As a critical infrastructure service provider, we transmit large amounts of data over our systems, and process and store highly sensitive customer data. Consequently we, our third-party service providers, and our customers are under constant threat of cyber attacks. The number and sophistication of these attacks continues to increase. Despite our efforts to prevent these events, some of these attacks could result in a material adverse impact to our operations due to distributed denial of service attacks, ransomware attacks, malware, virus, credential harvesting, man-in-the-middle attacks, or social engineering attacks. As previously disclosed in our 2023 reports to the SEC and various 2024 media reports, (i) sophisticated threat actors accessed our internal information technology systems in 2023 and 2024 and (ii) we experienced a ransomware attack on a limited number of our servers in 2023. The ransomware attack did not impact any operations or customer data. We do not believe these incidents had or are likely to have a material adverse impact on our ability to serve our customers or our business, operations or financial results.
As further described in Item 1C of this annual report, cyber-attacks on our systems may stem from a variety of sources and take many forms. Cyber-attacks can put at risk personally identifiable information, customer data or protected health information, thereby implicating stringent domestic and foreign data protection laws. These threats may also arise from failure or intrusions of systems owned, operated or controlled by other unaffiliated third-party operators, upon whom we are materially reliant to operate our business. Various other factors could intensify these risks, including, (i) our maintenance of information in digital form stored on servers connected to the Internet, (ii) our use of open- and software-defined networks, (iii) the challenges of operating and maintaining our complex multi-continent network composed of legacy and acquired properties, which is more difficult to safeguard than newer fully-integrated networks, (iv) growth in the size and sophistication of our customers and their service requirements, (v) increased use of our network due to greater demand for data services, (vi) the large number of our employees working from remote locations, (vii) our IT support agreements with purchasers of businesses we have divested over the past few years and (viii) as further discussed below, the difficulty of defending against increasingly sophisticated attacks.
Cyber-attacks could (i) disrupt the proper functioning of our networks and systems, which could in turn disrupt the operations of our customers, (ii) result in the destruction, loss, theft, misappropriation or release of proprietary, confidential, sensitive, classified or otherwise valuable information of ours, our employees, our customers or our customers' end users, (iii) require us to notify customers, regulatory agencies or the public of data incidents, (iv) damage our reputation or result in a loss of business, (v) require us to provide credits for future service to our customers or to offer expensive incentives to retain customers, (vi) subject us to claims by our customers or regulators for damages, fines, penalties, license or permit revocations or other remedies, (vii) result in the loss of industry certifications or (viii) require significant management attention or financial resources to remedy the resulting damages or to change our systems. Any or all of the foregoing developments could have a material adverse impact on us.
We believe the importance of our network to global internet data flows will continue to make it a target to a wide range of threat actors, including nation state actors and other advanced persistent threat actors. Moreover, the risk of incidents is likely to continue to increase due to several factors, including (i) the increasing use of machine learning, AI and other sophisticated techniques to initiate cyber and phishing attacks, (ii) the wider accessibility of cyber-attack tools that can circumvent security controls and evade detection, which can delay and limit our ability to accurately assess and fully remediate the impact of the attack, and (iii) growing threats from Chinese, Russian and other state actors due to heightened geopolitical tensions and rivalries, and the attendant increased possibility of cyber warfare targeting us in the event of a direct conflict. It should also be noted that defenses against cyber-attacks currently available to us and others are unlikely to prevent intrusions by a highly-determined, highly-sophisticated threat actor. Consequently, you should assume that we will continue to experience cyber incidents in the future. Thus far, none of our past security incidents have had a material adverse effect on us, and we continue to take steps designed to limit our cyber risks. Nonetheless, we cannot assure you that future cyber incidents or events will not ultimately have a material adverse impact on our business, operations or financial results.
Although we maintain insurance coverage that may, subject to policy terms and conditions (including self-insured deductibles, coverage restrictions and monetary coverage caps), cover certain aspects of our cyber risks, such insurance coverage may be unavailable or insufficient to cover our losses.