service reliability and threaten the confidentiality, integrity and availability of information), which may compromise our system infrastructure or lead to the loss, destruction, alteration or
dissemination of, or damage to, our data. To the extent that any disruption or security breach were to result in a loss, destruction, unavailability, alteration or dissemination of, or damage to, our data or applications, or for it to be believed or
reported that any of these occurred, we could incur liability, financial harm and reputational damage and the development and commercialization of our product candidates could be delayed. We cannot assure you that our data protection efforts and our
investment in information technology, or the efforts or investments of CROs, consultants or other third parties, will prevent significant breakdowns or breaches in systems or other cyber incidents that cause loss, destruction, unavailability,
alteration or dissemination of, or damage or unauthorized access to, our data and other data processed or maintained on our behalf or other assets that could have a material adverse effect upon our reputation, business, operations or financial
condition. For example, if such an event were to occur and cause interruptions in our operations, it could result in a material disruption of our programs and the development of our product candidates could be delayed. In addition, the loss of
clinical trial data for our product candidates could result in delays in our marketing approval efforts and significantly increase our costs to recover or reproduce the data. Furthermore, significant disruptions of our internal information
technology systems or security breaches could result in the loss, misappropriation, and/or unauthorized access, use, or disclosure or dissemination of, or the prevention of access to, data (including trade secrets or other confidential information,
intellectual property, proprietary business information, and personal information), which could result in financial, legal, business, and reputational harm to us. For example, any such event that leads to loss, damage, or unauthorized access to, or
use, alteration, or disclosure or dissemination of, personal information, including personal information regarding our clinical trial subjects or employees, could harm our reputation directly, compel us to comply with federal and/or state breach
notification laws and foreign law equivalents, subject us to mandatory corrective action, and otherwise subject us to liability under laws and regulations that protect the privacy and security of personal information, which could result in
significant legal and financial exposure and reputational damages that could potentially have an adverse effect on our business.
Notifications and follow-up actions related to a security incident could impact our reputation and cause us to incur significant costs, including legal expenses and remediation costs. For example, the loss of clinical trial data from
completed or future clinical trials could result in delays in our regulatory approval efforts and significantly increase our costs to recover or reproduce the lost data. We expect to incur significant costs in an effort to detect and prevent
security incidents, and we may face increased costs and requirements to expend substantial resources in the event of an actual or perceived security breach. We also rely on third parties to manufacture our product candidates, and similar events
relating to their computer systems could also have a material adverse effect on our business. To the extent that any disruption or security incident were to result in any loss, destruction, or alteration of, or damage or unauthorized access to, our
data or other information that is processed or maintained on or behalf, or inappropriate disclosure or dissemination of any such information, we could be exposed to litigation and governmental investigations, the further development and
commercialization of our product candidates could be delayed, and we could be subject to significant fines or penalties for any noncompliance with certain state, federal and/or international privacy and security laws.
Our insurance policies may not be adequate to compensate us for the potential losses arising from any such disruption in or, failure or security breach of our
systems or third-party systems where information important to our business operations or commercial development is stored. In addition, such insurance may not be available to us in the future on economically reasonable terms, or at all. Further, our
insurance may not cover all claims made against us and could have high deductibles in any event, and defending a suit, regardless of its merit, could be costly and divert management attention.
Our current operations are located in California, and we or the third parties upon whom we depend, may be adversely affected by natural disasters or the
COVID-19 outbreak, and our business continuity and disaster recovery plans may not adequately protect us from a serious disaster.
Our current operations are located in California. Any unplanned event, such as flood, fire, explosion, earthquake, extreme weather condition, medical
epidemics, such as the COVID-19 outbreak, power shortage, telecommunication failure or other natural or manmade accidents or incidents that result in it being unable to fully utilize our facilities, or the
manufacturing facilities of our third-party CMOs, may have a material and adverse effect on our ability to operate our business, particularly on a daily basis, and have significant negative consequences on our financial and operating conditions.
Loss of access to these facilities may result in increased costs, delays in the development of our product candidate or interruption of our business operations. Earthquakes or other natural disasters could further disrupt our operations and have a
material and adverse effect on our business, financial condition, results of operations and prospects. If a natural disaster, power outage or other event occurred that prevented us from using all or a significant portion of our headquarters, that
damaged critical infrastructure, such as our research facilities or the manufacturing facilities of our third-party CMOs, or that otherwise disrupted operations, it may be difficult or, in certain cases, impossible, for us to continue our business
for a substantial period of time. The disaster recovery and business continuity plan we have in place may prove inadequate in the event of a serious disaster or similar event. We may incur substantial expenses as a result of the limited nature of
our disaster recovery and business continuity plans, which, could have a material adverse effect on our business. As part of our risk management policy, we maintain insurance coverage at levels that we believe are appropriate for our business.
However, in the event of an accident
54