Oracle 2014 Annual Report Download - page 26

Download and view the complete annual report

Please find page 26 of the 2014 Oracle annual report below. You can navigate through the pages in the report by either clicking on the pages listed below, or by using the keyword search tool below to find specific information within the annual report.

Page out of 165

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
  • 88
  • 89
  • 90
  • 91
  • 92
  • 93
  • 94
  • 95
  • 96
  • 97
  • 98
  • 99
  • 100
  • 101
  • 102
  • 103
  • 104
  • 105
  • 106
  • 107
  • 108
  • 109
  • 110
  • 111
  • 112
  • 113
  • 114
  • 115
  • 116
  • 117
  • 118
  • 119
  • 120
  • 121
  • 122
  • 123
  • 124
  • 125
  • 126
  • 127
  • 128
  • 129
  • 130
  • 131
  • 132
  • 133
  • 134
  • 135
  • 136
  • 137
  • 138
  • 139
  • 140
  • 141
  • 142
  • 143
  • 144
  • 145
  • 146
  • 147
  • 148
  • 149
  • 150
  • 151
  • 152
  • 153
  • 154
  • 155
  • 156
  • 157
  • 158
  • 159
  • 160
  • 161
  • 162
  • 163
  • 164
  • 165

Table of Contents
At times, we encounter attempts by third parties to identify and exploit product and service vulnerabilities, penetrate or bypass our security
measures, and gain unauthorized access to our or our customers’, partners’ and suppliers’ software, hardware and cloud offerings, networks and
systems, any of which could lead to the compromise of personal information or the confidential information or data of Oracle or our customers.
Computer hackers and others may be able to develop and deploy IT related viruses, worms, and other malicious software programs that could
attack our products and services, exploit potential security vulnerabilities of our products and services, create system disruptions and cause
shutdowns or denials of service. This is also true for third party data, products or services incorporated into our own. Data may also be accessed
or modified improperly as a result of customer, partner, employee or supplier error or malfeasance and third parties may attempt to fraudulently
induce customers, partners, employees or suppliers into disclosing sensitive information such as user names, passwords or other information in
order to gain access to our data, our customers’, suppliers’ or partners’ data or the IT systems of Oracle, its customers, suppliers or partners.
High-profile security breaches at other companies have increased in recent years, and security industry experts and government officials have
warned about the risks of hackers and cyber-attacks targeting information technology products and businesses. Although this is an industry-wide
problem that affects other software and hardware companies, it affects Oracle in particular because computer hackers tend to focus their efforts
on the most prominent IT companies, and they may focus on Oracle because of our reputation for, and marketing efforts associated with, having
secure products and services. These risks will increase as we continue to grow our cloud offerings and store and process increasingly large
amounts of data, including personal information and our customers’ confidential information and data and other external data, and host or
manage parts of our customers’ businesses in cloud-based IT environments, especially in customer sectors involving particularly sensitive data
such as health sciences, financial services and the government. We also have an active acquisition program and have acquired a number of
companies, products, services and technologies over the years. While we make significant efforts to address any IT security issues with respect
to our acquired companies, we may still inherit such risks when we integrate these companies within Oracle.
If a cyber-attack or other security incident described above were to allow unauthorized access to or modification of our customers’ or suppliers’
data, other external data or our own data or our IT systems or if the services we provide to our customers were disrupted, or if our products or
services are perceived as having security vulnerabilities, we could suffer significant damage to our brand and reputation. Customers could lose
confidence in the security and reliability of our products and services, including our cloud offerings, and perceive them to be not secure. This in
turn could lead to fewer customers using our products and services and result in reduced revenue and earnings. The costs we would incur to
address and fix these security incidents would increase our expenses. These types of security incidents could also lead to lawsuits, regulatory
investigations and claims and increased legal liability, including in some cases contractual costs related to customer notification and fraud
monitoring.
Our business practices with respect to the collection, use and management of personal information could give rise to liabilities or
reputational harm as a result of governmental regulation, legal requirements or industry standards relating to consumer privacy and data
protection.
As regulatory focus on privacy issues continues to increase and worldwide laws and regulations concerning the handling of
personal information expand and become more complex, potential risks related to data collection and use within our business will intensify. U.S.
and foreign governments have enacted or are considering enacting legislation or regulations, or may in the near future interpret existing
legislation or regulations, in a manner that could significantly impact the ability of Oracle and our customers and data partners to collect,
augment, analyze, use, transfer and share personal and other information that is integral to certain services Oracle provides and data services.
This could be true particularly in those jurisdictions where privacy laws or regulators take a broader view of how personal information is
defined, therefore subjecting the handling of such data to heightened restrictions that may be obstructive to the operations of Oracle and its
customers and data providers. This impact may be acute in countries that have passed or are considering passing legislation that requires data to
remain localized “in country”, as this imposes financial costs on any service provider that is required to store data in jurisdictions not of its
choosing and nonstandard operational processes that are difficult and costly to integrate with global processes. Regulators globally are also
imposing greater monetary fines for privacy violations, and the European
22