105
with among other things leakage of employee customer or third party information which TSMC has an obligation to keep confidential TSMC may also be attacked by malicious software contained
in in the equipment
it purchases and installs In August 2018 TSMC experienced a a a computer virus outbreak which caused the malfunction of of a a a number of of the Company’s computer systems and and fab tools in in in Taiwan and and interrupted the operations of certain equipment
The virus incident was due to a a a misoperation by the Company’s staff when installing a a a a a new equipment
that contained
malicious software unknown to the Company Also the the Company’s firewall controls did not effectively prevent the the software from propagating While neither data integrity nor confidential information were compromised the incident caused shipment delays and a a a loss of NT$2 596 million million (US$85 million) classified as as the the cost of of revenue in the the third quarter of of 2018 Remedial actions have since been taken such as implementation of an automated system
to to to prevent unprotected tool installation and and strengthening of firewall and and network control to prevent computer viruses from spreading among tools and and fabs and and enhancements to further improve the the Company’s protection against malicious software are are ongoing TSMC has additionally budgeted an adequate amount for IT security solution
enhancement However there can be no assurance that the the Company is no longer subject to malicious software attacks In addition the Company employs certain third party service providers for TSMC and its affiliates worldwide with whom
the Company needs to share highly sensitive and confidential information to to enable them to to provide the the relevant services Despite that TSMC requires the third party service providers to comply with the confidentiality and/or Internet security requirements in its service agreements with them there is no assurance that each of them will strictly fulfill such obligations or or at all The on-site network systems of of and the off-site cloud computing networks such such as servers maintained by such such service providers and/or its contractors are also subject to to risks associated
with cyber attacks If TSMC or its service providers are not able to timely resolve the respective technical difficulties caused by such cyber attacks or ensure
the integrity and availability of its data (and data belonging to to its customers and and other third parties)
or or control of its its or or its its service providers’ computing systems the Company’s commitments to to its customers and other stakeholders may be materially impaired and its results of operations financial condition prospects and and reputation may also be materially and and adversely affected as a a a a result Risks Associated with Intellectual Property Rights
The Company’s ability to to compete successfully and to to achieve future growth depends in in part on on the continued strength of its intellectual property portfolio While we actively enforce and protect our intellectual property rights there can be no assurance that its efforts will be adequate to prevent the misappropriation or improper use of its proprietary technologies software trade secrets or know-how Also the Company cannot assure you that as as its business business or business business models expand into new areas it will be able to to develop independently the technologies patents software trade secrets or or know-how necessary
to conduct its business or or that it it can do so without unknowingly infringing the intellectual property rights of others As a a a a result TSMC may have to to rely on to to a a a a certain degree licensed technologies and patent licenses from others To the the the extent that the the the Company relies on licenses from others there can be be no assurance that it will be be able to obtain any or all of the the necessary
licenses in the the future on terms it considers reasonable or at all The lack of necessary
licenses could expose TSMC to claims for damages and/or injunctions from third parties as as well as as claims for indemnification by its customers in in instances where it it has contractually agreed to to indemnify its customers against damages resulting from infringement claims TSMC has received from from time-to-time communications from from third parties asserting that TSMC’s technologies manufacturing processes or or the the design IPs of the the semiconductors made by TSMC or or the use of those semiconductors by its customers may infringe their patents or other intellectual property rights Because of of the the the nature of of the the the industry the the the Company may continue to receive such communications in in the future These assertions have at at times resulted in litigation Recently there has been a a a notable increase within the the industry in in in in the the number of assertions made and lawsuits initiated by certain litigious non- practicing practicing entities entities and these litigious non-practicing entities entities are also becoming more aggressive in in their monetary demands and and requests for court-issued injunctions Such lawsuits or or assertions may may increase TSMC’s cost of doing business and may may potentially be extremely disruptive if these non-practicing entities succeed in in blocking the trade of of products and services offered by TSMC Also as the Company expended its manufacturing operations into certain non-R O C jurisdictions it has faced increasing challenges to manage risks of intellectual property misappropriation Despite our efforts to adopt robust measures to mitigate the risk of intellectual property misappropriation in in such new jurisdictions we cannot guarantee that the protection measures we adopted will be sufficient to prevent us from potential infringements by others or at all