Quiver Quantitative

Risk Factors Dashboard

Once a year, publicly traded companies issue a comprehensive report of their business, called a 10-K. A component mandated in the 10-K is the ‘Risk Factors’ section, where companies disclose any major potential risks that they may face. This dashboard highlights all major changes and additions in new 10K reports, allowing investors to quickly identify new potential risks and opportunities.

View risk factors by ticker

Search filings by term

Risk Factors - RAMP

-New additions in green
-Changes in blue
-Hover to see similar sentence in last filing

Item 1A. Risk Factors” and elsewhere in this report and those described from time to time in our future reports filed with the SEC;

•the possibility that, in the event a change of control of the Company is sought, certain customers may attempt to invoke provisions in their contracts allowing for termination upon a change in control, which may result in a decline in revenue and profit;

•the possibility that we will fail to fully realize the potential benefits of acquired businesses (including Habu) or the integration of such acquired businesses may not be as successful as planned;

•the possibility that the fair value of certain of our assets may not be equal to the carrying value of those assets now or in future time periods;

•the possibility that sales cycles may lengthen;

•the possibility that we will not be able to properly motivate our sales force or other employees;

•the possibility that we may not be able to attract and retain qualified technical and leadership employees, or that we may lose key employees to other organizations;

•the possibility that our global workforce strategy could encounter difficulty and not be as beneficial as planned;

•the possibility that we may not be able to sublease our exited office spaces on favorable terms and rates;

•the possibility that competent, competitive products, technologies or services will be introduced into the marketplace by other companies;

•the possibility that we will fail to keep up with rapidly changing technology practices in our products and services or that expected benefits from utilization of technological innovations may not be realized as soon as expected or at all;

•the possibility that there will be changes in consumer or business information industries and markets that negatively impact the Company;

•the possibility that we will not be able to protect proprietary information and technology or to obtain necessary licenses on commercially reasonable terms;

•the possibility that there will be continued changes in the judicial, legislative, regulatory, accounting, cultural and consumer environments affecting our business, including but not limited to litigation, investigations, legislation, regulations and customs at the state, federal and international levels impairing our and our customers' ability to collect, process, manage, aggregate, store and/or use data of the type necessary for our business;

•the possibility that data suppliers might withdraw data from us, leading to our inability to provide certain products and services, in particular that there might be restrictive legislation in the U.S. and other countries that restrict the availability of data;

•the possibility that data purchasers will reduce their reliance on us by developing and using their own, or alternative, sources of data generally or with respect to certain data elements or categories;

•the possibility that we may enter into short-term contracts that would affect the predictability of our revenues;

•the possibility that the amount of volume-based and other transactional-based work will not be as expected;

•the possibility that we may experience a loss of data center capacity or capability or interruption of telecommunication links or power sources;

•the possibility that we may experience failures or breaches of our network and data security systems, leading to potential adverse publicity, negative customer reaction, or liability to third parties;

•the possibility that our customers may cancel or modify their agreements with us, or may not make timely or complete payments;

•the possibility that we will not successfully meet customer contract requirements or the service levels specified in the contracts, which may result in contract penalties or lost revenue;

•the possibility that we experience processing errors that result in credits to customers, re-performance of services or payment of damages to customers;

•the possibility that our performance may decline and we lose advertisers and revenue as the use of "third-party cookies" or other tracking technology continues to be pressured by Internet users, restricted or otherwise subject to unfavorable regulation, blocked or limited by technical changes on end users' devices, or our customers' ability to use data on our platform is otherwise restricted;

•general and global negative conditions, risk of recession, high interest rates, the military conflicts in Europe and the Middle East, capital markets volatility, bank failures, government shutdowns, cost increases and general inflationary pressure and other related causes; and

•our tax rate and other effects of the changes to U.S. federal tax law.

With respect to the provision of products or services outside our primary base of operations in the United States, all of the above factors apply, along with the difficulty of doing business in numerous sovereign jurisdictions due to differences in scale, competition, culture, laws and regulations.

Other factors are detailed from time to time in periodic reports and registration statements filed with the SEC. The Company believes that it has the product and technology offerings, facilities, employees and competitive and financial resources for continued business success, but future revenues, costs, margins and profits are all influenced by a number of factors, including those discussed above, all of which are inherently difficult to forecast.

In light of these risks, uncertainties and assumptions, the Company cautions readers not to place undue reliance on any forward-looking statements. Forward-looking statements and such risks, uncertainties and assumptions speak only as of the date of this Annual Report on Form 10-K, and the Company expressly disclaims any obligation or undertaking to update or revise any forward-looking statements contained herein, to reflect any change in our expectations with regard thereto, or any other change based on the occurrence of future events, the receipt of new information or otherwise, except to the extent otherwise required by law.

Item 1. Business

LiveRamp Holdings, Inc. ("LiveRamp", "we", "us", or the "Company") is a global technology company that helps companies build enduring brand and business value by collaborating responsibly with data. Our best-in-class enterprise platform enables data collaboration, where companies can share first-party consumer data with trusted business partners securely and in a privacy conscious manner. We offer flexibility to collaborate wherever data lives to support a wide range of data collaboration use cases—within organizations, between brands, and across our global network of premier partners. Global innovators, from iconic consumer brands and tech platforms to retailers, financial services, and healthcare leaders, turn to LiveRamp to deepen customer engagement and loyalty, activate new partnerships, and maximize the value of their first-party data while staying on the forefront of rapidly evolving compliance and privacy requirements.

LiveRamp is a Delaware corporation headquartered in San Francisco, California. Our common stock is listed on the New York Stock Exchange under the symbol “RAMP. Through our expansive partner ecosystem we serve thousands of additional companies, unlocking access to unique customer moments and creating powerful network effects.

Industry

We are experiencing a convergence of several key industry trends that are shaping the future of how data is used to power the customer experience economy. Some of these key industry trends include:

Marketing and Customer Experience in the Data-Driven Era

As the world becomes more multichannel, consumer behavior is rapidly shifting, and organizations are increasingly realizing that true competitive advantage lies in providing meaningful customer experiences – experiences that are personalized, relevant and cohesive across all channels and interactions. Experience is the key to brand differentiation and customer retention. Companies that fail to prioritize customer experience as a strategic growth initiative will simply get left behind. Companies are also increasingly realizing that best-in-class customer experiences require enhanced insights that can only be achieved through a structured data collaboration effort that combines first- and second-party data.

At the same time, consumer expectations are also at an all-time high. Consumers are demanding personalization from brands and, in this new area, every consumer interaction has the potential to be individually relevant, addressable, and measurable.

Data is at the center of exceptional customer experiences but is still vastly underutilized. Organizations must capture, analyze, understand – and, most importantly use – customer data to power the customer experience. By understanding which devices, email addresses, and postal addresses relate to the same individual, enterprise marketers can leverage that insight to deliver seamless experiences as consumers engage with a company across all touchpoints. At the same time, by reaching consumers at the individual level, organizations can reduce marketing waste and more easily attribute their marketing spend to actual results. Enterprise marketers recognize the huge opportunity big data brings, yet many admit they are not using their data effectively to drive their customer experience.

Growing Data Usage

Advances in software, including artificial intelligence and machine learning, and the consumer's growing use of Internet connected devices and applications have made it possible to collect and rapidly process massive amounts of customer data. Data vendors and direct-to-consumer platforms are able to collect user information across a wide range of offline and online properties and connected devices, and to aggregate and combine it with other data sources. With proper permissions, this data can be integrated with a company's own proprietary data and can be made non-identifiable if the use case requires it. Through the use of data, marketers and publishers can more effectively acquire customers, elevate their lifetime value, and enhance the customer experience.

Growing Data Collaboration to Enable Commerce Media

The advertising market is being transformed by commerce media, a new form of advertising that closes the loop between media impressions and sales transactions. The foundation for commerce media is data collaboration where companies share first-party consumer data with trusted business partners in a manner that is safe, secure and adheres to privacy regulations. Retail media was the first to scale, spurred by e-commerce, but other sectors are embracing the commerce media opportunity, including travel & hospitality, telecommunications, finance, automotive and healthcare. Other examples of data collaboration use cases include enterprise companies connecting consumer data across functional groups or properties, cross-screen media measurement and analysis, and closed loop attribution from connecting marketing exposures to actual sales.

Growing Complexity of the Customer Journey

The customer experience economy has evolved significantly in recent years, driven by rapid innovation and an explosion of data, marketing channels, devices, and applications. Today, companies interact with consumers across a growing number of touchpoints, including online, social, mobile and point-of-sale. The billions of interactions that take place each day between brands and consumers create a trove of valuable data that can be harnessed to power better customer interactions and experiences. However, most enterprise marketers remain unable to navigate through the complexity to effectively leverage this data.

Additionally, innovation has fueled the growth of a highly-fragmented technology landscape, forcing companies to contend with thousands of marketing technologies and data silos. To make every customer experience relevant across channels and devices, organizations need a trusted platform that can break down those silos, make data portable, and accurately recognize individuals throughout the customer journey. Marketing is becoming more audience-centric, automated, and optimized. However, several important factors still prevent data from being used effectively to optimize the customer experience:

•Identity. For organizations to target audiences at the individual level, they must be able to recognize consumers across all channels and devices, and link multiple identifiers and data elements to create a single view of the customer.

•Scaled Data Assets. Quality, depth, and recency of data matter when deriving linkages between identifiers. Organizations must have access to an extensive set of data and be able to match that data with a high degree of accuracy to perform true cross-device audience addressability and measurement.

•Connectivity. The fragmented marketing landscape creates a need for a common network of integrations that make it easy and safe to connect and activate data anywhere in the ecosystem.

•Data Control. Organizations are increasingly looking to collaborate with their most important partners but do not want to give up control of their data or, in certain cases, do not want their data to leave their environment.

•Walled Gardens. For customers, it can result in a disjointed user experience. Organizations need a solution that enables an open ecosystem and ensures complete control over customer data, along with the flexibility to choose a diversified approach to meeting marketing goals.

•Data Governance. Preserving brand integrity while delivering positive customer experiences is a top priority for every company. Organizations must be able to manage large sets of complex data ethically, securely, within legal boundaries, and in a way that protects consumers from harm. Importantly, they must also honor consumer preferences and put procedures in place that enable individuals to control how, when and for what reasons companies collect and use information about them.

Increasing Fragmentation of Consumer Identity

Today, customer journeys span multiple channels and devices over time, resulting in data silos and fragmented identities. As consumers engage with brands across various touchpoints – over the web, mobile devices and applications, by email and television, and in physical stores – they may not be represented as single unique individuals with complex behaviors, appearing instead as disparate data points with dozens of different identifiers. Becky Smith who lives at 123 Main Street may appear as [email protected] when she uses Facebook, [email protected] when she signs into Yahoo Finance, [email protected] when she conducts a Google search, cookie ABC when she browses cnn.com, device ID 234 on Hulu and so on. As a result, enterprise marketers struggle to understand the cross-channel, cross-device habits of consumers and the different steps they take on their path to conversion. More specifically, data silos and fragmented identities prevent companies from being able to resolve all relevant data to a specific individual; this poses a challenge to the formation of accurate, actionable insights about a brand’s consumers or campaigns.

Marketing Waste from Inaccurate Consumer Identification

Every day, brands spend billions of dollars on advertising and marketing, yet many of the messages they deliver are irrelevant, repetitive, mistimed, or simply reach the wrong audience. In addition, as the marketing landscape continues to grow and splinter across a growing array of online and offline channels, it is increasingly difficult to attribute marketing spend to a measurable outcome, such as an in-store visit or sale. Wasted marketing spend is largely driven by the fragmented ecosystem of brands, data providers, marketing applications, media providers, and agencies that are involved in the marketing process, but operate without cohesion. Without a common understanding of consumer identity to unify otherwise siloed data, brands are unable to define accurate audience segments and derive insights that would enable better decision making.

Heightened Privacy and Security Concerns

In the era of regulations such as the European General Data Protection Regulation ("GDPR") and the California Consumer Privacy Act ("CCPA"), diligence in the areas of consumer privacy and security is and will continue to be paramount. Every year there are new consumer data privacy regulations being introduced. Consumers' understanding of the benefits of marketing technology often lags the pace of innovation, giving rise to new demands from government agencies and consumer advocacy groups across the world. These factors challenge the liability every company faces when managing and activating consumer data.

Our Approach

Leveraging our groundbreaking leadership in consumer privacy, data ethics, foundational identity and connectivity, we help our customers build enduring brand and business value by unlocking siloed and fragmented consumer data and enabling responsible data collaboration.

We are middleware for the customer experience economy. LiveRamp provides the trusted platform that sits in between customer data and the thousands of applications powered by data. We make data consistent, consumable and portable. We ensure the seamless connection of data to and from the customer experience applications our customers use and the partners with which they collaborate. We empower businesses to make data more accessible and create richer, more meaningful experiences for their customers.

/LiveRamp Data Collaboration Platform

As depicted in the graphic below, we power the industry’s leading enterprise platform for data collaboration. We enable organizations to access and leverage data more effectively across the applications they use to interact with their customers. At the core of our platform is an omnichannel, deterministic identity resolution technology that offers unparalleled accuracy, breadth, and depth.

The /LiveRamp Data Collaboration Platform provides customers with four core capabilities:

•Live/Identity. We provide enterprise identity infrastructure that resolves disparate consumer identities across different internal and external systems to create an accurate, connected view of the customer. Our approach to identity is built from two complementary graphs, combining offline data and online data and providing accuracy with a focus on privacy. Our digital identity graph, powered by our Authenticated Traffic Solution (or "ATS"), associates pseudonymous device IDs, TV IDs and other online customer IDs from premium publishers, platforms or data providers, around a RampIDTM, a durable and privacy-centric connector to the digital ecosystem. This provides marketers with a consistent view of the consumer that is necessary for personalized segmentation, targeting, and measurement. There are currently more than 165 supply-side platforms and demand-side platforms live or committed to bid on RampID and ATS.

•Live/Access. Our Data Marketplace provides customers with simplified access to industry-leading third-party data providers globally. The /LiveRamp Data Collaboration Platform allows for the search, discovery and distribution of data provided by third-party data providers to improve targeting, measurement, and customer intelligence. Data accessed through the LiveRamp Data Marketplace is connected via RampID and is utilized to enrich our customers’ first-party data and can be leveraged across technology and media platforms, agencies, analytics environments, and TV partners. Our platform also provides tools for data providers to manage the organization, distribution, and operation of their data and services across our network of customers and partners. Today we work with more than 200 data providers across all verticals and data types (see below for discussion on Marketplace and Other).

•Live/Connectivity. We enable organizations to leverage their customer and prospect data in the digital and TV ecosystems and across the customer experience applications they use through a safe and secure data matching process called data onboarding. Our technology ingests a customer’s first-party data, removes all DII, and replaces it with a pseudonymized RampID. RampID can then be distributed through direct integrations to the top platforms our customers work with, including leading marketing cloud providers, publishers and social networks, personalization tools, and connected TV services.

•Live/Insights. Data Collaboration enables advanced measurement and analytics that helps produce insight-driven innovation. We enable trusted data collaboration between organizations and their trusted partners in a neutral, manageable environment. Our platform provides customers with collaborative opportunities to safely and securely build a more accurate, dynamic view of their customers by leveraging partner data. We power more accurate, more complete measurement with the measurement vendors and partners our customers use.

Subscription

We primarily charge for our platform services on an annual basis. Our subscription pricing is based primarily on data volume, which is a function of data input records and connection points.

Our solutions are sold to enterprise marketers and the companies they partner with to execute their marketing, including agencies, marketing technology providers, publishers and data providers. Today, we work with 900 direct customers world-wide, including approximately 25% of the Fortune 500, and serve thousands of additional customers indirectly through our reseller partnership arrangements.

•Brands and Agencies. We work with over 500 of the largest brands and agencies in the world, helping them execute people-based marketing by creating an omni-channel understanding of the consumer and activating that understanding across their choice of best-of-breed digital marketing platforms.

•Marketing Technology Providers. We provide marketing technology providers with the identity foundation required to offer people-based targeting, measurement and personalization within their platforms. This adds value for brands by increasing reach, as well as the speed at which they can activate their marketing data.

•Publishers. We enable publishers of any size to offer people-based marketing on their properties. This adds value for brands by providing direct access to their customers and prospects in the publisher's premium inventory.

•Data Sellers. Leveraging our vast network of integrations, we enable data sellers to easily connect to the digital ecosystem and monetize their own data. This adds value for brands as it allows them to augment their understanding of consumers and increase both their reach against and understanding of customers and prospects.

Marketplace and Other

As we have scaled the LiveRamp network and technology, we have found additional ways to leverage our platform, deliver more value to customers and create incremental revenue streams. Leveraging our common identity system and broad integration network, the Data Marketplace seamlessly connects data sellers’ audience data across the marketing ecosystem. The Data Marketplace enables data sellers to easily monetize their data across hundreds of marketing platforms and publishers. At the same time, it provides a single platform where data buyers, including platforms and publishers, in addition to brands and their agencies, access third-party data from more than 200 data providers, supporting all industries and encompassing all types of data. Data providers include sources and brands exclusive to LiveRamp, emerging platforms with access to previously unavailable deterministic data, and data partnerships enabled by our platform.

We generate revenue from the Data Marketplace primarily through revenue-sharing arrangements with data sellers that are monetizing their data assets via our marketplace platform service. We also generate Marketplace and Other revenue through transactional usage-based arrangements with certain publishers and addressable TV providers. Data Marketplace revenue is recognized net of the share of revenue earned by the data seller.

To complement our product offering, we provide professional services and enhanced support entitlements to help customers leverage our platform and drive business outcomes. Our services offering includes product implementation, data science analytics, audience measurement and general advisory. We generate revenue from services primarily from project fees paid by subscribers to our software platform. Service projects are sold on an ad hoc basis as well as bundled with platform subscriptions. Professional services revenue is approximately 3% of total Company revenue.

Competitive Strengths

Our competitive strengths can be mapped back to our core capabilities around data access, identity, connectivity and data stewardship – which together create strong network effects that form a larger strategic moat around the entire business.

•Premier Global Ecosystem. We offer an expansive, data-rich network of top-quality partners for incomparable scale and reach. We activate data across an ecosystem of more than 500 partners, representing one of the largest networks of connections in the digital marketing space. We use 100% deterministic matching, resulting in a strong combination of reach and accuracy.

•Most Advanced Consumer-Level Recognition. Our proprietary, patented recognition technology draws upon an extensive historical reference base to identify and link together multiple consumer records and identifiers. We use the pioneering algorithms of AbiliTec® and deterministic digital matching to link individuals and households to the right digital identifiers including cookies, mobile device IDs, Advanced TV IDs, and user accounts at social networks. As a result, we are able to match online and offline data with a high degree of speed and accuracy.

•Groundbreaking Leadership in Privacy and Security. LiveRamp is a standard bearer in consumer privacy and data stewardship. We have been a strong and vocal proponent of providing consumers with more visibility and control over their data. A few examples of our commitment in this area:

◦In all of our major geographies we have privacy teams focused on the protection and responsible use of consumer data;

◦We provide a privacy-enabled environment that allows marketers and partners to connect different types of data while protecting and governing its use; and

◦We have industry-leading expertise in connecting data across the online and offline worlds.

•Scale Leader in Data Connectivity. We match records with a high level of accuracy and offer the flexibility for activating data through our extensive set of integrations. Our platform processes more than 4 trillion data records daily.

•Flexible Collaboration. We have flexibility to collaborate wherever data lives, enabling the widest possible range of data collaboration use cases. We bring our technology to the customer’s data environment and can collaborate with cloud providers or across clouds. We offer broad configurability, controls and permissioning to meet varying customer requirements. Our platform is extensible and scalable to meet growing collaboration usage.

•Uniquely Neutral in the Marketing Ecosystem. We are one of the only open and neutral data connectivity platforms operating at large scale. We provide the data connectivity required to build best-of-breed integrated marketing stacks, allowing our customers to innovate through their preferred choice of data, technology, and services providers. We strive to make every customer experience application more valuable. We enable the open marketing stack and power the open ecosystem.

•Strong Customer Relationships. We work with 900 direct customers world-wide and serve thousands of additional customers indirectly through our partner and reseller network. We have deep relationships with companies and marketing leaders in key industries, including financial services, retail, telecommunications, media, insurance, health care, automotive, technology, and travel and entertainment. Our customers are loyal and typically grow their use of the platform over time, as evidenced by our growth in the number of customers whose subscription contracts exceed $1 million in annual revenue.

Growth Strategy

LiveRamp is a category creator, thought leader and innovator in how data is used to power the customer experience. Key elements of our growth strategy include:

•Grow our Customer Base. We have strong relationships with many of the world’s largest brands, agencies, marketing technology providers, publishers and data providers. Today, we work with 900 direct customers globally; however, we believe our target market includes the world’s top 2,000 marketers, signaling there is still significant opportunity to add new customers to our roster. We expect to continue making investments in growing our sales and customer success team to support this strategy.

•Expand Existing Customer Relationships. A key growth lever for our business is the ability to land and expand – or grow existing customer relationships. Our subscription pricing is based on data volume, so over time, as customers expand their usage and leverage their data across more use cases, we are able to grow our relationships.

•Expand Sales Channel Partnerships. A growth opportunity for our business is forging sales partnerships and product integrations with adjacent technology platforms and service providers. We are actively expanding our channel sales efforts with customer data platforms, public cloud providers, cloud data warehouses, marketing clouds, and global systems integrators.

•Continue to Innovate and Extend Leadership Position in Identity. We intend to establish LiveRamp as the standard for consumer-level recognition across the marketing ecosystem, providing a single source of user identity for audience measurement and personalization.

•Establish LiveRamp as the Trusted, Best and Essential Industry Standard for Data Collaboration. We intend to continue to make substantial investments in our platform and solutions and extend our market leadership through innovation. Our investments will focus on automation, speed, higher match rates, expanded partner integrations and use cases, and new product development.

•Expand Global Footprint. Many of our customers and partners serve their customers on a global basis, and we intend to expand our presence outside of the United States to serve the needs of our customers in additional geographies. As we expand relationships with our existing customers, we are investing in select regions in Europe and APAC.

•Expand Addressable Market. Historically, our focus has been to enable data-driven advertising for paid media. As customers look to deploy data across additional use cases, we intend to power all customer experience use cases and expand our role inside the enterprise. Call centers, email and messaging campaigns, and supply chain management are examples of this strategy. In addition, over time, we intend to pursue adjacent markets beyond marketing, like risk and fraud, healthcare and government, where similar identity and data connectivity challenges exist.

•Build an Exceptional Business. We do not aspire to be mediocre, good, or even great – we intend to be the absolute best in everything we do. We attract and employ exceptional people, challenge them to accomplish exceptional things, and achieve exceptional results for our customers and shareholders. We do this through six guiding principles: 1) Above all, we do what is right; 2) We love our customers; 3) We say what we mean and do what we say; 4) We empower people; 5) We respect people and time; and 6) We get stuff done.

Privacy Considerations

The growing online advertising and e-commerce industries are converging, with consumers expecting a seamless experience across all channels, in real time. This challenges marketing organizations to balance the deluge of data and demands of the consumer with responsible methods of managing data internally and with advertising technology intermediaries.

We have policies and operational practices governing our use of data that are designed to actively promote a set of meaningful privacy guidelines for digital advertising and direct marketing via all channels of addressable media, e-commerce, risk management and information industries as a whole. Since the judgment of the Court of Justice of the European Union ("EU") in July 2020, as part of our effort to ensure our continued ability to process information across borders we continue to adhere to the principles of the EU-U.S. and Swiss-U.S. Privacy Shield networks, although we do not rely on those frameworks as a legal basis for transfers of personal data. We have dedicated teams in place to oversee our compliance with the data protection regulations that govern our business activities in the various countries in which we operate.

The U.S. Congress and state legislatures, along with federal regulatory authorities, have recently increased their attention on matters concerning the collection and use of consumer data. Data privacy legislation has been introduced in the U.S. Congress, and at least sixteen states now have passed comprehensive privacy legislation. Additional state legislatures have proposed, and in certain cases enacted, a variety of types of data privacy legislation. In all of the non-U.S. locations in which we do business, laws and regulations governing the collection and use of personal data either exist or are being developed.

We expect the trend of enacting and revising data protection laws to continue and that new and expanded data privacy legislation in various forms will be implemented in the U.S. and in other countries around the globe. We are supportive of legislation that codifies current industry guidelines of accountability-based data governance that includes meaningful transparency for the individual, appropriate controls over personal information and choice of whether that information is shared with independent third parties for marketing purposes. We also support legislation requiring all custodians of sensitive information to deploy reasonable information security safeguards to protect that information.

Changes in laws and regulations and violations of laws or regulations by us could have a significant direct or indirect effect on our operations and financial condition, as detailed below and set forth under "Risk Factors-Risks Related to Government Regulation and Taxation."

Customers

Our customer base consists primarily of Fortune 1000 companies and organizations in the financial services, insurance, information services, direct marketing, retail, consumer packaged goods, technology, automotive, healthcare, travel and communications industries as well as in non-profit sectors. Given the strong network effects associated with our platform, we work with both enterprise marketers and the companies they partner with to execute their marketing, including agencies, marketing technology providers, publishers and data providers. We had 900 direct subscription customers at the end of fiscal year 2024.

We seek to maintain long-term relationships with our customers. Our customers are loyal and typically grow their use of the platform over time, as evidenced by our growing number of customers whose subscription contracts exceed $1 million in annual revenue, which totaled 115 at the end of fiscal year 2024.

Our ten largest customers represented approximately 27% of our revenues in fiscal year 2024. There were no customers that individually exceeded 10% of the Company's revenue in fiscal year 2024.

Sales and Marketing

Our sales teams focus on new business development across all markets – sales to new customers and sales of new lines of business to existing customers, as well as revenue growth within existing accounts. We organize our customer relationships around customer type and industry vertical, as we believe that understanding and speaking to the nuances of each industry is the most effective way to positively impact our customers’ businesses.

Our partner organization focuses on enabling key media partners, agencies and software providers who can help drive value for our customers. We are actively expanding our channel sales efforts with customer data platforms, public cloud providers, cloud data warehouses, marketing clouds, and global systems integrators.

Our marketing efforts are focused on increasing awareness for our brand, executing thought leadership initiatives, supporting our sales team and generating new leads.

Research and Development

We continue to invest in our global data connectivity platform to enable effective use of data. Our research and development teams are focused on the full cycle of product development from customer discovery through development, testing and release. Research and development expense was $151.2 million in fiscal 2024, compared to $189.2 million in fiscal 2023, and $157.9 million in fiscal 2022. Management expects to maintain research and development spending, as a percentage of revenue, at relatively similar levels to fiscal 2024 in fiscal 2025.

Seasonality

While the majority of our business is not subject to seasonal fluctuations, our Data Marketplace and usage-based subscription revenue experience modest seasonality, as the revenue generated from these areas of the business are more transactional in nature and tied to overall advertising spend by our customers. For example, many advertisers allocate the largest portion of their budgets to the fourth quarter of the calendar year in order to coincide with increased holiday purchasing. We expect our Data Marketplace and usage-based subscription revenue to continue to fluctuate based on seasonal factors that affect the advertising industry as a whole. Usage-based subscription revenue equaled 15% of total subscription revenue in fiscal 2024, 14% in fiscal 2023 and 15% in fiscal 2022.

Competition

We operate in a complex and competitive environment. Competitors of LiveRamp are typically also members of our partner and reseller ecosystem, creating a paradigm where competition is the norm. Our primary competitors are companies that sell data onboarding as part of a suite of marketing applications or services. Walled gardens that offer a direct interface for matching customer relationship management (CRM) data compete for a portion of our services, particularly amongst marketers that have not yet adopted in-house platforms for programmatic marketing or attribution. Some providers of tag management, data management, and cross-device marketing solutions have adopted positioning similar to our business and compete for mindshare. In markets outside the United States, we primarily face small, local market players.

We continue to focus on levers to increase our competitiveness and believe that investing in the product and technology platform of our business is a key to our continued success. Further, we believe that enabling a broad partner ecosystem will help us to continue to provide competitive differentiation.

Pricing

Approximately 78% of our revenue is derived from subscription-based arrangements sold on an annual or multi-year basis. Our subscription pricing is based on data volume supported by our platform. We also generate revenue from data providers, digital publishers and advanced TV platforms in the form of revenue-sharing agreements in our Data Marketplace.

Our Human Capital

LiveRamp's most valuable resource is our people. We believe each hire is an opportunity to diversify our workforce and add new skills and capabilities that will foster greater innovation.

LiveRamp employs approximately 1,400 employees ("LiveRampers") worldwide. No U.S. LiveRampers are represented by a labor union or subject to a collective bargaining agreement. To the best of management’s knowledge, no LiveRamper is an elected member of works councils and trade unions representing LiveRamp employees in the European Union. LiveRamp has never experienced a work stoppage. We promote high employee engagement, open communication and a culture of equality to foster positive employee relations.

Attracting and Retaining Talent

We attract and retain employees with market-competitive, internally equitable compensation and benefit programs, learning and development opportunities that support career growth and advancement opportunities, and employee engagement initiatives that foster a strong, inclusive company culture.

Through our dedicated organizational development program, we regularly assess our human capital opportunities and needs and focus on building the individual capabilities of our employees to facilitate achieving the overall goals of our organization. We aggregate and analyze critical human capital metrics, including employee retention and engagement, to monitor the success of our strategy and make adjustments accordingly. Our employee engagement score is above industry benchmark.

Since 2016, LiveRamp has either qualified for or been certified as a Best Place to Work. Additionally, LiveRamp has been listed among the 100 Best Companies to Work by Fortune every year since 2018. Recently, LiveRamp was recognized as a Great Place to Work and a Company that Cares by People Magazine in 2022. We strive to not just earn these accolades, but also to push the boundaries of what we know we are capable of as guardians of diversity, inclusion, and belonging.

Diversity, Inclusion and Belonging

Diversity, inclusion, and belonging (“DIB”) efforts are a cornerstone of LiveRamp’s innovative culture. In 2020, we hired our first-ever Head of Diversity Strategy and published LiveRamp’s Diversity, Inclusion & Belonging Charter, which set our commitment to and the core pillars of DIB for LiveRamp, explained our current programs and practices as well as showed the breadth of leaders making DIB part of their focus. Our CEO also joined 1,000 CEOs of the world’s leading companies and organizations to sign the CEO Action for Diversity & Inclusion™ pledge, the largest CEO-driven business commitment to advance diversity and inclusion in the workplace.

We believe there are three core pillars of DIB: Workforce, Product & Customers, and Community. These pillars reflect the intricate relationship of diversity, inclusion and belonging—both internally and externally. To be effective, we believe all three must work together harmoniously for an environment that is equal parts diverse, encouraging, and accepting. Creating a welcoming and inclusive workplace where colleagues feel a sense of belonging creates more innovation and produces better outcomes for our employees, our business and our communities. We work to foster a sense of belonging where everyone can bring their full selves to work.

Investing in our people is foundational to building an exceptional culture where everyone can thrive. We seek out brilliant people from all backgrounds. Additionally, candidates have the opportunity to speak directly with members of our business employee resource groups (“BERGs”) to get a first-hand perspective of what it is like to work here.

Forming teams with diverse backgrounds enables us to achieve our goal of building products that can be used by customers with varying capabilities, which reduces inequities and serves a wider variety of business needs. Our BERGs exist to support the growth and development of our employees, communities and business to increase diversity, inclusion and belonging. Currently, we have six BERGs: EQUAL@LiveRamp, Women@LiveRamp, Badge@LiveRamp, SOMOS@LiveRamp, SAUCE@LiveRamp, and MOSAIC@LiveRamp.

Diversity, inclusion and belonging also lives outside of our office walls. We have invested in LiveRamp.org, which includes opportunities for volunteerism, philanthropic initiatives, employee donation matching and our Data for Good initiative, which enables organizations to use data to solve some of society’s biggest challenges.

Information about our Executive Officers

LiveRamp’s executive officers, their current positions, ages and business experience are listed below. They are elected by the board of directors annually or as necessary to fill vacancies or to fill new positions. There are no family relationships among any of the officers or directors of the Company.

Scott E. Howe, age 56, is the Chief Executive Officer of the Company. Prior to joining the Company in 2011, he served as corporate vice president of Microsoft Advertising Business Group from 2007–2010. In this role, he managed a multi-billion-dollar business encompassing all emerging businesses related to online advertising, including search, display, ad networks, in-game, mobile, digital cable and a variety of enterprise software applications. Mr. Howe was employed from 1999–2007 as an executive and later as a corporate officer at aQuantive, Inc. where he managed three lines of business, including Avenue A | Razorfish (a leading Seattle-based global consultancy in digital marketing and technology), DRIVE Performance Media (now Microsoft Media Network), and Atlas International (an adserving technology now owned by Facebook). Earlier in his career, he was with The Boston Consulting Group and Kidder, Peabody & Company, Inc. He is a member of the board of directors of the Internet Advertising Bureau (IAB) and previously served on the board of Blue Nile, Inc., a leading online retailer of diamonds and fine jewelry. Mr. Howe is a magna cum laude graduate of Princeton University, where he earned a degree in economics, and he holds an MBA from Harvard University.

Lauren R. Dillard, age 38, is the Company’s Executive Vice President and Chief Financial Officer, a position she has held since April 2023. She previously served as the Company’s SVP of Finance and Investor Relations, overseeing all aspects of the Company’s finance and investor relations functions since assuming the role in August 2021. Prior to her current positions, she served as the Company’s Chief Communications Officer & Head of Investor Relations from 2018 to 2021. Prior to joining the Company, she worked in corporate finance and investor relations for a number of San Francisco Bay Area technology companies and started her career at Ernst & Young. She is an active community leader and has served on and chaired several Bay Area nonprofit boards, including the Bay Area Discovery Museum and Multiplying Good. Ms. Dillard is a certified public accountant (inactive) and holds a Bachelor of Science degree in accounting from Santa Clara University.

Jerry C. Jones, age 68, is the Company’s Executive Vice President, Chief Ethics and Legal Officer, and Secretary. He joined the Company in 1999 and currently oversees the Company’s legal, data ethics and government relations matters. He also assists in the strategy and execution of mergers and alliances and the Company’s strategic initiatives. Prior to joining the Company, Mr. Jones was employed for 19 years as an attorney with the Rose Law Firm in Little Rock, Arkansas, representing a broad range of business interests. Mr. Jones is a member of the board of directors of Agilysys, Inc. (NASDAQ: AGYS), a leading developer and marketer of proprietary enterprise software, services and solutions to the hospitality and retail industries, where he serves on the Compensation Committee and the Nominating & Governance Committee. He is a member of the U.S. Chaber of Commerce Board of Directors. He is a Special Advisor to the Club de Madrid, an organization composed of over 100 former Presidents and Prime Ministers from more than 70 democratic countries. Previously, he served as the Chair of FASTER Arkansas, the board of directors of ForwARd Arkansas, the board of directors of the CDIA and was a co-founder of uhireUS. Mr. until it was purchased by private investors in 2009. He is the former chairman of the board of the Arkansas Virtual Academy, a statewide virtual public school, and is a former member of the UA Little Rock Board of Visitors. Mr. Jones holds a bachelor’s degree in public administration and a juris doctorate degree, both from the University of Arkansas.

Mohsin Hussain, age 51, has served as the Chief Technology Officer and Executive Vice President of Engineering of the Company since 2021. During the year prior to assuming this position, he was the Company’s Chief Technology Officer and Senior Vice President of Engineering. Mr. Hussain has more than 25 years’ experience in engineering leadership and product innovation in the areas of software-as-a-service, data science, machine learning, analytics, and the cloud. Before joining LiveRamp, Mr. Hussain was employed for two years as Senior Vice President of Engineering at Criteo (NYSE: CRTO) where he led a large-scale buildout of the U.S. engineering team, new product launches, and the R&D integration of several acquisitions, including Criteo's largest, Hooklogic (integrated and rebranded as Criteo's Retail Media Platform). Prior to that, he was Vice President of Engineering at Criteo for over two years. Earlier in

his career Mr. Hussain held leadership roles in several high-growth start-ups and public companies, including AOL/Netscape (now Yahoo), Siebel Systems (now Oracle), and SunPower. He has been a member of the Google Cloud CIO/CTO Customer Advisory Board since 2021. Mr. Hussain is named as an inventor on 18 issued patents and holds a bachelor’s degree in computer science from University of California at Berkeley.

Vihan Sharma, age 45, has served as the Chief Revenue Officer of the Company since December 2023 where he is in charge of overseeing global sales, customer operations and partnership teams. He joined the Company in 2009 and currently oversees all global commercial functions and is responsible for LiveRamp's growth and operations in Europe. Prior to his current position, Mr. Sharma served as the Company’s Executive Vice President of Global Sales and was Managing Director Europe from 2019 to 2023. Mr. Sharma has extensive experience in global data and product strategy and has also served as Vice President of Safe Haven and Managing Director France, a leadership position he held for almost six years. Prior to joining the Company, Mr. Sharma held several strategic leadership positions across a number of startups in Europe. Mr. Sharma holds a master's degree in business administration from the ESCP Business School.

Kimberly Bloomston, age 41, has served as the Chief Product Officer of the Company since December 2023. For almost two years prior to assuming her current position, Ms. Bloomston served as the Company’s Senior Vice President of Product and prior to that served in the role of Vice President of Product, Core Platform & Data Marketplace. Ms. Bloomston has over 15 years of experience leading product management and business operations and has served in executive leadership roles overseeing product, design and operations teams across a variety of software companies and industries. Prior to joining the Company, in 2020, she served as the Vice President of Product Management at Ellucian, a cloud and SaaS solutions provider in the higher education space, for over three years. Ms. Bloomston has also led sales and partner programs, including experience leading strategic initiatives that focus on maturing and expanding solutions in the midst of market and company transformation. Ms. Bloomston holds a bachelor’s degree in philosophy from Baruch College.

Item 1A. Risk Factors

An investment in our common stock involves a high degree of risk. You should carefully consider the risks described below and the other information in this Annual Report on Form 10-K and in other public filings before making an investment decision. Our business, prospects, financial condition, or operating results could be harmed by any of these risks, as well as other risks not currently known to us or that we currently consider immaterial. If any of such risks and uncertainties actually occurs, our business, financial condition or operating results could differ materially from the plans, projections and other forward-looking statements included in the section titled “Management’s Discussion and Analysis of Financial Condition and Results of Operations” and elsewhere in this report and in our other public filings. The trading price of our common stock could decline due to any of these risks, and, as a result, you may lose all or part of your investment.

Risks Related to Our Business and Strategy

We are dependent upon customer renewals, the addition of new customers and increased revenue from existing customers for our subscription revenue through our LiveRamp platform and our Marketplace and Other business.

If our new business and cross-selling efforts are unsuccessful or if our customers do not expand their use of our platform or adopt additional offerings and features, our operating results may suffer.

Our existing customers have no obligation to renew their contracts upon expiration of their contractual subscription period and may not choose to renew their contracts for a variety of reasons. In the normal course of business, some customers have elected not to renew, and it is difficult to predict attrition rates. If our customers do not renew their contracts or decrease the amount they spend with us, our revenue would decline and our business would suffer.

A decline in new or renewed subscriptions in any period may not be immediately reflected in our reported financial results for that period but may result in a decline in our revenue in future periods. If we were to experience significant downturns in subscription sales and renewal rates, our reported financial results might not reflect such downturns until future periods.

The loss of a contract upon which we rely for a significant portion of our revenues could adversely affect our operating results.

Our ten largest customers represented approximately 27% of our revenues in fiscal year 2024. The loss of, or decrease in revenue from, any of our significant customers for any reason could have a material adverse effect on our revenue and operating results, which could be exacerbated by customer consolidation, changes in technologies or solutions used by our customers, changes in demand for our platform, legal or regulatory changes, market optics, customer bankruptcies or departures from their respective industries, pricing or product competition, or deviation from marketing and sales methods, any one of which may result in even fewer contractual relationships accounting for a high percentage of our revenue and reduced demand from any single significant customer.

In addition, some of our customers have used, and may in the future use, the size and relative importance of their purchases to our business to require that we enter into agreements with more favorable terms than we would otherwise agree to, to obtain price concessions, or to otherwise restrict our business.

Data suppliers may withdraw data that we have previously collected or withhold data from us in the future, leading to our inability to provide products and services to our customers, which could lead to a decrease in revenue and loss of customer confidence.

Much of the data that we use is either purchased or licensed from third-party data suppliers, and we are dependent upon our ability to obtain necessary data licenses on commercially reasonable terms. We could suffer material adverse consequences if our data suppliers were to withhold their data from us or materially limit our use of their data, which could occur for a variety of reasons, including because we fail to maintain sufficient relationships with the suppliers or because they decline to provide, or are prohibited from providing, such data to us due to legal, regulatory, contractual, privacy, competitive or other economic concerns. For example, data suppliers could withhold their data from us if there is a competitive reason to do so, if we breach our contract with a supplier, if we breach their expectations of our use of their data, if they are acquired by one of our competitors, if legislation is passed or regulations are adopted restricting or making too difficult the collection, use or dissemination of the data they provide, if market optics become negative regarding the sharing of their data with third parties or allowing the setting of cookies from their sites, if publishers change their privacy policies or user settings, including as a result of legal or regulatory actions, in a material manner that turns off or diminishes the volume of data we receive, or if judicial interpretations are issued restricting use of such data, or for other reasons. Further, definitions in enacted or proposed state-level data broker legislation apply to LiveRamp, potentially exposing the Company to negative perceptions and diminishing data available to it. If a substantial number of data suppliers were to withdraw or withhold their data from us or substantially limit our use of their data, or if we were to sever ties with our data suppliers based on their inability to meet appropriate data standards, our ability to provide products and services to our customers could be materially adversely impacted, which could result in decreased revenues and operating results.

Our business is subject to substantial competition from a diverse group of competitors. New products and pricing strategies introduced by these competitors could decrease our market share or cause us to lower our prices in a manner that reduces our revenues and operating margin.

We operate in a highly competitive and rapidly changing industry. With the introduction of new technologies and the influx of new entrants to the market, we expect competition to persist and intensify in the future, which could harm our ability to increase revenue and operating results. In addition to existing competitors and intermediaries, we may also face competition from new companies entering the market, which may include large established companies, all of which currently offer, or may in the future offer, products and services that result in additional competition. These competitors may be in a better position to develop new products and pricing strategies that more quickly and effectively respond to changes in customer requirements in these markets. These competitors and new products and technologies may be disruptive to our existing platform offerings, resulting in operating inefficiencies and increased competitive pressure. Some of our competitors may choose to sell products or services competitive to ours at lower prices by accepting lower margins and profitability, or may be able to sell products or services competitive to ours at lower prices given proprietary ownership of data, technical superiority or economies of scale. Such introduction of competent, competitive products, pricing strategies or other technologies by our competitors that are superior to or that achieve greater market acceptance than our products and services could adversely affect our business. In such event, we could experience a decline in market share and revenues and be forced to reduce our prices, resulting in lower profit margins for the Company.

The failure to attract, recruit, onboard and retain qualified personnel could hinder our ability to successfully execute our business strategy, which could have a material adverse effect on our financial position and operating results.

Our growth strategy and future success depends in large part on our ability to attract, recruit, onboard, motivate and retain technical, customer services, sales, consulting, research and development, marketing, administrative and management personnel. The complexity of our products, processing functionality, software systems and services requires highly trained professionals. While we presently have a sophisticated, dedicated and experienced team of executives and employees who have a deep understanding of our business, the labor market for these individuals has historically been very competitive due to the limited number of people available with the necessary technical skills and understanding. As our industry continues to become more technologically advanced, we anticipate increased competition for qualified personnel. In addition, many of the companies with which we compete for experienced personnel may be able to offer greater compensation and benefits packages and/or more flexible work alternatives. We may incur significant costs to attract and retain highly trained personnel and we may lose new employees to our competitors or other technology companies before we realize the benefit of our investment in recruiting and training them, and our succession plans may be insufficient to ensure business continuity if we are unable to retain key personnel. Further, volatility or lack of appreciation in our stock price may also affect our ability to attract and retain our key employees. The loss or prolonged absence of the services of highly trained personnel like our current team of executives and employees, or the inability to recruit, attract, onboard and retain additional, qualified employees, could have a material adverse effect on our business, financial position or operating results.

In addition, effective succession planning is important to our long-term success. If we do not develop effective succession planning, the loss of one or more of our key executive or employees or groups of executives or employees could seriously harm our business.

If we cannot maintain our culture as we grow, we could lose the innovation, teamwork, passion and focus on execution that we believe contribute to our success, and our business may be harmed.

We believe that a critical component to our success has been our company culture, which is based on transparency and personal autonomy. We have invested substantial time and resources in building our team within this company culture. Any failure to preserve our culture could negatively affect our ability to retain and recruit personnel and to proactively focus on and pursue our corporate objectives. The majority of our employees continue to work remotely. If we fail to maintain our company culture, our business may be adversely impacted.

Failure to keep up with rapidly changing technologies and marketing practices could cause our products and services to become less competitive or obsolete, which could result in loss of market share and decreased revenues, thereby impacting our results of operations.

Advances in information technology are changing the way our customers use and purchase information products and services and may be disruptive to our existing platform offerings. Maintaining the technological competitiveness of our products, processing functionality, software systems and services is key to our continued success. However, the complexity and uncertainty regarding the development of new technologies and the extent and timing of market acceptance of innovative products and services create difficulties in maintaining this competitiveness.g., artificial intelligence and machine learning), we could be at a competitive disadvantage and our offerings will become technologically or commercially obsolete over time, in which case our revenue and operating results would suffer.

Consumer needs and expectations and the business information industry as a whole are in a constant state of change. Our ability to continually improve our current processes and products in response to changes in technology and to develop new products and services are essential in maintaining our competitive position, preserving our market share and meeting the increasingly sophisticated requirements of our customers.

Acquisition and divestiture activities may disrupt our ongoing business and may involve increased expenses, and we may not realize the financial and strategic goals contemplated at the time of a transaction, all of which could adversely affect our business and growth prospects.

Historically, we have engaged in acquisitions to grow our business, such as the acquisition of Habu in January 2024. To the extent we find suitable and attractive acquisition candidates and business opportunities in the future, we may continue to acquire other complementary businesses, products and technologies and enter into joint ventures or similar strategic relationships. The pursuit of acquisitions may divert the attention of management, disrupt ongoing business, and cause us to incur various expenses in identifying, investigating, and pursuing suitable acquisitions, whether or not they are consummated. In addition, the pursuit of any future acquisitions, joint ventures or similar relationships may cause a disruption in our ongoing business and distract our management and cause us to incur various expenses in identifying, investigating, and pursuing suitable acquisitions, whether or not they are consummated. An acquisition may later be found to have a material legal or ethical issue that was not disclosed or discovered prior to acquisition. Further, we may be unable to realize the revenue improvements, cost savings and other intended benefits of any such transaction. The occurrence of any of these events could result in decreased revenues, net income and earnings per share.

We have also divested assets in the past and may do so again in the future. As with acquisitions, divestitures involve significant risks and uncertainties, such as disruption of our ongoing business, reductions of our revenues or earnings per share, unanticipated liabilities, legal risks and costs, the potential loss of key personnel, distraction of management from our ongoing business, and impairment of relationships with employees and customers because of migrating a business to new owners.

Because acquisitions and divestitures are inherently risky, transactions we undertake may not be successful and may have a material adverse effect on our business, results of operations, financial condition or cash flows.

Our operations outside the United States are subject to risks that may harm the Company’s business, financial condition or results of operations.

During the last fiscal year, we received approximately 6% of our revenues from business outside the United States. In those non-U.S. locations where legislation restricting the collection and use of personal data currently exists, less data is available and at a much higher cost. In some foreign markets, the types of products and services we offer have not been generally available and thus are not fully understood by prospective customers. Upon entering these markets, we must educate and condition the markets, increasing the cost and difficulty of successfully executing our business plan in these markets. Additionally, each of our foreign locations is generally expected to fund its own operations and cash flows, although periodically funds may be loaned or invested from the United States to the foreign subsidiaries. Because of such loans or investments, exchange rate movements of foreign currencies may have an impact on our future costs of, or future cash flows from, foreign investments. We have not entered into any foreign currency forward exchange contracts or other derivative instruments to hedge the effects of adverse fluctuations in foreign currency exchange rates.

Additional risks inherent in our non-U.S. business activities generally include, among others, the costs and difficulties of managing international operations, potentially adverse tax consequences, and greater difficulty enforcing intellectual property rights. The various risks that are inherent in doing business in the United States are also generally applicable to doing business outside of the United States, but such risks may be exaggerated by factors normally associated with international operations, such as differences in culture, laws and regulations, especially restrictions on collection, management, aggregation, localizations, and use of information. Failure to effectively manage the risks facing our non-U.S. business activities could materially adversely affect our operating results. Also, our business is subject to weak international economic conditions, geopolitical developments, such as existing and potential trade wars, and other events outside of our control that could result in a reduced volume of business by our customers and prospective customers, and the demand for, and use of, our products and services may decline.

In addition, when operating in foreign jurisdictions, we must comply with complex foreign and U.S. laws and regulations, such as the U.S. Foreign Corrupt Practices Act, the U.K. Bribery Act and other local laws prohibiting corrupt payments to government officials, as well as anti-competition regulations and data protection laws and regulations.

Public health emergencies may result in global, national and/or regional economic uncertainty, and measures taken in response to such emergencies could impact our business and future results of operations and financial condition.

The COVID-19 pandemic disrupted the flow of the economy and put unprecedented strains on governments, health care systems, educational institutions, businesses and individuals around the world, and future public health emergencies could result in the same. Similar to the COVID-19 pandemic, future public health emergencies could result in significant disruptions to the global financial markets and economic uncertainty, as well as regional quarantines, labor shortages or stoppages, changes in consumer purchasing patterns, disruptions to service providers to deliver data on a timely basis, or at all, and overall economic instability. Any future public health emergencies could materially and adversely affect our business, our operating results, financial condition and prospects, and the value of our common stock.

Our business requires the storage, transmission and utilization of data, including personally identifiable information, much of which must be maintained on a confidential basis. These activities may make us a target of cyberattacks from malicious third parties seeking unauthorized access to the data we maintain, including our data and customer data, or to disrupt our ability to provide service. Any failure to prevent or mitigate security breaches and improper access to or disclosure of the data we maintain, including personal information, could result in the loss or misuse of such data, which could harm our business and reputation and diminish our competitive position. In addition, computer malware, viruses, social engineering, ransomware, phishing and general hacking have become more prevalent, and events outside of our control, such as the military conflicts in Europe and the Middle East, could result in a further increase in such activities. As a result of the types and volume of personal data on our systems, we believe that we are a particularly attractive target for such breaches and attacks.

In recent years, the frequency, severity and sophistication of cyberattacks, computer malware, viruses, social engineering, ransomware, phishing and other intentional misconduct by computer hackers have significantly increased, including the ability to evade detection or obscure their activities, and government agencies and security experts have warned about the growing risks of hackers, cyber criminals and other potential attackers targeting information technology systems. Such third parties could attempt to gain entry to our systems for the purpose of stealing data or disrupting the systems. In addition, our security measures may also be breached due to employee error, malfeasance, system errors or vulnerabilities, including vulnerabilities of our vendors, suppliers, their products, or otherwise. The COVID-19 pandemic generally increased opportunities available to hackers and cyber criminals as more companies and individuals work online from remote locations. We believe we have taken appropriate measures to protect our systems from intrusion, but we cannot be certain that advances in criminal capabilities, discovery of new or existing vulnerabilities in our systems and attempts to exploit those vulnerabilities, physical system or facility break-ins and data thefts or other developments will not compromise or breach the technology protecting our systems and the information we possess.

Although we have developed systems and processes that are designed to protect our data, our customer data, and data transmissions to prevent data loss, and to prevent or detect security breaches, our databases may be subject to unauthorized access by third parties, and we may incur significant costs in protecting against or remediating cyberattacks. Any security breach could result in operational disruptions that impair our ability to meet our customers’ requirements, which could result in decreased revenues. In any event, a significant security breach could materially harm our business, financial condition and operating results.

Accordingly, we are subject to any flaw in or breaches of their systems, which could materially impact our business, operations and financial results.

The successful assertion of one or more large claims against us that exceed available insurance coverage, or the occurrence of changes in our insurance policies, including premium increases or the imposition of large deductible or co-insurance requirements, could have a material adverse effect on our business, financial condition, financial results and reputation.

Unfavorable publicity and negative public perception about our industry could adversely affect our business and operating results.

With the growth of online advertising and e-commerce, there is increasing awareness and concern among the general public, privacy advocates, mainstream media, governmental bodies and others regarding marketing, advertising, and data privacy matters, particularly as they relate to individual privacy interests and the global reach of the online marketplace. Any unfavorable publicity or negative public perception about us, our industry, including our competitors, or even other data-focused industries can affect our business and results of operations, and may lead to digital publishers changing their business practices or additional regulatory scrutiny or lawmaking that affects us or our industry. For example, in recent years, consumer advocates, mainstream media, elected officials and government officials have increasingly and publicly criticized the data and marketing industry for its collection, storage and use of personal data. Additional public scrutiny may lead to general distrust of our industry, consumer reluctance to share and permit use of personal data and increased consumer opt-out rates, any of which could negatively influence, change or reduce our current and prospective customers’ demand for our products and services and adversely affect our business and operating results.

Interruptions or delays in service from our third-party data center providers could impair our ability to deliver our products and services to our customers, resulting in customer dissatisfaction, damage to our reputation, loss of customers, limited growth and reduction in revenue.

We currently serve the majority of our platform functions from third-party data center hosting facilities operated by Google Cloud Platform and Amazon Web Services. Our operations depend, in part, on our third-party facility providers’ abilities to protect these facilities against any damage or interruption from natural disasters, such as earthquakes and hurricanes, power or telecommunication failures, criminal acts and similar events.

Any damage to, or failure of, the systems of our third-party providers could result in interruptions to our platform. Also, in the event of damage or interruption, our insurance policies may not adequately compensate us for any losses that we may incur. These factors in turn could further reduce our revenue, subject us to liability and cause us to issue credits or cause customers to fail to renew their subscriptions, any of which could materially adversely affect our business.

We are dependent on the continued availability of third-party data hosting and transmission services.

We incur significant costs with our third-party data hosting services. If the costs for such services increase due to vendor consolidation, regulation, contract renegotiation, or otherwise, we may not be able to increase the fees for our products and services to cover the changes. As a result, our operating results may be significantly worse than forecasted.

As the use of “third-party cookies” or other tracking technology continues to be pressured by Internet users, restricted or otherwise subject to unfavorable regulation, blocked or limited by technical changes on end users’ devices, or our and our customers’ ability to use data on our platform is otherwise restricted, our business could be materially impacted.

Digital advertising mostly relies on the use of cookies, pixels and other similar technology, including mobile device identifiers that are provided by mobile operating systems for advertising purposes, which we refer to collectively as cookies, to collect data about interactions with users and devices. We utilize third-party cookies, which are cookies owned and used by parties other than the owners of the website visited by the Internet user. Our cookies are used to record information tied to a random unique identifier, including such information as when an Internet user views an ad, clicks on an ad or visits one of our advertiser’s websites through a browser while the cookie is active. We use cookies to help us achieve our advertisers’ campaign goals on the web, to limit the instances that an Internet user sees the same advertisement, to report information to our advertisers regarding the performance of their advertising campaigns and to detect and prevent malicious behavior and invalid traffic throughout our network of inventory.

Cookies may be deleted or blocked by Internet users who do not want information to be collected about them. The most commonly used Internet browsers—Chrome, Firefox, Internet Explorer and Safari—allow Internet users to modify their browser settings to prevent cookies from being accepted by their browsers. Additionally, the Safari browser currently blocks some third-party cookies by default and has recently added controls that algorithmically block or limit some cookies. Other browsers have added similar controls. In addition, Internet users can delete cookies from their computers at any time. Some Internet users also download free or paid ad blocking software that not only prevents third-party cookies from being stored on a user’s computer, but also blocks all interaction with a third-party ad server. Google has introduced ad blocking software in its Chrome web browser that will block certain ads based on quality standards established under a multi-stakeholder coalition. Additionally, the DAA, NAI, their international counterparts, and our company have certain opt-out mechanisms for users to opt out of the collection of their information via cookies. If more Internet users adopt these settings or delete their cookies more frequently than they currently do, or restrictions are imposed by advertisers and publishers, there are changes in technology or new developments in laws, regulations or industry standards around cookies, our business could be harmed.

For in-app advertising, data regarding interactions between users and devices are tracked mostly through stable, pseudonymous mobile device identifiers that are built into the device operating system with privacy controls that allow users to express a preference with respect to data collection for advertising, including to disable the identifier. These identifiers and privacy controls are defined by the developers of the mobile platforms and could be changed by the mobile platforms in a way that may negatively impact our business. Privacy aspects of other channels for programmatic advertising, such as CTVs or over-the-top video, are still developing. Technical or policy changes, including regulation or industry self-regulation, could harm our growth in those channels.

As the collection and use of data for digital advertising has received ongoing media attention over the past several years, some government regulators, such as the FTC, and privacy advocates have raised significant concerns around observed data. There has been an array of 'do-not-track' efforts, suggestions and technologies introduced to address these concerns, and state statutes are beginning to incorporate the obligation to honor them. However, the potential regulatory and self-regulatory landscape is inherently uncertain, and there is not yet a consensus definition of tracking, nor agreement on what would be covered by 'do-not-track' functionality. There is activity by the major Internet browsers to default set on 'do-not-track' functionality, including by Safari and Firefox. It is not clear how many other Internet browsers will follow. Substantial increases in the rate and number of people opting out of various data collection processes could have a negative impact on our business and the ecosystems in which we operate.

In addition, in the EU, Directive 2002/58/EC (as amended by Directive 2009/136/EC), commonly referred to as the ePrivacy or Cookie Directive, directs EU member states to ensure that accessing information on an Internet user’s computer, such as through a cookie and other similar technologies, is allowed only if the Internet user has been informed about such access and given his or her consent. A replacement for the Cookie Directive to complement and bring electronic communication services in line with the GDPR and force a harmonized approach across EU member states is currently with the EU Council for a trilogue to decide its final effective date. Like the GDPR, the proposed ePrivacy Regulation has extra-territorial application as it applies to businesses established outside the EU who provide publicly available electronic communications services to, or gather data from the devices of, users in the EU. Though still subject to debate, the proposed ePrivacy Regulation may limit the lawful bases available to process digital data collected through cookies and require "opt-in" consent. The fines and penalties for breach of the proposed ePrivacy Regulation may be significant. We may be required to, or otherwise may determine that it is advisable to, make significant changes in our business operations and product and services to obtain user opt-in for cookies and use of cookie data, or develop or obtain additional tools and technologies to compensate for a lack of cookie data. We may not be able to make the necessary changes in our business operations and products and services to obtain user opt-in for cookies and use of cookie data, or develop, implement or acquire additional tools that compensate for a lack of cookie data. Moreover, even if we are able to do so, such additional products and tools may be subject to further regulation, time consuming to develop or costly to obtain, and less effective than our current use of cookies.

Climate change may have an impact on our business

Any of our primary locations may be vulnerable to the adverse effects of climate change. For example, our offices and facilities in California have experienced, and are projected to continue to experience, climate-related events at an increasing frequency, including drought, water scarcity, heat waves, wildfires and resultant air quality impacts and power shutoffs associated with wildfire prevention. Furthermore, it may be more difficult to mitigate the impact of these events on our remote employees working from home. Changing market dynamics, global policy developments and the increasing frequency and impact of extreme weather events on critical infrastructure in the U.S. and elsewhere have the potential to disrupt our business, the business of our third-party suppliers and the business of our customers, and may cause us to experience higher churn, losses and additional costs to maintain or resume operations.

Risks Related to Government Regulation and Taxation

Changes in legislative, judicial, regulatory, or cultural environments relating to information collection and use may limit our ability to collect and use data. Such developments could cause revenues to decline, increase the cost and availability of data and adversely affect the demand for our products and services.

We receive, store and process personal information and other data from and about consumers in addition to our customers, employees, and services providers. Our handling of this data is subject to a variety of federal, state, and foreign laws and regulations and is subject to regulation by various government authorities. Our data handling also is subject to contractual obligations and may be deemed to be subject to industry standards.

The U.S. federal and various state and foreign governments have adopted or proposed limitations on the collection, distribution, use and storage of data relating to individuals, including the use of contact information and other data for marketing, advertising and other communications with individuals and businesses. In the U.S., various laws and regulations apply to the collection, processing, disclosure, and security of certain types of data. Additionally, the FTC and many state attorneys general are interpreting federal and state consumer protection laws as imposing standards for the online collection, use, dissemination and security of data. In addition, the European Union has been developing new requirements related to the use of data, including in the Digital Services Act, that may impose additional rules and restrictions on the use of the data.

The regulatory framework for data privacy issues worldwide is currently evolving and is likely to remain uncertain for the foreseeable future. For example, in the U.S., in August 2022 the FTC released an advance notice of proposed rulemaking concerning commercial surveillance and data security and sought comment on whether it should implement new trade regulation rules or other regulatory alternatives concerning the ways in which companies (1) collect, aggregate, protect, use, analyze, and retain consumer data, as well as (2) transfer, share, sell, or otherwise monetize that data in ways that are unfair or deceptive. The occurrence of unanticipated events often rapidly drives the adoption of legislation or regulation affecting the use, collection or other processing of data and manners in which we conduct our business. Restrictions could be placed upon the collection, management, aggregation and use of information, which could result in a material increase in the cost of collecting or otherwise obtaining certain kinds of data and could limit the ways in which we may use or disclose information.

In particular, interest-based advertising, or the use of data to draw inferences about a user’s interests and deliver relevant advertising to that user, and similar or related practices, such as cross-device data collection and aggregation, steps taken to de-identify or pseudonymize personal data and to use and distribute the resulting data, including for purposes of personalization and the targeting of advertisements, have come under increasing scrutiny by legislative, regulatory, and self-regulatory bodies in the U.S. and abroad that focus on consumer protection or data privacy. Much of this scrutiny has focused on the use of cookies and other technology to collect information about Internet users’ online browsing activity on web browsers, mobile devices, and other devices, to associate such data with user or device identifiers or pseudonymous identifiers across devices and channels. In addition, providers of Internet browsers have engaged in, or announced plans to continue or expand, efforts to provide increased visibility into, and certain controls over, cookies and similar technologies and the data collected using such technologies. For example, in January 2020 Google announced that at some point in the following 24 months the Chrome browser would block third-party cookies. In April 2021, Google began releasing software updates to its Chrome browser with features intended to phase out third-party cookies. In May 2023, Google stated that it would deprecate third-party cookies by mid-2024 and in January 2024 started by deprecating third-party cookies for 1% of users globally.

In the U.S., the U.S. Congress and state legislatures, along with federal regulatory authorities have recently increased their attention on matters concerning the collection and use of consumer data. In the U.S., non-sensitive consumer data generally may be used under current rules and regulations, subject to certain restrictions, so long as the person does not affirmatively “opt-out” of the collection or use of such data. If an “opt-in” model were to be adopted in the U.S., less data would be available, and the cost of data would be higher. For example, California enacted legislation, the California Consumer Privacy Act (“CCPA”), that became operative on January 1, 2020 and came under California Attorney General ("AG") enforcement on July 1, 2020. The CCPA requires covered companies to, among other things, provide new disclosures to California consumers and afford such consumers new abilities to opt-out of certain sales of personal information, a concept that is defined broadly. The CCPA is the subject of regulations issued by the California AG. In November 2020 California voters also approved the ballot initiative known as the California Privacy Rights Act of 2020 (“CPRA”). Pursuant to the CPRA, effective January 1, 2023, the CCPA was amended by creating additional privacy rights for California consumers and additional obligations on businesses, which could subject us to additional compliance costs as well as possible fines, individual claims and commercial liabilities for certain compliance failures. Since the CCPA, sixteen other state legislatures so far have passed comprehensive privacy legislation, including Virginia, Colorado, Connecticut, Utah, Indiana, Iowa, Tennessee, Montana, Florida, Oregon, Texas, Delaware, Nebraska, New Hampshire, New Jersey and Kentucky and other states have passed sector or data-specific legislation, such as Illinois, Washington, Nevada and Maryland. Together with the CCPA and CPRA, these are referred to throughout as "State Consumer Privacy Acts.

The State Consumer Privacy Acts have prompted a number of proposals for federal and other state privacy legislation that, if enacted, could increase our exposure to potential liability, add additional complexity to compliance in the U.S. market and increase our compliance costs. For example, other states have enacted or are considering legislation similar to that of the State Consumer Privacy Act statutory frameworks, including legislation that would require individuals to “opt-in” to the collection of certain consumer data. Decreased availability and increased costs of information could adversely affect our ability to meet our customers’ requirements and could result in decreased revenues.

In addition, the FTC Chair has called for a new approach to consumer data protection, such as the notice and consent framework in which consumers are asked to agree to privacy policies. The FTC has also articulated and demonstrated its intention to use its authority under Section 5 of the Federal Trade Commission Act to focus on data privacy through investigations and enforcement actions (for unfair and deceptive actions), particularly in the areas of sensitive data, such as health, location, and children’s data, and has begun to demonstrate that with significant consent decrees. Further modifications and regulations under the State Consumer Privacy Acts, enforcement actions and guidance, or new rules promulgated by the FTC, could create additional liability and require costly expenditures to ensure continued compliance. The Consumer Financial Protection Bureau (CFPB) has announced that it will issue proposed rules under the Fair Credit Reporting Act to address business practices used by companies that assemble and monetize data. These rule changes may create additional liability, expenses, and risk to revenue.

In Europe, the European General Data Protection Regulation ("GDPR") took effect on May 25, 2018 and applies to products and services that we provide in Europe, as well as the processing of personal data of EU citizens, wherever that processing occurs. The GDPR includes operational requirements for companies that receive or process personal data of residents of the European Union. For example, the GDPR requires offering a variety of controls to individuals in Europe before processing data for certain aspects of our service. In addition, the GDPR includes significant penalties for non-compliance of up to the greater of €20 million or 4% of an enterprise’s global annual revenue. Further, the European Union is expected to replace the EU Cookie Directive governing the use of technologies to collect consumer information with the ePrivacy Regulation. The replacement ePrivacy Regulation may impose burdensome requirements around obtaining consent and impose fines for violations that are materially higher than those imposed under the European Union’s current ePrivacy Directive and related EU member state legislation. In addition, some countries are considering or have passed legislation or interpretations implementing data protection requirements or requiring local storage and processing of data or similar requirements that could increase the cost and complexity of delivering our services. Any failure to achieve required data protection standards may result in lawsuits, regulatory fines, or other actions or liability, all of which may harm our operating results.

We are also subject to laws, regulations and other restrictions that dictate whether, how, and under what circumstances we can transfer, process and/or receive certain data that is critical to our operations, including data shared between countries or regions in which we operate, and data shared among our products and services. For example, in 2016, the European Union and the U.S. agreed to an alternative transfer framework for data transferred from the European Union to the U.S., called the Privacy Shield. On July 16, 2020, however, the European Court of Justice invalidated the Privacy Shield and companies may no longer rely on it as a valid mechanism to comply with European Union data protection requirements. In July 2023, the EU adopted an adequacy decision for the EU-U.S. Data Privacy Framework ("DPF"), allowing the DPF to facilitate the transfer of data from Europe to the U.S., and with the U.K. Extension, also from the U.K. to the U.S. In addition, the other bases upon which we rely to legitimize the transfer of such data, such as Standard Contractual Clauses, have been subjected to regulatory and judicial scrutiny. If any of the legal bases upon which we currently rely for transferring data from Europe to the U.S. are invalidated, if we are unable to transfer data between and among countries and regions in which we operate, or if we are prohibited from sharing data among our products and services, it could affect the manner in which we provide our services or adversely affect our financial results.

In addition to government regulation, privacy advocacy and industry groups may propose new and different self-regulatory standards that either legally or contractually apply to us or our customers. We are members of self-regulatory bodies that impose additional requirements related to the collection, use, and disclosure of consumer data. Under the requirements of these self-regulatory bodies, in addition to other compliance obligations, we are obligated to provide consumers with notice about our use of cookies and other technologies to collect consumer data and of our collection and use of consumer data for certain purposes, and to provide consumers with certain choices relating to the use of consumer data. Some of these self-regulatory bodies have the ability to discipline members or participants, which could result in fines, penalties, and/or public censure (which could in turn cause reputational harm). Additionally, some of these self-regulatory bodies might refer violations of their requirements to the Federal Trade Commission or other regulatory bodies.

Because the interpretation and application of privacy and data protection laws, regulations and standards are uncertain, it is possible that these laws, regulations and standards may be interpreted and applied in manners that are, or are asserted to be, inconsistent with our data management practices or the technological features of our solutions. If so, in addition to the possibility of fines, investigations, lawsuits and other claims and proceedings, it may be necessary or desirable for us to fundamentally change our business activities and practices or modify our products and services, which could have an adverse effect on our business. We may be unable to make such changes or modifications in a commercially reasonable manner or at all. Any inability to adequately address privacy concerns, even if unfounded, or any actual or perceived failure to comply with applicable privacy or data protection laws, regulations, standards or policies, could result in additional cost and liability to us, damage our reputation, decrease the availability of and increase costs for information, inhibit sales and harm our business. Furthermore, the costs of compliance with, and other burdens imposed by, the laws, regulations, standards and policies that are applicable to the businesses of our customers may limit the use and adoption of, and reduce the overall demand for, our platform. Privacy concerns, whether valid or not valid, may inhibit market adoption of our platform particularly in certain industries and foreign countries.

Changes in tax laws or regulations that are applied adversely to us or our customers may have a material

adverse effect on our business, cash flow, financial condition or results of operations.

New income, sales, use or other tax laws, statutes, rules, regulations or ordinances could be enacted at any time, which could affect the tax treatment of our domestic and foreign earnings and materially affect our financial position and results of operations. Our existing corporate structure and intercompany arrangements have been implemented in a manner we believe is in compliance with current prevailing tax laws. However, due to economic and political conditions, tax rates and tax regimes in various jurisdictions may be subject to significant changes, and the tax benefits that we intend to eventually derive could be impacted by changing tax laws. Any new taxes could adversely affect our domestic and international business operations, and our business and financial performance. Further, existing tax laws, statutes, rules, regulations or ordinances could be interpreted, changed, modified or applied adversely to us, which could have a material adverse effect on our business, cash flow, financial condition or results of operations.

Governments are increasingly focused on ways to increase tax revenue, which has contributed to an increase in audit activity, more aggressive positions taken by tax authorities and an increase in tax legislation. Any such additional taxes or other assessments may be in excess of our current tax provisions or may require us to modify our business practices in order to reduce our exposure to additional taxes going forward, any of which could have a material adverse effect on the Company’s business, results of operations and financial condition.

Risks Related to Intellectual Property

Third parties may claim that we are infringing their intellectual property and we could suffer significant litigation or licensing expenses or be prevented from developing or selling products or services. Additionally, third parties may infringe our intellectual property and we may suffer competitive injury or expend significant resources enforcing our rights.

As our business is focused on data-driven results and analytics, we rely heavily on proprietary information technology, processes and other protectable intellectual property rights. From time to time, third parties may claim that one or more of our products or services infringe their intellectual property rights. We analyze and take action in response to such claims on a case-by-case basis. Any dispute or litigation regarding patents or other intellectual property, whether they are with or without merit, could be costly and time-consuming due to the complexity of our technology and the uncertainty of intellectual property litigation, which could divert the attention of our management and key personnel away from our business operations, even if ultimately determined in our favor. A claim of intellectual property infringement could force us to enter into a costly or restrictive license or royalty agreement, which might not be available under acceptable terms or at all, could require us to pay significant damages (including attorneys’ fees), could subject us to an injunction against development and sale of certain of our products or services, could require us to expend additional development resources to redesign our technology and could require us to indemnify our partners and other third parties.

Our proprietary portfolio consists of various intellectual property rights, including patents, copyrights, database rights, source code, trademarks, trade secrets, know-how, confidentiality provisions and licensing arrangements. The extent to which such rights can be protected varies from jurisdiction to jurisdiction. If we do not enforce our intellectual property rights vigorously and successfully, our competitive position may suffer, which could harm our operating results.

Item 1B. Unresolved Staff Comments

None.

Item 1C. Cybersecurity

Our customers’ and partners’ trust is crucial to our business; as such, a cybersecurity incident impacting the confidentiality, integrity, or availability of LiveRamp’s systems or the data we process may have a significant impact on our strategy, operations, and financials. Direct impacts may include fees, penalties, or loss of customer revenue. Furthermore, a material cybersecurity incident could harm our business and reputation and diminish our competitive position.

In order to mitigate cybersecurity risk, LiveRamp maintains a security program based on widely known and accepted industry standards, including NIST CSF, ISO 27001, and SOC 2. Aligning to these standards allows our program to adjust to changing conditions such as new technology, industry best practices, or organizational risk tolerance.

Security Governance

Oversight of our security program starts at the Board level. On an annual basis, the enterprise risk team reports to the full Board regarding the top ten enterprise risks, including cybersecurity. Additionally, on a quarterly basis, the Audit Committee receives presentations by LiveRamp security, highlighting any risks, initiatives, and/or relevant industry trends.

LiveRamp maintains a Security Charter which establishes the overall security program, appoints responsibility and authority to the Chief Information Security Officer (CISO), and establishes a Security Action Committee (SAC) to provide leadership and oversight. LiveRamp’s CISO has over 20 years of experience as the Company’s security leader, and maintains several industry standard security certifications. The members of the security leadership team, who report directly to the CISO, each have at least a decade of experience relevant to their area of responsibility.

The SAC includes leadership across our security, enterprise risk management, internal audit, engineering, product, data ethics, legal, and commercial teams. The SAC is responsible for reviewing and approving major updates to LiveRamp’s security policies and standards, reviewing and recommending actions related to exceptions to the security program, ensuring that the security program is in alignment with business objectives, ensuring that the organization has appropriate training and awareness related to security, and providing leadership and support for the security program.

Cyber security is also a responsibility of all LiveRamp employees. All employees must undergo annual security awareness training, which covers topics including, but not limited to, phishing, incident reporting, insider threat, and LiveRamp's Security and Acceptable Use policies.

Security Risk Management

LiveRamp also maintains a security risk management program overseen by our CISO and aligned with the Company’s overall Enterprise Risk Management strategy. The security risk management program includes processes for consistently identifying, classifying, analyzing, and documenting risk. Throughout the year, LiveRamp’s security team conducts risk assessments focused on a particular product or compliance scope. Risks are documented and communicated to relevant stakeholders.

In addition to internal teams and resources, LiveRamp leverages a variety of third parties in support of our security risk management efforts. Third-party managed services are used to support functions including our Security Operations Center, forensic incident response, and incident response tabletop exercises. Third-party providers are also utilized for penetration testing and for a bug bounty program. Third-party tooling is utilized in support of functions including threat intelligence, security logging, security information and event management (SIEM), vulnerability scanning, email protection, security awareness training, secure development training, cloud posture management, secret management, identity and access management, and anti-malware. Furthermore, following the

shared responsibility model with our cloud service providers, we rely on their implementation of certain security controls, such as physical security.

External auditors regularly review LiveRamp’s security posture. We engage with auditors directly on an annual basis to assess controls specific to a particular scope and compliance standard (e.g. SOC 2 or ISO 27001). External auditors also perform assessments on behalf of our customers to validate our compliance with specific customer requirements. Furthermore, on a periodic basis, an external audit is sponsored by the Board of Directors to perform an independent review of the capability maturity of LiveRamp’s security program.

In order to mitigate risk associated with the use of third parties, LiveRamp maintains a third-party risk management program, incorporating the review of third parties by data ethics and security teams. A third party’s inherent security risk is determined by identifying their level of access to our systems and data. Third parties with a high inherent risk or with access to sensitive data types undergo a review of their security controls, wherein LiveRamp reviews the third party’s responses to a security due diligence questionnaire, external audit reports, penetration test reports, and/or security policies. A residual score is then determined based on the third party’s controls and/or operational impact to LiveRamp. LiveRamp does not approve the use of any third parties with an inadequate security posture. For third parties handling personal information, LiveRamp also conducts legal and privacy due diligence to assess legal and privacy risks and apply mitigations where appropriate. LiveRamp security also conducts ongoing monitoring of existing third parties. On a cadence determined by the third party’s residual risk level, controls are re-evaluated to ensure that the security controls of the third party have not been diminished.

Recently Filed

Click on a ticker to see risk factors

Ticker *	File Date
NKE	1 day, 5 hours ago
OPTT	1 day, 5 hours ago
ANGO	1 day, 5 hours ago
CTAS	1 day, 7 hours ago
RPM	1 day, 7 hours ago
CNXA	2 days, 2 hours ago
LW	2 days, 7 hours ago
HUDA	3 days, 4 hours ago
AXR	3 days, 4 hours ago
CALM	3 days, 5 hours ago
BUKS	3 days, 5 hours ago
NRAC	4 days, 1 hour ago
RGP	4 days, 5 hours ago
SING	1 week ago
CSBR	1 week ago
DRI	1 week ago
SCHL	1 week ago
GNLN	1 week, 1 day ago
AIR	1 week, 1 day ago
ABTI	1 week, 2 days ago
SHMP	1 week, 2 days ago
BXXY	1 week, 2 days ago
ACRG	1 week, 3 days ago
CARV	1 week, 3 days ago
FOMC	1 week, 3 days ago
KRFG	1 week, 3 days ago
GHMP	1 week, 3 days ago
GWTI	1 week, 3 days ago
VEII	1 week, 3 days ago
ZEST	1 week, 4 days ago
KITL	1 week, 4 days ago
ADMT	1 week, 4 days ago
ATAK	1 week, 4 days ago
BOTY	1 week, 4 days ago
DPLS	1 week, 4 days ago
FDX	1 week, 4 days ago
ECIA	1 week, 4 days ago
ATXG	1 week, 4 days ago
CRMT	1 week, 4 days ago
ELRE	1 week, 4 days ago
CAG	2 weeks, 1 day ago
KALV	2 weeks, 1 day ago
PAYX	2 weeks, 1 day ago
MEI	2 weeks, 1 day ago
BCRD	2 weeks, 1 day ago
FMHS	2 weeks, 2 days ago
ASPA	2 weeks, 2 days ago
STEK	2 weeks, 2 days ago
LEAI	2 weeks, 4 days ago
AIDG	3 weeks ago

OTHER DATASETS

House Trading

Dashboard

Corporate Flights

Dashboard

App Ratings

Dashboard

Strategies

Alerts

Browse Data

Risk Factors Dashboard

View risk factors by ticker

Search filings by term

Risk Factors - RAMP

-New additions in green
-Changes in blue
-Hover to see similar sentence in last filing

Recently Filed

OTHER DATASETS

House Trading

Corporate Flights

App Ratings

TRADE SMARTER

TRADE SMARTER

Strategies

Alerts

Browse Data

Risk Factors Dashboard

View risk factors by ticker

Search filings by term

Risk Factors - RAMP

-New additions in green-Changes in blue-Hover to see similar sentence in last filing

Recently Filed

OTHER DATASETS

House Trading

Corporate Flights

App Ratings

TRADE SMARTER

TRADE SMARTER

-New additions in green
-Changes in blue
-Hover to see similar sentence in last filing