Overstock.com 2015 Annual Report Download - page 15

Download and view the complete annual report

Please find page 15 of the 2015 Overstock.com annual report below. You can navigate through the pages in the report by either clicking on the pages listed below, or by using the keyword search tool below to find specific information within the annual report.

Page out of 130

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
  • 88
  • 89
  • 90
  • 91
  • 92
  • 93
  • 94
  • 95
  • 96
  • 97
  • 98
  • 99
  • 100
  • 101
  • 102
  • 103
  • 104
  • 105
  • 106
  • 107
  • 108
  • 109
  • 110
  • 111
  • 112
  • 113
  • 114
  • 115
  • 116
  • 117
  • 118
  • 119
  • 120
  • 121
  • 122
  • 123
  • 124
  • 125
  • 126
  • 127
  • 128
  • 129
  • 130

communications hardware is located at a single co-location facility. In the event of an earthquake or other local disaster, or any other cause of interruption of
service, both our primary and back-up sites could be adversely affected. Our systems and operations are vulnerable to damage or interruption from fire, flood,
power loss, telecommunications failure, terrorist attacks, cyber-attacks, acts of war, break-ins, earthquake and similar events. In the event of a failure of our
primary facility, the failover to our back-up facility would take at least several hours, during which time our Website would be completely shut down. Our
back-up facility is not adequate to support sales at a high level. The back-up facility may not process effectively during time of higher traffic to our Website
and may process transactions more slowly and may not support all of the functionality of our primary site. These limitations could have an adverse effect on
our conversion rate and sales. Our disaster recovery plan may be inadequate, and we do not carry business interruption insurance sufficient to compensate us
for the losses that could occur. Our servers are vulnerable to computer viruses, physical or electronic break-ins and similar disruptions, the occurrence of any
of which could lead to interruptions, delays, loss of critical data or the inability to accept and fulfill customer orders. The occurrence of any of the foregoing
risks could have a material adverse effect on our business.


Our business is entirely dependent on the secure operation of our Website and systems as well as the operation of the Internet generally. Our business
involves the storage and transmission of users’ proprietary information, and security breaches could expose us to a risk of loss or misuse of this information,
and to resulting claims and litigation. We have been subjected to a variety of cyber attacks, including denial of service attacks in which attackers attempt to
block customers’ access to our Website. If we are unable to defend against a denial of service attack or other types of attacks for any significant period, we
could sustain substantial revenue loss from lost sales and customer dissatisfaction. We may not have the resources or technical sophistication to anticipate or
prevent rapidly evolving types of cyber-attacks. Cyber-attacks may target us, our customers, our suppliers, banks, credit card processors, delivery services, e-
commerce in general or the communication infrastructure on which we depend. If an actual or perceived attack or breach of our security occurs, customer
and/or supplier perception of the effectiveness of our security measures could be harmed and we could lose customers, suppliers or both. Actual or anticipated
attacks and risks may cause us to incur substantial and increasing costs, including costs to deploy additional personnel and protection technologies, train
employees, and engage third party experts and consultants. The occurrence of any of the foregoing could have a material adverse effect on our business.
A person who is able to circumvent our security measures might be able to misappropriate our or our users’ proprietary information, cause
interruption in our operations, damage our computers or those of our users, or otherwise damage our reputation and business. Any compromise of our security
could result in a violation of applicable privacy and other laws, significant legal and financial exposure, damage to our reputation, and a loss of confidence
in our security measures, which could have a material adverse effect on our business.

Most of our customers use credit cards to pay for their purchases. Under payment card rules and our contracts with our card processors, if there is a
breach of payment card information that we store, we could be liable to the payment card issuing banks for their cost of issuing new cards and related
expenses. In addition, if we fail to follow payment card industry security standards, even if there is no compromise of customer information, we could incur
significant fines, higher transaction costs or lose our ability to give customers the option of using payment cards. If we were unable to accept payment cards,
it would have a material adverse effect on our business.

We depend on our partners to provide a large portion of the product selection we offer and on vendors for the products we purchase and offer in our
direct business. We also depend on delivery services to deliver products, and on other service providers, including suppliers of services which support
Website operations, including payment systems, customer service support, and communications. Cyber-attacks affecting our delivery services or any of our
most significant suppliers or affecting a significant number of our suppliers of products or services could result in our inability to source product or fulfill
orders, our customers’ or suppliersinability to contact us or access our Website or call centers or chat lines, or the compromise of our customers’ confidential
data. The occurrence of any of the foregoing could have a material adverse effect on our business.


14