Our vendors may in turn incorporate AI tools into their offerings, and the providers of these AI tools may not meet existing or rapidly evolving regulatory or industry standards, including with respect to privacy and data security. Further, bad actors around the world use increasingly sophisticated methods, including the use of AI, to engage in illegal activities involving the theft and misuse of personal information, confidential information and intellectual property. Any of these effects could damage our reputation, result in the loss of valuable property and information, cause us to breach applicable laws and regulations, and adversely impact our business.
Our internal computer systems, or those used by our third-party research institution collaborators, CROs or other contractors or consultants, may fail or suffer security breaches.
Despite the implementation of security measures, our internal computer systems and those of our CROs and other contractors, vendors, and consultants may be vulnerable to damage from cybersecurity risks, including attempts to gain unauthorized access to and to harm sensitive or confidential information and networks, insider threats, and ransomware. These vulnerabilities may be heightened as a result of flexible work arrangements, including hybrid or remote work policies implemented by us and our third-party contractors, that were first adopted in response to the COVID-19 pandemic and have continued by many businesses in an effort to attract and retain talent.
Like other companies in our industry, we, and our third party vendors, have from time to time experienced, and will continue to experience in the future, cyberattacks on our information technology systems, including malware and computer virus attacks, despite our best efforts to prevent them. Although such incidents have been immaterial to our business to date, investigations into and remedial efforts in connection with any security incidents, even those with immaterial impact, can be costly and time-consuming, and any future incidents could be material, or cause significant disruption, to our business. Our technologies, systems, networks, or other proprietary information, and those of our vendors, suppliers and other business partners, may become the target of cyberattacks or data breaches that could result in the unauthorized release, gathering, monitoring, misuse, loss, or destruction of proprietary and other information, or could otherwise lead to the disruption of our business operations. For example, the loss of clinical trial data from completed, ongoing or future clinical trials could result in delays in our regulatory approval efforts and significantly increase our costs to recover or reproduce the data. Likewise, we rely on third parties for research and development, the manufacture and supply of drug product and drug substance and to conduct clinical trials. We depend on these third parties to implement adequate controls and safeguards to protect against and report cybersecurity incidents. If they fail to do so, we may suffer financial and other harm, including to our information, operations, performance, and reputation. To the extent that any cybersecurity incident or data breach were to result in a loss of, or damage to, our data or systems, or inappropriate disclosure of confidential or proprietary information, we may have an obligation to provide legal notifications and disclosures, and we could incur liability and the further development and commercialization of our product candidates could be delayed.
We are increasingly dependent on information technology systems and infrastructure, including mobile technologies, to operate our business. Cybersecurity threats, both on premises and in the cloud, are evolving and could occur and result in information theft, data corruption, operational disruption, damage to our reputation, or financial loss. Such threats include, but are not limited to: malicious software, destructive malware, ransomware attacks, denial-of-service attacks, business email compromises, viruses, wrongful intrusions, social engineering (including phishing attacks), attempts to gain unauthorized access to systems or data, data breaches, the unauthorized release of confidential, personal or otherwise protected information, data corruption, the breakdown or damage or interruption of networks or systems from, among other things, natural disasters, terrorism, war, telecommunication and electrical failures, and harm to individuals. In addition, we could be impacted by cybersecurity threats or other disruptions or vulnerabilities found in products or services we use that are provided to us by third-parties. The risk of a security breach or disruption, particularly through cyberattacks or cyber intrusion, including by computer hackers, cyber criminals, hacktivists, foreign governments, and cyber terrorists, has generally increased as the number, intensity and sophistication of attempted attacks and intrusions from around the world have increased. The techniques used by criminal elements to attack computer systems are sophisticated, change frequently and may originate from less regulated and remote areas of the world. As a result, we may not be able to address these techniques proactively or implement adequate preventative measures. These events, if not prevented or effectively mitigated, could damage our reputation, require remedial actions and lead to loss of business, regulatory actions, potential liability and other financial losses.
Certain data breaches must also be reported to affected individuals and various government and/or regulatory agencies, and in some cases to the media, under provisions of HIPAA, as amended by HITECH, other U.S. federal and state law, and requirements of non-U.S. jurisdictions, including the European Union Data Protection Directive, and financial penalties may also apply.
Our contracts may not contain limitations of liability, and even where they do, there can be no assurance that limitations of liability in our contracts are sufficient to protect us from liabilities, damages, or claims related to our privacy and data security obligations. Further, although we maintain cyber liability insurance, this insurance may not provide adequate coverage against potential liabilities related to any experienced cybersecurity incident or data breach. In addition, such insurance may not be available