Qualcomm's Robust Cybersecurity Program Protects Employees, Customers and Suppliers
As featured in Qualcomm's 2021 Corporate Responsibility Report
The world has seen a sharp increase in cyberattacks and high-profile security breaches in recent years. These incidents can affect individuals, corporations and other organizations. Qualcomm places a high priority on cybersecurity, not only to protect our employees, customers and business partners, but also to protect our intellectual property, operations and products.
Qualcomm’s Cybersecurity Program is based on the National Institute of Standards and Technology (NIST) Cybersecurity Framework, and is customized to meet our specific needs. We implement a comprehensive set of security policies and technical controls that seek to protect and defend Qualcomm from cyber-attacks. Our Cybersecurity Program is periodically reviewed for maturity and effectiveness by independent third-party firms and is subject to internal audits on a regular basis. We regularly conduct penetration tests to simulate attacks against our network to validate the efficacy of our security controls.
We evaluate our cyber-risk profile through continuous assessment of the cyber-threat landscape and the operation of our cyber vulnerability management program. We use our evaluation of our cyber-risk profile to determine our Cybersecurity Program priorities. We track and measure the Program priorities using an associated cyber risk register, which is updated frequently as new risk information becomes available.
While we seek to protect our IT applications and infrastructure against cyber-attacks, we recognize the importance of maintaining a comprehensive cyber incident response process. Our cyber incident response process is supported by an internal team of cyber-security experts and integrated with business and senior management. We test our cyber incident response processes through table-top exercises and penetration testing and include action items reporting for the identification of continuous improvement opportunities.
Our supplier community is critical to Qualcomm’s success, and we believe in working with our suppliers to ensure they are protected against cyber threats. We operate a supplier cybersecurity assurance program, which is integrated with our procurement processes, to assess and remediate cyber risks across our supplier community. We partner with our suppliers to help them improve their security posture, providing benefits to them and to Qualcomm.
We conduct mandatory cybersecurity training for all employees worldwide to help them better understand cybersecurity threats and our Company’s policies, actions and approach to managing this type of risk. We report on this training in the ESG Performance Summary of this report.
Qualcomm takes security vulnerabilities in our products very seriously, and we strive to address any security-related issues quickly and appropriately. We educate our developers on secure software design and development lifecycle practices and have implemented a range of security controls to detect and address security vulnerabilities across our products. We operate a vulnerability rewards program for invited security researchers designed to improve the security of the Snapdragon family of processors, 5G modems and related technologies and software. We believe in providing robust security features to our customers, and our Secure Processor capability is certified to the Common Criteria (CC) Evaluation Assurance Level (EAL) 4+.
We have a global team of internal experts dedicated to protecting the enterprise from cyber threats. Key elements of our Cybersecurity Program – including key cyber threats and risks – are overseen by our Vice President of Cybersecurity, senior management and the Audit Committee of the Board of Directors through regular reporting and review.
Notably, Qualcomm did not experience any material information security breaches or cybersecurity incidents in 2021. We attribute this success to our strong Cybersecurity Program and supporting risk management activities. We annually report the number of material information security breaches and/or other cybersecurity incidents in the ESG Performance Summary of this report.
Learn more in Qualcomm's 2021 Corporate Responsibility Report