Item 1A.Risk Factors

You should carefully consider the risks and uncertainties described below, together with all of the other information contained in this Annual Report, including our consolidated financial statements and the related notes thereto, before making a decision to invest in our securities. The risks and uncertainties described below are not the only ones we face. Additional risks and uncertainties not presently known to us, or that we currently believe are not material, also may become important factors that affect us and impair our business operations. The occurrence of any of the events or developments discussed in the risk factors below could have a material and adverse impact on our business, financial condition, results of operations and cash flows and, in such case, our future prospects would likely be materially and adversely affected.

Risks Related to Our Business

A significant portion of our revenues comes from a limited number of customers.

Our revenues have historically been derived from a limited number of customers. Although we continue to expand our customer base, we remain dependent on a limited number of customers for a substantial majority of our revenues. For example, for the fiscal years ended April 30, 2024, 2023 and 2022, we derived approximately 55%, 65% and 60% of our revenues from our top three customers, respectively. The loss of, or a significant reduction of business from, any of our primary customers could have a material adverse effect on our business, financial condition, and results of operations.

We generally do not have long-term customer contracts and our backlog cannot be relied upon as a future indicator of revenues.

We generally do not have long-term contracts with our customers, and existing contracts and purchase commitments may be canceled under certain circumstances. As a result, we are exposed to market and competitive price pressures on every order, and our agreements with customers do not provide assurance of future revenues. Our customers are not required to make minimum purchases and, in certain circumstances, may cease using our services at any time without penalty. Our backlog should not be relied on as a measure of anticipated demand or future revenue, because the orders constituting our backlog may be subject to changes in delivery schedules or cancellation without significant penalty to the customer. Any reductions, cancellations or deferrals in customer orders would negatively impact our business.

We are making a significant investment by expanding our CDMO service offering into the development and manufacture of viral vectors which will subject us to a number of risks and uncertainties that could adversely affect our operations and financial results.

Our expansion of our CDMO service offering into viral vector development and manufacturing services for the cell and gene therapy market involves a number of risks that could adversely affect our operations and financial results, including the following risks:

In addition to the foregoing, we have commenced a service offering that is currently dominated by a small number of larger organizations with established viral vector operations and significantly greater financial resources with whom we may experience difficulties in competing for talent and customers. If we are unable to manage these risks, our business and operating results could be materially harmed.

We have made a significant capital investment in our facilities in order to meet potential future biologics development and manufacturing needs and, as a result, we depend on the success of attracting new and retaining existing customers’ business.

We recently completed several expansions to our facilities, which significantly expanded our production capacity and capabilities. These expansions represent a substantial investment in our development and manufacturing capabilities, and have resulted in a significant increase in our fixed costs. This expansion represents a substantial investment in our manufacturing capabilities, and has resulted in a significant increase in our fixed costs. If we are not able to utilize the additional capacity and capabilities from these expansions, our margins could be adversely affected. If we are not able to utilize the additional capacity from this expansion, our margins could be adversely affected. Further, our future revenues may not be sufficient to ensure the economical operation of this expanded capacity and capabilities, in which case, our results of operations could be adversely affected. Further, our future revenues may not be sufficient to ensure the economical operation of this expanded capacity, in which case, our results of operations could be adversely affected.

Our rapid growth during the past several fiscal years may not be indicative of our future growth, and if we continue to grow rapidly, we may fail to manage our growth effectively.

While fiscal 2024 revenues were down from the prior fiscal year, since the fiscal year ended April 30, 2020 our revenues have grown approximately 134%. We believe our ability to continue to experience revenue growth will depend on a number of factors, including our ability to:

Moreover, we continue to expand our headcount and operations. Since fiscal 2020 our headcount has grown by 144 employees, or approximately 63%. We anticipate that we will continue to expand our operations and headcount in the near term and beyond. This potential future growth could place a significant strain on our management, administrative, operational and financial resources, company culture and infrastructure. Our success will depend in part on our ability to manage this growth effectively while retaining personnel. To manage the expected growth of our operations and personnel, we will need to continue to improve our operational, financial and management controls and our reporting systems and procedures. Failure to effectively manage growth could result in difficulty or delays in adding new customers, maintaining our strong quality systems, declines in quality or customer satisfaction, increases in costs, system failures, difficulties in introducing new features or solutions, the need for more capital than we anticipate or other operational difficulties, and any of these difficulties could harm our business performance and results of operations.

We rely on third parties to supply most of the necessary raw materials and supplies for the products we manufacture on behalf of our customers and our inability to obtain such raw materials or supplies may adversely impact our business, financial condition, and results of operations.

Our operations require various raw materials, including proprietary media, resins, buffers, and filters, in addition to numerous additional raw materials supplied primarily by third parties. We or our customers specify the raw materials and other items required to manufacture their product and, in some cases, specify the suppliers from whom we must purchase these raw materials. In certain instances, the raw materials and other items can only be supplied by a limited number of suppliers and, in some cases, a single source, or in limited quantities. If third-party suppliers do not supply raw materials or other items on a timely basis, it may cause a manufacturing run to be delayed or canceled which would adversely impact our financial condition and results of operations. Additionally, we do not have long-term supply contracts with any of our single source suppliers. If we experience difficulties acquiring sufficient quantities of required materials or products from our existing suppliers, or if our suppliers are found to be non-compliant with the FDA’s quality system regulation, CGMPs or other applicable laws or regulations, we would be required to find alternative suppliers. If our primary suppliers become unable or unwilling to perform, any resulting delays or interruptions in the supply of raw materials required to support our manufacturing of CGMP pharmaceutical-grade products would ultimately delay our manufacture of products for our customers, which could materially and adversely affect our financial condition and operating results. Furthermore, third-party suppliers may fail to provide us with raw materials and other items that meet the qualifications and specifications required by us or our customers. If third-party suppliers are not able to provide us with raw materials that meet our or our customers’ specifications on a timely basis, we may be unable to manufacture their product or it could prevent us from delivering products to our customers within required timeframes. Any such delay in delivering our products may create liability for us to our customers for breach of contract or cause us to experience order cancellations and loss of customers. In the event that we manufacture products with inferior quality components and raw materials, we may become subject to product liability claims caused by defective raw materials or components from a third-party supplier or from a customer, or our customer may be required to recall its products from the market.

All of our manufacturing facilities are situated in Orange County, California, which increases our exposure to significant disruption to our business as a result of unforeseeable developments in a single geographic area.

We operate our manufacturing facilities in Orange County, California. It is possible that we could experience prolonged periods of reduced production due to unforeseen catastrophic events occurring in or around our facilities. It is also possible that operations could be disrupted due to other unforeseen circumstances such as power outages, explosions, fires, floods, earthquakes or accidents. As a result, we may be unable to shift manufacturing capabilities to alternate locations, accept materials from suppliers, meet customer shipment needs or address other severe consequences that may be encountered, and we may suffer damage to our reputation. Our financial condition and results of our operations could be materially adversely affected were such events to occur.

Our manufacturing services are highly complex, and if we are unable to provide quality and timely services to our customers, our business could suffer.

The manufacturing services we offer are highly complex, due in part to strict regulatory requirements. A failure of our quality control systems in our facilities could cause problems to arise in connection with facility operations for a variety of reasons, including equipment malfunction, viral contamination, failure to follow specific manufacturing instructions, protocols and standard operating procedures, problems with raw materials or environmental factors. Such problems could affect production of a single manufacturing run or a series of runs, requiring the destruction of products, or could halt manufacturing operations altogether. In addition, our failure to meet required quality standards may result in our failure to timely deliver products to our customers, which, in turn, could damage our reputation for quality and service. Any such incident could, among other things, lead to increased costs, lost revenue, reimbursement to customers for lost drug substance, damage to and possibly termination of existing customer relationships, time and expense spent investigating the cause and, depending on the cause, similar losses with respect to other manufacturing runs. With respect to our commercial manufacturing, if problems are not discovered before the product is released to the market, we may be subject to regulatory actions, including product recalls, product seizures, injunctions to halt manufacture and distribution, restrictions on our operations, civil sanctions, including monetary sanctions, and criminal actions. In addition, such issues could subject us to litigation, the cost of which could be significant.

If we do not enhance our existing, or introduce new, service offerings in a timely manner, our offerings may become obsolete or noncompetitive over time, customers may not buy our offerings and our revenues and profitability may decline.

Demand for our manufacturing services may change in ways that we may not anticipate due to evolving industry standards and customer needs that are increasingly sophisticated and varied, as well as the introduction by others of new offerings and technologies that provide alternatives to our offerings. In the event we are unable to offer or enhance our service offerings or expand our manufacturing infrastructure to accommodate requests from our customers and potential customers, our offerings may become obsolete or noncompetitive over time, in which case our revenue and operating results would suffer. For example, if we are unable to respond to changes in the nature or extent of the technological or other needs of our customers through enhancing our offerings, our competition may develop offerings that are more competitive than ours, and we could find it more difficult to renew or expand existing agreements or obtain new agreements. Potential innovations intended to facilitate enhanced or new offerings generally will require a substantial capital investment before we can determine their commercial viability, and we may not have financial resources sufficient to fund all desired innovations. Even if we succeed in creating enhanced or new offerings, however, they may still fail to result in commercially successful offerings or may not produce revenue in excess of our costs of development, and they may be rendered obsolete by changing customer preferences or the introduction by our competitors of offerings embodying new technologies or features. Finally, the marketplace may not accept our innovations due to, among other things, existing patterns of clinical practice, the need for regulatory clearance and/or uncertainty over market access or government or third-party reimbursement.

If we use hazardous and biological materials in a manner that causes injury or violates applicable law, we may be liable for damages.

Our contract manufacturing operations involve the controlled use of hazardous materials and chemicals. We are subject to federal, state and local laws and regulations in the United States governing the use, manufacture, storage, handling and disposal of hazardous materials and chemicals. Although we believe that our procedures for using, handling, storing and disposing of these materials comply with legally prescribed standards, we may incur significant additional costs to comply with applicable laws in the future. Also, even if we are in compliance with applicable laws, we cannot completely eliminate the risk of contamination or injury resulting from hazardous materials or chemicals. As a result of any such contamination or injury, we may incur liability, or local, city, state or federal authorities may curtail the use of these materials and interrupt our business operations. In the event of an accident, we could be held liable for damages or penalized with fines, and the liability could exceed our resources. Compliance with applicable environmental laws and regulations is expensive, and current or future environmental regulations may impair our contract manufacturing operations, which could materially harm our business, financial condition and results of operations.

Our business, financial condition, and results of operations may be adversely affected by pandemics or similar public health crises.

Public health crises such as pandemics or similar outbreaks may affect our operations and those of third parties on which we rely, including our customers and suppliers. Our business, financial condition, and results of operations may be affected by: disruptions in our customers’ abilities to fund, develop, or bring to market products as anticipated; delays in or disruptions to the conduct of clinical trials by our customers; cancellations of contracts or confirmed orders from our customers; and inability, difficulty, or additional cost or delays in obtaining key raw materials, components, and other supplies from our existing supply chain; among other factors caused by a public health crises.

For example, the COVID-19 pandemic led to the implementation of various responses, including government-imposed quarantines, travel restrictions and other public health safety measures. The extent to which future pandemics impact our operations and/or those of our customers and suppliers will depend on future developments, which are highly uncertain and unpredictable, including the duration or recurrence of outbreaks, potential future government actions, new information that will emerge concerning the severity and impact of that pandemic and the actions to contain the pandemic or address its impact in the short and long term, among others.

The business disruptions associated with a global pandemic could impact the business, product development priorities and operations of our customers and suppliers. For example, disruptions in supply chains and disruptions to the operations of the FDA and other drug regulatory authorities, could result in, among other things, delays of inspections, reviews, and approvals of our customers’ products, as well as the volume and timing of orders from these customers. Such disruptions could result in delays in the development programs of our customers or impede the commercial efforts for our customers’ approved products, resulting in potential reductions or delays in orders from our customers which could have a material negative effect on our business in the future.

Potential product liability claims, errors and omissions claims in connection with services we perform and potential liability under indemnification agreements between us and our officers and directors could adversely affect us.

We manufacture products intended for use in humans. These activities could expose us to risk of liability for personal injury or death to persons using such products. We seek to reduce our potential liability through measures such as contractual indemnification provisions with customers (the scope of which may vary by customer, and the performances of which are not secured) and insurance maintained by us and our customers. We could be materially adversely affected if we are required to pay damages or incur defense costs in connection with a claim that is outside the scope of the indemnification agreements, if the indemnity, although applicable, is not performed in accordance with its terms or if our liabilities exceed the amount of applicable insurance or indemnity. In addition, we could be held liable for errors and omissions in connection with the services we perform. Although we currently maintain product liability and errors and omissions insurance with respect to these risks, such coverage may not be adequate or continue to be available on terms acceptable to us.

We also indemnify our officers and directors for certain events or occurrences while the officer or director is serving at our request in such capacity. The maximum potential amount of future payments we could be required to make under these indemnification agreements is unlimited. Although we have a director and officer insurance policy that covers a portion of any potential exposure, we could be materially and adversely affected if we are required to pay damages or incur legal costs in connection with a claim above such insurance limits.

Any claims beyond our insurance coverage limits, or that are otherwise not covered by our insurance, may result in substantial costs and a reduction in our available capital resources.

We maintain property insurance, employer’s liability insurance, product liability insurance, general liability insurance, business interruption insurance, and directors’ and officers’ liability insurance, among others. Although we maintain what we believe to be adequate insurance coverage, potential claims may exceed the amount of insurance coverage or may be excluded under the terms of the policy, which could cause an adverse effect on our business, financial condition and results from operations. Generally, we would be at risk for the loss of inventory that is not within customer specifications. These amounts could be significant. In addition, in the future we may not be able to obtain adequate insurance coverage or we may be required to pay higher premiums and accept higher deductibles in order to secure adequate insurance coverage.

Third parties may claim that our services or our customers’ products infringe on or misappropriate their intellectual property rights.

Any claims that our services infringe the rights of third parties, including claims arising from any of our customer engagements, regardless of their merit or resolution, could be costly and may divert the efforts and attention of our management and technical personnel. We may not prevail in such proceedings, given the complex technical issues and inherent uncertainties in intellectual property litigation. If such proceedings result in an adverse outcome, we could be required, among other things, to pay substantial damages, discontinue the use of the infringing technology, expend significant resources to develop non-infringing technology, license such technology from the third party claiming infringement (which license may not be available on commercially reasonable terms or at all) and/or cease the manufacture, use or sale of the infringing processes or offerings, any of which could have a material adverse effect on our business.

In addition, our customers’ products may be subject to claims of intellectual property infringement and such claims could materially affect our business if their products cease to be manufactured and they have to discontinue the use of the infringing technology which we may provide. Any of the foregoing could affect our ability to compete or could have a material adverse effect on our business, financial condition and results of operations.

We depend on key personnel and the loss of key personnel could harm our business and results of operations.

We depend on our ability to attract and retain qualified scientific and technical employees, as well as a number of key executives. These employees may voluntarily terminate their employment with us at any time. We may not be able to retain key personnel, or attract and retain additional qualified employees. We do not maintain key-man or similar policies covering any of our senior management or key personnel. Our inability to attract and retain key personnel would have a material adverse effect on our business.

Our ability to use net operating loss, or NOL, carryforwards and certain other tax attributes to offset future taxable income or taxes may be limited.

As of April 30, 2024, we had federal and state NOL carryforwards of approximately $454.6 million and $281.1 million, respectively. The federal NOL carryforwards generated prior to January 1, 2018 expire in various fiscal years through 2038, unless previously utilized. The federal net operating loss carry forwards generated prior to January 1, 2018 expire in fiscal years 2024 through 2038, unless previously utilized. The federal NOL carryforwards generated after January 1, 2018 of $95.6 million can be carried forward indefinitely under current law, but can only be utilized to offset up to 80% of future taxable income. In addition, utilization of NOL carryforwards may be subject to a substantial annual limitation pursuant to Section 382 of the Internal Revenue Code of 1986, as amended, as well as similar state provisions due to “ownership changes” that have occurred previously or that could occur in the future. However, utilization of NOL carry forwards may be subject to a substantial annual limitation pursuant to Section 382 of the Internal Revenue Code of 1986, as amended, as well as similar state provisions due to ownership changes that have occurred previously or that could occur in the future. In general, an “ownership change,” as defined by Section 382, results from transactions increasing the ownership of certain stockholders or public groups in the stock of a corporation by more than 50 percentage points over a three-year period. A Section 382 analysis has been completed through the fiscal year ended April 30, 2024, that concluded no such ownership change had occurred. A Section 382 analysis has been completed through the fiscal year ended April 30, 2022, which it was determined that no such change in ownership had occurred. However, if there were any ownership changes occurring subsequent to April 30, 2024 that could impact the utilization of our NOL carryforwards and other tax attributes. However, ownership changes occurring subsequent to April 30, 2022 may impact the utilization of our NOL carry forwards and other tax attributes. Additionally, states may impose other limitations on the use of state NOL carryforwards. Any limitation may result in expiration of a portion of the NOL carryforwards before utilization. If we were not able to utilize our NOL carryforwards, we would be required to use our cash resources to pay taxes that would otherwise have been offset, thereby reducing our liquidity.

Our effective tax rate may fluctuate, and we may incur obligations in tax jurisdictions in excess of accrued amounts.

Our effective tax rate is derived from a combination of applicable tax rates in the various places that we operate. In preparing our financial statements, we estimate the amount of tax that will become payable in each such place. Nevertheless, our effective tax rate may be different than experienced in the past due to numerous factors, including the impact of stock-based compensation, changes in the mix of our profitability between tax jurisdictions, the results of examinations and audits of our tax filings, our inability to secure or sustain acceptable agreements with tax authorities, changes in accounting for income taxes and changes in tax laws. Any of these factors could cause us to experience an effective tax rate significantly different from previous periods or our current expectations and may result in tax obligations in excess of amounts accrued in our financial statements.

Our operating results may be harmed if we are required to collect sales, services or other related taxes for our products and services in jurisdictions where we have not historically done so.

We do not believe that we are required to collect sales, use, services or other similar taxes from our customers in certain jurisdictions. However, one or more states may seek to impose sales, use, services, or other tax collection obligations on us, including for past sales. A successful assertion by one or more jurisdictions that we should collect sales or other taxes on the sale of our products and services could result in substantial tax liabilities for past sales and decrease our ability to compete for future sales. Each state has different rules and regulations governing sales and use taxes and these rules and regulations are subject to varying interpretations that may change over time.

Providers of goods or services are typically held responsible by taxing authorities for the collection and payment of any applicable sales and similar taxes. If one or more taxing authorities determines that taxes should have, but have not, been paid with respect to our products and services, we may be liable for past taxes in addition to being required to collect sales or similar taxes in respect of our products and services going forward. Liability for past taxes may also include substantial interest and penalty charges. Our customer contracts generally provide that our customers must pay all applicable sales and similar taxes. Nevertheless, customers may be reluctant to pay back taxes and may refuse responsibility for interest or penalties associated with those taxes or we may determine that it would not be feasible to seek reimbursement. If we are required to collect and pay back taxes and the associated interest and penalties and if our customers do not reimburse us for all or a portion of these amounts, we will have incurred unplanned expenses that may be substantial. Moreover, imposition of such taxes on our products and services going forward will effectively increase the cost of such products and services to our customers.

Many states are also pursuing legislative expansion of the scope of goods and services that are subject to sales and similar taxes as well as the circumstances in which a vendor of goods and services must collect such taxes. Following the U.S. Supreme Court decision in South Dakota v. Wayfair, Inc., states are now free to levy taxes on sales of goods and services based on an “economic nexus,” regardless of whether the seller has a physical presence in the state. Furthermore, legislative proposals have been introduced in Congress that would provide states with additional authority to impose such taxes. Accordingly, it is possible that either federal or state legislative changes may require us to collect additional sales and similar taxes from our customers in the future.

We may be subject to various litigation claims and legal proceedings.

We, as well as certain of our directors and officers, may be subject to claims or lawsuits during the ordinary course of business. Regardless of the outcome, these lawsuits may result in significant legal fees and expenses and could divert management’s time and other resources. If the claims contained in these lawsuits are successfully asserted against us, we could be liable for damages and be required to alter or cease certain of our business practices. Any of these outcomes could cause our business, financial performance and cash position to be negatively impacted.

We and the third parties with whom we work are subject to stringent and evolving laws, regulations, and rules, contractual obligations, industry standards, policies and other obligations related to data privacy and security. Our (or the third parties with whom we work) actual or perceived failure to comply with such obligations could lead to regulatory investigations or actions; litigation (including class claims); fines and penalties; disruptions of our business operations; reputational harm; loss of revenue or profits; and other adverse business consequences.

In the ordinary course of business, we collect, receive, store, process, generate, use, transfer, disclose, make accessible, protect, secure, dispose of, transmit, and share (collectively, process) personal data and other sensitive information, including proprietary and confidential business data, trade secrets, intellectual property, business plans, transactions, and financial information (collectively, sensitive data).

Our data processing activities subject us to numerous data privacy and security obligations, such as various laws, regulations, guidance, industry standards, external and internal privacy and security policies, contractual requirements, and other obligations relating to data privacy and security.

In the United States, federal, state, and local governments have enacted numerous data privacy and security laws, including data breach notification laws, personal data privacy laws, consumer protection laws (e.g., Section 5 of the Federal Trade Commission Act), and other similar laws (e.g., wiretapping laws). In the past few years, numerous U.S. states—including California, Virginia, Colorado, Connecticut, and Utah—have enacted comprehensive privacy laws that impose certain obligations on covered businesses, including providing specific disclosures in privacy notices and affording residents with certain rights concerning their personal data. These state laws allow for statutory fines for noncompliance. For example, the California Consumer Privacy Act of 2018 (“CCPA”), applies to personal data of consumers, business representatives, and employees who are California residents, and requires businesses to provide specific disclosures in privacy notices and honor requests of such individuals to exercise certain privacy rights. The CCPA provides for fines of up to $7,500 per intentional violation and allows private litigants affected by certain data breaches to recover significant statutory damages. Similar laws are being considered in several other states, as well as at the federal and local levels, and we expect more states to pass similar laws in the future. These developments may further complicate compliance efforts and increase legal risk and compliance costs for us and the third parties upon whom we rely.

In addition to data privacy and security laws, we are bound by other contractual obligations related to data privacy and security, and our efforts to comply with such obligations may not be successful. We publish privacy policies, and other statements, such as compliance with certain certifications or self-regulatory principles, regarding data privacy and security. If these policies, materials or statements are found to be deficient, lacking in transparency, deceptive, unfair, or misrepresentative of our practices, we may be subject to investigation, enforcement actions by regulators or other adverse consequences.

Obligations related to data privacy and security (and consumers’ data privacy expectations) are quickly changing, becoming increasingly stringent, and creating uncertainty. Additionally, these obligations may be subject to differing applications and interpretations, which may be inconsistent or conflict among jurisdictions. Preparing for and complying with these obligations requires us to devote significant resources and may necessitate changes to our services, information technologies, systems, and practices and to those of any third parties that process personal data on our behalf.

We may at times fail (or be perceived to have failed) in our efforts to comply with our data privacy and security obligations. Moreover, despite our efforts, our personnel or third parties with whom we work may fail to comply with such obligations, which could negatively impact our business operations. If we or the third parties with whom we work fail, or are perceived to have failed, to address or comply with applicable data privacy and security obligations, we could face significant consequences, including but not limited to: government enforcement actions (e.g., investigations, fines, penalties, audits, inspections, and similar); litigation (including class-action claims); additional reporting requirements and/or oversight; bans on processing personal data; and orders to destroy or not use personal data, loss of customers; interruptions or stoppages in our business operations (including, as relevant, clinical trials); limited ability to develop or commercialize our products; expenditure of time and resources to defend any claim or inquiry; adverse publicity; or substantial changes to our business model or operations.

Our information technology systems, or those of the third parties with whom we work, or our data are or were compromised, we could experience adverse consequences resulting from such compromise, including but not limited to regulatory investigations or actions; litigation; fines and penalties; disruptions of our business operations; reputational harm; loss or revenue or profits; and other adverse consequences that which could have a material adverse effect on our business, financial condition, results of operations and cash flows.

In the ordinary course of our business, we and the third parties with whom we work process sensitive data, and, as a result, we and the third parties with whom we work face a variety of evolving threats that could cause security incidents. We are also increasingly dependent upon sophisticated information technology systems and infrastructure in connection with the conduct of our business. We are increasingly dependent upon sophisticated information technology systems and infrastructure in connection with the conduct of our business. We must constantly update our information technology infrastructure and our various current information technology systems may not continue to meet our current and future business needs. We must constantly update our information technology infrastructure and our various current information technology systems throughout the organization may not continue to meet our current and future business needs. Furthermore, modification, upgrade or replacement of such systems may be costly. Due to the size and complexity of our information technology systems, any breakdown, interruption, corruption or unauthorized access to or cyber-attack on these systems could create system disruptions, shutdowns or unauthorized disclosure of sensitive data. In addition, due to the size and complexity of these systems, any breakdown, interruption, corruption or unauthorized access to or cyber-attack on these systems could create system disruptions, shutdowns or unauthorized disclosure of confidential information.

Cyber-attacks, malicious internet-based activity, online and offline fraud, and other similar activities threaten the confidentiality, integrity, and availability of our sensitive data and information technology systems, and those of the third parties with whom we work. Such threats are prevalent and continue to rise, are increasingly difficult to detect, and come from a variety of sources, including traditional computer “hackers,” threat actors, “hacktivists,” organized criminal threat actors, personnel (such as through theft or misuse), sophisticated nation states, and nation-state-supported actors. Some actors now engage and are expected to continue to engage in cyber-attacks, including without limitation nation-state actors for geopolitical reasons and in conjunction with military conflicts and defense activities. During times of war and other major conflicts, we and the third parties upon which we rely may be vulnerable to a heightened risk of these attacks, including retaliatory cyber-attacks, that could materially disrupt our systems and operations, supply chain, and ability to produce, sell and distribute our products and services.

We and the third parties with whom we work are subject to a variety of evolving threats, including but not limited to social-engineering attacks (including through deep fakes, which may be increasingly more difficult to identify as fake, and phishing attacks), malicious code (such as viruses and worms), malware (including as a result of advanced persistent threat intrusions), denial-of-service attacks, credential stuffing, credential harvesting, personnel misconduct or error, ransomware attacks, supply-chain attacks, software bugs, server malfunctions, software or hardware failures, loss of data or other information technology assets, adware, attacks enhanced or facilitated by AI, telecommunications failures, earthquakes, fires, floods, and other similar threats.

In particular, severe ransomware attacks are becoming increasingly prevalent and can lead to significant interruptions in our operations, ability to provide our products or services, loss of sensitive data and income, reputational harm, and diversion of funds. Extortion payments may alleviate the negative impact of a ransomware attack, but we may be unwilling or unable to make such payments due to, for example, applicable laws or regulations prohibiting such payments.

Remote work has become more common and has increased risks to our information technology systems and data, as more of our employees utilize network connections, computers, and devices outside our premises or network, including working at home, while in transit and in public locations. Additionally, future or past business transactions (such as acquisitions or integrations) could expose us to additional cybersecurity risks and vulnerabilities, as our systems could be negatively affected by vulnerabilities present in acquired or integrated entities’ systems and technologies. We may discover security issues that were not found during due diligence of such acquired or integrated entities, and it may be difficult to integrate companies into our information technology environment and security program.

We rely on third-party service providers and technologies to operate critical business systems that process sensitive data. Our ability to monitor these third parties’ information security practices is limited, and these third parties may not have adequate information security measures in place. If our third-party service providers experience a security incident or other interruption, we could experience adverse consequences. While we may be entitled to damages if our third-party service providers fail to satisfy their privacy or security-related obligations to us, any award may be insufficient to cover our damages, or we may be unable to recover such award.

We take steps designed to detect, mitigate, and remediate vulnerabilities in our information technology systems. We may not, however, detect and remediate all such vulnerabilities including on a timely basis. Further, we may experience delays in deploying remedial measures and patches designed to address identified vulnerabilities. Vulnerabilities could be exploited and result in a security incident.

While we have implemented security measures designed to protect our sensitive data and information technology systems and to prevent such breakdowns and unauthorized breaches and cyber-attacks, these measures may not be successful and these breakdowns and breaches in, or attacks on, our systems and data may not be prevented. Such breakdowns, breaches or attacks may cause business interruption and could have a material adverse effect on our business, financial condition, results of operations and cash flows and could cause the market value of our shares of common stock to decline. Such breakdowns, breaches or attacks may cause business interruption and could have a material adverse effect on our business, financial condition, results of operations and cash flows and could cause the market value of our shares of common stock to decline, and we may suffer financial damage or other loss, including fines or criminal penalties because of lost or misappropriated information. If we (or a third party with whom we work) experience a security incident or are perceived to have experienced a security incident, we may experience adverse consequences, such as government enforcement actions (for example, investigations, fines, penalties, audits, and inspections); additional reporting requirements and/or oversight; restrictions on processing sensitive data (including personal data); litigation (including class claims); indemnification obligations; negative publicity; reputational harm; monetary fund diversions; diversion of management attention; interruptions in our operations (including availability of data); financial damage or other loss, including fines or criminal penalties because of lost or misappropriated information.

Applicable data privacy and security obligations may require us to notify relevant stakeholders, including affected individuals, customers, regulators, and investors, of security incidents, or to implement other requirements, such as providing credit monitoring. Such disclosures and compliance with such requirements are costly, and the disclosure or the failure to comply with such requirements could lead to adverse consequences. Security incidents and attendant consequences may prevent or cause customers to stop using our services, deter new customers from using our services, and negatively impact our ability to grow and operate our business.

We may expend significant resources or modify our business activities to try to protect against security incidents. Additionally, certain data privacy and security obligations may require us to implement and maintain specific security measures or industry-standard or reasonable security measures to protect our information technology systems and sensitive data.

Our contracts may not contain limitations of liability, and even where they do, there can be no assurance that limitations of liability in our contracts are sufficient to protect us from liabilities, damages, or claims related to our data privacy and security obligations. We cannot be sure that our insurance coverage will be adequate or sufficient to protect us from or to mitigate liabilities arising out of our privacy and security practices, that such coverage will continue to be available on commercially reasonable terms or at all, or that such coverage will pay future claims.

Increasing attention to ESG matters may impact our business, financial results or stock price.

Companies across all industries are facing increasing scrutiny from stakeholders related to their ESG practices and disclosures, including practices and disclosures related to climate change, diversity and inclusion and governance standards. Investor advocacy groups, certain institutional investors, lenders, investment funds and other influential investors are also increasingly focused on ESG practices and disclosures and in recent years have placed increasing importance on the implications and social cost of their investments. In addition, government organizations are enhancing or advancing legal and regulatory requirements specific to ESG matters. The heightened stakeholder focus on ESG issues related to our business requires the continuous monitoring of various and evolving laws, regulations, standards and expectations and the associated reporting requirements. A failure to adequately meet stakeholder expectations may result in noncompliance, the loss of business, reputational impacts, diluted market valuation, an inability to attract customers and an inability to attract and retain top talent. In addition, our adoption of certain standards or mandated compliance to certain requirements could necessitate additional investments that could have an adverse effect on our results of operations.

We may seek to grow our business through acquisitions of complementary businesses, and the failure to manage acquisitions, or the failure to integrate them with our existing business, could harm our financial condition and operating results.

From time to time, we may consider opportunities to acquire other companies, products or technologies that may enhance our manufacturing capabilities, expand the breadth of our markets or customer base, or advance our business strategies. Potential acquisitions involve numerous risks, including: problems assimilating the acquired service offerings, products or technologies; issues maintaining uniform standards, procedures, quality control and policies; unanticipated costs associated with acquisitions; diversion of management’s attention from our existing business; risks associated with entering new markets in which we have limited or no experience; increased legal and accounting costs relating to the acquisitions or compliance with regulatory matters; and unanticipated or undisclosed liabilities of any target.

We do not know if we will be able to identify acquisitions we deem suitable, whether we will be able to successfully complete any such acquisitions on favorable terms or at all, or whether we will be able to successfully integrate any acquired service offerings, products or technologies. Our potential inability to integrate any acquired service offerings, products or technologies effectively may adversely affect our business, financial condition, and results of operations.

We, and certain of our customers may, maintain cash at financial institutions, often in balances that exceed federally-insured limits. The failure of financial institutions could adversely affect our access to our funds, our ability to pay operational expenses or make other payments, and the ability of our customers to pay us for our services. The failure of financial institutions could adversely affect our access to to our funds, our ability to pay operational expenses or make other payments, and the ability of our customers to pay us for our services.

We, and certain of our customers may, maintain cash in accounts that exceed the Federal Deposit Insurance Corporation (“FDIC”) insurance limits. If such banking institutions were to fail, we and/or potentially certain of our customers could lose all or a portion of those amounts held in excess of such insurance limitations. For example, the FDIC took control of Silicon Valley Bank on March 10, 2023. Although we did not have any cash or cash equivalents at Silicon Valley Bank and the Federal Reserve subsequently announced that account holders would be made whole, the FDIC may not make all account holders whole in the event of future bank failures. In addition, even if account holders are ultimately made whole with respect to a future bank failure, account holders’ access to their accounts and assets held in their accounts may be substantially delayed. Any material loss that we and/or our customers may experience in the future or inability for a material time period to access our or their cash and cash equivalents could have an adverse effect on our ability to pay our operational expenses or make other payments, and/or our customers’ ability to pay us for services rendered (or may cause them to cancel scheduled services) which could adversely affect our business.

Risks Related to Our Customers

The consumers of the products we manufacture for our customers may significantly influence our business, financial condition, and results of operations.

We depend on, and have no control over, consumer demand for the products we manufacture for our customers. Consumer demand for our customers’ products could be adversely affected by, among other things, delays in health regulatory approval, the inability of our customers to demonstrate the efficacy and safety of their products, the loss of patent and other intellectual property rights protection, the emergence of competing or alternative products, including generic drugs and the degree to which private and government payment subsidies for a particular product offset the cost to consumers and changes in the marketing strategies for such products. Additionally, if the products we manufacture for our customers do not gain market acceptance, our revenues and profitability may be adversely affected.

Our consumers, as well as various aspects of our business, may be subject to other U.S. healthcare laws, including U.S. federal Anti-Kickback Statute, the civil False Claims Act, the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”), HIPAA, as amended by Health Information Technology for Economic and Clinical Health Act of 2009, and similar state and local laws and regulations. Penalties for violating these laws can be significant.

We believe that continued changes to the healthcare industry, including ongoing healthcare reform, adverse changes in government or private funding of healthcare products and services, legislation or regulations governing the privacy of patient information or patient access to care, or the delivery, pricing or reimbursement of pharmaceuticals and healthcare services or mandated benefits, may cause healthcare industry participants to purchase fewer services from us or influence the price that others are willing to pay for our services. Changes in the healthcare industry’s pricing, selling, inventory, distribution or supply policies or practices could also significantly reduce our revenue and profitability.

If production volumes of key products that we manufacture for our customers decline, our financial condition and results of operations may be adversely affected.

Our customers’ failure to receive or maintain regulatory approval for their product candidates could negatively impact our revenues and profitability.

Our success depends upon the regulatory approval of the products we manufacture. As such, if our customers experience a delay in, or a failure to receive, approval for any of their product candidates or fail to maintain regulatory approval of their products, and we are not able to manufacture these products, our revenue and profitability could be adversely affected. Additionally, if the FDA or a comparable foreign regulatory authority does not approve of our facilities for the manufacture of a customer product, or if it withdraws such approval in the future, our customers may choose to identify alternative manufacturing facilities and/or relationships, which could significantly impact our ability to expand our manufacturing capacity and capabilities and achieve profitability.

We depend on spending and demand from our customers for our contract manufacturing and development services and any reduction in spending or demand, whether due to a deterioration in macroeconomic conditions or unfavorable research and development results, could have a material adverse effect on our revenues and profitability.

The amount that our customers spend on the development and manufacture of their products or product candidates, particularly the amount our customers choose to spend on outsourcing these services to us, substantially impacts our revenue and profitability. During times of greater economic uncertainty, such as the biopharmaceutical industry is currently experiencing, our smaller customers with products in earlier stages of development tend to be much more negatively impacted due to the tightening of the access to capital. As a result, such earlier stage customers may be forced to delay or cancel our services in an effort to conserve cash which could have a material adverse effect on our revenues and profitability. In addition, the outcomes of our customers’ research, development and marketing also significantly influence the amount that our customers choose to spend on our services and offerings. Our customers determine the amounts that they will spend on our services based upon, among other things, the clinical and market success of their products, available resources and their need to develop new products which, in turn, depend upon a number of other factors, including their competitors’ research, development and product initiatives and the anticipated market for any new products, as well as clinical and reimbursement scenarios for specific products and therapeutic areas. Further, increasing consolidation in the pharmaceutical industry may impact such spending, particularly in the event that any of our customers choose to develop or acquire integrated manufacturing operations. Any reduction in customer spending on biologics development and related services as a result of these and other factors could have a material adverse effect on our business, financial condition, and results of operations.

If we are unable to protect the confidentiality of our customers’ proprietary information, we may be subject to claims.

Many of the formulations used and processes developed by us in the manufacture of our customers’ products are subject to trade secret protection, patents or other intellectual property protections owned or licensed by such customer. While we make significant efforts to protect our customers’ proprietary and confidential information, including requiring our employees to enter into agreements protecting such information, if any of our employees breach the non-disclosure provisions in such agreements, or if our customers make claims that their proprietary information has been disclosed, our reputation may suffer damage and we may become subject to legal proceedings that could require us to incur significant expense and divert our management’s time, attention and resources.

Risks Related to the Industry in Which We Operate

Failure to comply with existing and future regulatory requirements could adversely affect our business, financial condition, and results of operations.

Our industry is highly regulated. We are required to comply with the regulatory requirements of various local, state, provincial, national and international regulatory bodies having jurisdiction in the countries or localities in which we manufacture products or in which our customers’ products are distributed. In particular, we are subject to laws and regulations concerning development, testing, manufacturing processes, equipment and facilities, including compliance with CGMPs, import and export, and product registration and listing, among other things. As a result, most of our facilities are subject to regulation by the FDA, as well as regulatory bodies of other jurisdictions where our customers have marketing approval for their products including, but not limited to, the EMA, ANVISA, PMDA, Health Canada and/or the Australian Department of Health, depending on the countries in which our customers market and sell the products we manufacture on their behalf. As a result, most of our facilities are subject to regulation by the FDA, as well as regulatory bodies of other jurisdictions where our customers have marketing approval for their products including, but not limited to, the EMA, ANVISA and/or Health Canada, depending on the countries in which our customers market and sell the products we manufacture on their behalf. As we expand our operations, we may be exposed to more complex and new regulatory and administrative requirements and legal risks, any of which may require expertise in which we have little or no experience. It is possible that compliance with new regulatory requirements could impose significant compliance costs on us. Such costs could have a material adverse effect on our business, financial condition and results of operations.

These regulatory requirements impact many aspects of our operations, including manufacturing, developing, storage, distribution, import and export and record keeping related to customers’ products. Noncompliance with any applicable regulatory requirements can result in government refusal to approve: (i) facilities for testing or manufacturing products or (ii) products for commercialization. The FDA and other regulatory agencies can delay, limit or deny approval for many reasons, including:

In addition, if new legislation or regulations are enacted or existing legislation or regulations are amended or are interpreted or enforced differently, we may be required to obtain additional approvals or operate according to different manufacturing or operating standards. This may require a change in our development and manufacturing techniques or additional capital investments in our facilities. Any related costs may be significant. If we fail to comply with applicable regulatory requirements in the future, then we may be subject to warning letters and/or civil or criminal penalties and fines, suspension or withdrawal of regulatory approvals, product recalls, seizure of products, restrictions on the import and export of our products, debarment, exclusion, disgorgement of profits, operating restrictions and criminal prosecution and the loss of contracts and resulting revenue losses. Inspections by regulatory authorities that identify any deficiencies could result in remedial actions, production stoppages or facility closure, which would disrupt the manufacturing process and supply of product to our customers. In addition, such failure to comply could expose us to contractual and product liability claims, including claims by customers for reimbursement for lost or damaged active pharmaceutical ingredients or recall or other corrective actions, the cost of which could be significant.

In addition, products we manufacture must undergo pre-clinical and clinical evaluations relating to product safety and efficacy before they are approved as commercial therapeutic products. The regulatory authorities having jurisdiction in the countries in which our customers intend to market their products may delay or put on hold clinical trials or delay approval of a product or determine that the product is not approvable. The FDA or other regulatory agencies can delay approval of a drug if our manufacturing facility, including any newly commissioned facility, is not able to demonstrate compliance with CGMPs, pass other aspects of pre-approval inspections or properly scale up to produce commercial supplies. The FDA and comparable government authorities having jurisdiction in the countries in which we or our customers intend to market their products have the authority to withdraw product approval or suspend manufacture if there are significant problems with raw materials or supplies, quality control and assurance or the product we manufacture is adulterated or misbranded. If our manufacturing facilities and services are not in compliance with FDA and comparable government authorities, we may be unable to obtain or maintain the necessary approvals to continue manufacturing products for our customers, which would materially adversely affect our financial condition and results of operations.

We operate in a highly competitive market and competition may adversely affect our business.

We operate in a market that is highly competitive. Our competition in the contract manufacturing market includes full-service contract manufacturers and large pharmaceutical companies offering third-party manufacturing services to fill their excess capacity. We may also compete with the internal operations of those pharmaceutical companies that choose to source their product offerings internally. In addition, most of our competitors may have substantially greater financial, marketing, technical or other resources than we do. Moreover, additional competition may emerge, particularly in lower-cost jurisdictions such as India, which could, among other things, result in a decrease in the fees paid for our services, which may adversely affect our financial condition and results of operations. Moreover, additional competition may emerge, particularly in lower-cost jurisdictions such as India and China, which could, among other things, result in a decrease in the fees paid for our services, which may adversely affect our financial condition and results of operations.

Risks Related to the Ownership of Our Common Stock

We have identified a material weakness in our internal control over financial reporting, which if not remediated, could adversely affect our business.

Our management is responsible for establishing and maintaining adequate internal control over financial reporting designed to provide reasonable assurance regarding the reliability of financial reporting and the preparation of financial statements for external purposes in accordance with GAAP. Our management is likewise required, on a quarterly basis, to evaluate the effectiveness of our internal controls and to disclose any changes and material weaknesses identified through such evaluation in those internal controls. A material weakness is a deficiency, or a combination of deficiencies, in internal control over financial reporting, such that there is a reasonable possibility that a material misstatement of our annual or interim financial statements will not be prevented or detected on a timely basis.

As described elsewhere in this Annual Report, in March 2024 we identified a material weakness in our internal control over financial reporting. As a result of this material weakness, our management has concluded that our internal control over financial reporting was not effective as of April 30, 2024. For additional detail and a discussion of management’s consideration of the material weakness identified, see Part II, Item 9A, “Controls and Procedures” included in this Annual Report.

Management, under the oversight of the audit committee of our board of directors, has implemented controls that are intended to remediate the material weakness. These controls include the initial and periodic review of covenants, acceleration clauses, events of default, and other pertinent information in our debt agreements to enable management to assess whether any of these provisions impact our financial reporting.

Any failure to maintain such internal control could adversely impact our ability to report our financial position and results from operations on a timely and accurate basis. If our financial statements are not accurate, investors may not have a complete understanding, or an inaccurate understanding, of our financial results or financial condition. Likewise, if our financial statements are not filed on a timely basis, we could be subject to sanctions or investigations by the Nasdaq Stock Market, the SEC or other regulatory authorities. In either case, a material adverse effect on our business could result from ineffective internal controls. Ineffective internal controls could also cause investors to lose confidence in our reported financial information, which could have a negative effect on the trading price of our common stock.

We can give no assurance that the measures we have implemented will remediate the material weakness identified or that any additional material weaknesses or restatements of financial results will not arise in the future due to a failure to implement and maintain adequate internal control over financial reporting or circumvention of these controls. In addition, even if we are successful in strengthening our controls and procedures, in the future those controls and procedures may not be adequate to prevent or identify irregularities or errors or to facilitate the fair presentation of our financial statements.

Our issuance of additional capital stock pursuant to our stock incentive plan, or in connection with financings, acquisitions, or otherwise will dilute the interests of other security holders and may depress the price of our common stock.

We expect to issue additional capital stock in the future that will result in dilution to all other stockholders. We expect to grant equity awards to employees, directors and consultants under our stock incentive plan. We may also raise capital through equity financings in the future. As part of our growth strategy, we may seek to acquire companies and issue equity securities to pay for any such acquisition. Any such issuances of additional capital stock may cause stockholders to experience significant dilution of their ownership interests and the per share value of our common stock to decline. Furthermore, if we issue additional equity or convertible debt securities, the new equity securities could have rights senior to those of our common stock. For example, if we elect to settle our conversion obligation under our 7.00% Convertible Senior Notes due 2029 (“2029 Notes”) in shares of our common stock or a combination of cash and shares of our common stock, the issuance of such common stock may dilute the ownership interests of our stockholders and sales in the public market could adversely affect prevailing market prices. For example, if we elect to settle our conversion obligation under our 1.25% Convertible Senior Notes due 2026 (“Convertible Notes”) in shares of our common stock or a combination of cash and shares of our common stock, the issuance of such common stock may dilute the ownership interests of our stockholders and sales in the public market could adversely affect prevailing market prices.

The price of our common stock has been and may continue to be highly volatile and may adversely affect the liquidity of our common stock.

The market price of our common stock has generally been highly volatile and may continue to be highly volatile.

The market price of our common stock may be significantly impacted by many factors including the following:

These and other external factors have caused and may continue to cause the market price and demand for our common stock to fluctuate substantially, which may limit or prevent investors from readily selling their shares of our common stock, and may otherwise negatively affect the liquidity of our common stock.

Anti-takeover provisions in our certificate of incorporation, amended and restated bylaws, the Indenture (defined below), as well as provisions of Delaware law could prevent or delay a change in control of our company, even if such change in control would be beneficial to our stockholders.

Provisions of our certificate of incorporation and amended and restated bylaws could discourage, delay or prevent a merger, acquisition or other change in control of our company, even if such change in control would be beneficial to our stockholders. These include: authorizing the issuance of “blank check” preferred stock that could be issued by our board of directors to increase the number of outstanding shares and thwart a takeover attempt; no provision for the use of cumulative voting for the election of directors; limiting the ability of stockholders to call special meetings; requiring all stockholder actions to be taken at a meeting of our stockholders (i.e. no provision for stockholder action by written consent); and establishing advance notice requirements for nominations for election to the board of directors or for proposing matters that can be acted upon by stockholders at stockholder meetings.

Further, in connection with our 2029 Notes issuances, we entered into an indenture dated as of March 12, 2024 (as amended or supplemented, the “Indenture”) with U.S. Bank Trust Company, National Association, as trustee. Certain provisions in the Indenture could make it more difficult or more expensive for a third party to acquire us. For example, if a takeover would constitute a fundamental change, holders of the 2029 Notes will have the right to require us to repurchase their 2029 Notes in cash. For example, if a takeover would constitute a fundamental change, holders of the Convertible Notes will have the right to require us to repurchase their Convertible Notes in cash. In addition, if a takeover constitutes a make-whole fundamental change, we may be required to increase the conversion rate for holders who convert their 2029 Notes in connection with such takeover. In either case, and in other cases, our obligations under the 2029 Notes and the Indenture could increase the cost of acquiring us or otherwise discourage a third party from acquiring us or removing incumbent management. In either case, and in other cases, our obligations under the Convertible Notes and the Indenture could increase the cost of acquiring us or otherwise discourage a third party from acquiring us or removing incumbent management.

In addition, Section 203 of the Delaware General Corporation Law prohibits us, except under specified circumstances, from engaging in any mergers, significant sales of stock or assets or business combinations with any stockholder or group of stockholders who owns at least 15% of our common stock.

Our amended and restated bylaws provide that the Court of Chancery of the State of Delaware will be the exclusive forum for substantially all disputes between us and our stockholders, which could limit our stockholders’ ability to obtain a favorable judicial forum for disputes with us or our directors, officers or employees.

Our amended and restated bylaws provide that, unless we consent in writing to an alternative forum and except for actions arising under the Exchange Act or Securities Act, the Court of Chancery of the State of Delaware is the exclusive forum for any derivative action or proceeding brought on our behalf, any action asserting a claim of breach of a fiduciary duty owed by any of our directors, officers, or other employees to us or our stockholders, any action asserting a claim against us arising pursuant to the Delaware General Corporation Law, our certificate of incorporation or our bylaws, or any action asserting a claim against us that is governed by the internal affairs doctrine. The choice of forum provision may limit a stockholder’s ability to bring a claim in a judicial forum that it finds favorable for disputes with us or our directors, officers or other employees, which may discourage such lawsuits against us and our directors, officers and other employees.

We do not intend to pay dividends on our common stock, so any returns will be limited to the value of our stock.

We have never declared or paid any cash dividend on our common stock. We currently anticipate that we will retain future earnings, if any, for the development, operation and expansion of our business and do not anticipate declaring or paying any cash dividends for the foreseeable future. Any return to stockholders will therefore be limited to the appreciation of the trading price of our common stock.

If securities or industry analysts do not publish research reports about us, or if they issue adverse opinions about our business, our stock price and trading volume could decline.

The research and reports that industry or securities analysts publish about us or our business will influence the market for our common stock. If one or more analysts who cover us issues an adverse opinion about us, our stock price would likely decline. If one or more of these analysts ceases research coverage of us or fails to regularly publish reports on us, we could lose visibility in the financial markets which, in turn, could cause our stock price or trading volume to decline. Further, if we fail to meet the market expectations of analysts who follow our stock, our stock price likely would decline.

Risks Related to Our Outstanding 2029 Notes

We may not have sufficient cash flow from our business to make payments on our significant debt when due, and we may incur additional indebtedness in the future.

In March 2024, we issued the 2029 Notes (see Note 3, Debt, of the notes to consolidated financial statements) in a private offering to qualified institutional buyers pursuant to Section 4(a)(2) under the Securities Act. We may be required to use a substantial portion of our cash flows from operations to pay interest and principal on our indebtedness. Our ability to make scheduled payments of the principal and to pay interest on or to refinance our indebtedness, including the 2029 Notes, depends on our future performance, which is subject to economic, financial, competitive and other factors beyond our control. Our ability to make scheduled payments of the principal and to pay interest on or to refinance our indebtedness, including the Convertible Notes, depends on our future performance, which is subject to economic, financial, competitive and other factors beyond our control. Our business may not continue to generate cash flow from operations in the future sufficient to service our debt and make necessary capital expenditures. If we are unable to generate such cash flow, we may be required to adopt one or more alternatives, such as selling assets, restructuring debt or obtaining additional equity capital on terms that may be onerous or highly dilutive. Our ability to refinance our indebtedness will depend on the capital markets and our financial condition at such time. We may not be able to engage in any of these activities or engage in these activities on desirable terms, which could result in a default on our debt obligations.

In addition, we may incur substantial additional debt in the future, subject to the restrictions contained in our credit agreement with Bank of America entered into in March 2023 (see Note 3, Debt, of the notes to consolidated financial statements) and any future debt agreements, some of which may be secured debt. We are not restricted under the terms of the Indenture governing the 2029 Notes, from incurring additional debt, securing existing or future debt, recapitalizing our debt, repurchasing our stock, pledging our assets, making investments, paying dividends, guaranteeing debt or taking a number of other actions that are not limited by the terms of the Indenture governing the 2029 Notes that could have the effect of diminishing our ability to make payments on the 2029 Notes when due. We are not restricted under the terms of the Indenture governing the Convertible Notes, from incurring additional debt, securing existing or future debt, recapitalizing our debt, repurchasing our stock, pledging our assets, making investments, paying dividends, guaranteeing debt or taking a number of other actions that are not limited by the terms of the Indenture governing the Convertible Notes that could have the effect of diminishing our ability to make payments on the Convertible Notes when due.

The conditional conversion feature of our 2029 Notes, if triggered, may adversely affect our financial condition and operating results.

In the event the conditional conversion feature of the 2029 Notes is triggered, holders of the 2029 Notes will be entitled to convert the notes at any time during specified periods at their option. If one or more holders elect to convert their 2029 Notes, unless we elect to satisfy our conversion obligation by delivering solely shares of our common stock (other than paying cash in lieu of delivering any fractional share), we would be required to settle a portion or all of our conversion obligation through the payment of cash, which could adversely affect our liquidity. If one or more holders elect to convert their Convertible Notes, unless we elect to satisfy our conversion obligation by delivering solely shares of our common stock (other than paying cash in lieu of delivering any fractional share), we would be required to settle a portion or all of our conversion obligation through the payment of cash, which could adversely affect our liquidity. In addition, even if holders do not elect to convert their 2029 Notes when these conversion triggers are satisfied, we could be required under applicable accounting rules to reclassify all or a portion of the outstanding principal of the 2029 Notes as a current rather than long-term liability, which would result in a material reduction of our net working capital. In addition, even if holders do not elect to convert their Convertible Notes when these conversion triggers are satisfied, we could be required under applicable accounting rules to reclassify all or a portion of the outstanding principal of the Convertible Notes as a current rather than long-term liability, which would result in a material reduction of our net working capital.

Our failure to comply with the covenants under our Indenture applicable to the 2029 Notes could trigger an event of default under the Indenture and result in the 2029 Notes being declared immediately due and payable.

The Indenture applicable to the 2029 Notes includes customary covenants and sets forth certain events of default after which the 2029 Notes may be declared immediately due and payable and sets forth certain types of bankruptcy or insolvency events of default involving us after which the 2029 Notes become automatically due and payable. Events of default under the Indenture include, but are not limited to, the following:

If, following the occurrence of an event of default 100% of the principal of, and accrued and unpaid interest on, the 2029 Notes, is declared immediately due and payable we may not have sufficient funds to pay or be able to obtain additional financing to make any accelerated payments.

Item 1B.

Unresolved Staff Comments

Not applicable.

ITEM 1C.

cybersecurity

Risk Management and Strategy

We have implemented comprehensive information security processes to identify, assess, and manage material risks from cybersecurity threats to our critical computer networks, third-party hosted services, communications systems, hardware, software, and critical data, including intellectual property and confidential information (“Information Systems and Data”). Our Information Technology (“IT”) team plays a key role in identifying, assessing, and managing cybersecurity threats to our Information Systems and Data, including potential system disruptions, shutdowns, or unauthorized disclosures due to cyber-attacks.

The IT team identifies and assesses cybersecurity threats and risks by monitoring and evaluating the Company’s threat environment and risk profile using various methods including, for example: analyzing reports of threats, evaluating threats reported to us, coordinating with law enforcement concerning threats, internal and external security audits, vulnerability scanning, manual and automated detection tools, and continuous network monitoring. We have implemented a range of technical, physical, and organizational controls designed to manage and mitigate material risks from cybersecurity threats to our Information Systems and Data, such as incident detection and response policies, vulnerability management policies, disaster recovery plans, antivirus programs, authentication protocols, encryption of certain data, data segregation, asset management, tracking, and disposal, network security measures, access controls, and change management processes. We also maintain an insurance policy covering network security liability, incident response, business interruption, cyber extortion, social engineering, and computer fraud.

Our approach to managing cybersecurity risks is integrated into our overall risk management strategy. The IT team conducts risk assessments as needed and mandates periodic cybersecurity training for all employees. Additionally, we engage third-party service providers, including legal counsel, threat intelligence experts, cybersecurity services providers, and cybersecurity consultants, to enhance our risk management efforts.

We use third-party service providers to perform a variety of functions throughout our business, such as software-as-a-service (SaaS) providers and web hosting companies. We employ a vendor management program to oversee the cybersecurity practices of our third-party service providers. This includes periodic user access reviews and evaluations of System and Organization Control (“SOC”) 1 reports from certain of our SaaS vendors, focusing on their data protection measures. Depending on the sensitivity of the data and the nature of the services provided, our vendor management process involves varying levels of risk assessment and contractual cybersecurity obligations.

For a description of the risks from cybersecurity threats that may materially affect the Company and how they may do so, see our risk factors under Part 1. Item 1A. Risk Factors in this Annual Report on Form 10-K, including “If our information technology systems, or those of the third parties with whom we work, or our data are or were compromised, we could experience adverse consequences resulting from such compromise, including but not limited to regulatory investigations or actions; litigation; fines and penalties; disruptions of our business operations; reputational harm; loss or revenue or profits; and other adverse consequences that could have a material adverse effect on our business, financial condition, results of operations and cash flows.”

Governance

Our board of directors (the “Board”) oversees our cybersecurity risk management as part of its general oversight responsibilities and specifically monitors our cybersecurity risk management processes and mitigation strategies.

Our Vice President of IT, who has more than 25 years of experience in the IT industry, periodically briefs the Board and our audit committee on cybersecurity matters and is responsible for integrating cybersecurity risk considerations into our overall risk management strategy. Our Vice President of IT is also responsible for approving budgets, helping prepare for cybersecurity incidents, approving cybersecurity processes, and reviewing security assessments and other security-related reports.

Our cybersecurity incident response and vulnerability management processes are designed to escalate significant cybersecurity incidents to senior management depending on the circumstances, including the chief executive officer and chief financial officer, who collaborate with the incident response team to mitigate and remediate such incidents. In the event of a significant cybersecurity incident the Board is also informed as part of our incident response plan.