Communication and information systems are essential to the conduct of our business, as we use such systems, and those maintained and provided to us by third-party service providers, to manage our customer relationships, our general ledger, our deposits, and our loans. In addition, our operations rely on the secure processing, storage, and transmission of confidential and other information in our computer systems and networks. Although we, and entities we have acquired, take and have taken protective measures and endeavor to modify them as circumstances warrant, the security of our computer systems, software, and networks, as well as the security of the computer systems, software, and networks of certain of our service providers, have been, and may in the future be, vulnerable to breaches, unauthorized access, misuse, computer viruses, or other malicious code and cyber-attacks that have had and could have an impact on information security. With the rise and permeation of online and mobile banking, the financial services industry in particular faces substantial cybersecurity risk due to the type of sensitive information provided by customers. We, and our third-party service providers, have been and may in the future be subject to cybersecurity incidents, including those that involve the unauthorized access to customer information affecting other financial institutions and industry groups. Our systems and those of our third-party service providers and customers are regularly the subject of attempted attacks that are increasingly sophisticated, and it is possible that we or they could experience a significant event in the future that could adversely affect our business or operations. In addition, breaches of security have in the past and may in the future occur through intentional or unintentional acts by those having authorized or unauthorized access to our confidential or other information, or that of our customers, clients, or counterparties. Certain previously identified cyber incidents have resulted, and future such events could result, in the breach of confidential and other information processed and stored in our computer systems and networks. These events could cause interruptions or malfunctions in our operations or the operations of our customers, clients, or counterparties. Further, we may not know that an attack occurred until well after the event. Even after discovering an attempt or breach occurred, we may not know the extent of the impact of the attack for some period of time. This could cause us significant reputational damage or result in our experiencing significant losses.
While we diligently assess applicable regulatory and legislative developments affecting our business, laws and regulations relating to cybersecurity have been frequently changing, imposing new requirements on us. In light of these conditions, we face the potential for additional regulatory scrutiny that will lead to increasing compliance and technology expenses and, in some cases, possible limitations on the achievement of our plans for growth and other strategic objectives. We may also be required to expend significant additional resources to modify our protective measures or investigate and remediate vulnerabilities or other exposures arising from operational and security risks, including expenses for third-party expert consultants or outside counsel. We are currently subject to litigation regarding cyber incidents, and we also may be subject to future litigation and financial losses that either are not insured against or not fully covered through any insurance we maintain or any third-party indemnification or insurance. We believe that the impact of any previously identified cyber incidents, including those subject to ongoing investigation and remediation, will not have a material financial impact.
In addition, we routinely transmit and receive personal, confidential, and proprietary information by e-mail and other electronic means. We have discussed, and worked with our customers, clients, and counterparties to develop secure transmission capabilities, but we do not have, and may be unable to put in place, secure capabilities with all of these constituents, and we may not be able to ensure that these third parties have appropriate controls in place to protect the confidentiality of such information. We maintain disclosure controls and procedures to ensure we will timely and sufficiently notify our investors of material cybersecurity risks and incidents, including the associated financial, legal, or reputational consequence of such an event, as well as reviewing and updating any prior disclosures relating to the risk or event. While we have established information security policies, procedures and controls, including an Incident Response Plan, to prevent or limit the impact of systems failures and interruptions, we may not be able to anticipate all possible security breaches that could affect our systems or information and there can be no assurance that such events will not occur or will be adequately prevented or mitigated by our policies, procedures and controls if they do.