Although we have implemented internal security and business continuity measures and have developed an information technology infrastructure, our internal computer systems, as well as those of current and future third parties on which we rely, are vulnerable to damage from computer viruses and unauthorized access and may fail. Our information technology and other internal infrastructure systems, including corporate firewalls, servers, data center facilities, lab equipment, and internet connection, face the risk of breakdown or other damage or interruption from service interruptions, system malfunctions, natural disasters, terrorism, war, and telecommunication and electrical failures, as well as security breaches from inadvertent or intentional actions by our employees, contractors, consultants, business partners, and/or other third parties, or from cyber-attacks by malicious third parties (including the deployment of harmful malware, ransomware, denial-of-service attacks, social engineering and other means to affect service reliability and threaten the confidentiality, integrity and availability of information), each of which could compromise our system infrastructure or lead to the loss, destruction, alteration, disclosure, or dissemination of, or damage or unauthorized access to, our data or data that is processed or maintained on our behalf, or other assets.
In addition, the loss or corruption of, or other damage to, clinical trial data from completed or future clinical trials could result in delays in our regulatory approval efforts and could significantly increase our costs to recover or reproduce the data. Likewise, we will rely on third parties for the manufacture of our current or future drug candidates and to conduct clinical trials, and similar events relating to their systems and operations could also have a material adverse effect on our business and lead to regulatory agency actions. The risk of a security breach or disruption, particularly through cyber-attacks or cyber intrusion, including by computer hackers, foreign governments, and cyber terrorists, has generally increased as the number, intensity, and sophistication of attempted attacks and intrusions from around the world have increased.
Sophisticated cyber attackers (including foreign adversaries engaged in industrial espionage) are skilled at adapting to existing security technology and developing new methods of gaining access to organizations’ sensitive business data, which could result in the loss of proprietary information, including trade secrets. We may be unable to anticipate all types of security threats and to implement preventive measures effective against all such security threats. The techniques used by cyber criminals change frequently, may not be recognized until launched, and can originate from a wide variety of sources, including outside groups such as external service providers, organized crime affiliates, terrorist organizations, or hostile foreign governments or agencies.
Any security breach or other event leading to the loss or damage to, or unauthorized access, use, alteration, disclosure, or dissemination of, personal information, including personal information regarding clinical trial subjects, contractors, directors, or employees, our intellectual property, proprietary business information, or other confidential or proprietary information, could directly harm our reputation, enable competitors to compete with us more effectively, compel us to comply with federal and/or state breach notification laws and foreign law equivalents, subject us to mandatory corrective action, or otherwise subject us to liability under laws and regulations that protect the privacy and security of personal information.
Each of the foregoing could result in significant legal and financial exposure and reputational damage that could adversely affect our business. Notifications and follow-up actions related to a security incident could impact our reputation or cause us to incur substantial costs, including legal and remediation costs, in connection with these measures and otherwise in connection with any actual or suspected security breach. Our efforts to detect and prevent security incidents and otherwise implement our internal security and business continuity measures, including those connected with any actual, potential, or anticipated attack, may cause us to incur significant cost, including those connected with the engagement of additional personnel (including third-party experts and consultants), employment protection technologies, and employee training.
The costs related to significant security breaches or disruptions could be material and our insurance policies may not be adequate to compensate us for the potential losses arising from any such disruption in, or failure or security breach of, our systems or third-party systems where information important to our business operations or commercial development is stored or processed. In addition, such insurance may not be available to us in the future on economically reasonable terms, or at all. Further, our insurance may not cover all claims made against us and could have high deductibles in any event, and defending a suit, regardless of its merit, could be costly and divert management attention. Furthermore, if the information technology systems of our third-party vendors and other contractors and consultants become subject to disruptions or security breaches, we may have insufficient recourse against such third parties and we may have to expend significant resources to mitigate the impact of such an event, and to develop and implement protections to prevent future events of this nature from occurring.
The occurrence of such a cybersecurity breach could result in interruptions in our operations, material disruption of our development programs or our business operations, and may cause us financial, legal, business, or reputational harm.