In the ordinary course of our business, we generate and store confidential and sensitive data, including research data, intellectual property and proprietary business information owned or controlled by ourselves or our employees, partners and other third parties upon which we rely. We manage and maintain our applications and data utilizing a combination of on-site systems and cloud-based data centers. We utilize external security and infrastructure vendors to manage parts of our data centers. These applications and data encompass a wide variety of business-critical information, including research and development information, commercial information and business and financial information. We face a number of risks relative to protecting this critical information, including loss of access risk, inappropriate use or disclosure, accidental exposure, unauthorized access, inappropriate modification, remediation costs, lost revenues, damages to our competitiveness, stock price and long-term stockholder value, and the risk of our being unable to adequately monitor and audit and modify our controls over our critical information. This risk extends to the third party vendors, subcontractors and partners we use to manage this sensitive data or otherwise process it on our behalf. Further, to the extent our employees may work remotely, additional risks may arise as a result of depending on the networking and security put into place by the employees and where they choose to work, including at home, while in transit or in other public locations. The secure processing, storage, maintenance and transmission of this critical information are vital to our operations and business strategy, and we devote significant resources to protecting such information.
Although we seek to take reasonable measures to protect confidential and sensitive data from unauthorized access, use or disclosure, no security measures can be perfect and our information technology systems and infrastructure, and those of our vendors, subcontractors, and partners upon which we rely, are vulnerable to cyberattacks, computer viruses, bugs, worms, or other malicious codes, malware (including as a result of advanced persistent threat intrusions), and other attacks by computer hackers, cracking, application security attacks, social engineering (including through phishing attacks, ransomware, and extortion events), supply chain attacks and vulnerabilities through our third-party service providers, denial-of-service attacks (such as credential stuffing), credential harvesting, personnel misconduct or error, supply-chain attacks, software bugs, server malfunctions, software or hardware failures, loss of data or other information technology assets, adware, and other similar threats by hackers or breaches or compromises caused by employee erroneous actions or inactions by our employees, consultants, third parties or their contracted service providers, malfeasance or other malicious or inadvertent disruptions. Any such breach or interruption could compromise our networks and the information stored there could be accessed by unauthorized parties, publicly disclosed, lost, or misused,or stolen. Any such access, breach, or other loss of information could result in legal claims or proceedings and related legal exposure and liabilities, including fines and penalties. Unauthorized access, loss, misuse, or dissemination could also disrupt our operations and damage our reputation, any of which could adversely affect our business.
The activities of cyber threat actors and other third parties, including nation-state actors directly and indirectly associated with with military geopolitical conflicts and defense activities have been increasing on number and sophistication. During times of war and other major conflicts, we, the third parties upon which we rely, and our partners may be vulnerable to a heightened risk of such cyber-attacks, including retaliatory cyberattacks, that could materially disrupt our systems and operations, supply chain, and ability to develop our programs. In the event we experience a cyber-attack or other security incident, third parties may gather, collect, or infer sensitive information about us from public sources, data brokers, or other means that reveals competitively sensitive details about our organization, which could be used to undermine our competitive advantage or market position.
The costs related to security incidents, breaches, disruptions or other security events could be significant and cause reputational damage and loss of existing and future business and could cause us to incur substantial fines and related expenses and legal exposure. If the information technology systems of our partners, contractors or consultants become subject to disruptions or security incidents, we may have insufficient recourse against such third parties and we may have to expend significant resources in connection with our efforts to mitigate the impact of such events, and to develop and implement processes and other remedial measures to address future impacts to our business.
Although we maintain cybersecurity insurance coverage, we cannot be certain that such coverage will be adequate for data security liabilities actually incurred, will cover any indemnification claims against us relating to any incident, will continue to be available to us on economically reasonable terms, or at all, or that any insurer will not deny coverage as to any future claim. The successful assertion of one or more large claims against us that exceed available insurance coverage, or the occurrence of changes in our insurance policies, including premium increases or the imposition of large deductible or co-insurance requirements, could adversely affect our reputation, business, financial condition and results of operations. Additionally, our cybersecurity insurance coverage is unlikely to cover indirect or consequential damages, such as reputational harm or loss of current or future business relationships as a result of a security incidents or cyber-attack.
Natural and man-made disasters, including cyber-attacks and other events beyond our control could severely disrupt our operations, or those of our partners, and have a material adverse impact on our business, results of operations, financial condition and prospects. If a natural disaster, power outage, cybersecurity attack or other event occurred that prevented us from using all or a significant portion of our headquarters, damaged critical infrastructure, such as our laboratory facilities or those of our partners, limited our or our partners' ability to access or use our respective digital information systems or that otherwise disrupted our respective operations, it may be difficult or, in certain cases, impossible for us or our partners to continue our respective businesses for a substantial period of time. The disaster recovery and business continuity plans we and our partners currently have in place are limited and are unlikely to prove adequate in the event of a serious disaster or similar event, which could have a material adverse impact on our business.