Risk Factors Dashboard
Once a year, publicly traded companies issue a comprehensive report of their business, called a 10-K. A component mandated in the 10-K is the ‘Risk Factors’ section, where companies disclose any major potential risks that they may face. This dashboard highlights all major changes and additions in new 10K reports, allowing investors to quickly identify new potential risks and opportunities.
View risk factors by ticker
Search filings by term
Risk Factors - HHS
-New additions in green
-Changes in blue
-Hover to see similar sentence in last filing
ITEM 1A. RISK FACTORS
We have implemented robust processes to assess, identify, and manage cybersecurity risks, including potentially material risks, related to our internal information systems and our products. Our Board of Directors, our internal Risk Steering Committee, in conjunction with our Chief Security Officer ("CSO"), have direct oversight of our management of cybersecurity risks.
across the industry. The CSO and RSC review the results of the enterprise risk assessment in detail with management on a regular basis and reports its findings, as needed, to the Board of Directors. The CSO and RSC reviews the results of the enterprise risk assessment in detail with management on a regular basis and reports its findings, as needed, to the Board of Directors. Our CSO , reporting to our President, and in conjunction with our IT Department, has principal responsibility for assessing and managing cybersecurity risks and threats, implementing the systems necessary to address such risks and threats and preparing updates for the Board of Directors. Our CSO has 3 decades of information technology and cybersecurity experience with the last 8 years leading the cybersecurity activities at Harte Hanks, as well as participating in numerous cyber readiness exercises with U.S. Government agencies, and has specialized training in cybersecurity risk management, cloud security and holds a CISSP certification offered by ISC2 and CRISC certification from ISACA. Our CSO is also responsible for the operation of our cybersecurity program, and management of our cybersecurity incident response team.As mentioned above, in response to the increasing threats presented by cyber incidents, in 2020 we established the RSC, which meets regularly. This committee is comprised of our Chief Security Officer, our President, our Head of Human Resources, each Director of Operations of each of our business units, and our Chief Financial Officer, as well as other key leaders. This committee is comprised of our Chief Technology Officer, our General Counsel / Privacy Officer, our Head of Human Resources, each Director of Operations of each of our business units, our Chief Financial Officer and our Chief Executive Officer, as well as other key leaders. The RSC (in conjunction with the CSO), oversees activities related to monitoring, prevention, detection, mitigation and remediation of cybersecurity risks. The RSC (in conjunction with the CSO), oversees activities related to the monitoring, prevention, detection, mitigation and remediation of cybersecurity risks. The RSC, along with our CSO, develops and implements cybersecurity risk mitigation strategies and activities throughout the year, including the management of comprehensive incident response plans, oversees the cybersecurity risks posed by third-party vendors, and receives regular updates on cybersecurity-related matters. 
This section discusses the most significant factors that could affect our business, results of operations and financial condition, including the price of our common stock. You should carefully consider the following risks, which represent the material risk factors that affect the Company and are known to the Company at this time, as well as the other information contained in this Annual Report on Form 10-K in evaluating our company and our common stock. You should carefully consider the following risks, which represent the material risk factors that affect the Company and are known to the Company at this time, as well as the other information contained in this Annual Report on Form 10-K in evaluating our company and our common stock. The risks described below are not the only ones we face. Additional risks not presently known to us or that we currently deem immaterial may also adversely affect our business, results of operations, or financial condition.
We have grouped these risk factors into three categories:
•Risks related to our business and how we operate;
•Risks related to cybersecurity and technology;
•Risks related to our capital structure and common stock.
Risks Related to our Business and How we Operate
Most of our client engagements are cancellable on short notice.
The services we offer, in particular for contact center services, are generally terminable upon short notice by our clients, even if the term of the agreement (and the expected duration of services) is several or many years.The marketing services we offer, in particular for contact center services, are generally terminable upon short notice by our clients, even if the term of the agreement (and the expected duration of services) is several or many years. Many of our customer agreements do not have minimum volume, revenue requirements or exclusivity arrangements, so clients may (and do) vary their actual orders from us over time based on their own business needs, their satisfaction with the quality and pricing of our services, and a variety of other competitive factors. In addition, the timing of particular jobs or types of jobs at particular times of year (such as mail programs supporting the holiday shopping season or contact center programs supporting a specific event) may cause significant fluctuations in the operating results of our operations in any given quarter.
10
A large portion of our revenue is generated from a limited number of clients. The loss of a client or significant work from one or more of our clients has adversely affected our business and could in the future adversely affect our business. The loss of a client or significant work from one or more of our clients could adversely affect our business.
Our largest client (measured in revenue) generated 10.5% of total revenues in 2025 and represented 12.3% of total accounts receivable as of December 31, 2025. Approximately 68.3% of our revenue for 2025 was generated by our 25 largest clients. While we typically have multiple projects with our largest customers which would not all terminate at the same time, the loss of one or more of our larger clients or even a single project or contract with one of our largest clients could adversely affect our business, results of operations, and financial condition if the lost revenues are not replaced with profitable revenues from that client or other clients.
Our industry is subject to intense competition and dynamic changes in business model, which in turn could cause our operations to suffer.10Table of ContentsOur industry is subject to intense competition and dynamic changes in business model, which in turn could cause our operations to suffer.
The B2B services industry is highly competitive, highly fragmented, and subject to rapid change. We believe the principal competitive factors in this market are breadth, depth, and quality of service offerings, ability to tailor specific solutions to the needs of clients and their customers, the ability to attract, train, and retain qualified staff, cybersecurity infrastructure, compliance rigor, global delivery capabilities, pricing, and marketing and sales capabilities. We compete for business with a variety of companies, as well as in-house operations of existing and potential clients. We compete for business with a variety of companies, as well as in-house operations of existing and potential clients. If our clients place more focus on in-house marketing or utilize new or emerging technologies to internalize these operations, the size of the market for third-party service providers like us could decrease significantly. Similarly, if competitors offer their services at lower prices to gain market share or provide services that gain greater market acceptance than the services we offer or develop, the demand for our services may decline.
Specialized providers or new entrants can enter our markets by developing new systems or services that could impact our business. The opportunity for new entrants in our industry may expand as digital engagement and offerings increase in importance, and barriers to entry remain low. The opportunity for new entrants in our industry may expand as digital engagement and offerings increase in importance. New competitors, new strategies by existing competitors or clients, and consolidation among clients or competitors could result in significant market share gains by our competitors, which could have an adverse effect on our revenue.
Some emerging technologies, such as AI, Robotic Process Automation, Machine Learning, Voice of the Customer, Interactive Voice Response, and Internet of Things, may cause an adverse shift in the way certain of our existing business operations are conducted, including by replacing human contacts with automated or self-service options, or by decreasing the size of the available market. We also expect our competitors to continue to improve their technology infrastructure, including with the use of AI and machine learning solutions, to interact with clients and prospects, automate their services, process and analyze large amounts of data and grow their customer base. Our ability to innovate our own technology infrastructure and appropriately grow our CX solutions offerings using these tools (and predicting the next generation of such tools) will affect our ability to compete. We may be unsuccessful at anticipating or responding to new developments on a timely and cost-effective basis, and our use of technology may differ from accepted practices in the marketplace. Certain of our solutions may require lengthy and complex implementations that can be subject to changing client preferences and continuing changes in technology, which can increase costs or adversely affect our business.
Current and future competitors may have significantly greater financial and other resources than we do, and they may sell competing services at lower prices or at lower profit margins, resulting in pressures on our prices and margins.
The size of our competitors varies widely across vertical markets and service lines. Some of our competitors have significantly greater financial, technical, marketing, and other resources than we do in one or all of our market segments. As a result, our competitors may be in a position to respond more quickly than we can to new or emerging technologies, methodologies, and changes in customer requirements, or may devote greater resources than we can to the development, promotion, sale, and support of innovative products and services. Moreover, new competitors or alliances among our competitors may emerge and potentially reduce our market share, revenue, or margins. Some of our competitors also may choose to sell products or services that compete with ours at lower prices by accepting lower margins and profits or may be able to sell products or services that compete with ours at lower prices given proprietary ownership of data, technical superiority, a broader or deeper product or experience set, greater capital resources or economies of scale. Price reductions or pricing pressure by our competitors could negatively impact our margins and results of operations and could also harm our ability to retain clients or obtain new customers on favorable terms. Competitive pricing pressures tend to increase in difficult or uncertain economic environments, due to the reduced marketing expenditures of many of our clients and
11
prospects, and in turn negatively impact the competitive business environment for marketing service providers such as our company.
We must maintain technological competitiveness, continually improve our processes, and develop and introduce new services in a timely and cost-effective manner.
We believe that our success depends on, among other things, maintaining technological competitiveness in our products, processing functionality, and software systems and services. We believe that our success depends on, among other things, maintaining technological competitiveness in our products, processing functionality, and software systems and services. Technology changes rapidly as makers of computer hardware, network systems, programming tools, computer and data architectures, operating systems, database technology, and mobile devices continually improve their offerings. Advances in information technology may result in changing client preferences for products and product delivery channels in our industry. The increasingly sophisticated requirements of our clients require us to continually improve our processes and provide new products and services in a timely and cost-effective manner (whether through development, license, or acquisition). We may be unable to successfully identify, develop, and bring new and enhanced services and products to market in a timely and cost-effective manner, such services and products may not be commercially successful, and services, products, and technologies developed by others may render our services and products noncompetitive or obsolete. We may be unable to successfully identify, develop, and 11Table of Contentsbring new and enhanced services and products to market in a timely and cost-effective manner, such services and products may not be commercially successful, and services, products, and technologies developed by others may render our services and products noncompetitive or obsolete.
Our success depends on our ability to consistently and effectively deliver our services to our clients.
Our success depends on our ability to effectively and consistently staff and execute client engagements within the agreed upon time frame and budget. Depending on the needs of our clients, our engagements may require customization, integration, and coordination of a number of complex product and service offerings and execution across many facilities. Moreover, in some of our engagements, we rely on subcontractors and other third parties to provide some of the services to our clients, and we cannot guarantee that these third parties will effectively deliver their services, that we will be able to easily suspend work with contractors that are not performing adequately, or that we will have adequate recourse against these third parties in the event they fail to effectively deliver their services as we are generally responsible for the work of these sub-contractors. Other contingencies and events outside of our control may also impact our ability to provide our products and services, such as pandemics or other national or global health crisis or severe weather events that could disrupt our delivery networks. Our failure to effectively and timely staff, coordinate, and execute our client engagements may adversely impact existing client relationships, the amount or timing of payments from our clients and our reputation in the marketplace as well as our ability to secure additional business and our resulting financial performance. In addition, our contractual arrangements with our clients and other customers may not provide us with sufficient protection against claims for lost profits or other claims for damages.
We may experience in the future, reduced demand for our products and services due to the financial condition and marketing budgets of our clients and other factors that may impact the industry verticals that we serve.
Marketing budgets are largely discretionary in nature, and as a consequence are easier to reduce in the short-term than other expenses. Our customers have in the past, and may in the future, respond to their own financial constraints, whether caused by weak economic conditions, weak industry performance or client-specific circumstances, by reducing their marketing spend. Customers may also be slow to restore their marketing budgets to prior levels during an economic recovery and may respond similarly to adverse economic conditions in the future. Customers may also be slow to restore their marketing budgets to prior levels during an economic recovery and may respond similarly to adverse economic conditions in the future. Our revenues are dependent on national, regional, and international economies and business conditions. A long-lasting economic recession, regardless of the cause, or anemic recovery in the markets in which we operate could have material adverse effects on our business, financial position, or operating results. Similarly, industry or company-specific factors may negatively impact our clients and prospective clients, and in turn result in reduced demand for our products and services, client insolvencies, collection difficulties or bankruptcy preference actions related to payments received from our clients. We may also experience reduced demand as a result of consolidation of clients and prospective clients in the industry verticals that we serve.
We must effectively manage our costs to be successful. If we do not achieve our cost management objectives, our financial results could be adversely affected.
Our business plan and expectations for the future require that we effectively manage our cost structure, including our operating expenses and capital expenditure across our operations. The program named "Project Elevate" involved the optimization and rationalization of our business resources as well as the partial reinvestment of savings into the Company’s sales and marketing team, technology, and strategy. However, we may not be able to recognize all identified potential savings and even if we are able to recognize the identified savings, such cost savings may be insufficient to achieve our cost management objectives. To the extent that we do not successfully manage our costs our financial results may be adversely affected.
12
Consumer perceptions regarding the privacy and security of their data may prevent or impair our ability to offer our products and services.
Various local, national, and international regulations, as well as industry standards, give consumers varying degrees of control as to how personal data is collected, used, and shared for marketing purposes. If, due to privacy, security, or other concerns, consumers exercise their ability to prevent or limit such data collection, use, or sharing, it may impair our ability to provide direct marketing services for those consumers and limit our clients’ demand for our services. Additionally, privacy and security concerns may limit consumers’ willingness to voluntarily provide data to our clients or marketing companies. Additionally, 12Table of Contentsprivacy and security concerns may limit consumers’ willingness to voluntarily provide data to our clients or marketing companies. Some of our services depend on voluntarily provided data. For instance, we believe that one of the most attractive offerings of our Revenue Solutions segment is the provision of data-analytics to our clients. For instance, we believe that one of the most attractive offerings of our Marketing Services segment is the provision of data-analytics to our clients. However, the ability to provide such services is at least in part dependent on the ability to collect large volumes of voluntarily provided data. If there is a significant shift in consumer behavior or governmental regulations were to inhibit our ability to collect large amounts of this type of data, our ability to provide meaningful data analytics to our clients would likely be impaired.
If our facilities are damaged, or if we are unable to access and use our facilities, our business and results of operations will be adversely affected.
Many of our operations rely on the ability of our employees to work at specially equipped facilities to perform services for our clients.Our operations rely on the ability of our employees to work at specially equipped facilities to perform services for our clients. Although we have some excess capacity and redundancy, we do not have sufficient excess capacity or redundancy (in equipment, facilities, or personnel) to maintain our standard service and operational levels for an extended period of time if we are unable to use one of our major facilities. Outsourcing these processes to facilities not owned by us is not a viable option. Should we lose access to a facility for any reason, such as a result of pandemics, terrorist incident or natural disaster, our service levels are likely to decline or be suspended and clients would go without service or secure replacement services from a competitor. Should we lose access to a facility for any reason, including as a result of pandemics, terrorist incident or natural disaster, our service levels are likely to decline or be suspended and clients would go without service or secure replacement services from a competitor. As a consequence of such an event, we would suffer a reduction in revenues and harm to (and loss of) client relationships.
If our new leaders are unsuccessful, or if we continue to lose key management and are unable to attract and retain the talent required for our business, our operating results could suffer.
Many of the members of our current leadership team have limited tenure in their current roles. If our new leaders fail in their new and additional roles and responsibilities (and more generally if we are unable to attract additional leaders with the necessary skills to manage our business) our business and its operating results may suffer. Further, our prospects depend in large part upon our ability to attract, train, and retain experienced technical, client services, sales, consulting, marketing, and management personnel. While the demand for personnel is also dependent on employment levels, competitive factors, and general economic conditions, our recent business performance may diminish our attractiveness as an employer. The loss or prolonged absence of the services of these individuals could have a material adverse effect on our business, financial position, or operating results.
Interest rate increases could affect our results of operations, cash flows and financial position.
Interest rate fluctuations in Europe and the United States may affect the amount of interest we earn on cash equivalents. Our Credit Facility bears interest based upon the Secured Overnight Financing Rate. Our results of operations, cash flows, and financial position could be materially or adversely affected by significant changes to interest rates. We also have exposure to interest rate fluctuations in the United States, specifically money market, the value of our pension obligations and overnight time deposit rates, as these affect our earnings on excess cash. Even with the offsetting increase in earnings on excess cash in the event of an interest rate increase, we cannot be assured that future interest rate increases will not have a material adverse impact on our business, financial position, or operating results. Increased interest rates have put upward pressure on pricing and purchasing power.
Inflation could adversely affect our financial condition and results of operations.
Inflation could have a negative impact on our financial condition and results of operations. Significant increases in inflation, particularly in wages and, to a lesser extent, goods and services, can affect our business and profitability. Rising labor costs may compress our margins as we face challenges in maintaining profitability. Additionally, as we rely on third-party providers for some of our offerings, we have already experienced margin compression due to higher service charges.
13
The widespread increase in the cost of goods and services due to inflation has negatively impacted, and may continue to affect the discretionary spending of our customers. This, in turn, may adversely impact our results of operations. We cannot predict the extent or duration of these negative effects on our business.
We are subject to risks associated with operations outside the United States
Harte Hanks conducts business outside of the United States. During 2025, approximately 9.5% of our revenues were derived from operations outside the United States, primarily in Europe and Asia. We may expand our international operations in the future as part of our growth strategy. We may expand our international operations in the future as part of our growth strategy. Accordingly, our future operating results could be negatively affected by a variety of factors, some of which are beyond our control, including:
•changes in local, national, and international legal requirements or policies resulting in burdensome government controls, tariffs, restrictions, embargoes, or export license requirements;
•higher rates of inflation;
•the potential for nationalization of enterprises;
•less favorable labor laws that may increase employment costs and decrease workforce flexibility;
•potentially adverse tax treatment;
•less favorable foreign intellectual property laws that would make it more difficult to protect our intellectual property from misappropriation;
•more onerous or differing data privacy and security requirements or other marketing regulations;
•longer payment cycles;
•social, economic, and political instability;
•regional armed conflicts, as well as any additional economic sanctions adopted in response to such actions;
•the differing costs and difficulties of managing international operations;
•modifications to international trade policy or the imposition of increased or new tariffs, quotas or trade barriers on key commodities; and
•geopolitical risk and adverse market conditions caused by changes in national or regional economic or political conditions (which may impact relative interest rates and the availability, cost, and terms of mortgage funds).
In addition, exchange rate fluctuations may have an impact on our future costs or on future cash flows from foreign investments. We have not entered into any foreign currency forward exchange contracts or other derivative instruments to hedge the effects of adverse fluctuations in foreign currency exchange rates. We have not entered into any foreign currency forward exchange contracts or other derivative instruments to hedge the effects of adverse fluctuations in foreign currency exchange rates. The various risks that are inherent in doing business in the United States are also generally applicable to doing business anywhere else and may be exacerbated by the difficulty of doing business in numerous sovereign jurisdictions due to differences in culture, laws, and regulations. The various risks that are inherent in doing business in the United States are also generally applicable to doing business anywhere else and may be exacerbated by the difficulty of doing business in numerous sovereign jurisdictions due to differences in culture, laws, and regulations.
Risks Related to Cybersecurity and Technology
Privacy, information security and other regulatory requirements may prevent or impair our ability to offer our products and services.
We are subject to and affected by numerous laws, regulations, and industry standards that regulate direct marketing activities, including those that address privacy, data protection, processing personal information, information security, and marketing communications.
As a result of increasing awareness and interest in privacy rights, data protection, the fair use of personal information, consumer protection, information security, and similar matters, national and local governments and industry organizations regularly consider and adopt new laws, rules, regulations, and guidelines that impact, restrict, and regulate our business products and services.14Table of ContentsAs a result of increasing awareness and interest in privacy rights, data protection, the fair use of personal information, consumer protection, information security, and similar matters, national and local governments and industry organizations regularly consider and adopt new laws, rules, regulations, and guidelines that impact, restrict, and regulate our business products and services. Whether already in place or scheduled to become effective in the future, comprehensive data protection, privacy, and marketing laws apply across the jurisdictions in which we operate as well as in the locations where any such personal information originates, including Europe, the Philippines, and most states throughout the United States. These regulations apply when processing personal data for business and marketing purposes and broadly impact all marketing activities, including legitimate activities associated with profiling consumer behaviors, drawing inferences from personal information, making automated decisions about individuals using personal information, transferring personal information between parties and jurisdictions, communicating with existing and prospective customers, and to other similar activities. Additionally, we are subject to operational obligations when processing and storing personal information, including, but not limited to, adopting and upholding a governance framework to protect this information, registering with relevant regulators, implementing secure infrastructure and data security standards and strategies, data breach detection and response solutions, conducting audits to identify security risks as well as carrying out additional procedures to demonstrate accountability and compliance with national and local privacy and data protection regulations. Other relevant compliance
14
considerations in support of these mandates include establishing solutions in support of broad privacy and data protection rights, including those designed to offer notice to individuals, capture prior consent, grant access to personal information, offer choices regarding the decision to share one’s personal information and how such information can be used, as well as related controls to honor choices expressed related to if and how personal information can be processed or licensed for marketing purposes.
We anticipate new regulations will continue to be proposed and adopted in the future in the jurisdictions in which we operate and/or generate revenue. We also expect any new regulations will reflect the growing trends common to current privacy, data protection and marketing laws requiring companies to bear the burden of proving compliance efforts through demonstrable records, and may subject companies to significant fines and penalties should they violate any substantive or technical requirement. We may implement additional safeguards, controls and measures in response to these changes and trends; and may be required to change or limit our service offerings.
Our business may also be affected by the impact of rules and regulations on our clients’ business and marketing activities. In addition, as we acquire new capabilities and deploy new technologies to execute our strategy, we may be exposed to additional regulations. Current and future restrictions and regulations could increase compliance costs, and restrict or prevent the collection, management, aggregation, transfer, use or dissemination of personal information or change the requirements so as to require other changes to our business or our clients' businesses, practices and tolerance for risk. Additional restrictions and regulations may limit or prohibit current practices regarding marketing communications and information quality solutions. For example, multiple states have implemented opt out legislation for telephone marketing, requiring the creation of statewide do-not call registries. Such legislation could impact our business and the businesses of our clients and of their customers. Such legislation could impact our business and the businesses of our clients and of their customers. In addition, continued public interest in privacy rights, data protection and access, and information security may result in the adoption of additional industry guidelines that could impact our direct marketing activities and business practices.
We cannot predict the scope of any new laws, rules, regulations, or industry guidelines or how courts or agencies may interpret existing rules, regulations or guidelines. Additionally, enforcement priorities by governmental authorities will change over time, which may impact our business. Understanding the laws, rules, regulations, and guidelines applicable to specific client multichannel engagements and across many jurisdictions poses a significant challenge, as such laws, rules, regulations, and guidelines are often inconsistent or conflicting, and are sometimes at odds with client objectives. Our failure to properly comply with these regulatory requirements and client needs may materially and adversely affect our business. General compliance with privacy, data protection, and information security obligations is costly and time-consuming, and we may encounter difficulties, delays, or significant expenses in connection with our compliance, or because of our clients’ need to comply. General compliance with privacy, data protection, and information security obligations is costly and time-consuming, and we may encounter difficulties, delays, or significant expenses in connection with our compliance, or because of our clients’ need to comply. We may be exposed to significant penalties, liabilities, reputational harm, and loss of business in the event that we fail to comply. We could suffer a material adverse impact on our business due to the enactment or enforcement of legislation or industry regulations affecting us and/or our clients, the issuance of judicial or governmental interpretations, changed enforcement priorities of governmental agencies, or a change in behavior arising from public concern over privacy, data protection, and information security issues.
Uncertainty around, and disruption from, new and emerging technologies, including the adoption and utilization of AI, may result in risks and challenges that could impact our business.
We utilize new and emerging technologies, including AI, in our solutions and services. As with many innovations, AI presents risks and challenges that could significantly disrupt our business model. If we do not execute on AI effectively, this could result in loss of revenue and reduced margins.
Our success depends, in part, on our ability to continue to acquire, develop, and implement solutions that meet the evolving needs of our clients. The rapid evolution of AI will require us to expend resources to develop, test, and implement solutions that utilize AI effectively, which may lead us to incur significant expense to maintain a competitive advantage within the industry. We will also be required to attract, motivate, and retain top professionals with the skills necessary to execute our strategy relating to AI, machine learning and other emerging technologies. If we do not employ new technologies, including AI, as quickly or efficiently as our competitors, or if our competitors develop more cost-effective or client-preferred technologies, it could have a material adverse effect on our ability to win and retain business from clients, which would adversely affect our business.
15
The regulatory landscape surrounding AI and generative AI technologies is also evolving, and the ways in which these technologies will be regulated by governmental authorities, self-regulatory institutions, or other regulatory authorities remain uncertain. Such regulations may result in significant operational costs or constrain our ability to develop, deploy, or maintain these technologies.
Significant system disruptions, loss of data center capacity or interruption of telecommunication links could adversely affect our business and results of operations.
Our business is heavily dependent on data centers and telecommunications infrastructures, which are essential to both our call center services and our database services (which require that we efficiently and effectively create, access, manipulate and maintain large and complex databases). In addition to the third-party data centers we use, we also operate several of our own operations centers to support both our own and our clients’ needs. Our ability to protect our operations against damage or interruption from fire, flood, tornadoes, power loss, telecommunications or equipment failure, or other disasters and events beyond our control is critical to our continued success. Likewise, as we increase our use of third-party data centers, it is critical that these vendors adequately protect their data centers from the same risks we do. Our services are dependent on regional and international networking and telecommunication providers. We believe we have taken reasonable precautions to protect our data centers and telecommunication infrastructure from events that could interrupt our operations. Any damage to the data centers we use or any failure of our telecommunications links could materially adversely affect our ability to continue to provide services to our clients, which could result in loss of revenues, profitability and client confidence, and may adversely impact our ability to attract new clients and force us to expend significant company resources to repair the damage.
We have experienced cybersecurity incidents in the past, and if we do not prevent security breaches and other interruptions to our infrastructure, we may be exposed to lawsuits, lose customers, suffer harm to our reputation, and incur additional costs.
The services we offer involve the transmission of large amounts of sensitive and proprietary information over public communications networks, as well as the processing and storage of confidential customer information. Unauthorized access, remnant data exposure, computer viruses, denial of service attacks, accidents, employee error or malfeasance, “social engineering” and “phishing” attacks, intentional misconduct by computer “hackers” and other disruptions can occur, and infrastructure gaps, hardware and software vulnerabilities, inadequate or missing security controls, and exposed or unprotected customer data can exist that (i) interfere with the delivery of services to our customers, (ii) impede our customers' ability to do business, or (iii) compromise the security of our or our customers' systems and data, which exposes confidential information to unauthorized third parties. Unauthorized access, remnant data exposure, computer viruses, denial of service attacks, accidents, employee error or malfeasance, “social engineering” and “phishing” attacks, intentional misconduct by computer “hackers” and other disruptions can occur, and infrastructure gaps, hardware and software vulnerabilities, inadequate or missing security controls, and exposed or unprotected customer data can exist that (i) interfere with the delivery of services to our customers, (ii) impede our customers' ability to do business, or (iii) compromise the security of our or our customers' systems and data, which exposes confidential information to unauthorized third parties. We are a target of cybersecurity incidents of varying degrees on a regular basis. Over time, the techniques used to conduct these cyber-attacks, as well as the sources and targets of these attacks, have become increasingly sophisticated and, in some cases, have been but, are often not recognized until such attacks are launched or have been in place for some time. In addition, there has been an increase in cyber-attacks conducted or sponsored by capable and well-funded “nation state” operators. The Company expects that the sophistication and techniques of cyber-threats will continue to evolve with the rapid development and increased adoption of AI and machine-learning technologies.
Our reputation and business results may be adversely impacted if we, or subcontractors upon whom we rely, do not effectively protect sensitive personal information of our clients and our clients’ customers.16Table of ContentsOur reputation and business results may be adversely impacted if we, or subcontractors upon whom we rely, do not effectively protect sensitive personal information of our clients and our clients’ customers.
Current privacy and data security laws and industry standards impact the manner in which we capture, handle, analyze, and disseminate customer and prospect data as part of our client engagements. In many instances, our client contracts also mandate privacy and security practices. If we fail to effectively protect and control information, especially sensitive personal information (such as health information, social security numbers, or credit card numbers) of our clients and their customers or prospects in accordance with these requirements, we may incur significant expense, suffer reputational harm, loss of business, and, in certain cases, be subjected to regulatory or governmental sanctions or litigation. These risks may be increased due to our reliance on subcontractors and other third parties in providing a portion of our overall services in certain engagements. We cannot guarantee that these third parties will effectively protect and handle sensitive personal information or other confidential information, or that we will have adequate recourse against these third parties in the event such third parties fail to adequately protect and handle such sensitive or confidential information.
16
We could fail to adequately protect our intellectual property rights and may face claims for intellectual property infringement.
Our ability to compete effectively depends in part on the protection of our technology, products, services, and brands through intellectual property right protections, including copyrights, database rights, trade secrets, trademarks, as well as through domain name registrations, and enforcement procedures. The extent to which such rights can be protected and enforced varies by jurisdiction, and capabilities we procure through acquisitions may have less protection than would be desirable for the use or scale we intend or need. Litigation involving patents and other intellectual property rights has become far more common and expensive in recent years, and we face the risk of additional litigation relating to our use or future use of intellectual property rights of third parties.
Despite our efforts to protect our intellectual property, unauthorized parties may attempt to copy or otherwise obtain and use our proprietary information and technology. Monitoring unauthorized use of our intellectual property is difficult, and unauthorized use of our intellectual property may occur. We cannot be certain that trademark registrations will be issued, nor can we be certain that any issued trademark registrations will give us adequate protection from competing products. For example, others may develop competing technologies or databases on their own. Moreover, there is no assurance that our confidentiality agreements with our employees or third parties will be sufficient to protect our intellectual property and proprietary information.
Third-party infringement claims and any related litigation against us could subject us to liability for damages, significantly increase our costs, restrict us from using and providing our technologies, products or services or operating our business generally, or require changes to be made to our technologies, products, and services. We may also be subject to such infringement claims against us by third parties and may incur substantial costs and devote significant management resources in responding to such claims. We have been, and continue to be, obligated under some agreements to indemnify our clients as a result of claims that we infringe on the proprietary rights of third parties. We have been, and continue to be, obligated under some agreements to indemnify our clients as a result of claims that we infringe on the proprietary rights of third parties. These costs and distractions could cause our business to suffer. In addition, if any party asserts an infringement claim, we may need to obtain licenses to disputed intellectual property. We cannot provide assurance, however, that we will be able to obtain these licenses on commercially reasonable terms or that we will be able to obtain any licenses at all. The failure to obtain necessary licenses or other rights may have an adverse effect on our ability to provide our products and services.
Breaches of security, or the perception that e-commerce is not secure, could severely harm our business and reputation.
Business-to-business and business-to-consumer electronic commerce requires the secure transmission of confidential information over public networks. Some of our products and services are accessed through, or are otherwise dependent on the internet. Security breaches in connection with the delivery of our products and services, or well-publicized security breaches that may affect us or our industry (such as database intrusion) could be severely detrimental to our business, operating results, and financial condition. We cannot be certain that advances in criminal capabilities, cryptography, or other fields will not compromise or breach the technology protecting the information systems that deliver our products, services, and proprietary database information.
Data suppliers could withdraw data that we rely on for our products and services.
We purchase or license much of the data we use for ourselves and for our clients. Our ability to provide our customers with data is somewhat dependent on the ability to obtain this data. There could be a material adverse impact on our business if owners of the data we use were to curtail access to the data or materially restrict the authorized use of their data. There could be a material adverse impact on our 17Table of Contentsbusiness if owners of the data we use were to curtail access to the data or materially restrict the authorized uses of their data. Data providers could withdraw their data for a number of reasons, including but not limited to, if there is a competitive reason to do so, if there is pressure from the consumer community, or if additional regulations are adopted restricting the use of the data. We also rely upon data from other external sources to maintain our proprietary and non-proprietary databases, including data received from customers and various government and public records. If a substantial number of data providers or other key data sources were to withdraw or restrict their data, if we were to lose access to data due to government regulation or if the collection of data becomes uneconomical, our ability to provide products and services to our clients could be materially and adversely affected, which could result in decreased revenues, net income and earnings per share.
17
Risks Related to our Capital Structure and Common Stock
The covenants in the Credit Facility limit the Company’s operating and financial flexibility.
The Credit Facility and the terms under which we borrow money under any future credit facilities or other agreements could have significant consequences for our business. The Credit Facility includes covenants currently restricting or potentially restricting the Company’s and its subsidiaries’ ability to create, incur, assume or become liable for indebtedness; make certain investments; pay dividends or repurchase the Company's stock; create, incur or assume liens, consummate mergers or acquisitions, liquidate, dissolve, suspend or cease operations, or modify accounting or tax reporting methods (other than as required by the generally accepted accounting principles in the United States of America).
Covenant and ratio requirements may limit the manner in which we can conduct our business, and we may be unable to engage in favorable business activities or finance future operations and capital needs. Specifically, the amount and terms of the Company’s indebtedness could:
•limit our flexibility in planning for, or reacting to, changes in our business and the industries in which we operate, including limiting our ability to invest in our strategic initiatives, and consequently, place us at a competitive disadvantage;
•reduce the availability of our cash flows that would otherwise be available to fund working capital, capital expenditures, acquisitions, and other general corporate purposes; and
•result in higher interest expense in the event of increases in interest rates, as discussed below under the Risk Factor “Interest rate increases could affect our results of operations, cash flows, and financial position.”
In addition, a failure to comply with these restrictions or to maintain the financial measures and ratios contained in the Credit Facility or future debt instruments could lead to an event of default that could result in an acceleration of debt repayment obligations, and refinancing existing letters of credit.
Risks related to our pension benefit plans may adversely impact our results of operations and cash flows.
Pension benefits represent significant financial obligations. As of December 31, 2025, we had approximately $23.0 million of unfunded pension liabilities. Because of the uncertainties involved in estimating the timing and amount of future payments and asset returns, significant estimates are required to calculate pension expense and liabilities related to our plans. We utilize the services of independent actuaries, whose models are used to facilitate these calculations. Several key assumptions are used in the actuarial models to calculate pension expense and liability amounts recorded in the consolidated financial statements. In particular, significant changes in actual investment returns on pension assets, discount rates, or legislative or regulatory changes could impact future results of operations and required pension contributions. Differences between actual pension expenses and liability amounts from these estimated expense and liabilities may adversely impact our results of operations and cash flows. Differences between actual pension expenses and liability amounts from these estimated expense and liabilities may adversely impact our results of operations and cash flows.
Our operations are located on leasehold property, and our inability to renew our leases on commercially acceptable terms or at all may adversely affect our results of operations.
Our sites operate on leasehold property. Our leases are subject to renewal and we may be unable to renew such leases on commercially acceptable terms or at all. Our inability to renew our leases, or a renewal of our leases with a rental rate higher than the prevailing rate under the applicable lease prior to expiration, may cause an increase in operating costs, or may cause additional costs due to relocation.
We are a “smaller reporting company,” and the reduced disclosure requirements applicable to smaller reporting companies may make our common stock less attractive to investors.
We are a “smaller reporting company” as defined in the Exchange Act. We may continue to be a smaller reporting company if either (i) the market value of our stock held by non-affiliates is less than $250.0 million or (ii) our annual revenue is less than $100.0 million during the most recently completed fiscal year and the market value of our stock held by non-affiliates is less than $700.0 million. We have elected to take advantage of certain of the scaled disclosures available to smaller reporting companies and may continue to rely on such exemptions. Specifically, as a smaller reporting company we may choose to present only the two most recent fiscal years of audited financial statements in our Annual Reports on Form 10-K.
18
Fluctuations in our revenue and operating results and other factors may impact the volatility of our stock price.
The price at which our common stock has traded in recent years has fluctuated greatly and has declined significantly. Our common stock price may continue to be volatile due to several factors including the following (some of which are beyond our control):
•variations in our operating results from period to period and variations between our actual operating results and the expectations of securities analysts, investors, and the financial community;
•the development and sustainability of an active trading market for our common stock;
•unanticipated developments with client engagements or client demand, such as variations in the size, budget, or progress of engagements, variability in the market demand for our services, client consolidations, and the unanticipated termination of several major client engagements;
•announcements of developments affecting our businesses;
•competition and the operating results of our competitors;
•the overall strength of the economies of the markets we serve and general market volatility; and
•other factors discussed elsewhere in this Item 1A, “Risk Factors.”
Because of these and other factors, investors in our common stock may not be able to resell their shares at or above their original purchase price.
Our certificate of incorporation and bylaws contain anti-takeover protections that may discourage or prevent strategic transactions, including a takeover of our company, even if such a transaction would be beneficial to our stockholders.
Provisions contained in our certificate of incorporation and bylaws, in conjunction with the provisions of the Delaware General Corporation Law, could delay or prevent a third party from entering a strategic transaction with us, even if such a transaction would benefit our stockholders.Provisions contained in our certificate of incorporation and bylaws, in conjunction with provisions of the Delaware General Corporation Law, could delay or prevent a third party from entering a strategic transaction with us, even if such a transaction would benefit our stockholders. For example, our certificate of incorporation and bylaws do not allow written consents by stockholders and have strict advance notice and disclosure requirements for nominees and stockholder proposals. For example, our certificate of incorporation and bylaws do not allow written consents by stockholders and have strict advance notice and disclosure requirements for nominees and stockholder proposals.
ITEM 1B. UNRESOLVED STAFF COMMENTS
None.
ITEM 1C. CYBERSECURITY
We rely on our technology infrastructure and information systems to interact with our clients, our employees, to sell our services, to utilize our data, to support and grow our client base, and to bill, collect, and make payments. Our technology infrastructure and information systems also support and form the foundation for our accounting and finance systems and form an integral part of our disclosure and accounting control environment. Our internally developed system and processes, as well as those systems and processes provided by third-party vendors that we contract with, may be susceptible to damage or interruption from cybersecurity threats, which include any unauthorized access to our information systems, and which may result in adverse effects on the confidentiality, integrity, or availability of such systems or the related information. Potential cybersecurity threats include terrorist or hacker attacks, the introduction of malicious computer viruses, ransomware, falsification of banking and other information, insider risk, or other security breaches. Such attacks have become more and more sophisticated over time, especially as threat actors have become increasingly well-funded by, or themselves include governmental actors or other actors with significant means. We expect that the sophistication of cyber-threats will continue to evolve as threat actors increasingly use AI and automation to conduct cyberattacks at scale.
Our CSO and the Risk Steering Committee ("RSC") oversee our enterprise risk management process.Our CSO and the Risk Steering Committee ("RSC") oversees our enterprise risk management process. Under the direction and supervision of our CSO, we conduct an annual comprehensive enterprise risk assessment, which includes details of our management of enterprise-wide risk topics, such as those related to cybersecurity risks. The Board of Directors receives the full results of the annual enterprise risk assessment, including an evaluation of cybersecurity risks presented, a detailed description of the actions we have taken to mitigate these risks, and an analysis of cybersecurity threats and incidents
19
We have adopted the National Institute of Standards and Technology (“NIST”) Cybersecurity and AI Risk Management Frameworks to continually evaluate and enhance our cybersecurity procedures. Activities include mandatory yearly online training for all employees, technical security controls, enhanced data protection, the maintenance of backup and protective systems, policy review and implementation, the evaluation and retention of cybersecurity insurance, periodic assessments of third-party service providers to assess cyber preparedness of key vendors, and running simulated cybersecurity drills, including vulnerability scanning, penetration testing and disaster recovery exercises, throughout the organization. Activities include mandatory yearly online training for all employees, technical security controls, enhanced data protection, the maintenance of backup and protective systems, policy review and implementation, the evaluation and retention of cybersecurity insurance, periodic assessments of third-party service providers to assess cyber preparedness of key vendors, and running simulated cybersecurity drills, including vulnerability scanning, penetration testing and disaster recovery exercises, throughout the organization. These cybersecurity drills are performed both in-house and by third-party service providers. We use automated tools that monitor, detect, and prevent cybersecurity risks and have a security operations center that operates 24 hours a day to alert us to any potential cybersecurity threats and have enabled automated threat response as a countermeasure to increasingly short windows between new vulnerabilities and attack. We use automated tools that monitor, detect, and prevent cybersecurity risks and have a security operations center that operates 24 hours a day to alert us to any potential cybersecurity threats. As noted above, our RSC also has effected comprehensive incident response plans that outline the appropriate communication flow and response for certain categories of potential cybersecurity incidents. The RSC escalates events, including the President and Board of Directors, as relevant, according to pre-defined criteria.
Recently Filed
Click on a ticker to see risk factors
| Ticker * | File Date |
|---|---|
| LFWD | 24 minutes ago |
| PFBX | an hour ago |
| MHH | 2 hours ago |
| NEON | 2 hours ago |
| VACI | 2 hours ago |
| GIFT | 3 hours ago |
| NSPR | 3 hours ago |
| CING | 3 hours ago |
| PLX | 4 hours ago |
| HIND | 5 hours ago |
| BOBS | 5 hours ago |
| TSSI | 14 hours ago |
| CNTY | 15 hours ago |
| ESLA | 15 hours ago |
| DMYY | 16 hours ago |
| PGIM | 16 hours ago |
| PFHO | 17 hours ago |
| GGROU | 17 hours ago |
| ARTC | 18 hours ago |
| TELO | 18 hours ago |
| CLPT | 18 hours ago |
| HHS | 18 hours ago |
| GXAI | 18 hours ago |
| MESH | 19 hours ago |
| CAPR | 19 hours ago |
| SLXN | 19 hours ago |
| VREOF | 19 hours ago |
| AUBN | 19 hours ago |
| CBUS | 19 hours ago |
| AXTI | 19 hours ago |
| INDP | 19 hours ago |
| CWGL | 19 hours ago |
| BRLT | 19 hours ago |
| GTLB | 19 hours ago |
| IPM | 19 hours ago |
| ANKM | 19 hours ago |
| PHXE-P | 19 hours ago |
| LULU | 19 hours ago |
| FLD | 19 hours ago |
| TRVI | 19 hours ago |
| NN | 19 hours ago |
| IZEA | 20 hours ago |
| OKLO | 20 hours ago |
| HQY | 20 hours ago |
| BKSY | 20 hours ago |
| ANTX | 20 hours ago |
| COPR | 21 hours ago |
| GAP | 22 hours ago |
| MGTI | 23 hours ago |
| CHCI | 1 day, 2 hours ago |
