Any such event or activity, among others, could cause governments and governmental agencies to delay or refrain from entering into contracts with us and/or purchasing our computers in the future, reduce the size or timing of payment with respect to our services to or purchases from existing or new government customers, or otherwise have an adverse effect on our business, results of operations, financial condition, and growth prospects.
If our information technology systems, data, or physical facilities, or those of third parties upon which we rely, are or were compromised, we could experience adverse business consequences resulting from such compromise.
In the ordinary course of business, we access, collect, receive, store, generate, use, transfer, disclose, make accessible, protect, secure, dispose of, transmit, share, and otherwise process personal data and other sensitive information, including intellectual property, proprietary and confidential business data, trade secrets, sensitive third-party data, business plans, transactions, and financial information of our own, our partners, our vendors and their own supply chains, our customers, or other third parties (collectively, “Sensitive Data”).
We and the third parties upon which we rely process Sensitive Data, and, as a result, we and the third parties upon which we rely face a variety of evolving threats to our information technology systems, data, and physical facilities (such as those where our quantum computers are stored), including but not limited to ransomware attacks, advanced persistent threats, and other causes of security incidents. Additionally, Sensitive Data could be leaked, disclosed or revealed as a result of or in connection with our employees', contractors', consultants', affiliates', or vendors' use of generative artificial intelligence (“AI”) technologies. Cyber-attacks, malicious internet-based activity, online and offline fraud, and other similar activities threaten the confidentiality, integrity, and availability of our Sensitive Data and information technology systems, and those of the third parties upon which we rely. Such threats are prevalent and continue to rise, are increasingly difficult to detect, and come from a variety of sources, including traditional computer “hackers,” threat actors, “hacktivists,” organized criminal threat actors, personnel (such as through theft or misuse), sophisticated nation states, and nation-state-supported actors. U.S. law enforcement agencies have indicated to us that quantum computing technology is of particular interest to certain threat actors, including nation state and other malicious actors, who may steal our Sensitive Data, including our intellectual property or other proprietary or confidential information, including our trade secrets. Our employees, contractors, affiliates, and/or related parties may have already been directly targeted by nation state actors and may be so targeted in the future.
Some actors now engage and are expected to continue to engage in cyber-attacks, including without limitation nation-state and nation-state-supported actors for geopolitical reasons and in conjunction with military conflicts and defense activities. During times of war and other geopolitical tensions or conflicts, we, the third parties upon which we rely, and our customers may be vulnerable to a heightened risk of these attacks, including retaliatory cyber-attacks, that could materially disrupt our systems and operations, supply chain, and ability to distribute our services.
We and the third parties upon which we rely are subject to a variety of evolving threats, including but not limited to social-engineering attacks (including through deep fakes, which may be increasingly difficult to identify as fake, and phishing attacks), malicious code (such as viruses and worms), malware (including as a result of advanced persistent threat intrusions), denial-of-service attacks (such as credential stuffing), credential harvesting, personnel misconduct or error, ransomware attacks, supply-chain attacks, software bugs, server malfunctions, software or hardware failures, loss or unavailability of data or other information technology assets, adware, telecommunications failures, earthquakes, fires, floods, and other similar threats.
In particular, severe ransomware attacks are becoming increasingly prevalent and could lead to significant interruptions in our operations, loss or unavailability of Sensitive Data and loss of income, reputational harm, and diversion of funds.
Extortion payments may alleviate the negative impact of a ransomware attack, but we may be unwilling or unable to make such payments due to, for example, applicable laws or regulations prohibiting such payments.
Additionally, we are incorporated into the supply chains of companies worldwide and, as a result, if our services are compromised, a significant number or, in some instances, all of our customers and their data could be simultaneously affected. The potential liability and associated consequences we could suffer as a result of such a large-scale event could be catastrophic and result in irreparable harm.
Remote work has increased risks to our information technology systems and data, as more of our employees utilize network connections, computers, and devices outside our premises or network, including working at home, while in transit and in public locations. Additionally, future or past business transactions (such as acquisitions or integrations) could expose us to additional cybersecurity risks and vulnerabilities, as our systems could be negatively affected by vulnerabilities present in acquired or integrated entities’ systems and technologies. Furthermore, we may discover security issues that were not found during due diligence of such acquired or integrated entities, and it may be difficult to integrate companies into our information technology environment and security program.