2/24/2018 S-1 Table of Contents that we are unable to defend against to compromise and infiltrate our systems and networks. We may fail to detect the existence of a breach of user content and be unable to prevent unauthorized access to user and company content. The techniques used to obtain unauthorized access, disable or degrade service, or sabotage systems change frequently and are often not recognized until launched against a target. They may originate from less regulated or remote areas around the world, or from statesponsored actors. If our security measures are breached, or our users’ content is otherwise accessed through unauthorized means, or if any such actions are believed to occur, our platform may be perceived as insecure, and we may lose existing users or fail to attract and retain new users. We may rely on third parties when deploying our infrastructure, and in doing so, expose it to security risks outside of our direct control. We rely on outside vendors and contractors to perform services necessary for the operation of the business, and they may fail to adequately secure our user and company content. Third parties may attempt to compromise our employees and their privileged access into internal systems to gain access to accounts, our information, our networks, or our systems. Employee error, malfeasance, or other errors in the storage, use, or transmission of personal information could result in an actual or perceived breach of user privacy. Our users may also disclose or lose control of their passwords, or use the same or similar passwords on third parties’ systems, which could lead to unauthorized access to their accounts on our platform. Any unauthorized or inadvertent access to, or an actual or perceived security breach of, our systems or networks could result in an actual or perceived loss of, or unauthorized access to, our data or our users’ content, regulatory investigations and orders, litigation, indemnity obligations, damages, penalties, fines, and other costs in connection with actual and alleged contractual breaches, violations of applicable laws and regulations, and other liabilities. Any such incident could also materially damage our reputation and harm our business, results of operations, and financial condition, including reducing our revenue, causing us to issue credits to users, negatively impacting our ability to accept and process user payment information, eroding our users’ trust in our services and payment solutions, subjecting us to costly user notification or remediation, harming our ability to retain users, harming our brand, or increasing our cost of acquiring new users. We maintain errors, omissions, and cyber liability insurance policies covering certain security and privacy damages. However, we cannot be certain that our coverage will be adequate for liabilities actually incurred or that insurance will continue to be available to us on economically reasonable terms, or at all. Further, if a high profile security breach occurs with respect to another content collaboration solutions provider, our users and potential users could lose trust in the security of content collaboration solutions providers generally, which could adversely impact our ability to retain users or attract new ones. Our business could be harmed by any significant disruption of service on our platform or loss of content. Our brand, reputation, and ability to attract, retain, and serve our users are dependent upon the reliable performance of our platform, including our underlying technical infrastructure. Our users rely on our platform to store digital copies of their valuable content, including financial records, business information, documents, photos, and other important content. Our technical infrastructure may not be adequately designed with sufficient reliability and redundancy to avoid performance delays or outages that could be harmful to our business. If our platform is unavailable when users attempt to access it, or if it does not load as quickly as they expect, users may not use our platform as often in the future, or at all. As our user base and the amount and types of information stored, synced, and shared on our platform continues to grow, we will need an increasing amount of technical infrastructure, including network capacity and computing power, to continue to satisfy the needs of our users. During 2015 and 2016, we migrated the vast majority of user content to our own custombuilt infrastructure in colocation facilities that we directly lease and operate. As we add to our infrastructure, we may move or transfer additional content. Further, as we continue to grow and scale our business to meet the needs of our users, we may overestimate or underestimate our infrastructure capacity requirements, which could adversely affect our results of operations. 17 https://www.sec.gov/Archives/edgar/data/1467623/000119312518055809/d451946ds1.htm 24/235
Dropbox S-1 | Interactive Prospectus Page 23 Page 25