Sallie Mae 2015 Annual Report Download - page 28

Download and view the complete annual report

Please find page 28 of the 2015 Sallie Mae annual report below. You can navigate through the pages in the report by either clicking on the pages listed below, or by using the keyword search tool below to find specific information within the annual report.

Page out of 257

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
  • 88
  • 89
  • 90
  • 91
  • 92
  • 93
  • 94
  • 95
  • 96
  • 97
  • 98
  • 99
  • 100
  • 101
  • 102
  • 103
  • 104
  • 105
  • 106
  • 107
  • 108
  • 109
  • 110
  • 111
  • 112
  • 113
  • 114
  • 115
  • 116
  • 117
  • 118
  • 119
  • 120
  • 121
  • 122
  • 123
  • 124
  • 125
  • 126
  • 127
  • 128
  • 129
  • 130
  • 131
  • 132
  • 133
  • 134
  • 135
  • 136
  • 137
  • 138
  • 139
  • 140
  • 141
  • 142
  • 143
  • 144
  • 145
  • 146
  • 147
  • 148
  • 149
  • 150
  • 151
  • 152
  • 153
  • 154
  • 155
  • 156
  • 157
  • 158
  • 159
  • 160
  • 161
  • 162
  • 163
  • 164
  • 165
  • 166
  • 167
  • 168
  • 169
  • 170
  • 171
  • 172
  • 173
  • 174
  • 175
  • 176
  • 177
  • 178
  • 179
  • 180
  • 181
  • 182
  • 183
  • 184
  • 185
  • 186
  • 187
  • 188
  • 189
  • 190
  • 191
  • 192
  • 193
  • 194
  • 195
  • 196
  • 197
  • 198
  • 199
  • 200
  • 201
  • 202
  • 203
  • 204
  • 205
  • 206
  • 207
  • 208
  • 209
  • 210
  • 211
  • 212
  • 213
  • 214
  • 215
  • 216
  • 217
  • 218
  • 219
  • 220
  • 221
  • 222
  • 223
  • 224
  • 225
  • 226
  • 227
  • 228
  • 229
  • 230
  • 231
  • 232
  • 233
  • 234
  • 235
  • 236
  • 237
  • 238
  • 239
  • 240
  • 241
  • 242
  • 243
  • 244
  • 245
  • 246
  • 247
  • 248
  • 249
  • 250
  • 251
  • 252
  • 253
  • 254
  • 255
  • 256
  • 257

26
competitors introduce products, services, systems and processes that are better than ours or that gain greater market acceptance,
those we offer or use may become obsolete or noncompetitive. Any one of these circumstances could have a material adverse
effect on our business reputation and ability to obtain and retain clients.
We may be required to expend significant funds to develop or acquire new technologies. If we cannot offer new
technologies as quickly as our competitors, we could lose market share. We also could lose market share if our competitors
develop more cost effective technologies than those we offer or develop.
We depend on secure information technology and a breach of those systems or those of third-party vendors could result in
significant losses, unauthorized disclosure of confidential customer information and reputational damage, which could
materially adversely affect our business, financial condition or results of operations.
Our operations rely on the secure processing, storage and transmission of personal, confidential and other information in
a significant number of customer transactions on a continuous basis through our computer systems and networks and those of
our third-party service providers. To access our products and services, our customers may use smart phones, tablets and other
mobile devices that are beyond our security systems and those of our third-party service providers. Information security risks
for financial institutions and third-party service providers have increased in recent years and continue to evolve in part because
of the proliferation of new technologies, the use of the Internet and telecommunications technologies to conduct financial
transactions, and the increased sophistication and activities of organized crime, hackers, terrorists, activists and other external
parties, including foreign state-sponsored actors. These parties also may fraudulently induce employees, customers and other
users of our systems to gain access to our and our customers’ data. As a result, we continue to evolve our security controls to
effectively prevent, detect, and respond to the continually changing threats and we may be required to expend significant
additional resources in the future to modify and enhance our security controls in response to new or more sophisticated threats,
new regulations related to cybersecurity and other developments.
Despite the measures we and our third-party service providers implement to protect our systems and data, we may not be
able to anticipate, prevent or detect cyber-attacks given the unknown and evolving nature of cyber criminals and techniques. As
a result, our computer systems, software and networks, as well as those of third-party vendors we utilize, may be vulnerable to
unauthorized access, computer viruses, malicious attacks and other events that could have a security impact beyond our control.
Our staff, technologies, systems, networks and those of third-parties we utilize also may become the target of cyber-attacks,
unauthorized access, malicious code, computer viruses, denial of service attacks and physical attacks that could result in
information security breaches, the unauthorized release, gathering, monitoring, misuse, loss or destruction of our or our
customers’ confidential, proprietary and other information, or otherwise disrupt our or our customers’ or other third-parties’
business operations. We also routinely transmit and receive personal, confidential and proprietary information, some through
third-parties, which may be vulnerable to interception, misuse or mishandling.
If one or more of such events occur, personal, confidential and other information processed and stored in, and transmitted
through our computer systems and networks, or those of third-party vendors, could be compromised or could cause
interruptions or malfunctions in our or our customers’ operations that could result in significant losses, loss of confidence by
and business from customers, customer dissatisfaction, significant litigation, regulatory exposures and harm to our reputation
and brand.
In the event personal, confidential or other information is threatened, intercepted, misused, mishandled or compromised,
we may be required to expend significant additional resources to modify our protective measures, to investigate the
circumstances surrounding the event and implement mitigation and remediation measures. We also may be subject to fines,
penalties, litigation and regulatory investigation costs and settlements and financial losses that are either not insured against or
not fully covered through any insurance maintained by us. If one or more of such events occur, our business, financial condition
or results of operations could be significantly and adversely affected.