Our computer systems and network infrastructure and those of third-party service providers on which we are dependent, are subject to security risks and could be susceptible to cyber-attacks, such as denial-of-service attacks, hacking, malware, terrorist activities, and other cybersecurity incidents. Industry experts report increasing cyber-attacks against financial services institutions, and the cost of responding to cybersecurity incidents is higher for victims within the financial sector relative to other sectors. Financial services institutions have reported breaches in the security of their websites or other systems, some of which have involved sophisticated and targeted attacks intended to obtain unauthorized access to confidential information, destroy data, disable or degrade service, achieve illicit financial gain, or sabotage systems, often through the introduction of computer viruses, malware, ransomware, cyber-attacks, and other means. Denial-of-service attacks have been launched against several large financial services institutions, primarily resulting in inconvenience, but can also cause operational disruption. Ransomware and other types of cyber-attacks could be more disruptive and damaging. Hacking and identity theft risks arising from instances of data loss or compromise could also cause serious reputational harm to the Company and the Bank.
Our reliance on vendors subjects us to additional cybersecurity risks and vulnerabilities and other threats to our business operations, as vendor security incidents are common. For example, the hardware and software we purchase from suppliers and vendors to facilitate financial services and perform company operations are at risk of having embedded malware, viruses, and other methods intended to develop unauthorized access to confidential information. These types of attacks, known as "supply-chain attacks," have become more prevalent and are creating additional risks through the solutions and tools upon which we rely. While we have a third-party risk management program to oversee our vendors and procurement, our ability to successfully mitigate these risks that occur in the hardware and software of these vendors is limited. Although we generally have agreements relating to cybersecurity and data privacy in place with our vendors, we cannot guarantee that such agreements will prevent a cyber-incident impacting our systems or information or enable us to obtain adequate or any reimbursement from our service providers in the event we should suffer any such incidents. Additionally, the existence of cyber-attacks or security breaches at third-party vendors with access to our data may not be disclosed to us in a timely manner. To the extent we experience supply-chain attacks, our business and reputation could be materially adversely affected, and these third (or fourth) party security incidents could give rise to legal and regulatory risk for the Company and the Bank.
We also face more indirect technology, cybersecurity, and operational risks relating to the customers, clients, and other third parties with whom we do business or upon whom we rely to facilitate or enable our business activities, including, for example, financial counterparties, regulators, and providers of critical infrastructure such as internet access and electrical power. As a result of increasing consolidation, interdependence, and complexity of financial entities and technology systems, a technology failure, cyber-attack, or other information or security breach that significantly degrades, deletes, or compromises the systems or data of one or more of the entities within our operating ecosystem could have a material impact on us and on our customers. This consolidation, interconnectivity, and complexity within the financial services sector increases the risk of operational failure. Any third-party or fourth-party technology failure, cyber-attack, or other information or security breach, termination, or constraint within our ecosystem could, among other things, adversely affect our ability to effect transactions, service our clients, manage our exposure to risk, or expand our business.
In addition, we provide our clients with the ability to bank remotely, including online, through their mobile devices, and over the telephone. The secure transmission of confidential information over the internet and other remote channels is a critical element of remote banking. Our network, or the network of third parties upon which we rely, could be vulnerable to unauthorized access, computer viruses, malware, phishing schemes, and other internal and external security breaches. We may be required to spend significant capital and other resources to protect against threats, or to alleviate problems caused by security breaches or malicious software. To the extent that our activities or the activities of our clients involve the storage and transmission of confidential information, security breaches and malware could expose us to claims, regulatory scrutiny, litigation, and other possible liabilities. Other possible points of intrusion or disruption not within the Company's control include internet service providers, electronic mail portal providers, social media portals, distant-server (cloud) service providers, electronic data security providers, telecommunications companies, and smart phone manufacturers.
Despite efforts to evaluate threats to the security of our systems and data and to implement controls and policies and procedures designed to address the same, cyber threats are rapidly evolving, and we may not be able to anticipate or prevent all such attacks, nor may we be able to implement guaranteed preventive measures against such security breaches. The techniques used by cyber criminals change frequently, may be novel (for example, "zero-day" vulnerabilities), and/or may not be recognized until launched or later (for example, threat actor evading detection for some time), and can originate from a wide variety of sources, including external service providers. These risks may increase in the future as we continue to increase our mobile payment and other internet-based product offerings and expand our internal usage of web-based products and applications. Further, targeted social engineering attacks may be sophisticated and difficult to prevent and our employees, clients, or other users of our systems may be fraudulently induced to disclose sensitive information, allowing cyber criminals to gain access to our systems or data of our clients. Cyber-attacks also could include phishing attempts or e-mail fraud to cause payments or information to be transmitted to an unintended recipient and could include the use of AI and machine learning to launch more automated, targeted and coordinated attacks on targets.
In addition, some of our employees work remotely, including while traveling for business, which increases our cybersecurity risk, creates data accessibility concerns, and makes us more susceptible to security breaches or business disruptions. While we have implemented measures to secure remote access to our systems and to educate our users on the risks associated with working remotely, we cannot guarantee that unauthorized access will not occur through these remote channels.
A successful penetration or circumvention of system security could cause us serious negative consequences, including significant disruption of operations, misappropriation of confidential information, or damage to our computers or systems or to those of our clients and counterparties. A successful security breach or other cybersecurity incident involving our computer systems and network infrastructure, or those of the third-party service providers upon which we rely, could result in violations of applicable data privacy and data security/data breach and other laws and contractual requirements, financial loss to us or to our clients, loss of confidence in our security measures, significant litigation exposure, and harm to our reputation, all of which could have a material adverse effect on our business, financial condition, and results of operations.