technology enhancements and go-to-market capability. We must also qualify our products with customers through potentially lengthy testing processes with uncertain results. Some of our competitors offer products that we do not offer, which may allow them to win sales from us, and some of our customers may be developing storage solutions internally, which may reduce their demand for our products. We expect that competition will continue to be intense, and our competitors may be able to gain a product offering or cost structure advantage over us, which would harm our business. Further, our competitors may utilize pricing strategies, including offering products at prices at or below cost, that we may be unable to competitively match. We may also have difficulty effectively competing with manufacturers benefiting from governmental investments and may be subject to increased complexity and reduced efficiency in our supply chain as a result of governmental efforts to promote domestic technologies in various jurisdictions.
In addition, if we fail to effectively manage our government relationships in various jurisdictions in which we operate, we may experience missed opportunities (including incentives and investments), unfavorable policy outcomes or operational inefficiencies, any of which would put us at a competitive disadvantage.
Loss of revenue from the Cloud end market or a key customer, or consolidation among our customer base, could harm our operating results. Loss of revenue from a key customer, or consolidation among our customer base, could harm our operating results.
As a result of the Separation, there is increased revenue concentration in our Cloud end market and among our top customers. For the year ended June 27, 2025, the Cloud end market accounted for 88% of our total revenue and our top 10 customers accounted for 68% of our net revenue, with three customers each accounting for 10% or more of the Company’s net revenue.
15
If we fail to respond to changes in demand in the Cloud and hyperscale data center markets, our business could suffer. In addition, our customers have a variety of suppliers to choose from and therefore can make substantial demands on us, including demands on product pricing, contractual terms and the environmental impact and attributes of our products, often resulting in the allocation of risk or increased costs to us as the supplier. These customers have a variety of suppliers to choose from and therefore can make substantial demands on us, including demands on product pricing, contractual terms and the environmental impact and attributes of our products, often resulting in the allocation of risk or increased costs to us as the supplier. Our ability to maintain strong relationships with our principal customers is essential to our future performance. We have experienced and may in the future experience events such as the loss of a key customer, prohibition or restriction of sales to a key customer by law, regulation or other government action, reductions in sales to or orders by a key customer, customer requirements to reduce our prices before we are able to reduce costs or the acquisition of a key customer by one of our competitors. These events have impacted, and may in the future impact, our operating results and financial condition. Further, government authorities may implement laws or regulations or take other actions that could result in significant changes to the business or operating models of our customers. Such changes could negatively impact our operating results.
Additionally, if there is consolidation among our customer base, our customers may be able to command increased leverage in negotiating prices and other terms of sale, which could negatively impact our profitability. Additionally, if there is consolidation among our customer base, our customers may be able to command increased leverage in negotiating prices and other terms of sale, which could negatively impact our profitability. Consolidation among our customer base may also lead to reduced demand for our products, increased customer pressure on our prices, replacement of our products by the combined entity with those of our competitors and cancellations of orders, each of which could harm our operating results.
Also, the storage ecosystem is constantly evolving, and our traditional customer base is changing. Fewer companies now hold greater market share for certain applications and services, such as cloud storage and computing platforms, mobile, social media, shopping and streaming media. As a result, the competitive landscape is changing, giving these companies increased leverage in negotiating prices and other terms of sale, which could negatively impact our profitability. In addition, the changes in our evolving customer base create new selling and distribution patterns to which we must adapt. To remain competitive, we must respond to these changes by ensuring we have proper scale in this evolving market, as well as offer products that meet the technological requirements of this customer base at competitive pricing points. To the extent we are not successful in adequately responding to these changes, our operating results and financial condition could be harmed.
We experience variability in our sales and cyclicality in our industry, which could cause our operating results to fluctuate. In addition, accurately forecasting demand is difficult, which could harm our business. In addition, accurately forecasting demand has become more difficult, which could harm our business.
Our business is subject to variability of sales because it is largely dependent on the buying patterns of our large Cloud customers, driven by their needs for deploying our technology in their data center buildouts, as well as on their ability to procure other products that go into such buildouts. Changes in their demand patterns and in cyclical supply and demand patterns have made it, and could continue to make it, difficult for us to forecast demand. Changes in seasonal and cyclical supply and demand patterns have made it, and could continue to make it, more difficult for us to forecast demand. Changes in the linearity of our business within a quarter can also impact our business. As a result of the above or other factors, our forecast of financial results for a given quarter may differ materially from our actual financial results.
The variety and volume of products we manufacture are based in part on accurately forecasting market and customer demand for our products, which are influenced by a wide variety of factors. As a result of the number and complexity of these factors, accurately forecasting demand has been and continues to be difficult for us, our customers and our suppliers. Further, while most of our revenue is derived from customers with whom we have long-term agreements and from whom we require firm order commitments, a smaller number of our other customers utilize just-in-time inventory; from these customers, we do not generally require firm order commitments and instead receive a periodic forecast of requirements, which may prove to be inaccurate. In addition, because our products are designed to be largely interchangeable with competitors’ products, our demand forecasts may be impacted significantly by the strategic actions of our competitors. As forecasting demand remains difficult, the risk that our forecasts are not in line with demand persists. As forecasting demand becomes more difficult, the risk that our forecasts are not in line with demand increases. This has caused, and may in the future cause, our forecasts to exceed actual market demand, resulting in periods of product oversupply, excess inventory, underutilization of manufacturing capacity and price decreases, which has impacted and could further impact our sales, ASPs and gross margin or require us to incur inventory write-downs or charges for unabsorbed manufacturing overhead, thereby negatively affecting our operating results and our financial condition. For example, in 2024 and 2023, we incurred $155 million and $201 million of charges for unabsorbed manufacturing overhead costs as a result of the reduced utilization of our manufacturing capacity, respectively. These charges were attributable to a significant imbalance of supply and demand and our actions taken in response thereto. If market demand increases significantly beyond our forecasts or beyond our ability to add manufacturing capacity, then we may not be able to satisfy customer product needs, possibly resulting in a loss of market share if our competitors are able to meet customer demands. In addition, some of our components have long lead-times, requiring us to place orders several months in advance of anticipated demand. Such long lead-times increase the risk of excess inventory, potentially resulting in inventory write-downs, or loss of sales in the event our forecasts vary substantially from actual demand.
16
Failure to successfully execute on strategic initiatives including acquisitions, divestitures or cost saving measures may negatively impact our future results.
We have made and expect to continue to make acquisitions and divestitures (such as the recent Separation) and engage in cost saving measures.We have made and expect to continue to make acquisitions and divestitures, and engage in cost saving measures. In order to successfully execute on strategic initiatives, we must continue to identify and successfully complete attractive transactions, some of which may be large and complex, and manage post-closing issues such as integration of the acquired company or employees, integration of processes and systems, and post-Separation changes. We may not be able to continue to identify or complete appealing acquisition or investment opportunities given the intense competition for these transactions. Even if we identify and complete suitable corporate transactions, we may not be able to successfully address any integration challenges in a timely manner or at all. There have been and may continue to be difficulties with implementing new systems and processes or with integrating systems and processes of companies with complex operations, which may result in inconsistencies in standards, controls, procedures and policies and may increase our vulnerability to cybersecurity attacks or the risk that our internal controls are found to be ineffective.
Failing to successfully integrate or realign our business to take advantage of efficiencies or reduce redundancies of an acquisition or divestiture, including pursuant to the Separation, may result in not realizing all or any of the anticipated benefits of the transaction. Failing to successfully integrate or realign our business to take advantage of efficiencies or reduce redundancies of an acquisition or divestiture may result in not realizing all or any of the anticipated benefits of the transaction. In addition, failing to achieve the financial model projections for an acquisition or changes in technology development and related roadmaps following an acquisition may result in the incurrence of impairment charges (including goodwill impairments or other asset write-downs) and other expenses, both of which could negatively impact our results of operations or financial condition. Acquisitions and investments may also result in the issuance of equity securities that may be dilutive to our stockholders as well as earn-out or other contingent consideration payments and the issuance of additional indebtedness that would put additional pressure on liquidity. 19Table of ContentsAcquisitions and investments may also result in the issuance of equity securities that may be dilutive to our stockholders as well as earn-out or other contingent consideration payments and the issuance of additional indebtedness that would put additional pressure on liquidity. Furthermore, we may agree to provide continuing service obligations or enter into other agreements in order to obtain certain regulatory approvals of our corporate transactions, and failure to satisfy these additional obligations could result in our failing to obtain regulatory approvals or the imposition of additional obligations on us, any of which could negatively affect our business. In addition, new legislation or additional regulations may affect or impair our ability to invest with or in certain other countries or require us to obtain regulatory approvals to do so, including investments in joint ventures, minority investments and outbound technology transfers to certain countries.
Cost saving measures, restructurings and divestitures have had and may in the future result in workforce reduction and consolidation of our manufacturing or other facilities.Cost saving measures, restructurings and divestitures may result in workforce reduction and consolidation of our manufacturing or other facilities. As a result of these actions, we have experienced and may in the future experience a loss of continuity, loss of accumulated knowledge, disruptions to our operations and inefficiency during transitional periods. As a result of these actions, we may experience a loss of continuity, loss of accumulated knowledge, disruptions to our operations and inefficiency during transitional periods. These actions could also impact employee retention. In addition, we cannot be sure that these actions will be as successful in reducing our overall expenses as we expect, that additional costs will not offset any such reductions or consolidations or that we do not forego future business opportunities as a result of these actions.
Acquisitions and alliance activities inherently involve other risks as well, including those associated with disruption to our business and the continued successful execution of our company strategy, goals and responsibilities; assimilation and integration of different business operations, corporate cultures, personnel, infrastructures and technologies or solutions acquired or licensed, while maintaining quality, and designing and implementing appropriate risk management measures; and the possibility of conflict with joint venture or alliance partners regarding strategic direction, prioritization of objectives and goals, governance matters or operations. Acquisitions and alliance activities inherently involve other risks as well, including those associated with disruption to our business and the continued successful execution of our company strategy, goals and responsibilities; assimilation and integration of different business operations, corporate cultures, personnel, infrastructures and technologies or solutions acquired or licensed, while maintaining quality, and designing and implementing appropriate risk management measures; and the possibility of conflict with joint venture or alliance partners regarding strategic direction, prioritization of objectives and goals, governance matters or operations.
Our strategic relationships subject us to risks and uncertainties that could harm our business.
We have entered into and expect to continue to enter into strategic relationships with various partners for product development, manufacturing, sales growth and the supply of technologies, components, equipment and materials for use in our product design and manufacturing. Please see the risk factor entitled “We are dependent on a limited number of qualified suppliers who provide critical services, materials or components, and a disruption in our supply chain could negatively affect our business,” for a further description of the risks associated with our reliance on external suppliers. Our strategic relationships are subject to various risks that could harm the value of our investments, our revenue and costs, our future rate of spending, our technology plans and our future growth opportunities. Our strategic relationships, including Flash Ventures, are subject to various risks that could harm the value of our investments, our revenue and costs, our future rate of spending, our technology plans and our future growth opportunities.
Our control over the operations of our business ventures may be limited, and our interests could diverge from our strategic partners’ interests regarding ongoing and future activities. Our control over the operations of our business ventures may be limited, and our interests could diverge from our strategic partners’ interests regarding ongoing and future activities.
Our strategic relationships are subject to additional risks that could harm our business, including, but not limited to, the following: failure by our strategic partners to comply with applicable laws or employ effective internal controls; difficulties and
17
delays in product and technology development at, ramping production at, and transferring technology to, our strategic partners; declining financial performance of our strategic partners, including failure by our strategic partners to timely fund capital investments with us or otherwise meet their commitments, including the payment of amounts owed to us or third parties when due; losing the rights to, or ability to independently manufacture, certain technology or products being developed or manufactured by strategic partners, including as a result of any of them being acquired by another company, filing for bankruptcy or experiencing financial or other losses; a bankruptcy event involving a strategic partner, which could result in structural changes to or termination of the strategic partnership; and changes in tax or regulatory requirements, which may necessitate changes to the agreements governing our strategic partnerships.
FINANCIAL RISKS
Our level of debt may negatively impact our liquidity, restrict our operations and ability to respond to business opportunities, and increase our vulnerability to adverse economic and industry conditions.
We utilize debt financing in our capital structure and may incur additional debt, including under our revolving credit facility, subject to customary conditions in our loan agreements. Our level of debt could have significant consequences, including limiting our ability to obtain additional financing for working capital, capital expenditures, acquisitions or other general corporate purposes; requiring a substantial portion of our cash flows to be dedicated to debt service payments instead of other purposes; and imposing financial and other restrictive covenants on our operations. Furthermore, we may agree to provide continuing service obligations or enter into other agreements in order to obtain certain regulatory approvals of our corporate transactions, and failure to satisfy these additional obligations could result in our failing to obtain regulatory approvals or the imposition of additional obligations on us, any of which could negatively affect our business.
Our ability to meet our debt service obligations, comply with our debt covenants and deleverage depends on our cash flows and financial performance, which are affected by financial, business, economic and other factors. The rate at which we will be able to or choose to deleverage is uncertain. Failure to meet our debt service obligations or comply with our debt covenants could result in an event of default under the applicable indebtedness. We may be unable to cure, or obtain a waiver of, an event of default or otherwise amend our debt agreements to prevent an event of default thereunder on terms acceptable to us or at all. In that event, the debt holders could accelerate the related debt, which may result in the cross-acceleration or cross-default of other debt, leases or other obligations. We also utilize convertible debt in our capital structure. The $1.6 billion principal amount of our convertible notes will be convertible at the option of the holder beginning on August 15, 2028 and, prior to that date, may be convertible in any given calendar quarter depending on the trading price of our common stock during the prior calendar quarter. During the calendar quarter ended June 30, 2025, the sale price conditional conversion feature of the convertible notes was triggered and, as a result, the holders of the convertible notes have the right to convert the notes during the next succeeding calendar quarter. As such, these convertible notes were classified as current debt as of June 28, 2025. In the event that holders of our convertible debt exercise conversion rights, we will be required to settle the principal amount of any converted notes in cash. If we do not have sufficient funds available to repay indebtedness when due, whether at maturity, by acceleration or upon conversion, we may be required to sell important strategic assets; refinance our existing debt; incur additional debt or issue common stock or other equity securities, which we may not be able to do on terms acceptable to us, in amounts sufficient to meet our needs or at all. Our inability to service our debt obligations or refinance our debt could harm our business. Further, if we are unable to repay, refinance or restructure our secured indebtedness, the holder of such debt could proceed against the collateral securing the indebtedness. Refinancing our indebtedness may also require us to expense previous debt issuance costs or to incur new debt issuance costs.
As our bank debt contains a variable interest rate component based on our corporate credit ratings, a decline in our ratings has in the past resulted in, and could in the future result in, increased interest rates and debt service obligations. In addition, our ratings impact the cost and availability of future borrowings and, accordingly, our cost of capital. Our ratings reflect the opinions of the ratings agencies as to our financial strength, operating performance and ability to meet our debt obligations. There can be no assurance that we will achieve a particular rating or maintain a particular rating in the future.
We may from time to time seek to refinance our substantial indebtedness by issuing additional shares of common stock or other securities that are convertible into common stock or grant the holder the right to purchase common stock, each of which may dilute our existing stockholders, reduce the value of our common stock, or both.We may from time to time seek to further refinance our substantial indebtedness by issuing additional shares of common stock or other securities that are convertible into common stock or grant the holder the right to purchase common stock, each of which may dilute our existing stockholders, reduce the value of our common stock, or both.
Tax matters may materially affect our financial position and results of operations.
Changes in tax laws in the United States, the European Union and around the globe have impacted and will continue to impact our effective worldwide tax rate, which may materially affect our financial position and results of operations. In the United States, the Tax Cuts and Jobs Act of 2017 (“TCJA”), the Inflation Reduction Act of 2022 (“IRA”), and the One Big Beautiful Bill Act of 2025 (“OBBBA”) each include broad tax reform provisions. We are currently evaluating the impact of the OBBBA and related tax provisions on our operations and financial reporting, and future guidance provided by the U.S.
18
Department of the Treasury and Internal Revenue Service could change our conclusions regarding such impact. The OBBBA and related guidance could materially impact our effective tax rate, deferred tax positions, and overall tax strategy. Further, the majority of countries in the G20 and Organization for Economic Cooperation and Development (OECD) Inclusive Framework on Base Erosion and Profit Shifting (BEPS) have agreed to adopt a two-pillar approach to taxation, which includes the implementation of a global corporate minimum tax rate of 15%. Further, the majority of countries in the G20 and Organization for Economic Cooperation and Development (OECD) Inclusive Framework on Base Erosion and Profit Shifting (BEPS) have agreed to adopt a two-pillar approach to taxation, which includes the implementation of a global corporate minimum tax rate of 15%, which, when effective, could materially increase our tax obligations in these countries. Several non-U.S. jurisdictions have already enacted legislation or announced their intention to enact future legislation to adopt certain or all components of the Pillar Two Model rules. Our tax obligations could increase materially as this legislation becomes effective in countries that have already adopted a two-pillar approach or if adoption expands to other jurisdictions in which we operate. Due to the large scale of our U.S. and international business operations, enacted and proposed changes to tax laws — including those affecting the taxation of our global activities and intercompany cash movements — could materially increase our worldwide effective tax rate and adversely impact our financial results and cash flows.
Additionally, portions of our operations are subject to a reduced tax rate or are free of tax under various tax holidays that expire in whole or in part from time to time, or may be terminated if certain conditions are not met. Additionally, portions of our operations are subject to a reduced tax rate or are free of tax under various tax holidays that expire in whole or in part from time to time, or may be terminated if certain conditions are not met. Although many of these holidays may be extended when certain conditions are met, in the past we have not been able to, and in the future, we may not be able to meet such conditions. Although many of these holidays may be extended when certain conditions are met, we may not be able to meet such conditions. If the tax holidays are not extended, or if we fail to satisfy the conditions of the reduced tax rate, then our effective tax rate could increase in the future. Our effective tax rate may be negatively impacted if we are unable to realize deferred tax assets. We regularly review our deferred tax assets for recoverability and establish a valuation allowance if it is more likely than not that some portion or all of a deferred tax asset will not be realized. If we are unable to generate sufficient future taxable income or if there is a change to the time period within which the underlying temporary differences become taxable or deductible, we could be required to increase our valuation allowance against our deferred tax assets, which could result in a material increase in our effective tax rate.
Our determination of our tax liability in the United States and other jurisdictions is subject to review by applicable domestic and foreign tax authorities.Our determination of our tax liability in the US and other jurisdictions is subject to review by applicable domestic and foreign tax authorities. For example, as disclosed in Part II, Item 8, Note 13, Income Taxes, of the Notes to Consolidated Financial Statements included in this Annual Report on Form 10-K, we are under examination by the Internal Revenue Service for certain fiscal years. Although we believe our tax positions are properly supported, the final timing and resolution of any tax examinations are subject to significant uncertainty and could result in litigation or the payment of significant amounts to the applicable tax authority in order to resolve examination of our tax positions, which could result in an increase of our current estimate of unrecognized tax benefits and may harm our business.
Any decisions to reduce or discontinue paying cash dividends to our stockholders or the repurchase of our shares of common stock pursuant to our previously announced share repurchase program could cause the market price for our common stock to decline.
Although our Board of Directors authorized the adoption of a quarterly cash dividend program and a share repurchase program during the fourth quarter of fiscal year 2025, we are under no obligation to pay cash dividends to our stockholders in the future or to repurchase shares of our common stock at any particular price or at all. The declaration and payment of any future dividends and any future repurchase of our common stock is at the discretion of our Board of Directors. Our payment of quarterly cash dividends and the repurchase of shares of our common stock pursuant to our share repurchase program are subject to, among other things, our financial position and results of operations, available cash and cash flow, capital and regulatory requirements, market and economic conditions, the market price of our common stock, and other factors. Any reduction or discontinuance by us of the payment of quarterly cash dividends or the repurchase of shares of our common stock could cause the market price of our common stock to decline. Moreover, in the event our payment of quarterly cash dividends or repurchases of shares of our common stock is reduced or discontinued, our failure or inability to resume such activities could result in a persistent lower market valuation for our common stock.
Fluctuations in currency exchange rates as a result of our international operations may negatively affect our operating results.
Because we manufacture and sell our products abroad, our revenue, cost of revenue, margins, operating costs and cash flows are impacted by fluctuations in foreign currency exchange rates. If the U.S. dollar exhibits sustained weakness against most foreign currencies, the U.S. dollar equivalents of unhedged manufacturing costs could increase because a portion of our production costs are foreign-currency denominated. Conversely, there would not be an offsetting impact to revenues since revenues are substantially U.S. dollar denominated. Additionally, we negotiate and procure some of our component requirements in U.S. dollars from non-U.S. based vendors. If the U.S. dollar weakens against other foreign currencies, some of our component suppliers may increase the price they charge for their components in order to maintain an equivalent profit margin. When such events occur, they have had, and may in the future have, a negative impact on our business.
19
Prices for our products are substantially U.S. dollar denominated, even when sold to customers that are located outside the United States. Therefore, as a substantial portion of our sales are from countries outside the United States, fluctuations in currency exchange rates, such as the strengthening of the U.S. dollar against other foreign currencies, could increase the cost of our products in those countries and negatively impact demand and revenue growth. In addition, currency variations may adversely affect, and from time to time have adversely affected, margins on sales of our products in countries outside the United States. In addition, currency variations may adversely affect, and from time to time have adversely affected, margins on sales of our products in countries outside the USWe attempt to manage the impact of foreign currency exchange rate changes by, among other things, entering into short-term foreign exchange contracts.
We attempt to manage the impact of foreign currency exchange rate changes by, among other things, entering into short-term foreign exchange contracts. However, these contracts may not cover our full exposure and can be canceled by the counterparty if currency controls are put in place. Thus, our decisions and hedging strategy with respect to currency risks may not be successful and may actually harm our operating results. Further, the ability to enter into foreign exchange contracts with financial institutions is based upon our available credit from such institutions and compliance with covenants and other restrictions. Operating losses, third party downgrades of our credit rating or instability in the worldwide financial markets could impact our ability to effectively manage our foreign currency exchange rate risk. Hedging also exposes us to the credit risk of our counterparty financial institutions.
Increases in our customers’ credit risk could result in credit losses and term extensions under existing contracts with customers with credit losses could result in an increase in our operating costs.
Some of our OEM customers have adopted a subcontractor model that requires us to contract directly with companies, such as ODMs, that provide manufacturing and fulfillment services to our OEM customers. Because these subcontractors are generally not as well capitalized as our direct OEM customers, this subcontractor model exposes us to increased credit risks. Our agreements with our OEM customers may not permit us to increase our product prices to alleviate this increased credit risk. Additionally, as we attempt to expand our OEM and distribution channel sales into emerging economies, the customers with the most success in these regions may have relatively short operating histories, making it more difficult for us to accurately assess the associated credit risks. Our customers’ credit risk may also be exacerbated by an economic downturn or other adverse global or regional economic conditions. Any credit losses we may suffer as a result of these increased risks, or as a result of credit losses from any significant customer, especially in situations where there are term extensions under existing contracts with such customers, would increase our operating costs, which may negatively impact our operating results.
LEGAL AND COMPLIANCE RISKS
We are subject to laws, rules and regulations relating to the collection, use, sharing and security of data, including personal data, and our failure to comply with these laws, rules and regulations could subject us to proceedings by governmental entities or others and cause us to incur penalties, significant legal liability, or loss of customers, loss of revenue and reputational harm.
We are subject to laws, rules and regulations relating to the collection, use, security and privacy of data, including data that relates to or identifies an individual person.We are subject to laws, rules and regulations relating to the collection, use, security and privacy of third-party data, including data that relates to or identifies an individual person. We are also subject to the terms of our privacy policies and obligations to third parties related to privacy, data protection and security. In many cases, these requirements apply not only to third-party transactions, but also to transfers of information between our information systems and our subsidiaries, and among us, our subsidiaries and other parties with which we have commercial relations. Our possession and use of data, including personal data and employee data in conducting our business, subjects us to legal and regulatory obligations that require us to notify vendors, customers or employees or other parties with which we have commercial relations of a data security breach and to respond to regulatory inquiries and to enforcement proceedings. Our possession and use of third-party data, including personal data and employee data in conducting our business, subjects us to legal and regulatory obligations that require us to notify vendors, customers or employees or other parties with which we have commercial relations of a data security breach and to respond to regulatory inquiries and to enforcement proceedings. Managing these notifications, especially in large volumes, can lead to significant expenses, even with cybersecurity insurance coverage. Laws and regulations relating to the collection, use, security and privacy of data change over time and new laws and regulations become effective from time to time. Laws and regulations relating to the collection, use, security and privacy of third-party data change over time and new laws and regulations become effective from time to time. We are subject to notice and privacy statement requirements, as well as obligations to respond to data subject requests. We are subject to notice and privacy statement requirements, as well as obligations to respond to requests to know and access personal information, correct personal information, delete personal information and say no to the sale of personal information. Global privacy and data protection legislation, enforcement and policy activity in this area are rapidly expanding and evolving, including with respect to the use of AI, and may be inconsistent from jurisdiction to jurisdiction. Global privacy and data protection legislation, enforcement and policy activity in this area are rapidly expanding and evolving, and may be inconsistent from jurisdiction to jurisdiction. We may also be subject to restrictions on cross-border data transfers and requirements for localized storage of data that could increase our compliance costs and risks and affect the ability of our global operations to coordinate activities and respond to customers and individuals. Our use of AI technology may create new privacy and security risks, especially where personal data is involved. The use of AI may raise ethical concerns, lead to flawed outcomes, or present other privacy and security risks that could make it more difficult to adopt or implement effectively. Compliance requirements or even our inadvertent failure to comply with applicable laws may cause us to incur substantial costs, subject us to proceedings by governmental entities or others, and cause us to incur penalties or other significant legal liability or lead us to change our business practices.
20
We and certain of our officers are and may continue to be involved in litigation, investigations and governmental proceedings, which may be costly, may divert the efforts of our key personnel and could result in adverse court rulings, fines or penalties, which could materially harm our business.
We are and may continue to be involved in litigation, including antitrust and commercial matters, putative securities class action suits and other actions. We are the plaintiff in some of these actions and the defendant in others. Some of the actions seek injunctive relief, including injunctions against the sale of our products, and substantial monetary damages, which if granted or awarded, could materially harm our business. We have in the past been and may in the future be the subject of inquiries, requests for information, investigations and actions by government and regulatory agencies regarding our businesses. Any such matters could result in material adverse consequences to our results of operations, financial condition or ability to conduct our business, including fines, penalties or restrictions on our business activities.
Litigation is subject to inherent risks and uncertainties that may cause actual results to differ materially from our expectations. In the event of an adverse outcome in any litigation, investigation or governmental proceeding, we could be required to pay substantial damages, fines or penalties and cease certain practices or activities, including the manufacture, use and sale of products. With or without merit, such matters may be complex, may extend for a protracted period of time, may be very expensive and the expense may be unpredictable. Litigation initiated by us could also result in counter-claims against us, which could increase the costs associated with the litigation and result in our payment of damages or other judgments against us. Litigation initiated by us could also result in counter-claims against us, 24Table of Contentswhich could increase the costs associated with the litigation and result in our payment of damages or other judgments against us. In addition, litigation, investigations or governmental proceedings and any related publicity may divert the efforts and attention of some of our key personnel, affect demand for our products and harm the market prices of our securities.
We may be obligated to indemnify our current or former directors or employees, or former directors or employees of companies that we have acquired, in connection with litigation, investigations or governmental proceedings. These liabilities could be substantial and may include, among other things: the costs of defending lawsuits against these individuals; the cost of defending shareholder derivative suits; the cost of governmental, law enforcement or regulatory investigations or proceedings; civil or criminal fines and penalties; legal and other expenses; and expenses associated with the remedial measures, if any, which may be imposed.
The nature of our industry and its reliance on IP and other proprietary information subjects us and our suppliers, customers and partners to the risk of significant litigation.
The data storage industry has been characterized by significant litigation. This includes litigation relating to patent and other IP rights, product liability claims and other types of litigation. We are frequently involved in disputes regarding patent and other IP rights, and we and our customers have in the past received, and we and our customers may in the future receive, communications from third parties asserting that certain of our products, processes or technologies infringe upon their patent rights, copyrights, trademark rights or other IP rights. Even if we believe that such claims are without merit, they may be time-consuming and costly to defend against and may divert management’s attention and resources away from our business. We may also receive claims of potential infringement if we attempt to license IP to others. IP risks increase when we participate in new markets where we have little or no IP protection as a deterrent against litigation. IP risks increase when we enter into new markets where we have little or no IP protection as a deterrent against litigation. The complexity of the technology involved and the uncertainty of IP litigation increase the IP risks we face. Litigation can be expensive, lengthy and disruptive to normal business operations. Moreover, the results of litigation are inherently uncertain and have resulted in, and may in the future result in, adverse rulings or decisions. We may be subject to injunctions, enter into settlements or be subject to judgments that may harm our business.
If we incorporate third-party technology into our products or if claims or actions are asserted against us for alleged infringement of the IP of others, we may be required to obtain a license or cross-license, modify our existing technology or design a new non-infringing technology. Such licenses or design modifications can be extremely costly. We evaluate notices of alleged patent infringement and notices of patents from patent holders that we receive from time to time. We may decide to settle a claim or action against us, which settlement could be costly. We may also be liable for past infringement. If there is an adverse ruling against us in an infringement lawsuit, an injunction could be issued barring production or sale of any infringing product. It could also result in a damage award equal to a reasonable royalty or lost profits or, if there is a finding of willful infringement, treble damages. Any of these results would increase our costs and harm our operating results. In addition, our suppliers, customers and partners are subject to similar risks of litigation, and a material, adverse ruling against a supplier, customer or partner could negatively impact our business.
Moreover, from time to time, we agree to indemnify certain of our suppliers and customers for alleged IP infringement. The scope of such indemnity varies but may include indemnification for direct and consequential damages and expenses, including attorneys’ fees. We may be engaged in litigation as a result of these indemnification obligations. Third party claims
21
for patent infringement are excluded from coverage under our insurance policies. A future obligation to indemnify our customers or suppliers may harm our business.
Our reliance on IP and other proprietary information subjects us to the risk that these key components of our business could be copied by competitors.
Our success depends, in significant part, on the proprietary nature of our technology, including non-patentable IP such as our process technology. If we fail to protect our technology, IP or contract rights, our customers and others may seek to use our technology and IP without the payment of license fees and royalties, which could weaken our competitive position, reduce our operating results and increase the likelihood of costly litigation. We primarily rely on patent, copyright, trademark and trade secret laws, as well as non-disclosure agreements and other methods, to protect our proprietary technologies and processes. There can be no assurance that our existing patents will continue to be held valid, if challenged, or that they will have sufficient scope or strength to protect us. It is also possible that competitors or other unauthorized third parties may obtain, copy, use or disclose, illegally or otherwise, our proprietary technologies and processes, despite our efforts to protect our proprietary technologies and processes. If a competitor is able to reproduce or otherwise capitalize on our technology despite the safeguards we have in place, it may be difficult, expensive or impossible for us to obtain necessary legal protection. There are entities whom we believe may infringe our IP. Enforcement of our rights often requires litigation. If we bring a patent infringement action and are not successful, our competitors may be able to use similar technology to compete with us. If we bring a patent infringement 25Table of Contentsaction and are not successful, our competitors may be able to use similar technology to compete with us. Moreover, the defendant in such an action may successfully countersue us for infringement of their patents or assert a counterclaim that our patents are invalid or unenforceable. Also, the laws of some foreign countries may not protect our IP to the same extent as do U.S. laws. In addition to patent protection of IP rights, we consider elements of our product designs and processes to be proprietary and confidential. We rely upon employee, consultant and vendor non-disclosure agreements and contractual provisions and a system of internal safeguards to protect our proprietary information. However, we cannot be certain that these contracts and safeguards have not been and will not be breached, that we will be able to timely detect unauthorized use or transfer of our technology and IP, that we will have adequate remedies for any breach or that our trade secrets will not otherwise become known or be independently discovered by competitors. Any of our registered or unregistered IP rights may be challenged or exploited by others in the industry, which could harm our operating results.
Maintaining and strengthening our brands are important to maintaining and expanding our business, as well as to our ability to enter into new markets for our technologies, products and services. The success of our brands depends in part on the positive image that consumers have of our brands. We believe the popularity of our brands makes them a target of counterfeiting or imitation, with third parties attempting to pass off counterfeit products as our products. We license certain IP rights related to our brands for use by third parties and have safeguards in place to monitor and control such use. We also license certain IP rights related to brands from third parties that we rely on to offer, distribute and sell certain of our products. However, we cannot be certain that our licenses to third parties have not been and will not be breached by such parties, that the licenses we take from third parties will not be revoked or invalidated, or that the safeguards we have in place will comprehensively protect against marketplace confusion. Any occurrence of counterfeiting, imitation or confusion with our brands could negatively affect our reputation and impair the value of our brands, which in turn could negatively impact sales and pricing of our branded products, our share and our gross margin, as well as increase our administrative costs related to brand protection and counterfeit detection and prosecution. Additionally, our ability to prevent unauthorized uses of our brands and technologies would be negatively impacted if our trademark registrations were successfully challenged or overturned in the jurisdictions where we do business. We also have trademark applications pending in a number of jurisdictions that may not ultimately be granted, or if granted, may be challenged or invalidated, in which case we would be unable to prevent unauthorized use of our brands and logos in such jurisdictions. We have not filed trademark registrations in all jurisdictions where our brands or logos may be used.
We are and may in the future be subject to state, federal and international legal and regulatory requirements, such as environmental, labor, health and safety, trade and public company reporting and disclosure regulations, customers’ standards of corporate citizenship and industry and coalition standards, such as those established by the Responsible Business Alliance (“RBA”), and compliance with those regulations and requirements could cause an increase in our operating costs and failure to comply may harm our business.23Table of Contents We are and may in the future be subject to state, federal and international legal and regulatory requirements, such as environmental, labor, health and safety, trade and public-company reporting and disclosure regulations, customers’ standards of corporate citizenship and industry and coalition standards, such as those established by the Responsible Business Alliance (“RBA”), and compliance with those regulations and requirements could cause an increase in our operating costs and failure to comply may harm our business.
We are subject to, and may become subject to, additional, state, federal and international laws and regulations governing our environmental, labor, trade, health and safety practices and public company reporting and disclosures requirements. These laws and regulations, particularly those applicable to our international operations, are or may be complex, extensive and subject to change. If we or our suppliers, customers and partners do not timely comply with such laws and regulations, it may result in an increase in our operating costs. Legislation has been, and may in the future be, enacted in locations where we manufacture or sell our products, which could impair our ability to conduct business in certain jurisdictions or with certain customers and harm
22
our operating results. In addition, climate change and financial reform legislation is a significant topic of discussion and has generated and may continue to generate federal, international or other regulatory responses in the near future, which could substantially increase the complexity of our public-company reporting and disclosure requirements and our compliance and operating costs. If we or our suppliers, customers or partners fail to timely comply with applicable legislation, certain customers may refuse to purchase our products or we may face increased operating costs as a result of taxes, fines or penalties, or legal liability and reputational damage, which could harm our business.
In connection with our compliance with environmental laws and regulations, as well as our compliance with industry and coalition environmental initiatives, such as those established by the RBA, the standards of business conduct required by some of our customers, and our commitment to sound corporate citizenship in all aspects of our business, we could incur substantial compliance and operating costs and be subject to disruptions to our operations and logistics. In addition, if we or our suppliers, customers or partners were found to be in violation of these laws or noncompliant with these initiatives or standards of conduct, we could be subject to governmental fines, liability to our customers and damage to our reputation and corporate brand, which could cause our financial condition and operating results to suffer.
Our aspirations, disclosures and actions related to environmental, social and governance (“ESG”) matters expose us to risks that could adversely affect our reputation and performance.
There is an increased focus from investors, customers, associates, business partners and other stakeholders concerning ESG matters, and we announce initiatives and goals related to ESG matters from time to time, including renewable energy and net zero emissions commitments. These statements reflect our current plans and aspirations and are not guarantees that we will be able to achieve them. Our ability to achieve any ESG objective is subject to numerous risks, many of which are outside of our control, including the availability and cost of alternative energy sources; the evolving regulatory and reporting requirements affecting ESG practices and disclosures; the locations and usage of our products and the implications on their greenhouse gas emissions; and the successful execution of our strategy. Our failure to accomplish or accurately track and report on these goals on a timely basis, or at all, and the potential added costs involved, could adversely affect our reputation; financial performance and growth; our ability to attract or retain talent; and our attractiveness as a business partner or supplier, and could expose us to increased litigation risk, as well as increased scrutiny from the investment community and enforcement authorities.
The exclusive forum provisions in our Bylaws could limit our stockholders’ ability to bring a claim in a judicial forum that it finds favorable for disputes with the Company or its directors, officers or other employees.
Our Bylaws provide that, unless the Company consents in writing to the selection of an alternative forum, the Court of Chancery of the State of Delaware (or the federal district court in the State of Delaware if the Court of Chancery does not have subject matter jurisdiction) is the sole and exclusive forum for (i) any derivative action brought on behalf of the Company, (ii) any action asserting a claim of breach of a fiduciary duty owed by any current or former director, officer or other employee of the Company or its stockholders, (iii) any action asserting a claim arising pursuant to any provision of the Delaware General Corporation Law or the Company’s Certificate of Incorporation or Bylaws, or (iv) any action asserting a claim governed by the internal affairs doctrine (the “Delaware Exclusive Forum Provision”). Our Bylaws further provide that the federal district courts of the United States of America will, to the fullest extent permitted by law, be the exclusive forum for resolving any complaint asserting a cause of action under the Securities Act of 1933, as amended (the “Federal Forum Provision”).
The Delaware Exclusive Forum Provision is intended to apply to claims arising under Delaware state law and would not apply to claims brought pursuant to the Exchange Act or any other claim for which the federal courts have exclusive jurisdiction. In addition, the Federal Forum Provision is intended to apply to claims arising under the Securities Act and would not apply to claims brought pursuant to the Exchange Act. The exclusive forum provisions in the Company’s Bylaws will not relieve us of our duties to comply with the federal securities laws and the rules and regulations thereunder and, accordingly, actions by our stockholders to enforce any duty or liability created by the Exchange Act or the rules and regulations thereunder must be brought in federal courts. Our stockholders will not be deemed to have waived our compliance with these laws, rules and regulations.
The exclusive forum provisions in the Company’s Bylaws may limit a stockholder’s ability to bring a claim in a judicial forum of its choosing for disputes with the company or its directors, officers or other employees, which may discourage lawsuits against the Company and its directors, officers and other employees. In addition, stockholders who do bring a claim in the Court of Chancery of the State of Delaware pursuant to the Delaware Exclusive Forum Provision could face additional litigation costs in pursuing any such claim, particularly if they do not reside in or near Delaware. The court in the designated forum under our exclusive forum provisions may also reach different judgments or results than would other courts, including courts where a stockholder would otherwise choose to bring the action, and such judgments or results may be more favorable to the Company than to our stockholders. Further, the enforceability of similar exclusive forum provisions in other companies’
23
organizational documents has been challenged in legal proceedings, and it is possible that a court could find any of our exclusive forum provisions to be inapplicable to, or unenforceable in respect of, one or more of the specified types of actions or proceedings. If a court were to find all or any part of our exclusive forum provisions to be inapplicable or unenforceable in an action, we might incur additional costs associated with resolving such action in other jurisdictions.
Item 1B.Item 1A. Unresolved Staff Comments
Not applicable.
Item 1C. Cybersecurity
Risk Management and Strategy
At Western Digital, our management team is charged with managing risk and bringing to our Board of Directors’ attention all material risk exposures to our company. Our enterprise risk management (“ERM”) process is designed to facilitate the identification, assessment, management, reporting and monitoring of material risks our company may face over the short-term and long-term and promote regular communication with our Board of Directors and its committees regarding these risks. Through our ERM process, we have determined that the compromise, damage and interruption of our technology infrastructure, information systems or products by cybersecurity incidents are key risks to our company that may have a material negative impact on our business. Through our ERM process, we have determined that the compromise, damage or interruption of our technology infrastructure, information systems or products by cybersecurity incidents is a key risk to our company that may have a material negative impact on our business. To help mitigate the potential impact of cybersecurity incidents on our business and protect against cybersecurity threats, we have established organizational structures, procedural measures and response plans that define roles and responsibilities related to cybersecurity risk management.
Our Information Security organization addresses cybersecurity risks with a broad spectrum of technologies, controls, and processes that focus on mitigating these risks.Western Digital’s Information Security organization addresses cybersecurity risks with a broad spectrum of technologies, controls, and processes that focus on mitigating these risks. Our cybersecurity strategy is designed to be dynamic and adaptive to combat the rapidly-evolving cybersecurity threat landscape and is influenced by commonly leveraged frameworks such as the NIST-CSF (National Institute of Standard and Technologies – CyberSecurity Framework). Our program includes, but is not limited to, advanced systems and network security protocols, electronic communications protections, vulnerability management programs, least-privilege access controls, third-party risk management procedures, workforce education and training exercises, and compliance programs.
Our dedicated 24x7 Security Operations Center incorporates specialized systems and processes for handling security incidents into its regular work and operates a robust, modern security infrastructure with appropriate security sensors and event monitoring capabilities. Upon detection of a cybersecurity incident, the Security Operations Center determines the severity of the incident in accordance with a pre-established incident severity matrix, initiates the appropriate notification and escalation protocols and begins triage. Predefined severity tiers serve as a guide to match our response to each incident’s determined severity or risk level.
Additionally, we have established a Cyber Incident Response Plan that follows the structure of the Incident Handling Guide published by the U.S. National Institute of Standards and Technology (SP 800-61r2) and that serves as an operational guide for handling cybersecurity incidents. Our Cyber Incident Response Plan provides procedural and strategic guidance that is designed to be flexible enough to apply to a variety of different incidents, but also specific enough to provide guidelines for incident prevention, detection, analysis, escalation and notification, and containment, eradication and recovery.
As part of our ongoing information security program, we utilize periodic independent third-party experts to conduct assessments of our program’s effectiveness. These experts are also leveraged to design and orchestrate tabletop exercises where multiple business functions and leadership levels must navigate complex incident scenarios to help determine our level of preparedness for various cybersecurity incidents.
As part of our business operations, we engage with a number of third parties, including but not limited to, online software service providers, vendors, consultants, and partners. Each of these third parties must be cleared through a formal cybersecurity risk assessment process before being allowed to integrate with our information systems, access confidential data, or provide electronic services to members of our workforce. Additionally, further scrutiny is applied during the post-assessment onboarding process in order to fine-tune access rights to limit privileges to those necessary to enable the related service, resulting in a least-privilege level of access.
24
Governance
We have implemented a governance framework related to cybersecurity that includes operational risk-mitigation practices and Board-level cybersecurity risk oversight.
Additionally, at least annually, our chief audit executive, who manages the day-to-day activities of our ERM program, reports to our Board of Directors on enterprise risk assessment under our ERM program, providing updates on key risks, status of mitigation efforts and residual risk trends, including an analysis of cybersecurity risks.Additionally, at least annually, our Chief Audit Executive, who manages the day-to-day activities of our ERM program, reports to our Board of Directors on enterprise risk assessment under our ERM program, providing updates on key risks, status of mitigation efforts and residual risk trends, including an analysis of cybersecurity risks. Also at least annually, our Chief Information Security Officer reports to our full Board of Directors on cybersecurity matters related to or impacting our company and our business.
25
Recently Filed
Click on a ticker to see risk factors
| Ticker * | File Date |
|---|---|
| BIVI | 37 minutes ago |
| EAT | 53 minutes ago |
| AMCR | an hour ago |
| HRB | an hour ago |
| TEAM | an hour ago |
| AIT | 8 hours ago |
| INBS | 9 hours ago |
| TAYD | 9 hours ago |
| COHR | 20 hours ago |
| AVT | 23 hours ago |
| TPR | 1 day, 10 hours ago |
| MSS | 1 day, 19 hours ago |
| WDC | 1 day, 21 hours ago |
| YYAI | 2 days ago |
| SRCO | 2 days ago |
| MSGE | 2 days, 1 hour ago |
| PFGC | 2 days, 1 hour ago |
| CMPR | 1 week ago |
| LNBY | 1 week ago |
| RMD | 1 week ago |
| CRMT | 1 week, 1 day ago |
| PTON | 1 week, 1 day ago |
| LFCR | 1 week, 1 day ago |
| ATGE | 1 week, 1 day ago |
| OTEX | 1 week, 1 day ago |
| CACI | 1 week, 1 day ago |
| ADP | 1 week, 2 days ago |
| PCTY | 1 week, 2 days ago |
| NWSA | 1 week, 2 days ago |
| FOXA | 1 week, 2 days ago |
| LRN | 1 week, 3 days ago |
| NRUC | 1 week, 3 days ago |
| BR | 1 week, 3 days ago |
| PG | 1 week, 4 days ago |
| RELL | 1 week, 4 days ago |
| CNTM | 1 week, 4 days ago |
| SXI | 1 week, 6 days ago |
| STX | 2 weeks ago |
| TPCS | 2 weeks, 2 days ago |
| MSFT | 2 weeks, 2 days ago |
| APLD | 2 weeks, 2 days ago |
| WOR | 2 weeks, 2 days ago |
| NEOG | 2 weeks, 2 days ago |
| WS | 2 weeks, 3 days ago |
| USAU | 2 weeks, 3 days ago |
| NORD | 2 weeks, 3 days ago |
| MMEX | 2 weeks, 3 days ago |
| GFMH | 2 weeks, 3 days ago |
| VALU | 2 weeks, 3 days ago |
| UUU | 2 weeks, 3 days ago |
