MKS Instruments (MKSI) Risk Analysis

Our ability to maintain and grow our business is directly related to the service of our employees, who we consider to be a significant asset. Our performance is directly tied to our ability to hire, train, motivate and retain qualified personnel, including highly skilled technical, financial, managerial, and sales and marketing personnel. There is significant competition for personnel in the technology and sciences marketplace, particularly in certain geographies where we are located, including the Boston area, Orange County and the San Francisco Bay area of California, China, Germany, Japan and Singapore. Also, employees in our industries are increasingly able to work remotely, which could increase employee mobility and turnover, making it more difficult for us to attract and retain employees. In addition, many of our product manufacturing processes and product services require deep technical expertise, and it can be particularly challenging to identify and attract candidates and retain employees possessing such expertise. We have experienced, and may continue to experience, attrition in certain key positions. For example, Seth H. Bagshaw, our Executive Vice President, Chief Financial Officer and Treasurer, will retire from these positions on April 1, 2024, and as of February 27, 2024, we had yet to appoint his replacement. A related challenge is that a significant portion of our technical talent is nearing retirement age, and we may have difficulty attracting a sufficient number of employees with the necessary skills to replace them. If we are unable to hire sufficient numbers of qualified employees or retain and motivate existing employees, our business and operating results would be harmed.

From time to time, we may be involved in legal proceedings, enforcement actions or claims regarding product performance, product warranty, product certification, product liability, patent infringement, misappropriation of trade secrets, other intellectual property rights, data privacy, antitrust, environmental regulations, trade regulations, securities, contracts, unfair competition, employment, workplace safety, and other matters. We can provide no assurance of the outcome of these legal proceedings, enforcement actions or claims or that the insurance we maintain will be adequate to cover them. For example, some of our products, such as certain ultrafast lasers, are used in medical and scientific research applications where malfunctions could result in serious injury. Certain of our products may be hazardous if not operated properly or if defective. Other products of ours, including our chemicals products and laser systems, are inherently hazardous and must be used with particular care. We are exposed to significant risks for product liability claims in the event of a significant line down situation or if death, personal injury or property damage results from the handling, use or storage of our products, including our chemical products and laser systems. We may experience material product liability losses in the future. We currently maintain insurance for certain product liability claims. However, our insurance coverage may not continue to be available on acceptable terms, if at all. This insurance coverage also may not adequately cover liabilities that we incur. Further, if our products are defective, we may be required to recall or redesign these products. A successful claim against us that exceeds our insurance coverage level or that is not covered by insurance, or any product recall, could have a material adverse effect on our commercial relationships, business, financial condition and operating results. In addition, securities class action lawsuits and derivative lawsuits are often brought against companies who have entered into business combinations and acquisitions. We were previously involved in securities class action litigation in connection with the acquisitions of Newport and ESI. In each case, the plaintiffs alleged, among other things, that the then-current directors of the acquired company breached their fiduciary duties to their respective shareholders by agreeing to sell the company through an inadequate and unfair process, leading to inadequate and unfair consideration, by agreeing to unfair deal protection devices, and by omitting material information from the proxy statement. We, or the companies we acquire, may be subject to additional securities class action litigation in connection with other recently completed or future business combinations and acquisitions. With respect to data privacy and intellectual property, as a result of the ransomware event described under "Risks Related to Cybersecurity, Data Privacy and Intellectual Property Protection" above, and under "Management's Discussion and Analysis of Financial Condition and Results of Operations-Ransomware Event" below, we were previously subject to two lawsuits, and we may be subject to future litigation, investigations, claims or actions, in addition to fines, penalties, or other obligations related to impacted data, whether or not such data is misused. While we intend to vigorously defend any lawsuits, in light of the inherent uncertainties involved in such proceedings, we may incur losses associated with any such proceedings. Additionally, ongoing legal and other costs related to any potential future proceedings and inquiries, may be substantial, and losses associated with any adverse judgments, settlements, penalties or other resolutions of such proceedings and inquiries could be significant and have a material adverse impact on our business, reputation, financial condition, cash flows and operating results. In addition, we have from time to time received claims from third parties alleging that we are infringing certain trademarks, patents or other intellectual property rights held by them. Such infringement claims have in the past resulted in, and may in the future result in, litigation, settlement or enforcement action. Any such action could be protracted and costly, and we could become subject to damages for infringement, or to an injunction preventing us from making, selling or using certain of our products or services, or using certain of our trademarks. Such claims could also result in the necessity of obtaining a license or paying damages relating to one or more of our products, services or current or future technologies, which may not be available on commercially acceptable terms or at all. Any intellectual property action and the failure to obtain necessary licenses or other rights or develop substitute technology may divert management's attention from other matters and could have a material adverse effect on our business, financial condition and operating results. In addition, the terms of some of our customer contracts require us to indemnify the customer for any claim of infringement brought by a third party based on our products. Claims of this kind may have a material adverse effect on our commercial relationships, business, financial condition or operating results. Although our standard commercial documentation sets forth the terms and conditions that we intend to apply to commercial transactions with our business partners, counterparties to these transactions may not explicitly agree to our terms and conditions. In situations where we engage in business with a third party without an explicit written agreement regarding the applicable terms and conditions, or where the commercial documentation applicable to the transaction is subject to interpretation, we may have disputes with those third parties regarding the applicable terms and conditions of our transaction with them. These disputes could result in deterioration of commercial relationships, costly and time-consuming litigation or additional concessions or obligations being offered by us to resolve these disputes, or could impact our net revenue or cost recognition. Any of these outcomes could materially and adversely affect our business, financial condition and operating results. In addition, from time to time in the normal course of business we indemnify parties with whom we enter into contractual relationships, including customers, suppliers, consultants and lessors, with respect to certain matters. We have agreed, under certain conditions, to hold these parties harmless against losses, such as those arising from a breach of representations or covenants, negligence or willful misconduct, and other third-party claims that our products and/or technologies infringe intellectual property rights. We may be compelled to enter into or accrue for probable settlements of alleged indemnification obligations, or we may be subject to potential liability arising from our customers' involvement in legal disputes. In addition, notwithstanding the provisions related to limitations on our liability that we seek to include in our business agreements, the counterparties to such agreements may dispute our interpretation or application of such provisions, and a court of law may not interpret or apply such provisions in our favor, any of which could result in an obligation for us to pay significant additional damages and engage in costly legal proceedings. It is difficult to determine the maximum potential amount of liability under any indemnification obligations, whether or not asserted, due to the unique facts and circumstances likely to be involved in any particular claim. Our business, financial condition and operating results in a reported fiscal period could be materially and adversely affected if we expend significant amounts in defending or settling any asserted claims, regardless of their merit or outcomes. Legal proceedings, enforcement actions and claims, whether with or without merit, and associated internal investigations, may be time-consuming and expensive to prosecute, defend or conduct; divert management's attention and other resources; inhibit our ability to sell our products or services; result in adverse judgments for damages, injunctive relief, penalties and fines; and negatively affect our business, including result in a material adverse effect on our financial condition, operating results and cash flows. We can make no assurances regarding the outcome of current or future legal proceedings, enforcement actions, claims or investigations or that the insurance we maintain will be adequate to cover them.

As a global company, we are subject to taxation in the United States and various other countries. Significant judgment is required to determine and estimate worldwide tax liabilities. Our future annual and quarterly effective tax rates could be materially affected by numerous factors, including changes in the following: applicable tax laws; the organizational structure of our business, including reorganizations, location of assets and outstanding indebtedness; composition of pre-tax income in countries with differing tax rates; our determinations of tax liabilities; and/or valuation of our deferred tax assets and liabilities. Changes in U.S. tax law, such as the Tax Cuts and Jobs Act, the Inflation Reduction Act, and changes in regulations and tax guidance may affect our business. Additionally, the United States is considering various corporate and international income tax proposals, which, if enacted, could have a material impact on our provision for income taxes and effective tax rate. Many countries in which we operate are implementing legislation and other tax changes to align their tax systems with the Organisation for Economic Co-operation and Development global minimum tax rate known as Pillar Two of the Global Anti-Base Erosion ("GloBE") rules. The GloBE rules provide a framework for a coordinated multi-country system of taxation intended to ensure large multinational enterprise groups pay a minimum level of tax on the income arising in each of the jurisdictions where they operate. Many jurisdictions, including many EU countries, have enacted certain provisions of the GloBE rules effective as of January 1, 2024. The GloBE rules could have a materially adverse effect on our financial condition and operating results. We are subject to regular examination by the U.S. Internal Revenue Service and state, local and foreign tax authorities. We regularly assess the likelihood of favorable or unfavorable outcomes resulting from these examinations to determine the adequacy of our provision for income taxes. Although we believe our tax estimates are reasonable, we can make no assurances that any final determination of tax liability will not be materially different from the treatment reflected in our historical income tax provisions and accruals, which could materially and adversely affect our financial condition and operating results. We qualify for tax incentives based on our ability to meet, on a continuing basis, various tests relating to our employment levels, research and development expenditures and other qualification requirements in a particular jurisdiction. While we intend to operate in such a manner to maintain and maximize our tax incentives, we can make no assurances that we have so qualified or that we will so qualify for any particular year or jurisdiction. If we fail to qualify or remain qualified for certain tax incentives, the tax incentives we previously received may be terminated and/or retroactively revoked, requiring repayment of past tax benefits, and we would be subject to an increase in our effective tax rate, which could have a materially adverse impact our financial results.

Our operations are subject to various federal, state, local and international laws and regulations relating to environmental protection, including those governing discharges of pollutants into the air, water and land, the reporting, generation, use, handling, storage, transportation, treatment and disposal of hazardous substances, waste and other materials and the cleanup of contaminated sites. In the United States, we are subject to the federal regulation and control of the EPA, and we are subject to regulations and controls of comparable authorities in other countries. Some of our operations, including our chemical operations, require environmental permits and controls to prevent and reduce air and water pollution, and these permits are subject to modification, renewal and revocation by issuing authorities. Future developments, administrative actions or liabilities relating to environmental matters, including sanctions such as capital expenditure obligations, clean-up and removal costs, long-term monitoring and maintenance costs, costs of waste disposal, natural resource damages and payments for property damage and personal injury, could have a material adverse effect on our business, financial condition or operating results. Although we believe that our safety procedures for using, handling, storing and disposing of such materials comply with the standards required by applicable federal, state, local and international laws and regulations, we cannot completely eliminate the risk of accidental contamination or injury from these materials, including risks related to our chemical products, which are inherently hazardous. We have been, and may in the future be, subject to claims by employees or third parties alleging contamination or injury, and could be liable for damages, which liability could exceed the amount of our liability insurance coverage (if any) and the resources of our business. Certain portions of the soil at the former facility of our Spectra-Physics lasers business, located in Mountain View, California, and certain portions of the aquifer surrounding the facility, through which contaminated groundwater flows, are part of an EPA-designated Superfund site and are subject to a cleanup and abatement order from the California Regional Water Quality Control Board. Spectra-Physics, which we acquired as part of the Newport acquisition in April 2016 and which had been acquired by Newport in 2004, along with other entities with facilities located near the Mountain View, California facility, were identified as responsible parties with respect to this Superfund site, due to releases of hazardous substances during the 1960s, 1970s and 1980s. Spectra-Physics and the other responsible parties entered into cost-sharing agreements covering the costs of remediating the off-site groundwater impact. The site is mature, and investigations, monitoring and remediation efforts by the responsible parties have been ongoing for approximately 35 years. We have certain ongoing costs related to investigation, monitoring and remediation of the site that have not been material to us as a whole in the recent past. However, while we benefited from the indemnification of certain costs by a third party in the past, that indemnification is now in a transition period, and we will become subject to a greater portion of costs of remediation going forward. Our ultimate costs of remediation and other potential liabilities are difficult to predict. In the event that the EPA and the California Regional Water Quality Control Board determine that the site cleanup requires additional measures to ensure that it meets current standards for environmental contamination, or if they enhance any of the applicable required standards, we will likely become subject to additional remediation obligations in the future. In addition to our investigation, monitoring and remediation obligations, we may be liable for property damage or personal injury claims relating to this site. While we are not aware of any material claims at this time, such claims could be made against us in the future. If significant costs or other liability relating to this site arise in the future, our business, financial condition and operating results would be adversely affected. In addition, some of MSD's manufacturing facilities and former facilities have an extended history of chemical manufacturing operations or other industrial activities, and contaminants have been detected at some of those sites. We or our predecessors have in the past been, and are currently, required to remediate contamination at several of these current and former sites, and there remains some risk that further investigation and remediation might be necessary. The environmental regulations that we are subject to include a variety of federal, state, local and international regulations that restrict the use and disposal of materials used in the manufacture of our products or require design changes or recycling of our products. If we fail to comply with any present or future regulations, we could be subject to future liabilities, the suspension of manufacturing or a prohibition on the sale of products we manufacture. In addition, these regulations could restrict our ability to equip our facilities or could require us to acquire costly equipment, or to incur other significant expenses to comply with environmental regulations, including expenses associated with the recall of any non-compliant product and the management of historical waste. For example, in addition to EU REACH, which regulates the use of certain hazardous substances in certain products, the EU has enacted the Waste Electrical and Electronic Equipment Directive, which requires the collection, reuse and recycling of waste from certain products. Compliance with such laws requires significant resources. These regulations may require us to redesign our products or source alternative components to ensure compliance with applicable requirements, for example by mandating the use of different types of materials in certain components. Any such redesign or alternative sourcing may increase the cost of our products, adversely impact the performance of our products, add greater testing lead-times for product introductions, or in some cases limit the markets for certain products. Further, such environmental laws are frequently amended, which increases the cost and complexity of compliance. For example, such amendments have in the past resulted in, and may in the future result in, certain of our products falling within the scope of a directive, even if they were initially exempt. In addition, certain of our customers, particularly OEM customers whose end products may be subject to these directives, may require that the products we supply to them comply with these directives, even if not mandated by law. Because certain directives, for example, those issued from the EU, are implemented in individual member states, compliance is particularly challenging. Our failure to comply with any of such regulatory requirements or contractual obligations could result in our being directly or indirectly liable for costs, fines or penalties and third-party claims, and could jeopardize our ability to conduct business in certain countries.

The COVID-19 pandemic subjected, and the emergence of other widespread health crises may subject, our business, financial condition and operating results to a number of risks, including: - Supply chain disruptions and other operational challenges, including shortages of and significant price increases and increased lead times for raw materials, components and subassemblies, in particular where we rely on sole and limited source suppliers, increased employee turnover, increased health and safety measures, site closures, and other restrictions on the movement of people, goods and raw materials, which could reduce our ability to obtain materials from suppliers and meet customer demand, in each case on favorable terms, on a timely basis, or at all, harming our relationships with customers, creating opportunities for competitors and exposing us to contractual disputes or liability;- The implementation of government mandates and other regulatory actions, including periodic business shutdowns, manufacturing restrictions, and quarantines, which could reduce or halt our operations or the operations of our customers and suppliers, carry into the future for an extended or unknown duration, and contain complex requirements that make compliance difficult;- Decreased employee productivity or availability, whether due to illnesses or due to the measures we or government authorities may take to mitigate their spread and effects, including site closures, restrictions on travel and vaccine mandates, which could lead to employee attrition; and - A decline in industry and global economic conditions that reduces demand from and weakens the financial health of our customers, resulting in delayed or canceled orders, requests for payment deferrals or other contract modifications, and, if we do not anticipate significant or sudden decreases in order patterns, excess inventory. These risks may be heightened in certain geographies, segments and markets. For example, some of our GMF customers were negatively impacted by disruptions associated with COVID-19 in China from the fourth quarter of 2022 into the first quarter of 2023. In addition, the COVID-19 pandemic exacerbated, and the emergence of other widespread health crises could exacerbate, the other risks described here and in our future filings with the SEC.

We operate in highly competitive markets characterized by rapid technological advances, frequent product introductions and enhancements, changing customer requirements, evolving industry standards, substantial capital investment and increasing price pressure. Our success depends upon our ability to continuously develop, market and support superior products, processes and solutions. Factors that could harm our competitive position include: - Our failure to anticipate demand for and internally develop or acquire new, improved and disruptive technologies;- Our investment in emerging applications that do not achieve widespread adoption or significant growth;- Delays in introducing new, enhanced and differentiated products, many of which are difficult to design and manufacture because of their sophistication and complexity;- Reduced manufacturing capabilities, customer service or support;- Our inability to have semiconductor device manufacturers direct semiconductor capital equipment manufacturers to use our products at their semiconductor fabrication facilities;- Our inability to have global electronics OEMs specify our products in their manufacturing processes for the rigid PCB manufacturers they use;- Failure of customers to achieve market demand for their products that incorporate our technologies;- Efforts of customers to internally develop products that compete with our technologies or to engage subcontract manufacturers or system integrators to manufacture competitive products on their behalf;- Competitors that develop products that offer superior performance or technological features;- Competitors with greater financial, technical, marketing and other resources, including ownership by or affiliations with members of government, political entities or larger, multinational businesses, which may offer a number of competitive advantages, such as the ability to incur lower costs due to control over sources of components and raw materials or exclusive agreements with suppliers thereof;- Competitors with greater recognition and stronger presences in specific product niches and/or regions, including in the specialty chemicals industry;- Competitors, particularly in Asia, that are able to develop low-cost competitive products;- Difficulties in displacing competitors' products that are designed into customers' products;- Pricing pressure from customers and competitors, particularly new competitors that offer aggressive price and payment terms in an attempt to gain market share, and especially during cyclical downturns in our markets, when end-markets become more sensitive to costs and competitors are more likely to seek to maintain or increase market share, reduce inventory or introduce more technologically advanced or lower-cost products;- Industry consolidation among competitors, which could exacerbate certain of these factors; and - Regulatory changes that prevent or restrict the supply of our products and services to a particular industry, market or country. Certain of these factors could cause customers to defer or cancel orders for our products and/or place orders for our competitors' products. This is particularly significant to us, as our success depends on many of our products being designed into new generations of equipment and manufacturing processes. Certain markets in which we operate, such as the semiconductor capital equipment market and the mobile phone market, which is part of our electronics and packaging market, experience cyclicality and unevenness in capital spending. If we are unable to introduce new products in a timely manner or are otherwise unsuccessful in making sales to customers, we may miss market upturns or fail to have our products or subsystems designed into our customers' products. For example, new products designed by capital equipment manufacturers historically have had a lifespan of five to fifteen years. We must develop products that are technologically advanced in a timely manner so that they are positioned to be chosen for use in each successive generation of capital equipment. These factors could also prompt us to agree to pricing concessions or extended payment terms with our customers, in an effort to expand into new markets, gain volume orders or improve customer cost of ownership in highly competitive applications. In other cases, we may discontinue selling certain products if we cannot offset price erosion through shifts in operations. Finally, these factors could render the portfolios of products or lines of business from which we generate significant net revenues obsolete. For example, MSD has lost business to customers who identify alternative materials or processes and therefore no longer require as much or any specialty chemicals. If our customers or the industries we serve shift to other technologies, our business, financial condition and operating results would be harmed.

We offer products for very diverse markets. Because we operate in multiple markets, we must work constantly to understand the needs, standards and technical requirements of many different applications within these markets, and must devote significant resources to developing different products for these markets. Product development is costly and time consuming. We must anticipate trends in our customers' industries and develop products before our customers' products and processes are commercialized. If we do not anticipate our customers' needs and future activities, we may invest substantial resources in developing products that do not achieve broad market acceptance. Our growth prospects rely in part on successful entry into new markets, which depends on displacing competitors who are more familiar with these markets and better known to customers. In many cases, we are attempting to enter or expand our presence in these new markets with newly introduced products that are not yet proven in the industry. Our decision to continue to offer products to a given market or to penetrate new markets is based in part on our judgment of the size, growth rate, profitability and other factors that contribute to the attractiveness of a particular market. If our product offerings in any particular market are not competitive, our analyses of a market are incorrect or our sales and marketing approach for a market is ineffective, we may not achieve anticipated growth rates in this market, and our business, financial condition and operating results would be harmed. Further, serving diverse markets requires an understanding of different sales cycles and customer types, and the development and maintenance of a complex global sales team and sales channels to support each market's differing needs. It also requires dynamic operations that can support both complex, customized product builds as well as quick turn-around for commercial off-the-shelf sales. If we fail to provide sales and operational support for our diverse markets, our business, financial condition and operating results would be harmed.

Our success and ability to compete depend in large part upon protecting our proprietary technology. We rely on a combination of patent, trademark and trade secret protection and other agreements, such as nondisclosure agreements and other contractual agreements with our employees and third parties, to protect our proprietary rights. The steps we have taken may not be sufficient to prevent the misappropriation of our intellectual property, particularly in countries and regions outside, for example, the United States and Europe, where laws may not protect our proprietary rights as fully. For example, the patent prosecution and enforcement systems within China and India, where we have a significant customer base and manufacturing presence, are less robust than these systems in certain other jurisdictions and, as a result, we may be limited in our ability to enforce our intellectual property rights there. We may also be at a disadvantage in any enforcement proceeding in China and India as a foreign entity seeking protection against a locally headquartered company. Patent and trademark laws and trade secret protection may not adequately deter third-party infringement or misappropriation of our patents, trademarks, trade secrets and similar proprietary rights. In addition, patents issued to us may be challenged, invalidated or circumvented. The loss or expiration of any of our key patents could lead to a significant loss of sales of certain of our products and could materially affect our operating results. We have in the past and may in the future be subject to or may initiate interference proceedings, validity challenges or opposition proceedings in the U.S. Patent and Trademark Office, the European Patent Office, or similar agencies, which can demand significant financial and management resources. The process of seeking patent protection can be time consuming and expensive and patents may not be issued from pending or future applications. Moreover, our existing patents or any new patents that may be issued may not be sufficient in scope or strength to provide meaningful protection or a commercial advantage to us. We may initiate claims, enforcement actions or litigation against third parties for infringement of our proprietary rights in order to determine the scope and validity of our proprietary rights or the proprietary rights of our competitors, which claims could result in costly litigation, the diversion of our technical and management personnel and the assertion of counterclaims by defendants, including counterclaims asserting invalidity of our patents. We will take such actions where we believe that they are of sufficient strategic or economic importance to us to justify the cost.

We rely on various IT networks and systems, some of which are managed by third parties, to process, transmit and store electronic information and to carry out and support a variety of business activities, including, among others, finance and accounting, order management, human resources, communications, manufacturing, research and development, intellectual property, supply chain management, sales and IT, including critical functions such as internet connectivity, network communications, and email. Many of these activities are processed via Software-as-a-Service ("SaaS") products provided by third parties and hosted on their own networks and servers or on third-party networks and servers. The data on such IT networks and systems includes confidential information, personally identifiable information, transactional information and intellectual property belonging to us and our employees, customers, suppliers and other business partners. We and our third-party administrators, vendors and partners are subject to ongoing cybersecurity threats, including ransomware and other malware, hacking, phishing, smishing, denial of service attacks, employee errors or malfeasance, telecommunication failures, system failures, natural disasters and other attacks and events. We cannot guarantee that these threats will not have an adverse impact on our business, financial condition or results of operations. For example, as further described in "Management's Discussion and Analysis of Financial Condition and Results of Operations-Ransomware Event" in Part II, Item 7 of this Annual Report on Form 10-K, in February 2023, we identified that we had become subject to a ransomware event. Based on our investigation, we concluded ransomware actors encrypted certain of our systems by deploying malware. This incident required us to temporarily suspend operations at certain of our facilities and had a material impact during the three months ended March 31, 2023 on our ability to process orders, ship products and provide service to our Vacuum Solutions Division ("VSD") and PSD customers. For the year ended December 31, 2023, we incurred net costs related to the incident of approximately $15 million. We expect to continue to incur these and other costs related to the incident in the future. In addition, as a result of the incident, we were previously subject to two lawsuits, and we may be subject to future litigation, investigations, claims or actions, in addition to fines, penalties, or other obligations related to impacted data, whether or not such data is misused. We face the challenge of supporting our older IT systems and implementing necessary upgrades. Further, as we transition to using more cloud-based solutions that are dependent on the internet or other networks to operate, we expose ourselves to additional or different cybersecurity and other data security threats, whether directly or through our third-party administrators, vendors and partners. As cybersecurity threats rapidly evolve and become increasingly difficult to detect and defend against, our current security controls and measures may not be effective in detecting vulnerabilities or preventing cybersecurity incidents. These risks may be further amplified by the increased reliance on remote access to IT systems as a result of the use of SaaS software, cloud and remote services, and employees working remotely. Additionally, we may need to update security protocols for, transition to or from, or integrate various information management systems as a result of mergers, acquisitions and divestitures. The systems that we acquire or that are used by acquired entities or businesses may pose security risks of which we are unaware or unable to mitigate, particularly during the transition of these systems. The evolving regulatory landscape for data privacy presents a number of legal and operational challenges, and our efforts to comply with relevant regulations may be unsuccessful. For example, regulations in the European Union (the "EU") and China prohibit the transfer of personally identifiable information from their respective countries to other countries whose laws do not adequately protect personal data. While we have utilized certain permitted approaches for transferring personally identifiable information from these countries, these approaches may be invalidated by courts or regulatory bodies and we may be required to ascertain an alternative legal basis for such transfers. Additionally, based on our investigation of the ransomware event we identified in February 2023, we became aware on February 13, 2023 that the ransomware actors may have exfiltrated personal information from our systems. We provided notifications to individuals and to regulators in accordance with applicable laws, and we may be required to provide additional notifications in the future. See "-We are exposed to various risks related to legal proceedings, including, for example, product liability claims, intellectual property infringement claims, regulatory claims, contractual claims and class action litigation, which if successful, could have a material adverse effect on our commercial relationships, business, financial condition and operating results" below for more information regarding legal risks associated with privacy-related matters. A failure to comply with the evolving regulatory landscape, or a breach of our operational or security systems or infrastructure, or those of our customers, suppliers and other business partners, could disrupt our business, including business operations and manufacturing processes; result in the disclosure, misuse, corruption or loss of confidential or other valuable business information, including intellectual property, personally identifiable information and other critical data of ours and our employees, customers, suppliers and other business partners; result in competitive disadvantages to the extent the information is competitively sensitive; damage our reputation; negatively affect our relationships with our employees, customers, suppliers and other business partners, including loss of confidence, which could lead to loss of or reduction in orders; divert the attention of management; cause losses; result in litigation, investigations or liability under contracts; require notifications to regulatory authorities and impacted individuals; result in significant penalties and/or fines from regulatory bodies, including pursuant to privacy laws and export control laws; add to the complexity of our compliance obligations; increase our cybersecurity protection costs; and result in the incurrence of remediation costs. These adverse effects would likely be amplified in the event a breach of operational or security systems remains undetected for an extended period of time. The costs of compliance with, and other burdens imposed by, privacy, cybersecurity, data protection and data localization laws, regulations and policies, including restrictions on marketing activities, could have a material adverse effect on our business, financial condition and operating results. For example, as a result of the ransomware event described above, we have incurred costs, and we expect to continue to incur costs, which may be significant, in connection with efforts to investigate the incident, assess the impact of the incident, recover our systems, enhance our data security and protect against unauthorized access to, or manipulation of, our systems and data. Despite incurring these costs, we may not have identified and may not be able to remediate all of the potential causes of the incident, and similar incidents may occur in the future. Further, customers and third-party providers increasingly demand rigorous contractual provisions regarding privacy, cybersecurity, data protection, confidentiality, and intellectual property, which may also increase our overall compliance burden and potential liability. Although we maintain insurance related to cybersecurity risks, these costs, expenses, liability and other matters may not be adequately covered by insurance and may result in an increase in our costs for insurance or insurance not being available to us on economically feasible terms, or at all. Insurers may also deny us coverage as to any future claim. Any of these results could harm our business, financial condition and reputation.