Despite the implementation of security measures in an effort to protect systems that store our information, given the size and complexity of such systems and the increasing amounts of information maintained on our internal information technology systems and those of our third-party CROs, other contractors (including sites performing our clinical trials), third-party service providers and supply chain companies, consultants and other partners, these systems are potentially vulnerable to breakdown or other damage or interruption from service interruptions, system malfunction, natural disasters, terrorism, war, and telecommunication and electrical failures, as well as security breaches from inadvertent or intentional actions by our employees, contractors, consultants, business partners and/or other third parties, or from cyber-attacks by malicious third parties, which may compromise our system infrastructure or lead to the loss, destruction, alteration or dissemination of, or damage to, our data. From time to time, we are subject to business email compromise attack attempts. In August 2023, we discovered a business email compromise attack that resulted in the misappropriation of approximately $0.9 million. While we have implemented remedial measures in response to this incident and recovered $0.8 million of those losses through insurance claims, we cannot guarantee that such measures will prevent additional related, as well as unrelated incidents, or that we will be able to defend against or successfully remediate any such attacks that may occur in the future. If a material system failure, accident or security breach were to occur and cause interruptions in our operations or the operations of third-party collaborators, service providers, contractors and consultants, it could result in a material disruption of our development programs and significant reputational, financial, legal, regulatory, business or operational harm.
Further, since we sponsor clinical trials, any breach that compromises patient data and identities causing a breach of privacy could have significant adverse consequences on our business. For example, the loss of clinical trial data from completed or future clinical trials could affect trust in us, negatively impacting our ability to recruit for future clinical trials, result in delays in our regulatory approval efforts and significantly increase our costs to recover or reproduce the data. To the extent that any disruption or security breach were to result in a loss, destruction, unavailability, alteration or dissemination of, or damage to, our data or applications, or inappropriate disclosure of confidential proprietary information, or for it to be believed or reported that any of these occurred, we could incur liability and reputational damage and the development and commercialization of NGN-401 or other product candidates could be delayed.
As our employees work remotely and use network connections, computers, and devices outside of our premises or network, including working at home, while in transit and in public locations, there are risks to our information technology systems and data. Additionally, business transactions (such as acquisitions or integrations) could expose us to additional cybersecurity risks and vulnerabilities, as our systems could be negatively affected by vulnerabilities present in acquired or integrated entities' systems and technologies.
While we have implemented security measures designed to protect against security incidents, there can be no assurance that these measures will be effective. We may be unable in the future to detect vulnerabilities in our information technology systems because such threats and techniques change frequently, are often sophisticated in nature, and may not be detected until after a security incident has occurred. Further, we may experience delays in developing and deploying remedial measures designed to address any such identified vulnerabilities. Applicable data privacy and security obligations may require us to notify relevant stakeholders, patients or other individuals, regulators or, in certain circumstances, the media of security incidents. Such disclosures are costly, and the disclosure or the failure to comply with such requirements could lead to adverse consequences, including damage to our reputation.
We rely on third-party service providers and technologies to operate critical business systems, including to process sensitive information in a variety of contexts. Our ability to monitor these third parties' information security practices is limited, and these third parties may not have adequate information security measures in place. If our third-party service providers experience a security incident or other interruption, we could experience adverse consequences as a result. While we may be entitled to damages if our third-party service providers fail to satisfy their privacy or security-related obligations to us, any award may be insufficient to cover our monetary, reputational and other damages, or we may be unable to recover such award. In addition, supply-chain attacks have increased in frequency and severity, and we cannot guarantee that third parties' infrastructure in our supply chain or our third-party partners' supply chains have not been and will not be compromised.
If we (or a third party upon whom we rely) experiences a security incident or is perceived to have experienced a security incident, we may experience adverse consequences, such as government enforcement actions (for example, investigations, fines, penalties, audits, and inspections); additional reporting requirements and/or oversight; restrictions on processing personal information (including sensitive data); litigation (including class claims); indemnification obligations; negative publicity; reputational harm; monetary fund diversions; interruptions in our operations (including availability of data); increased investigation and compliance costs; financial loss; and other similar harms. Security incidents and attendant consequences may cause our stakeholders (including investors and potential customers) to stop supporting our business, deter new customers from our products, deter patients from participating in clinical trials and negatively impact our ability to grow and operate our business.
Our contracts may not contain limitations of liability, and even where they do, there can be no assurance that limitations of liability in our contracts are sufficient to protect us from liabilities, damages, or claims related to our data privacy and security obligations. We cannot be sure that our insurance coverage will be adequate or sufficient to protect us from or to mitigate liabilities arising out of our privacy and security practices or from disruptions in, or failure or security breach of, our systems or third-party systems where information important to our business operations or commercial development is stored, or that such coverage will continue to be available on commercially reasonable terms or at all, or that such coverage will pay future claims.