Our business is highly dependent on the communications and information systems of the Investment Adviser. Certain of these systems are provided to the Investment Adviser by third-party service providers. Any failure or interruption of such systems, including as a result of the termination of an agreement with any such third-party service provider, sudden electrical or telecommunications outages, natural disasters such as earthquakes, tornadoes, and hurricanes, events arising from local or larger scale political or social matters, including terrorist attacks, and cyber-attacks could cause delays or other problems in our activities. Any of the above, in turn, could have a material adverse effect on our operating results and negatively affect the market price of our common stock and our ability to make distributions to our stockholders.
We, the Investment Adviser and our portfolio companies are subject to cybersecurity risks and cyber incidents which may adversely affect our business, financial condition and operating results.
Cyber security incidents and cyber-attacks have been occurring globally at a more frequent and severe level and will likely continue to increase in frequency in the future. Despite careful security and controls design, implementation and updating, ours and our portfolio companies’ information technology systems could become subject to cyber-attacks. Cyber-attacks include, but are not limited to, gaining unauthorized access to digital systems (e.g., through “hacking”, malicious software coding, social engineering or “phishing” attempts) for purposes of misappropriating assets or sensitive information, corrupting data, or causing operational disruption. Cyber-attacks may also be carried out in a manner that does not require gaining unauthorized access, such as causing denial-of service attacks on websites (i.e., efforts to make network services unavailable to intended users).
The Investment Adviser, our and each of their and our affiliates and portfolio companies’ and service providers’ information and technology systems may be vulnerable to damage or interruption from cyber security breaches, computer viruses or other malicious code, network failures, computer and telecommunication failures, infiltration by unauthorized persons and other security breaches, or usage errors by their respective professionals or service providers. If unauthorized parties gain access to such information and technology systems, they may be able to steal, publish, delete or modify private and sensitive information, including non-public personal information related to stockholders (and their beneficial owners) and material non-public information.
In addition, we may be required to expend significant additional resources to modify our protective measures and to investigate and remediate vulnerabilities or other exposures arising from operational and security risks related to cyber-attacks.
The Investment Adviser’s employees have been and expect to continue to be the target of fraudulent calls, emails and other forms of activities. The result of these incidents may include disrupted operations, misstated or unreliable financial data, liability for stolen information, misappropriation of assets, increased cybersecurity protection and insurance costs, litigation and damage to our business relationships, regulatory fines or penalties, or other adverse effects on our business, financial condition or results of operations.
The Investment Adviser’s and other service providers’ increased use of mobile and cloud technologies could heighten the risk of a cyber-attack as well as other operational risks, as certain aspects of the security of such technologies may be complex, unpredictable or beyond their control. The Investment Adviser’s and other service providers’ reliance on mobile or cloud technology or any failure by mobile technology and cloud service providers to adequately safeguard their systems and prevent cyber-attacks could disrupt their operations and result in misappropriation, corruption or loss of personal, confidential or proprietary information. In addition, there is a risk that encryption and other protective measures against cyber-attacks may be circumvented, particularly to the extent that new computing technologies increase the speed and computing power available.
Additionally, remote working environments may be less secure and more susceptible to cyber-attacks, including phishing and social engineering attempts. Accordingly, the risks associated with cyber-attacks are heightened under current conditions.
Although the Investment Adviser implemented, and portfolio companies and service providers may implement, various measures to manage risks relating to these types of events, such systems could prove to be inadequate and, if compromised, could become inoperable for extended periods of time, cease to function properly or fail to adequately secure private information. The Investment Adviser does not control the cyber security plans and systems put in place by third-party service providers, and such third-party service providers may have limited indemnification obligations to the Investment Adviser, their affiliates, the Company, the stockholders and/or a portfolio company, each of which could be negatively impacted as a result. Breaches, such as those involving covertly introduced malware, impersonation of authorized users, “phishing” attacks and industrial or other espionage may not be identified even with sophisticated prevention and detection systems, potentially resulting in further harm and preventing them from being addressed appropriately.
The failure of these systems and/or of disaster recovery plans for any reason could cause significant interruptions in the Investment Adviser, its affiliates’, the Company’s and/or a portfolio company’s operations and result in a failure to maintain the security, confidentiality or privacy of sensitive data, including personal information relating to stockholders (and their beneficial owners), material non-public information and the intellectual property and trade secrets and other sensitive information of the Investment Adviser, us and/or portfolio companies. The Investment Adviser, the Company and/or a portfolio company could be required to make significant investments to remedy the effects of any such failures, harm to their reputations, legal claims that they and their respective affiliates may be subjected to, regulatory action or enforcement arising out of applicable privacy and other laws, adverse publicity, and other events that may affect their business and financial performance.
Internal and external cyber threats, as well as other disasters, could impair our ability to conduct business effectively.
The occurrence of a disaster, such as a cyber-attack against us or against a third-party that has access to our data or networks, a natural catastrophe, an industrial accident, failure of our disaster recovery systems, or consequential employee error, could have an adverse effect on our ability to communicate or conduct business, negatively impacting our operations and financial condition. This adverse effect can become particularly acute if those events affect our electronic data processing, transmission, storage, and retrieval systems, or impact the availability, integrity, or confidentiality of our data.
We depend heavily upon computer systems to perform necessary business functions. Despite our implementation of a variety of security measures, our computer systems, networks, and data, like those of other companies, could be subject to cyber-attacks and unauthorized access, use, alteration, or destruction, such as from physical and electronic break-ins or unauthorized tampering. If one or more of these events occurs, it could potentially jeopardize the confidential, proprietary, and other information processed, stored in, and transmitted through our computer systems and networks. Such an attack could cause interruptions or malfunctions in our operations, which could result in financial losses, litigation, regulatory penalties, client dissatisfaction or loss, reputational damage, and increased costs associated with mitigation of damages and remediation. If unauthorized parties gain access to such information and technology systems, they may be able to steal, publish, delete or modify private and sensitive information, including non-public personal information related to stockholders (and their beneficial owners) and material non-public information. The systems we have implemented to manage risks relating to these types of events could prove to be inadequate and, if compromised, could become inoperable for extended periods of time, cease to function properly or fail to adequately secure private information. Breaches such as those involving covertly introduced malware, impersonation of authorized users and industrial or other espionage may not be identified even with sophisticated prevention and detection systems, potentially resulting in further harm and preventing them from being addressed appropriately. The failure of these systems or of disaster recovery plans for any reason could cause significant interruptions in our and our Investment Adviser’s operations and result in a failure to maintain the security, confidentiality or privacy of sensitive data, including personal information relating to stockholders, material non-public information and other sensitive information in our possession.
28