severe or prolonged economic downturn or political disruption could result in a variety of risks to our business, including weakened demand for our lead product candidates or any future product
candidates, if approved, and our ability to raise additional capital when needed on acceptable terms, if at all. A weak or declining economy or political disruption could also strain our manufacturers or suppliers, possibly resulting in supply
disruption, or cause our customers to delay making payments for our services. Any of the foregoing could harm our business and we cannot anticipate all of the ways in which the political or economic climate and financial market conditions could
adversely impact our business.
We or the third parties upon whom we depend may be adversely affected by earthquakes or other
natural disasters and our business continuity and disaster recovery plans may not adequately protect us from a serious disaster.
Our corporate headquarters and other facilities are located in the Northern Los Angeles Area, which in the past has experienced
severe earthquakes, wildfires and mudslides. We do not carry earthquake insurance. Earthquakes, wildfires, mudslides or other natural disasters could severely disrupt our operations, and have a material adverse effect on our business, results of
operations, financial condition and prospects.
If a natural disaster, power outage or other event occurred that prevented
us from using all or a significant portion of our headquarters, that damaged critical infrastructure, such as our enterprise financial systems or manufacturing resource planning and enterprise quality systems, or that otherwise disrupted operations,
it may be difficult or, in certain cases, impossible, for us to continue our business for a substantial period of time. The disaster recovery and business continuity plans we have in place currently are limited and are unlikely to prove adequate in
the event of a serious disaster or similar event. We may incur substantial expenses as a result of the limited nature of our disaster recovery and business continuity plans, which, particularly when taken together with our lack of earthquake
insurance, could have a material adverse effect on our business.
Furthermore, integral parties in our supply chain are
similarly vulnerable to natural disasters or other sudden, unforeseen and severe adverse events. If such an event were to affect our supply chain, it could have a material adverse effect on our business.
Significant disruptions of information technology systems or breaches of data security could materially adversely affect our business,
results of operations and financial condition.
We collect and maintain information in digital form that is
necessary to conduct our business, and we are increasingly dependent on information technology systems and infrastructure to operate our business. In the ordinary course of our business, we collect, store and transmit large amounts of confidential
information, including intellectual property, proprietary business information and personal information. It is critical that we do so in a secure manner to maintain the confidentiality and integrity of such confidential information. We have
established physical, electronic, and organizational measures to safeguard and secure our systems to prevent a data compromise, and rely on commercially available systems, software, tools, and monitoring to provide security for our information
technology systems and the processing, transmission and storage of digital information. We have also outsourced elements of our information technology infrastructure, and as a result a number of third-party vendors may or could have access to our
confidential information. Our internal information technology systems and infrastructure, and those of our current and any future collaborators, contractors and consultants and other third parties on which we rely, are vulnerable to damage from
computer viruses, malware, natural disasters, terrorism, war, telecommunication and electrical failures, cyber-attacks or cyber-intrusions over the Internet, attachments to emails, persons inside our organization, or persons with access to systems
inside our organization.
The risk of a security breach or disruption, particularly through cyber-attacks or cyber
intrusion, including by computer hackers, foreign governments, and cyber terrorists, has generally increased as the number, intensity and sophistication of attempted attacks and intrusions from around the world have increased. In addition, the
prevalent use of mobile devices that access confidential information increases the risk of data security breaches, which could lead to the loss of confidential information or other intellectual property. The costs to us to mitigate network security
problems, bugs, viruses, worms, malicious software programs and security vulnerabilities could be significant, and while we have implemented security measures to protect our data security and information technology systems, our efforts to address
these problems may not be successful, and these problems could result in unexpected interruptions, delays, cessation of service, government files or penalties and other harm to our business and our competitive position. If such an event were to
occur and cause interruptions in our operations, it could result in a material disruption of our product development programs. For example, the loss of clinical trial data from completed, ongoing or planned clinical trials could result in delays in
our regulatory approval efforts and significantly increase our costs to recover or reproduce the data. Moreover, if a computer security breach affects our systems or results in the unauthorized release of personally identifiable information, our
reputation could be materially damaged. In addition, such a breach may require notification to governmental agencies, the media or individuals pursuant to various international, federal and state privacy and security laws, if applicable, including
the GDPR, the Health Insurance Portability and Accountability Act of 1996, as amended by the Health Information Technology for Clinical Health Act of 2009, and its implementing rules and regulations, as well as regulations promulgated by the Federal
Trade Commission and state breach notification laws. We would also be exposed to a risk of loss or litigation and potential liability, which could materially adversely affect our business, results of operations and financial condition.
53