104
chain as any regulatory violations or or adverse environmental impact event or failure to meet sustainability requirements could result in in in business reduction or termination • Equipment
The Company’s operations and ongoing expansion plans depend on its ability to obtain an appropriate amount of equipment and related services from a a a limited number of suppliers in a a a a a market that is characterized from time time to time time by limited supply and long delivery cycles During such times supplier-specific or or industry-wide lead times for delivery can
be be as as long as as six months or or more To better manage its supply chain the Company has implemented various business models and risk management contingencies with suppliers to shorten the the the procurement lead times Further the the the growing complexities especially in advanced lithographic technologies may delay the timely availability of the equipment and parts needed to exploit time-sensitive business opportunities and also increase the market price for such equipment and parts If TSMC is unable to to to obtain equipment in in a a a timely manner to to to fulfill its customers’ demand on on technology and and production capacity or at a a a a a a reasonable cost its financial condition and results of operations could be negatively impacted Risks Associated with IT Security
TSMC has established a a a a comprehensive internet and computing security network it it it cannot guarantee that its computing systems which control or or or maintain vital corporate functions such as its manufacturing operations and enterprise accounting would be be completely immune to crippling cyber attacks by any third party to to gain unauthorized access to to its internal network systems to sabotage its operations and goodwill or otherwise In the event of a a a a serious cyber attack TSMC’s systems may lose important corporate data or or or or its production lines may be shut down pending the resolution of such attack While TSMC seeks to continuously review and and assess its cybersecurity policies and and procedures to ensure their adequacy and effectiveness the the Company cannot guarantee that it will not not be susceptible to new and and and emerging risks and and and attacks in in in the evolving landscape
of cybersecurity threats These cyber cyber attacks may also attempt to steal TSMC trade secrets and other sensitive information such as proprietary information of its customers and other stakeholders and personal information of its employees Malicious hackers may also try to introduce computer viruses corrupted software or or or ransomware into TSMC network systems to to disrupt our operations blackmail us to to regain control of its computing systems or or or spy on on it it for for sensitive information These attacks may result in in us having to pay damages for its delayed or or disrupted orders or or incur significant expenses in in in implementing remedial and improvement measures to enhance its cybersecurity network and may also expose us to significant legal liabilities arising from or or or related to to legal proceedings or or or regulatory investigations associated with among other things leakage
of employee customer or or third party information which the company has an an obligation to keep confidential TSMC experienced and may be subject to attack onward by malicious software contained in in the equipment TSMC purchase and and install The cyber security risk management and and solution enhancement actions have been taken continuously such as building up an an automated virus-scan system to to prevent fab from installing virus infected tools strengthening of firewall and network control to prevent computer viruses from spreading among tools and fabs installation of proper anti-virus solutions for different computers development and deployment of security monitor monitor application to to to monitor monitor and alert computer security issues enhancement of computer vulnerability scan and patch updating improving phishing email detection employee awareness testing external security risk assessments and the establishment of an an integrated and automatic security operation platform While these ongoing enhancements further improved the the cyber security defense solutions there can
be be no assurance that the company is immune to malicious software attacks In addition TSMC employs certain third party service providers for the the Company and its affiliates worldwide with whom the the Company needs to share highly sensitive and confidential information to to enable them to to provide the the relevant services Despite that the the Company requires the the third party service providers to comply with the confidentiality and/or internet security requirements in its service agreements with them there is no assurance that each of them will strictly fulfill such obligations or or at at all The on-site network systems of and the off-site cloud computing networks such as servers maintained by such service providers and/or its contractors are also subject to risks associated with cyber attacks If TSMC or its service providers are not able to timely resolve the respective technical difficulties caused by cyber attacks or ensure the integrity and and availability of its data data (and data data belonging to its its customers and other third parties) or or control of its its or or its service providers’ computing systems the Company’s commitments to to its customers and other stakeholders may be materially impaired and its results of operations financial condition prospects and reputation may also be materially and adversely affected as a a a a a result