We also face indirect technology, cybersecurity and operational risks relating to the customers, clients and other third parties with whom we do business or upon whom we rely to facilitate or enable our business activities, including, for example, financial counterparties, regulators, and providers of critical infrastructure such as internet access and electrical power. As a result of increasing consolidation, interdependence and complexity of financial entities and technology systems, a technology failure, cyber-attack, information security breach or other similar incident that significantly degrades, deletes or compromises the systems or data of one or more financial entities could have a material impact on counterparties or other market participants, including us. This consolidation, interconnectivity and complexity increases the risk of operational failure, on both individual and industry-wide bases, as disparate systems need to be integrated, often on an accelerated basis. Any third-party technology failure, cyber-attack, information security breach, or other similar incident could, among other things, adversely affect our ability to effect transactions, service our clients, manage our exposure to risk or expand our business. In addition, we, our employees, and our customers are increasingly transitioning our and their computing infrastructure to cloud-based computing, storage, data processing, networking and other services, which may increase our cybersecurity risk.
Cyber-attacks, information security breaches, and other similar incidents, whether directed at us or third parties, may result in a material loss or have material consequences. Furthermore, the public perception that a cyber-attack on our systems has been successful, whether or not this perception is correct, may damage our reputation with customers and third parties with whom we do business. Hacking or other unauthorized disclosure of personal information and identity theft risks, in particular, could cause serious reputational harm. A successful penetration or circumvention of system security could cause us serious negative consequences, including our loss of customers and business opportunities, significant business disruption to our operations and business, misappropriation or destruction of our confidential, proprietary, personal or other information and/or that of our customers or other third parties, or damage to our or our customers’ and/or third parties’ computers or systems, and could result in a violation of applicable data privacy and cybersecurity laws and other laws, litigation exposure, regulatory fines, penalties or intervention, loss of confidence in our security measures, reputational damage, reimbursement or other compensatory costs, additional compliance costs, and could adversely impact our results of operations, liquidity and financial condition. We may not be insured against all types of losses as a result of cyber-attacks, information security breaches, and other similar incidents, and our insurer may deny coverage as to any future claim or insurance coverage may not be available on reasonable terms, or at all, or may be inadequate to cover all losses resulting from such incidents.
We experienced a cybersecurity incident in February 2024 involving unauthorized activity in the Company’s systems, which was investigated using a cybersecurity firm and as a result of which we mailed notices to individuals that may have been impacted. A consolidated putative class action is pending against us in Circuit Court in Polk County Florida related to the incident. Although we enhanced our cybersecurity defenses since the incident and to date, and we have not experienced any material losses related to this event, there is no assurance that we will not experience cyber-attacks, information security breaches, or other similar incidents in the future or that we will not suffer material losses from such incidents in the future.
We may face risks with respect to future expansion.
Our business growth, profitability and market share has been enhanced by us engaging in strategic mergers and acquisitions and de novo branching either within or contiguous to our existing footprint. We may acquire other financial institutions or parts of financial institutions in the future and engage in lift outs of our banking teams or de novo branching. We may also consider and enter into or acquire new lines of business or offer new products or services, which may also use new sales channels, such as online and mobile banking. As part of our acquisition strategy, we seek companies that are culturally similar to us, have experienced management, and are in markets in which we operate or close to those markets so we can achieve economies of scale.
We expect to continue to evaluate merger and acquisition opportunities that are presented to us in our current and expected markets and conduct due diligence related to those opportunities, as well as negotiate to acquire or merge with other institutions. We may issue equity securities, including common stock and securities convertible into shares of our common stock in connection with future acquisitions. We also may issue debt to finance one or more transactions, including subordinated debt issuances. Generally, acquisitions of financial institutions involve the payment of a premium over book and market values, resulting in dilution of our tangible book value and fully diluted earnings per share, as well as dilution to our existing shareholders. We also face litigation risks with respect to potential mergers and acquisitions, and such litigation is common. We may incur substantial costs to expand, and we can give no assurance such expansion will result in the levels of profits we seek.
