We and our employees are the target of phishing attempts and compromised links, and our IT Systems are the target of attempts at unauthorized access, a small number of which have been successful in accessing non-critical areas of our IT Systems. Our customer-facing network firewall regularly suppresses cyber-attacks and our network routinely manages DDOS attacks. Although none of the incidents, individually or in the aggregate, have materially impacted our operations or business, we cannot guarantee material incidents will not occur in the future. An attack on or security breach of our network could result in theft of Confidential Information, the interruption, degradation, or cessation of services, an inability to meet our service level commitments or our financial reporting obligations, and could potentially compromise customer data stored on or transmitted over our network.
Cyber-attacks are expected to accelerate on a global basis in frequency and magnitude as threat actors are becoming increasingly sophisticated in using techniques and tools – including artificial intelligence – that circumvent security controls, evade detection and remove forensic evidence. As a result, we may be unable to detect, investigate, remediate or recover from future attacks or incidents, or avoid a material adverse impact to our IT Systems, Confidential Information or business. Moreover, as cyber warfare becomes a tool in asymmetric conflicts between the United States and other nations, we, as a US provider, may be targeted with increasing frequency. We cannot guarantee that our security measures will not be circumvented, thereby resulting in security events, network failures or interruptions that could impact our network security or availability and have a material adverse effect on our business, our ability to meet our financial reporting obligations, brand and reputation, financial condition and operational results.
We may be required to expend significant resources to protect against such threats, and may experience a reduction in revenues, litigation (including class action lawsuits), and a diminution in goodwill, caused by a compromise of our cybersecurity. Although our customer contracts limit our liability, affected customers and third parties may seek to recover damages from us under various legal theories. We cannot guarantee that any costs and liabilities incurred in relation to an attack or incident will be covered by our existing insurance policies or that applicable insurance will be available to us in the future on economically reasonable terms or at all. In response to past attacks, we have implemented additional controls and taken and planned for other preventative actions to further strengthen our systems against future attacks. However, we cannot assure you that such measures will provide absolute security, that we will be able to react in a timely manner, or that our remediation efforts following any past or future attacks will be successful. There can also be no assurance that our cybersecurity risk management program and processes, including our policies, controls or procedures, will be fully implemented, complied with or effective in protecting our IT Systems and Confidential Information. Any adverse impact to the availability, integrity or confidentiality of our IT Systems or Confidential Information can result in legal claims or proceedings (such as class actions), regulatory investigations and enforcement actions, fines and penalties, negative reputational impacts that cause us to lose existing or future customers, and/or significant incident response, system restoration or remediation and future compliance costs. Any or all of the foregoing could materially adversely affect our business, operating results, and financial condition.
If the information systems that we depend on to support our customers, network operations, sales, billing and financial reporting do not perform as expected, our operations and our financial results may be adversely affected.
We rely on complex information systems to operate our network and support our other business functions. Our ability to track sales leads, close sales opportunities, provision services, bill our customers for our services and prepare our financial statements depends upon the effective integration of our various information systems. In 2020, we developed and deployed our own customer relationship management software for our sales force. We may have difficulty maintaining this software and adding features that our sales representatives require. If our information systems, individually or collectively, fail or do not perform as expected, our ability to make sales, to process and provision orders, to make timely payments to vendors, to ensure that we collect amounts owed to us and prepare and file our financial statements would be adversely affected. Such failures or delays could result in increased capital expenditures, customer and vendor dissatisfaction, loss of business or the inability to add new customers or additional services, and the inability to prepare accurate and timely financial statements all of which would adversely affect our business and results of operations.
Our insurance coverage may be insufficient to fully protect against potential risks.
We maintain various insurance policies, including liability, property, and others, to safeguard our company against insurable risks. Our choice of insurance types, coverage limits, and deductibles is determined by our unique risk profile, the balance between insurance costs and perceived benefits, and prevailing industry norms. There is a possibility that any of the insurance limits we secure, whether for flood or other risks, might be insufficient. Such inadequacy could significantly and negatively affect our business, financial health, and operational outcomes.
