What are the cyber security risks?
Bondora Group’s business involves the storage and transmission of consumers’ proprietary information; security breaches could expose it to a risk of loss or misuse of this information, litigation and potential liability. Bondora Group is entirely dependent on the secure operation of its websites and systems, as well as the functioning of the Internet more generally.
While Bondora Group has experienced no material cyberattacks or security breaches to-date, other companies have reported cyberattacks and security breaches, some of which have involved intentional attacks.
Attacks may be targeted at Bondora Group, its customers, or both. Although Bondora Group devotes resources to maintaining and regularly upgrading its systems and processes, which are designed to protect the security of its computer systems, software, networks and other technology assets and the confidentiality, integrity and availability of information belonging to Bondora Group and its customers, there is a risk that these security measures will not provide absolute security.
If an actual or perceived breach of security occurs, customer and/or supplier perceptions of the effectiveness of Bondora Group’s security measures could be harmed and could lead to the loss of customers, suppliers or both. Actual or anticipated attacks and risks may cause Bondora Group to incur increased costs, including those associated with deploying additional personnel and protection technologies, training employees, and engaging third-party experts and consultants.
A successful penetration or circumvention of Bondora Group system security could have serious adverse consequences for its business, including significant operational disruptions; misappropriation of the confidential information of Bondora Group or its customers; or damage to the computers or systems of customers and counterparties. They could lead to violations of applicable privacy and other laws, financial loss and customer dissatisfaction, significant litigation exposure, and harm to Bondora Group’s reputation.
Moreover, most of Bondora Group’s applicants provide personal information, including bank account information, when applying for consumer loans. Bondora Group employs encryption and authentication technologies licensed from third parties to secure and authenticate the transmission of confidential information, including customer bank accounts and other personal data. However, advances in computer capabilities, new discoveries in the field of cryptography, or other developments may allow the technology used by Bondora Group to protect transaction data to be breached or compromised. Data breaches may also occur as a result of non-technical issues.
Any of these events could lead to a loss of revenue and have a material adverse effect on Bondora Group’s business, financial condition, operational results or prospects, or cash flow.
Bondora Group is IT-driven; it employs leading technology staff with experience in building and managing enterprise-level, highly-secure systems. Bondora Group is following the best practices in the field and has adopted the principles of cyber security utilized by top financial institutions. Bondora Group utilises cybersecurity experts for penetration testing. An IT audit is an integral component of the external audit carried out annually by KPMG.