The Company depends upon technology-based information systems to conduct business. The Company uses computer systems and other electronic information resources, including both proprietary and third-party technology systems and tools, to process, transmit, receive, and store certain personal, confidential, and proprietary information; to communicate with customers, service providers and other third parties by email and other electronic means; and perform various business operations, including transferring significant amounts of funds using electronic means.
The Company's systems and processes have been, and will likely remain, subject to cyber-attacks and other intrusions. These attacks are occurring with greater frequency and sophistication, and include malware and computer virus attacks, ransomware, unauthorized access, misuse, denial-of-service attacks, system failures and disruptions. A future breach of the Company's systems or the systems of a third-party vendor or services provider could disrupt the Company's ability to conduct business operations. During such an event, systems may be inaccessible to employees, customers, or business partners for an extended period of time and employees may be unable to perform their duties. These attacks could expose the Company to substantial costs and negative consequences, including the loss of funds, costs of investigation and remediation, lost revenues, and reputational damage.
In addition, the email and computer systems used by the Company, its service providers, and agents for the transfer of funds have been subject to fraudulent spoofing attacks. In some cases, unauthorized access or fraudulent attacks have not been immediately detected, thereby increasing the severity of the incident. Funds transferred to a fraudulent recipient are not always recoverable and the Company may be liable for those unrecovered funds. Losses resulting from unrecovered funds could result in a material adverse effect on the Company's financial condition and results of operations.
Old Republic regularly monitors its networks, infrastructure and procedures in an effort to prevent, detect, address, and mitigate these risks. There is no assurance that the Company's security procedures will provide fully effective protection from such events. A cyber incident or fraud attack could have a material adverse effect on the Company's business, financial condition, and results of operations.
Furthermore, Old Republic's businesses must comply with laws and regulations enacted by U.S. federal and state governments, as well as laws enacted by various regulatory organizations or exchanges relating to the privacy and security of the information of clients, employees, or others. These laws and regulations are increasing in complexity and number, change frequently, and sometimes conflict. The compromise of personal, confidential, or proprietary information could expose the Company to liability under federal and state laws, subject it to litigation and investigations, and result in reputational harm, which could have a material adverse effect on the Company's business, financial condition, and results of operations.
The use by businesses, including the Company, of AI and machine learning technologies such as generative AI continues to develop with increasing complexity and changes in the nature of technology. Laws and regulations related to AI are evolving, and there is uncertainty as to potential adoption of new laws and regulations and the application of existing laws and regulations to the use of AI. Old Republic's businesses must comply with laws and regulations enacted by U.S. federal and state governments, as well as laws enacted by various regulatory organizations or exchanges relating to the use of AI. Certain decisions made by Old Republic's businesses using AI must comply with the legal and regulatory standards that apply to these decisions, including unfair trade practice laws. These standards require, at a minimum, that decisions made by Old Republic's businesses are not inaccurate, arbitrary, capricious, or unfairly discriminatory. Compliance with these standards is required regardless of the tools and methods Old Republic uses to make such decisions. In the absence of proper controls, AI has the potential to increase the risk of inaccurate, arbitrary, capricious, or unfairly discriminatory outcomes for consumers. The changing legislative and regulatory environment, an inability to develop appropriate governance and controls, or a lack of internal product or engineering expertise could lead to adverse consequences and subject the Company to competitive harm, legal liability, heightened regulatory scrutiny, and brand or reputational harm.