--- ticker: BR company: Broadridge Financial Solutions Inc. filing_type: 10-K year_current: 2024 year_prior: 2023 risks_added: 0 risks_removed: 0 risks_modified: 1 risks_unchanged: 21 source: SEC EDGAR url: https://riskdiff.com/br/2024-vs-2023/ markdown_url: https://riskdiff.com/br/2024-vs-2023/index.md generated: 2026-05-10 --- # Broadridge Financial Solutions Inc.: 10-K Risk Factor Changes 2024 vs 2023 > Source: U.S. Securities and Exchange Commission (EDGAR) > Generated: 2026-05-10 > All data extracted directly from official filings. No hallucinated content. > **[AI-Generated Summary]** The paragraph below was produced by a language > model and may contain errors. All other content on this page is deterministically > extracted from the original SEC filing. > Broadridge Financial Solutions made minimal structural changes to its risk factor disclosures between 2023 and 2024, with only one risk being substantively modified while 21 risks remained unchanged and no risks were added or removed. The modified cybersecurity risk factor underwent a notable update, reflecting evolving concerns about security breaches, data misappropriation, operational disruption, liability exposure, and reputational harm. This concentrated modification suggests Broadridge addressed specific updates to its cybersecurity risk profile without materially altering the overall risk landscape disclosed to investors. --- ## Summary | Status | Count | |--------|-------| | New risks added | 0 | | Risks removed | 0 | | Risks modified | 1 | | Unchanged | 21 | --- ## Modified: Security breaches or cybersecurity incidents could adversely affect our financial results and ability to operate, could result in personal, confidential or proprietary information being misappropriated, and may cause us to be held liable or suffer harm to our reputation. **Key changes:** - Reworded sentence: "Some of our services are provided through the internet, which increases our exposure to potential cybersecurity incidents." **Prior (2023):** We process and transfer sensitive data, including personal information, valuable intellectual property and other proprietary or confidential data provided to us by our clients, which include financial institutions, public companies, mutual funds, and healthcare companies. We also handle personal information of our employees in connection with their employment. We maintain systems and procedures including encryption, authentication technology, data loss prevention technology, entitlement management, access control and anti-malware software, and transmission of data over private networks to protect against unauthorized access to physical and electronic information, including by cybersecurity attacks. However, information security threats continue to evolve resulting in increased risk and exposure and increased costs to protect against the threat of information security breaches or to respond to or alleviate problems caused by such breaches. In certain circumstances, our third-party vendors may have access to sensitive data including personal information. It is also possible that a third-party vendor could intentionally or inadvertently disclose sensitive data, including personal information. We require our third-party vendors to have appropriate security controls if they have access to the personal information of our clients' customers or our employees. However, despite those safeguards, it is possible that unauthorized individuals could improperly access our systems or those of our vendors, or improperly obtain or disclose the sensitive data including personal information that we or our vendors process or handle. Many of our services are provided through the internet, which increases our exposure to potential cybersecurity attacks. We have experienced cybersecurity threats to our information technology infrastructure and have experienced non-material cybersecurity attacks, attempts to breach our systems and other similar incidents. Future threats could cause harm to our business and our reputation and challenge our ability to provide reliable service, as well as negatively impact our results of operations materially. Our insurance coverage may not be adequate to cover all the costs related to cybersecurity attacks or disruptions resulting from such events. Any unauthorized use or disclosure of certain personal information could put individuals at risk of identity theft and financial or other harm and result in costs to us in investigation, remediation, legal defense and in liability to parties who are financially harmed. We may incur significant costs to protect against the threat of information security breaches or to respond to or alleviate problems caused by such breaches. For example, laws may require notification to regulators, clients or employees and enlisting credit monitoring or identity theft protection in the event of a privacy breach. A cybersecurity attack could also be directed at our systems and result in interruptions in our operations or delivery of services to our clients and their customers. Furthermore, a security breach could cause us to lose revenues, lose clients or cause damage to our reputation. **Current (2024):** We process and transfer sensitive data, including personal information, valuable intellectual property and other proprietary or confidential data provided to us by our clients, which include financial institutions, public companies, mutual funds, and healthcare companies. We also handle personal information of our employees in connection with their employment. Some of our services are provided through the internet, which increases our exposure to potential cybersecurity incidents. Information security threats continue to evolve resulting in increased risk and exposure and increased costs to protect against the threat of information security breaches or to respond to or alleviate problems caused by such breaches. Due to the nature of our products and services, we are subject to the risk of information security incidents, including those impacting our clients and third-party vendors. Failure by our clients or third-party vendors to notify us in a timely manner of cybersecurity incidents impacting their operations could result in unauthorized access to our systems and data and materially affect our business, operations and financial results. In certain circumstances, our third-party vendors may also have access to sensitive data including personal information. It is also possible that a third-party vendor could intentionally or inadvertently disclose such sensitive data. Further, unauthorized individuals could improperly access our systems or those of our vendors, or improperly obtain or disclose the sensitive data including personal information that we or our vendors process or handle. We face ongoing cybersecurity threats to our information technology infrastructure including data loss, data exfiltration, denial of service, and ransomware, among others. We have experienced non-material cybersecurity incidents, attempts to breach our systems and other similar attacks, including incidents affecting our clients and third-party vendors, which if such attacks or attempts are successful in the future could cause harm to our business and our reputation and challenge our ability to provide reliable services, as well as negatively impact our results of operations and financial condition. Any impact on our results of operations and financial condition may be material depending on the scope of the incident. Examples of previous incidents include, but are not limited to, social engineering, phishing, and denial-of-service attacks. In addition, our insurance coverage may not be adequate to cover all the costs related to cybersecurity incidents or disruptions resulting from such events. If we fail to maintain an adequate information security program or implement sufficient security standards, technology or controls to protect against information security incidents or privacy breaches and identify and adapt to emerging security threats and risks, it could cause us to lose revenues, lose clients and/or damage to our reputation. In addition, any unauthorized access to our information technology systems could result in the use, theft, or disclosure of confidential, sensitive, or personal data, destruction or modification of records, interruptions to our operations and delivery of our services and products, installation of malware, and the potential need to pay ransom. As a result, we may incur significant costs to investigate and remediate such incidents, and to protect against future threats to our information security and information technology systems. In addition, such incidents could give rise to legal actions from our clients and/or their customers and regulatory investigations and/or significant penalties and fines. --- *Data sourced from SEC EDGAR. Last updated 2026-05-10.*