other service outages and catastrophic events such as fires, tornadoes, floods, hurricanes and earthquakes. Cyberattacks and other security threats could originate from a wide variety of sources, including cyber criminals, nation state hackers, hacktivists and other outside parties. There has been an increase in the frequency and sophistication of the cyber and security threats Starwood Capital faces, with attacks ranging from those common to businesses generally to those that are more advanced and persistent, which may target Starwood Capital because Starwood Capital holds a significant amount of confidential and sensitive information about its investors, its portfolio companies and potential investments. As a result, Starwood Capital may face a heightened risk of a security breach or disruption with respect to this information. If successful, these types of attacks on Starwood Capital’s network or other systems could have a material adverse effect on our business and results of operations, due to, among other things, the loss of investor or proprietary data, interruptions or delays in the operation of our business and damage to our reputation. There can be no assurance that measures Starwood Capital takes to ensure the integrity of its systems will provide protection, especially because cyberattack techniques used change frequently or are not recognized until successful. If unauthorized parties gain access to such information and technology systems, they may be able to steal, publish, delete or modify private and sensitive information including nonpublic personal information related to stockholders (and their beneficial owners) and material nonpublic information. Although Starwood Capital has implemented, and its portfolio entities and service providers may implement, various measures to manage risks relating to these types of events, such systems could prove to be inadequate and, if compromised, could become inoperable for extended periods of time, cease to function properly or fail to adequately secure private information. Starwood Capital does not control cyber security plans and systems put in place by third party service providers, and such third party service providers may have limited indemnification obligations to Starwood Capital, its portfolio entities and us, each of which could be negatively impacted as a result. Breaches such as those involving covertly introduced malware, impersonation of authorized users and industrial or other espionage may not be identified even with sophisticated prevention and detection systems, potentially resulting in further harm and preventing them from being addressed appropriately. The failure of these systems or of disaster recovery plans for any reason could cause significant interruptions in Starwood Capital’s, its affiliates’, their portfolio entities’ or our operations and result in a failure to maintain the security, confidentiality or privacy of sensitive data, including personal information relating to stockholders, material nonpublic information and the intellectual property and trade secrets and other sensitive information in the possession of Starwood Capital and portfolio entities. We, Starwood Capital or a portfolio entity could be required to make a significant investment to remedy the effects of any such failures, harm to their reputations, legal claims that they and their respective affiliates may be subjected to, regulatory action or enforcement arising out of applicable privacy and other laws, adverse publicity and other events that may affect their business and financial performance. In addition, Starwood Capital operates in businesses that are highly dependent on information systems and technology. The costs related to cyber or other security threats or disruptions may not be fully insured or indemnified by other means. In addition, cybersecurity has become a top priority for regulators around the world. Many jurisdictions in which Starwood Capital operates have laws and regulations relating to data privacy, cybersecurity and protection of personal information, including the General Data Protection Regulation in the European Union and the California Consumer Privacy Act in the State of California. Some jurisdictions have also enacted laws requiring companies to notify individuals of data security breaches involving certain types of personal data. Breaches in security could potentially jeopardize Starwood Capital, its employees’ or our investors’ or counterparties’ confidential and other information processed and stored in, and transmitted through Starwood Capital’s computer systems and networks, or otherwise cause interruptions or malfunctions in its, its employees’, our investors’, our counterparties’ or third parties’ operations, which could result in significant losses, increased costs, disruption of Starwood Capital’s business, liability to our investors and other counterparties, regulatory intervention or reputational damage. If Starwood Capital fails to comply with the relevant laws and regulations, it could result in regulatory investigations and penalties, which could lead to negative publicity and may cause our investors or Starwood Capital fund investors and clients to lose confidence in the effectiveness of our or Starwood Capital’s security measures. Additionally, there continues to be significant evolution and developments in the use of artificial intelligence, including machine learning and similar tools and technologies that collect, aggregate, analyze or generate data or other materials (collectively “AI”). While Starwood Capital has not integrated the use of AI in its business currently, it could integrate it in the future and at this time cannot fully determine the impact of such evolving technology to our industry or business. Finally, we depend on Starwood Capital’s headquarters in Miami Beach, Florida and its offices in Greenwich, Connecticut for the continued operation of our business. A disaster or a disruption in the infrastructure that supports our business, including a disruption involving electronic communications or other services used by us or third parties with whom we conduct business, or directly affecting our headquarters, could have a material adverse impact on our ability to continue to operate our business without interruption. Starwood Capital’s disaster recovery programs may not be sufficient to mitigate the harm that may result from such a disaster or disruption. In addition, insurance and other safeguards might only partially reimburse us for our losses, if at all.
21
Made with FlippingBook flipbook maker