Risk Factors Dashboard

Once a year, publicly traded companies issue a comprehensive report of their business, called a 10-K. A component mandated in the 10-K is the ‘Risk Factors’ section, where companies disclose any major potential risks that they may face. This dashboard highlights all major changes and additions in new 10K reports, allowing investors to quickly identify new potential risks and opportunities.

Risk Factors - CVLT

-New additions in green
-Changes in blue
-Hover to see similar sentence in last filing

Item 1A.Risk Factors
You should consider each of the following factors as well as the other information in this Annual Report in evaluating our business and our prospects. The risks and uncertainties described below are not the only ones we face. Additional risks and uncertainties not presently known to us or that we currently consider immaterial may also impair our business operations. If any of the following risks actually occur, our business and financial results could be harmed. In that case, the trading price of our common stock could decline. You should also refer to the other information set forth in this Annual Report, including our financial statements and the related notes.
Risks Related to Our Business

Our industry is intensely competitive, and many of our competitors have greater financial, technical and sales and marketing resources and larger installed customer bases, which could enable them to compete more effectively than we do.

The cyber resiliency market is intensely competitive, highly fragmented and characterized by rapidly changing technology and evolving standards, changing customer requirements and frequent new product introductions.The data protection and replication market is intensely competitive, highly fragmented and characterized by rapidly changing technology and evolving standards, changing customer requirements and frequent new product introductions. Competitors vary in size and in the scope and breadth of the products and services offered.
The principal competitive factors in our industry include product functionality and integration, platform coverage, ability to scale, price, worldwide sales infrastructure, global technical support, brand recognition and reputation. If we are unable to address these factors, our competitive position could weaken and we could experience a decline in revenues that could adversely affect our business.
It is also costly and time-consuming to change data management systems. Most of our new customers have installed data management systems, which gives an incumbent competitor an advantage in retaining a customer because the incumbent already understands the network infrastructure, user demands and information technology needs of the customer, and because some customers are reluctant to invest the time and money necessary to change vendors.
New competitors entering our markets can have a negative impact on our competitive positioning. In addition, we expect to encounter new competitors as we enter new markets. Furthermore, many of our existing competitors are broadening their operating systems platform coverage. We also expect increased competition from OEMs, including those we partner with, and from systems and network management companies, especially those that have historically focused on the mainframe computer market and have been making acquisitions and broadening their efforts to include data protection products. We expect that competition will increase as a result of future industry consolidation. Increased competition could harm our business by causing, among other things, price reductions of our products, reduced profitability and loss of market share.
We rely on indirect sales channels, such as value-added resellers, systems integrators, corporate resellers, distributors, OEMs, and marketplaces for the distribution of our solutions, and the failure of these channels to effectively sell our solutions could have a material adverse effect on our revenues and results of operations.We rely on indirect sales channels, such as value-added resellers, systems integrators, corporate resellers, distributors, and OEMs, for the distribution of our solutions, and the failure of these channels to effectively sell our solutions could have a material adverse effect on our revenues and results of operations.
We rely significantly on our value-added resellers, systems integrators and corporate resellers, which we collectively refer to as resellers, for the marketing and distribution of our products and services. Resellers are our most significant distribution channel. However, our agreements with resellers are generally not exclusive, are generally renewable annually, typically do not contain minimum sales requirements and in many cases may be terminated by either party without cause. Many of our resellers carry data protection solutions that compete with ours. These resellers may give a higher priority to other software or SaaS applications, including those of our competitors, or may not continue to carry data protection solutions. These resellers may give a higher priority to other software applications, including those of our competitors, or may not continue to carry data protection solutions. If a number of resellers were to discontinue or reduce the sales of our products, or were to promote our competitors’ products in lieu of our own, it could have a material adverse effect on our future revenues. Events or occurrences of this nature could seriously harm our sales and results of operations. If we fail to manage our resellers successfully, there may be conflicts between resellers or they could fail to perform as we anticipate, including required compliance with the terms and obligations of our agreement, either of which could reduce our sales or impact our reputation in the market. In addition, we expect that a portion of our sales growth will depend upon our ability to identify and attract new resellers. Our competitors also use reseller arrangements and may be more successful in attracting reseller partners and could enter into exclusive relationships with resellers that make it difficult to expand our reseller network. Any failure on our part to maintain and/or expand our network of resellers could impair our ability to grow revenues in the future.
10


Some of our resellers may, either independently or jointly with our competitors, develop and market solutions that compete with our offerings. If this were to occur, these resellers might discontinue marketing and distributing our solutions. In addition, these resellers would have an advantage over us when marketing their competing products and related services because of their existing customer relationships. The occurrence of any of these events could have a material adverse effect on our revenues and results of operations.
In addition, we have a non-exclusive distribution agreement with Arrow pursuant to which Arrow’s primary role is to enable a more efficient and effective distribution channel for our solutions by managing our resellers and leveraging their own industry experience. Arrow accounted for approximately 36% of our total revenues for fiscal 2024 and 37% of our total revenues in both fiscal 2023 and fiscal 2022. If Arrow were to discontinue or reduce the sales of our solutions or if our agreement with Arrow was terminated, and if we were unable to take back the management of our reseller channel or find another distributor to replace Arrow, there could be a material adverse effect on our future business.
Our OEMs sell and integrate our solutions which represents a material portion of our revenues. We have no control over the shipping dates or volumes of systems these OEMs sell and they have no obligation to sell systems incorporating our solutions. They also have no obligation to recommend or offer our solutions exclusively or at all. They have no minimum sales requirements and can terminate our relationship at any time. These OEMs also could choose to develop their own data protection solutions. Our OEM partners compete with one another. If one of our OEM partners views our arrangement with another OEM as competing, it may decide to stop doing business with us. Any material decrease in the volume of sales generated by OEMs could have a material adverse effect on our revenues and results of operations in future periods.
We also sell our solutions via marketplace offerings which enable customers to purchase our solutions through online platforms, typically hosted by a cloud provider. The marketplace allows us to publish an offer which an end user can then purchase directly, or through the assistance of a partner. Similar to our resellers and OEMs, marketplace providers have no obligation to sell or recommend our solutions or offer our solutions exclusively or at all. Sales through the marketplace have not been material to date; however, we anticipate an increase in revenue through this channel. Failure to effectively compete in the marketplace could have a material adverse effect on our revenues and results of operations in future periods.
If the cost for maintenance and support agreements, or our term-based subscription licenses and SaaS arrangements, with our customers is not competitive in the market or if our customers do not renew their agreements either at all, or on terms that are less favorable to us, our business and financial performance might be adversely impacted. If the cost for maintenance and support agreements, or our term-based subscription licenses, with our customers is not competitive in the market or if our customers do not renew their agreements either at all, or on terms that are less favorable to us, our business and financial performance might be adversely impacted.
Most of our support and maintenance agreements are for a one-year term and thereafter, we pursue renewal thereof. Historically, such renewals have represented a significant portion of our total revenue. If our customers do not renew their annual maintenance and support agreements either at all, or on terms that are less favorable to us, our business and financial performance might be adversely impacted.
Additionally, a significant amount of our revenues are from term-based software license and SaaS arrangements. The arrangements are typically one to three years in duration. If at the end of the initial term, customers elect to not renew, or they renew terms that are less favorable to us, our business and financial performance might be adversely impacted.
In periods of volatile economic conditions, our exposure to credit risk and payment delinquencies on our accounts receivable significantly increases.
Our outstanding accounts receivables are generally not secured. Our standard terms and conditions permit payment within a specified number of days following the receipt of our solution. Volatile economic conditions, including those related to the wars in Israel and Ukraine and the global response to the conflicts, the COVID-19 pandemic and its variants, or the financial instability of banking institutions could result in our customers and resellers facing liquidity concerns leading to them not being able to satisfy their payment obligations to us, which would have a material adverse effect on our financial condition, operating results and cash flows. Volatile economic conditions, including those related to the COVID-19 pandemic and its variants, the war in Ukraine and the global response, or the financial instability of banking institutions could result in our customers and resellers facing liquidity concerns leading to them not being able to satisfy their payment obligations to us, which would have a material adverse effect on our financial condition, operating results and cash flows.
In addition, we have transitioned a more significant percentage of our revenue to subscription, or term-based, arrangements. In these arrangements, our customers may pay for solutions over a period of several years. Due to the potential for extended period of collection, we may be exposed to more significant credit risk.
11


We develop solutions that interoperate with certain products, operating systems and hardware developed by others, and if the developers of those operating systems and hardware do not cooperate with us or we are unable to devote the necessary resources so that our solutions interoperate with those systems, our development efforts may be delayed or foreclosed and our business and results of operations may be adversely affected.
Our solutions operate primarily on the Windows, UNIX, Linux and Novell Netware operating systems; used in conjunction with Microsoft SQL; and on hardware devices of numerous manufacturers. When new or updated versions of these operating systems, solution applications, and hardware devices are introduced, it is often necessary for us to develop updated versions of our solution applications so that they interoperate properly with these systems and devices. We may not accomplish these development efforts quickly or cost-effectively, and it is not clear what the relative growth rates of these operating systems and hardware will be.

We encounter long sales and implementation cycles, particularly for our larger customers, which could have an adverse effect on the size, timing and predictability of our revenues.
Potential or existing customers, particularly larger enterprise customers, generally commit significant resources to an evaluation of available solutions and require us to expend substantial time, effort and money educating them as to the value of our solutions. Sales often require an extensive education and marketing effort.
We could expend significant funds and resources during a sales cycle and ultimately fail to win the customer. Our sales cycle for all of our products and services is subject to significant risks and delays over which we have little or no control, including:
our customers’ budgetary constraints;
the timing of our customers’ budget cycles and approval processes;
our customers’ willingness to replace their current solutions;
our need to educate potential customers about the uses and benefits of our solutions; and
the timing of the expiration of our customers’ current agreements for similar solutions.
If our sales cycles lengthen unexpectedly, they could adversely affect the timing of our revenues or increase costs, which may cause fluctuations in our quarterly revenues and results of operations. Finally, if we are unsuccessful in closing sales of our solutions after spending significant funds and management resources, our operating margins and results of operations could be adversely impacted, and the price of our common stock could decline.
We depend on growth in the data protection and cyber resiliency market, and lack of growth or contraction in this market could have a material adverse effect on our sales and financial condition.We depend on growth in the data protection solutions market, and lack of growth or contraction in this market could have a material adverse effect on our sales and financial condition.
Demand for data protection and cyber resilience solutions is linked to growth in the amount of data generated and stored, demand for data retention and management (whether as a result of regulatory requirements or otherwise) demand for and adoption of new backup devices and networking technologies, and ability to respond to and recover from data breaches in a secure environment. Because our solutions are concentrated within the data protection and cyber resiliency market, if the demand for backup and data protection solutions devices declines, our sales, profitability and financial condition would be materially adversely affected. Because our solutions are concentrated within the data protection market, if the demand for backup and data protection solutions devices declines, our sales, profitability and financial condition would be materially adversely affected.
Furthermore, the data protection and cyber resiliency market is dynamic and evolving. Our future financial performance will depend in large part on continued growth in the number of organizations adopting data protection and cyber resilience solutions for their environments. The market for data protection and cyber resilience solutions may not continue to grow at historic rates, or at all. The market for data protection solutions may not continue to grow at historic rates, or at all. If this market fails to grow or grows more slowly than we currently anticipate, our sales and profitability could be adversely affected.
Our SaaS offerings require costly and continual infrastructure investments and if these investments do not yield the expected return, our business and financial performance might be adversely impacted.Our as-a-service offerings require costly and continual infrastructure investments and if these investments do not yield the expected return, our business and financial performance might be adversely impacted.
In order to deliver our SaaS offerings via a cloud-based deployment, we have made and will continue to make capital investments and incur substantial costs to implement and maintain this business model.In order to deliver our as-a-service offerings via a cloud-based deployment, we have made and will continue to make capital investments and incur substantial costs to implement and maintain this alternative business model. In addition, as we look to deliver new or different cloud-based services, we are making significant technology investments to deliver new capabilities and advance our software to deliver cloud-native customer experiences. Our revenues
12


related to SaaS offerings have increased in recent years. If there is a reduction in demand for these services caused by a lack of customer acceptance, technological challenges, weakening economic or political conditions, security or privacy concerns, inability to properly manage such services, competing technologies and products, decreases in corporate spending or otherwise, our financial results and competitive position could suffer. If these offerings do not garner widespread market adoption, or there is a reduction in demand for these services caused by a lack of customer acceptance, technological challenges, weakening economic or political conditions, security or privacy concerns, inability to properly manage such services, competing technologies and products, decreases in corporate spending or otherwise, our financial results and competitive position could suffer. If these investments do not yield the expected return, or we are unable to decrease the cost of delivering our cloud services, our gross margins, overall financial results, business model and competitive position could suffer.
We rely on third-party hosting providers to deliver our SaaS offerings.We rely on third-party hosting providers to deliver our as-a-service offerings. Therefore, any disruption or interference with our use of these services could adversely affect our business.
Our use of third-party hosting facilities requires us to rely on the functionality and availability of the third parties’ services, as well as their data security, which despite our due diligence, may be or become inadequate. Our continued growth depends in part on the ability of our existing and potential customers to use and access our cloud services or our website to download our software within an acceptable amount of time. Third-party service providers operate platforms that we access, and we are vulnerable to their service interruptions. We may experience interruptions, delays, and outages in service and availability due to problems with our third-party service providers’ infrastructure. This infrastructure’s lack of availability could be due to many potential causes, including technical failures, power shortages, natural disasters, fraud, terrorism, or security attacks that we cannot predict or prevent. Such outages could trigger our service level agreements and the issuance of credits to our customers, which may impact our business and consolidated financial statements.
If we are unable to renew our agreements with our cloud service providers on commercially reasonable terms, an agreement is prematurely terminated, or we need to add new cloud services providers to increase capacity and uptime, we could experience interruptions, downtime, delays, and additional expenses related to transferring to and providing support for these new platforms. Any of the above circumstances or events may harm our reputation and brand, reduce our platforms’ availability or usage, and impair our ability to attract new users, any of which could adversely affect our business, financial condition, and results of operations.
We sell a backup appliance which integrates our solution with hardware. If we fail to accurately predict manufacturing requirements and manage our supply chain we could incur additional costs or experience manufacturing delays that could harm our business.
We generally provide forecasts of our requirements to our supply chain partners on a rolling basis. If our forecast exceeds our actual requirements, a supply chain partner may assess additional charges or we may incur costs for excess inventory they hold, each of which could negatively affect our gross margins. If our forecast is less than our actual requirements, the applicable supply chain partner may have insufficient time or components to produce or fulfill our solutions' requirements, which could delay or interrupt manufacturing of our products or fulfillment of orders for our solutions, and result in delays in shipments, customer dissatisfaction, and deferral or loss of revenue. If we fail to accurately predict our requirements, we may be unable to fulfill those orders or we may be required to record charges for excess inventory. Any of the foregoing could adversely affect our business, financial condition or results of operations.
Our complex solutions may contain undetected errors, which could adversely affect not only their performance but also our reputation and the acceptance of our solutions in the market.
Our complex solutions may contain undetected errors or failures, especially when they are made generally available or new versions are released. Despite extensive testing by us and customers, we have discovered errors in our solutions in the past and will do so in the future. As a result of past discovered errors, we experienced delays and lost revenues while we corrected those solutions. In addition, customers in the past have brought to our attention “bugs” in our software created by the customers’ unique operating environments, which are often characterized by a wide variety of both standard and non-standard configurations that make pre-release testing very difficult and time consuming. Although we have been able to fix these bugs in the past, we may not always be able to do so. Our solutions may also be subject to intentional attacks by viruses that seek to take advantage of these bugs, errors or other weaknesses. Any of these events may result in the loss of, or delay in, market acceptance of our solutions or damage to our reputation, which would seriously harm our sales, results of operations and financial condition.
Incorrect or improper implementation or use of our data security solutions could result in customer dissatisfaction and harm our business, financial condition, and results of operations.
13


Our products are deployed by our customers and partners in a wide variety of IT infrastructures, including large-scale, complex technology environments, and we believe our future success will depend, at least in part, on our ability to support such deployments. Implementations of our products may be technically complicated, and it may not be easy to maximize the value of our products without proper implementation, training, and support. Some of our customers have experienced difficulties implementing our products in the past and may experience implementation difficulties in the future. If our customers and partners are unable to implement our products successfully, perceptions of our products may be impaired, our reputation and brand may suffer, or customers may choose not to renew their subscriptions or purchase additional products from us.
Any failure by customers or partners to appropriately implement our products could result in customer dissatisfaction, impact the perceived reliability of our products, result in negative press coverage, negatively affect our reputation, and harm our business, financial condition, and results of operations.
We may not receive significant revenues from our current research and development efforts for several years, if at all.
Developing software and technology is expensive, and the investment in product development may involve a long payback cycle.Developing software is expensive, and the investment in product development may involve a long payback cycle. Our research and development expenses were $132.3 million, or 16% of our total revenues in fiscal 2024, $141.8 million, or 18% of our total revenues in fiscal 2023 and $153.6 million, or 20% of our total revenues in fiscal 2022. We believe that we must continue to dedicate a significant amount of resources to our research and development efforts to maintain our competitive position. However, we may not recognize significant revenues from these investments for several years, if at all.
Our ability to sell our solutions is highly dependent on the quality of our customer support and professional services, and failure to offer high quality customer support and professional services would have a material adverse effect on our sales and results of operations.
Our services include the assessment and design of solutions to meet our customers’ storage management requirements and the efficient installation and deployment of our software applications based on specified business objectives. Further, once our software applications are deployed, our customers depend on us to resolve issues relating to our software applications. A high level of service is critical for the successful marketing and sale of our software. If we or our partners do not effectively install or deploy our applications, or succeed in helping our customers quickly resolve post-deployment issues, it would adversely affect our ability to sell software products to existing customers and could harm our reputation with prospective customers. As a result, our failure to maintain high quality support and professional services would have a material adverse effect on our sales of software applications and results of operations.
We implemented a restructuring plan in fiscal 2024, which we cannot guarantee will achieve its intended results.We implemented a restructuring program in fiscal 2022, which we cannot guarantee will achieve its intended result.
In fiscal 2024, we initiated a restructuring plan to enhance customer satisfaction, optimize operational efficiency, and align our customer experience functions with our strategic goals.In fiscal 2022, we initiated a restructuring plan to increase efficiency in our sales, marketing and distribution functions while reducing costs across all functional areas. We cannot guarantee the restructuring plan will achieve its intended results. We cannot guarantee the restructuring program will achieve its intended result. Risks associated with this restructuring plan also include additional unexpected costs, adverse effects on employee morale and the failure to meet operation and growth targets due to the loss of key employees, any of which may impair our ability to achieve anticipated results of operations or otherwise harm our business. Risks associated with this restructuring program also include additional unexpected costs, adverse effects on employee morale and the failure to meet operational and growth targets due to the loss of key employees, any of which may impair our ability to achieve anticipated results of operations or otherwise harm our business.
We are subject to several local, state, federal and foreign laws and regulations regarding privacy and data protection, and any actual or perceived failure by us to comply with such laws and regulations could adversely affect our business. We are subject to several local, state, federal and foreign laws and regulations regarding privacy and data protection, and any actual or perceived failure by us to comply with such laws and regulations could adversely affect our business.
We are currently subject, and may become further subject, to local, state, federal and foreign laws and regulations regarding the privacy and protection of personal data or other potentially sensitive information. In the United States, federal, state, and local governments have enacted numerous data privacy security laws, including data breach notification laws, data privacy laws, consumer protection laws, and other similar laws. For example, the California Consumer Privacy Act of 2018, as amended by the California Privacy Rights Act of 2020 (collectively, the "CCPA"), imposes obligations on certain businesses to provide specific disclosures in privacy notices and grants California residents certain rights related to their personal data. The CCPA imposes statutory fines for noncompliance (up to $7,500 per violation). Other states have enacted or proposed similar laws. These developments may increase legal risk and compliance costs for us and our customers.

14


Outside the United States, an increasing number of laws, regulations, and industry standards govern data privacy and security. For example, the European Union’s ("E.U.") General Data Protection Regulation ("E.U. GDPR"), and the United Kingdom’s ("U.K.") GDPR ("U.K. GDPR"), impose strict requirements for processing the personal data of individuals. Violations of these obligations carry significant potential consequences. For example, under the E.U. GDPR, government regulators may impose temporary or definitive bans on processing, as well as fines of up to €20 million or 4% of the annual global revenue, whichever is greater. Additionally, new and emerging data privacy regimes may be applicable in Asia, including India's Digital Personal Data Protection Act, China's Personal Information Protection Law, Japan's Act on the Protection of Personal Information, and Singapore's Personal Data Protection Act. Additionally, new and emerging data privacy regimes may be applicable in Asia, including China's Personal Information Protection Law, Japan's Act on the Protection of Personal Information, and Singapore's Personal Data Protection Act.

In addition, as a technology provider, our customers expect us to demonstrate compliance with current data privacy laws and further make contractual commitments and implement processes to enable the customer to comply with their own obligations under data privacy laws, and our actual or perceived inability to do so may adversely impact sales of our products and services, particularly to customers in highly regulated industries.

Our actual or perceived failure to comply with laws, regulations, contractual commitments, or other actual or asserted obligations, including certain industry standards, regarding personal information, or other confidential information of individuals could lead to costly legal action, brand and reputational damage, significant liability, inability to process data, and decreased demand for our services, which could adversely affect our business. In addition, any security breach that results in the release of, or unauthorized access to, personal information, or other confidential information of individuals could subject us to incident response, notice and remediation costs. Failure to safeguard data adequately or to destroy data securely could subject us to regulatory investigations or enforcement actions under applicable data security, unfair practices or consumer protection laws which could have an adverse effect on our business, financial condition or operating results. The scope and interpretation of these laws could change and the associated burdens and our compliance costs could increase in the future.
A portion of our revenue is generated by sales to government entities, which are subject to a number of challenges and risks. A portion of our revenue is generated by sales to government entities, which are subject to a number of challenges and risks.
Sales to global federal, state, and local governmental agencies account for a portion of our revenue, and we may in the future increase sales to government entities. This customer base experiences budgetary constraints or shifts in spending priorities regularly which may adversely affect sales of our solutions to government entities.
Selling to government entities can be highly competitive, expensive and time consuming, often requiring significant upfront time and expense without any assurance that we will successfully sell our solutions. Government entities may require contract terms that differ from our standard terms and conditions including termination rights favorable for the customer, audit rights, and maintenance of certain security clearances for facilities and employees which can entail administrative time and effort resulting in costs and delays. Government demand for our solutions may be more volatile as they are affected by stringent regulations, public sector budgetary cycles, funding authorizations, and the potential for funding reductions or delays, making the time to close such transactions more difficult to predict.
Changes in senior management or key personnel could cause disruption in the Company and have a material effect on our business.
We have had, and could have, changes in senior management which could be disruptive to management and operations of the Company and could have a material effect on our business, operating results and financial conditions. Turnover at the senior management level may create instability within the Company, which could impede the Company’s day-to-day operations. Such instability could impede our ability to fully implement our business plan and growth strategy, which would harm our business and prospects.
We rely on our key personnel to execute our existing business operations and identify and pursue new growth opportunities. The loss of key employees could result in significant disruptions to our business, and the integration and training of replacement personnel could be costly, time consuming, cause additional disruptions to our business and be unsuccessful.
We have engaged, and may continue to engage, in strategic acquisitions or transactions, which could have a material adverse effect on our business, results of operations, financial condition and cash flows.

15


Acquisitions involve a number of risks, including diversion of management’s attention, ability to finance the acquisition on attractive terms, failure to retain key personnel or valuable customers, legal liabilities, the need to amortize acquired intangible assets, and intellectual property ownership and infringement risks, any of which could have a material adverse effect on our business, results of operations, financial condition and cash flows. Any additional future acquisitions may also result in the incurrence of indebtedness or the issuance of additional equity securities.

We could also experience financial or other setbacks if transactions encounter unanticipated problems, including problems related to governmental approval, execution, integration or underperformance relative to prior expectations. Acquisitions may not result in long-term benefits to us or we may not be able to further develop the acquired business in the manner we anticipated.

Following the completion of acquisitions, we may have to rely on the seller to provide administrative and other support, including financial reporting and internal controls, and other transition services to the acquired business for a period of time. There can be no assurance that the seller will do so in a manner that is acceptable to us.

Actual or threatened public health crises could adversely affect our business in a material way.
As a global company, with employees and customers located around the world in a variety of industries, our performance may be impacted by public health crises, including the COVID-19 pandemic and its variants, which has caused global economic uncertainty. The emergence of a public health threat could pose the risk that our employees, partners, and customers may be prevented from conducting business activities at full capacity for an indefinite period, due to the spread of the disease or suggested or mandated by governmental authorities. Moreover, these conditions can affect the rate of information technology spending and may adversely affect our customers’ willingness to purchase our solutions, delay prospective customers’ purchasing decisions, reduce the value or duration of their contracts, cause our customers to request concessions including extended payment terms or better pricing, or affect attrition rates, all of which could adversely affect our future sales and operating results. The global spread of COVID-19 has created significant uncertainty, and economic disruption. We have undertaken measures to protect our employees, partners, and customers, including allowing our employees to work remotely; however, there can be no assurance that these measures will be sufficient or that we can implement them without adversely affecting our business operations.
Borrowing against our revolving credit facility could adversely affect our operations and financial results.
We have a $100 million revolving credit facility. As of March 31, 2024, there were no borrowings under the credit facility. If we were to borrow substantially against this facility the indebtedness could have adverse consequences, including:
requiring us to devote a portion of our cash flow from operations to payments of indebtedness, which would reduce the availability of cash flow to fund working capital requirements, capital expenditures and other general purposes;
limiting our flexibility in planning for, or reacting to, general adverse economic conditions or changes in our business and the industry in which we operate in;
placing us at a competitive disadvantage compared to our competitors that have less debt; and
limiting our ability to fund potential acquisitions.
The credit facility also contains financial maintenance covenants, including a leverage ratio and interest coverage ratio, and customary events of defaults. Failure to comply with these covenants could result in an event of default, which, if not cured or waived, could accelerate our repayment obligations. For further discussion on our revolving credit facility, see Note 16 of the notes to the consolidated financial statements.
16


Risks Related to our International Operations
If we are unable to effectively manage certain risks and challenges related to our India operations, our business could be harmed.
Our India operations are a key factor to our success. We believe that our significant presence in India provides certain important advantages for our business, such as direct access to a large pool of skilled professionals and assistance in growing our business internationally. However, it also creates certain risks that we must effectively manage. As of March 31, 2024, we had 1,037 employees located in India. As of March 31, 2023, we had approximately 850 employees located in India. Wage costs differentiate depending on regions throughout the world. Wages in India are increasing at a faster rate than in the many other countries, including the United States. These increases could result in us incurring increased costs for technical professionals and reduced margins. There is intense competition in India for skilled technical professionals, and we expect such competition to increase. As a result, we may be unable to cost-effectively retain our current employee base in India or hire additional new talent. In addition, India has experienced significant inflation, low growth in gross domestic product and shortages of foreign exchange. India also has experienced civil unrest and has been involved in conflicts with neighboring countries. The occurrence of any of these circumstances could result in disruptions to our India operations, which, if continued for an extended period of time, could have a material adverse effect on our business.
In recent years, India’s government has adopted policies that are designed to promote foreign investment, including significant tax incentives, relaxation of regulatory restrictions, liberalized import and export duties and preferential rules on foreign investment and repatriations. These policies may not continue. If we are unable to effectively manage any of the foregoing risks related to our India operations, our development efforts could be impaired, our growth could be slowed and our results of operations could be negatively impacted.
Volatility in the global economy could adversely impact our continued growth, results of operations and our ability to forecast future business.
As a global company, we have become increasingly subject to the risks arising from adverse changes in domestic and global economic and political conditions. Uncertainty in the macroeconomic environment and associated global economic conditions have resulted in volatility in credit, equity, debt and foreign currency markets.
These global economic conditions can result in slower economic activity, decreased consumer confidence, reduced corporate profits and capital spending, inflation, adverse business conditions and liquidity concerns. There has also been increased volatility in foreign exchange markets. These factors make it difficult for our customers, our vendors and us to accurately forecast and plan future business activities. These factors could cause customers to slow or defer spending on our solutions, which would delay and lengthen sales cycles and negatively affect our results of operations. If such conditions deteriorate or if the pace of economic recovery is slower or more uneven, our results of operations could be adversely affected, we may not be able to sustain the growth rates we have experienced recently, and we could fail to meet the expectations of stock analysts and investors, which could cause the price of our common stock to decline.
We continue to invest in our business internationally where there may be significant risks with overseas investments and growth prospects. Increased volatility or declines in the credit, equity, debt and foreign currency markets in these regions could cause delays in or cancellations of orders. Deterioration of economic conditions in the countries in which we do business could also cause slower or impaired collections on accounts receivable.
We may experience fluctuations in foreign currency exchange rates that could adversely impact our results of operations.
Our international sales are generally denominated in foreign currencies, and this revenue could be materially affected by currency fluctuations. Our primary exposure is to fluctuations in exchange rates for the U.S. dollar versus the Euro and, to a lesser extent, the Australian dollar, British pound sterling, Canadian dollar, Chinese yuan, Indian rupee, Korean won and Singapore dollar. Changes in currency exchange rates could adversely affect our reported revenues and could require us to reduce our prices to remain competitive in foreign markets, which could also have a material adverse effect on our results of operations. An unfavorable change in the exchange rate of foreign currencies against the U.S. dollar would result in lower revenues when translated into U.S. dollars, although operating expenditures would be lower as well.
In recent fiscal years, we have selectively hedged our exposure to changes in foreign currency exchange rates on the balance sheet. In the future, we may enter into additional foreign currency-based hedging contracts to
17


reduce our exposure to significant fluctuations in currency exchange rates on the balance sheet, although there can be no assurances that we will do so. However, as our international operations grow, or if dramatic fluctuations in foreign currency exchange rates continue or increase or if our hedging strategies become ineffective, the effect of changes in the foreign currency exchange rates could become material to revenue, operating expenses, and income.
Our international sales and operations are subject to factors that could have an adverse effect on our results of operations.
We have significant sales and services operations outside the United States and derive a substantial portion of our revenues from these operations. We generated approximately 48% and 47% of our revenues from outside the United States in fiscal 2024 and fiscal 2023, respectively. International revenue increased 9% in fiscal 2024 compared to fiscal 2023. Expansion of our international operations will require a significant amount of attention from our management and substantial financial resources and might require us to add qualified management in these markets.
In addition to facing risks similar to the risks faced by our domestic operations, our international operations are also subject to risks related to the differing legal, political, social and regulatory requirements and economic conditions of many countries, including:
adverse effects in economic conditions in the countries in which we operate related specifically to the wars in Israel and Ukraine, the COVID-19 pandemic and the governmental regulations put in place as a result of the virus, and the financial instability of banking institutions;
difficulties in staffing and managing our international operations;
foreign countries may impose additional withholding taxes or otherwise tax our foreign income, impose tariffs or adopt other restrictions on foreign trade or investment, including currency exchange controls;
difficulties in coordinating the activities of our geographically dispersed and culturally diverse operations;
general economic conditions in the countries in which we operate, including seasonal reductions in business activity in the summer months in Europe and in other periods in other countries, could have an adverse effect on our earnings from operations in those countries;
imposition of, or unexpected adverse changes in, foreign laws or regulatory requirements may occur, including those pertaining to sanctions, export restrictions, privacy and data protection, trade and employment restrictions and intellectual property protections;
longer payment cycles for sales in foreign countries and difficulties in collecting accounts receivable;
competition from local suppliers;
greater risk of a failure of our employees and partners to comply with both U.S. and foreign laws, including antitrust regulations, the U.S. Foreign Corrupt Practices Act, the U.K. Bribery Act of 2010, and any trade regulations ensuring fair trade practices;
costs and delays associated with developing solutions in multiple languages; and
political unrest, war or acts of terrorism.
Our business in emerging markets requires us to respond to rapid changes in market conditions in those markets. Our overall success in international markets depends, in part, upon our ability to succeed in differing legal, regulatory, economic, social and political conditions. We may not continue to succeed in developing and implementing policies and strategies that will be effective in each location where we do business. The occurrence of any of the foregoing factors may have a material adverse effect on our business and results of operations.
18


Risks Related to Technology and Security
We may be subject to IT system failures, network disruptions, cybersecurity incidents and breaches in data security.
IT system failures, network disruptions, cybersecurity incidents and breaches of data security could disrupt our operations by causing delays or cancellation of customer orders, impeding the delivery of our solutions, negatively affecting customer support or professional services, preventing the processing of transactions and reporting of financial results, and disturbing our enterprise resource planning system.IT system failures, network disruptions and breaches of data security could disrupt our operations by causing delays or cancellation of customer orders, impeding the delivery of our solutions, negatively affecting customer support or professional services, preventing the processing of transactions and reporting of financial results, and disturbing our enterprise resource planning system. IT system failures, network disruptions, cybersecurity incidents and breaches of data security could also result in the unintentional disclosure of customer or our information as well as damage our reputation. IT system failures, network disruptions and breaches of data security could also result in the unintentional disclosure of customer or our information as well as damage our reputation. There can be no assurance that a system failure, network disruption, cybersecurity incident or data security breach will not have a material adverse effect on our financial condition and operating results. There can be no assurance that a system failure, network disruption or data security breach will not have a material adverse effect on our financial condition and operating results. Cybersecurity breaches or incidents and other exploited security vulnerabilities could subject us to significant costs and third-party liabilities, result in improper disclosure of data and violations of applicable privacy and other laws, require us to change our business practices, cause us to incur significant remediation costs, lead to loss of customer confidence in, or decreased use of our products and services, damage our reputation, divert the attention of management from the operation of our business, result in significant compensation or contractual penalties from us to our customers and their business partners as a result of losses to or claims by them, or expose us to litigation, regulatory investigations, and significant fines and penalties. Cybersecurity breaches and other exploited security vulnerabilities could subject us to significant costs and third-party liabilities, result in improper disclosure of data and violations of applicable privacy and other laws, require us to change our business practices, cause us to incur significant remediation costs, lead to loss of customer confidence in, or decreased use of our products and services, damage our reputation, divert the attention of management from the operation of our business, result in significant compensation or contractual penalties from us to our customers and their business partners as a result of losses to or claims by them, or expose us to litigation, regulatory investigations, and significant fines and penalties.
Bad actors regularly attempt to gain unauthorized access to our IT systems, and many such attempts are increasingly sophisticated. These attempts, which might be related to industrial, corporate or other espionage, criminal hackers or state-sponsored intrusions, include trying to covertly introduce malware or ransomware to our environments and impersonating authorized users.
Third-party service providers that we may rely on to back up and process our confidential information may also be subject to similar threats. Such threats could result in the misappropriation, theft, misuse, disclosure, loss or destruction of the technology, intellectual property, or the proprietary, confidential or personal information, of us or our employees, customers, licensees, suppliers or partners, as well as damage to or disruptions in our IT systems. These threats are constantly evolving, increasing the difficulty of successfully defending against them or implementing adequate preventative measures. We seek to detect and investigate all cybersecurity incidents and to prevent their recurrence, but attempts to gain unauthorized access to our IT systems or other attacks may be successful, and in some cases, we might be unaware of an incident or its magnitude and effects. We seek to detect and investigate all security incidents and to prevent their recurrence, but attempts to gain unauthorized access to our IT systems or other attacks may be successful, and in some cases, we might be unaware of an incident or its magnitude and effects.
In addition, any failure to successfully implement new information systems and technologies, or improvements or upgrades to existing information systems and technologies in a timely manner could adversely impact our business, internal controls, results of operations, and financial condition.
We may not be successful in our initiatives that utilize AI, which could adversely affect our business, reputation, or financial results.
There are significant risks involved in utilizing AI and no assurance can be provided that such usage will enhance our business or assist our business in being more efficient or profitable. Known risks currently include accuracy, bias, toxicity, intellectual property infringement or misappropriation, data privacy, and cybersecurity and data provenance. In addition, AI may have errors or inadequacies that are not easily detectable. For example, certain AI may utilize historical data in its analytics. To the extent that such historical data is not indicative of the current or future conditions, or models fail to filter biases in the underlying data or collection methods, such AI usage may lead us to make determinations on behalf of our business, recommendations to our clients, or developments to our products and services, in each case, that may have an adverse effect on our business and financial results. If AI models are incorrectly designed or the data used to train them is overbroad, incomplete, inadequate or biased in some way, our use may inadvertently reduce our efficiency or cause unintentional or unexpected outputs that are incorrect, do not match our business goals, do not comply with our policies or interfere with the performance of our products and services, business and reputation.
AI is a complex and rapidly evolving regulatory landscape. The use of AI may increase intellectual property, cybersecurity and data protection, operational and technological risks, and our related efforts may result in new or enhanced governmental or regulatory scrutiny, litigation, ethical concerns, or other complications that could adversely affect our business, reputation, or financial results or subject us to legal liability. In particular, technologies underlying AI and their use cases are subject to a variety of laws, including intellectual property, cybersecurity and data protection, consumer protection and equal opportunity laws. If we do not have sufficient rights to use the data on which these models rely, we may incur liability through the violation of such laws, third-party privacy or other
19


rights or contracts to which we are a party. Changes in laws, rules, directives and regulations may adversely affect the ability of our business to develop and use AI.
We may also market our own products as containing AI features. Some of our customers, especially those in highly regulated industries, may be reluctant or unwilling to adopt such AI features which could reduce or delay customer adoption.
Any of these factors could adversely affect our business, reputation, or financial results or subject us to legal liability.
If we fail to adapt and respond effectively to rapidly changing technology, evolving industry standards, changing regulations, or to changing customer needs, requirements, or preferences, our products may become less competitive.
Our ability to attract new users and customers and increase revenue from existing customers depends in large part on our ability to enhance, improve, and differentiate our products, increase adoption and usage of our products, and introduce new products and capabilities. The market in which we compete is subject to rapid technological change, evolving industry standards, and changing regulations, as well as changing customer needs, requirements, and preferences. The success of our business will depend, in part, on our ability to adapt and respond effectively to these changes on a timely basis. If we are unable to enhance our products and keep pace with rapid technological change, or if new technologies emerge that are able to deliver competitive products at lower prices, more efficiently, more conveniently, or more securely than our products, our business, financial condition, and results of operations could be adversely affected.
Risks Related to Legal Matters
We have been, and may in the future become, involved in litigation that may have a material adverse effect on our business.
From time to time, we may become involved in various other legal proceedings relating to matters incidental to the ordinary course of our business, including intellectual property, commercial, product liability, employment, class action, whistleblower and other litigation and claims, and governmental and other regulatory investigations and proceedings. Such matters can be time-consuming, divert management’s attention and resources and cause us to incur significant expenses. Furthermore, because litigation is inherently uncertain, there can be no assurance that the results of any of these actions will not have a material adverse effect on our business, results of operations or financial condition.