What changed in IBM's 10-K — 2024 vs 2025
vs
Paragraph-level year-over-year comparison of IBM's 2024 and 2025 10-K annual filings, covering the Business, Risk Factors, Legal Proceedings, Cybersecurity, MD&A and Market Risk sections. Every new, removed and edited paragraph is highlighted side-by-side so you can see exactly what management changed in the 2025 report.
+64 added−60 removedSource: 10-K (2026-02-24) vs 10-K (2025-02-25)
Top changes in IBM's 2025 10-K
64 paragraphs added · 60 removed · 57 edited across 6 sections
- Item 1. Business+24 / −23 · 22 edited
- Item 1A. Risk Factors+18 / −18 · 17 edited
- Item 1C. Cybersecurity+14 / −12 · 11 edited
- Item 5. Market for Registrant's Common Equity+5 / −4 · 4 edited
- Item 2. Properties+2 / −2 · 2 edited
Item 1. Business
Business — how the company describes what it does
22 edited+2 added−1 removed56 unchanged
Item 1. Business
Business — how the company describes what it does
22 edited+2 added−1 removed56 unchanged
2024 filing
2025 filing
Biggest changeRisks from Investing in Growth Opportunities Could Impact the Company’s Business: The company continues to invest significantly in key strategic areas, including AI and generative AI, to drive revenue growth and market share gains. Client adoption rates and viable economic models are less certain in the high-value, highly competitive, and rapidly-growing segments.
Biggest changeClient adoption rates and viable economic models are less certain in the high-value, highly competitive, and rapidly-growing segments. Additionally, emerging business and delivery models may unfavorably impact demand and profitability for our other products or services.
Failure of Innovation Initiatives Could Impact the Long-Term Success of the Company: IBM has moved into areas, including those that incorporate or utilize hybrid cloud, AI and generative AI, quantum and other disruptive technologies, in which it can differentiate itself through responsible innovation, by leveraging its investments in R&D and attracting a successful developer ecosystem.
Failure of Innovation Initiatives Could Impact the Long-Term Success of the Company: IBM has moved into areas, including those that incorporate or utilize hybrid cloud, AI, quantum and other disruptive technologies, in which it can differentiate itself through responsible innovation, by leveraging its investments in R&D and attracting a successful developer ecosystem.
Business Segments and Capabilities—pages 12 to 14. Human Capital—pages 14 to 15. Strategic Partnerships We proactively partner with a broad variety of companies including hyperscalers, service providers, global system integrators, and software and hardware vendors. We work alongside our partners to deliver end-to-end solutions that address our clients’ complex business challenges while accelerating growth.
Business Segments and Capabilities—pages 12 to 14. Human Capital—page 15. Strategic Partnerships We proactively partner with a broad variety of companies including hyperscalers, service providers, global system integrators, and software and hardware vendors. We work alongside our partners to deliver end-to-end solutions that address our clients’ complex business challenges while accelerating growth.
Additionally, IBM is investing in and offering new products and services associated with AI development, deployment and management. As stated more comprehensively and in context of several risk factors throughout this
Additionally, IBM is investing in and offering new products and services associated with AI development, deployment, governance, and management. As stated more comprehensively and in context of several risk factors throughout this
Our offerings draw from leading IBM capabilities in software, consulting services capability to deliver business outcomes, and deep incumbency in mission-critical infrastructure, all bolstered by one of the world’s leading research organizations. The following information is included in IBM’s 2024 Annual Report to Stockholders and is incorporated by reference: IBM Strategy—pages 11 to 12.
Our offerings draw from leading IBM capabilities in software, consulting services capability to deliver business outcomes, and deep incumbency in mission-critical infrastructure, all bolstered by one of the world’s leading research organizations. The following information is included in IBM’s 2025 Annual Report to Stockholders and is incorporated by reference: IBM Strategy—pages 11 to 12.
“Risk Factors” on pages 3 to 9 are cautionary statements that accompany those forward-looking statements. Readers should carefully review such cautionary statements as they identify certain important factors that could cause actual results to differ materially from those in the forward-looking statements and from historical trends.
“Risk Factors” on pages 3 to 10 are cautionary statements that accompany those forward-looking statements. Readers should carefully review such cautionary statements as they identify certain important factors that could cause actual results to differ materially from those in the forward-looking statements and from historical trends.
The company’s most critical accounting estimates are described in the Management Discussion in IBM’s 2024 Annual Report to Stockholders, under “Critical Accounting Estimates.” In addition, as discussed in note Q, “Commitments & Contingencies,” in IBM’s 2024 Annual Report to Stockholders, the company makes certain estimates including decisions related to legal proceedings and reserves.
The company’s most critical accounting estimates are described in the Management Discussion in IBM’s 2025 Annual Report to Stockholders, under “Critical Accounting Estimates.” In addition, as discussed in note Q, “Commitments & Contingencies,” in IBM’s 2025 Annual Report to Stockholders, the company makes certain estimates including decisions related to legal proceedings and reserves.
Our hybrid cloud and AI platforms allow clients to realize their digital and AI transformations across the applications, data, and environments in which they operate. The principal competitors in this segment include: Alphabet (Google), Amazon, BMC, Broadcom, Informatica, Microsoft, Oracle, Salesforce, SAP and Splunk. We also compete with smaller, niche competitors in specific geographic regions or product segments.
Our hybrid cloud and AI platforms allow clients to realize their digital and AI transformations across the applications, data, and environments in which they operate. The principal competitors in this segment include: Alphabet (Google), Amazon, BMC, Broadcom, Microsoft, Oracle, Salesforce, SAP and Splunk, a CISCO Company. We also compete with smaller, niche competitors in specific geographic regions or product segments.
In addition, as global opportunities and industry demand shifts, realignment, training and scaling of skilled resources may not be sufficiently rapid or successful. Further, many of IBM’s key employees receive a total compensation package that includes equity awards.
In addition, as global opportunities and industry demand shifts, realignment, training and scaling of skilled resources may not be sufficiently rapid or successful. Further, many of IBM’s 5 Table of Contents key employees receive a total compensation package that includes equity awards.
The Development and Use of AI and Generative AI, including the Company’s Increased Offerings and Use of AI-based Technologies, Could Impact the Long-Term Success of the Company and its Reputation or Give Rise to Legal or Regulatory Action: IBM is increasingly applying AI-based technologies, including generative AI, to its services and products, to how it delivers offerings to IBM clients, and to its own internal operations.
The Development and Use of AI, including the Company’s Increased AI Solutions and Use of AI Technologies, Could Impact the Long-Term Success of the Company and its Reputation or Give Rise to Legal or Regulatory Action: IBM is increasingly applying AI technologies to its services and products, to how it delivers solutions to IBM clients, and to its own internal operations.
Any new regulations, volatility in the 5 Table of Contents stock market and other factors could diminish the company’s use or the value of the company’s equity awards, putting the company at a competitive disadvantage.
Any new regulations, volatility in the stock market and other factors could diminish the company’s use or the value of the company’s equity awards, putting the company at a competitive disadvantage.
Additionally, emerging business and delivery models may unfavorably impact demand and profitability for our other products or services. If the company does not adequately and timely anticipate and respond to changes in customer and market preferences, competitive actions, disruptive technologies, emerging business models and ecosystems, the client demand for our products or services may decline or IBM’s costs may increase.
If the company does not adequately and timely anticipate and respond to changes in customer and market preferences, competitive actions, disruptive technologies, emerging business models and ecosystems, the client demand for our products or services may decline or IBM’s costs may increase.
We gain advantage and differentiation through investments in higher-value capabilities, including security, scalability, and reliability, designed especially for mission-critical and AI workloads. In addition, we offer a portfolio of life-cycle services for hybrid cloud infrastructure deployment.
Infrastructure: IBM is well positioned in the growing hybrid cloud infrastructure market, providing on-premises and cloud-based server and storage solutions. We gain advantage and differentiation through investments in higher-value capabilities, including security, scalability, and reliability, designed especially for mission-critical and AI workloads. In addition, we offer a portfolio of life-cycle services for hybrid cloud infrastructure deployment.
Those cautionary statements are not exclusive and are in addition to other factors discussed elsewhere in this Form 10-K, in the company’s filings with the SEC or in materials incorporated therein by reference. 2 Table of Contents The following information is included in IBM’s 2024 Annual Report to Stockholders and is incorporated herein by reference: Segment information and revenue by classes of similar products or services—pages 69 to 74.
Those 2 Table of Contents cautionary statements are not exclusive and are in addition to other factors discussed elsewhere in this Form 10-K, in the company’s filings with the SEC or in materials incorporated therein by reference.
Further, international trade disputes could create uncertainty. Tariffs and international trade sanctions resulting from these disputes could affect the company’s ability to move goods and services across borders, or could impose added costs to those activities. Measures taken to date by the company to mitigate these impacts could be made less effective should trade sanctions or tariffs change.
Further, international trade disputes could create uncertainty. Tariffs, international trade sanctions, and export controls on goods, technologies, inputs, and raw materials resulting from these disputes could affect the company’s ability to move goods and services across borders, or could impose added costs to those activities.
Cohn, has been an executive of IBM or its subsidiaries during the past five years. Ms. Robinson previously served as Managing Director, General Counsel and Corporate Secretary of The Vanguard Group, Inc. and Secretary of the Vanguard funds from August 2016 until June 2024. Mr.
Robinson previously served as Managing Director, General Counsel and Corporate Secretary of The Vanguard Group, Inc. and Secretary of the Vanguard funds from August 2016 until June 2024. Item 1A.
If the 3 Table of Contents company’s brand image is tarnished by negative perceptions, its ability to attract and retain customers, talent and ecosystem partners could be impacted.
If the 3 Table of Contents company’s brand image is tarnished by negative perceptions, its ability to attract and retain customers, talent and ecosystem partners could be impacted. Risks from Investing in Growth Opportunities Could Impact the Company’s Business: The company continues to invest significantly in key strategic areas, including AI, to drive revenue growth and market share gains.
Cohn, Vice Chairman 64 2021 Nicolas A. Fehring, Vice President and Controller 46 2023 James J. Kavanaugh, Senior Vice President, Finance and Operations, and Chief Financial Officer 58 2008 Nickle J. LaMoreaux, Senior Vice President and Chief Human Resources Officer 45 2020 Anne Robinson, Senior Vice President and Chief Legal Officer 54 2024 Robert D.
Kavanaugh, Senior Vice President, Finance and Operations, and Chief Financial Officer 59 2008 Nickle J. LaMoreaux, Senior Vice President and Chief Human Resources Officer 46 2020 Anne Robinson, Senior Vice President and Chief Legal Officer 55 2024 Robert D. Thomas, Senior Vice President, Software and Chief Commercial Officer 51 2023 (1) Member of the Board of Directors.
Consulting: Consulting focuses on integrating skills on strategy, experience, technology and operations by domain and industry. Consulting competes in a dynamic market including consulting, systems integration, application development, application management and business process outsourcing services.
Consulting: Consulting integrates strategy, experience design, technology and operations expertise by domain across industries to deliver transformation for clients. Consulting operates in a highly competitive, dynamic market that spans business consulting, systems integration, application development and management, and business process outsourcing services.
Thomas, Senior Vice President, Software and Chief Commercial Officer 50 2023 (1) Member of the Board of Directors. All executive officers are elected by the Board of Directors annually as provided in the Company’s By-laws. Each executive officer named above, with the exception of Anne Robinson and Gary D.
All executive officers are elected by the Board of Directors annually as provided in the Company’s By-laws. Each executive officer named above, with the exception of Anne Robinson, has been an executive of IBM or its subsidiaries during the past five years. Ms.
Financial information regarding environmental activities—pages 94 to 95. The number of persons employed by the registrant—page 14. The management discussion overview—pages 8 to 10. Website information and company reporting—page 123. Information About Our Executive Officers (at February 25, 2025): Age Officer since Arvind Krishna, Chairman of the Board, President and Chief Executive Officer (1) 62 2020 Gary D.
Website information and company reporting—page 118. Information About Our Executive Officers (at February 24, 2026): Age Officer since Arvind Krishna, Chairman of the Board, President and Chief Executive Officer (1) 63 2020 Gary D. Cohn, Vice Chairman 65 2021 Nicolas A. Fehring, Vice President and Controller 47 2023 James J.
Our broad-based competitors include: Accenture, Capgemini, India-based service providers, management consulting firms, the consulting practices of public accounting firms, engineering service providers, and many companies that primarily focus on local markets or niche service areas. Infrastructure: IBM is well positioned in the growing hybrid cloud infrastructure market, providing on-premises and cloud-based server and storage solutions.
Our competitors include global firms such as Accenture, Capgemini, India-based service providers, management consulting firms, the consulting practices of public accounting firms, engineering service providers, and niche specialists. Our competitive position is supported by industry expertise; hybrid cloud, data, and AI capabilities; and the use of IBM technology and ecosystem partners to deliver solutions aligned to clients’ strategic priorities.
Removed
Cohn previously served as Assistant to the President for Economic Policy and Director of the National Economic Council from January 2017 until April 2018. Before serving in the White House, Mr. Cohn was President and Chief Operating Officer of The Goldman Sachs Group, Inc. from 2006-2016. Item 1A.
Added
The following information is included in IBM’s 2025 Annual Report to Stockholders and is incorporated herein by reference: Segment information and revenue by classes of similar products or services—pages 65 to 68. Financial information regarding environmental activities—pages 92 to 93. The number of persons employed by the registrant—page 15. The management discussion overview—pages 8 to 10.
Added
Measures taken to date by the company to mitigate these impacts could be made less effective should trade sanctions, export controls, or tariffs change.
Item 1A. Risk Factors
Risk Factors — what could go wrong, per management
17 edited+1 added−1 removed41 unchanged
Item 1A. Risk Factors
Risk Factors — what could go wrong, per management
17 edited+1 added−1 removed41 unchanged
2024 filing
2025 filing
Biggest changeItem 1A., this increasing mix and application of AI-based technologies may impact IBM’s ongoing efforts to maintain and increase its market share and its profit margins or harm IBM’s reputation if the company does not continue to be recognized as an AI leader with strong governance processes.
Biggest changeItem 1A., if the company does not continue to be recognized as an AI leader with strong governance processes or if our AI technologies do not work as intended or produce unexpected outcomes, IBM’s ongoing efforts to maintain and increase its market share and its profit margins, its reputation, and its competitiveness could be harmed.
The company’s products, services, systems and networks, including cloud-based systems and systems and technologies that the company maintains on behalf of its customers, are used in critical company, customer or third-party operations, and involve the storage, processing and transmission of sensitive data, including valuable intellectual property, other proprietary or confidential data, regulated data, and personal information of employees, customers and others.
The company’s products, services, systems and networks, including cloud-based systems and systems and technologies that the company maintains on behalf of its customers, are used in critical company, customer or third-party operations, and involve the storage, processing and transmission of sensitive data, including valuable intellectual property, other proprietary or confidential data, and regulated data including personal information of employees, customers and others.
We do not expect climate change or compliance with environmental laws and regulations focused on climate change to have a disproportionate effect on the company or its financial position, results of operations and competitive position.
We do not expect climate change or compliance with environmental laws and regulations focused on climate change or environmental protection to have a disproportionate effect on the company or its financial position, results of operations and competitive position.
The enactment and expansion of cybersecurity, AI, data protection and privacy laws, regulations and standards around the globe will continue to result in increased compliance costs, including due to an increased focus on international data transfer mechanisms and data location; increased cybersecurity requirements and reporting obligations; the lack of harmonization of such laws and regulations; the increase in associated litigation and enforcement activity by governments and private parties; the potential for damages, fines and penalties and debarment; and the potential regulation of new and emerging technologies.
The enactment and expansion of cybersecurity and data protection laws, regulations and standards around the globe will continue to result in increased compliance costs, including due to an increased focus on international data transfer mechanisms and data location; increased cybersecurity requirements and reporting obligations; the lack of harmonization of such laws and regulations; the increase in associated litigation and enforcement activity by governments and private parties; the potential for damages, fines and penalties and debarment; and the potential regulation of new and emerging technologies.
Cybersecurity attacks or other security incidents, including industry-wide incidents such as MOVEit, have or could result in, for example, one or more of the following: unauthorized access to, disclosure, modification, misuse, loss, or destruction of company, customer, or other third-party data or systems; theft or import or export of sensitive, regulated, or confidential data including personal information and intellectual property, including key innovations in AI, quantum, or other disruptive technologies; the loss of access to critical data or systems through ransomware, crypto mining, destructive attacks or other means; and business delays, service or system disruptions or denials of service.
Cybersecurity attacks or other security incidents, including industry-wide incidents, have or could result in, for example, one or more of the following: unauthorized access to, disclosure, modification, misuse, loss, or destruction of company, customer, or other third-party data or systems; theft or import or export of sensitive, regulated, or confidential data including personal information and intellectual property, including key innovations in AI, quantum, or other disruptive technologies; the loss of access to critical data or systems through ransomware, crypto mining, destructive attacks or other means; and business delays, service or system disruptions or denials of service.
Computer hackers and others routinely attack the security of technology products, services, systems and networks, like those we offer, using a wide variety of methods, including ransomware or other malicious software and attempts to exploit vulnerabilities in hardware, software, and infrastructure, and the increased use of generative AI may introduce novel methods of attack.
Computer hackers and others routinely attack the security of technology products, services, systems and networks, like those we offer, using a wide variety of methods, including ransomware or other malicious software and attempts to exploit vulnerabilities in hardware, software, and infrastructure, and the increased use of AI technologies may introduce novel methods of attack.
Premium increases could be significant due to the level of insolvencies of unrelated companies in the country at issue. IBM’s 2024 Annual Report to Stockholders includes information about potential impacts from pension funding and the use of certain assumptions regarding pension matters.
Premium increases could be significant due to the level of insolvencies of unrelated companies in the country at issue. IBM’s 2025 Annual Report to Stockholders includes information about potential impacts from pension funding and the use of certain assumptions regarding pension matters.
The risks associated with such legal proceedings are described in more detail in note Q, “Commitments & Contingencies,” in IBM’s 2024 Annual Report to Stockholders. The company believes it has adopted appropriate risk management and compliance programs.
The risks associated with such legal proceedings are described in more detail in note Q, “Commitments & Contingencies,” in IBM’s 2025 Annual Report to Stockholders. The company believes it has adopted appropriate risk management and compliance programs.
The company’s earnings and cash flows, as well as its access to funding, could be negatively impacted by changes in market liquidity conditions. IBM’s 2024 Annual Report to Stockholders includes information about the company’s liquidity position.
The company’s earnings and cash flows, as well as its access to funding, could be negatively impacted by changes in market liquidity conditions. IBM’s 2025 Annual Report to Stockholders includes information about the company’s liquidity position.
Since the market price of IBM’s common stock fluctuates significantly, stockholders may not be able to sell the company’s stock at attractive prices. In addition, changes by any rating agency to the company’s outlook or credit ratings can negatively impact the value and liquidity of both the company’s debt and equity securities.
Since the market price of IBM’s common stock fluctuates significantly, stockholders may not be able to sell the company’s stock at attractive prices. 9 Table of Contents In addition, changes by any rating agency to the company’s outlook or credit ratings can negatively impact the value and liquidity of both the company’s debt and equity securities.
As a global enterprise, the regulatory environment with regard to cybersecurity, privacy, AI and data protection issues is increasingly complex and will continue to impact the company’s business, including through increased risk, increased costs, and expanded or otherwise altered compliance obligations, including with respect to the increased regulatory activity around the security of critical infrastructure, IoT devices, customer industries (e.g., financial services) and various customer and government supply chain security programs.
As a global enterprise, the regulatory environment with regard to cybersecurity and data protection issues is increasingly complex and will continue to impact the company’s business, including through increased risk, increased costs, and expanded or otherwise altered compliance obligations, including with respect to the increased regulatory activity around the security of critical infrastructure, connected devices, customer industries (e.g., financial services) and various customer and government supply chain security programs.
The company does not make a market in either its debt or equity securities and cannot provide any assurances with respect to the liquidity or value of such securities. 9 Table of Contents Item 1B. Unresolved Staff Comments: Not applicable.
The company does not make a market in either its debt or equity securities and cannot provide any assurances with respect to the liquidity or value of such securities. Item 1B. Unresolved Staff Comments: Not applicable.
Attacks also include social engineering and cyber extortion to induce customers, contractors, business partners, vendors, employees and other third parties to disclose information, transfer funds, or unwittingly provide access to systems or data.
Attacks may also include social engineering and cyber extortion to induce customers, contractors, business partners, vendors, employees and other third parties to disclose information, transfer funds, or provide unauthorized access to systems or data.
In addition, the failure of ecosystem partners to comply with all applicable laws and regulations may prevent the company from working with them and could subject the company to losses and affect its ability to bring products to market. 6 Table of Contents Risks Related to Cybersecurity and Data Privacy Cybersecurity, Privacy, and AI Considerations Could Impact the Company’s Business: There are numerous and evolving risks to cybersecurity and privacy, including risks originating from intentional acts of individual and groups of criminal hackers, hacktivists, state-sponsored organizations, nation states and competitors; from intentional and unintentional acts or omissions of customers, contractors, business partners, vendors, employees and other third parties; and from errors in processes or technologies, as well as the risks associated with an increase in the number of customers, contractors, business partners, vendors, employees and other third parties working remotely.
In addition, the failure of ecosystem partners to comply with all applicable laws and regulations may prevent the company from working with them and could subject the company to losses and affect its ability to bring products to market. 6 Table of Contents Risks Related to Cybersecurity and Data Protection Cybersecurity and Data Protection Considerations Could Impact the Company’s Business: There are numerous and evolving risks to cybersecurity and data protection, including risks originating from intentional acts of individual and groups of criminal hackers, hacktivists, state-sponsored organizations, nation states and competitors; from intentional and unintentional acts or omissions, including the practices and investments, of customers, contractors, business partners, vendors, the open source community, the companies we acquire, employees and other third parties; and from errors in processes or technologies, as well as the risks associated with an increase in the number of customers, contractors, business partners, vendors, employees and other third parties working remotely.
IBM’s drive for greater agility, productivity, flexibility and cost savings by continuously transforming with the use of AI may not yield intended gains in speed, quality, productivity and enablement of rapid scaling, which may impact the company’s competitiveness.
Further, IBM’s drive for greater agility, productivity, flexibility and cost savings by continuously transforming with the use of AI may not yield intended gains in speed, quality, productivity and enablement of rapid scaling. The evolving global AI regulatory and legal environment may affect the company’s business and the company’s overall results of operations.
Cybersecurity attacks or other catastrophic events resulting in disruptions to or failures in power, information technology, communication systems or other critical infrastructure could result in interruptions or delays to company, customer, or other third-party operations or services, financial loss, injury or death to persons or property, potential liability, and damage to brand and reputation. 7 Table of Contents Although the company continuously takes significant steps to mitigate cybersecurity risk across a range of functions, such measures can never eliminate the risk entirely or provide absolute security.
Cybersecurity attacks or other catastrophic events resulting in disruptions to or failures in power, information technology, communication systems or other critical infrastructure could result in interruptions or delays to company, customer, or other third-party operations or services, financial loss, injury or death to persons or property, potential liability, and damage to brand and reputation.
The evolving global AI regulatory environment, including the enactment of the EU AI Act, may affect the company’s business and the company’s overall results of operations. Computer hackers and others routinely attack the security of technology products, services, systems and networks using a wide variety of methods, and the increased use of generative AI may introduce novel methods of attack.
Computer hackers and others routinely attack the security of technology products, services, systems and networks using a wide variety of methods, and the increased use of AI technologies may introduce novel methods of attack.
Removed
Cybersecurity risk to the company and its customers also depends on factors such as the actions, practices and investments of customers, contractors, business partners, vendors, the open source community and other third parties, including, for example, providing and implementing patches to address vulnerabilities.
Added
Although the company continuously takes significant steps to mitigate 7 Table of Contents cybersecurity risk across a range of functions, such measures can never eliminate the risk entirely or provide absolute security.
Item 1C. Cybersecurity
Cybersecurity — threats and controls disclosure
11 edited+3 added−1 removed9 unchanged
Item 1C. Cybersecurity
Cybersecurity — threats and controls disclosure
11 edited+3 added−1 removed9 unchanged
2024 filing
2025 filing
Biggest changeIBM also has Business Information Security Officers (“BISO”) who are coordinated by the Office of the CISO on security issues specific to particular business segments. 10 Table of Contents The CSIRT team, together with the Office of the Chief Information Officer (“CIO”), Cyber Legal, Corporate Security, and BISOs, engages in on-going reviews of incidents, threat intelligence, detections, and vulnerabilities, including to assess client and regulatory impact.
Biggest changeThe CSIRT team, together with the Office of the CISO, Cyber Legal, and BISOs, engage in on-going review of incidents, threat intelligence, detections, and vulnerabilities, including to assess client and regulatory impact.
Leadership from E&TS, including the CISO, make regular presentations to the Audit Committee and the full Board on identification, management, and remediation of cybersecurity risks, both internal and external, as well as threat intelligence, emerging global policies and regulations, cybersecurity technologies, and best practices.
Leadership from E&TS, including the CISO, make regular presentations to the Audit Committee and the full Board on identification, management, escalation, and remediation of cybersecurity risks, both internal and external, as well as threat intelligence, emerging global policies and regulations, cybersecurity technologies, and best practices.
They also hold leadership positions outside of IBM in the field of cybersecurity, serving on governing and advisory boards of public and private institutions at the forefront of issues related to cybersecurity, including technology development, cybersecurity policy, and national security. The Board of Directors and the Audit Committee oversee the cyber governance process.
They also hold leadership positions outside of IBM in the field of cybersecurity, serving on governing and advisory boards of public and private institutions at the forefront of issues related to cybersecurity, including technology development, cybersecurity policy, and national security. The Board of Directors and the Audit Committee oversee risk management at IBM.
For these purposes, E&TS includes a dedicated Chief Information Security Officer (“CISO”) whose team is responsible for leading enterprise-wide information security strategy, policy, standards, architecture, and processes for IBM’s internal systems. The CISO manages the CSIRT.
For these purposes, E&TS includes a dedicated Chief Information Security Officer (“CISO”) whose team is responsible for leading enterprise-wide information security strategy, policy, standards, architecture, and processes for IBM’s internal systems.
IBM maintains a Security Operations Center (“SOC”) that monitors for threats to IBM’s networks and systems, utilizing threat intelligence provided by a range of sources, including the IBM Security X-Force Exchange platform, which maintains one of the largest compilations of threat intelligence in the world.
IBM maintains global Security Operations Centers (“SOCs”) that monitor for threats to IBM’s networks and systems, utilizing threat intelligence provided by a range of sources, including the IBM Security X-Force Exchange platform, which maintains one of the largest compilations of threat intelligence in the world.
In addition, senior management provides briefings as needed to the Audit Committee Chair, the Audit Committee, and, as appropriate, the full Board, on cybersecurity issues and incidents of potential interest.
In addition, executive management provides briefings as needed to the Lead Independent Director, Audit Committee Chair, the Audit Committee, and, as appropriate, the full Board on cybersecurity issues and incidents of potential interest.
Governance IBM’s Enterprise & Technology Security (“E&TS”) organization has oversight responsibility for the security of both IBM’s internal systems and external offerings and works across all of the organizations within the company to protect IBM, its brand, and its clients against cybersecurity risks. E&TS also addresses cybersecurity risks associated with third party suppliers.
IBM’s Enterprise & Technology Security (“E&TS”) organization is responsible for the security of both IBM’s internal systems and external offerings and works across IBM to protect its brand and its clients against cybersecurity risks. E&TS 10 Table of Contents also addresses cybersecurity risks associated with third party suppliers.
Depending on the nature of the matter, the incident response team may include individuals from E&TS, the Office of the CISO, the Office of the CIO, Cyber Legal, Business Units, the Office of Privacy and Responsible Technology, Human Resources, Procurement, Finance and Operations, and Corporate Security.
CSIRT leads and coordinates incident response investigations and depending on the nature of the matter, may include individuals from E&TS, the Office of the CISO, the Office of the Chief Information Officer, Cyber Legal, Business Units, the Risk, Compliance and Integrity Team, Human Resources, Procurement, Finance and Operations, and Corporate Security.
The CISO also manages the Product Security Incident Response Team (“PSIRT”), which focuses on product vulnerabilities potentially affecting the security of offerings sold to customers.
The CISO is responsible for enterprise incident response; the Product Security Incident Response Team (“PSIRT”), which focuses on product vulnerabilities potentially affecting the security of offerings sold to customers; and the Business Information Security Officers (“BISO”), which focus on security issues specific to particular business segments.
Events of interest are promptly reported to the Senior Vice President (“SVP”) and Chief Legal Officer ("CLO"), and the SVP overseeing cybersecurity (“SVP Sponsor”). Incidents are delegated to an appropriate incident response team for assessment, investigation, and remediation.
Events of interest are promptly reported to the Chief Legal Officer ("CLO"), the Chief Financial Officer, and the Senior Vice President ("SVP") overseeing the impacted business unit.
The CAC is responsible for, among other things, setting the Company’s governance structure for managing cybersecurity risk and reviewing noteworthy cybersecurity incidents and strategies to prevent recurrence. IBM management responsible for managing cybersecurity risk reflects a cross-section of functions from across the organization with significant experience in managing such risk as well as the technologies underlying these risks.
It serves as a key resource and escalation point for IBM's CISO and operating units on significant and emerging cybersecurity incidents, risks, policies, and practices. IBM executives responsible for managing cybersecurity risk reflect a cross-section of functions from across the organization with significant experience in managing such risk as well as the technologies underlying these risks.
Removed
The incident response teams advise and consult with the CLO and the SVP Sponsor, as appropriate. The Cybersecurity Advisory Committee (“CAC”) meets regularly and is responsible for overseeing management of the Company’s cybersecurity risk. The CAC is composed of, among others, SVPs from the major business units, the SVP Sponsor, and the CLO.
Added
Governance Escalation of cyber risk is a core function within IBM's cyber governance so that emerging threats, incidents, and vulnerabilities are promptly communicated, escalated, and remediated at the appropriate leadership level across the enterprise.
Added
If required by the scale of the incident, an executive is appointed to provide the unified business leadership, coordination, and project management necessary to manage the broader business response under the direction of the CLO. The Board of Directors, the Audit Committee, and senior management participate in cyber incident tabletops to exercise preparedness for incidents and to strengthen cyber governance.
Added
The Cybersecurity Advisory Committee (“CAC”) is a senior executive committee comprised of SVPs from the business (Software, Consulting, Infrastructure) and corporate functions (Legal, Finance, Marketing/Communications), which provides oversight and direction for the management of the company's cybersecurity risk.
Item 2. Properties
Properties — owned and leased real estate
2 edited+0 added−0 removed2 unchanged
Item 2. Properties
Properties — owned and leased real estate
2 edited+0 added−0 removed2 unchanged
2024 filing
2025 filing
Biggest changeAt December 31, 2024, IBM’s facilities in the U.S. had aggregate floor space of approximately 17 million square feet, of which approximately 9 million was owned and 8 million was leased. Outside the U.S., facilities totaled approximately 24 million square feet, of which 3 million was owned and 21 million was leased.
Biggest changeAt December 31, 2025, IBM’s facilities in the U.S. had aggregate floor space of approximately 17 million square feet, of which approximately 8 million was owned and 9 million was leased. Outside the U.S., facilities totaled approximately 22 million square feet, of which approximately 3 million was owned and 19 million was leased.
Item 2. Properties: IBM ’s corporate headquarters are located at an owned site in Armonk, New York. As of December 31, 2024, in aggregate, we owned or leased facilities for current use consisting of approximat ely 41 million square feet worldwide.
Item 2. Properties: IBM ’s corporate headquarters are located at an owned site in Armonk, New York. As of December 31 , 2025 , in aggregate, we owned or leased facilities for current use consisting of approximat ely 39 million square feet worldwide.
Item 3. Legal Proceedings
Legal Proceedings — active lawsuits and investigations
1 edited+0 added−0 removed0 unchanged
Item 3. Legal Proceedings
Legal Proceedings — active lawsuits and investigations
1 edited+0 added−0 removed0 unchanged
2024 filing
2025 filing
Biggest changeItem 3. Legal Proceedings: Refer to note Q, “Commitments & Contingencies,” on pages 95 to 97 of IBM’s 2024 Annual Report to Stockholders, which is incorporated herein by reference. Item 4. Mine Safety Disclosures: Not applicable. 11 Table of Contents PART II
Biggest changeItem 3. Legal Proceedings: Refer to note Q, “Commitments & Contingencies,” on pages 91 to 93 of IBM’s 2025 Annual Report to Stockholders, which is incorporated herein by reference. Item 4. Mine Safety Disclosures: Not applicable. 11 Table of Contents PART II
Item 5. Market for Registrant's Common Equity
Market for Common Equity — stock, dividends, buybacks
4 edited+1 added−0 removed1 unchanged
Item 5. Market for Registrant's Common Equity
Market for Common Equity — stock, dividends, buybacks
4 edited+1 added−0 removed1 unchanged
2024 filing
2025 filing
Biggest changeTotal Number of Shares Purchased Average Price Paid per Share Total Number of Shares Purchased as Part of Publicly Announced Program Approximate Dollar Value of Shares that May Yet Be Purchased Under the Program (1) October 1, 2024—October 31, 2024 — $ — — $ 2,007,611,768 November 1, 2024—November 30, 2024 — $ — — $ 2,007,611,768 December 1, 2024—December 31, 2024 — $ — — $ 2,007,611,768 Total — $ — — (1) On October 30, 2018, the Board of Directors authorized $4.0 billion in funds for use in the company’s common stock repurchase program.
Biggest changeTotal Number of Shares Purchased Average Price Paid per Share Total Number of Shares Purchased as Part of Publicly Announced Program Approximate Dollar Value of Shares that May Yet Be Purchased Under the Program (1) October 1, 2025—October 31, 2025 — $ — — $ 2,007,611,768 November 1, 2025—November 30, 2025 — $ — — $ 2,007,611,768 December 1, 2025—December 31, 2025 — $ — — $ 2,007,611,768 Total — $ — — (1) On October 30, 2018, the Board of Directors authorized $4.0 billion in funds for use in the company’s common stock repurchase program.
This table does not include shares tendered to satisfy the exercise price in connection with cashless exercises of employee stock options or shares tendered to satisfy tax withholding obligations in connection with employee equity awards. The company suspended its share repurchase program at the time of the Red Hat closing in 2019. Item 6. [Reserved]
This table does not include shares tendered to satisfy the exercise price in connection with cashless exercises of employee stock options or shares tendered to satisfy tax withholding obligations in connection with employee equity awards. The company suspended its share repurchase program at the time of the Red Hat closing in 2019. Item 6. [Reserved] Item 7.
Item 5. Market for the Registrant’s Common Equity, Related Stockholder Matters and Issuer Purchases of Equity Securities: Refer to page 123 of IBM’s 2024 Annual Report to Stockholders, which is incorporated herein by reference solely as it relates to this item.
Item 5. Market for the Registrant’s Common Equity, Related Stockholder Matters and Issuer Purchases of Equity Securities: Refer to page 118 of IBM’s 2025 Annual Report to Stockholders, which is incorporated herein by reference solely as it relates to this item.
IBM common stock is listed on the New York Stock Exchange and the NYSE Chicago under the symbol “IBM.” There were 348,544 common stockholders of record at February 10, 2025. The following table provides information relating to the company’s repurchase of common stock for the fourth quarter of 2024.
IBM common stock is listed on the New York Stock Exchange and the NYSE Texas under the symbol “IBM.” There were 290,491 common stockholders of record at February 10, 2026. The following table provides information relating to the company’s repurchase of common stock for the fourth quarter of 2025.
Added
Management’s Discussion and Analysis of Financial Condition and Results of Operations: Refer to pages 6 through 38 of IBM’s 2025 Annual Report to Stockholders, which are incorporated herein by reference.