projects by the scheduled date, but may suffer reputational harm and loss of future business if we do not meet our contractual commitments. In addition, if a project experiences a performance problem, we may not be able to recover the additional costs we will incur, which could exceed revenue realized from a project. Under our managed service contracts, we may be required to pay liquidated damages if we are unable to maintain agreed-upon service levels.
In addition, many of our client contracts contain service level and performance requirements, including requirements relating to the quality of our solutions. Failure to meet service requirements or real or perceived errors made by our employees in the course of delivering our solutions could result in a reduction of revenue, which could have a material adverse effect on our business, financial condition, results of operations and prospects. In addition, many of our services and solutions, such as Content Security, require our employees to make judgments that may be subject to negative publicity or otherwise be scrutinized in hindsight, and in some cases our clients have sought to hold us responsible for or distance themselves from real or perceived errors of judgment.
Unauthorized or improper disclosure of personal or other sensitive information, or security breaches and incidents, whether inadvertent or purposeful, including as the result of a cyber-attack, could result in liability and harm our reputation, each of which could adversely affect our business, financial condition, results of operations and prospects.
Our business depends significantly upon our technology infrastructure, data, equipment, and systems. Our clients also typically provide data and systems that our employees use to provide services to those clients. Internal or external attacks on either our or our clients’ technology infrastructure, data, equipment, or systems could disrupt the normal operations of our and our clients’ businesses, including by impeding our ability to provide critical solutions to our clients. In addition, in the ordinary course of our business we collect, use, store, process, and transmit information about our employees, our clients and customers of our clients, including personal information and protected health information. While we believe we take reasonable measures to protect the security of, and against unauthorized or other improper access to, our technology infrastructure, data, equipment, and systems, including with respect to personal, protected health, and proprietary information, it is possible that our security controls and practices may not prevent unauthorized or other improper access to our technology infrastructure, data, equipment, or systems, or the disclosure of personal, protected health or proprietary information. In addition, we rely on systems provided by third parties, which may also suffer security breaches or incidents. Such unauthorized or other improper access, disclosures, security breaches or incidents may be inadvertent, or may come about due to intentional misconduct or other malfeasance or by human error or technical malfunctions, including those caused by hackers, employees, contractors, or vendors.
Cybersecurity threats and attacks may take on a variety of forms, ranging from inadvertent disclosures or acts by employees to purposeful attacks by individuals and groups of hackers and even sophisticated organizations, including state-sponsored actors. Cybersecurity risks may result from viruses, worms, and other malicious software programs, including phishing attacks, to hacking or other significant security incidents (e.g., ransomware attacks) targeted against information technology infrastructure and systems, any of which could result in (i) disclosure, unauthorized access to, or corruption of data, including personal information, confidential information and proprietary information, (ii) defective products, including as a result of system and production downtimes, and (iii) interruptions in the ability to operate our business. Any of the foregoing could subject us to liability or damage our reputation. In addition, as the techniques used to obtain unauthorized access or sabotage systems change frequently and may not be identified until they are first launched against a target, despite our efforts to secure our technology infrastructure, data, equipment, and systems, we may be unable to anticipate all attacks or to implement adequate preventative measures against them.
Any unauthorized access, acquisition, use, or destruction of data we collect, store, process or transmit, the unavailability of such data, or other disruptions of our ability to provide services and solutions to our clients, regardless of whether it originates or occurs on our systems or those of third party service providers or our
26