We are highly dependent on various software applications and other technologies, as well as on third
parties who utilize various software applications and other technologies, for our business to function properly and to safeguard confidential information; any significant limitation, failure, or security breach could adversely affect our operations.
We use software and related technologies throughout our business and also utilize third-party vendors who use software and related
technologies to provide services to us and the Hennessy Funds. Although we take protective measures (including striving to understand the protective measures taken by our third-party vendors) and endeavor to modify such protective measures as
circumstances warrant, we may experience system delays and interruptions as a result of natural disasters, power failures, acts of war, third-party failures, or other unexpected events. We cannot predict with certainty all of the adverse effects
that could result from the failure to efficiently address and resolve these delays and interruptions.
We could also be subject to losses
if we fail to properly safeguard sensitive and confidential and proprietary information that we and our third-party vendors store and transmit as part of our normal business operations. Although we take
protective measures, the security of our and our vendors computer systems, software, and networks may be vulnerable to hacking, breaches, unauthorized access, misuse, computer viruses, or other malicious code, as well as to other events that
could have a security impact, such as an employee or vendor inadvertently or intentionally causing us to release confidential or proprietary information. Additionally, although we take precautions to password protect and encrypt our laptops and
other mobile electronic hardware, if such hardware is stolen, misplaced, or left unattended, it may become vulnerable to hacking or other unauthorized use, creating a possible security risk and resulting in potentially costly actions.
There have been a number of highly publicized cases in recent years involving financial services and consumer-based companies reporting the
unauthorized disclosure of client or customer information, as well as cyber-attacks involving the dissemination, theft, and destruction of corporate information or other assets, as a result of employees or contractors failure to follow
procedures or as a result of actions by third parties, including actions by terrorist organizations and hostile foreign governments. We, the Hennessy Funds, and our third-party vendors may be vulnerable to such unauthorized disclosures and
cyber-attacks. Our increased use of mobile and cloud technologies could heighten these and other operational risks, and any failure by mobile technology and cloud service providers to adequately safeguard their systems and prevent cyber-attacks could disrupt our operations and result in misappropriation, corruption, or loss of confidential or proprietary information.
If any of these events were to occur, we could suffer a financial loss, a disruption of our business, liability to the Hennessy Funds and
their investors, regulatory intervention, or reputational damage, any of which could have a material adverse effect on our business, results of operations, and financial condition. We also may be required to expend significant additional resources
to modify our protective measures or to investigate and remediate vulnerabilities or other exposures.
Finally, cybersecurity and data
privacy have become high priorities for regulators, and many jurisdictions are enacting laws and regulations in these areas. One such law is the California Consumer Privacy Act of 2018, which took effect in 2020. Enactment of new privacy laws or
regulations could, among other things, result in additional costs of compliance or litigation. In addition, while we strive to comply with the relevant laws and regulations, any failure to comply could result in regulatory investigations and
penalties as well as negative publicity, which could materially adversely affect our business, results of operations, and financial condition.
We
are exposed to legal risk and litigation, which could increase our expenses and reduce our profitability.
In recent years, the
volume of claims and amount of damages claimed in litigation and regulatory proceedings against the financial services industry have been increasing. While we strive to conduct our business in accordance with the highest ethical standards, we
nevertheless remain exposed to litigation risk. We could be sued by many different parties, including, by way of example, investors in the Hennessy Funds, our own shareholders, our employees, or regulators. Lawsuits or investigations that we may
become involved in could be very expensive and highly damaging to our reputation, even if the underlying claims are without merit.
In
addition, the Dodd-Frank Wall Street Reform and Consumer Protection Act amended the Exchange Act to compensate and protect whistleblowers who voluntarily provide original information to the SEC and establishes a fund to be used to pay whistleblowers
who will be entitled to receive a payment equal to between 10% and 30% of certain monetary sanctions imposed in a successful government action resulting from the information provided by the whistleblower. According to a recent annual report to
Congress on the Dodd-Frank Whistleblower Program, whistleblower claims have increased significantly since the enactment of these provisions. Addressing such claims could generate significant expenses and take up significant management time, even if
such claims are frivolous or without merit.
26