implementation of compliance programs and prohibitions on the conduct of our business. Any such violations could materially damage our reputation, our brand, our international operations, our ability to attract and retain employees, and our business, prospects, operating results, and financial condition.
Use of social media could give rise to liability, breaches of data security, or reputational harm.
We and our employees use social media to communicate externally. There is risk that the use of social media by us or our employees to communicate about our product candidates or business may give rise to liability, lead to the loss of trade secrets or other intellectual property, or result in public exposure of personal information of our employees, clinical trial patients, customers, and others. Furthermore, negative posts or comments about us or our product candidates in social media could seriously damage our reputation, brand image, and goodwill. Any of these events could have a material adverse effect on our business, prospects, operating results, and financial condition and could adversely affect the price of our common stock.
Our computer systems, or those used by our CROs or other contractors or consultants, may fail or suffer security breaches, which could adversely affect our business.
Despite the implementation of security measures, our computer systems and data and those of our current or future CROs or other contractors and consultants are vulnerable to failure, interruption, compromise or damage from computer hacking, malicious software, fraudulent activity, employee misconduct, human error, telecommunication and electrical failures, natural disasters, public health epidemics, such as the COVID-19 pandemic, currently impacting multiple jurisdictions worldwide, including the United States, or other cybersecurity attacks or accidents. Future acquisitions could expose us to additional cybersecurity risks and vulnerabilities from any newly acquired information technology infrastructure. Cybersecurity attacks are constantly increasing in sophistication and are made by groups and individuals with a wide range of motives (including industrial espionage) and expertise, including by organized criminal groups, “hacktivists,” nation states and others. As a company with an increasingly global presence, our systems are subject to frequent attacks. Due to the nature of some of these attacks, there is a risk that an attack may remain undetected for a period of time. While we continue to make investments to improve the protection of data and information technology, there can be no assurance that our efforts will prevent service interruptions or security breaches. The costs to respond to a security breach and/or to mitigate any security vulnerabilities that may be identified could be significant, our efforts to address these problems may not be successful, and these problems could result in unexpected interruptions, delays, cessation of service, negative publicity, and other harm to our business and our competitive position. In addition, the costs of maintaining or upgrading our cyber-security systems at the level necessary to keep up with our expanding operations and prevent against potential attacks are increasing, and despite our best efforts, our network security and data recovery measures and those of our vendors may still not be adequate to protect against such security breaches and disruptions, which could cause harm to our business, financial condition and results of operations
We have contractual and legal obligations to notify relevant stakeholders of security breaches. Most jurisdictions have enacted laws requiring companies to notify individuals, regulatory authorities, and others of security breaches involving certain types of data. In addition, our agreements with collaborators may require us to notify them in the event of a security breach. Such mandatory disclosures are costly, could lead to negative publicity, may cause our collaborators to lose confidence in the effectiveness of our security measures and require us to expend significant capital and other resources to respond to and/or alleviate problems caused by the actual or perceived security breach.
Any cybersecurity incident could adversely affect our business, by leading to, for example, the loss of trade secrets or other intellectual property, demands for ransom or other forms of blackmail or the unauthorized disclosure of personal or other sensitive information of our employees, clinical trial patients, customers and others. Although to our knowledge we have not experienced any material cybersecurity incident to date, if such an event were to occur, it could seriously harm our development programs and our business operations. We could
S-62