Likewise, similar events relating to the computer systems of our third party vendors or manufacturers could also have a material adverse effect on our business, financial condition, results of operations and prospects.
Unauthorized disclosure of sensitive or confidential data, including personally identifiable information, whether through a cybersecurity incident, data breach, systems failure, employee negligence, fraud or misappropriation, or otherwise, or unauthorized access to or through our information systems and networks, whether by our employees or third parties, could result in negative publicity, legal liability and damage to our reputation. Unauthorized disclosure of personally identifiable information could also expose us to sanctions for violations of data privacy laws and regulations around the world.
As we become more dependent on information technologies to conduct our operations, cybersecurity incidents, including deliberate attacks and attempts to gain unauthorized access to computer systems and networks, may increase in frequency and sophistication. These threats pose a risk to the security of our systems and networks and to the confidentiality, availability and integrity of our data, and these risks apply both to us and to third parties on whose systems we rely for the conduct of our business. Because the techniques used to obtain unauthorized access, disable or degrade service or sabotage systems change frequently and often are not recognized until launched against a target, we and our partners or collaborators may be unable to anticipate these techniques or to implement adequate preventative measures. Further, we do not have any control over the operations of the facilities or technology of our cloud and service providers, including any third-party vendors that collect, process and store personal data on our behalf. Our systems, servers and platforms and those of our service providers may be vulnerable to cybersecurity incidents or data breaches, computer viruses or physical or electronic break-ins that our or their security measures may not detect. Individuals able to circumvent such security measures may misappropriate our confidential or proprietary information, disrupt our operations, damage our computers or otherwise impair our reputation and business. We may need to expend significant resources and make significant capital investments to protect against cybersecurity incidents or data breaches or to mitigate the impact of any such cybersecurity incidents or data breaches. There can be no assurance that we or our third-party providers will be successful in preventing cyber-attacks or successfully mitigating their effects. To the extent that any disruption or cybersecurity incident or data breach were to result in a loss of, or damage to, our data or applications, or inappropriate disclosure of confidential or proprietary information, we could incur liability and the further development and commercialization of our product candidates could be delayed.
Cybersecurity incidents, loss of data or modification of information, and other disruptions could compromise information related to our business or prevent us from accessing critical information, result in a significant disruption of our activities and expose us to liability, which could adversely affect our business and our reputation.
In the ordinary course of our business, we collect and store information, including personal information, intellectual property and proprietary business information that we own or control or have an obligation to protect. For example, we collect and store research and development information, employee data, commercial information, customer information and business and financial information. We and our service providers, including security and infrastructure vendors, manage and maintain our data using a combination of on-site systems and cloud-based data centers. We face a number of risks related to protecting critical information, including inappropriate use or disclosure, unauthorized access or acquisition, or inappropriate modification of, critical information. We also face the risk of being unable to access our critical information or technology systems due to actual or threats of ransomware, unauthorized encryption, or other malicious activity. We face the risk of being unable to adequately monitor, audit and modify our controls over our critical information. These risks extend to third-party service providers and subcontractors we use to assist us in managing our information or otherwise process it on our behalf. The secure processing, storage, maintenance and transmission of our critical information is vital to our operations and business strategy, and we devote significant resources to protecting such information.
Although we take reasonable measures to protect critical information and other data from unauthorized access, acquisition, use or disclosure, our information technology and infrastructure and that of our service providers handling and storing information on our behalf may be vulnerable to a variety of disruptions, including cybersecurity incidents, data breaches, attacks by hackers and other malicious third parties (including the deployment of computer viruses, malware, ransomware, denial-of-service attacks, social engineering (including phishing attacks), and other events that affect service reliability and threaten the confidentiality, integrity, and availability of information), unauthorized access, natural disasters, fires, terrorism, war, telecommunications or electrical interruptions or failures, employee error or malfeasance or other malicious or inadvertent disruptions. In particular, the risk of a cybersecurity incident, data breach or disruption, particularly through cyber-attacks or cyber intrusion, has generally increased as the number, intensity, and sophistication of attempted attacks and intrusions from around the world have increased. We may not be able to anticipate all types of security threats, and we may not be able to implement preventive measures that are effective against all such security threats. Because the techniques used by cyber criminals change frequently, may not be recognized until launched, and can originate from a wide variety of sources, including outside groups such as external service providers, organized crime affiliates or terrorist organizations, we and our service providers and other partners may be unable to anticipate these techniques or implement adequate preventative measures. Further, we do not have any control over the operations of the facilities or technology of third parties that collect, process and store sensitive information on our behalf. Any unauthorized access or acquisition, cybersecurity incident, data breach, or other loss, of information could result in legal claims or proceedings, and liability under federal, state or foreign laws regarding the privacy and protection of