property, damage our reputation, expose us to liability to third parties and require us to incur significant additional costs to maintain the security of our networks and data.
We depend upon our IT systems to conduct virtually all our business operations, ranging from our internal operations and technology and development activities to our marketing and sales efforts and communications with our customers and business partners. Individuals or entities may attempt to penetrate our network security, or that of our platform, and to cause harm to our business operations, including by misappropriating proprietary information or that of our data suppliers, data consumers, partners and employees or to cause interruptions to our products and platform. In general, cyberattacks and other malicious internet-based activity continue to increase in frequency and magnitude, and cloud-based companies have been targeted in the past and are likely to continue to be targeted in the future. In addition to threats from traditional computer hackers, malicious code (such as malware, viruses, worms, and ransomware), employee theft or misuse, password spraying, phishing, credential stuffing, and denial-of-service attacks, we also face threats from sophisticated organized crime, nation-state, and nation-state supported actors who engage in attacks (including advanced persistent threat intrusions) that add to the risk to our systems (including those hosted on Amazon Web Services (“AWS”) or other cloud services), internal networks, our customers’ systems and the information that they store and process. In addition, due to the political uncertainty involving the Russia and Ukraine conflict, there is an increased likelihood that escalation of tensions could result in cyber-attacks that could either directly or indirectly impact our operations.
Although we devote significant financial and personnel resources to implement and maintain security measures, because the techniques used by such individuals or entities to access, disrupt or sabotage devices, systems and networks change frequently and may not be recognized until launched against a target, we may be required to make further investments over time to protect data and infrastructure as cybersecurity threats develop, evolve and grow more complex over time. We may also be unable to anticipate these techniques, and we may not become aware in a timely manner of security breaches, which could exacerbate any damage we experience. Additionally, we depend upon our employees and contractors to appropriately handle confidential and sensitive data, including customer data, and to deploy our IT resources in a safe and secure manner that does not expose our network systems to security breaches or the loss of data. Any data security incidents, including internal malfeasance or inadvertent disclosures by our employees or a third party’s fraudulent inducement of our employees to disclose information, unauthorized access or usage, introduction of a virus or similar breach or disruption of our business or our service providers, Microsoft Corporation (“Microsoft”), Azure cloud, AWS, could result in loss of confidential information, damage to our reputation, erosion of customer trust, loss of customers, litigation, regulatory investigations, fines, penalties and other liabilities. Accordingly, if our cybersecurity measures or our service providers, fail to protect against unauthorized access, attacks (which may include sophisticated cyberattacks), or the mishandling of data by our employees and contractors, then our reputation, business, results of operations and financial condition could be adversely affected. While we maintain errors, omissions, and cyber liability insurance policies covering certain security and privacy damages, we cannot be certain that our existing insurance coverage will continue to be available on acceptable terms or will be available in sufficient amounts to cover the potentially significant losses that may result from a security incident or breach or that the insurer will not deny coverage as to any future claim.
Any disruption of service at our cloud service providers that host our platform or other services or facilities that Wejo relies on could harm our business.
We currently host our platform primarily using Microsoft Azure cloud and AWS as the cloud service providers. We also rely on third parties for network services. Our continued growth depends on the ability of our customers to access our platform at any time and within an acceptable amount of time.
Although we have disaster recovery and business continuity plans, and geographically diverse instances of our platform, any incident affecting our cloud service provider’s infrastructure, or other services or facilities that may be caused by fire, flood, severe storm, earthquake or other natural disasters, cyber-attacks, terrorist or other attacks, and other similar events beyond our control could negatively affect our platform and our ability to deliver our services to our customers. A prolonged cloud service provider disruption affecting our platform or a prolonged disruption affecting our network services, for any of the foregoing reasons would negatively impact our ability to serve our customers and could damage our reputation with current and potential customers, expose us to liability, cause us to lose customers or otherwise harm our business. We may also incur significant costs for using alternative equipment or taking other actions in preparation for, or in reaction to, events that damage the cloud service providers we use.
If our cloud service provider and/or network services agreements are terminated, or there is a lapse of service, we would experience interruptions in access to our platform as well as significant delays and additional expense in arranging new facilities and services and/or re-architecting our solutions for deployment on a different cloud infrastructure or communications network, which would adversely affect our business, operating results and financial condition.
