We face the risk of a security breach, whether through cyber-attack, cyber intrusion or insider threat via the Internet, malware, computer viruses, attachments to e-mails, persons inside our organization or with access to systems inside our organization, subcontractors or suppliers, threats to the physical security of our facilities and employees or other significant disruption of our IT networks and related systems or those of our suppliers or subcontractors. We face an added risk of a security breach or other significant disruption of the IT networks and related systems that we develop, install, operate and maintain on behalf of certain customers, which may involve managing and protecting information relating to national security and other sensitive government functions. The risk of a security breach or disruption, particularly through cyber-attack or cyber intrusion, including by computer hackers, foreign governments and cyber terrorists, is persistent and substantial as the volume, intensity and sophistication of attempted attacks, intrusions and threats from around the world remain elevated and unlikely to diminish.
As an advanced technology-based solutions provider, and particularly as a government contractor with access to national security or other sensitive government information, we face a heightened risk of a security breach or disruption from threats to gain unauthorized access to our and our customers' proprietary information on our IT networks and related systems, our classified networks, and to the IT networks and related systems that we operate and maintain for certain of our customers. These types of information and IT networks and related systems are critical to the operation of our business and essential to our ability to perform day-to-day operations, and, in some cases, are critical to the operations of certain of our customers. We make efforts to maintain the security and integrity of these types of information and IT networks and related systems and have implemented various measures to manage the risk of a security breach or disruption. See "Item 1C -Cybersecurity" in this Report for further discussion of or risk management and strategy related to cybersecurity threats. Our efforts and measures have not been entirely effective in the case of every cyber security incident, but no incident has had a material negative impact on us to date. Even the most well-protected information, networks, systems and facilities remain potentially vulnerable because attempted security breaches, particularly cyber-attacks and cyber intrusions, or disruptions will occur in the future, and because the techniques used in such attempts are constantly evolving and generally are not recognized until launched against a target, and in some cases are designed not to be detected and, in fact, may not be detected. In some cases, the resources of foreign governments may be behind such attacks due to the nature of our business and the industries in which we operate. Accordingly, we may be unable to anticipate these techniques or to implement adequate security barriers or other preventative measures. Thus, it is impossible for us to entirely mitigate this risk, and future cyber security incidents could have a material negative impact on us. A security breach or other significant disruption involving these types of information and IT networks and related systems could:
- Disrupt proper functioning of these networks and systems and, therefore, our operations and/or those of certain of our customers;- Result in unauthorized access to, and destruction, loss, theft, misappropriation or release of, proprietary, confidential, sensitive or otherwise valuable information of ours, our customers or our employees, including trade secrets, which could be used to compete against us or for disruptive, destructive or otherwise harmful purposes and outcomes;- Compromise national security and other sensitive government functions;- Require significant management attention and resources to remedy damages that result;- Result in costs which exceed our insurance coverage and/or indemnification arrangements;- Subject us to claims for contract breach, damages, credits, penalties or termination; and - Damage our reputation with our customers and the general public.
We must also rely on the safeguards put in place by customers, suppliers, vendors, subcontractors or other third parties to minimize the impact of cyber threats, other security threats or business disruptions. These third parties may have varying levels of cybersecurity expertise and safeguards, and their relationships with government contractors, such as us, may increase their likelihood of being targeted by the same cyber threats we face. Our commercial arrangements with these third parties include processes designed to require that the third parties and their employees and agents agree to maintain certain standards for the storage, protection and transfer of confidential, personal and proprietary information. However, we remain at risk of a data breach due to the intentional or unintentional non-compliance by a third party's employee or agent, the breakdown of a third party's data protection processes, which may not be as sophisticated as ours, or a cyber-attack on a third party's information network and systems.
Any or all of the foregoing could have a negative impact on our business, financial condition, results of operations, cash flows and equity, reputation, ability to protect data, assets, and intellectual property, maintenance of customer and vendor relationships, competitive posture, and could lead to litigation or regulatory investigations or actions.