parties, including prime brokers, administrators, market counterparties and their sub-custodians and other service providers, though the Adviser could perform certain of these functions internally in reliance on their own systems (the cost of which could be borne by the Company). The Company’s service providers could also depend on information technology systems that could or could not be controlled by them and, notwithstanding the diligence that the Company could perform on its service providers, the Company could not be able to verify the risks or reliability of such information technology systems.
The Company, the Adviser, and their affiliates and their service providers are subject to risks associated with a breach in cybersecurity. Cybersecurity is a generic term used to describe the technology, processes and practices designed to protect networks, systems, computers, programs, and data from both intentional cyber-attacks and hacking by other computer users, as well as unintentional damage or interruption that, in either case, can result in damage and disruption to hardware and software systems, loss or corruption of data and/or misappropriation of confidential information. Cybersecurity incidents and cyber-attacks have been occurring globally at a more frequent and severe level and will likely continue to increase in frequency in the future. The Adviser and its service providers’ information and technology systems may be vulnerable to damage or interruption from computer viruses and other malicious code, network failures, computer and telecommunication failures, infiltration by unauthorized persons and security breaches, usage errors by their respective professionals or service providers, power, communications or other service outages and catastrophic events such as fires, tornadoes, floods, hurricanes, and earthquakes.
Cybersecurity threats may involve unauthorized access to sensitive information, including, without limitation, information regarding the Adviser’s or the Company’s investment activities, or could render data or systems unusable, any of which could result in significant losses. Any cybersecurity attacks against the Adviser, the Company, or the Company’s portfolio companies could lead to the loss of sensitive information essential to such entity’s operations, could have a material adverse effect on such entity’s reputations, financial positions or cash flows, could lead to financial losses from remedial actions or loss of business, or could lead to potential liability. Neither the Adviser nor the Company control the cybersecurity plans and systems put in place by third-party service providers, and such third-party service providers may have limited indemnification obligations to the Adviser and the Company, each of whom could be negatively impacted as a result. Breaches such as those involving covertly introduced malware, attempts to induce Stone Point Credit personnel (or third-party agents) to provide data or payments under false pretenses (e.g., via a falsified email), unauthorized release of confidential or otherwise protected information, including personal information relating to the Company, and corruption of data, and other electronic security breaches could lead to disruptions in critical systems, potentially resulting in further harm and could require the Adviser, the Company, or any such portfolio company to make a significant investment to fix or replace such systems. Cyberattacks may also be carried out in a manner that does not require gaining unauthorized access, such as causing denial-of-service attacks on systems or websites, rendering them unavailable. If unauthorized parties gain access to such information and technology systems, they could be able to steal, publish, delete, or modify private and sensitive information. If the information and technology systems of the Adviser and the Company and their respective service providers are compromised, become inoperable for extended periods of time or cease to function properly, the Adviser, the Company, and/or their service providers may have to make a significant investment to fix or replace such systems. The failure of these systems and/or of disaster recovery plans for any reason could cause significant interruptions in the Adviser’s, the Company’s, and/or a portfolio company’s operations and result in a failure to maintain the security, confidentiality, or privacy of sensitive data, including personal information relating to investors of the Company (and their beneficial owners), material non-public information relating to, and the intellectual property and trade secrets of the Adviser, the Company, and/or its portfolio companies. Such a failure or unauthorized disclosure of data could harm the Adviser, the Company, and/or a portfolio company’s reputation, subject any such entity and their respective affiliates to legal claims, regulatory action, increased costs, financial losses, data privacy breaches or enforcement action arising out of applicable privacy or other laws and adverse publicity and otherwise affect their business and financial performance. The costs related to cyber or other security threats or disruptions may not be fully insured or indemnified by other means.
FOIA/Public Disclosure
As a result of the U.S. Freedom of Information Act (“FOIA”), any governmental public records access law, any state or other jurisdiction’s laws similar in intent or effect to FOIA, or any other similar statutory or regulatory requirement, the Company, the Adviser, the Stockholders or any of their respective services providers or their affiliates may be required to disclose information relating to the Company, or their affiliates, and/or any entity in which an investment is made, which disclosure could, for example, affect the Company’s competitive advantage in finding attractive investment opportunities. In addition, some of the shares of Common Stock may be held by Stockholders that are subject to public disclosure requirements, such as public pension plans and listed investment vehicles. The amount of information about their investments that is required to be disclosed has increased in recent years, and that trend may continue. While the Adviser may, in seeking to prevent any such potential disclosure, withhold all or any part of the information otherwise to be provided to certain or all Stockholders, such information may not be withheld in many circumstances.
