reporting of potential vulnerabilities in the security of our products via our security vulnerability reporting policy, and we aim to remedy any reported and verified vulnerability. However, there can be no assurance that vulnerabilities will not be exploited in the future before they can be identified, or that our remediation efforts are or will be successful.
Any unauthorized access to or control of our products or our systems or any loss of data could result in legal claims or proceedings. In addition, regardless of our veracity, reports of unauthorized access to our products, our systems or data, as well as other factors that may result in the perception that our products, our systems or data are capable of being “hacked,” could negatively affect our brand and harm our business, prospects, financial condition and operating results.
If our security controls are breached or unauthorized or inadvertent access to business customers’ information or other data are otherwise obtained, our services may be perceived as insecure, we may lose existing business customers or fail to attract new business customers, our business may be harmed, and we may incur significant liabilities.
Our future products may involve the collection, storage, transmission and processing of personal, payment, credit and other confidential and private information of our business customers, and may in certain cases permit access to our business customers’ property or help secure them. Such future products that may present privacy and data risks may be subject to privacy and data protection laws and regulations. We also maintain and processes other confidential and proprietary information in our business, including our employees’ and contractors’ personal information and confidential business information. We rely on proprietary and commercially available systems, software, tools and monitoring to protect against unauthorized use or access of the information we process and maintain. Our services and the networks and information systems we utilize in our business are at risk for breaches as a result of third-party action, employee, vendor or partner error, malfeasance, or other factors. For example, we may experience instances of our employees, contractors and other third parties improperly accessing ours and/or our business customers’ systems and information in violation of our internal policies and procedures.
Criminals and other nefarious actors may use increasingly sophisticated methods, including cyberattacks, phishing, social engineering and other illicit acts to capture, access or alter various types of information, to engage in illegal activities such as fraud and identity theft, and to expose and exploit potential security and privacy vulnerabilities in corporate systems and websites. Unauthorized intrusion into the portions of our systems and networks and data storage devices that process and store business customers’ confidential and private information, the loss of such information or the deployment of malware or other harmful code to our services or our networks or systems may result in negative consequences, including the actual or alleged malfunction of our products or services. In addition, third parties, including our partners and vendors, could also be sources of security risks to us in the event of a failure of their own security systems and infrastructure. The threats we face continue to evolve and are difficult to predict due to advances in computer capabilities, new discoveries in the field of cryptography and new and sophisticated methods used by criminals. There can be no assurances that our defensive measures will prevent cyber-attacks or that we will discover network or system intrusions or other breaches on a timely basis or at all. We cannot be certain that we will not suffer a compromise or breach of the technology protecting the systems or networks that house or access our products and services or on which we or our partners or vendors process or store personal information or other sensitive information or data, or that any such incident will not be believed or reported to have occurred. Any such actual or perceived compromises or breaches to systems, or unauthorized access to, or acquisition or loss of, data, whether suffered by us, our partners or vendors or other third parties, whether as a result of employee error or malfeasance or otherwise, could harm our business. They could, for example, cause interruptions in operations, loss of data, loss of confidence in our services and products and damage to our reputation, and could limit the adoption of our services and products. They could also subject us to costs, regulatory investigations and orders, litigation, contract damages, indemnity demands and other liabilities and materially and adversely affect our business customer base, sales, revenue and profits. Any of these could, in turn, have a material adverse impact on our business, financial condition, cash flows or results of operations.
41