Risk Factors Dashboard

Once a year, publicly traded companies issue a comprehensive report of their business, called a 10-K. A component mandated in the 10-K is the ‘Risk Factors’ section, where companies disclose any major potential risks that they may face. This dashboard highlights all major changes and additions in new 10K reports, allowing investors to quickly identify new potential risks and opportunities.

View risk factors by ticker

Search filings by term

Risk Factors - PETS

-New additions in green
-Changes in blue
-Hover to see similar sentence in last filing

ITEM 1A. RISK FACTORS

Our operations and financial results are subject to various risks and uncertainties, including those described below, that could materially and adversely affect our business, financial condition, operating results and the trading price of our common stock. Because of the following factors, as well as other factors affecting the Company’s results of operations and financial condition, past financial performance should not be considered to be a reliable indicator of future performance, and investors should not use historical trends to anticipate results or trends in future periods. This discussion of risk factors contains forward-looking statements. This section should be read in conjunction with Part II, Item 7, “Management’s Discussion and Analysis of Financial Condition and Results of Operations” and the consolidated financial statements and accompanying notes in Part II, Item 8, “Financial Statements and Supplementary Data” of this Annual Report on Form 10-K.

Regulatory Risks

Any failure to comply with various state or federal regulations covering our pet health business, including the dispensing of prescription pet medications may subject us to reprimands, sanctions, probations, fines, suspensions, or the loss of one or more of our pharmacy licenses.

Our pet health business, which includes the sale and delivery of prescription pet medications is generally governed by state laws and state regulations, and with respect to controlled substances, also by federal law. Governmental authorities that regulate our business have broad latitude to make, interpret, and enforce the laws and regulations that govern us. Since our pharmacy is located in the State of Florida, the Company is governed by the laws and regulations of the State of Florida. Each prescription pet medication sale we make is likely also to be covered by the laws of the state where the customer is located. The laws and regulations relating to the sale and delivery of prescription pet medications vary from state to state, but generally require that prescription pet medications be dispensed with the authorization from a prescribing veterinarian. Our current home-state license with the Florida Board of Pharmacy is valid until February 28, 2027, and PetCareRx’s home-state license in the State of New York is valid until April 30, 2028, however, there is no guarantee that we will be able to renew such licenses when required. To the extent that we are unable to maintain our license as a community pharmacy with the Florida Board of Pharmacy (and to the extent we are unable to maintain PetCareRx’s license in New York), or if we do not maintain the licenses granted by other state boards, or if we become subject to actions by the FDA, or other enforcement regulators, our dispensing of prescription medications to pet owners could cease, which could have a material adverse effect on our operations.

The expansion of our business into the offer and sale of pet insurance products also subjects us to additional laws and regulations regarding those activities, including as a registered insurance distributor in states in which we offer and sell co-branded pet insurance products and otherwise complying with state and federal laws relating to the sale and distribution of insurance products.

The Company is a party to routine litigation and administrative complaints incidental to its business. Management does not believe that the resolution of any or all of such routine litigation and administrative complaints is likely to have a material adverse effect on the Company’s financial condition or results of operations. While we make every effort to fully comply with all applicable state rules, laws, and regulations, from time to time we have been the subject of administrative complaints regarding the authorization of prescriptions prior to shipment. We cannot assure you that we will not be the subject of administrative complaints in the future. We cannot guarantee you that we will not be subject to reprimands, sanctions, probations, or fines, or that one or more of our pharmacy licenses will not be suspended or revoked. If we were unable to maintain our license as a community pharmacy in the States of Florida or New York, or if we are not granted licensure in a state that begins to require licensure, or if one or more of the licenses granted by other state boards should be

suspended or revoked, our ability to continue to sell prescription medications and to continue our business as it is presently conducted could be in jeopardy.

Business Risks

Our failure to properly manage our inventory may result in excessive inventory carrying costs, or inadequate supply of products, which could materially adversely affect our financial condition and results of operations.

A significant portion of PetMeds sales is attributable to products representing approximately 100 SKUs, including the most popular flea and tick, and heartworm preventative brands. We need to properly manage our inventory to provide an adequate supply of these products and avoid excessive inventory of the products representing the balance of the SKUs. We generally place orders for products with our suppliers based upon our internal estimates of the amounts of inventory we will need to fill future orders. These estimates may be significantly different from the actual orders we receive.

In the event that subsequent orders fall short of original estimates, we may be left with excess inventory. Significant excess inventory could result in price discounts, increased inventory carrying costs, and obsolescence. Similarly, if we fail to have an adequate supply of some SKUs, we may lose sales opportunities. We cannot guarantee that we will maintain appropriate inventory levels. Any failure on our part to maintain appropriate inventory levels may have a material adverse effect on our financial condition and results of operations.

Resistance from veterinarians to authorize prescriptions, or attempts or efforts by veterinarians to discourage pet owners from purchasing from us could cause our sales to decrease and could materially adversely affect our financial condition and results of operations.

Since we began our operations, some veterinarians have resisted providing our customers with a copy of their pet’s prescription or authorizing the prescription to our pharmacy staff, thereby effectively preventing us from filling such prescriptions under state law. We have also been informed by customers and consumers that veterinarians have tried to discourage pet owners from purchasing from internet mail-order pharmacies.

The laws and regulations relating to the sale and delivery of prescription pet medications vary from state to state. Although veterinarians in some states are required by law to provide a pet owner with a prescription if medically appropriate, if the number of veterinarians who refuse to authorize prescriptions should increase, or if veterinarians are successful in discouraging pet owners from purchasing from internet mail-order pharmacies, our sales could decrease, and our financial condition and results of operations may be materially adversely affected.

Significant portions of our sales are made to residents of eight states. If we should lose our pharmacy license in one or more of these states, our financial condition and results of operations would be materially adversely affected.

While we ship pet medications to customers in all 50 states, approximately 50% of our sales for the fiscal year ended March 31, 2026, were made to customers located in the states of Florida, California, Texas, New York, Pennsylvania, North Carolina, Virginia and Georgia. If for any reason our license to operate a pharmacy in one or more of those states should be suspended or revoked, or if it is not renewed, our ability to sell prescription medications to residents of those states would cease and our financial condition and results of operations in future periods would be materially adversely affected.

The Company maintains direct purchasing relationships with major pet medication manufacturers and distributors. These relationships entitle the Company to buy directly from the manufacturer under the terms and conditions of a purchasing agreement which dictates purchase pricing of inventory and criteria to obtain additional discounts and rebates. The terms of these agreements also require the Company to comply with the manufacturers’ MAPP. Each advertisement and/or promotion of a product below the MAPP price, should they occur, would be a violation of the policy. This policy applies to all advertisements of products in all media including, without limitation, flyers, posters, coupons, mailers, inserts, newspapers, magazines, on-line catalogs, mail order catalogs, public signage and all Internet or similar electronic media, television, radio and public signage, including websites, email newsletters, forums, and auction sites.

At the discretion of the manufacturers, non-compliance with the MAPP can result in one or more of the following actions: (1) forfeiture of future rebates or discounts from the manufacturer, (2) suspension of future purchases from the manufacturer, (3) or termination of current or future business relationship. The Company has and will continue to make every attempt to abide by the manufacturers MAPP. However, no assurances can be made that the Company will not violate MAPP inadvertently. A reduction or discontinuance of these rebates or discounts would increase our costs and could reduce our profitability. If any of these major pet medication manufacturers were to terminate our purchasing relationship it could materially adversely affect our business. If the manufacturers are not able to enforce their MAPP industry-wide, then our profit margins and results of operations may also be impacted negatively.

The loss of any of our key suppliers would negatively impact our business.

We have direct purchasing relationships with major pet medication manufacturers and distributors, from the majority of which we purchase significant quantities of pet medication products. We do maintain annual purchasing contracts with these major manufacturers. While we believe that our supplier relationships are good, a supplier could discontinue selling to us at any time, or stop paying cooperative fees to us at any time. The loss of any of our key suppliers of pet medications offered by us, or the loss of vendor cooperative payments, would have a negative impact on our business, financial condition, and results of operations.

Shipping is a critical part of our business and any changes in, or disruptions to, our shipping arrangements could adversely affect our business, financial condition, and results of operations.

We currently rely on third-party national, regional, and local logistics providers to deliver the products we offer on our websites. If we are not able to negotiate acceptable pricing and other terms with these providers, or if these providers experience performance problems or other difficulties in processing our orders or delivering our products to customers, it could negatively impact our results of operations and our customers’ experience. In addition, our ability to receive inbound inventory efficiently and ship merchandise to customers may be negatively affected by factors beyond our and these providers’ control, including inclement weather, fire, flood, power loss, earthquakes, acts of war or terrorism or other events, such as labor shortages and disputes, financial difficulties, volatility in the prices of fuel, gasoline and commodities such as paper and packing supplies, system failures and other disruptions to the operations of the shipping companies on which we rely. We are also subject to risks of damage or loss during delivery by our shipping vendors. If the products ordered by our customers are not delivered in a timely fashion or are damaged or lost during the delivery process, our customers could become dissatisfied and cease buying products through our websites and mobile application, which would adversely affect our business, financial condition, and results of operations.

The quality of our customer service and support is important to our customers, and if we fail to provide adequate levels of customer service and support, we could lose customers, which would harm our business.

We believe that a high level of customer care and support is critical in retaining and expanding our customer base. Although our customer care representatives participate in ongoing training programs on a variety of topics, such as product knowledge, computer usage, customer service tips, and the relationship between our Company and veterinarians, any perceived or actual decline in our customer-service response times or in the quality of our customer care representatives, even if episodic or temporary, could hurt our business. If customers perceive that our customer care and support does not compare favorably to our competitors, then we may lose customers to such competitors.

The content of our websites could expose us to various kinds of liability, which, if prosecuted successfully, could negatively impact our business.

Because we post product and pet health information and other content on our websites, we face potential liability for negligence, copyright infringement, patent infringement, trademark infringement, defamation, and/or other claims based on the nature and content of the materials we post. Various claims have been brought, and sometimes successfully prosecuted, against Internet content distributors. We could be exposed to liability with respect to the unauthorized duplication of content or unauthorized use of other parties’ proprietary technology. Although we maintain general liability insurance, our insurance may not cover potential claims of this type or may not be adequate to indemnify us for all liability that may be imposed. Any imposition of liability that is not covered by insurance, or is in excess of insurance coverage, could materially adversely affect our financial condition and results of operations.

We may not be able to protect our intellectual property rights, and/or we may be found to infringe on the proprietary rights of others.

We rely on a combination of trademarks, trade secrets, copyright laws, and contractual restrictions to protect our intellectual property rights. These afford only limited protection. Despite our efforts to protect our proprietary rights, unauthorized parties may attempt to copy our proprietary property, including our non-prescription private label or generic equivalents, when and if developed, as well as aspects of our sales formats, or to obtain and use information that we regard as proprietary, including the technology used to operate our websites and our content, and our trademarks. Litigation or proceedings before the United States Patent and Trademark Office or other bodies may be necessary in the future to enforce our intellectual property rights, to protect our trade secrets and domain names, or to determine the validity and scope of the proprietary rights of others. Any litigation or adverse proceeding could result in substantial costs and diversion of resources and could seriously harm our business and operating results. Any claim, whether meritorious or not, could be time-consuming, result in costly litigation, cause service upgrade delays, or require us to enter into royalty or licensing agreements. These royalty or licensing agreements might not be available on terms acceptable to us or at all.

If we are unable to protect our Internet addresses or to prevent others from using Internet addresses that are confusingly similar, our business may be adversely impacted.

Our Internet addresses, including; www.1800petmeds.com, www.1888petmeds.com, www.petmedexpress.com, www.petmed.com, www.petmeds.com, www.petmeds.pharmacy, www.petmed.pharmacy, www.1800petmeds.pharmacy, and petcarerx.com, are critical to our brand recognition and our overall success. If we are unable to protect these Internet addresses, our competitors could capitalize on our brand recognition. There may be similar Internet addresses used by competitors. Governmental agencies and their designees generally regulate the acquisition and maintenance of Internet addresses. The regulation of Internet addresses in the United States and in foreign countries has changed and may undergo further change in the near future. Furthermore, the relationship between regulations governing Internet addresses and laws protecting trademarks and similar proprietary rights is unclear. Therefore, we may not be able to protect our own Internet addresses or prevent third parties from acquiring Internet addresses that are confusingly similar to, infringe upon, or otherwise decrease the value of our Internet addresses.

Since most of our operations are housed two locations, we are more susceptible to a business interruption in the event of damage to, or disruptions in, our facility, particularly with respect to extreme weather events.

The PetMeds headquarters and principal distribution center are currently located in one location in South Florida, and most of our shipments of products to our customers are made from this primary distribution center. Furthermore, because our largest distribution center is located in South Florida, which is a hurricane-sensitive area and is susceptible to sea-level rise, we are particularly susceptible to the risk of damage to, or total destruction of, our headquarters and distribution center and surrounding transportation infrastructure caused by a hurricane or rising sea levels. Additionally, intense weather conditions may cause property insurance premiums to significantly increase in the future. We recognize that the frequency and intensity of extreme weather events, sea-level rise, and other climatic changes may continue to increase and, as a result, our exposure to these events may increase.

We cannot assure you that we are adequately insured to cover the amount of any losses relating to any of these potential events, including business interruptions resulting from damage to or destruction of our headquarters and distribution centers, or power and equipment failures relating to our call center or websites, or interruptions or disruptions to major transportation infrastructure, or other events that do not occur on our premises. The occurrence of one or more of these events could adversely impact our ability to generate revenues in future periods.

A failure or misuse of our information systems and customer-facing technology systems, including our online payment methods, could adversely affect our results of operations, expose us to third-party claims, or increase our exposure to fraud and other risks.

Our business is dependent upon the efficient operation of our information systems. In particular, we rely on our information systems to effectively manage our business model strategy, with tools to track and manage sales, inventory, marketing, customer service efforts, the preparation of our consolidated financial and operating data, credit card information, and customer information. The failure of our information systems to perform as designed or the failure to maintain and enhance or protect the integrity of these systems could disrupt our business operations, adversely impact sales and the results of operations, expose us to customer or third-party claims, or result in adverse publicity.

Through our information technology, we are able to provide an improved overall shopping and interconnected retail experience that empowers our customers to shop and interact with us from computers, tablets, smartphones and other mobile devices. We use our websites and our mobile application both as sales channels for our products and also as methods of providing product and other relevant information to our customers to drive online sales. Our online programs, communities and knowledge center allow us to inform, assist and interact with our customers. We also continually seek to enhance all of our online properties to provide an attractive user-friendly interface for our customers. Disruptions, failures or other performance issues with these customer-facing technology systems could impair the benefits that they provide to our online business and negatively affect our relationship with our customers.

Further, we currently accept payments using a variety of different payment methods which may subject us to additional regulations and compliance requirements, and may also increase our exposure to fraud, criminal activity, and other risks. In the future, as technology develops and we begin to offer new payment options to consumers, including by integrating emerging mobile and other payment methods, we may be subject to additional regulations, compliance requirements, or fraud. If we fail to comply with the rules or requirements of any provider of a payment method we accept, if the volume of fraud in our transactions limits or terminates our rights to use payment methods we currently accept, or if a data breach occurs relating to our payment systems, we may, among other things, be subject to fines or higher transaction fees and may lose, or face restrictions placed upon, our ability to accept credit card payments from consumers or facilitate other types of online payments. If any of these events were to occur, our business, financial condition, and results of operations could be materially and adversely affected.

Our failure or the failure of third-party service providers to protect our websites, networks, and systems against cybersecurity incidents, or otherwise to protect our confidential information, could damage our reputation and brands and substantially harm our business, financial condition, and results of operations.

As a result of our services being web based, we collect, process, transmit and store large amounts of data about our customers, employees, suppliers and others, including credit card information and personally identifiable information, as well as other confidential and proprietary information. We also employ third-party service providers for a variety of reasons, including storing, processing and transmitting proprietary, personal and confidential information on our behalf. While we rely on tokenization solutions licensed from third parties in an effort to securely transmit confidential and sensitive information, including credit card numbers, advances in computer capabilities, new technological discoveries or other developments may result in the whole or partial failure of these solutions to protect confidential and sensitive information from being breached or compromised. Similarly, our security measures, and those of our third-party service providers, may not detect or prevent all attempts to hack our systems or those of our third-party service providers. Distributed Denial-of-Service ("DDoS") attacks, viruses, malicious software, break-ins, phishing attacks, ransomware, social engineering, security breaches or other cybersecurity incidents and similar disruptions that may jeopardize the security of information stored in or transmitted by our websites, networks and systems or that we or our third-party service providers otherwise maintain, including payment card systems, may subject us to fines or higher transaction fees or limit or terminate our access to certain payment methods. The integration of AI technologies into our platform and systems could increase cybersecurity and privacy risks and could lead to potential unauthorized access, misuse, acquisition, release, disclosure, alteration or destruction of company or customer data or other confidential or proprietary information. Further, threat actors may leverage AI technologies to launch more sophisticated, automated, targeted and coordinated attacks that are more difficult to detect. We and our service providers may not anticipate or prevent all types of attacks until after they have already been launched, and techniques used to obtain unauthorized access to or sabotage systems change frequently and may not be known until launched against us or our third-party service providers. In addition, cybersecurity incidents can also occur as a result of non-technical issues, including intentional or inadvertent breaches by our employees or by persons with whom we have commercial relationships.

We and our service providers may not anticipate or prevent all types of attacks until after they have already been launched, and techniques used to obtain unauthorized access to or sabotage systems change frequently and may not be known until launched against us or our third-party service providers. In addition, cybersecurity incidents can also occur as a result of non-technical issues, including intentional or inadvertent breaches by our employees or by persons with whom we have commercial relationships.

Breaches of our security measures or those of our third-party service providers or any cybersecurity incident could result in unauthorized access to our websites, networks and systems; unauthorized access to and misappropriation of consumer and/or employee information, including personally identifiable information, or other confidential or proprietary information of ourselves or third parties; viruses, worms, spyware or other malware being served from our websites, networks or systems; deletion or modification of content or the display of unauthorized content on our websites; interruption, disruption or malfunction of operations; costs relating to cybersecurity incident remediation, deployment of additional personnel and protection technologies, response to governmental investigations and media inquiries and coverage; engagement of third party experts and consultants; litigation, regulatory action and other potential liabilities. If any of these cybersecurity incidents occur, or there is a public perception that we, or our third-party service providers, have suffered such a breach, or we are unable to determine materiality within a reasonable timeframe under the new Cybersecurity rules, our reputation and brands could also be damaged and we could be required to expend significant capital and other resources to alleviate problems caused by such cybersecurity incidents. As a consequence, our business could be materially and adversely affected and we could also be exposed to litigation and regulatory action and possible liability. In addition, any party who is able to illicitly obtain a customer’s password could access the customer’s transaction data or personal information. Any compromise or breach of our security measures, or those of our third-party service providers, or our failure to protect our customer's confidential information and data, could violate applicable privacy, data security and other laws, and cause significant legal and financial exposure, adverse publicity and a loss of confidence in our security measures, which could have a material adverse effect on our business, financial condition, and results of operations.

The costs of mitigating cybersecurity risks are significant and are likely to increase in the future. These costs include, but are not limited to, retaining the services of cybersecurity providers; compliance costs arising out of existing and future cybersecurity, data protection and privacy laws and regulations; and costs related to maintaining redundant networks, data backups and other damage-mitigation measures. We currently carry cyber insurance, which may mitigate certain potential losses.

Our migration of data and systems to a new information technology platform may disrupt our operations.

As an established web-based seller of pet products, we rely on a combination of legacy public-facing websites, internal applications and services, and back-end ERP systems. We are in the process of migrating and upgrading many of our platforms and applications to more modular, cloud-based and SaaS systems. If we are not able to realize the anticipated benefits of our migration to this new infrastructure, our business could be harmed. There may be unforeseen issues as a result of these migrations that may cause disruptions to the availability of our products due to service outages, downtime or other similar issues that could harm our business. We also may be subject to additional risk of cybersecurity breaches or other improper access to our data or confidential information following our migration to these new computing platforms. In addition, our new platforms may operate differently than anticipated when introduced or when new versions or enhancements are released. As we increase our reliance on our systems, our exposure to damage from service interruptions may increase. Further, our transition could involve significant time and expense and could negatively impact our ability to deliver our products and services, which could harm our financial condition and results of operations.

Our failure to effectively adopt and use emerging technologies, including artificial intelligence and advanced data analytics, and to comply with the evolving regulatory framework governing these technologies, could adversely affect our competitive position, business, results of operations and financial condition.

The e-commerce and digital marketing landscape is continuously evolving, including through the increased use of advanced data analytics and emerging technologies such as AI by our competitors and other market participants. We may not adopt or effectively utilize such technologies as quickly as our competitors, which could place us at a competitive disadvantage and adversely affect our customer acquisition, retention and overall operating performance.

The implementation of AI and similar technologies may require significant investments and our results of operations may be affected by the timing, effectiveness and costs associated with the implementation. The regulatory environment governing the use of AI and similar technologies is evolving. Compliance with new or changing laws, regulations, or industry standards relating to AI may impose significant operational and financial burdens and may limit our ability to develop, deploy, or use AI in our business.

Our marketing, e-commerce, and other business activities are subject to a variety of federal and state laws and regulations relating to privacy, data protection, marketing and advertising and consumer protection, many of which may evolve or expand beyond their current scope, and our failure to comply with this complex set of evolving laws and regulations could adversely affect our business, financial condition, and results of operations.

We collect, maintain, use, and share personal information provided to us through our various marketing activities, including email and social media marketing and postal mailings, as well as other consumer, employee, and business-to-business interactions, in order to provide a better experience for our customers, employees, and vendors. Our current and future marketing and advertising practices depend on our ability to collect, maintain, use, and share this personal information with certain service providers and other third-party vendors, and we are subject to various federal and state laws and regulations that govern such marketing and advertising practices. In addition, we also collect, store, and transmit employees’ health information for certain reasons, such as administering employee benefits; accommodating disabilities and injuries; complying with public health requirements; and maintaining employee safety in the workplace.

Laws and regulations relating to privacy, data protection, cybersecurity, marketing and advertising, and consumer protection are evolving and subject to potentially differing interpretations. If so, we may be subject to proceedings or actions against us by governmental entities or others, and we may suffer damage to our reputation as a result of such proceedings or actions. We may also be contractually required to indemnify and hold harmless third parties from the costs or consequences of non-compliance with any laws, regulations or other legal obligations relating to privacy, data protection, cybersecurity or consumer protection or any inadvertent or unauthorized use or disclosure of data that we store or handle as part of operating our business.

Federal and state governmental authorities continue to evaluate the privacy implications inherent in the use of third-party “cookies” and other methods of online tracking for behavioral advertising and other purposes. The U.S. government and state governments have enacted, have considered or are considering enacting, legislation or regulations that could significantly restrict the ability of companies and individuals to engage in these activities, such as by regulating the level of consumer notice and consent required before a company can employ cookies or other electronic tracking tools or the use of data gathered with such tools. Additionally, some providers of consumer devices and web browsers have implemented, or announced plans to implement, means to make it easier for Internet users to prevent the placement of cookies or to block other tracking technologies, which could result in the use of third-party cookies and other methods of online tracking becoming significantly less effective. The regulation of the use of these cookies and other current online tracking and advertising practices or a loss in our ability to make effective use of services that employ such technologies could increase our costs of operations and limit our ability to acquire new customers on cost-effective terms and consequently, materially and adversely affect our business, financial condition, and results of operations.

In addition, various federal and state legislative and regulatory bodies, or self-regulatory organizations, may expand current laws or regulations, enact new laws or regulations or issue revised rules or guidance regarding privacy, data protection, cybersecurity, consumer protection, and advertising. For example, in June 2018, the State of California enacted the California Consumer Privacy Act of 2018 (the “CCPA”), which became effective on January 1, 2020. The CCPA requires companies that process information of California residents to make new disclosures to consumers about their data collection, use and sharing practices, and allows consumers to opt out of selling their data to third parties and provides a new cause of action for data breaches. Further, on November 3, 2020, the California Privacy Rights Act (the “CPRA”) was voted into law by California residents. The CPRA significantly amends the CCPA, and imposes additional data protection obligations on companies doing business in California, including additional consumer rights processes and opt outs for certain uses of sensitive data. It also creates a new California data protection agency specifically tasked to enforce the law, which could result in increased regulatory scrutiny of businesses conducting activities in California in the areas of data protection and security. The substantive requirements for businesses subject to the CPRA went into effect on January 1, 2023, and will be enforced effective from July 1, 2023. Other states in which we operate have also enacted laws similar to

CPRA and similar laws have been proposed in other states and at the federal level, and if passed, such laws may have potentially conflicting requirements that would make compliance challenging. Additionally, the Federal Trade Commission (the “FTC”) and many state attorneys general are interpreting federal and state consumer protection laws to impose standards for the online collection, use, dissemination and security of data. Consumer protection laws require us to publish statements that describe how we handle personal data and choices individuals may have about the way we handle their personal data. If such information that we publish is considered untrue, we may be subject to government claims of unfair or deceptive trade practices, which could lead to significant liabilities and consequences. Further, according to the FTC, violating consumers’ privacy rights or failing to take appropriate steps to keep consumers’ personal data secure may constitute unfair acts or practices in or affecting commerce in violation of Section 5(a) of the Federal Trade Commission Act. Each of these privacy, security, and data protection laws and regulations, and any other such changes or new laws or regulations, could impose significant limitations, require changes to our business, impose fines and other penalties or restrict our use or storage of personal information, which may increase our compliance expenses and make our business more costly or less efficient to conduct. Any such changes could compromise our ability to develop an adequate marketing strategy and pursue our growth strategy effectively, which, in turn, could adversely affect our business, financial condition, and results of operations.

We face the risk of litigation resulting from unauthorized text messages sent in violation of the Telephone Consumer Protection Act.

We send short message service, or SMS, text messages to customers and job candidates. The actual or perceived improper sending of text messages may subject us to potential risks, including liabilities or claims relating to consumer protection laws. For example, the Telephone Consumer Protection Act of 1991, a federal statute that protects consumers from unwanted telephone calls, faxes, and text messages, restricts telemarketing and the use of automated SMS text messages without proper consent. Numerous class-action suits under federal and state laws have been filed in recent years against companies who conduct SMS texting programs, with many resulting in multi-million-dollar settlements to the plaintiffs. Federal or state regulatory authorities or private litigants may claim that the notices and disclosures we provide, form of consents we obtain, or our SMS texting practices are not adequate or violate applicable law, resulting in civil claims against us. While we strive to comply with all applicable laws and regulations, the scope and interpretation of the laws that are or may be applicable to the delivery of text messages are continuously evolving and developing. If we do not comply with these laws or regulations or if we become liable under these laws or regulations, we could face direct liability, could be required to change some portions of our business model, or could face negative publicity, and our business, financial condition, and results of operations could be adversely affected as a result. Even an unsuccessful challenge of our SMS texting practices by our customers, regulatory authorities, or other third parties could result in negative publicity and could require a costly response from and defense by us.

Further trade restrictions, including tariffs, quotas, embargoes, safeguard measures and customs limitations, could raise the cost or diminish the availability of products for us and our suppliers and may necessitate changes to our supply chain organization or other current business practices, any of which could materially harm our business, financial condition and results of operations.

Factors that may cause our operating results to fluctuate include:

•Our ability to obtain new customers at a reasonable cost, retain existing customers, or encourage reorders;

•Our ability to increase the number of visitors to our websites, or our ability to convert visitors to our websites into customers;

•The mix of medications and other pet products sold by us;

•Our ability to manage inventory levels or obtain an adequate supply of products;

•Our ability to adequately maintain, upgrade, and develop our websites, the systems that we use to process customers’ orders and payments, or our computer network;

•Increased competition within our market niche;

•Price competition;

•New products introduced to the market, including generics;

•Increases in the cost of advertising;

•The amount and timing of operating costs and capital expenditures relating to expansion of our product line or operations;

•Potential disruption to the distribution network;

•Disruption of our toll-free telephone service, technical difficulties, or systems and Internet outages or slowdowns;

•The impact of any future outbreaks similar to COVID-19 on our business operations and generally on the economy, including the measures taken by governmental authorities to address it;

•Unfavorable general economic trends; and

•Tariffs

Our annual and quarterly operating results have fluctuated in the past and may fluctuate significantly in the future due to a variety of factors, including weather, many of which are out of our control. Any change in one or more of these factors could materially adversely affect our financial condition and results of operations in future periods.

Uncertainties in economic conditions and their impact on consumer spending patterns could adversely impact our business, financial condition, and results of operations.

Our results of operations are sensitive to changes in certain macro-economic conditions that impact consumer spending on pet products and services. Some of the factors that may affect consumer spending on pet products and services include consumer confidence, levels of unemployment, inflation, interest rates, tax rates and general uncertainty regarding the overall future economic environment. We may experience declines in sales or changes in the types of products sold during economic downturns. Any material decline in the amount of consumer spending or other adverse economic changes could reduce our sales, and a decrease in the sales of higher-margin products could reduce profitability and, in each case, harm our business, financial condition, and results of operations.

We may continue to seek to grow our business through acquisitions of, or investments in, new or complementary businesses, facilities, technologies, offerings, or products, or through strategic alliances, and the failure to manage these acquisitions, investments, or other strategic alliances, or to integrate them with our existing business, could have a material adverse effect on us.

Acquisitions, investments and other strategic alliances, involve numerous risks, including:

•problems integrating the acquired business, facilities, technologies or products, including issues maintaining uniform standards, procedures, controls and policies;

•unanticipated costs associated with acquisitions, investments or strategic alliances;

•losses we may incur as a result of declines in the value of an investment or as a result of incorporating an investee’s financial performance into our financial results;

•diversion of management’s attention from our existing business;

•risks associated with entering new markets in which we may have limited or no experience;

•the risks associated with businesses we acquire or invest in, which may differ from or be more significant than the risks our other businesses face;

•potential unknown liabilities associated with a business we acquire or in which we invest; and

•increased legal and accounting compliance costs.

Our ability to successfully grow through strategic transactions depends upon our ability to identify, negotiate, complete and integrate suitable target businesses, facilities, technologies, products and services. These efforts could be expensive and time-consuming and may disrupt our ongoing business and prevent management from focusing on our operations. Also, our acquisitions may not result in the benefits or growth originally anticipated from such acquisitions. As a result of future strategic transactions, we might need to issue additional equity securities, spend our cash, or incur debt (which may only be available on unfavorable terms, if at all) or contingent liabilities, any of which could reduce our profitability and harm our business. If we are unable to identify suitable acquisitions, investments or strategic relationships, or if we are unable to integrate any acquired businesses, facilities, technologies, offerings and products effectively, our business, financial condition, and results of operations could be materially and adversely affected. Also, while we employ several different methodologies to assess potential business opportunities, the new businesses or investments may not meet or exceed our expectations or desired objectives in the timeframe expected.

The market for pet telemedicine is immature and uncertain. If the telemedicine market does not develop, develops more slowly than we expect, or encounters negative publicity, or if our approach does not achieve a high level of customer

acceptance, the growth and results of our partnership with Vetster may be adversely affected which could result in an impairment of our investment.

It is uncertain whether the telemedicine market and our approach to pet telehealth with our partner in that industry will achieve and sustain high levels of demand, consumer acceptance and market adoption. The COVID-19 pandemic increased acceptance and utilization of telemedicine services, but it is uncertain whether such increase in demand will continue.

Demand for pet telemedicine and telehealth services is affected by a number of factors, many of which are beyond our control. Some of these potential factors include:

•market adoption and ongoing usage of pet telehealth and telemedicine services and solutions;

•awareness and adoption of technology in healthcare generally;

•availability of products and services that compete with ours;

•ability to maintain and expand a network of qualified providers;

•ease of adoption and use;

•features and platform experience;

•performance;

•brand;

•security and privacy; and

•pricing.

Our success will depend to a substantial extent on the willingness of our customers to use, and to increase the frequency and extent of their utilization of, our solution being offered in conjunction with our telehealth partner as well as on our ability to demonstrate the value of pet telehealth and telemedicine to veterinarians and pet owners. Negative publicity concerning the pet telehealth and telemedicine market could limit market acceptance of our solutions and services.

Evolving foreign trade policy by the United States or other countries or the imposition of tariffs on imported goods may affect our business.

Some of the products that we offer are purchased from vendors located outside of the United States and other vendors that we purchase from depend on other vendors located outside of the United States. These threatened or imposed tariffs and any retaliatory actions taken by other countries could result in us incurring additional costs to procure some of the merchandise we offer and may require us to raise prices on certain products. While the scope and duration of any current or future tariffs remain uncertain, tariffs imposed by the U.S. or other governments could negatively impact our financial condition and results of operations.

Financial Risks

Our financial condition may currently and in the future raise substantial doubt as to our ability to continue as a going concern.

In connection with the filing of this Annual Report on Form 10-K, we evaluated our ability to continue as a going concern for the twelve months following the issuance of the financial statements contained herein. The Company’s liquidity position has been impacted by declining cash balances, declining net sales, recurring operating losses and negative operating cash flows. When considered in the aggregate, these conditions raised substantial doubt about the Company's ability to continue as a going concern within the assessment period, defined as twelve months after the date that our consolidated financial statements are issued. Management evaluated the significance of these conditions in relation to the Company’s ability to meet its obligations within the assessment period and has developed a plan intended to alleviate substantial doubt. The primary elements of the plan include, among other things, advertising and media spend optimization, strategic reductions in operating expenses, including decreases in professional fees following the resolution of non-recurring matters, and reductions capital expenditures. Management determined that these plans are probable of being effectively implemented and are probable of mitigating the conditions that raised substantial doubt and has concluded that substantial doubt about the Company’s ability to continue as a going concern for the twelve-month period following issuance of these consolidated financial statements is alleviated by these plans.

Accordingly, the accompanying consolidated financial statements have been prepared on a going concern basis of accounting.

We accept payments using a variety of methods, including credit and debit cards, PayPal and Apple Pay, and we may offer new payment options over time. Acceptance of these payment options subjects us to rules, regulations, contractual obligations and compliance requirements, including payment network rules and operating guidelines, data security standards and certification requirements, and rules governing electronic funds transfers. These requirements may change over time or be reinterpreted, making compliance more difficult or costly. For certain payment methods, including credit and debit cards, we pay interchange and other fees, which may increase over time and raise our operating costs.

We rely on third parties to provide payment processing services, including the processing of credit cards, debit cards, and other forms of electronic payment. If these companies become unable to provide these services to us, or if their systems are compromised, it could potentially disrupt our business. The payment methods that we offer also subject us to potential fraud and theft by criminals, who are becoming increasingly more sophisticated, seeking to obtain unauthorized access to or exploit weaknesses that may exist in the payment systems. If we fail to comply with applicable rules or requirements for the payment methods we accept, or if payment-related data is compromised due to a breach or misuse of data, we may be liable for costs incurred by payment card issuing banks and other third parties or subject to fines and higher transaction fees, or our ability to accept or facilitate certain types of payments may be impaired. As a result, our business and operating results could be adversely affected.

We have identified material weaknesses in our internal control over financial reporting, and management has determined that our disclosure controls and procedures were not effective as of the end of the period covered by this Annual Report on Form 10-K. Our business and share price may be adversely affected if we fail to implement and maintain effective disclosure controls and procedures and internal control over financial reporting.

A material weakness is a deficiency, or combination of deficiencies, in internal control over financial reporting such that there is a reasonable possibility that a material misstatement of our annual or interim consolidated financial statements will not be prevented or detected on a timely basis.” While we believe these efforts will be sufficient to remediate the material weakness, we cannot provide assurance that we will be able to complete our evaluation, testing or any required remediation in a timely fashion, or at all. The effectiveness of our internal control over financial reporting is subject to various inherent limitations, including cost limitations, judgments used in decision making, assumptions about the likelihood of future events, the possibility of human error and the risk of fraud. Because of the inherent limitations in a cost-effective control system, misstatements in our financial statements due to error or fraud may occur and require restatement, such as those errors that resulted in the restatement of our previously issued audited consolidated financial statements as previously reported in our Annual Report on Form 10-K for the year ended March 31, 2025.

The material weaknesses in our internal control over financial reporting will not be considered remediated until the controls operate for a sufficient period and management has concluded through testing that these controls operate effectively. If we are unable to remediate the material weaknesses or identify additional material weakness in the future, we may be unable to accurately report our financial results, which could cause our financial results to be materially misstated and require restatement. In such case, we may be unable to maintain compliance with securities law requirements regarding timely filing of periodic reports in addition to applicable stock exchange listing requirements. Ineffective disclosure controls and procedures and internal control over financial reporting could also result in litigation or regulatory actions by the SEC or other regulatory authorities, loss of investor confidence, harm to our reputation and financial condition, diversion of financial and management resources from the operation of our business, and the market price of our common stock may decline as a result. We cannot assure you that the remediation measures we have taken to date, or any measures that we may take in the future, will be sufficient to avoid future material weaknesses.

We have identified material weaknesses in our internal control over financial reporting, including in connection with the restatements as previously reported in our Annual Report on Form 10-K for the year ended March 31, 2025, certain of which remained unremediated as of the date of this Annual Report. As a result of such material weaknesses and the restatement, we could face regulatory action by the SEC or other regulatory authorities, potential litigation, or other disputes, including claims invoking federal and state securities laws, contractual claims or other claims arising from the restatement and the material weaknesses in our internal control over financial reporting and the preparation of our financial statements. Any such litigation or dispute, whether successful or not, could adversely affect our business, financial condition, and results of operations.

Risks Relating to Taxes

Taxing authorities may successfully assert that we should have collected, or in the future should collect, sales and use, value added, or similar taxes, and any such assessments could adversely affect our business, financial condition, and results of operations.

In the past several years, states have adopted laws that attempt to impose tax collection obligations on out-of-state companies. In 2018, the Supreme Court of the United States ("Supreme Court") ruled in South Dakota v. Wayfair, Inc. et al, or Wayfair, that online sellers can be required to collect sales and use tax despite not having a physical presence in the buyer’s state. In response to Wayfair, or otherwise, states or local governments may adopt, or begin to enforce, laws requiring us to register, calculate, collect, and remit taxes on sales in their jurisdictions. Additionally, states and some local tax jurisdictions have differing rules and regulations governing sales and use taxes, which are subject to varying interpretations that may change over time.

One or more taxing authorities could seek to impose additional sales and use, value added, or similar taxes on us or may determine that such taxes should have, but have not been, paid by us. Any successful action by taxing authorities to compel us to collect and remit such taxes, either retroactively or prospectively, could have a material adverse effect on our business, financial condition and results of operations. The imposition by state governments or local governments of sales tax collection obligations on out-of-state sellers could also create additional administrative burdens for us, put us at a competitive disadvantage if they do not impose similar obligations on our competitors, and decrease our future sales, which could have a material adverse effect on our business and results of operations.

While we believe that we currently collect and remit applicable sales taxes to the extent required in all states in which we sell, a successful assertion by one or more states seeking to tax us on sales that occurred in prior tax years, or to collect more taxes in a jurisdiction in which we currently do collect some taxes, could result in substantial tax liabilities, including taxes on past sales, as well as penalties and interest.

New legislation or regulations, the application of laws and regulations from jurisdictions, or the application of existing laws and regulations to the Internet and commercial online services could similarly result in significant additional taxes on our business. For instance, the Supreme Court’s decision and the enactment and enforcement of laws resulting therefrom could also impact where we are required to file state income taxes. As a result, our effective income tax rate as well as the cost and growth of our business could be materially and adversely affected, which could in turn have a material adverse effect on our financial condition and results of operations. In addition, because the Company’s products and services are available over the Internet, states may claim that the Company is required to do business as a foreign corporation in one or more of those jurisdictions. Failure to qualify as a foreign corporation in a jurisdiction where the Company is required to do so could subject it to taxes and penalties, and such jurisdictions may charge the Company with violations of local laws.

Changes in tax laws or regulations in the various tax jurisdictions we are subject to could increase our cost of doing business.

We may be subject to additional tax liabilities and penalties resulting from new legislation or regulations; changes in taxing jurisdictions’ administrative interpretations, decisions, policies and positions; results of tax audits, examinations, settlements or judicial decisions; changes in accounting principles, as well as the evaluation of new information that results in a change to a tax position taken in a prior period; and changes to our business operations, including acquisitions. Any resulting increase in our tax obligation or cash taxes paid could adversely affect our cash flows and financial results.

Industry Risks

We face significant competition from veterinarians and online and traditional retailers, as well as challenges from strategic alliances amongst our competitors, and may not be able to compete profitably with them.

We compete directly and indirectly with veterinarians for the sale of pet medications and other health products. Veterinarians hold a competitive advantage over us because many pet owners may find it more convenient or preferable to purchase these products directly from their veterinarians at the time of an office visit. We also compete directly and indirectly with both online and traditional retailers. Both online and traditional retailers may hold a competitive advantage over us because of longer operating histories, established brand names, greater resources, and/or an established customer base. Online retailers may have a competitive advantage over us because of established affiliate relationships to drive traffic to their website. Traditional retailers may hold a competitive advantage over us because pet owners may prefer to purchase these products from a store instead of online. In addition, we face growing competition from online and multichannel retailers, some of whom may have a lower cost structure than ours, as customers now routinely use computers, tablets, smartphones, and other mobile devices and mobile applications to shop online and compare prices and products in real time. In order to effectively compete in the future, we may be required to offer promotions and other incentives, which may result in lower operating margins and adversely affect the results of operations. In order to stay competitive, we may need to accelerate our adoption of and investment in AI-based technologies and features. We also face a significant challenge from our competitors forming alliances with each other, such as those between online and traditional retailers. These relationships may enable both their online and retail stores to negotiate better pricing and better terms from suppliers by aggregating the demand for products and negotiating volume discounts, which could be a competitive disadvantage to us.

Product recalls and concerns regarding the safety and quality of the pet products we sell could affect our business.

We are subject to laws and regulations by various federal and state regulatory authorities regarding the safety and quality of the pet products that we sell. We purchase products from various suppliers, one or more of which might not adhere to product safety requirements or our quality control standards, and we may not be able to identify the deficiency before merchandise ships to our customers. All of our suppliers are required to comply with applicable product safety laws, and we are dependent upon them to ensure such compliance. Any issues of product safety or allegations that the products we sell are in violation of governmental regulations, including, but not limited to, issues involving products manufactured in foreign countries or issues of mislabeling or adulteration, could cause those products to be recalled. If our suppliers fail to manufacture or import merchandise that adheres to our quality control standards, product safety requirements, or applicable governmental regulations, our reputation and brands could be damaged, potentially leading to decreased sales or increases in customer litigation against us. If consumers lose confidence in the safety and quality of the food or other products that we sell or in the suppliers that provide such products, then our sales could be adversely affected. Adverse publicity about these types of concerns, even if not valid, may discourage consumers from buying the products we offer, and such publicity cause disruptions with suppliers. The real or perceived sale of contaminated food products by us could result in product liability claims against our suppliers or us, expose us or our suppliers to governmental enforcement action or private litigation, or lead to costly recalls and a loss of consumer confidence, any of which could have an adverse effect on our business, financial condition, and results of operations. We may also in the future voluntarily recall or withdraw products that we consider do not meet our standards in order to protect our brands and reputation. While we carry product liability insurance, our insurance may not be adequate to cover all liabilities that we may incur in connection with product liability claims. In addition, we may be unable to continue to maintain our existing insurance coverage or obtain comparable insurance at a reasonable cost, if at all, or secure additional coverage, which may result in future product liability claims being uninsured. Any of these factors could negatively impact our business, financial condition, and results of operations.

Pandemics or other health crises, such as the possible resurgence of the COVID-19 pandemic, may adversely affect our results of operations.

The outbreak and global spread of the COVID-19 pandemic, including the spread of recent variants, and related containment efforts created, and may continue to contribute to, significant economic disruption in the United States and around the world. A resurgence of the COVID-19 pandemic, variations of the COVID-19 virus, or other pandemics could adversely affect our business operations. It is impossible to predict the effect and ultimate impact of the possible resurgence of the COVID-19 pandemic, a variation of the COVID-19 virus, or other pandemic. In response to the COVID-19

pandemic, we implemented working from home where possible and enhanced disinfection and social distancing within our workplace. Future COVID-19 surges or variants, as well as other pandemics, may result in us again encouraging employees to work from home, which could adversely impact costs, operations, and morale, as well as result in consumer privacy, IT security, and fraud concerns.

Governmental lockdowns and other restrictions at the onset of the COVID-19 pandemic negatively impacted, and in the event of a future resurgence or a different pandemic or health crisis may again negatively impact, the operations of and ability to ship from our fulfillment center. Our future results of operations and overall financial performance could be uncertain should a new virus strain of COVID-19, a new pandemic, or other health crisis occur.

Securities Risks

Our stock price fluctuates from time to time and may fall below expectations of securities analysts and investors, and could subject us to litigation, which may result in you suffering a loss on your investment.

The market price of our common stock may fluctuate significantly in response to a number of factors, many of which are out of our control. In some future quarter our operating results may fall below the expectations of securities analysts and investors, which could result in a decrease in the trading price of our common stock. In addition, if the Company fails to meet expectations related to future growth, profitability, dividends, or other market expectations, the price of the Company’s common stock may decline significantly, which could have a material adverse impact on investor confidence and employee retention. In the past, securities class action litigation has often been brought against a company following periods of volatility in the market price of its securities. We may be the target of similar litigation in the future. Securities litigation could result in substantial costs and divert management's attention and resources, which could seriously harm our business and operating results.

We may issue additional shares of preferred stock that could defer a change of control or dilute the interests of our common shareholders. Our charter documents could defer a takeover effort which could inhibit your ability to receive an acquisition premium for your shares.

Our charter permits our Board of Directors to issue up to 5.0 million shares of preferred stock without shareholder approval. Currently there are 2,500 shares of our Convertible Preferred Stock issued and outstanding. This leaves slightly less than 5.0 million shares of preferred stock available for issuance at the discretion of our Board of Directors. These shares, if issued, could contain dividend, liquidation, conversion, voting, or other rights which could adversely affect the rights of our common shareholders and which could also be utilized, under some circumstances, as a method of discouraging, delaying, or preventing a change in control. Provisions of our articles of incorporation, bylaws and Florida law could make it more difficult for a third party to acquire us, even if many of our shareholders believe it is in their best interest.

Actions of activist stockholders could be disruptive and costly and could adversely affect our results of operations, financial condition, and/or share price

While we strive to maintain constructive communications with our stockholders, we may, from time to time, be subject to demands from activist stockholders. Any activist campaign against the Company that contests, conflicts with, or seeks to change, our board composition, leadership, strategic direction, or business mix could have an adverse effect on us because: (i) responding to actions by activist stockholders could disrupt our operations, be costly or time-consuming, or divert the attention of our board of directors and senior management from their regular duties, which could adversely affect our results of operations or financial condition; (ii) perceived uncertainties as to our future direction, including as a result of possible changes to the composition of our board, may lead to the perception of a change in the direction of the business or lack of continuity, any of which may be exploited by our competitors, cause concern to our customers, employees, and/or business partners and result in the loss of potential business opportunities, or make it more difficult to attract and retain qualified personnel and business partners, and may adversely affect our relationships with vendors, customers, business partners, and other third parties; (iii) these types of actions could cause significant fluctuations in our share price based on temporary or speculative market perceptions or other factors that do not necessarily reflect the underlying fundamentals

and prospects of our business; and (iv) if individuals are elected to our board of directors with a specific agenda, it may adversely affect our ability to effectively implement our business strategy and create additional value for our stockholders.

Our ability to pay regular dividends to our shareholders and the amounts of any such dividends are subject to the discretion of the Board and may be limited by our financial condition, or limitations under Florida law.

We paid regular dividends to our shareholders from 2009 to August 2023, and on February 1, 2024, our Board of Directors elected to suspend the quarterly dividend indefinitely. The Board of Directors determined to reserve and/or utilize cash resources that would otherwise be available for distributions in order to fund additional strategic transactions or investments in our business. The determination to pay dividends and the amounts thereof in the future will be at the discretion of the Board and will be dependent on then-existing conditions, including our financial condition, income, legal requirements, including limitations under Florida law, and other factors the Board deems relevant. For these reasons, shareholders should not rely on dividends to receive a return on investment. Accordingly, and for the foreseeable future, realization of any gain on shares of our common stock will depend solely on the appreciation of the price of our common stock, which may not occur.

ITEM 1B. UNRESOLVED STAFF COMMENTS

None.

ITEM 1C. CYBERSECURITY

PetMeds and PetCareRx maintain an enterprise-wide cybersecurity program designed to identify, assess, manage, and mitigate information security risks across the organization.

Cybersecurity Risk Management and Oversight

Our cybersecurity risk management program is designed to protect our systems, data, and customers from a wide range of cyber threats.

During fiscal 2026, we enhanced our governance structure by establishing two internal risk committees, an enterprise-wide management risk committee and an executive risk committee, to identify, assess, and manage enterprise risks, including cybersecurity risks, in a coordinated and timely manner. This committee improves cross-functional alignment and helps us proactively manage risk across the organization.

Our management team includes individuals with relevant expertise in information technology and cybersecurity. During fiscal 2026, cybersecurity oversight responsibilities were led by our Chief Digital and Technology Officer and Chief Information Security Officer, both of whom served through the end of the fiscal year and had significant experience in cybersecurity and risk management, including more than two decades of combined experience in these areas. Following their departures in the first quarter of fiscal 2027, these responsibilities have been assigned to other members of management and are supported by internal personnel and an external third-party specialist with relevant cybersecurity expertise.

In addition, we implemented Drata, a governance, risk, and compliance (“GRC”) platform, to automate and streamline risk management, control monitoring, and compliance processes. This investment strengthens our ability to maintain continuous visibility into our control environment and enhances our overall cybersecurity maturity.

The Audit Committee of our Board of Directors oversees cybersecurity risk and receives quarterly updates from management on cybersecurity strategy, threat landscape, incident trends, remediation activities, and other relevant developments.

Incident Detection and Response

We maintain an Incident Response Policy and supporting procedures that define how potential cybersecurity events are identified, escalated, investigated, contained, and remediated. The objectives of our incident response program include:

•Timely investigation and validation of incidents

•Minimization of data loss or service disruption

•Evidence preservation in accordance with legal and regulatory requirements

•Restoration of affected systems and services

•Post-incident review and implementation of corrective actions

•Notification to affected parties and regulators, where appropriate

These procedures are periodically tested and updated to ensure effectiveness and readiness.

Security Measures and Monitoring

We use a layered, defense-in-depth approach with industry-standard tools and our own processes for threat detection, monitoring, and response. Our security measures include:

•Regular system scans, vulnerability assessments, and penetration testing

•Ongoing compliance with the Payment Card Industry Data Security Standard (“PCI DSS”)

•Deployment of endpoint detection and response (“EDR”) tools and real-time monitoring solutions

•Secure development practices are integrated into our digital platforms

During fiscal 2026, we conducted both internal and external penetration testing, which identified certain minor vulnerabilities. These findings were promptly remediated, and no threats were identified in these assessments.

As part of our vendor management and procurement processes, we conduct cybersecurity due diligence, including reviewing SOC reports and validating data privacy and security practices for vendors with access to our systems or sensitive data.

As we modernize our technology platforms and phase out legacy systems, we're strengthening security across identity management, access governance, and software development.

Training and Awareness

Cybersecurity awareness is a foundational element of our risk management approach. Additional training is provided for employees in roles with elevated access to systems or sensitive data

Cybersecurity Incidents

We maintain processes to detect and respond to cybersecurity incidents as part of normal operations.

Cybersecurity risks continue to evolve, and we cannot provide assurance that future incidents will not materially impact our business, financial condition, or results of operations."

Recently Filed

Click on a ticker to see risk factors

Ticker *	File Date
PETS	an hour ago
UPYY	2 hours ago
SKFG	7 hours ago
HIVE	9 hours ago
IVF	9 hours ago
BRLS	11 hours ago
PRPH	1 day, 1 hour ago
GLSI	1 day, 1 hour ago
FRHC	1 day, 2 hours ago
UVV	1 day, 2 hours ago
ACQC	4 days, 1 hour ago
PKE	4 days, 1 hour ago
STEK	4 days, 1 hour ago
FNGR	4 days, 1 hour ago
FSHP	4 days, 1 hour ago
KSEZ	4 days, 2 hours ago
RMCF	4 days, 2 hours ago
VSAT	4 days, 2 hours ago
STE	4 days, 2 hours ago
NTRP	4 days, 2 hours ago
NRIS	4 days, 4 hours ago
KD	4 days, 10 hours ago
GLAI	5 days ago
SODI	5 days, 1 hour ago
RSVR	5 days, 1 hour ago
PLUS	5 days, 1 hour ago
NGL	5 days, 1 hour ago
MDNC	5 days, 7 hours ago
SOTK	5 days, 9 hours ago
LOGI	1 week, 5 days ago
RAMP	1 week, 5 days ago
MCHP	1 week, 5 days ago
HLNE	1 week, 5 days ago
CRUS	1 week, 5 days ago
AGYS	1 week, 5 days ago
WMS	1 week, 5 days ago
GEN	1 week, 5 days ago
THR	1 week, 5 days ago
RL	1 week, 5 days ago
ALGM	1 week, 5 days ago
ELF	1 week, 6 days ago
DT	1 week, 6 days ago
VIIQ	1 week, 6 days ago
FLEX	1 week, 6 days ago
ENS	1 week, 6 days ago
VFC	1 week, 6 days ago
IMVT	1 week, 6 days ago
ROIV	1 week, 6 days ago
HAE	1 week, 6 days ago
AREC	1 week, 6 days ago

OTHER DATASETS

House Trading

Dashboard

Corporate Flights

Dashboard

App Ratings

Dashboard

Strategies

Alerts

Browse Data

Risk Factors Dashboard

View risk factors by ticker

Search filings by term

Risk Factors - PETS

-New additions in green
-Changes in blue
-Hover to see similar sentence in last filing

Recently Filed

OTHER DATASETS

House Trading

Corporate Flights

App Ratings

TRADE SMARTER

TRADE SMARTER

Strategies

Alerts

Browse Data

Risk Factors Dashboard

View risk factors by ticker

Search filings by term

Risk Factors - PETS

-New additions in green-Changes in blue-Hover to see similar sentence in last filing

Recently Filed

OTHER DATASETS

House Trading

Corporate Flights

App Ratings

TRADE SMARTER

TRADE SMARTER

-New additions in green
-Changes in blue
-Hover to see similar sentence in last filing