Risks Related to our Strategy and Operations The loss of key senior members of management and the inability to attract and retain qualified personnel could adversely affect us. Our success depends upon our ability to attract and retain our senior officers and to attract and retain additional qualified personnel in the future. The loss of services of members of our senior management team and the uncertain transition of new members of our senior management team may strain our ability to execute our strategic initiatives, or make it more difficult to retain customers, attract or maintain our capital support, or meet other needs of our business. This risk may be particularly acute for us relative to some of our competitors because some of our senior executives work in countries where they are not citizens (such as Bermuda) and work permit and immigration issues could adversely affect the ability to retain or hire key persons. We are subject to cybersecurity risks and may incur increasing costs to minimize those risks. Cybersecurity threats and incidents have increased in recent years, and we may be subject to heightened cyber-related risks, in part due to the extended period of remote work arrangements due to the COVID-19 pandemic. Our business depends on the proper functioning and availability of our information technology platform, including communications and data processing systems and our proprietary systems. We are also required to effect electronic transmissions with third parties including brokers, clients, vendors and others with whom we do business, as well as with our Board of Directors. We cannot guarantee that the controls and procedures we or third parties have in place to protect or recover our systems and information will be effective, successful or sufficiently rapid to avoid harm to our business. Security breaches, including at third parties that have our information, could expose us to a risk of loss or misuse of our information, litigation and potential liability. In addition, cyber incidents, such as ransomware attacks, that impact the availability, reliability, speed, accuracy or other proper functioning of our systems could have a significant impact on our operations and financial results. We may not have the resources or technical sophistication to anticipate or prevent rapidly evolving types of cyberattacks. A significant cyber incident, including system failure, security breach, disruption by malware or other damage could interrupt or delay our operations, result in a violation of applicable cybersecurity and privacy and other laws, damage our reputation, cause a loss of customers or expose sensitive customer data, or give rise to monetary fines and other penalties, which could be significant. While management is not aware of a cybersecurity incident that has had a material effect on our operations, there can be no assurances that a cybersecurity incident that could have a material impact on us will not occur in the future. The cybersecurity regulatory environment is evolving, and it is likely that the costs of complying with new or developing regulatory requirements will increase. In addition, we operate in a number of jurisdictions with strict data privacy and other related laws, which could be violated in the event of a significant cybersecurity incident or in the event of noncompliance by our personnel. Failure to comply with these obligations can give rise to fines and other penalties, which could be significant. See “Part I, Item 1. Business —Information Technology and Cybersecurity” for additional information related to information technology and cybersecurity. We may from time to time modify our business and strategic plan, and these changes could adversely affect us and our financial condition. We frequently monitor and analyze opportunities to acquire or make strategic investments in new or other businesses. The negotiation of potential acquisitions or strategic investments as well as the integration of an acquired business could be unsuccessful, result in a substantial diversion of management resources, or lead to other unanticipated risks or challenges. In addition, while our current business strategy focuses predominantly on writing reinsurance, as we grow our casualty and specialty and other property lines of business, we are increasingly writing excess and surplus lines insurance through delegated authority arrangements. risks associated with implementing or changing our business strategies and initiatives, including risks related to developing or enhancing our operations, controls and other infrastructure, may not have an impact on our publicly reported results until many years after implementation. Our failure to carry out our business plans may have an adverse effect on our long-term results of operations and financial condition. 42