Company and these third parties could adversely impact our operations and financial results. Addi tionally, while we have policies and procedures for managing these relationships, they inherently involve a lesser degree of control over business operations, governance and compliance, thereby potentially increasing our financial, legal, reputational and operational risk. A significant information security or operational technology incident, including a cybersecurity breach, or the failure of one or more key information or operations technology systems, networks, hardware, processes and/or associated sites owned or operated by the Company or one of its service providers could have a material adverse impact on our business or reputation. We rely extensively on information and operational technology (IT/OT) systems, networks and services, including internet a nd intranet sites, data hosting and processing facilities and technologies, physical security systems and other hardware, software and technical applications and platforms, many of which are managed, hosted, provided and/or used by third parties or their v endors, to assist in conducting our business. The various uses of these IT/OT systems, networks and services include, but are not limited to: • ordering and managing materials from suppliers; • converting materials to finished products; • shipping products to customers; • marketing and selling products to consumers; • collecting, transferring, storing and/or processing customer, consumer, employee, vendor, investor and other stakeholder information and personal data, including such data from persons cov ered by an expanding landscape of privacy and data regulations, such as citizens of the European Union who are covered by the General Data Protection Regulation (GDPR), residents of California covered by the California Consumer Privacy Act (CCPA), citizen s of China covered by the Personal Information Protection Law (PIPL) and citizens of Brazil covered by the General Personal Data Protection Law (LGPD); • summarizing and reporting results of operations, including financial reporting; • managing our banking and other cash liquidity systems and platforms; • hosting, processing and sharing, as appropriate, confidential and proprietary research, business plans and financial information; • collaborating via an online and efficient means of global business com munications; • complying with regulatory, legal and tax requirements; • providing data security; and • handling other processes necessary to manage our business. Numerous and evolving information security threats, including advanced persistent cybersecurity thre ats, pose a risk to the security of our services, systems, networks and supply chain, as well as to the confidentiality, availability and integrity of our data and of our critical business operations. In addition, because the techniques, tools and tactics used in cyber - attacks frequently change and may be difficult to detect for periods of time, we may face difficulties in anticipating and implementing adequate preventative measures or fully mitigating harms after such an attack. Our IT/OT databases and s ystems and our third - party providers’ databases and systems have been, and will likely continue to be, subject to advanced computer viruses or other malicious codes, ransomware, unauthorized access attempts, denial of service attacks, phishing, social engi neering, hacking and other cyber - attacks. Such attacks may originate from outside parties, hackers, criminal organizations or other threat actors, including nation states. In addition, insider actors - malicious or otherwise - could cause technical disruptio ns and/or confidential data leakage. We cannot guarantee that our security efforts or the security efforts of our third - party providers will prevent material breaches, operational incidents or other breakdowns to our or our third - party providers’ IT/OT da tabases or systems. A breach of our data security systems or failure of our IT/OT databases and systems may have a material adverse impact on our business operations and financial results. If the IT/OT systems, networks or service providers we rely upon f ail to function properly or cause operational outages or aberrations, or if we or one of our third - party providers suffer significant unavailability of key operations, or inadvertent disclosure of, lack of integrity of, or loss of our sensitive business or stakeholder information, due to any number of causes, including catastrophic events, natural disasters, power outages, computer and telecommunications failures, improper data handling, viruses, phishing attempts, cyber - attacks, malware and ransomware atta cks, security breaches, security incidents or employee error or malfeasance, and our business continuity plans do not effectively address these failures on a timely basis, we may suffer interruptions in our ability to manage operations and be exposed to re putational, competitive, operational, financial and business harm as well as litigation and regulatory action. If our critical IT systems or back - up systems or those of our third - party vendors are damaged or cease to function properly, we may have to make a significant investment to repair or replace them. In addition, if a ransomware attack or other cybersecurity incident occurs, either internally or at our third - party technology service providers, we could be prevented from accessing our data or systems, which may cause interruptions or delays in our business operations, cause us to incur remediation costs, subject us to demands to pay a ransom or damage our reputation. In addition, such events could result in unauthorized disclosure of confidential info rmation, and we may suffer financial and reputational damage because of lost or misappropriated confidential information belonging to us or to our partners, our employees, customers and suppliers. Additionally, we could 6 The Procter & Gamble Company