Annual report pursuant to Section 13 and 15(d)

Cybersecurity Risk Management and Strategy Disclosure

v3.24.4
Cybersecurity Risk Management and Strategy Disclosure
12 Months Ended
Dec. 28, 2024
Cybersecurity Risk Management, Strategy, and Governance [Line Items]  
Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]
We face significant and persistent cybersecurity risks due to: the breadth of geographies, networks, and systems we must defend against cybersecurity attacks; the complexity, technical sophistication, value, and widespread use of our systems, products and processes; the attractiveness of our systems, products, and processes to threat actors (including state-sponsored organizations) seeking to inflict harm on us or our customers; the substantial level of harm that could occur to us and our customers were we to suffer impacts of a material cybersecurity incident; and our use of third-party products, services, and components. We are committed to maintaining robust governance and oversight of cybersecurity risks and to implementing mechanisms, controls, technologies, and processes designed to help us assess, identify, and manage these risks. See "Risk Factors" for more information on our cybersecurity risks and product vulnerability risks. While we have not, as of the date of this Form 10-K, experienced a cybersecurity threat or incident that resulted in a material adverse impact to our business or operations, there can be no guarantee that we will not experience such an incident in the future. We have seen an increase in cyberattack volume, frequency, and sophistication. Our cybersecurity program and governance approach are designed to protect our network and information systems, and we have policies, procedures, processes, and controls in place to identify, manage, and respond to risks from cybersecurity threats. We seek to detect and investigate unauthorized attempts and attacks against our network, products, and services, and to prevent their occurrence and recurrence where practicable through changes or updates to our internal processes and tools and changes or updates to our products and services; however, we remain potentially vulnerable to known or unknown threats. In some instances, we, our suppliers, our customers, and the users of our products and services can be unaware of a threat or incident or its magnitude and effects. Further, there is increasing regulation regarding responses to cybersecurity incidents, including reporting to regulators, which could subject us to additional liability and reputational harm.
We aim to incorporate industry best practices throughout our cybersecurity program. Our cybersecurity program includes written policies, standards, and procedures for information security, product security, and data privacy; is designed to be aligned with applicable industry standards; and is assessed annually by independent third-party auditors. Our cybersecurity strategy focuses on implementing effective and efficient controls, technologies, and other processes to assess, identify, manage, and address material cybersecurity threats, risks, and incidents. These include, among other things: annual and ongoing security awareness training for employees; mechanisms to detect and monitor unusual network activity; and containment and incident response tools. We actively engage with industry groups for benchmarking and awareness of best practices. We monitor issues that are internally discovered or externally reported and have processes to assess those issues for potential cybersecurity impact or risk. We also have a process in place to manage cybersecurity risks associated with third-party service providers. We impose security requirements upon our suppliers, including: maintaining an effective security management program; abiding by information handling and asset management requirements; and notifying us in the event of any known or suspected cyber incident.
Our Board of Directors has ultimate oversight of cybersecurity risk, which it manages as part of our enterprise risk management program. That program is utilized in making decisions with respect to company priorities, resource allocations, and oversight structures. The Board of Directors is assisted by the Audit & Finance Committee, which regularly reviews our cybersecurity program with management and reports to the Board of Directors. Cybersecurity reviews by the Audit & Finance Committee or the Board of Directors generally occur at least twice annually, or more frequently as determined to be necessary or advisable. A number of Intel directors have experience in assessing and managing cybersecurity risk.
Our cybersecurity program is run by our Chief Information Security Officer (CISO), who reports to our Executive Vice President and Chief Technology Officer (CTO). Our CISO is informed about and monitors prevention, detection, mitigation, and remediation efforts through regular communication and reporting from professionals in the information security team—many of whom hold cybersecurity certifications such as a Certified Information Systems Security Professional or Certified Information Security Manager—and through the use of technological tools and software and results from third-party audits. Our CISO and CTO have extensive experience assessing and managing cybersecurity programs and cybersecurity risk. Our CISO has served in that position since 2015 and, before Intel, was the Chief Security Officer at McAfee and the Chief Information Officer and CISO for the US House of Representatives. Our CTO joined Intel in 2021 and was previously Senior Vice President and CTO at VMware, with responsibility for product security. Our CISO and CTO regularly report directly to the Audit & Finance Committee or the Board of Directors on our cybersecurity program and efforts to prevent, detect, mitigate, and remediate issues. In addition, we have an escalation process in place to inform senior management and the Board of Directors of material issues.
Cybersecurity Risk Management Processes Integrated [Flag] true
Cybersecurity Risk Management Processes Integrated [Text Block] Our Board of Directors has ultimate oversight of cybersecurity risk, which it manages as part of our enterprise risk management program. That program is utilized in making decisions with respect to company priorities, resource allocations, and oversight structures.
Cybersecurity Risk Management Third Party Engaged [Flag] true
Cybersecurity Risk Third Party Oversight and Identification Processes [Flag] true
Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag] false
Cybersecurity Risk Board of Directors Oversight [Text Block]
Our Board of Directors has ultimate oversight of cybersecurity risk, which it manages as part of our enterprise risk management program. That program is utilized in making decisions with respect to company priorities, resource allocations, and oversight structures. The Board of Directors is assisted by the Audit & Finance Committee, which regularly reviews our cybersecurity program with management and reports to the Board of Directors. Cybersecurity reviews by the Audit & Finance Committee or the Board of Directors generally occur at least twice annually, or more frequently as determined to be necessary or advisable. A number of Intel directors have experience in assessing and managing cybersecurity risk.
Our cybersecurity program is run by our Chief Information Security Officer (CISO), who reports to our Executive Vice President and Chief Technology Officer (CTO). Our CISO is informed about and monitors prevention, detection, mitigation, and remediation efforts through regular communication and reporting from professionals in the information security team—many of whom hold cybersecurity certifications such as a Certified Information Systems Security Professional or Certified Information Security Manager—and through the use of technological tools and software and results from third-party audits. Our CISO and CTO have extensive experience assessing and managing cybersecurity programs and cybersecurity risk. Our CISO has served in that position since 2015 and, before Intel, was the Chief Security Officer at McAfee and the Chief Information Officer and CISO for the US House of Representatives. Our CTO joined Intel in 2021 and was previously Senior Vice President and CTO at VMware, with responsibility for product security. Our CISO and CTO regularly report directly to the Audit & Finance Committee or the Board of Directors on our cybersecurity program and efforts to prevent, detect, mitigate, and remediate issues. In addition, we have an escalation process in place to inform senior management and the Board of Directors of material issues.
Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block] The Board of Directors is assisted by the Audit & Finance Committee, which regularly reviews our cybersecurity program with management and reports to the Board of Directors.
Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block] Cybersecurity reviews by the Audit & Finance Committee or the Board of Directors generally occur at least twice annually, or more frequently as determined to be necessary or advisable. A number of Intel directors have experience in assessing and managing cybersecurity risk.
Cybersecurity Risk Role of Management [Text Block]
Our cybersecurity program is run by our Chief Information Security Officer (CISO), who reports to our Executive Vice President and Chief Technology Officer (CTO). Our CISO is informed about and monitors prevention, detection, mitigation, and remediation efforts through regular communication and reporting from professionals in the information security team—many of whom hold cybersecurity certifications such as a Certified Information Systems Security Professional or Certified Information Security Manager—and through the use of technological tools and software and results from third-party audits. Our CISO and CTO have extensive experience assessing and managing cybersecurity programs and cybersecurity risk. Our CISO has served in that position since 2015 and, before Intel, was the Chief Security Officer at McAfee and the Chief Information Officer and CISO for the US House of Representatives. Our CTO joined Intel in 2021 and was previously Senior Vice President and CTO at VMware, with responsibility for product security. Our CISO and CTO regularly report directly to the Audit & Finance Committee or the Board of Directors on our cybersecurity program and efforts to prevent, detect, mitigate, and remediate issues. In addition, we have an escalation process in place to inform senior management and the Board of Directors of material issues.
Cybersecurity Risk Management Positions or Committees Responsible [Flag] true
Cybersecurity Risk Management Positions or Committees Responsible [Text Block] Our cybersecurity program is run by our Chief Information Security Officer (CISO), who reports to our Executive Vice President and Chief Technology Officer (CTO). Our CISO is informed about and monitors prevention, detection, mitigation, and remediation efforts through regular communication and reporting from professionals in the information security team—many of whom hold cybersecurity certifications such as a Certified Information Systems Security Professional or Certified Information Security Manager—and through the use of technological tools and software and results from third-party audits.
Cybersecurity Risk Management Expertise of Management Responsible [Text Block] Our CISO and CTO have extensive experience assessing and managing cybersecurity programs and cybersecurity risk. Our CISO has served in that position since 2015 and, before Intel, was the Chief Security Officer at McAfee and the Chief Information Officer and CISO for the US House of Representatives. Our CTO joined Intel in 2021 and was previously Senior Vice President and CTO at VMware, with responsibility for product security.
Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block] Our CISO and CTO regularly report directly to the Audit & Finance Committee or the Board of Directors on our cybersecurity program and efforts to prevent, detect, mitigate, and remediate issues. In addition, we have an escalation process in place to inform senior management and the Board of Directors of material issues.
Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag] true