provide critical solutions to our clients. In addition, in the ordinary course of our business we collect, use, store, process, and transmit information about our employees, our clients and
customers of our clients, including personal information and protected health information. While we believe we take reasonable measures to protect the security of, and against unauthorized or other improper access to, our technology infrastructure,
data, equipment, and systems, including with respect to personal, protected health, and proprietary information, it is possible that our security controls and practices may not prevent unauthorized or other improper access to our technology
infrastructure, data, equipment, or systems, or the disclosure of personal, protected health or proprietary information. In addition, we rely on systems provided by third parties, which have in the past suffered and may also in the future suffer
security breaches or incidents. Such unauthorized or other improper access, disclosures, security breaches or incidents may be inadvertent, or may come about due to intentional misconduct or other malfeasance or by human error or technical
malfunctions, including those caused by hackers, employees, contractors, or vendors.
Cybersecurity threats and attacks may take on a
variety of forms, ranging from inadvertent disclosures or acts by employees to purposeful attacks by individuals and groups of hackers and even sophisticated organizations, including state-sponsored actors. Cybersecurity risks may result from
viruses, worms, and other malicious software programs, including phishing attacks, to hacking or other significant security incidents (e.g., ransomware attacks) targeted against information technology infrastructure and systems, any of which could
result in (i) disclosure, unauthorized access to, or corruption of data, including personal information, confidential information and proprietary information, (ii) defective products, including as a result of system and production
downtimes, and (iii) interruptions in the ability to operate our business. Any of the foregoing could subject us to liability or damage our reputation. In addition, as the techniques used to obtain unauthorized access or sabotage systems change
frequently and may not be identified until they are first launched against a target, despite our efforts to secure our technology infrastructure, data, equipment, and systems, we may be unable to anticipate all attacks or to implement adequate
preventative measures against them.
Any unauthorized access, acquisition, use, or destruction of data we collect, store, process or
transmit, the unavailability of such data, or other disruptions of our ability to provide services and solutions to our clients, regardless of whether it originates or occurs on our systems or those of third party service providers or our clients,
could expose us to significant liability under our contracts, as well as to regulatory actions, litigation, investigations, remediation obligations, damage to our reputation and brand, supplemental disclosure obligations, loss of client, customer,
consumer, and partner confidence in the security of our applications, impairment to our business, and corresponding fees, costs, expenses, loss of revenues, and other potential liabilities as well as increased costs or loss of revenue or other harm
to our business. In addition, if a high profile security breach occurs within our industry, our clients and potential clients may lose trust in the security of our systems and information even if we are not directly affected.
In addition, as we continue to evaluate new solutions and services for our clients, these new solutions or services, or the third-party
components we use to provide such solutions, may contain or introduce cybersecurity threats or vulnerabilities to our clients information technology networks, either intentionally or unintentionally. Our clients may maintain their own
proprietary, sensitive, regulated or confidential information that could be compromised in a cybersecurity attack or incident, or their systems may be disabled or disrupted as a result of such an attack or incident. Our clients, regulators, or other
third parties may attempt to hold us liable, through contractual indemnification clauses or directly, for any such losses or damages resulting from such an attack.
Content moderation is a large portion of our business. The long term impacts on the mental health and well-being of our employees doing this work are
unknown. This work may lead to stress disorders and may create liabilities for us. This work is also subject to significant press and regulatory scrutiny. As a result, we may be subject to negative publicity or liability, or face difficulties
retaining and recruiting employees, any of which could have an adverse effect on our reputation, business, financial condition and results of operations.
Some of our clients maintain platforms and websites that permit users to post content that is made generally available on these platforms and
websites. These posts sometimes contain content that is defamatory, pornographic,
31