WTW: 10-K Risk Factor Changes

Irish law generally provides that a board of directors may allot and issue shares (or rights to subscribe for or convert into shares) if authorized to do so by a company’s constitution or by an ordinary resolution of shareholders. Such authorization may be granted in respect of up to the entirety of a company’s authorized but unissued share capital and for a maximum period of five years, at which point it must be renewed by an ordinary resolution of shareholders. In addition, when an Irish company issues shares for cash to new shareholders, it is generally required first to offer those shares on the same or more favorable terms to existing shareholders on a pro-rata basis. It is possible for such statutory pre-emption rights to be disapplied in a company’s constitution or by a special resolution of shareholders. The Company’s constitution, when originally adopted, authorized our directors to allot shares up to the maximum of the Company’s authorized but unissued share capital and disapplied statutory pre-emption rights for a period of five years. Since the expiry of this initial five-year period, we seek these allotment and pre-emption shareholder authorizations at appropriate levels and intervals. However, if we are unable to obtain these authorizations from our shareholders or are otherwise limited by the terms of our authorizations, then our ability to issue shares under our equity compensation plans and, if applicable, facilitate funding acquisitions or otherwise raise capital could be adversely affected. Additionally, under Irish law, we may only pay dividends and, generally, make share repurchases and redemptions from distributable profits. Distributable profits may be created through the earnings of the Company or other methods (including certain intragroup reorganizations involving the capitalization of the Company’s undistributable profits and their subsequent reduction). While it is our intention to maintain a sufficient level of distributable profits in order to pay dividends on our ordinary shares and make share repurchases, there is no assurance that the Company will maintain the necessary level of distributable profits to do so. ITEM 1B. UNRESOLVED STAFF COMMENTS None. 39 39 ITEM 1C. CYBERSECURITY WTW’s management is responsible for the day-to-day management of risks, and the board, including through its committees, is responsible for understanding and overseeing the various risks facing WTW. As a professional services firm providing advice, broking and solutions in the areas of people, risk and capital, and often involving confidential and sensitive information, cybersecurity risk management is an integral part of our enterprise risk management (‘ERM’) strategy.Cybersecurity Risk Management and StrategyIncreased global cybersecurity vulnerabilities, threats and more sophisticated and targeted cyber-related attacks pose an ongoing risk to the security of our information systems and networks. WTW seeks to manage cybersecurity risks consistent with its general approach to ERM. As further described below, our cybersecurity risk management program is coordinated by cross-functional teams. Technology and cyber risks that meet certain thresholds are escalated and tracked by the ERM team within the WTW Risk function. WTW has been certified by ISO 27001 and identifies, categorizes and manages cyber risks according to frameworks such as SOC 2 - Type 2 and the National Institute of Standards and Technology (‘NIST’) Framework. Additionally, WTW undertakes vulnerability scanning, and engages third parties from time-to-time to conduct penetration testing to help WTW identify and reduce the threat of known and emerging cybersecurity risks.Board Oversight and GovernanceWTW’s board of directors has delegated the oversight of cybersecurity risks to the Risk and Operational Oversight Committee (the ‘Risk Committee’). The Risk Committee assists the board of directors in its oversight of the ERM framework, policies, and practices used by WTW to identify, assess, and manage WTW’s key operational risks, including without limitation: cybersecurity, technology, information security, privacy, and artificial intelligence risk. WTW’s Chief Information Security Officer (‘CISO’) and Global Head of Technology report to the Risk Committee on cybersecurity matters, including key risks. The Risk Committee reports to the board of directors at each formal board meeting and the board of directors discusses those reports.Management Oversight and Governance Management plays an important role in assessing and managing WTW’s material risks from cybersecurity threats. The CISO is responsible for designing and implementing a security program and strategy. WTW's CISO has served in various roles in information technology and information security for over 23 years, including serving as CISO of several public companies. The CISO holds undergraduate and graduate degrees in business. The CISO reports to the Global Head of Technology. WTW’s Global Head of Technology has served in various roles in information technology for over 25 years. The Global Head of Technology holds a graduate degree in business.As part of the WTW cybersecurity program, cross-functional teams throughout WTW, including enterprise risk management, operational resilience, legal, compliance and information security, coordinate to monitor, consider, and, when appropriate, address cybersecurity threats and respond to cybersecurity incidents. Through ongoing communications among these teams, the CISO, the Global Head of Technology, and other members of senior management, as appropriate, are informed about and monitor the prevention, detection, mitigation, and remediation of cybersecurity threats and incidents and escalate such threats and incidents as appropriate through the processes described in more detail below.WTW’s cybersecurity program is an ongoing process designed to identify, assess and manage WTW’s risk exposures over the short-, intermediate- and long-term. Management’s cybersecurity risk management strategy and processes include the following areas of focus:•Incident Response Planning: WTW has a global Information and Cyber Security Incident Response Plan (‘ICSIRP’ or ‘Plan’) for identifying and managing cyber and data security threats. The ICSIRP defines the roles and responsibilities of WTW stakeholders involved in responding to cyber and data security events, severity levels and incident categories, and it outlines a process for incident management, including escalation and communication procedures. •Technical Safeguards: WTW seeks to continuously improve implemented technical safeguards that are designed to protect WTW’s information systems. Standards include controls for access management, cyber threat and incident management, data security, encryption, human resource security, network and device security, secure asset management, secure system development, security operations and third-party security. While WTW seeks to maintain adequate controls, they may not always be effective or at the level of maturity that the Company ultimately wishes to maintain. See Part I, Item 1A Risk Factors under the heading ‘Data and cybersecurity breaches or improper disclosure of confidential company or personal data could result in material financial loss, regulatory actions, reputational harm and/or legal liability’ for more information about WTW’s technical controls, management, mitigation, and security practices as well as the risks related thereto. ITEM 1C. CYBERSECURITY WTW’s management is responsible for the day-to-day management of risks, and the board, including through its committees, is responsible for understanding and overseeing the various risks facing WTW. As a professional services firm providing advice, broking and solutions in the areas of people, risk and capital, and often involving confidential and sensitive information, cybersecurity risk management is an integral part of our enterprise risk management (‘ERM’) strategy.Cybersecurity Risk Management and StrategyIncreased global cybersecurity vulnerabilities, threats and more sophisticated and targeted cyber-related attacks pose an ongoing risk to the security of our information systems and networks. WTW seeks to manage cybersecurity risks consistent with its general approach to ERM. As further described below, our cybersecurity risk management program is coordinated by cross-functional teams. Technology and cyber risks that meet certain thresholds are escalated and tracked by the ERM team within the WTW Risk function. WTW has been certified by ISO 27001 and identifies, categorizes and manages cyber risks according to frameworks such as SOC 2 - Type 2 and the National Institute of Standards and Technology (‘NIST’) Framework. Additionally, WTW undertakes vulnerability scanning, and engages third parties from time-to-time to conduct penetration testing to help WTW identify and reduce the threat of known and emerging cybersecurity risks.Board Oversight and GovernanceWTW’s board of directors has delegated the oversight of cybersecurity risks to the Risk and Operational Oversight Committee (the ‘Risk Committee’). The Risk Committee assists the board of directors in its oversight of the ERM framework, policies, and practices used by WTW to identify, assess, and manage WTW’s key operational risks, including without limitation: cybersecurity, technology, information security, privacy, and artificial intelligence risk. WTW’s Chief Information Security Officer (‘CISO’) and Global Head of Technology report to the Risk Committee on cybersecurity matters, including key risks. The Risk Committee reports to the board of directors at each formal board meeting and the board of directors discusses those reports.Management Oversight and Governance Management plays an important role in assessing and managing WTW’s material risks from cybersecurity threats. The CISO is responsible for designing and implementing a security program and strategy. WTW's CISO has served in various roles in information technology and information security for over 23 years, including serving as CISO of several public companies. The CISO holds undergraduate and graduate degrees in business. The CISO reports to the Global Head of Technology. WTW’s Global Head of Technology has served in various roles in information technology for over 25 years. The Global Head of Technology holds a graduate degree in business.As part of the WTW cybersecurity program, cross-functional teams throughout WTW, including enterprise risk management, operational resilience, legal, compliance and information security, coordinate to monitor, consider, and, when appropriate, address cybersecurity threats and respond to cybersecurity incidents. Through ongoing communications among these teams, the CISO, the Global Head of Technology, and other members of senior management, as appropriate, are informed about and monitor the prevention, detection, mitigation, and remediation of cybersecurity threats and incidents and escalate such threats and incidents as appropriate through the processes described in more detail below.WTW’s cybersecurity program is an ongoing process designed to identify, assess and manage WTW’s risk exposures over the short-, intermediate- and long-term. Management’s cybersecurity risk management strategy and processes include the following areas of focus:•Incident Response Planning: WTW has a global Information and Cyber Security Incident Response Plan (‘ICSIRP’ or ‘Plan’) for identifying and managing cyber and data security threats. The ICSIRP defines the roles and responsibilities of WTW stakeholders involved in responding to cyber and data security events, severity levels and incident categories, and it outlines a process for incident management, including escalation and communication procedures. •Technical Safeguards: WTW seeks to continuously improve implemented technical safeguards that are designed to protect WTW’s information systems. Standards include controls for access management, cyber threat and incident management, data security, encryption, human resource security, network and device security, secure asset management, secure system development, security operations and third-party security. While WTW seeks to maintain adequate controls, they may not always be effective or at the level of maturity that the Company ultimately wishes to maintain. See Part I, Item 1A Risk Factors under the heading ‘Data and cybersecurity breaches or improper disclosure of confidential company or personal data could result in material financial loss, regulatory actions, reputational harm and/or legal liability’ for more information about WTW’s technical controls, management, mitigation, and security practices as well as the risks related thereto. ITEM 1C. CYBERSECURITY WTW’s management is responsible for the day-to-day management of risks, and the board, including through its committees, is responsible for understanding and overseeing the various risks facing WTW. As a professional services firm providing advice, broking and solutions in the areas of people, risk and capital, and often involving confidential and sensitive information, cybersecurity risk management is an integral part of our enterprise risk management (‘ERM’) strategy. WTW’s management is responsible for the day-to-day management of risks, and the board, including through its committees, is responsible for understanding and overseeing the various risks facing WTW. As a professional services firm providing advice, broking and solutions in the areas of people, risk and capital, and often involving confidential and sensitive information, cybersecurity risk management is an integral part of our enterprise risk management (‘ERM’) strategy. As a professional services firm providing advice, broking and solutions in the areas of people, risk and capital, and often involving confidential and sensitive information, cybersecurity risk management is an integral part of our enterprise risk management (‘ERM’) strategy. Cybersecurity Risk Management and Strategy Increased global cybersecurity vulnerabilities, threats and more sophisticated and targeted cyber-related attacks pose an ongoing risk to the security of our information systems and networks. WTW seeks to manage cybersecurity risks consistent with its general approach to ERM. As further described below, our cybersecurity risk management program is coordinated by cross-functional teams. Technology and cyber risks that meet certain thresholds are escalated and tracked by the ERM team within the WTW Risk function. WTW has been certified by ISO 27001 and identifies, categorizes and manages cyber risks according to frameworks such as SOC 2 - Type 2 and the National Institute of Standards and Technology (‘NIST’) Framework. Additionally, WTW undertakes vulnerability scanning, and engages third parties from time-to-time to conduct penetration testing to help WTW identify and reduce the threat of known and emerging cybersecurity risks. WTW undertakes vulnerability scanning, and engages third parties from time-to-time to conduct penetration testing to help WTW identify and reduce the threat of known and emerging cybersecurity risks. Board Oversight and Governance WTW’s board of directors has delegated the oversight of cybersecurity risks to the Risk and Operational Oversight Committee (the ‘Risk Committee’). The Risk Committee assists the board of directors in its oversight of the ERM framework, policies, and practices used by WTW to identify, assess, and manage WTW’s key operational risks, including without limitation: cybersecurity, technology, information security, privacy, and artificial intelligence risk. WTW’s Chief Information Security Officer (‘CISO’) and Global Head of Technology report to the Risk Committee on cybersecurity matters, including key risks. The Risk Committee reports to the board of directors at each formal board meeting and the board of directors discusses those reports.Management Oversight and Governance Management plays an important role in assessing and managing WTW’s material risks from cybersecurity threats. The CISO is responsible for designing and implementing a security program and strategy. WTW's CISO has served in various roles in information technology and information security for over 23 years, including serving as CISO of several public companies. The CISO holds undergraduate and graduate degrees in business. The CISO reports to the Global Head of Technology. WTW’s Global Head of Technology has served in various roles in information technology for over 25 years. The Global Head of Technology holds a graduate degree in business.As part of the WTW cybersecurity program, cross-functional teams throughout WTW, including enterprise risk management, operational resilience, legal, compliance and information security, coordinate to monitor, consider, and, when appropriate, address cybersecurity threats and respond to cybersecurity incidents. Through ongoing communications among these teams, the CISO, the Global Head of Technology, and other members of senior management, as appropriate, are informed about and monitor the prevention, detection, mitigation, and remediation of cybersecurity threats and incidents and escalate such threats and incidents as appropriate through the processes described in more detail below.WTW’s cybersecurity program is an ongoing process designed to identify, assess and manage WTW’s risk exposures over the short-, intermediate- and long-term. Management’s cybersecurity risk management strategy and processes include the following areas of focus:•Incident Response Planning: WTW has a global Information and Cyber Security Incident Response Plan (‘ICSIRP’ or ‘Plan’) for identifying and managing cyber and data security threats. The ICSIRP defines the roles and responsibilities of WTW stakeholders involved in responding to cyber and data security events, severity levels and incident categories, and it outlines a process for incident management, including escalation and communication procedures. •Technical Safeguards: WTW seeks to continuously improve implemented technical safeguards that are designed to protect WTW’s information systems. Standards include controls for access management, cyber threat and incident management, data security, encryption, human resource security, network and device security, secure asset management, secure system development, security operations and third-party security. While WTW seeks to maintain adequate controls, they may not always be effective or at the level of maturity that the Company ultimately wishes to maintain. See Part I, Item 1A Risk Factors under the heading ‘Data and cybersecurity breaches or improper disclosure of confidential company or personal data could result in material financial loss, regulatory actions, reputational harm and/or legal liability’ for more information about WTW’s technical controls, management, mitigation, and security practices as well as the risks related thereto. WTW’s board of directors has delegated the oversight of cybersecurity risks to the Risk and Operational Oversight Committee (the ‘Risk Committee’). The Risk Committee assists the board of directors in its oversight of the ERM framework, policies, and practices used by WTW to identify, assess, and manage WTW’s key operational risks, including without limitation: cybersecurity, technology, information security, privacy, and artificial intelligence risk. WTW’s Chief Information Security Officer (‘CISO’) and Global Head of Technology report to the Risk Committee on cybersecurity matters, including key risks. The Risk Committee reports to the board of directors at each formal board meeting and the board of directors discusses those reports. WTW’s board of directors has delegated the oversight of cybersecurity risks to the Risk and Operational Oversight Committee (the ‘Risk Committee’). The Risk Committee assists the board of directors in its oversight of the ERM framework, policies, and practices used by WTW to identify, assess, and manage WTW’s key operational risks, including without limitation: cybersecurity, technology, information security, privacy, and artificial intelligence risk. WTW’s Chief Information Security Officer (‘CISO’) and Global Head of Technology report to the Risk Committee on cybersecurity matters, including key risks. The Risk Committee reports to the board of directors at each formal board meeting and the board of directors discusses those reports. WTW’s Chief Information Security Officer (‘CISO’) and Global Head of Technology report to the Risk Committee on cybersecurity matters, including key risks. The Risk Committee reports to the board of directors at each formal board meeting and the board of directors discusses those reports. The Risk Committee reports to the board of directors at each formal board meeting and the board of directors discusses those reports. Management Oversight and Governance Management plays an important role in assessing and managing WTW’s material risks from cybersecurity threats. The CISO is responsible for designing and implementing a security program and strategy. WTW's CISO has served in various roles in information technology and information security for over 23 years, including serving as CISO of several public companies. The CISO holds undergraduate and graduate degrees in business. The CISO reports to the Global Head of Technology. WTW’s Global Head of Technology has served in various roles in information technology for over 25 years. The Global Head of Technology holds a graduate degree in business.As part of the WTW cybersecurity program, cross-functional teams throughout WTW, including enterprise risk management, operational resilience, legal, compliance and information security, coordinate to monitor, consider, and, when appropriate, address cybersecurity threats and respond to cybersecurity incidents. Through ongoing communications among these teams, the CISO, the Global Head of Technology, and other members of senior management, as appropriate, are informed about and monitor the prevention, detection, mitigation, and remediation of cybersecurity threats and incidents and escalate such threats and incidents as appropriate through the processes described in more detail below. Management plays an important role in assessing and managing WTW’s material risks from cybersecurity threats. The CISO is responsible for designing and implementing a security program and strategy. WTW's CISO has served in various roles in information technology and information security for over 23 years, including serving as CISO of several public companies. The CISO holds undergraduate and graduate degrees in business. The CISO reports to the Global Head of Technology. WTW’s Global Head of Technology has served in various roles in information technology for over 25 years. The Global Head of Technology holds a graduate degree in business. Management plays an important role in assessing and managing WTW’s material risks from cybersecurity threats. The CISO is responsible for designing and implementing a security program and strategy. WTW's CISO has served in various roles in information technology and information security for over 23 years, including serving as CISO of several public companies. The CISO holds undergraduate and graduate degrees in business. The CISO reports to the Global Head of Technology. WTW’s Global Head of Technology has served in various roles in information technology for over 25 years. The Global Head of Technology holds a graduate degree in business. The CISO reports to the Global Head of Technology. WTW’s Global Head of Technology has served in various roles in information technology for over 25 years. The Global Head of Technology holds a graduate degree in business. As part of the WTW cybersecurity program, cross-functional teams throughout WTW, including enterprise risk management, operational resilience, legal, compliance and information security, coordinate to monitor, consider, and, when appropriate, address cybersecurity threats and respond to cybersecurity incidents. Through ongoing communications among these teams, the CISO, the Global Head of Technology, and other members of senior management, as appropriate, are informed about and monitor the prevention, detection, mitigation, and remediation of cybersecurity threats and incidents and escalate such threats and incidents as appropriate through the processes described in more detail below. As part of the WTW cybersecurity program, cross-functional teams throughout WTW, including enterprise risk management, operational resilience, legal, compliance and information security, coordinate to monitor, consider, and, when appropriate, address cybersecurity threats and respond to cybersecurity incidents. Through ongoing communications among these teams, the CISO, the Global Head of Technology, and other members of senior management, as appropriate, are informed about and monitor the prevention, detection, mitigation, and remediation of cybersecurity threats and incidents and escalate such threats and incidents as appropriate through the processes described in more detail below. As part of the WTW cybersecurity program, cross-functional teams throughout WTW, including enterprise risk management, operational resilience, legal, compliance and information security, coordinate to monitor, consider, and, when appropriate, address cybersecurity threats and respond to cybersecurity incidents. WTW’s cybersecurity program is an ongoing process designed to identify, assess and manage WTW’s risk exposures over the short-, intermediate- and long-term. Management’s cybersecurity risk management strategy and processes include the following areas of focus:•Incident Response Planning: WTW has a global Information and Cyber Security Incident Response Plan (‘ICSIRP’ or ‘Plan’) for identifying and managing cyber and data security threats. The ICSIRP defines the roles and responsibilities of WTW stakeholders involved in responding to cyber and data security events, severity levels and incident categories, and it outlines a process for incident management, including escalation and communication procedures. •Technical Safeguards: WTW seeks to continuously improve implemented technical safeguards that are designed to protect WTW’s information systems. Standards include controls for access management, cyber threat and incident management, data security, encryption, human resource security, network and device security, secure asset management, secure system development, security operations and third-party security. While WTW seeks to maintain adequate controls, they may not always be effective or at the level of maturity that the Company ultimately wishes to maintain. See Part I, Item 1A Risk Factors under the heading ‘Data and cybersecurity breaches or improper disclosure of confidential company or personal data could result in material financial loss, regulatory actions, reputational harm and/or legal liability’ for more information about WTW’s technical controls, management, mitigation, and security practices as well as the risks related thereto. WTW’s cybersecurity program is an ongoing process designed to identify, assess and manage WTW’s risk exposures over the short-, intermediate- and long-term. Management’s cybersecurity risk management strategy and processes include the following areas of focus: •Incident Response Planning: WTW has a global Information and Cyber Security Incident Response Plan (‘ICSIRP’ or ‘Plan’) for identifying and managing cyber and data security threats. The ICSIRP defines the roles and responsibilities of WTW stakeholders involved in responding to cyber and data security events, severity levels and incident categories, and it outlines a process for incident management, including escalation and communication procedures. Incident Response Planning: WTW has a global Information and Cyber Security Incident Response Plan (‘ICSIRP’ or ‘Plan’) for identifying and managing cyber and data security threats. The ICSIRP defines the roles and responsibilities of WTW stakeholders involved in responding to cyber and data security events, severity levels and incident categories, and it outlines a process for incident management, including escalation and communication procedures. •Technical Safeguards: WTW seeks to continuously improve implemented technical safeguards that are designed to protect WTW’s information systems. Standards include controls for access management, cyber threat and incident management, data security, encryption, human resource security, network and device security, secure asset management, secure system development, security operations and third-party security. While WTW seeks to maintain adequate controls, they may not always be effective or at the level of maturity that the Company ultimately wishes to maintain. See Part I, Item 1A Risk Factors under the heading ‘Data and cybersecurity breaches or improper disclosure of confidential company or personal data could result in material financial loss, regulatory actions, reputational harm and/or legal liability’ for more information about WTW’s technical controls, management, mitigation, and security practices as well as the risks related thereto. Technical Safeguards: WTW seeks to continuously improve implemented technical safeguards that are designed to protect WTW’s information systems. Standards include controls for access management, cyber threat and incident management, data security, encryption, human resource security, network and device security, secure asset management, secure system development, security operations and third-party security. While WTW seeks to maintain adequate controls, they may not always be effective or at the level of maturity that the Company ultimately wishes to maintain. See Part I, Item 1A Risk Factors under the heading ‘Data and cybersecurity breaches or improper disclosure of confidential company or personal data could result in material financial loss, regulatory actions, reputational harm and/or legal liability’ for more information about WTW’s technical controls, management, mitigation, and security practices as well as the risks related thereto. 40 40 •Education and Awareness: WTW’s policy requires annual, mandatory privacy and information security training for all WTW colleagues.•Third-Party Risk Management: WTW’s risk management strategy includes a risk management process focused on third-party service providers and other parties with which we engage that is intended to align with the technology security key controls across the organization. •Threat Intelligence: Through its regular monitoring processes, WTW obtains intelligence on cyber threats relevant to the Company at strategic, operational and tactical levels to help inform and reassess its cybersecurity risk management priorities. Material Effects of Cybersecurity IncidentsAlthough we and our vendors regularly experience cybersecurity incidents, we do not believe that risks from cybersecurity threats, including as a result of any previous cybersecurity incidents, have materially affected our business strategy, results of operations or financial condition. However, there is no guarantee that a future cyber incident would not materially affect our business strategy, results of operations or financial condition. To learn more about risks from cybersecurity threats, review the risk factors included in Part I, Item 1A Risk Factors in this Annual Report on Form 10-K, as updated by WTW’s subsequent SEC filings. The risks described in such filings are not the only risks facing WTW. Additional risks and uncertainties not currently known or not currently deemed material may, in the future, materially adversely affect WTW’s business, financial condition or results of operations.ITEM 2. PROPERTIESWe operate offices in many countries throughout the world and believe that our properties are generally suitable and adequate for the purposes for which they are used. The principal properties are located in the United States and the United Kingdom. In addition, we have other offices in various locations, including among others, Europe, Asia, Australia and Latin America. Operations of each of our segments are carried out in owned or leased offices under operating leases that typically do not exceed 10 years in length, except for certain properties in key locations. We do not anticipate difficulty in meeting our space needs at lease expiration.ITEM 3. LEGAL PROCEEDINGS From time to time, we are party to various lawsuits, arbitrations or mediations that arise in the ordinary course of business. The disclosure called for by Item 3 regarding our legal proceedings is incorporated by reference herein from Note 15 — Commitments and Contingencies, within Item 8 in this Annual Report on Form 10-K.ITEM 4. MINE SAFETY DISCLOSURESNot applicable. •Education and Awareness: WTW’s policy requires annual, mandatory privacy and information security training for all WTW colleagues.•Third-Party Risk Management: WTW’s risk management strategy includes a risk management process focused on third-party service providers and other parties with which we engage that is intended to align with the technology security key controls across the organization. •Threat Intelligence: Through its regular monitoring processes, WTW obtains intelligence on cyber threats relevant to the Company at strategic, operational and tactical levels to help inform and reassess its cybersecurity risk management priorities. Material Effects of Cybersecurity IncidentsAlthough we and our vendors regularly experience cybersecurity incidents, we do not believe that risks from cybersecurity threats, including as a result of any previous cybersecurity incidents, have materially affected our business strategy, results of operations or financial condition. However, there is no guarantee that a future cyber incident would not materially affect our business strategy, results of operations or financial condition. To learn more about risks from cybersecurity threats, review the risk factors included in Part I, Item 1A Risk Factors in this Annual Report on Form 10-K, as updated by WTW’s subsequent SEC filings. The risks described in such filings are not the only risks facing WTW. Additional risks and uncertainties not currently known or not currently deemed material may, in the future, materially adversely affect WTW’s business, financial condition or results of operations. •Education and Awareness: WTW’s policy requires annual, mandatory privacy and information security training for all WTW colleagues.•Third-Party Risk Management: WTW’s risk management strategy includes a risk management process focused on third-party service providers and other parties with which we engage that is intended to align with the technology security key controls across the organization. •Education and Awareness: WTW’s policy requires annual, mandatory privacy and information security training for all WTW colleagues.•Third-Party Risk Management: WTW’s risk management strategy includes a risk management process focused on third-party service providers and other parties with which we engage that is intended to align with the technology security key controls across the organization. •Education and Awareness: WTW’s policy requires annual, mandatory privacy and information security training for all WTW colleagues. Education and Awareness: WTW’s policy requires annual, mandatory privacy and information security training for all WTW colleagues. •Third-Party Risk Management: WTW’s risk management strategy includes a risk management process focused on third-party service providers and other parties with which we engage that is intended to align with the technology security key controls across the organization. Third-Party Risk Management: WTW’s risk management strategy includes a risk management process focused on third-party service providers and other parties with which we engage that is intended to align with the technology security key controls across the organization. WTW’s risk management strategy includes a risk management process focused on third-party service providers and other parties with which we engage that is intended to align with the technology security key controls across the organization. •Threat Intelligence: Through its regular monitoring processes, WTW obtains intelligence on cyber threats relevant to the Company at strategic, operational and tactical levels to help inform and reassess its cybersecurity risk management priorities. Threat Intelligence: Through its regular monitoring processes, WTW obtains intelligence on cyber threats relevant to the Company at strategic, operational and tactical levels to help inform and reassess its cybersecurity risk management priorities. Threat Intelligence: Through its regular monitoring processes, WTW obtains intelligence on cyber threats relevant to the Company at strategic, operational and tactical levels to help inform and reassess its cybersecurity risk management priorities.