information and security breaches, and technology failures that have and in the future could adversely affect our ability to conduct our businesses, result in the alteration, unavailability, misuse, destruction or disclosure of information, damage our reputation, increase our…
Read full text
information and security breaches, and technology failures that have and in the future could adversely affect our ability to conduct our businesses, result in the alteration, unavailability, misuse, destruction or disclosure of information, damage our reputation, increase our regulatory and legal risks, result in additional costs or financial losses and/or otherwise adversely impact our businesses and results of operations.Our business is highly dependent on the security, controls and efficacy of our information systems, and the information systems of our clients and third parties (e.g., providers of products and services, law firms, other financial institutions, financial counterparties, financial data aggregators, the financial services industry, financial intermediaries (e.g., such as clearing agents, exchanges and clearing houses), U.S. and non-U.S. federal and state governments and regulators, providers of outsourced software, services and infrastructure (e.g., internet access, cloud service providers and electrical power) and retailers for whom we process transactions) with whom we interact, on whom we rely or who have access to our clients’ information and other sensitive data. We rely on effective access management and the secure collection, processing, maintenance, use, transmission, storage, dissemination and disposition of information in our and our third parties’ information systems. Our cybersecurity risk and exposure remains heightened, including because of our prominent size and scale, high-profile brand, global presence and role in the financial services industry and the broader economy. We and our employees, regulators, clients and third parties are ongoing targets of an increasing number of cybersecurity threats and cyberattacks. The tactics, techniques and procedures used in cyberattacks are pervasive, sophisticated, rapidly evolving and designed to evade security measures. Cybersecurity threats, including computer viruses, malicious or destructive code (such as ransomware), social engineering, real and virtual impersonation, denial of service or information attacks and other security breach tactics targeting us or third parties have and in the future are likely to result in disruptions to our businesses and operations, loss of funds, including from attempts to defraud us and/or our clients, and impacts to the confidentiality, integrity or availability of our systems and information (e.g., intellectual property and the personal and/or confidential information of our employees, clients and third parties). Cyberattacks are carried out globally by a growing number of actors, including organized crime groups, hackers, terrorist organizations, hostile foreign governments and their proxies, state-sponsored actors, activists, disgruntled employees and other persons or entities.Our risk from cybersecurity threats and incidents, information and security breaches and technology failures continues to increase due to the acceptance and use of digital banking and other digital products and services, including mobile banking products, and reliance on remote access tools and other technology, which have resulted in increased reliance on virtual or digital interactions, a growing number of access points to our information systems and greater amounts of information being available for access. Greater demand on our information systems and security tools and processes are expected.Emerging technologies, such as AI and quantum computing, are expected to increase these risks. For example, AI lowers the entry barriers to plan and execute cyberattacks, enables more personalized and harder to detect social engineering, and improves vulnerability discovery, which may result in the increased likelihood of exploitation and the speed, scope, scale, and sophistication of cyberattacks. Advances in quantum computing may introduce cryptography risks that threaten the