Computer and information systems; management of data

Our business is highly dependent on our ability to process transactions, gather and disseminate information and manage various types of client and other data across numerous and diverse markets in many currencies. If any of our financial, accounting, human resources or other data processing, e-mail, client accounting, funds processing or electronic information management systems do not operate properly or are disabled, we could suffer a disruption of our businesses, liability to clients, loss of client data, loss of employee data, regulatory intervention, breach of confidentiality or other contract provisions, or reputational damage. These systems may fail to operate properly or become disabled as a result of events that are wholly or partially beyond our control, including disruptions of electrical or communications services, disruptions caused by natural disasters, political instability, terrorist attacks, sabotage, computer viruses or problems with the Internet, deliberate attempts to disrupt our computer systems through ‘‘hacking’’ or other forms of cyber-attack, or our inability to occupy one or more of our office buildings. As we outsource significant portions of our information technology functions to third-party providers, we bear the risk of having somewhat less direct control over the manner and quality of performance than we would if done by our own employees. An example of this is the increasing use of ‘‘cloud’’ computing whereby we outsource to third parties the maintenance of increasing amounts of our business records, including electronically maintained documents and emails, rather than keeping them on our own servers.

We are exposed to the risk of cyber-attacks in the normal course of business. In general, cyber incidents can result from deliberate attacks or unintentional events. We have observed an increased level of attention focused on cyber-attacks that include gaining unauthorized access to digital systems for purposes of misappropriating assets or sensitive information, corrupting data, or causing operational disruption. During 2013 and 2014, some major corporations reported that they had experienced broad-based theft of customer and internal data, with material financial and reputational consequences. We are also increasingly recognizing both the challenges and opportunities involved in mining the data in our systems so that we ‘‘know what we know’’ and can use that knowledge for the benefit of our clients and our organization in the most sophisticated possible ways.

Cyber-attacks may also be carried out in a manner that does not require gaining unauthorized access, such as by causing denial-of-service attacks on websites. Cyber-attacks may be carried out by third parties or insiders using techniques that range from highly sophisticated efforts to electronically circumvent network security or overwhelm websites to more traditional intelligence gathering and social engineering aimed at obtaining information necessary to gain access. The objectives of cyber-attacks vary widely and can include theft of financial assets, intellectual property, or other sensitive information. Cyber-attacks may also be directed at disrupting our operations.

To the extent that our technology systems interact with those of our clients, they may face similar potential problems and losses as the result of cyber-attacks through our systems that then impact their systems. Certain of the high-profile cyber-attacks at other companies have come through the systems of suppliers.

While we have not incurred any material losses related to cyber-attacks, nor are we aware of any specific or threatened cyber-incidents as of the date of this report, we may incur substantial costs and suffer other negative consequences if we fall victim to one or more successful cyber-attacks. Such negative consequences could include remediation costs that may include liability for stolen assets or information and repairing system damage that may have been caused; increased cyber-security protection costs that may include organizational changes, deploying additional personnel and protection technologies, training employees, and engaging third-party experts and consultants; lost revenues resulting from unauthorized use of proprietary information or the failure to retain or attract clients following an attack; litigation; and reputational damage adversely affecting client or investor confidence.

The development of new software systems used to operate one or more aspects of our business, particularly on a customized basis or in order to coordinate or consolidate financial, human resources or other types of infrastructure data reporting, client accounting or funds processing is complicated. Additionally, the effort may result in costs that we cannot recoup in the event of the failure to complete a planned software development. A new software system that has defects may cause reputational issues and client or employee dissatisfaction and/or damages, with our incurring liabilities and/or experiencing lost business as possible results. The acquisition or development of software systems is often dependent to one degree or another on the quality, ability and/or financial stability of one or more third-party vendors, over which we may not have control beyond the rights we negotiate in our contracts. Different privacy regulations from one country to the next (or across a region such as the European Union) may restrict our ability to share or collect data on a global basis, and this may limit the utility of otherwise available technology.

The Firm has implemented significant new financial, human resources, client relationship management, payables processing, securities management and trading and intranet software systems on a worldwide basis, and is in the process of transitioning various significant processes to these new systems. This implementation is complex and involves continuously evolving processes. If the Firm does not implement these new systems effectively, or if any of the new systems do not operate as intended, the effectiveness of the Firm’s financial reporting or internal controls could be materially and adversely affected.

Our business is also dependent, in part, on our ability to deliver to our clients the efficiencies and convenience that technology affords. The effort to gain technological expertise and develop or acquire new technologies requires us to incur significant expenses. If we cannot offer new technologies as quickly as our competitors do, we could lose market share. We are increasingly dependent on the Internet and on intranet technology to gather and disseminate critical business information publicly and also to our employees internally. In the event of technology failure, including a failure of outsourced ‘‘cloud’’ computing, or our inability to maintain robust platforms, we risk competitive disadvantage.

The proliferation of social media and different types of mobile hardware devices have increased the technology risks that all companies face, including as the result of the failure of staff to understand how to use them appropriately, which can result in the inadvertent disclosure of confidential information and the possible contract breaches and reputational damage that can result. A significant aspect of our protection against hacking relies on our people managing their passwords carefully and not inadvertently assisting in ‘‘phishing’’ attempts designed to provide access to our systems, and our efforts to train our people and provide appropriate encryption and other protections of mobile devices may not be sufficient to prevent unauthorized access.


Privacy statement

Terms of use

© 2016 Jones Lang LaSalle, IP, Inc.