Shake Shack 2016 Annual Report Download - page 31

Download and view the complete annual report

Please find page 31 of the 2016 Shake Shack annual report below. You can navigate through the pages in the report by either clicking on the pages listed below, or by using the keyword search tool below to find specific information within the annual report.

Page out of 122

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
  • 88
  • 89
  • 90
  • 91
  • 92
  • 93
  • 94
  • 95
  • 96
  • 97
  • 98
  • 99
  • 100
  • 101
  • 102
  • 103
  • 104
  • 105
  • 106
  • 107
  • 108
  • 109
  • 110
  • 111
  • 112
  • 113
  • 114
  • 115
  • 116
  • 117
  • 118
  • 119
  • 120
  • 121
  • 122

Table of Contents
If we are unable to maintain and update our information technology systems to meet the needs of our business, or if we experience a material failure or
interruption in our systems, our business could be adversely impacted.
We rely heavily on information systems, including point-of-sale processing in our Shacks, for management of our supply chain, accounting, payment of
obligations, collection of cash, credit and debit card transactions and other processes and procedures. As a rapidly growing business, our current information
technology infrastructure may not be adequately suited to handle the increasing volume of data and additional information needs of our organization. If we are
unable to successfully upgrade our information systems to meet the growing needs of our business, our growth could be adversely affected.
Additionally, as technology systems continue to evolve and as consumers adopt new technologies, we may need to enhance our systems or modify our strategies in
order to remain relevant in our industry and to our guests. If we are unable to successfully identify and implement new and emerging technologies, our business
could be adversely affected.
Our ability to efficiently and effectively manage our business depends significantly on the reliability and capacity of our information technology systems. Our
operations depend upon our ability to protect our computer equipment and systems against damage from physical theft, fire, power loss, telecommunications
failure or other catastrophic events, as well as from internal and external security breaches, viruses and other disruptive problems. The failure of these systems to
operate effectively, maintenance problems, upgrading or transitioning to new platforms, expanding our systems as we grow or a breach in security of these systems
could result in interruptions to or delays in our business and guest service and reduce efficiency in our operations. If our information technology systems fail and
our redundant systems or disaster recovery plans are not adequate to address such failures, or if our business interruption insurance does not sufficiently
compensate us for any losses that we may incur, our revenues and profits could be reduced and the reputation of our brand and our business could be materially
adversely affected. In addition, remediation of such problems could result in significant, unplanned capital investments.
Security breaches of confidential guest information, in connection with our electronic processing of credit and debit card transactions, or confidential
employee information may adversely affect our business.
Our business requires the collection, transmission and retention of large volumes of guest and employee data, including credit and debit card numbers and other
personally identifiable information, in various information technology systems that we maintain and in those maintained by third parties with whom we contract to
provide services. The integrity and protection of that guest and employee data is critical to us. Further, our guests and employees have a high expectation that we
and our service providers will adequately protect their personal information.
Like many other retail companies and because of the prominence of our brand, we have experienced, and will likely continue to experience, attempts to
compromise our information technology systems, none of which have been successful. Additionally, the techniques and sophistication used to conduct cyber-
attacks and breaches of information technology systems, as well as the sources and targets of these attacks, change frequently and are often not recognized until
such attacks are launched or have been in place for a period of time. While we continue to make significant investment in physical and technological security
measures, employee training, and third party services, designed to anticipate cyber-attacks and prevent breaches, our information technology networks and
infrastructure or those of our third party vendors and other service providers could be vulnerable to damage, disruptions, shutdowns, or breaches of confidential
information due to criminal conduct, employee error or malfeasance, utility failures, natural disasters or other catastrophic events. Due to these scenarios we cannot
provide assurance that we will be successful in preventing such breaches or data loss.
Additionally, the information, security and privacy requirements imposed by governmental regulation are increasingly demanding. Our systems may not be able to
satisfy these changing requirements and guest and employee expectations, or may require significant additional investments or time in order to do so. Efforts to
hack or breach security measures, failures of systems or software to operate as designed or intended, viruses, operator error or inadvertent releases of data all
threaten our and our service providers' information systems and records. A breach in the security of our information technology systems or those of our service
providers could lead to an interruption in the operation of our systems, resulting in operational inefficiencies and a loss of profits. Additionally, a significant theft,
loss or misappropriation of, or access to, guests' or other proprietary data or other breach of our information technology systems could result in fines, legal claims
or proceedings, including regulatory investigations and actions, or liability for failure to comply with privacy and information security laws, which could disrupt
our operations, damage our reputation and expose
29 | Shake Shack Inc. Form 10-K