Expedia 2015 Annual Report Download - page 31

Download and view the complete annual report

Please find page 31 of the 2015 Expedia annual report below. You can navigate through the pages in the report by either clicking on the pages listed below, or by using the keyword search tool below to find specific information within the annual report.

Page out of 147

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
  • 88
  • 89
  • 90
  • 91
  • 92
  • 93
  • 94
  • 95
  • 96
  • 97
  • 98
  • 99
  • 100
  • 101
  • 102
  • 103
  • 104
  • 105
  • 106
  • 107
  • 108
  • 109
  • 110
  • 111
  • 112
  • 113
  • 114
  • 115
  • 116
  • 117
  • 118
  • 119
  • 120
  • 121
  • 122
  • 123
  • 124
  • 125
  • 126
  • 127
  • 128
  • 129
  • 130
  • 131
  • 132
  • 133
  • 134
  • 135
  • 136
  • 137
  • 138
  • 139
  • 140
  • 141
  • 142
  • 143
  • 144
  • 145
  • 146
  • 147

System interruption, security breaches and the lack of redundancy in our information systems may
harm our businesses.
We rely on information technology systems, including the Internet and third-party hosted services, to
support a variety of business processes and activities and to store sensitive data, including booking transactions,
intellectual property, our proprietary business information and that of our suppliers and business partners,
personally identifiable information of our customers and employees, and data with respect to invoicing and the
collection of payments, accounting, procurement, and supply chain activities. In addition, we rely on our
information technology systems to process financial information and results of operations for internal reporting
purposes and to comply with financial reporting, legal, and tax requirements. The risk of a cybersecurity-related
attack, intrusion, or disruption, including by criminal organizations, hacktivists, foreign governments, and
terrorists, is persistent. Additionally, as we continue to integrate our acquired companies, such as Orbitz, into our
information technology systems, we may increase the risk of these system interruptions. We have experienced
and may in the future experience system interruptions that make some or all of these systems unavailable or
prevent us from efficiently fulfilling orders or providing services to third parties. These interruptions could
include security intrusions and attacks on our systems for fraud or service interruption. Significant interruptions,
outages or delays in our internal systems, or systems of third parties that we rely upon — including multiple co-
location providers for data centers, cloud computing providers for application hosting, and network access
providers — and network access, or deterioration in the performance of such systems, would impair our ability to
process transactions, decrease our quality of service that we can offer to our travelers, damage our reputation and
brands, increase our costs and/or cause losses.
Potential security breaches to our systems or the systems of our service providers, whether resulting from
internal or external sources, could significantly harm our business. We devote significant resources to network
security, monitoring and testing, employee training, and other security measures, but there can be no guarantee
that these measures will prevent all possible security breaches or attacks. A party, whether internal or external,
that is able to circumvent our security systems could misappropriate customer or employee information,
intellectual property, proprietary information or other business and financial data or cause significant
interruptions in our operations. We may need to expend significant resources to protect against security breaches
or to address problems caused by breaches, and reductions in website availability could cause a loss of
substantial business volume during the occurrence of any such incident. Because the techniques used to sabotage
security change frequently, often are not recognized until launched against a target and may originate from less
regulated and remote areas around the world, we may be unable to proactively address these techniques or to
implement adequate preventive measures. Security breaches could result in negative publicity, damage to
reputation, exposure to risk of loss or litigation and possible liability due to regulatory penalties and sanctions or
pursuant to our contractual arrangements with payment card processors for associated expenses and penalties.
Security breaches could also cause travelers and potential users and our business partners to lose confidence in
our security, which would have a negative effect on the value of our brands. Failure to adequately protect against
attacks or intrusions, whether for their own systems or systems of vendors, could expose us to security breaches
that could have an adverse impact on financial performance.
In addition, no assurance can be given that our backup systems or contingency plans will sustain critical
aspects of our operations or business processes in all circumstances, many other systems are not fully redundant
and our disaster recovery or business continuity planning may not be sufficient. Fire, flood, power loss,
telecommunications failure, break-ins, earthquakes, acts of war or terrorism, acts of God, computer viruses,
electronic intrusion attempts from both external and internal sources and similar events or disruptions may
damage or impact or interrupt computer or communications systems or business processes at any time. Although
we have put measures in place to protect certain portions of our facilities and assets, any of these events could
cause system interruption, delays and loss of critical data, and could prevent us from providing services to our
travelers and/or third parties for a significant period of time. Remediation may be costly and we may not have
adequate insurance to cover such costs. Moreover, the costs of enhancing infrastructure to attain improved
stability and redundancy may be time consuming and expensive and may require resources and expertise that are
difficult to obtain.
27