In documents filed with the Securities Exchange Commission today with the occasion of the company going public on the stock market, Slack is warning new investors that cyber-attacks pose a serious risk to the performance of its stock.
Slack officials added cyber-attacks to a list of risk factors that also includes "a history of net losses," "limited operating history," "quarterly fluctuations in our results of operations," and its technology and infrastructure's brittleness.
It is very rare that a company going public lists cyber-security related issues as a major factor that may influence its stock, yet it somehow makes sense for Slack, a company whose reputation solely relies on its ability to maintain client confidentiality.
Slack fears nation-state hacker groups
The company listed a litany of cyber-security related threats that pose a risk to its business, such as "traditional computer 'hackers,' malicious code (such as malware, viruses, worms, and ransomware), employee theft or misuse, password spraying, phishing, credential stuffing, and denial-of-service attacks."
But Slack officials also took this opportunity to highlight that above all, "nation-state supported actors" pose one of the biggest threats to the company, its customers, and inherently to its investors.
Slack's warning comes after Chinese hackers have stepped up their attacks against suppliers of cloud-based technologies over the past year, as part of efforts of breaching companies through the online tools they use. At least nine cloud providers are believed to have been hacked so far, such as IBM, HPE, and Visma.
With Slack being everyone's favorite team chat and collaboration tool, the company is expecting to be at the top of most hacker groups' target lists, and for good reasons, if we take into account the wealth of sensitive information its servers may store.
Cyber-security is hard
"Despite significant efforts to create security barriers to such threats, it is virtually impossible for us to entirely mitigate these risks, especially where they are attributable to the behavior of independent third parties beyond our control," the company said in its SEC filings.
"The security measures we have implemented or integrated into Slack and our internal systems and networks (including measures to audit third-party and custom applications), which are designed to detect unauthorized activity and prevent or minimize security breaches, may not function as expected or may not be sufficient to protect Slack and our internal systems and networks against certain attacks."
Through this message included in its filing documents, Slack is sending a clear message to investors that cyber-attacks are very likely to occur at one time or another in the company's future, and that investors should be prepared to take a financial hit when this happens.
Slack filed documents today to go public via a direct listing, a procedure where existing shareholders sell shares to new investors on the stock market, rather than an initial public offering, where new shares are created for investors.