CNS AR24 Digital - Book - Page 27
until launched. Highly publicized security breaches continue to expose failures of companies to keep pace with the threats
posed by cyber-attackers and have led to increased government, regulatory and media scrutiny.
Cybersecurity has become a top priority of regulators around the world. Many jurisdictions in which we operate have,
or are considering adopting, laws and regulations relating to data privacy, cybersecurity and protection of personal
information. Our potential liability remains a concern, particularly given the continued and rapid development of privacy
laws and regulations around the world, the lack of harmonization of such laws and regulations, and increased criminal and
civil enforcement actions and private litigation. As new privacy-related laws and regulations are implemented, the time and
resources needed for us to comply with such laws and regulations continues to increase and become a significant compliance
workstream. Any inability, or perceived inability, by us to adequately address privacy concerns, or comply with applicable
laws, regulations, policies, industry standards and guidance, contractual obligations or other legal obligations, even if
unfounded, could result in significant regulatory and third-party liability, increased costs, disruption of our business and
operations and a loss of client (including investor) confidence and other reputational damage.
We cannot assure you that our data protection efforts and our investment in information technology will prevent
significant breakdowns, data leakages, breaches in our systems, or those of our third-party vendors and other contractors and
consultants, or other cyber incidents that could have a material adverse effect upon our reputation, business, operations or
financial condition. Although we take precautions to password-protect and encrypt all authorized electronic devices, if such
devices are stolen, misplaced or left unattended, they may become vulnerable to hacking or other unauthorized use, creating a
possible security risk. Our or our third-party service providers9 systems may also be affected by, or fail as a result of,
catastrophic events, such as fires, floods, hurricanes, tornadoes, acts of terrorism or power disruptions. Like other companies,
we have experienced and will likely continue to experience cyber incidents, security threats and attacks. There can be no
assurance that our efforts to maintain and monitor the security and integrity of our information technology systems will be
effective at all times.
Any breach or other failure of our or certain other parties9 technology or security systems, including but not limited to
those systems of our third-party intermediaries, service providers, key vendors and third parties with whom we do business,
could result in the loss of valuable information, liability for stolen assets or information, remediation costs to repair damage
caused by the incident, additional security costs to mitigate against future incidents, regulatory scrutiny and penalties and
litigation costs resulting from the incident. In addition, our increased use of mobile and cloud computing technologies could
increase these and other operational risks, and any failure by mobile or cloud technology service providers to adequately
safeguard their systems could disrupt our operations and result in misappropriation, corruption or loss of confidential or
proprietary information.
For many companies, remote and/or hybrid in-office work arrangements have made their network and communication
systems more vulnerable to cyberattacks and incursions, and there has been an overall increase in both the frequency and
severity of cyber incidents as such vulnerabilities have been exploited. Use of a remote work environment subjects us to
heightened risk of cyberattacks, unauthorized access or other privacy or data security incidents, both directly as well as
indirectly through third-party intermediaries, service providers and key vendors that have access or other connections to our
systems.
Loss of confidential client information could harm our reputation, result in the termination of contracts by our existing
clients, and subject us to litigation or liability under laws and agreements that protect confidential and personal data, resulting
in increased costs and/or loss of revenues. We maintain a cyber insurance policy to help mitigate against certain potential
losses relating to information security breaches. However, such insurance may only partially reimburse us for our losses, if at
all, and if a claim is successful and exceeds or is not covered by our insurance policy, we may be required to pay a substantial
amount to satisfy such successful claim.
We face substantial competition in all aspects of our business.
The investment management industry is highly competitive, and investors are increasingly fee sensitive. We compete
against a large number of investment products offered by other investment management companies, investment dealers,
banks and insurance companies, and many institutions we compete with have greater infrastructure and financial resources
than us. We compete with these firms on the basis of investment performance, diversity of products, investments in available
property assets, distribution capability, scope and quality of services, reputation and the ability to develop and successfully
launch new investment strategies and products to meet the changing needs of investors and generate strong returns. In the
case of new strategy and product launches (including exchange-traded funds), our lack of available long-term records of prior
investment performance, or investment
