Risks Relating to Our Platform and Data
Our business and operations would suffer in the event of computer system failures, cyber-attacks, or deficiencies in our or third parties’ cybersecurity.
We are increasingly dependent upon information technology systems, infrastructure, and data to operate our business. In the ordinary course of business, we collect, store, and transmit confidential information, including, but not limited to, information related to our intellectual property and proprietary business information, personal information, and other confidential information. It is critical that we maintain such confidential information in a manner that preserves its confidentiality and integrity. Furthermore, we have outsourced elements of our operations to third party vendors, who each have access to our confidential information, which increases our disclosure risk.
Although we have implemented internal security and business continuity measures and have developed an information technology infrastructure, our internal computer systems, as well as those of current and future third parties on which we rely, are vulnerable to damage from computer viruses and unauthorized access, and may fail. Our information technology and other internal infrastructure systems, including corporate firewalls, servers, data center facilities, lab equipment, and internet connection, face the risk of breakdown or other damage or interruption from service interruptions, system malfunctions, natural disasters, terrorism, war, and telecommunication and electrical failures, as well as security breaches from inadvertent or intentional actions by our employees, contractors, consultants, business partners, and/or other third parties, or from cyber-attacks by malicious third parties (including the deployment of harmful malware, ransomware, denial-of-service attacks, social engineering and other means to affect service reliability and threaten the confidentiality, integrity and availability of information), each of which could compromise our system infrastructure or lead to the loss, destruction, alteration, disclosure, or dissemination of, or damage or unauthorized access to, our data or data that is processed or maintained on our behalf, or other assets.
In addition, the loss or corruption of, or other damage to, clinical trial data from completed or future clinical trials could result in delays in our regulatory approval efforts and could significantly increase our costs to recover or reproduce the data. Likewise, we will rely on third parties for the manufacture of our current or future drug candidates and to conduct clinical trials, and similar events relating to their systems and operations could also have a material adverse effect on our business and lead to regulatory agency actions. The risk of a security breach or disruption, particularly through cyber-attacks or cyber intrusion, including by computer hackers, foreign governments, and cyber terrorists, has generally increased as the number, intensity, and sophistication of attempted attacks and intrusions from around the world have increased.
Sophisticated cyber attackers (including foreign adversaries engaged in industrial espionage) are skilled at adapting to existing security technology and developing new methods of gaining access to organizations’ sensitive business data, which could result in the loss of proprietary information, including trade secrets. We may be unable to anticipate all types of security threats and to implement preventive measures effective against all such security threats. The techniques used by cyber criminals change frequently, may not be recognized until launched, and can originate from a wide variety of sources, including outside groups such as external service providers, organized crime affiliates, terrorist organizations, or hostile foreign governments or agencies.
Any security breach or other event leading to the loss or damage to, or unauthorized access, use, alteration, disclosure, or dissemination of, personal information, including personal information regarding clinical trial subjects, contractors, directors, or employees, our intellectual property, proprietary business information, or other confidential or proprietary information, could directly harm our reputation, enable competitors to compete with us more effectively, compel us to comply with federal and/or state breach notification laws and foreign law equivalents, subject us to mandatory corrective action, or otherwise subject us to liability under laws and regulations that protect the privacy and security of personal information.
Each of the foregoing could result in significant legal and financial exposure and reputational damage that could adversely affect our business. Notifications and follow-up actions related to a security incident could impact our reputation or cause us to incur substantial costs, including legal and remediation costs, in connection with these measures and otherwise in connection with any actual or suspected security breach. Our efforts to detect and prevent security incidents and otherwise implement our internal security and business continuity measures, including those connected with any actual, potential, or anticipated attack, may cause us to incur significant cost, including those connected with the engagement of additional personnel (including third-party experts and consultants), employment protection technologies, and employee training.