---
ticker: HAL
company: Halliburton Company
filing_type: 10-K
year_current: 2024
year_prior: 2023
risks_added: 1
risks_removed: 1
risks_modified: 3
risks_unchanged: 20
source: SEC EDGAR
url: https://riskdiff.com/hal/2024-vs-2023/
markdown_url: https://riskdiff.com/hal/2024-vs-2023/index.md
generated: 2026-05-10
---

# Halliburton Company: 10-K Risk Factor Changes 2024 vs 2023

> Source: U.S. Securities and Exchange Commission (EDGAR)  
> Generated: 2026-05-10  
> All data extracted directly from official filings. No hallucinated content.

> **[AI-Generated Summary]** The paragraph below was produced by a language
> model and may contain errors. All other content on this page is deterministically
> extracted from the original SEC filing.

> Halliburton's risk disclosure remained largely stable, with 20 of 25 risks carried forward unchanged, while three risks were substantively modified to address emerging operational challenges: cybersecurity threats, supply chain constraints for raw materials and power, and tax regulatory exposure. The company relocated its key employee retention risk without material substantive revision, reflecting administrative reorganization rather than strategic shift in risk emphasis.

---

## Summary

| Status | Count |
|--------|-------|
| New risks added | 1 |
| Risks removed | 1 |
| Risks modified | 3 |
| Unchanged | 20 |

---

## New in Current Filing: The loss or unavailability of any of our executive officers or other key employees could have a material adverse effect on our business.

We depend greatly on the efforts of our executive officers and other key employees to manage our operations. The loss or unavailability of any of our executive officers or other key employees could have a material adverse effect on our business. Table of ContentsItem 1(b) | Unresolved Staff Comments Table of ContentsItem 1(b) | Unresolved Staff Comments Table of Contents Item 1(b). Unresolved Staff Comments. None. Item 1(c). Cybersecurity. We maintain a cyber risk management program designed to identify, assess, manage, mitigate, and respond to cybersecurity threats. An analysis of the impact, likelihood, and management preparedness of cybersecurity threats to our strategic priorities is integrated into our enterprise risk management program and enterprise risk assessment process. This provides cross-functional and geographical visibility, as well as executive leadership oversight, to address and mitigate associated risks. We engage our internal IT audit group to audit our information security programs, and the results are reported to our executive management and the Audit Committee of our Board of Directors. We also engage third party firms to identify, assess, and manage cybersecurity risks in alignment with cybersecurity standards, including the National Institute of Standards and Technology (NIST) Cyber Security Framework, NIST 800-53, NIST 800-82, and International Electrotechnical Commission 62443. In managing material risks from cybersecurity threats, we require that a security and technical architecture review is conducted for all new software and applications, and for all changes to the underlying information technology (IT) infrastructure that manages, processes, stores, or transmits our data or data of our customers, vendors, suppliers, joint ventures, or employees. Any deviations from our IT security policies and standards are assessed by our IT Security Governance team. Any critical and high-risk levels that are identified are then documented and reported to relevant key stakeholders. Our policies and procedures also address the oversight, identification, and mitigation of cybersecurity risks associated with our use of third-party service providers. Our policy requires that each third-party service provider go through a mandatory IT Security Governance review and obtain formal approval by our IT Security Governance group before it can be used. We have an Incident Response Plan that defines and documents procedures for assessing, identifying, and managing a cybersecurity incident. This plan requires an Incident Manager to determine whether a cybersecurity incident has occurred and to communicate such findings to the Incident Response Team. In the event there is a cyber security incident, the Incident Manager and the Incident Response Team will assess the cybersecurity incident's impact as the basis for assigning a preliminary severity rating. The Incident Manager then provides the Chief Information Security Officer (CISO) with a summary and preliminary severity rating and the CISO subsequently notifies the Chief Information Officer (CIO) as appropriate. Cyber Incident Response Leadership, which is comprised of the CIO, CISO, and Incident Manager, assesses situational information and business impact to confirm the preliminary severity rating assessment. The CIO and CISO are responsible for communicating incidents to other members of management as appropriate. Were a cybersecurity incident to occur that was determined to be material by our management and Cyber Incident Response Leadership, they would notify our Board of Directors. Should any incidents occur that have a preliminary severity rating of high or critical, our Cyber Incident Response Leadership would confer with our Cybersecurity Disclosure Committee to determine whether to report the cybersecurity incident in our public filings. Aside from more immediate reporting of material incidents to our Board of Directors as described above, our CISO provides our Board of Directors an update on cybersecurity during each of its quarterly meetings. This update includes metrics on the effectiveness of technical and human security controls, cybersecurity training program compliance, internal and third-party cybersecurity incidents, and cybersecurity risks. In addition, our Audit Committee receives a detailed update annually from the CIO and CISO, which includes in-depth updates on our cybersecurity program and strategy including cybersecurity risks. The CIO leads all components of our IT functions. Our CIO has over 40 years of experience with Halliburton and has had numerous global assignments across all areas of IT delivery, operations, and management. Our CISO has served in that role since 2021. Since joining Halliburton in 2010, the CISO has held various leadership roles in IT, including architecture, infrastructure management and security, and enterprise platform management. No unauthorized access to customer, vendor, supplier, joint venture, employee or our data occurred as a result of cybersecurity incidents against us that has had a material adverse effect on our business, operations, or consolidated financial condition. If our systems, or our customers' or suppliers' systems, for protecting against cybersecurity incidents prove to be insufficient, a cybersecurity incident could have a material adverse effect on our business, operations, or consolidated financial condition. See additional information about our cybersecurity risks under General Risk factors in Item1(a) Risk Factors.

---

## No Match in Current: The loss or unavailability of any of our executive officers or other key employees could have a material adverse effect on our business.

*This section from the 2023 filing does not have a high-confidence textual match in 2024. It may have been removed, merged, or substantially reworded.*

We depend greatly on the efforts of our executive officers and other key employees to manage our operations. The loss or unavailability of any of our executive officers or other key employees could have a material adverse effect on our business. Table of ContentsItem 1(b) | Unresolved Staff Comments Table of ContentsItem 1(b) | Unresolved Staff Comments Table of Contents Item 1(b). Unresolved Staff Comments. None.

---

## Modified: Our operations are subject to cyberattacks that could have a material adverse effect on our business, consolidated results of operations, and consolidated financial condition.

**Key changes:**

- Reworded sentence: "We use these technologies for internal and operational purposes, including data storage, processing, and transmissions, as well as in our interactions with customers and suppliers."
- Reworded sentence: "Our digital technologies and services, and those of our customers and suppliers, are subject to the risk of cybersecurity incidents and, given the nature of such incidents, some can remain undetected for a period of time despite efforts to detect and respond to them in a timely manner."

**Prior (2023):**

We are increasingly dependent on digital technologies and services to conduct our business. We use these technologies for internal and operational purposes, including data storage, processing, and transmissions, as well as in our interactions with our business associates, such as customers and suppliers. Examples of these digital technologies include analytics, automation, and cloud services. Our digital technologies and services, and those of our business associates, are subject to the risk of cyberattacks and, given the nature of such attacks, some incidents can remain undetected for a period of time despite efforts to detect and respond to them in a timely manner. We routinely monitor our systems for cyber threats and have processes in place to detect and remediate vulnerabilities. Nevertheless, we have experienced occasional cyberattacks and attempted breaches over the past year, including attacks resulting from phishing emails and malware infections. We responded to and mitigated the impact of these incidents. Even if we successfully defend our own digital technologies and services, we also rely on our business associates, with whom we may share data and services, to defend their digital technologies and services against attack. No known leakage of material financial, technical, or customer data occurred as a result of cyberattacks against us and none of the incidents mentioned above had a material adverse effect on our business, operations, reputation, or consolidated results of operations or consolidated financial condition. If our systems, or our business associates' systems, for protecting against cybersecurity risks prove not to be sufficient, we could be adversely affected by, among other things: loss of or damage to intellectual property, proprietary or confidential information, or customer, supplier, or employee data; interruption of our business operations; and increased costs required to prevent, respond to, or mitigate cybersecurity attacks. These risks could harm our reputation and our relationships with our business associates, customers, employees, and other third parties, and may result in claims against us. In addition, laws and regulations governing cybersecurity, data privacy, and the unauthorized disclosure of confidential or protected information pose increasingly complex compliance challenges, and failure to comply with these laws could result in penalties and legal liability. These risks could have a material adverse effect on our business, consolidated results of operations and consolidated financial condition.

**Current (2024):**

We are increasingly dependent on digital technologies and services to conduct our business. We use these technologies for internal and operational purposes, including data storage, processing, and transmissions, as well as in our interactions with customers and suppliers. Examples of these digital technologies include analytics, automation, and cloud services. Our digital technologies and services, and those of our customers and suppliers, are subject to the risk of cybersecurity incidents and, given the nature of such incidents, some can remain undetected for a period of time despite efforts to detect and respond to them in a timely manner. We routinely monitor our systems for cybersecurity threats and have processes in place to detect and remediate vulnerabilities. Nevertheless, we have experienced occasional cybersecurity incidents and attempted breaches in the past, including attacks resulting from phishing emails and malware infections. We responded to and mitigated the impact of these attacks. Even if we successfully defend our own digital technologies and services, we also rely on our customers and suppliers, with whom we may share data and services, to protect their digital technologies and services from cybersecurity incidents. No unauthorized access to material financial, technical, or customer data occurred as a result of cybersecurity attacks against us and none of the attacks mentioned above had a material adverse effect on our business, operations, reputation, or consolidated results of operations or consolidated financial condition. If our systems, or our customers' or suppliers' systems, for protecting against cybersecurity incidents prove not to be sufficient, we could be adversely affected by, among other things: loss of or damage to intellectual property, proprietary or confidential information, or customer, supplier, or employee data; interruption of our business operations; and increased costs required to prevent, respond to, or mitigate cybersecurity incidents. These risks could harm our reputation and our relationships with our customers, employees, suppliers and other third parties, and may result in claims against us. In addition, laws and regulations governing cybersecurity incidents, data privacy, and the unauthorized disclosure of confidential or protected information pose increasingly complex compliance challenges, and failure to comply with these laws could result in penalties and legal liability. These risks could have a material adverse effect on our business, consolidated results of operations and consolidated financial condition.

---

## Modified: Constraints in the supply of, prices for, and availability of transportation of raw materials and electric power could have a material adverse effect on our business and consolidated results of operations.

**Key changes:**

- Reworded sentence: "Our business depends on the supply and availability of raw and essential materials."
- Reworded sentence: "In addition, as we increase the roll-out of our Zeus electric fracturing systems, we might face challenges to source sufficient electric power or there might not be adequate infrastructure to support the operation of our systems."

**Prior (2023):**

Raw materials essential to our operations and manufacturing, such as proppants (primarily sand), chemicals, metals, and gels, are normally readily available. Shortage of raw materials as a result of high levels of demand or loss of suppliers during market challenges can trigger constraints in the supply chain of those raw materials, particularly where we have a relationship with a single supplier for a particular resource. Many of the raw materials essential to our business require the use of rail, storage, and trucking services to transport the materials to our job sites. These services, particularly during times of high demand, may cause delays in the arrival of or otherwise constrain our supply of raw materials. These constraints could have a material adverse effect on our business and consolidated results of operations. In addition, price increases imposed by our vendors for raw materials and transportation providers used in our business, and the inability to pass these increases through to our customers, could have a material adverse effect on our business and consolidated results of operations.

**Current (2024):**

Our business depends on the supply and availability of raw and essential materials. Raw materials essential to our operations and manufacturing, such as sand, chemicals, metals, gels, and electronic components (circuit boards), are normally readily available. Shortage of raw materials as a result of high levels of demand or loss of suppliers during market challenges can trigger constraints in the supply chain of those raw materials, particularly where we have a relationship with a single supplier for a particular resource. Many of the raw materials essential to our business require the use of rail, storage, and trucking services to transport the materials to our job sites. These services, particularly during times of high demand, may cause delays in the arrival of or otherwise constrain our supply of raw materials. In addition, as we increase the roll-out of our Zeus electric fracturing systems, we might face challenges to source sufficient electric power or there might not be adequate infrastructure to support the operation of our systems. These constraints on raw materials and electric power could have a material adverse effect on our business and consolidated results of operations. In addition, price increases imposed by our vendors for raw materials and transportation providers used in our business could have a material adverse effect on our business and consolidated results of operations if we are unable pass these increases through to our customers.

---

## Modified: We could be subject to changes in our tax rates, the adoption of new tax legislation, tax audits, or exposure to additional tax liabilities that could have a material adverse effect on our business, consolidated results of operations, and consolidated financial condition.

**Key changes:**

- Reworded sentence: "Our tax returns are subject to examination by the U.S."
- Reworded sentence: "federal income tax filings for tax years 2016 through 2022 are currently under review or remain open for review by the IRS."

**Prior (2023):**

We are subject to taxes in the U.S. and numerous jurisdictions where we operate and our subsidiaries are organized. Due to economic and political conditions, tax rates in the U.S. and other jurisdictions may be subject to significant change. In addition, our tax returns are subject to examination by the U.S. and other tax authorities and governmental bodies. We regularly assess the likelihood of an adverse outcome resulting from these examinations to determine the adequacy of our provision for taxes. There can be no assurance as to the outcome of the examinations. An increase in tax rates, particularly in the U.S., changes in our ability to realize our deferred tax assets, or adverse outcomes resulting from examinations of our tax returns could have a material adverse effect on our business, consolidated results of operations, and consolidated financial condition.

**Current (2024):**

We are subject to taxes in the U.S. and numerous jurisdictions where we operate and our subsidiaries are organized. Due to economic and political conditions, tax rates in the U.S. and other jurisdictions may be subject to significant change. Our tax returns are subject to examination by the U.S. Internal Revenue Service (IRS) and other tax authorities and governmental bodies. We regularly assess the likelihood of an adverse outcome resulting from these examinations to determine the adequacy of our provision for taxes. Our U.S. federal income tax filings for tax years 2016 through 2022 are currently under review or remain open for review by the IRS. As of December 31, 2023, the primary unresolved issue for the IRS audit for 2016 relates to the classification of the $3.5 billion ordinary deduction that we claimed for the termination fee we paid to Baker Hughes in the second quarter of 2016 for which we received a Notice of Proposed Adjustment (NOPA) from the IRS on September 28, 2023. In December 2023, we initiated the IRS administrative appeals process and we do not expect a final resolution of the NOPA in the next 12 months. There can be no assurance as to the outcome of the NOPA or other tax examinations and audits. Adverse outcomes resulting from examinations of our tax returns, including the NOPA, an increase in tax rates in a jurisdiction where we generate substantial income, particularly in the U.S., or changes in our ability to realize our deferred tax assets could have a material adverse effect on our business, consolidated results of operations, and consolidated financial condition.

---

*Data sourced from SEC EDGAR. Last updated 2026-05-10.*