Risks Related to ESSA’s Business and Industry
The Company’s business and operations would suffer in the event of computer system failures or security breaches.
In the ordinary course of ESSA’s business, the Company collects, stores and transmits confidential information, including intellectual property, proprietary business information and personal information. Despite the implementation of security measures, ESSA’s internal computer systems, and those of other third parties on which the Company relies, including, but not limited to, ESSA’s CROs, collaborators, contractors or consultants, are vulnerable to damage from computer viruses, unauthorized access, cyberattacks, natural disasters, fire, terrorism, war and telecommunication and electrical failures. Cyberattacks are increasing in their frequency, sophistication and intensity. Cyberattacks could include the deployment of harmful malware, denial-of-service attacks, social engineering and other means to affect service reliability and threaten the confidentiality, integrity and availability of information. Significant disruptions of ESSA’s information technology systems or security breaches could adversely affect ESSA’s business operations and/or result in the loss, misappropriation, and/or unauthorized access, use or disclosure of, or the prevention of access to, confidential information (including trade secrets or other intellectual property, proprietary business information and personal information), and could result in financial, legal, business and reputational harm to the Company.
If ESSA fails to maintain or protect ESSA’s information systems and data integrity effectively, ESSA could lose or have difficulty attracting customers, have difficulty preventing, detecting and controlling fraud, experience increases in operating expenses, incur expenses or lose revenues, or suffer other adverse consequences as a result of a data privacy breach. If such disruptions were to occur and cause interruptions in ESSA’s operations or result in the unauthorized acquisition of ESSA’s access to personally identifiable information or individually identifiable health information (violating certain privacy laws, as applicable, such as HIPAA, CCPA, HITECH and GDPR), it could result in a material disruption of ESSA’s drug development program and ESSA could be subject to significant fines or penalties for any non-compliance with certain state and/or international privacy and security laws. Further, the loss of preclinical study or clinical trial data from completed, ongoing or planned preclinical studies or clinical trials could result in delays in ESSA’s efforts to identify and develop product candidates and significantly increase its costs to recover or reproduce the data. To the extent that any disruption or security breach results in a loss of, or damage to, ESSA’s data or applications, or inappropriate disclosure of confidential or proprietary information, the Company could incur liability and the further development of its product candidate and the Company’s potential future product candidates could be delayed. ESSA’s insurance policies may not be adequate to compensate ESSA for the potential loss arising from such disruptions, failure or security breach. In addition, such insurance may not be available to ESSA in the future on economically reasonable terms, or at all. Further ESSA’s insurance may not cover all claims made against ESSA and could have high deductibles in any event, and defending a suit, regardless of its merit, could be costly and divert management attention. While ESSA has invested in the protection of data and information technology, there can be no assurance that ESSA’s efforts, or those of ESSA’s third-party collaborators, if any, to implement adequate security and quality control measures for data processing would be sufficient to protect against data deterioration or loss in the event of a system malfunction, or to prevent data from being stolen or corrupted in the event of a security breach.
Business disruptions could seriously harm ESSA’s future revenues and financial condition and increase costs and expenses.
ESSA’s operations and the operations of third parties whom ESSA depend upon, could be subject to earthquakes, power shortages, telecommunications failures, water shortages, floods, hurricanes, typhoons, fires, extreme weather conditions, medical epidemics and other natural or manmade disasters or business interruptions, for which ESSA is predominantly self-insured. Although ESSA carries insurance for earthquakes and other natural disasters, ESSA may not carry sufficient business interruption insurance to compensate the Company for all losses that may occur. The disaster recovery and business continuity plans ESSA has in place may not be adequate in the event of a serious disaster or similar event. ESSA does not carry insurance for all categories of risk that ESSA’s business may encounter. The occurrence of any of these business disruptions could seriously harm ESSA’s operations and financial condition and increase costs and expenses. Further, any significant uninsured liability may require ESSA to pay substantial amounts, which would adversely affect ESSA’s business, results of operations, financial condition and cash flows from future prospects.
