---
ticker: SLB
company: SLB
filing_type: 10-K
year_current: 2024
year_prior: 2023
risks_added: 0
risks_removed: 0
risks_modified: 2
risks_unchanged: 13
source: SEC EDGAR
url: https://riskdiff.com/slb/2024-vs-2023/
markdown_url: https://riskdiff.com/slb/2024-vs-2023/index.md
generated: 2026-05-10
---

# SLB: 10-K Risk Factor Changes 2024 vs 2023

> Source: U.S. Securities and Exchange Commission (EDGAR)  
> Generated: 2026-05-10  
> All data extracted directly from official filings. No hallucinated content.

> **[AI-Generated Summary]** The paragraph below was produced by a language
> model and may contain errors. All other content on this page is deterministically
> extracted from the original SEC filing.

> SLB's risk factor disclosures remained largely stable between 2023 and 2024, with 13 risks carried forward unchanged and no new or removed risk categories. The two substantively modified risks addressed cyber incident threats and public health emergency impacts, indicating SLB refined its disclosure of existing operational vulnerabilities rather than identifying fundamentally new risk exposures.

---

## Summary

| Status | Count |
|--------|-------|
| New risks added | 0 |
| Risks removed | 0 |
| Risks modified | 2 |
| Unchanged | 13 |

---

## Modified: Our operations are subject to cyber incidents that could have a material adverse effect on our business, financial condition, results of operations, and cash flows.

**Key changes:**

- Reworded sentence: "Our success depends in part on our ability to provide effective cyber security protection in connection with our digital technologies and services as well as our internal digital infrastructure."
- Reworded sentence: "Our digital technologies and services, as well as third-party products, services and technologies that we rely on (including emerging technologies, such as artificial intelligence programs), are subject to the risk of cyberattacks and, given the nature of such attacks, some incidents can remain undetected for a period of time despite efforts to detect and respond to them in a timely manner."
- Reworded sentence: "We have experienced and will continue to experience varying degrees of cyber incidents in the normal conduct of our business, including attacks resulting from social engineering such as phishing and ransomware infections."
- Reworded sentence: "This could lead to fewer customers using our digital products and services, which 11 could have a material adverse impact on our financial condition, results of operations, cash flows, and future prospects."

**Prior (2023):**

Our success depends in part on our ability to provide effective data security protection in connection with our digital technologies and services. We rely on information technology networks and systems for internal purposes, including secure data storage, processing, and transmission, as well as in our interactions with our business associates, such as customers and suppliers. We also develop software and other digital products and services that store, retrieve, manipulate, and manage our customers' information and data, external data, personal data, and our own data. Our digital technologies and services, and those of our business associates, are subject to the risk of cyberattacks and, given the nature of such attacks, some incidents can remain undetected for a period of time despite efforts to detect and respond to them in a timely manner. There can be no assurance that the systems we have designed to prevent or limit the effects of cyber incidents or attacks will be sufficient to prevent or detect material consequences arising from such incidents or attacks, or to avoid a material adverse impact on our systems after such incidents or attacks do occur. We have experienced and will continue to experience varying degrees of cyber incidents in the normal conduct of our business, including attacks resulting from phishing emails and ransomware infections. Even if we successfully defend our own digital technologies and services, we 11 also rely on third-party business associates, with whom we may share data and services, to defend their digital technologies and services against attack. Unauthorized access to or modification of, or actions disabling our ability to obtain authorized access to, our customers' data, other external data, personal data, or our own data, as a result of a cyber incident, attack or exploitation of a security vulnerability, could result in significant damage to our reputation or disruption of the services we provide to our customers. In addition, allegations, reports, or concerns regarding vulnerabilities affecting our digital products or services could damage our reputation. This could lead to fewer customers using our digital products and services, which could have a material adverse impact on our financial condition, results of operations or prospects. In addition, if our systems, or our third-party business associates' systems, for protecting against cybersecurity risks prove to be insufficient, we could be adversely affected by, among other things, loss of or damage to intellectual property, proprietary or confidential information, or customer, supplier, or employee data; breach of personal data; interruption of our business operations; increased legal and regulatory exposure, including fines and remediation costs; and increased costs required to prevent, respond to, or mitigate cybersecurity attacks. These risks could harm our reputation and our relationships with our employees, business associates and other third parties, and may result in claims against us.

**Current (2024):**

Our success depends in part on our ability to provide effective cyber security protection in connection with our digital technologies and services as well as our internal digital infrastructure. We operate information technology networks and systems for internal purposes that incorporate third-party software and technologies. We also connect to and exchange data with external networks that may be operated by our customers, suppliers, alliance partners, or other third parties. We provide digital technologies that allow us or our customers to remotely perform wellsite and field operations. We also develop software and other digital products and services that store, retrieve, manipulate, and manage our customers' information and data, external data, personal data, and our own data. Our digital technologies and services, as well as third-party products, services and technologies that we rely on (including emerging technologies, such as artificial intelligence programs), are subject to the risk of cyberattacks and, given the nature of such attacks, some incidents can remain undetected for a period of time despite efforts to detect and respond to them in a timely manner. Cyberattacks are expected to accelerate on a global basis in both frequency and magnitude as threat actors are becoming increasingly sophisticated in using techniques and tools (including artificial intelligence) that circumvent controls, evade detection and even remove forensic evidence of the infiltration. There can be no assurance that the systems we have designed to prevent or limit the effects of cyber incidents or attacks will be sufficient to prevent or detect material consequences arising from such incidents or attacks, or to avoid a material adverse impact on our systems after such incidents or attacks do occur. We have experienced and will continue to experience varying degrees of cyber incidents in the normal conduct of our business, including attacks resulting from social engineering such as phishing and ransomware infections. Even if we successfully defend our own digital technologies and services, we also rely on providers of third-party products, services, and networks, with whom we may share data and services, and who may be unable to effectively defend their digital technologies and services against attack. Unauthorized access to or modification of, or actions disabling our ability to obtain authorized access to, our customers' data, other external data, personal data, or our own data, as a result of a cyber incident, attack or exploitation of a security vulnerability, or loss of control of our clients' operations could result in significant damage to our reputation or disruption of the services we provide to our customers or of our customers' businesses. In addition, allegations, reports, or concerns regarding vulnerabilities affecting our digital products or services could damage our reputation. This could lead to fewer customers using our digital products and services, which 11 could have a material adverse impact on our financial condition, results of operations, cash flows, and future prospects. In addition, if our systems or third-party products, services, and network systems for protecting against cybersecurity risks prove to be insufficient, we could be adversely affected by, among other things, loss of or damage to our intellectual property, proprietary or confidential information; loss of customer, supplier, or our employee data; breach of personal data; interruption of our business operations; disruption of our customers' businesses; increased legal and regulatory exposure, including fines and remediation costs; and increased costs required to prevent, respond to, or mitigate cybersecurity attacks. These risks could harm our reputation and our relationships with our employees, our customers, our suppliers, our alliance partners and other third parties, and may result in claims against us.

---

## Modified: Public health emergencies, such as the COVID-19 pandemic, and resulting adverse economic conditions have had, and may continue to have, a material adverse effect on our financial condition, results of operations, and cash flows.

**Key changes:**

- Reworded sentence: "Public health emergencies, including the COVID-19 pandemic, have caused, and could again cause, a significant reduction in global economic activity, significantly weakening demand for oil and gas, and in turn, demand for our products and services."

**Prior (2023):**

The COVID-19 pandemic caused, and any resurgence of the pandemic could again cause, a significant reduction in global economic activity, significantly weakening demand for oil and gas, and in turn, for our products and services. Other effects of the pandemic included, and may continue to include, significant volatility and disruption of the global financial markets; adverse revenue and net 13 income effects; disruptions to our operations, including suspension or deferral of drilling activities; customer shutdowns of oil and gas exploration and production; downward revisions to customer budgets; limitations on access to sources of liquidity; supply chain disruptions; limitations on access to raw materials; employee impacts from illness; and local and regional closures or lockdowns, including temporary closures of our facilities and the facilities of our customers and suppliers. The extent to which our operating and financial results will continue to be affected by the pandemic will depend on various factors beyond our control, such as the continued severity of the pandemic, including any sustained geographic resurgence; the emergence of new variants and strains of the COVID-19 virus; and the success of actions to contain or treat the virus. COVID-19, and volatile regional and global economic conditions stemming from the pandemic, could also aggravate our other risk factors described in this Form 10-K.

**Current (2024):**

Public health emergencies, including the COVID-19 pandemic, have caused, and could again cause, a significant reduction in global economic activity, significantly weakening demand for oil and gas, and in turn, demand for our products and services. Other effects of public health emergencies have included, and may continue to include, significant volatility and disruption of the global financial markets; adverse revenue and net income effects; disruptions to our operations, including suspension or deferral of drilling activities; customer shutdowns of oil and gas exploration and production; downward revisions to customer budgets; limitations on access to sources of liquidity; supply chain disruptions; limitations on access to raw materials; employee impacts from illness; and local and regional closures or lockdowns, including temporary closures of our facilities and the facilities of our customers and suppliers. The extent to which our operating and financial results will be and may continue to be affected by public health emergencies will depend on various factors beyond our control, such as the continued severity and duration of the public health emergencies, including any sustained geographic resurgence; the emergence of new variants and strains of a contagious disease or virus; and the success of actions to contain or mitigate the effects of the public health emergency. A public health emergency, and volatile regional and global economic conditions stemming from a public health emergency, could also aggravate our other risk factors described in this Form 10-K.

---

*Data sourced from SEC EDGAR. Last updated 2026-05-10.*