Our hotel managers are dependent on information technology networks and systems, including the internet, to access, process, transmit and store proprietary and customer information, including personally identifiable information of hotel guests, including credit card numbers.
These information networks and systems can be vulnerable to threats such as system, network or internet failures; computer hacking or business disruption, including through network- and email-based attacks as well as social engineering; cyber-terrorism; cyber extortion; viruses, worms or other malicious software programs; software vulnerabilities and misconfigurations; and employee error, negligence or fraud. The risk of a cybersecurity incident or disruption, particularly through cyber-attack or cyber intrusion, including by computer hackers, nation-state affiliated actors and cyber terrorists, has generally increased as the number, intensity and sophistication of attempted attacks and intrusions from around the world have increased. Cyber-attackers increasingly are using more sophisticated techniques and tools (including artificial intelligence and machine learning) designed to evade detection and circumvent security controls, which may make it more difficult for us, our hotel managers, and third-party providers to fully identify, investigate or remediate cybersecurity incidents.
We rely on our hotel managers to protect proprietary and customer information from these threats. Any compromise of our own network or hotel managers' networks could result in a disruption to our booking or sales systems or other operations, in increased costs (e.g., related to response, investigation, and notification) or in potential litigation and liability. In addition, public disclosure or loss of customer or proprietary information could result in damage to the hotel manager's reputation, a loss of confidence among hotel guests, reputational harm for our hotels, potential litigation and increased regulatory oversight, including governmental investigations, enforcement actions, and regulatory fines, any of which may have a material adverse effect on our business, reputation, financial condition and results of operations.
In addition to the information technologies and systems our hotel managers use to operate our hotels, we have our own corporate technologies and systems that are used to access, store, transmit, and manage or support a variety of business processes and employee personally identifiable information. We may be required to expend significant attention and financial resources to protect these technologies and systems against physical or cybersecurity incidents and even then, our security measures may subsequently be deemed to have been inadequate by regulators or courts given the lack of prescriptive measures in data security and cybersecurity laws as well as regulators' evolving interpretations of cybersecurity laws and standards. There can be no assurance that the security measures we have taken to protect these systems will prevent failures, inadequacies or interruptions in system services or that system security will not be compromised, including through system or user error, physical or electronic break-ins, computer viruses, or cyber-attacks. Due to the complexity and interconnectedness of our information technologies and systems, and those upon which we rely, the process of upgrading or patching our protective measures could itself create a risk of cybersecurity issues or system disruptions for the Company. Further, any adoption of artificial intelligence by us or by third parties may pose new security challenges. Any cybersecurity incident or disruption to our information technologies and systems could have a material adverse effect on our business, our financial reporting and compliance, and could subject us to or result in liability claims, litigation, monetary losses or regulatory oversight, investigations or penalties which could be significant. In addition, the cost and operational consequences of responding to cybersecurity incidents and implementing remediation measures could be significant. If our hotel managers' information networks and systems, our corporate technologies and systems, or third-party information systems on which we rely suffer severe damage, disruption or shutdown, and our business continuity plans do not effectively resolve the issues in a timely manner, we may lose revenue and profits as a result of our inability to provide services or invoice and collect payments, and we could experience delays in reporting our financial results.
In the conduct of our business, both we and our hotel managers rely on relationships with third parties, including cloud data storage and other information technology service providers, suppliers, distributors, contractors and other external business partners, for certain functions or for services in support of key portions of our operations. These third-party entities are subject to similar risks related to cybersecurity, privacy violations, business interruption, and system and employee failures and an attack against such third-party service provider or partner could have a material adverse effect on our business.
Although the cybersecurity incidents that we and our third-party partners have experienced to date have not had a material effect on our business, financial condition or results of operations, such incidents could have a material adverse effect on us in the future.
While we have purchased cybersecurity insurance, there are no assurances that the coverage would be adequate in relation to any incurred losses. Moreover, as cyberattacks increase in frequency and magnitude, we may be unable to obtain cybersecurity insurance in amounts and on terms we view as adequate for our operations.
In addition, increased regulation of data collection, use and retention practices, including self-regulation and industry standards, changes in existing laws and regulations, enactment of new laws and regulations, increased enforcement activity, and changes in interpretation of laws, could increase our cost of compliance and operation, limit our ability to grow our business or otherwise harm the Company.