riskdiff

Estee Lauder Companies Inc.: 10-K Risk Factor Changes

2023 vs 2022 · SEC EDGAR · 2026-05-10

Other years: 2025 vs 2024 · 2024 vs 2023

⚠ AI-Generated

The summary below was generated by an AI language model and may contain errors or omissions. All other content on this page is deterministically extracted from the original SEC EDGAR filing.

Estee Lauder consolidated four separate information technology and cybersecurity risk disclosures into a single comprehensive risk factor in 2023, reflecting a more integrated approach to IT and data security threats. The company removed its COVID-19 pandemic risk disclosure, indicating it no longer considers pandemic-related impacts a material risk requiring specific disclosure. The supply chain disruption risk was substantively modified, suggesting the company refined its characterization of operational vulnerabilities in this area.

✓ Deterministic extraction — no AI-generated data

Classification is based on semantic text similarity scoring and may include approximations. “No match” means no high-confidence textual match was found — not necessarily that a section was removed.

New Risks

Removed

Modified

Unchanged

🟢 New in Current Filing

The compromise or interruption of, or damage to, our information technology (including our operational technology and websites) by cybersecurity incidents, data security breaches, other security problems, design defects or system failures could have a material negative impact on our business.

Read full text

We rely on information technology that supports our business processes, including research and development, product development, production, distribution, marketing, sales, order processing, consumer experiences, human resource management, finance and internal and external communications throughout the world. We have e-commerce, m-commerce and other Internet websites in the United States and many other countries. We experience cybersecurity incidents of varying degrees on our information technology and, as a result, unauthorized parties have obtained in the past, and may obtain in the future, access to our systems and data (including unauthorized acquisition of such data). As we disclosed on July 18, 2023, and as noted in Part II, Item 7, Management’s Discussion and Analysis of Financial Condition and Results of Operations, an unauthorized third party gained access to some of our systems and data (including unauthorized acquisition of such data), which caused disruption to parts of our business operations and resulted in various expenses for investigation, remediation and other related matters. Cybersecurity incidents at our Company have in the past resulted from, and may in the future result from, social engineering or impersonation of authorized users, and may also result from efforts to discover and exploit design flaws, bugs, security vulnerabilities or security weaknesses, intentional or unintentional acts by employees or other insiders with access privileges, intentional acts of vandalism or fraud by third parties and sabotage. In some instances, efforts to correct vulnerabilities or prevent incidents have in the past and may in the future reduce the functionality or performance of our information technology, which could negatively impact our business. Cybersecurity incidents can be caused by ransomware, distributed denial-of-service attacks, worms, and other malicious software programs or other attacks, including the covert introduction of malware to our information technology, and the use of techniques or processes that change frequently, may be disguised or difficult to detect, or are designed to remain dormant until a triggering event, and may continue undetected for an extended period of time. In addition, some of our suppliers, vendors, service providers, cloud solution providers and customers have in the past experienced, and may in the future experience, such incidents, which could in turn disrupt our business. Insurance policies that may provide coverage with regard to such events may not cover any or all of the resulting financial losses. 22 22 22 Table of Contents Table of Contents As part of our normal business activities, we collect and store certain information that is confidential, proprietary or otherwise sensitive, including personal information of consumers, customers, suppliers, service providers and employees. We share some of this information with certain third parties who assist us with business matters. Moreover, the success of our operations depends upon the secure transmission of confidential, proprietary or otherwise sensitive data, including personal information, over networks. Any unauthorized access or data acquisition, despite security measures in place to protect such data, or other failure on the part of us or third parties to maintain the security of such data could result in business disruption, damage to our reputation, financial obligations to third parties, legal obligations, fines, penalties, regulatory proceedings and private litigation with potentially large costs, and also could result in deterioration in confidence in our Company and other competitive disadvantages, and thus could have a material adverse effect on our business. In addition, a cybersecurity incident could require that we expend significant additional resources on remediation, restoration and enhancement of our information technology.

🔴 No Match in Current Filing

The extent to which the COVID-19 pandemic could materially adversely affect our financial results will depend on future developments that are highly uncertain and difficult to predict.

This section from the 2022 filing does not have a high-confidence textual match in the 2023 filing. It may have been removed, merged, or substantially reworded.

The outbreak and global spread of the COVID-19 pandemic has continued to significantly disrupt our operating environment, including retail stores, travel retail, and the ability of some of our customers to operate. We have also seen shifts in consumer preferences and practices.…

View 2022 text

The outbreak and global spread of the COVID-19 pandemic has continued to significantly disrupt our operating environment, including retail stores, travel retail, and the ability of some of our customers to operate. We have also seen shifts in consumer preferences and practices. Considerable uncertainty remains regarding this pandemic, including responsive measures being taken by various authorities and others. As we continue to monitor COVID-19 developments, including the impacts on our consumers, customers and suppliers, we have taken and will continue to take further measures. Some of the actions we take could adversely impact our business, and there is no certainty that our actions will be sufficient to mitigate the risks and the impacts of COVID-19. The degree to which COVID-19 continues to impact our business will depend on future developments that are highly uncertain and cannot be predicted, many of which are outside our control, including the extent to which there are sustainable improvements in the retail environment and general economic conditions.

🔴 No Match in Current Filing

Our information technology and websites may be susceptible to cybersecurity breaches, outages and other risks.

This section from the 2022 filing does not have a high-confidence textual match in the 2023 filing. It may have been removed, merged, or substantially reworded.

We rely on information technology that supports our business processes, including product development, marketing, sales, order processing, production, distribution, finance and intracompany communications throughout the world. We have e-commerce, m-commerce and other Internet…

View 2022 text

We rely on information technology that supports our business processes, including product development, marketing, sales, order processing, production, distribution, finance and intracompany communications throughout the world. We have e-commerce, m-commerce and other Internet websites in the United States and many other countries. These systems may be susceptible to outages due to fire, floods, power loss, telecommunications failures, break-ins and other events. Our systems and data may be vulnerable to constantly evolving cybersecurity threats such as malware, break-ins and similar disruptions from unauthorized tampering. The occurrence of these or other events could disrupt or damage our information technology, including operational technology, and adversely affect our business. Insurance policies that may provide coverage with regard to such events may not cover any or all of the resulting financial losses. 22 22 22 Table of Contents Table of Contents

🔴 No Match in Current Filing

Failure to adequately maintain the security of our electronic and other confidential information could materially adversely affect our business.

This section from the 2022 filing does not have a high-confidence textual match in the 2023 filing. It may have been removed, merged, or substantially reworded.

We are dependent upon automated information technology processes. As part of our normal business activities, we collect and store certain information that is confidential, proprietary or otherwise sensitive, including personal information with respect to customers, consumers and…

View 2022 text

We are dependent upon automated information technology processes. As part of our normal business activities, we collect and store certain information that is confidential, proprietary or otherwise sensitive, including personal information with respect to customers, consumers and employees. We share some of this information with certain vendors who assist us with business matters. Moreover, the success of our e-commerce and m-commerce operations depends upon the secure transmission of confidential and personal data over public networks, including the use of cashless payments. Any failure on the part of us or our vendors to maintain the security of our confidential data and personal information, including via the penetration of our network security and the misappropriation of confidential and personal information, could result in business disruption, damage to our reputation, financial obligations to third parties, fines, penalties, regulatory proceedings and private litigation with potentially large costs, and also result in deterioration in our employees’, consumers’ and customers’ confidence in us and other competitive disadvantages, and thus could have a material adverse effect on our business. In addition, a security or data privacy breach could require that we expend significant additional resources to enhance our information security systems and could result in a disruption to our operations. Furthermore, third parties, including our suppliers and customers, also rely on information technology and may be subject to cybersecurity breaches that could impact their businesses and could in turn disrupt our supply chain and/or our business.

🔴 No Match in Current Filing

We are subject to risks associated with our global information technology.

This section from the 2022 filing does not have a high-confidence textual match in the 2023 filing. It may have been removed, merged, or substantially reworded.

Our implementation, maintenance and utilization of global information technology, including operational technology, supply chain and finance systems, human resource management systems, creative asset management and retail operating systems, as well as associated hardware and use…

View 2022 text

Our implementation, maintenance and utilization of global information technology, including operational technology, supply chain and finance systems, human resource management systems, creative asset management and retail operating systems, as well as associated hardware and use of cloud-based models, involve risks and uncertainties. Failure to implement, maintain or utilize these and other systems as planned, in terms of timing, specifications, security policies, costs, or otherwise, could have a material adverse effect on our business.

🟡 Modified

A disruption in our operations, including supply chain, could adversely affect our business.

high match confidence

Sentence-level differences:

Reworded sentence: "As a company engaged in manufacturing and distribution on a global scale, we are subject to the risks inherent in such activities."
Removed sentence: "21 21 21 Table of Contents Table of Contents"

Current (2023):

Read full text

As a company engaged in manufacturing and distribution on a global scale, we are subject to the risks inherent in such activities. Such risks include industrial accidents, environmental events, strikes and other labor disputes, capacity constraints, disruptions in ingredient, material or packaging supply, as well as global shortages, disruptions in supply chain or information technology, loss or impairment of key manufacturing or distribution sites or suppliers, product quality control, safety, increase in commodity prices and energy costs, licensing requirements and other regulatory issues, as well as natural disasters, outages due to fire, floods, power loss, telecommunications failures, break-ins and other events or external factors over which we have no control. If such an event were to occur, it could have a material adverse effect on our business. We use a wide variety of direct and indirect suppliers of goods and services from around the world. Some of our products rely on a single or a limited number of suppliers. Changes in the financial or business condition of our suppliers could subject us to losses or adversely affect our ability to bring products to market. Further, the failure of our suppliers to deliver goods and services in sufficient quantities, in compliance with applicable standards, and in a timely manner could adversely affect our customer service levels and overall business. In addition, any increases in the costs of goods and services for our business may adversely affect our profit margins if we are unable to pass along any higher costs in the form of price increases or otherwise achieve cost efficiencies in our operations.

View prior text (2022)

As a company engaged in manufacturing and distribution on a global scale, we are subject to the risks inherent in such activities, including industrial accidents, environmental events, strikes and other labor disputes, capacity constraints, disruptions in ingredient, material or packaging supply, as well as global shortages, disruptions in supply chain or information technology, loss or impairment of key manufacturing or distribution sites or suppliers, product quality control, safety, increase in commodity prices and energy costs, licensing requirements and other regulatory issues, as well as natural disasters and other external factors over which we have no control. If such an event were to occur, it could have a material adverse effect on our business. We use a wide variety of direct and indirect suppliers of goods and services from around the world. Some of our products rely on a single or a limited number of suppliers. Changes in the financial or business condition of our suppliers could subject us to losses or adversely affect our ability to bring products to market. Further, the failure of our suppliers to deliver goods and services in sufficient quantities, in compliance with applicable standards, and in a timely manner could adversely affect our customer service levels and overall business. In addition, any increases in the costs of goods and services for our business may adversely affect our profit margins if we are unable to pass along any higher costs in the form of price increases or otherwise achieve cost efficiencies in our operations. 21 21 21 Table of Contents Table of Contents