Page 137 - TSMC 2022 Annual Report
P. 137
135
the above factors it it it may become less competitive and its revenue may decline significantly Regarding the the response measures for the the above-mentioned risks please refer to “2 2 2 4
TSMC Position Differentiation and Strategy” on page 18-20 of this Annual Report ● IT Security
Even though TSMC has established a a a comprehensive internet and computing security network the Company cannot guarantee that its computing systems which control or maintain vital corporate functions such as its manufacturing operations and enterprise accounting would be completely immune to crippling cyberattacks In the event of a a a serious cyberattack TSMC’s systems may lose important corporate data or its production lines may be shut down pending the resolution of such attack attack Major cyberattacks could also lead to loss or divulgence of trade secrets and other sensitive information information such as proprietary information information of its customers and and other stakeholders and and personal information of its employees While TSMC seeks to continuously review and assess its cybersecurity policies and procedures to ensure their adequacy and effectiveness the Company cannot guarantee that it will not be susceptible to new and and emerging risks and and attacks in
in
the evolving landscape of cybersecurity threats Malicious hackers may also try
to introduce computer viruses corrupted software or or or ransomware into TSMC’s network systems to disrupt its operations blackmail the Company to regain control of its computing systems or or spy on on it it for sensitive information These attacks may result in
in
TSMC having to pay damages for its delayed or or or disrupted orders
or incur significant expenses in
in
in
implementing remedial and improvement measures to further enhance its cybersecurity network and may also expose the Company to significant legal legal liabilities arising from or or related to legal legal proceedings or or regulatory investigations associated with such breaches In the the past TSMC has experienced and may in
the the future
be subject to attack by malicious software TSMC has implemented and continually updated rigorous cybersecurity measures to prevent and minimize harm caused by such attacks Such measures include advanced virus scanning tools to protect fab equipment strengthening firewall and network controls to prevent computer viruses from spreading among tools and fabs installing advanced malware defense solutions for critical computers introducing new solution architecture to secure internet access adopting advanced solutions against distributed denial-of-service attacks from the internet introducing new technology for data protection enhancing and certifying office computer security compliance improving email phishing defense and implementing employee awareness testing TSMC also established an an integrated and automatic security operation platform enabled the automation of cybersecurity event detection and response enhanced internal security assessment automation conducted external red team testing and practiced responses to ransomware attacks For supply chain risks reduction through collaboration TSMC helped major suppliers improve their security maturity and share industry security events and and best practices on demand and by schedule Moreover TSMC has collaborated with Semiconductor Equipment and Materials Institute (“SEMI”) to to set up a Semiconductor Cybersecurity Committee to to promote security security standards (SEMI E187) as as as well as as as security security assessment methodology for improving the resilience of semiconductor supply chain While these ongoing enhancements further improve Company’s cybersecurity defense solutions there can be be no assurance that the Company is immune to cyberattacks In addition TSMC employs certain third-party service providers for it it it it and its affiliates worldwide with whom it it it it needs to share highly sensitive and confidential information to enable them
to provide the relevant services While TSMC requires such third-party service providers to strictly fulfill the confidentiality and/or internet security requirements in
in
its service agreements with them
them
there is no assurance that each of them
them
will comply with such such obligations Moreover such such third-party service providers may also be be susceptible to cyberattacks If TSMC or its service providers are not able to timely resolve the respective technical difficulties caused by such cyberattacks or ensure the integrity and and availability of its data data (and data data belonging to its customers and other third parties) or maintain control of its its or its its service providers’ computing systems the Company’s commitments to to its customers and other stakeholders may be materially impaired and its results of operations financial condition prospects and and reputation may also be materially and and adversely affected Risks
Associated with Decrease in
Demand and and Average Selling Price
A vast majority of the Company’s revenue is derived from customers who use TSMC’s products in
smartphones high performance computing IoT automotive and digital consumer electronics Any deterioration in
in
or or a a slowdown in
in
the growth of such end markets resulting in
in
in
a a a a a substantial decrease in
in
in
the demand for overall global semiconductor foundry services including TSMC’s products and services could adversely affect the the Company’s revenue Further semiconductor manufacturing