We collect, process and store the sensitive, nonpublic, and/or confidential data or information of our customers, employees and third-party service providers, including our own proprietary information in the ordinary course of business. As such, we recognize the importance of managing data privacy risks on an enterprise-wide basis to protect and maintain the security and confidentiality of the sensitive information entrusted to us. In order to effectively monitor data privacy and information security risks, we must be able to identify, measure and control the risks associated with the entire lifecycle of our information assets; from collection, to storage, to disclosure, to destruction. Under our information security program, we have established a robust set of preventive, detective, and administrative safeguards and security controls. These controls are intended to prevent unauthorized access to or use of our sensitive information, cyber-attacks by hackers, or breaches due to employee error or misconduct, or other disruptions such as computer viruses, malicious software, ransomware, phishing schemes, fraud activities, and hardware or software failures.
The legal, regulatory, and threat landscape surrounding information security, cybersecurity, and data privacy is dynamic, increasingly demanding, and challenging. Increases in data security breaches have led to an expansion of federal and state laws regulating privacy and the collection, use, processing, disclosure, and security of sensitive information. The growth in interstate data flow, together with new privacy and data security-related statutes and regulations, heightens the risk of privacy violations and creates compliance challenges. In order to mitigate and control these risks and challenges, we monitor the progress of pending federal and state legislation that, if passed, would materially alter federal and state privacy or data protection practices and requirements applicable to us.
Cybersecurity and the continued development and enhancement of controls, processes, and practices designed to protect systems, computers, software, data, customer information, and networks against the threat of security breaches, fraud, cyber-attacks, ransomware, social engineering, and computer malware attacks, damage, or unauthorized access remain a priority for us. As risks associated with cybersecurity threats constantly evolve, including as a result of artificial intelligence ("AI"), and become more sophisticated the costs to enhance, modify, and refine our protective measures against these evolving threats and to respond to such threats may increase.
Our risk and exposure of cyber threats to our information systems, as well as those of our third-party vendors, remain heightened because of, among other things, the evolving nature of these threats, the continuation of remote and/or hybrid work environments for our employees and service providers, and our plans to continue to implement and expand digital banking services, expand operations, and use third-party information systems that include cloud-based infrastructure, platforms, and software. In addition, as geopolitical tensions rise, the threat of state-sponsored cyber-attacks on the U.S.and its financial services sector has increased. The measures we implement to reduce and mitigate these risks may not always be effective, and there can be no assurance that our efforts will prevent breakdowns, intrusions, incidents, or breaches of our or our third-party vendors' information systems. Security breaches, cybersecurity incidents, or loss of information may result in business interruptions, exposure of proprietary or confidential information, data corruption, fines and penalties, potential liabilities from regulatory or third-party investigations, litigation costs, remediation costs, diversion of management attention, and the negative impact on our reputation and loss of clients' confidence.
In addition, our customers and third-party service providers rely on technology and systems unmanaged by us, such as networking devices, server infrastructure, personal computers, smartphones, tablets, and other mobile devices, to contact and conduct business with us. If the devices of our customers and/or third-party service providers become the target of a cyber-attack, or security breach, it may result in business interruptions or unauthorized access to, misuse of, or loss of the sensitive information of, employees, or third-party service providers. Threat actors using improperly obtained personal or financial information of consumers can attempt to obtain loans, lines of credit, or other financial products or services, or attempt to fraudulently persuade our employees, customers, or other users of our systems to disclose sensitive information to gain access to our information assets and/or information systems.
We also face additional costs when our customers become the victims of cyber-attacks, which may include phishing scams, providing cybercriminals access to their accounts, or credit or debit card information. In these situations, we incur costs to replace compromised cards and address fraudulent transactions affecting our customers. The occurrence of any of the foregoing risks could result in a reduced ability to operate our business, additional costs, potential liability, and reputational harm, any of which could adversely affect our business, financial condition, and results of operations.