Important documents and records for our products and manufacturing operations are located in our various facilities in San Francisco, California near active earthquake zones. In the event of a natural disaster such as an earthquake, drought, flood or fire or localized extended outages of critical utilities or transportation we do not have a formal business continuity or disaster recovery plan, and therefore could experience a significant business interruption. In addition, California has from time to time experienced shortages of water, natural gas, and electric power. Future shortages and conservation measures could impact our operations and result in increased expense. In addition, we rely on information technology systems to communicate among our workforce and with third parties. Any disruption to our communications, whether caused by a natural disaster or by man made problems, such as power disruptions, could adversely affect our business. To the extent that any such disruptions result in delays or cancellations of orders or impede our suppliers’ ability to timely deliver product components, our business, operating results and financial condition would be adversely affected.
We are at risk for interruptions, outages and breaches of: operational systems, including business, financial, accounting, product development, data processing or production processes, owned by us or our third-party vendors or suppliers; facility security systems, owned by us or our third-party vendors or suppliers;
in-product
technology owned by us or our third-party vendors or suppliers; the integrated software in our lidar solutions; or customer or driver data that we process or our third-party vendors or suppliers process on our behalf. Such cyber incidents could materially disrupt operational systems; result in loss of intellectual property, trade secrets or other proprietary or competitively sensitive information; compromise certain information of customers, employees, suppliers, drivers or others; jeopardize the security of our facilities; or affect the performance of
in-product
technology and the integrated software in our lidar solutions. A cyber incident could be caused by disasters, insiders (through inadvertence or with malicious intent) or malicious third parties (including nation-states or nation-state supported actors) using sophisticated, targeted methods to circumvent firewalls, encryption and other security defenses, including hacking, fraud, trickery or other forms of deception. The techniques used by cyber attackers change frequently and may be difficult to detect for long periods of time. Although we maintain information technology measures designed to protect us against intellectual property theft, data breaches and other cyber incidents, such measures will require updates and improvements, and we cannot guarantee that such measures will be adequate to detect, prevent or mitigate cyber incidents. The implementation, maintenance, segregation and improvement of these systems requires significant management time, support and cost. Moreover, there are inherent risks associated with developing, improving, expanding and updating current systems, including the disruption of our data management, procurement, production execution, finance, supply chain and sales and service processes. These risks may affect our ability to manage our data and inventory, procure parts or supplies or produce, sell, deliver and service our solutions, adequately protect our intellectual property or achieve and maintain compliance with, or realize available benefits under, applicable laws, regulations and contracts. We cannot be sure that the systems upon which we rely, including those of our third-party vendors or suppliers, will be effectively implemented, maintained or expanded as planned. If we do not successfully implement, maintain or expand these systems as planned, our operations may be disrupted, our ability to accurately and timely report our financial results could be impaired, and deficiencies may arise in our internal control over financial reporting, which may impact our ability to certify our financial results. Moreover, our proprietary information or intellectual property could be compromised or misappropriated and our reputation may be adversely affected. If these systems do not operate as we expect them to, we may be required to expend significant resources to make corrections or find alternative sources for performing these functions.