The need to mitigate against and react to cyber-security risks, and electronic fraud risks require significant resources, and any system failure, a cyber-security attack or electronic fraud could subject the Company to increased operating costs as well as litigation and other liabilities. The risk of electronic fraudulent activity within the financial services industry, especially in the commercial banking sector, due to cyber-attacks (crime committed through or involving the internet, such as phishing, hacking, denial of service attacks, stealing information, unauthorized intrusions into internal systems or the systems of the Company's third-party vendors) continues to increase and could adversely impact the Company's operations or damage its reputation. The Company's information technology infrastructure and systems may be vulnerable to cyber-terrorism, computer viruses, damage from physical theft, fire, power loss, telecommunications failure or a similar catastrophic event, system failures and other intentional or unintentional interference, fraud and other unauthorized attempts to access or interfere with the systems.
Information security risks have increased because of the proliferation of new technologies, including artificial intelligence, and the increased number as well as sophistication and level of activity of perpetrators of cyber-attacks, which include nation-state actors. Many financial institutions and service providers to financial institutions have reported significant breaches in the security of their websites or other systems, some of which have involved sophisticated and targeted attacks intended to obtain unauthorized access to confidential information, destroy data, deny service, or sabotage systems, often through the introduction of computer viruses or malware, cyber-attacks and other means. While the Company has seen attempts to gain access against its systems, and expects such attacks will continue, and may intensify, in the future. Although to date the Company has not experienced any material losses relating to cyber-attacks or other information security breaches, there can be no assurance that we will not suffer losses in the future.
The Company expects risk exposure to cyber-attacks will remain elevated or increase in the future due to, among other things, the increasing size and prominence of the Company in the financial services industry, its expansion of Internet and mobile banking tools and products based on customer needs, and its increasing use of operational software hosted on the Internet as more and more software solutions used in the Company's operations migrate from solutions hosted within the Company's firewalls to internet-hosted solutions at third-party locations.
To help manage the Company's cyber-risks, when entering a new vendor relationship, the Company reviews and assesses the cyber-security risk of third-party service providers. A successful cyber-security attack on one of the Company's third-party service providers could disrupt operations, adversely affect the Company's business, or result in the disclosure or misuse of the Company's confidential information, including customer confidential information. There can be no assurance that the precautions the Company takes to seek to manage cyber risk related to third-party service providers will be effective or prevent a cyber-attack that could expose the Company to significant operational costs and damages or reputational harm. Although the Company maintains an insurance policy covering these sorts of cyber risks, there can be no assurance that this policy will afford coverage for all possible losses or would be adequate to cover all financial losses, damages, and penalties, including lost revenues, should the Company experience any system failure or cyber-attack in one or more Company or third-party systems.
The Company's risk-based technology and systems or the personnel who monitor such technology and systems may not identify and prevent or effectively mitigate successful cyber-attacks when they occur. Significant operational costs and damages or reputational harm may occur if the Company fails to identify and prevent or effectively mitigate, or there is a delay in identifying, a cyber-attack on its systems, or those of its third-party service providers. Any breach, damage or failure that causes an interruption in operations could have a material adverse effect on the Company's financial condition and results of operations due to the time and money needed to correct the issue. Computer break-ins, phishing and other disruptions could also jeopardize the security of information stored in and transmitted through Company computer systems and network infrastructure, which may result in litigation or significant liability to the Company and may cause existing and potential customers to refrain from doing business with the Company. Finally, depending on the type of incident, banking regulators may impose restrictions on the Company's business and consumer laws may require reimbursement of customer losses.