Our information technology systems, which in some cases rely on third-party providers, have in the past, and may in the future, experience service interruptions, degradation or other performance problems because of hardware and software defects or malfunctions, distributed denial-of-service and other cyberattacks, infrastructure changes, human error, natural/weather disasters, power losses, disruptions in telecommunications services, fraud, military or political conflicts, terrorist attacks, computer viruses, ransomware, malware, or other events. Our systems are also subject to break-ins, sabotage, theft, and intentional acts of vandalism perpetrated by criminal third parties, third parties we do business with, or team members. Our reliance on third parties increases our exposure to such risks as we cannot exercise direct control over such persons / entities.
While we endeavor to keep all systems current, there can be no guarantee that we can update and maintain our systems at all times. In instances where we are unable to do so, our risk mitigation efforts may fail. Any such failure could lead to website downtime, disruptions to our information technology systems, or malicious behavior by threat actors. In 2024, we completed the implementation of our new ERP system, designed to accurately maintain the Company's financial records, enhance operational functionality, and provide timely information to the Company's management team related to the operation of the business. The ERP system implementation process has required, and will continue to require, the investment of personnel and financial resources as we support post-implementation efforts and system functionality. These post-implementation efforts could result in delays, increased costs, and other difficulties, and disruptions or difficulties in using our ERP system could result in harm to our business. Additionally, if the ERP system does not operate as intended, the effectiveness of our internal controls over financial reporting could be adversely affected or our ability to adequately assess those controls could be further delayed.
We utilize technologies at our restaurants that support guest experience and transactions processes, including the processing of guest payments. We go to great lengths to vet the security capabilities of third parties that support these services. These services include retail technologies and related software applications. Although vendors similarly endeavor to maintain systems in a current and secure fashion, they are subject to the same implications as noted above, and these services can as a result be denigrated, compromised or otherwise impacted in a manner that disrupts our ability to operate. Although we will continue to take progressive steps to assess and promote the furthering security capabilities of third parties that support our restaurant operations, compromising events such as distributed denial of service, ransomware attack and other cyber attacks, natural / weather disasters or human error (and other events as noted above) may occur that will cause disruption to our vendors' system, that in turn may impact our ability to interact and transact with guests, on and off premise.
Our business requires the collection, transmission, and retention of large volumes of guest and team member data, including personally identifiable information, through information technology systems maintained by us or vendors retained by us. In particular, our omni-channel approach relies in large part on our information technology systems to operate successfully and allow for capabilities like kiosk transactions, mobile order and pay, third-party delivery, and digital menu boards. Like many other companies, we have experienced, and will continue to experience, attempts to compromise our information technology systems, some of which have been successful but not material. As we expand our business channels, our risk exposure will increase proportionately. The techniques and sophistication used to conduct cyberattacks, as well as the sources and targets of these attacks, change frequently and may not be recognized until or after such attacks have occurred. We continue to make significant investment in physical and technological security measures, team member training, and third-party services to anticipate cyberattacks and prevent breaches, protect our information technology networks and infrastructure, and to identify vendors and service providers that could be vulnerable to damage, disruptions, shutdowns, data loss, or breaches due to criminal conduct, team member error, negligence or malfeasance, utility failures, natural disasters or other catastrophic events, we cannot guarantee that we will be successful in preventing every possible instance of cyberattacks, breach, or data loss, any of which could disrupt our operations, resulting in inefficiencies and a loss of profits.
Additionally, the cybersecurity and privacy requirements, including the regulation of artificial intelligence, imposed by governmental regulations are evolving. Our systems may not be able to immediately satisfy applicable requirements, and may require significant additional investment and time to do so. A significant theft, loss or misappropriation of, or unauthorized access to, our guests' data or other proprietary data could result in fines, legal claims or proceedings, regulatory investigations and actions, or liability for failure to comply with privacy and information security laws, which could disrupt our operations, damage our reputation and expose us to claims from guests and team members, any of which could have a material adverse effect on our Results. Our cyber insurance and business interruption insurance may not be sufficient to cover all losses that may result from a cybersecurity incident. As a result, if we experience any outsized material impacts from a failure of our systems, our Results could be materially and adversely affected. Our reputation as a brand or as an employer could be adversely affected, which could impair our ability to attract and retain guests and qualified employees. There is also the question of interpretation of regulations that are implemented at a federal or state level, and our efforts to assess and validate the applicability of these measures, and if they apply in part or in full from a compliance standpoint. Although we strive to comply with regulations in the most timely manner possible, there may be instances in which an assessment that we deem to be valid and necessary is being conducted, in the face of a differing perspective from a governing agency. It is conceivable that we could be subjected to non-compliance penalties or similar circumstances, that would materially impact our Results.