Risk Factors Dashboard
Once a year, publicly traded companies issue a comprehensive report of their business, called a 10-K. A component mandated in the 10-K is the ‘Risk Factors’ section, where companies disclose any major potential risks that they may face. This dashboard highlights all major changes and additions in new 10K reports, allowing investors to quickly identify new potential risks and opportunities.
View risk factors by ticker
Search filings by term
Risk Factors - TDC
-New additions in green
-Changes in blue
-Hover to see similar sentence in last filing
Item 1A. Risk Factors, in this Annual Report.
The Audit Committee is responsible for reviewing the adequacy and effectiveness of the Company’s information security policies, the internal controls regarding information security and cybersecurity, and risks related to such exposures and actions taken to monitor and/or mitigate such risks.The Audit Committee receives quarterly reports as part of its meeting materials prepared by our CISO regarding the assessment of the status, adequacy, and effectiveness of our processes related to assessing, identifying, and managing cybersecurity risks and related
mitigation plans. In addition, at least twice per year, the Audit Committee meeting agenda includes a presentation by the CISO to review and discuss the CISO’s report on cybersecurity risks, mitigation plans and the steps the security team has taken to monitor and control related exposures. The Audit Committee reports to the Board on cybersecurity matters discussed at its meetings and the CISO’s quarterly reports are provided to the Board as part of their meeting materials for their information as well.
We believe that the principal competitive factors for our products and services include: data analytics and AI/ML experience; business outcome delivery; hybrid multi-cloud offerings and experience; total cost of ownership; customer references; technology leadership; product quality; performance, scalability, availability, integrity, security, and manageability; partner relationships; experienced engineering talent, support and consulting services capabilities; management of technologies in a complex analytical ecosystem; delivery of a platform and tools that are designed to enable AI/ML for our customers; and industry knowledge and expertise.We believe that the principal competitive factors for our products and services include: data analytics and AI/ML experience; business outcome delivery; hybrid multi-cloud offerings and experience; total cost of ownership; customer references; technology leadership; product quality; performance, scalability, availability, integrity, security, and manageability; partner relationships; support and consulting services capabilities; management of technologies in a complex analytical ecosystem; delivery of a platform and tools that are designed to enable AI/ML for our customers; and industry knowledge.
9
Research and Development ("R&D"). We remain focused on designing and developing our platform that anticipates our customers' evolving needs and supports solving their complex business challenges. Our teams are extending Teradata technologies and innovations for the Teradata platform, in order to have consistent and differentiated capabilities that meet the performance and scale requirements of enterprise data, analytics and AI uses, moving towards fully autonomous enterprises. Our teams are extending Teradata technologies and innovations for the Teradata platform, including ClearScape Analytics and Teradata AI Unlimited to have consistent and differentiated capabilities that meet the demands of todays’ hybrid ecosystems.
With a focus on creating an open and connected platform, we continue to build a deep integration with cloud data and analytic ecosystems, including advanced analytics and AI/ML tools. Furthermore, with our strong partnerships, our R&D team is extending our platform to enable deeper integration with a broader range of solution and service providers.
Our extensive and talented R&D workforce is one of our core strengths. Our R&D team is globally dispersed to take advantage of global engineering talent. On an ongoing basis, this team adds expertise to align with emerging market dynamics, for example, adding AI expertise to accelerate our momentum. We anticipate that we will continue to have significant R&D expenditures, which may include complementary strategic acquisitions, to help support the flow of innovative technologies that position Teradata to lead in autonomous AI and knowledge.
Government Regulation and Compliance. We are subject to diverse and complex global laws and regulations, including those relating to technology, including AI/ML, data privacy, environmental protection, and ESG reporting. Compliance with such laws and regulations has not historically had a material effect on our capital expenditures, earnings, or competitive position. For more information on regulations and compliance, see Item 1A. Risk Factors, in this Annual Report.
Intellectual Property and Technology. We own 534 patents in the United States. We are also the exclusive licensee of four additional patents in the United States and counterpart patents in foreign countries. Many of the patents that we own are licensed to others, and we are licensed to use certain patents owned by others. While our portfolio of patents and patent applications in the aggregate is of significant value to our Company, we do not believe that any individual patent is by itself of material importance to our business. While our 11Table of Contentsportfolio of patents and patent applications in aggregate is of significant value to our Company, we do not believe that any individual patent is by itself of material importance to our business.
In addition, we own copyrights and trade secrets in our code base that comprises all of the Teradata software offerings, including analytic data platforms and analytic applications and capabilities. Teradata’s software offerings reflect the investment of hundreds of person-years of development work.
The source code versions of our offerings are protected as trade secrets and, in all major markets, as unpublished copyright works. We take great efforts to protect our rights in all software offerings and related intellectual property; however, there can be no assurance that these measures will be successful. The Company owns the Teradata® word and logo trademarks, which are registered in the United States and in many foreign countries, as well as other trade names, service marks, and trademarks.
Sources of Materials. Our hardware components are assembled and configured by Flex Ltd. ("Flex"). Our platform line is designed to leverage the components from manufacturers that we believe are industry leaders. Our data storage devices and memory components utilize industry-standard technologies but are selected and configured to work optimally with our software and hardware platform. Flex also procures a wide variety of components used in the assembly process on our behalf. Although many of these components are available from multiple sources, Teradata utilizes preferred supplier relationships to better ensure more consistent quality, cost and delivery. Typically, these preferred suppliers maintain alternative processes and/or facilities to ensure business continuity of supply. Given our strategy to outsource product assembly activities to Flex and to source certain components from single suppliers, a disruption in production at Flex or at a supplier, a global shortage of components, commodity, transportation, and/or inflationary pressures could impact the timing or profitability of customer shipments. In addition, a significant change in the forecasts to any of these preferred suppliers could result in purchase obligations for components that may be in excess of demand. Although we have not experienced issues from inflationary challenges or otherwise, the current inflation environment could present potential supply chain uncertainty. Although we have not experienced issues from inflationary challenges or otherwise, the current inflation environment could present potential supply chain uncertainty, and we have implemented programs to mitigate these potential risks. For more information, see Item 1A, Risk Factors in this Annual Report.
Human Capital
Teradata operates with a fully flexible work environment, empowering employees to make decisions about where and how they can be most productive. Our global workforce is located in approximately 38 countries, and our corporate headquarters are in San Diego, California.
10
Teradata’s people objectives are to attract, retain, develop, and nurture the most innovative, curious, and skilled talent available. Along with our fully flexible work environment, we offer competitive pay and comprehensive health and wellness benefits and programs designed to help our people thrive.
As of December 31, 2025, we had approximately 5,100 employees globally, with approximately 30% employed in the United States and 70% across the rest of the world. Our global workforce is critical to our overall business strategy across target markets. During fiscal 2025, our overall headcount decreased as we continue to align and optimize our talent needs to support our profitable growth strategies.
Culture and Engagement. At Teradata, we are more than just a leading technology company. We are a global team, fueled by a collaborative culture and shared purpose. Our commitment to continuous growth is built on a foundation of transparency, trust, and support as we face challenges together. Our people are the driving force behind everything we achieve – and when we work together, anything is possible. We empower our people to live our core principles: customer and market driven, agility in execution, and accountability to each other. We strive to create a workplace that is free from discrimination where everyone feels they belong. Together, we thrive – because when our people thrive, so does Teradata.
Health, Safety, and Wellness. We are committed to the health, safety, and wellness of our employees and their families. We provide flexible and inclusive programs that cater to diverse needs of well-being, which includes quarterly well-being days, and global paid holidays for all employees. We provide flexible and inclusive programs that cater to diverse needs of well-being.
Compensation and Benefits. Compensation and Benefits. Our compensation and benefits reflect our commitment to fairness and inclusion. We have robust compensation and benefit programs designed to attract and retain talent and meet the varied and evolving needs of a global workforce. In addition to our competitive base pay, these programs, which vary by country/region, include sales incentives, annual bonuses, stock awards, an Employee Stock Purchase Plan, a Retirement Savings Plans, healthcare and insurance benefits, and paid time off. One specific example of our inclusive benefits includes parental leave, offering birthing and non-birthing parents up to 14 weeks of paid leave for bonding with a new child arriving through birth, adoption, placement, or foster care. One specific example of our 12Table of Contentsinclusive benefits includes parental leave, offering birthing and non-birthing parents up to 14 weeks of paid leave for bonding with a new child arriving through birth, adoption, placement, or foster care.
Talent Development. Teradata is committed to supporting the professional development of our employees by providing resources and pathways for growth. Over the last several years, we have evolved our talent practices to facilitate frequent conversations between managers and employees on performance and development. We have launched on-demand learning resources, such as LinkedIn Learning, which give employees flexibility in when and how they learn. We have launched on-demand learning resources, such as LinkedIn Learning and Country Navigator, which give employees flexibility in when and how they learn. We also provide facilitated learning opportunities to help build specific capabilities and skills, such as Basics of Communication, Emotional Intelligence, Influence, and Time Management. We offer executive and leadership development programs designed to enable our leaders to role model our leadership principles and empower individuals to lead at every level.
Community Engagement. We believe building connections between our employees, their families, and our communities creates a more meaningful, fulfilling, and enjoyable workplace. We support local STEM education programs to ensure emerging leaders in our communities have opportunities to explore their interests. Our Teradata Cares program empowers our employees to make a positive difference where we live and work through volunteerism and giving. We support our employees’ giving and volunteer efforts by providing matching donations for employee contributions to qualified not-for-profit agencies, project grants, and supporting communities where we have employee populations. We support our employees’ giving and volunteer efforts by providing matching donations for employee contributions to qualified not-for-profit agencies, project grants, Annual Days of Caring, and supporting communities where we have employee populations. To further enable employees to support the charity of their choice, we provide every employee four days a year, during normal working hours, for volunteer efforts of their choice.
Properties and Facilities. Properties and Facilities. Our corporate headquarters is located in San Diego, California. As of December 31, 2025, we operated 40 facilities in 29 countries throughout the world. We own our San Diego complex, while all other facilities are leased.
11
Information About Our Executive Officers. The following table and biographies sets forth information as of February 27, 2026 regarding the individuals who are serving as our executive officers.
Stephen McMillan. Stephen McMillan is the Company’s President and Chief Executive Officer and has served in this role since joining the Company in June 2020. Mr. McMillan has served on the Company’s Board of Directors since June 2020. Previously, he served as the Executive Vice President of Global Services for F5 Networks, Inc., a transnational company that specializes in application services and application delivery networking, from October 2017 when he joined F5 until May 2020. Prior to joining F5, Mr. McMillan was at Oracle Corporation, a global software and services company ("Oracle"), for five years where he held roles of increasing executive responsibility, including oversight for customer success and managed cloud services. Mr. McMillan also serves on the Board of Directors of Lumen Technologies, Inc. Woods also serves on the Board of Directors of Winnebago Industries, Inc.
John Ederer. John Ederer is the Company's Chief Financial Officer and has served in this role since joining Teradata in May 2025. Previously, Mr. Ederer served as the Chief Financial Officer for Model N, Inc., a cloud revenue management solutions provider, from January 2021 to May 2025. Prior to that, from August 2018 until November 2020, he served as Chief Financial Officer for K2 Software Inc., a provider of cloud-based and on-premises digital process automation solutions.
Sumeet Arora. Sumeet Arora is the Company’s Chief Product Officer and has served in this role since joining Teradata in April 2025. Prior to joining Teradata, Mr. Kathleen Cullen-Cote is the Company’s Chief People Officer and has served in this role since joining Teradata in July 2019. Prior to joining Teradata, Ms. Arora served as Chief Development Officer at ThoughtSpot, Inc., a technology company that produces business intelligence analytics search software, from 2019 until April 2025. From 2017 until 2019, he was Senior Vice President and General Manager of Service Provider Networking at Cisco Systems, Inc.
Michael Hutchinson. Michael Hutchinson is the Company's Chief Operating Officer and has served in this role since February 2025. Previously, from January 2022 until February 2025, he served as Chief Customer Officer. From June 2021, when he joined the Company until January 2022, he served as Senior Vice President World-Wide Customer Success, Consulting and Renewals. Prior to joining Teradata, Mr. Hutchinson served as the Senior Vice President and Chief Customer Officer at Verint Systems Inc., a customer engagement solutions provider, from August 2020 to May 2021 and as its Senior Vice President, Global Professional Services and Support from April 2018 until August 2020. From 1990-2018, he held several positions with Oracle, most recently as the Group Vice President, North America Customer Success from December 2015 to March 2018.
Richard Petley. Richard Petley is the Company’s Chief Revenue Officer and has served in this role since April 2024. Previously, Mr. Petley served as Teradata’s Executive Vice President, Global Sales, from April 2022, when he joined the Company, until April 2024. He served as General Manager, Western Europe, for Oracle Cloud, at Oracle, from 2021 until April 2022. From 2018 until 2021, he was the Managing Director, Oracle UK. Petley served as Teradata’s Executive Vice President, Global Sales, from April 2022, when he joined the Company, until April 2024. He served as General Manager, Western Europe, for Oracle Cloud, at Oracle Corporation, a global software and services company, from 2021 until April 2022. From 2018 until 2021, he was the Managing Director, Oracle UK.
Scot Rogers. Scot Rogers is the Company’s Chief Administrative Officer and Corporate Secretary and has served in this role since joining Teradata in June 2025. Previously, from January 2014 until May 2025, he served as the Executive Vice President, General Counsel, Secretary and Chief Compliance Officer for F5 Networks, Inc., a transnational company that specializes in application services and application delivery networking. From 2005 until 2013, he held various senior legal roles at F5.
There are no family relationships between any of the executive officers or directors of Teradata.
There are no contractual obligations regarding the selection of our executive officers.There are no contractual obligations regarding the election of our executive officers or directors.
12
Information. Teradata makes available through its website, free of charge, its Annual Report on Form 10-K, Quarterly Reports on Form 10-Q, and Current Reports on Form 8-K, and all amendments to such reports, as soon as reasonably practicable after these reports are electronically filed or furnished to the U.S. Securities and Exchange Commission ("SEC") pursuant to Section 13(a) or 15(d) of the Securities Exchange Act of 1934 (the "Exchange Act"). These reports and other information are available, free of charge, at www.sec.gov. Teradata will furnish, without charge to a security holder upon written request, the Notice of Meeting and Proxy Statement for the 2026 Annual Meeting of Stockholders. Teradata will furnish the Code of Conduct and any other exhibit at cost (the Code of Conduct is also available through Teradata’s website at https://www.teradata.com/about-us/corporate-governance/code-of-conduct/). Document requests are available by calling or writing to:
Teradata - Investor Relations
17095 Via Del Campo
San Diego, CA 92127
Phone: 858-485-2088
Website: www.teradata.com
Item 1A. RISK FACTORS
You should carefully consider each of the following risk factors and all other information set forth in this Annual Report. Based on the information currently known to us, we believe that the following information identifies the most significant risk factors affecting our company in each of these categories of risks. However, the risks and uncertainties our Company faces are not limited to those set forth in the risk factors described below. Additional risks and uncertainties not presently known to us or that we currently believe to be immaterial may also adversely affect our business.
In addition, past financial performance may not be a reliable indicator of future performance, and historical trends should not be used to anticipate results or trends in future periods.
If any of the following risks and uncertainties develops into actual events or occurrences, these events could have a material adverse effect on our business, financial condition or results of operations. In such case, the trading price of our common stock could decline.
RISKS RELATED TO OUR BUSINESS AND OPERATIONS
Failure to successfully execute our strategy and realize the anticipated benefits of our business transformation, including R&D investments, could have a material adverse effect on our business.
Our strategy and ongoing business transformation, including with regard to our cloud, hybrid, on-premises, AI/ML and related offerings, involve significant execution risk. We may not successfully develop, launch, scale, or operate our offerings as planned, including enabling our platform and offerings to operate effectively across cloud, hybrid, on-premises environments, or within the environments of our cloud service provider partners. The execution of our strategy and transformation initiatives presents organizational, operational, and technological challenges, including those related to organizational alignment, technology integration, skilled personnel availability, resource allocation, cost management and internal controls. We may not be able to implement or execute all aspects of our strategy as planned, or realize the anticipated benefits within expected timeframes. Even if certain benefits are achieved, there may be unforeseen consequences, including operational disruptions, which could occur. Any such outcomes could have a material adverse effect on our business, brand and reputation, competitive position, financial condition, results of operations, growth prospects and cash flows.
Shortened product life cycles driven by rapid technological change, competitive pressures, and evolving customer expectations require us to continuously innovate to keep pace with emerging customer use cases and technology trends. We must innovate both internally and in coordination with third-party technology providers whose components are included in our offerings. Bringing new offerings or enhancements to market can be costly and time consuming and may increase our exposure to significant technical, legal, regulatory or other risks. Furthermore, as
13
we migrate our customers from on-premises environments to the cloud and hybrid deployments, expand our customers’ workloads or introduce new consumption or deployment models, we may incur unexpected, delays, or operational complexity.
Our ability to successfully scale and operate our platform, including AI-enabled capabilities, depends on our ability to develop appropriate business models, infrastructure, systems, and operational processes, and to attract, retain, and develop skilled personnel in a competitive labor market. Market acceptance of our new offerings depends on our ability to include functionality and usability that address customer expectations, and to optimally price our offerings and services to meet customer demand across platforms and cover our costs. There can be no assurance that our go-to-market approach will successfully address these evolving preferences. In addition, evolving regulatory requirements applicable to AI-enabled technologies may require changes to product design, development processes, or permitted customer uses, which could delay deployments, increase costs, or reduce customer demand.
As part of our transformation, we continue to dedicate significant resources to our R&D efforts in order to maintain and advance our competitive position. However, we may not receive significant revenues from these investments for several years, if at all. However, we may not receive significant revenues from 15Table of Contentsthese investments for several years, if at all. R&D expenses represent a significant portion of our discretionary fixed costs. Please see Item 1. Business for a description of our strategy, transformation efforts, product offerings and services, and R&D and innovation efforts, including for our autonomous AI and knowledge platform and data and analytics capabilities.
If we are unable to successfully execute our strategy, respond to market and technological change, develop, deliver and scale our offerings on a timely and cost-effective basis, maintain our differentiated hybrid capabilities, or achieve competitive margins and growth, our business, brand and reputation, competitive position, financial condition, results of operations, growth prospects, and cash flows could be materially adversely affected.
Unanticipated delays or accelerations in our sales cycles makes accurate estimation of our Total Annual Recurring Revenue ("ARR"), Public Cloud ARR, and revenues difficult, and have resulted in, and could in the future result in, significant fluctuations in our quarterly operating results and have impacted, and could in the future impact, our ability to achieve any financial guidance and forecasts that we may provide.
The length of our sales cycle varies depending on several factors over which we may have little or no control, including:
•the size and complexity of a potential transaction;
•whether a sale involves a cloud or hybrid offering;
•the level of competition that we encounter in our selling activities;
•customers’ budgeting and approval process, with increasing involvement of the customer C-suite in transactions given the enterprise-wide strategic value our platform provides, including for AI/ML;
•corporate events impacting our customers, including reorganizations or acquisitions, where personnel we are engaging with who have institutional knowledge and history with us have departed or are otherwise unavailable to us; and
•overall macro-economic conditions.
In addition, our account teams have had difficulty in the past obtaining and assessing information as to whether a transaction is proceeding as planned or whether a longer sales cycle will be required, and such difficulty may continue in the future. Because of a generally long sales cycle, we may expend significant effort over a long period of time in an attempt to obtain an order, but ultimately not complete the sale, or the order ultimately received may be smaller than anticipated. The long sales cycle for our products also makes it difficult to predict the quarter in which sales will occur. Delays in sales have caused, and could in the future cause, significant variability in our results for any particular period and have impacted, and could in the future impact, our ability to achieve any financial guidance and forecasts that we may provide.
We may experience variability in our operating results based on the purchasing behavior of our customers.
Our business has substantially shifted from a traditional, perpetual pricing and revenue model to a subscription-based model in which less revenue is recognized upfront at the time the customer enters into a transaction. The pace
14
and extent to which customers will continue to purchase, consume and renew our offerings on a subscription basis is variable and, therefore, has impacts on our results and operations. We also have flexible pricing options for our cloud customers, including consumption-unit based, "pay as you go" pricing. Under such a pricing model, we generally recognize revenue based on consumption. To the extent that customers opt for such a flexible pricing model, we may not be able to accurately forecast the timing of customer consumption of our offerings. In addition, the needs of our customers have evolved from a cloud-only approach to considering hybrid platforms or remaining on-premises. In addition, the needs of our customers have quickly evolved from a cloud-only approach to considering hybrid platforms or remaining on-premises. As a result, our actual results may differ from our projections, particularly for Public Cloud ARR and Total ARR. Furthermore, our on-premises subscription arrangements may provide the customers with the right to cancel our agreement upon certain notice periods, which we may change in the future. Such arrangements may impact the timing of revenue recognition for these customers and result in fluctuations in our quarterly operating results.
As we develop new offerings with enhanced capacity, delivery and performance capabilities, the increased difficulty and complexity associated with producing these offerings may increase the likelihood of reliability, quality, operability, and/or security issues.16Table of ContentsAs we develop new offerings with enhanced capacity, delivery and performance capabilities, the increased difficulty and complexity associated with producing these offerings may increase the likelihood of reliability, quality, operability, and/or security issues.
From time to time, errors or security flaws are identified in our offerings, which in certain cases can be discovered after the offerings are introduced and delivered to customers. This risk is enhanced when offerings are first introduced, when new versions are released, or if customers choose to either delay or deny an upgrade to the most recent version of our platform. In particular, when we develop offerings with more advanced technology, the production of such offerings involves increased difficulty and complexity and as a result may increase the likelihood of reliability, quality, operability, and/or security issues with such offerings. Our products and services may also fail to perform to the full specifications and expectations of our customers, including as part of transitioning customers to the cloud, in particular those that involve customer and/or third-party dependencies. Additionally, third-party components that we integrate into our solutions can have undetected quality issues that can impact the performance of our offerings. We may not be able to detect or remedy all errors, including those that may be deemed critical by our customers, prior to release or deployment.
Such reliability, quality, operability, and security issues may negatively impact our ability to retain current customers, including due to customer cancellations or non-renewals, as well as our ability to obtain new customers and could expose us to liability, performance and warranty claims, as well as harm our brand and reputation. These and other risks associated with new offerings may have a material adverse impact on our results of operations and future performance.
A cybersecurity incident, disruption, or failure of our information systems or those of our third-party providers could adversely impact our reputation, business, and financial results.
Our operations are critically dependent on the security of our computer systems, the computer systems of our key suppliers and third parties, and the information stored in such systems. We face risks from, among other things, natural disasters (such as earthquakes and fires), technological threats (such as cyber-attacks, power outages, and telecommunications failures), and human actions (such as unauthorized access or exploitations, insider actions, phishing schemes, and other events). Increasingly, companies are subject to a wide variety of attacks on their networks on an ongoing basis. Incidences of cyber-attacks and other cybersecurity breaches and incidents have increased and are likely to continue to increase. The occurrence of one or more of these events could result in data loss, system outages, and other interruptions in our operations, which could have a material adverse effect on our business, financial condition or results of operations.
Despite robust data security measures and skilled computer programmers, nation-state sponsored cyber attackers and hackers deploying and advanced and persistent threats may be able to penetrate our network security or that of our third-party providers and misappropriate or compromise our intellectual property or other confidential information or that of our customers, create system disruptions or cause shutdowns. They may also be able to develop and deploy viruses, worms, and other malicious software programs that attack our systems or products or otherwise exploit security vulnerabilities of our systems or products. In addition, phishing-scheme-perpetrators may be able to lure employees or contractors into providing such perpetrators with information that may enable them to avoid some of our network security controls or those of third-party providers which could result in system disruptions or a loss of confidential and proprietary information.
15
While immaterial in impact, we have been subject to actual and threatened cyber-attacks, and there can be no assurance that our defensive measures will be adequate to prevent them in the future. From time to time, we discover vulnerabilities in our software products, and while we routinely perform regular system updates and patches to our various information systems and our products to address such vulnerabilities, we may be unable to timely implement patches and security measures which could result in a cyber-attack. When cyber-attacks occur, we could incur significant liability to our customers whose information was compromised, and our product platform may be perceived as less desirable, which could negatively affect our business and damage our reputation. Further, because we do not control our third-party service providers, or the processing of data by our third-party service providers, we cannot fully ensure the integrity or security of measures they take to protect customer information and prevent data loss. These types of activities will recur and persist, one or more of them may be successful in the future, and one or more of them may have been or will be successful but not detected, prevented, remediated or mitigated by us, and the costs to us to eliminate, detect, prevent, remediate, mitigate or alleviate cyber security or security vulnerabilities could be significant, and our efforts to address these problems may not be successful and could adversely impact our future results of operations. These types of activities will recur and persist, one or more of them may be successful in the future, and one or more of them may have been or will be successful but not detected, prevented, remediated or 17Table of Contentsmitigated by us, and the costs to us to eliminate, detect, prevent, remediate, mitigate or alleviate cyber security or security vulnerabilities could be significant, and our efforts to address these problems may not be successful and could adversely impact our future results of operations. If as a result of these events, the information stored on our or our customers’ systems could be accessed, publicly disclosed, altered, lost or stolen, they can subject us to additional liability and cause us financial harm. In addition, our disclosures concerning security incidents may become the subject of litigation, and cause us, especially in the event of an adverse court ruling, additional financial strain and reputational harm. While we take and will continue to take remediation steps, there is no guarantee that our preventative and mitigation actions with respect to any cybersecurity incident will fully eliminate the risk of a malicious compromise of our, our third-party service providers’ or our customers’ systems.
Additionally, we offer the ability for our employees to choose a remote work location which introduces additional security challenges. The increase in endpoints to manage and reliance on employees to adhere to information security policies and hygiene practices, heightens the vulnerability of our systems to security breaches.
While we maintain insurance coverage for certain liabilities related to cyber-attacks and/or data breaches, such coverage may not adequately cover all costs, expenses, liability and damages that we or our customers may incur as a result of such incidents.
The offering of our cloud- and hybrid-based platforms has increased our exposure to information security risks by increasing our joint responsibility with customers and third-party cloud providers for protecting sensitive information processed through these platforms, preventing any unauthorized access to or use of such platforms, preventing data breaches, and addressing vulnerabilities in customer-managed applications, the failure of which could adversely impact our results of operation, reputation, compliance obligations, and relationships with our customers.
Prior to our transition to offering cloud- and hybrid-based platforms, our customers generally purchased or leased on-premises hardware systems used in connection with our software solutions, which our customers deployed and operated. With respect to these types of customer on-premises solutions, the customer, directly or through its selected services providers, has full control over its data security. While we continue to provide on-premises capabilities for our customers, we also provide cloud- and hybrid-based platforms, which has expanded our information security risk landscape.
Our cloud- and hybrid-based platforms generally require us to deploy or operate solutions for our customers, directly or through the use of third-party services providers, either on-premises at customer-selected data center facilities, or at third-party-hosted data center facilities. As a result, more responsibility for data security has been transferred to us and our third-party service providers due to the data security responsibilities allocated among us, our customers, and third-party providers that are inherent in cloud- and hybrid-based platforms. For example, gaps in security responsibilities can materialize if roles among us, our customers, or third-party providers are not clearly defined or effectively managed and can lead to additional security risks (such as compromised credentials, hijacked accounts, data breaches due to misconfigured cloud storage, inadequate security practices by third-party providers, and vulnerabilities in shared technology). The distributed and multi-tenant nature of our cloud- and hybrid-based platforms can also complicate data governance and compliance. While customers handle application development and deployment within our platform, vulnerabilities stemming from various actions, including unsecure coding practices, data leakage, performance issues, or mismanagement of configurations, can impact the broader platform's
16
integrity and security. Further, we are required to maintain and obtain various global security certifications for our platforms, such as the International Organization for Standardization 27001 ("ISO 27001"), Payment Card Industry Data Security Standard ("PCI"), Federal Risk and Authorization Management Program ("FedRAMP®"), and any delays or failure in maintaining or obtaining such certifications may hinder our competitiveness, particularly in regulated industries, and impact customer confidence.
If unauthorized access to or use of our cloud- or hybrid-based platforms, failure to prevent data breaches, or failure to address vulnerabilities in customer-managed applications occurs, despite robust data security measures and third-party commitments to protect them, our results of operation, reputation, compliance obligations, and relationships with our customers could be adversely impacted. If unauthorized access to or use of our cloud- or hybrid-based platforms, failure to prevent data breaches, or failure to address vulnerabilities in customer-managed applications occurs, despite robust data security measures and third-party commitments to protect them, our results of operation, reputation, compliance obligations, and relationships with our customers could be adversely impacted. Even the perception of inadequate security, including delays or failure to obtain necessary security certifications such as FedRAMP, may damage our reputation and negatively impact our ability to win new customers and retain existing customers, consequently adversely impacting our financial performance and condition. Even the perception of inadequate security, including delays or failure to obtain necessary security certifications such as FedRAMP, may damage our reputation and negatively 18Table of Contentsimpact our ability to win new customers and retain existing customers, consequently adversely impacting our financial performance and condition.
If our existing customers fail to renew, or cancel their subscription license arrangements or support agreements, or if customers do not renew on terms favorable to us, our business could be adversely affected.If our existing customers fail to renew, or cancel, their subscription license arrangements or support agreements, or if customers do not renew on terms favorable to us, our business could be adversely affected.
Teradata’s platform offerings have been expanded to include a variety of subscription options, which impact the timing of when revenues are recognized and related cash flows are collected. The IT industry generally has been experiencing increasing pricing pressure from customers when purchasing or renewing support agreements. As
some of our on-premises customers migrate all or a portion of their data analytics solutions to a cloud- or hybrid based platform, some customers have selected offerings of one of our competitors and existing customers may do so in the future. As a result, such customers have cancelled all or a portion of their arrangements with us and may continue to do so in the future. While customer cancellations we have had to date have not been material to our business, they could become material in the future. Mergers and acquisitions in certain industries that we serve could result in a reduction of the software and hardware being supported and put pressure on our subscription and support terms with customers who have merged. Given these factors, there can be no assurance that our current customers will migrate from on-premises to the cloud with Teradata, renew their subscription and/or support agreements, or agree to the same terms when they renew, which could result in our reducing or losing subscription and/or support fees which could adversely impact operating results.
Our future results depend in part on our relationships with strategic partners, key suppliers, and other third parties.
Our development, marketing, and distribution plans depend in part on our ability to form strategic alliances with third parties that have complementary offerings, software, services, and skills. Our strategic partners include cloud service providers, alliance partners, system integrators and consultants, software and technology providers, hardware support service providers, and indirect channel distributors in certain countries. Our strategic partners include cloud service providers, consultants and system integrators, software and technology providers, hardware support service providers, and indirect channel distributors in certain countries. These relationships involve risks, including our partners changing their business focus, entering strategic alliances with other companies, being acquired, including by our competitors, failing to meet regulatory requirements, data privacy or other laws, or performance criteria, improperly using our confidential information, exposing our data and/or customer information through the transfer of data to the cloud or otherwise or through other security breaches, or their market reputation deteriorating. If we fail to maintain or expand our relationships with strategic partners or if we are forced to seek alternative technology or technology for new solutions that may not be available on commercially reasonable terms, our business may be adversely affected.
As part of our strategy, our relationships with public cloud service providers, Amazon Web Services ("AWS"), Google Cloud, and Microsoft Azure, could impact our business. Our strategic relationships with these cloud service providers for our cloud offerings on their platforms require significant investments to ensure that our solutions are optimized in these cloud environments. In addition, there are geographies in which we operate that utilize alternative, local cloud-platform service providers where AWS, Google Cloud, and Microsoft Azure are inaccessible or not available. The cloud service providers maintain relationships with certain of our competitors, and our competitors may in the future establish relationships with additional competing cloud data platform providers. Furthermore, cloud service providers do and may in the future provide platforms that compete with our platform. Furthermore, cloud service providers do and may in the future provide platforms that compete with VantageCloud and VantageCloud Lake. Any of these cloud service providers may decide to modify or terminate our business relationship, change the terms of any agreement or pricing terms that we have with them, or may otherwise enter into preferred relationships with one or more competing cloud data platform providers. If we are unsuccessful in meeting performance requirements
17
or obtaining future returns on these investments, or if we are otherwise unable to maintain adequate relationships with any of these cloud service providers, our financial results may be adversely impacted.
Third-party vendors provide important elements to our solutions; if we do not maintain our relationships with these vendors or if these vendors cease to be going concerns, interruptions in the supply of our offerings may result. There are some components of our solutions that we purchase from single sources due to price, quality, technology or other reasons. For example, we rely on Flex as a key contract manufacturer for certain on-premises hardware offerings. For example, we rely on Flex as a key single source contract manufacturer for our on-premises hardware systems. In addition, we buy servers from Dell Technologies Inc., storage disk systems from NetApp, Inc. and storage disk systems from NetApp, Inc. , and graphics processing units ("GPU") from NVIDIA. Some components supplied by third parties may be critical to our solutions, and several of our suppliers may terminate their agreements with us without cause with 180-days' notice. In addition, we rely on certain vendors for hardware support services and parts supply. If we were unable to purchase necessary services, parts, components or offerings from a particular vendor and had to find an alternative supplier, our shipments and deliveries could be delayed. If we were unable to purchase necessary services, parts, components or 19Table of Contentsofferings from a particular vendor and had to find an alternative supplier, our shipments and deliveries could be delayed. Also, quality issues, commodity, tariffs, transportation, wage, or other inflationary pressures, a disruption in our supply chain or the need to find alternative suppliers could impact the costs and/or timing associated with procuring necessary offerings, components and services. Also, quality issues, commodity, transportation, wage, or other inflationary pressures, a disruption in our supply chain or the need to find alternative suppliers could impact the costs and/or timing associated with procuring necessary offerings, components and services. In any case, our operations could be adversely impacted. Similarly, our suppliers’ offerings and services have certain dependencies with respect to their own supply chain networks, and supply and/or inflation issues among our suppliers may also adversely impact our business.
Demand for the offerings and services we sell could decline if we fail to maintain positive brand perception and recognition.
Teradata has evolved its brand and messaging, including its emphasis on autonomous AI and knowledge-based data and analytics offerings, to reflect changes in customer needs and market conditions. Recognition and reputation of our brand are important to our success, including our ability to retain existing customers, attract new customers and partners, and achieve our growth expectations in the data management and analytics market. While we leverage our decades of experience in data analytics and database management services, we continue to evolve our offerings to address customer needs across cloud, hybrid, and AI-enabled environments. While we leverage our decades of experience in data analytics and database management services, we believe we have evolved to provide the modern offerings customers need. If the market does not recognize our brand attributes or if there are misperceptions regarding our autonomous AI, cloud, hybrid, or other capabilities, our ability to upgrade existing customers, drive expansion or consumption growth, or acquire new customers could be adversely affected. In addition, damage to the reputation of our brand could result in, among other things, customer cancellations or non-renewals, challenges in attracting and retaining employees, vendor relationship issues, and increased scrutiny from investors and other stakeholders, any of which could materially affect our revenue and profitability. In addition, damage to the reputation of our brand could result in, among other things, customer cancellations or non-renewals, lower employee retention and productivity, vendor relationship issues, and investor and other stakeholder scrutiny, any of which could materially affect our revenue and profitability.
Increases in the cost, or reduced availability, of components used in our product, and/or increases in our other costs of doing business, have, and could continue to, adversely affect our profit margins.Increases in the cost of components used in our product, and/or increases in our other costs of doing business, have, and could continue to, adversely affect our profit margins.
Our cloud offerings are dependent on cloud service providers and require significant investments to ensure that our solutions are optimized in these environments. Some of our key hardware components are assembled and configured by Flex. Flex also procures a wide variety of components used in the assembly process on our behalf. Although many of these components are available from multiple sources, we utilize preferred supplier relationships to better ensure more consistent quality, cost and delivery. Components used in our products require commodities as part of their manufacturing. As such, increased costs and other inflation, and/or increased tariffs on certain items imported from foreign countries have affected our profit margins and could continue to result in declines in our profit margins. As such, increased costs and/or commodity and other inflation, and/or increased tariffs on certain items imported from foreign countries have affected our profit margins and could continue to result in declines in our profit margins.
Additionally, we may face reduced availability of component parts due to global shortages, extended lead times, or other supply chain constraints. Demand for semiconductors, flash memory, GPUs, and other components used in AI, data analytics, and cloud infrastructure may exceed supply, which could increase prices, delay deliveries or compress margins. Such shortages or cost increases could adversely affect our ability to meet customer demand, and we may not be able to fully mitigate these impacts through pricing actions, alternative sourcing, or design adjustments.
Historically, we have mitigated certain cost increases by raising product prices, collaborating with suppliers, pursuing alternative sourcing options, and engaging in cost reduction efforts, all as appropriate. However, these
18
actions may not be sufficient and if our customers resist price adjustments or market conditions limit our ability to offset cost pressures, our sales, margins, earnings, and market share could be adversely affected.
Challenges with our new enterprise resource planning ("ERP") system could adversely impact our business and operations.Challenges with the design and implementation of our new enterprise resource planning ("ERP") system could adversely impact our business and operations.
We have undertaken a multi-year initiative to design, implement, and modernize our ERP system, with deployment completed in 2025. Stabilization and optimization efforts remain ongoing and require continued management attention, including financial and personnel resources. Challenges related to system integration, process alignment, or user adoption during this stabilization phase could result in operational disruption, increased costs, or impacts to financial reporting, which could adversely affect our business, financial condition, or results of operations. Also, quality issues, commodity, transportation, wage, or other inflationary pressures, a disruption in our supply chain or the need to find alternative suppliers could impact the costs and/or timing associated with procuring necessary offerings, components and services.
Any disruption, including as a result of natural disasters or climate change, at or near any of our facilities or other operations or those of our customers, vendors, data warehouses, distribution channels, and public cloud service providers could adversely affect our business. Any disruption, including as a result of natural disasters or climate change, at or near any of our facilities or other operations or those of our customers, vendors, data warehouses, distribution channels, and public cloud service providers could adversely affect our business.
Disruptions could occur as a result of supply chain challenges; decreases in work force availability; availability of natural resources; natural disasters, including inclement weather, which can be exacerbated by global climate change; man-made disasters; or other external events, such as terrorist acts or acts of war, pandemics and/or epidemics, boycotts and sanctions, widespread criminal activities, protests and/or social unrest, or other events, at, or in proximity to, any of our facilities or those of our customers, vendors, distribution channels, and public cloud service providers.Disruptions could occur as a result of supply chain challenges; decreases in work force availability; natural resources availability; natural disasters; inclement weather, including as exacerbated by global climate change; man-made disasters; or other external events, such as terrorist acts or acts of war, pandemics and/or epidemics, boycotts and sanctions, widespread criminal activities, or protests and/or social unrest, or other events, at or in proximity to any of our facilities or those of our customers, vendors, data warehouses, distribution channels, and public cloud service providers. Such events and disruptions could make it difficult or impossible to deliver products and services to our customers or perform critical business functions and could adversely affect our business.
Our headquarters and data lab are located in California, a region with a history of seismic activity, wildfires and an extreme risk of drought, flooding, and vulnerability to future water scarcity. As such, we could experience disruptions as a result of natural disasters and/or extreme weather conditions, including sea-level rise, earthquakes, tornadoes, hurricanes, earthquakes, floods, tsunamis, typhoons, drought, and fire, that could impact our business and operations. Such events could pose physical risks to our facilities and data lab, result in power outages and shortages, and/or result in failures of global critical infrastructure, telecommunication and security systems, natural resource availability, such as energy and water sources, employees’ ability to work, availability of supply chain and logistics, and the additional costs to maintain or resume operations such as costs to repair damages to our facilities, equipment, infrastructure, and business relationships, each of which could negatively impact our business and operations. Such events could pose physical risks to our facilities and data center, result in power outages and shortages, and/or result in failures of global critical infrastructure, telecommunication and security systems, natural resource availability, such as energy and water sources, employees’ ability to work, availability of supply chain and logistics, and the additional costs to maintain or resume operations such as costs to repair damages to our facilities, equipment, infrastructure, and business relationships, each of which could negatively impact our business and operations. Furthermore, environmental regulations are increasing in their frequency of issuance and applicability to our company, particularly due to our operations in California and the European Union. Such regulations may result in changes in the demand for resources that could adversely impact the availability or cost of goods and services, including natural resources necessary to run our business.
The occurrence of future global pandemics and/or regional epidemics may disrupt our business in the future. The extent to which our business may be affected in the future is highly uncertain and cannot be predicted as it would be dependent on factors such the duration and scope of the pandemic; governmental, business, and individuals' actions in response to the pandemic; and the impact on economic activity such as financial market instability.
While we have taken steps intended to enhance our operational resilience, there can be no assurance that these measures will be sufficient to prevent or mitigate the adverse impacts of such events.
Failure to successfully complete reorganization activities in connection with our transformation activities or otherwise could negatively affect our operations. Failure to successfully complete reorganization activities in connection with our transformation activities or otherwise could negatively affect our operations.
We have undertaken, and may continue to undertake, reorganization efforts in connection with our business transformation and broader cost optimization initiatives in furtherance of our strategy. From time to time, we may wind down certain business activities and/or facilities, cease doing business in certain geographic areas, and/or perform other organizational reorganization projects in an effort to reduce costs and optimize operations. In addition, from time to time, we may wind down certain business activities and/or facilities, cease doing business in certain geographic areas, and/or perform other organizational reorganization projects in an effort to reduce costs and optimize operations. For example, on August 5, 2024, we announced the realignment of our sales function and the initiation of global restructuring and cost reduction actions, elements of which continued into 2025. Reorganization activities, including workforce reductions, leadership and management transitions, and changes to organizational structures, involve risks and may divert management's attention from our core businesses, increase expenses on a short‑term basis, reduce revenues, or disrupt execution of our strategy. We may also experience a loss of continuity, loss of accumulated knowledge, or loss of efficiency during such transitional periods, all of which may negatively impact our business, financial condition, operating results, and cash flows.
19
Our business is affected by the global economies in which we operate and the economic climate of the industries we serve.
Our business and results of operations are affected by international, national and regional economic conditions. In particular, the IT industry in which we operate is susceptible to significant changes in the strength of the economy and the financial health of companies and governmental entities that make spending commitments for new technologies. Accordingly, adverse global economic, inflationary, recessionary, and market conditions, including in certain economic sectors in which many of our customers operate (such as financial services, healthcare, manufacturing, or government), may adversely impact our business. Accordingly, adverse global economic, inflationary, recessionary, and market conditions, including in 21Table of Contentscertain economic sectors in which many of our customers operate (such as retail, manufacturing, financial services or government), may adversely impact our business. For example, adverse changes to the economy could impact the timing of purchases by our current and potential customers or the ability of our customers to fulfill their obligations to us. In addition, decreased or more closely scrutinized spending in our customers’ businesses and in the industries we serve, may adversely impact our business. Uncertainty about future economic conditions may make it difficult for us to forecast operating results and to make decisions about future investments. In addition, our inability or failure to quickly respond to inflation and the resulting buying behaviors of our customers could harm our business, results of operations and financial condition. Our success in periods of economic uncertainty may also be dependent, in part, on our ability to reduce costs in response to changes in demand, inflation or other activity.
Generating substantial revenues from our international operations pose several risks.
In 2025, the percentage of our total revenues from outside of the United States was 50%. We have exposure to more than 30 functional currencies. The risks associated with the geographic scope of our business operations include, among other things the following:
•Cultural, management, and staffing challenges associated with operating in countries around the world, including developing countries;
•Realignment of our international strategy and organization structure;
•The imposition of additional and/or different country laws, governmental controls and regulations;
•The ever-changing macro-economic and geo-political (including local conflicts and wars) environments we operate in;
•Longer payment cycles for sales in certain foreign countries and difficulties in enforcing contracts and collecting accounts receivable;
•Fluctuations in the value of local currencies and foreign currency controls in various jurisdictions where we operate, including Argentina;
•Tariffs or other restrictions on foreign trade or investment;
•Foreign trade policy changes, trade regulations, and/or disputes may adversely affect sales of our solutions and services and may result in longer sales cycles;
•The imposition of sanctions against a country, company, person or entity with whom we do business that would restrict or prohibit our business; and
•Foreign or domestic government activities that favor domestic companies, including those that may require companies to procure goods and services from locally-based suppliers.
Any of these events, among others, could materially and adversely affect our financial condition and operating results.
Our offerings are subject to United States export controls and, when exported from the United States, or re-exported to another country, must be authorized under applicable United States export regulations. Our offerings may also be subject to local country import controls. Changes in our offerings or changes in export or import regulations, including the implementation of adverse tariffs, may create delays in the introduction of our offerings in international markets, prevent our customers with international operations from deploying our offerings throughout their global systems or, in some cases, prevent the export or import of our offerings to certain countries or customers altogether. Any change in export or import regulations or related legislation, shift in approach to the enforcement or scope of existing regulations, change in tariff policy, or change in the countries, persons or technologies targeted by these regulations could result in decreased use of our offerings by, or in our decreased ability to export, import or sell our offerings to, existing or potential customers with international operations.
There is active enforcement and ongoing focus by the Securities and Exchange Commission (the "SEC") and other governmental authorities on the United States Foreign Corrupt Practices Act, the U.K. Bribery Act of 2010 and similar anti-bribery, anti-corruption laws in other countries. Given the breadth and scope of our international
20
operations, we may not in all cases be able to detect improper or unlawful conduct by our partners, distributors, resellers, customers, and employees, despite our high ethics, governance and compliance standards, which could put the Company at risk regarding possible violations of such laws and could result in various civil or criminal fines, penalties or administrative sanctions, and related costs, which could negatively impact the Company's business, brand, results of operations or financial condition.
Inadequate internal control over financial reporting and accounting practices could lead to errors, which could adversely impact our ability to assure timely and accurate financial reporting.22Table of ContentsInadequate internal control over financial reporting and accounting practices could lead to errors, which could adversely impact our ability to assure timely and accurate financial reporting.
Internal control over financial reporting, no matter how well designed and operated, can provide only reasonable, not absolute, assurance that the control objectives will be met. These inherent limitations include system errors, the potential for human error and unauthorized actions of employees or contractors, inadequacy of controls, temporary lapses in controls due to shortfalls in transition planning and oversight of resources, internal control failures as a result of the implementation and use of our new ERP system, and other factors. Consequently, such controls may not prevent or detect misstatements in our reported financial results as required under rules of the SEC and the New York Stock Exchange ("NYSE"), which could increase our operating costs or impair our ability to operate our business. Consequently, such controls may not prevent or detect misstatements in our reported financial results as required under the SEC and the New York Stock Exchange ("NYSE") rules, which could increase our operating costs or impair our ability to operate our business. Controls may also become inadequate due to changes in circumstances, and it is necessary to replace, upgrade or modify our internal information systems from time to time. In addition, unforeseen risks may arise in connection with financial reporting systems, including with our new ERP system, due to inefficient business processes, business process reengineering projects, or changes in accounting standards.
If management is not successful in maintaining a strong internal control environment, material weaknesses could occur, causing investors to lose confidence in our reported financial information. This could lead to a decline in our stock price, limit our ability to access the capital markets in the future, and require us to incur additional costs to improve our internal control systems and procedures.
Increased scrutiny from governments, investors, rating agencies, customers, and other stakeholders regarding our environmental, social, and governance ("ESG") practices, commitments, goals and performance could impose additional costs, expose us to new risks, or negatively impact our reputation.Increased scrutiny from governments, investors, rating agencies, customers, and other stakeholders regarding our environmental, social, and governance ("ESG") practices, commitments, and performance and our inability to achieve any ESG goals we establish could impose additional costs, expose us to new risks, or negatively impact our reputation.
The ESG regulatory landscape is constantly changing, with regulatory requirements and stakeholder expectations continuously evolving across multiple jurisdictions. Our ability to meet program goals and objectives may be challenged by a variety of factors, including the complexity of implementing ESG initiatives across our operations and supply chain, economic or operational constraints, shifts in market dynamics, and evolving regulatory frameworks and reporting standards. As a result, our ability to meet program goals and objectives may be challenged by a variety of factors, including the complexity of implementing ESG initiatives across our operations and supply chain, unforeseen economic or operational constraints, and shifts in market dynamics or regulatory frameworks. We continue to align our disclosures with evolving frameworks and regulatory requirements, such as those adopted in the European Union and the state of California. However, uncertainty remains regarding the timing, scope, and enforcement of these regulations, which could impact our compliance obligations, disclosure processes and reporting practices. We have established ESG goals and expect to continue doing so. Our performance may be evaluated by third-party organizations, including rating agencies and sustainability indices, whose assessments may not always reflect our initiatives favorably. If we fail, or are perceived to fail, to meet our stakeholders’ and/or raters’ expectations or regulatory requirements, we could be exposed to increased costs associated with compliance or operational changes, risk of litigation, difficulty in attracting and retaining employees, negative investor sentiment, and an adverse impact on our reputation.
RISKS RELATED TO OUR INDUSTRY
Our platform and service offerings incorporate AI/ML capabilities, which exposes us to an emerging and uncertain regulatory environment and rapidly changing technology, and any failure to comply with applicable requirements could result in reputational harm, liability and disruption to our business operations.
The AI/ML regulatory environment is rapidly evolving, and it is difficult to predict the impact such changes may have on our business, results of operations and financial condition.The AI/ML regulatory environment is rapidly evolving, and it is difficult to predict the impact the evolving regulatory landscape may have on our business, results of operations and financial condition. Evolving AI-related regulations could require changes to our AI-enabled features or platforms, or limit customer use of our offerings, potentially delaying development, increasing costs, or reducing demand. In addition, we may be subject to increased regulatory requirements and related risks, including data privacy concerns, intellectual property disputes, and exposure to litigation.
21
The IT industry, particularly for data analytics and AI solutions, is intensely competitive and evolving, and competitive pressures could adversely affect our pricing practices or demand for our offerings and services.
We operate in the intensely competitive IT industry, particularly for data analytics and AI solutions, which is characterized by rapidly changing technology, evolving industry standards and models for consuming and delivering business and IT services, frequent new product introductions, and frequent price and cost reductions.We operate in the intensely competitive IT industry, which is characterized by rapidly changing technology, evolving industry standards and models for consuming and delivering business and IT services, frequent new 23Table of Contentsproduct introductions, and frequent price and cost reductions. In general, as a participant in the data analytics and AI solutions market, we face:
•Changes in customer spending preferences and other shifts in market demands, which drive changes in the Company's competition;
•Changes in pricing, marketing and product strategies, such as potential aggressive price discounting and the use of different pricing models by our competitors;
•Rapid changes in product delivery models, such as on-premises solutions versus cloud or hybrid solutions;
•Rapid changes in computing technology and capabilities that challenge our ability to maintain differentiation;
•New and emerging analytic technologies, including for AI/ML workloads, competitors, and business models;
•Continued emergence of open-source software that often rivals current technology offerings at a much lower cost, despite its limited functionality;
•Changing competitive requirements and deliverables in developing and emerging markets; and
•Continuing trend toward consolidation of companies, which could adversely affect our ability to compete, including if our key partners merge or partner with our competitors.
Our competitors include established companies within our industry, including AWS, Databricks, Google Cloud, Microsoft Azure, Snowflake, and others, many of which are well-capitalized companies with widespread distribution, brand recognition and a strong presence in the markets we serve.Our competitors include established companies within our industry, including Amazon, Google, IBM, Oracle, Microsoft, and SAP, which are well-capitalized companies with widespread distribution, brand recognition and penetration of our product platforms and service offerings. The significant purchasing and market power of these larger competitors, which have greater financial resources than we do, could allow them to surpass our market penetration and marketing efforts to promote and sell their offerings and services. In addition, many other companies participate in specific areas of our business, such as enterprise applications, analytic platforms, business intelligence software and AI enablement. In some cases, we may partner with a company in one area of our business and compete with them in another. In particular, in delivering our offerings in a cloud environment to certain of our customers, we partner with Amazon Web Services, Google Cloud, and Microsoft Azure, which are public cloud service providers. In particular, in delivering our Teradata VantageCloud offerings in a cloud environment to certain of our customers, we partner with each of Amazon Web Services, Google, and Microsoft, which are public cloud service providers. The status of our business relationships with these companies can influence our ability to compete for data analytics and related AI-enabled solutions opportunities in these areas. The status of our business relationships with these companies can influence our ability to compete for analytic data solutions opportunities in such areas. In addition, we see additional competition from both established and emerging cloud-only data vendors, AI-focused companies, and open-source providers. In addition, we see additional competition from both established and emerging cloud-only data vendors and open-source providers. Failure to compete successfully with new or existing competitors in these and other areas could have a material adverse impact on our ability to generate additional revenues or sustain existing revenue levels.
Current and evolving privacy laws and regulations, cross-border data transfer restrictions and other aspects of data privacy may impact the use and adoption of our solutions and services and adversely affect our business.
Federal, state and foreign governments continue to adopt new, or modify existing, laws and regulations addressing data privacy and the collection, processing, storage, transfer and use of data. Some of these impose new obligations directly on the Company as both a data controller and a data processor, as well as on many of our customers. New laws also require us to evaluate any required changes to our solutions and services on an ongoing basis to enable Teradata and/or our customers to comply with the new legal requirements and may also increase our potential liability through higher potential penalties for non-compliance. Further, proposed and evolving European privacy and electronic communications regulations are increasingly aimed at the use of personal information for marketing purposes, and the tracking of individuals’ online activities. Further, laws such as the European Union’s proposed e-Privacy Regulation are increasingly aimed at the use of personal information for marketing purposes, and the tracking of individuals’ online activities. These new or proposed laws and regulations are also subject to differing interpretations which may be inconsistent among jurisdictions. These and other requirements could reduce demand for our solutions and services, require us to take on more onerous obligations in our contracts, restrict our ability to store, transfer and process data or, in some cases, impact our ability to offer our solutions and services in certain locations or our customers' ability to deploy our solutions globally. For example, existing and
22
developing laws regarding how companies transfer personal data across borders can be unpredictable and subject to legal challenge and could result in further limitations on the ability to transfer data across borders, particularly if governments are unable or unwilling to create new, or maintain existing, mechanisms that support cross-border data transfers. Additionally, certain countries have passed or are considering passing laws requiring local data residency. The costs of compliance with, and other burdens imposed by, privacy laws, regulations and standards may limit the use and adoption of our solutions and services, reduce overall demand for our solutions and services, make it more difficult to meet expectations from or commitments to customers, lead to significant fines, penalties or liabilities for noncompliance, or slow the pace at which we close sales transactions, any of which could harm our business. The costs of compliance with, and other burdens imposed by, privacy laws, regulations and standards may limit the use and adoption of our solutions and services, reduce overall demand for our solutions and services, make it more 24Table of Contentsdifficult to meet expectations from or commitments to customers, lead to significant fines, penalties or liabilities for noncompliance, or slow the pace at which we close sales transactions, any of which could harm our business.
In addition to government activity, privacy advocacy and other industry groups establish new self-regulatory standards that may place additional burdens on our ability to provide our solutions and services globally. Our customers expect us to meet voluntary certification and other standards established by third parties, such as related ISO standards. If we are unable to maintain these certifications or meet these standards, it could adversely affect our ability to provide our solutions to certain customers and could harm our business.
Furthermore, concerns regarding data privacy may cause our customers’ customers to resist providing the data necessary to allow our customers to use our solutions and services effectively. Even the perception that the privacy of personal information is not satisfactorily protected or does not meet regulatory requirements could inhibit sales of our offerings or services and could limit adoption of our cloud-based solutions.
RISKS RELATED TO HUMAN CAPITAL
We depend on key employees and face competition in hiring and retaining qualified employees.
Our employees and access to specialized talent are critical to our success.Our employees and access to talent are critical to our success. Our future success depends, in part, on our ability to attract, retain, develop, and motivate senior management and other key personnel, including in product engineering and development, go-to-market functions, information security and other roles requiring expertise in AI/ML and cloud-based technologies. A core component of our business strategy is to expand and enhance our product offerings, particularly for analytic solutions in cloud and hybrid environments, to include newer market-relevant features, functionality, and cloud-native options, including AI/ML, and to keep pace with price-to-performance gains. Competition for highly skilled personnel has intensified as companies seek to accelerate AI adoption. Competition for highly skilled personnel and acquired talent in the current environment, specifically the IT industry is intense. As a result, there can be no assurance that key personnel will remain with us, and it may be difficult and costly to replace such personnel or hire qualified employees. No assurance can be made that key personnel will remain with us, and it may be difficult and costly to replace such employees and/or obtain qualified talent who are not employees. While we have implemented policies, including remote and hybrid work arrangements to broaden our talent pool, these measures may not fully mitigate competitive pressures. If we are unable to execute key initiatives or successfully hire, retain, and replace key personnel, our competitiveness, innovation capabilities, and business operations could be materially and adversely affected.
RISKS RELATED TO LEGAL AND REGULATORY MATTERS
We face uncertainties regarding legal proceedings, complex and changing laws and regulations, and other related matters.
In the normal course of business, we are subject to proceedings, lawsuits, claims and other matters, including those that could relate to the environment, health and safety, employee benefits, export controls and trade compliance, shareholder matters, intellectual property, a variety of local laws and regulations, and other regulatory compliance and general matters.In the normal course of business, we are subject to proceedings, lawsuits, claims and other matters, including those that could relate to the environment, health and safety, employee benefits, export compliance, shareholder matters, intellectual property, a variety of local laws and regulations, and other regulatory compliance and general matters. See "Note 10-Commitments and Contingencies" in the Notes to Consolidated Financial Statements in this Annual Report. Because such matters are subject to many uncertainties, their outcomes are not predictable. There can be no assurances that the amounts required to satisfy alleged liabilities from such matters will not impact future operating results.
In addition, we are subject to diverse and complex laws and regulations relating to technology (including AI/ML), corporate governance, ESG reporting, environmental protection, privacy and data protection, taxation, public disclosure, and reporting, which are evolving and subject to change.In addition, we are subject to diverse and complex laws and regulations, including those relating to technology, including AI/ML, corporate governance, ESG reporting, environmental protection, data privacy, public disclosure, and reporting, which are rapidly changing and subject to possible changes in the future. From time to time, we may conduct internal investigations to ensure compliance with such laws and regulations, the costs or results of which could impact our financial results. In addition, we may be subject to unexpected costs in connection with new public disclosure or other accounting or regulatory requirements that are issued from time to time. Laws and regulations impacting our customers, such as those relating to privacy, data protection and digital marketing, could also impact our future
23
business. Because we do business in the government sector, we are generally subject to audits and investigations which could result in various civil or criminal fines, penalties or administrative sanctions, including debarment from future government business, which could negatively impact the Company’s results of operations or financial condition.
Gaps in protection of Teradata’s intellectual property or unlicensed use of third-party intellectual property could impact our business and financial condition.25Table of ContentsGaps in protection of Teradata’s intellectual property or unlicensed use of third-party intellectual property could impact our business and financial condition.
As a technology company, our intellectual property portfolio is critical to supporting our knowledge platform for autonomous AI and related offerings.As a technology company, our intellectual property portfolio is crucial to our continuing ability to be a leading hybrid cloud data and analytics platform provider for trusted AI. We strive to enhance and, as much as is legally and reasonably possible, protect our proprietary intellectual property rights through patent, copyright, trademark and trade secret laws, as well as through technological safeguards and the actions of our people. These efforts include protection of the offerings and application, diagnostic and other software we develop.
Where gaps exist in our intellectual property protection, even if such gaps are reasonable, our business could be materially adversely impacted. We may be unable to prevent third parties from using our technology without our authorization or independently developing technology that is similar to ours, particularly in those countries where the laws do not protect our proprietary rights as fully as in the United States (such as Iran, China and certain Eastern European countries that may use Nation State Sponsored Advanced Persistent Code ("NSSAPC") to advance their own industries). With respect to inventions for which we choose to file patent applications, we may not be successful in securing patents for these claims, and our competitors may already have applied for patents that, once issued, will prevail over our patent rights or otherwise limit our ability to sell our offerings.
While we take steps to provide for confidentiality obligations of employees and third parties with whom we do business (including customers, suppliers and strategic partners), there is a risk that such parties will breach such obligations and jeopardize our intellectual property rights. Many customers have outsourced the administration and management of their data and analytics environments to third parties, including some of our competitors, who then have access to our confidential information. Although we have agreements in place to mitigate this risk, there can be no assurance that such protections will be sufficient. In addition, our ability to capture and re-use field-based developed intellectual property is important to future business opportunities and profits.
We are seeing an extended trend towards aggressive enforcement of intellectual property rights, especially by so-called "patent assertion entities" ("PAEs") or "non-practicing entities" ("NPEs"), as the functionality of offerings in our industry increasingly overlaps and the volume of issued software patents continues to grow. As a result, we have been, and in the future could be, subject to infringement claims which, regardless of their validity, could:
•Be expensive, time consuming, and divert company resources and management attention away from normal business operations;
•Require us to pay monetary damages or enter into non-standard royalty and licensing agreements;
•Require us to modify our product sales and development plans; or
•Require us to satisfy indemnification obligations to our customers.
Regardless of whether these claims have any merit, they can be burdensome to defend or settle and can harm our business, reputation, financial condition and results of operations.
As is standard in the IT industry, our offerings are built primarily on our own proprietary technology and leverage third-party proprietary software and open-source components. We employ reasonable practices to secure and ensure compliance with the licenses necessary for our intended use of these third-party components. These practices cannot, however, eliminate the risk that IP-enforcement actions might be taken by purported IP owners who believe we have failed to acquire rights to use the IP or have exceeded the scope of rights granted.
A change in our effective tax rate can have a significant adverse impact on our business.
A number of factors may adversely impact our future effective tax rates, such as:
•The jurisdictions in which our profits are determined to be earned and taxed;
•Changes in corporate tax rates in the jurisdictions in which we operate;
•The resolution of issues arising from tax audits with various tax authorities;
24
•Changes in the valuation of our deferred tax assets and liabilities;
•Adjustments to estimated taxes upon finalization of various tax returns; and
•Changes in available tax credits, especially surrounding tax credits in the United States for our research and development activities and foreign tax credits.
Tax rules may change in a manner that adversely affects our future reported results of operations or the way we conduct our business. Further changes in the tax laws could arise as a result of the base erosion and profit shifting project that was undertaken by the Organization for Economic Co-operation and Development ("OECD"). The OECD, which represents a coalition of member countries, recommended changes to numerous long-standing tax principles impacting how large multinational enterprises are taxed. In particular, the OECD has issued its guidance on the Global Anti-Base Erosion rules, with the purpose of ensuring multinational companies pay a 15% global minimum tax on the income generated in each of the jurisdictions where they operate in, referred to as "Pillar Two." Many jurisdictions, including several European Union members and G20 countries, have enacted Pillar Two as of January 1, 2024. Pillar Two did not have a material impact to our effective tax rate in 2025 and 2024. We are continuing to monitor developments and evaluating the impacts these new rules will have on our future tax rate, including eligibility to qualify for the safe harbor rules." 26Table of ContentsMany jurisdictions, including several European Union members and G20 countries, have enacted Pillar Two as of January 1, 2024. Pillar Two did not have a material impact to our effective tax rate in 2024. We are continuing to monitor developments and evaluating the impacts these new rules will have on our future tax rate, including eligibility to qualify for the safe harbor rules.
Further, the increased scrutiny on international tax and continuous changes to countries’ tax legislation may also affect the policies and decisions of tax authorities with respect to certain income tax and transfer pricing positions taken by the Company in prior or future periods. It is not uncommon for taxing authorities in different countries to have conflicting views, for instance, with respect to, among other things, the manner in which the arm’s length standard is applied for transfer pricing purposes, or with respect to the valuation of intellectual property. Our income tax obligations are based partly on our corporate structure and inter-company arrangements, including how we develop, value, and use our intellectual property and the valuations of our inter-company transactions. Tax authorities may disagree with certain positions we have taken and assess additional taxes. We regularly assess the likely outcomes of these audits to determine the appropriateness of our tax provision; however, there can be no assurance that we will accurately predict the outcomes of these audits, and the actual outcomes of these audits could have a material impact on our financial condition or results of operations. In addition, governmental authorities in the United States and throughout the world may increase or impose new income taxes or indirect taxes, or revise interpretations of existing tax rules and regulations, as a means of financing the costs of stimulus and other measures enacted or taken, or that may be enacted or taken in the future. Such actions could have an adverse effect on our results of operations and cash flows.
RISKS RELATED TO OUR FINANCIAL CONDITION
Our indebtedness could adversely affect our financial condition and limit our financial flexibility.
The Company's indebtedness could:
•Expose us to interest rate risk;
•Increase our vulnerability to general adverse economic and industry conditions;
•Limit our ability to obtain additional financing or refinancing at attractive rates and terms;
•Require the dedication of a substantial portion of our cash flow from operations to the payment of principal of, and interest on, our indebtedness, thereby reducing the availability of such cash flow to fund our growth strategy, working capital, capital expenditures, share repurchases and other general corporate purposes;
•Limit our flexibility in planning for, or reacting to, changes in our business and the industry; and
•Place us at a competitive disadvantage relative to our competitors with less debt.
Further, our outstanding indebtedness is subject to financial and other covenants, which may be affected by changes in economic or business conditions or other events that are beyond our control. If we fail to comply with the covenants in any of our indebtedness, we may be in default under the loan, which may entitle the lenders to accelerate the debt obligations. To avoid defaulting on our indebtedness, we may be required to take actions such as reducing or delaying capital expenditures, reducing or eliminating stock repurchases, selling assets, seeking additional equity capital, and restructuring or refinancing all or part of our existing debt. In addition, our ability to refinance any of our outstanding or future indebtedness will depend on market conditions and our financial condition at such time, which could result in our ability to engage in these activities on desirable rates and terms, or at all.
25
Fluctuations in foreign currency exchange rates have affected our operating results and could continue to impact our revenue and net earnings.
Because the functional currency of most of our foreign activities is the applicable local currency, but our financial reporting currency is the U.S. dollar, we are required to translate the assets, liabilities, expenses, and revenues of our foreign activities into U.S. dollars at the applicable exchange rate in preparing our Consolidated Financial Statements. We operate in approximately 38 countries and are exposed to various foreign currencies. Accordingly, we face foreign currency exchange rate risk arising from transactions in the normal course of business.
In addition, we operate in certain jurisdictions that utilize foreign currency controls that may temporarily restrict access to foreign currency which results in excess cash in the jurisdiction that cannot be remitted outside of the country and is, therefore, subject to foreign currency exchange rate risk. For example, the Company has operations in Argentina. For example, the Company has operations 27Table of Contentsin Argentina. Commencing in October 2023 and continuing throughout 2024 and 2025, the Company began entering into Blue Chip Swap transactions (a foreign exchange mechanism which effectively results in a parallel U.S. dollar exchange rate) in order to remit cash from its Argentine operations and such action resulted in a pre-tax loss on investment of $1 million, $4 million and $13 million during 2025, 2024 and 2023, respectively.
Foreign currency exchange rates and foreign currency controls have affected our revenue and net earnings and could continue to impact our revenue and net earnings. While we actively manage our foreign currency market risk in the normal course of business by entering into various derivative instruments to hedge against such risk, these derivative instruments involve risks and may not effectively limit our underlying exposure to foreign currency exchange rate fluctuations or minimize our net earnings and cash volatility associated with foreign currency exchange rate changes. Further, the failure of one or more counterparties to our foreign currency exchange rate contracts to fulfill their obligations to us could adversely affect our operating results.
| Item 1B. | UNRESOLVED STAFF COMMENTS | ||||
None.
| Item 1C. | CYBERSECURITY | ||||
Risk Management and Strategy
Our cybersecurity program is designed to protect information and information systems from unauthorized access, use, disclosure, disruption, modification, or destruction.
Enterprise Risk Management. Enterprise Risk Management. We have processes in place for assessing, identifying, and managing material risks from cybersecurity threats, which are integrated into our Enterprise Risk Management ("ERM") program. Our ERM program, which is coordinated through our Enterprise Risk and Internal Audit function ("ERAS team"), includes the identification of risks relevant to Teradata’s business, including material risks from cybersecurity threats; assigning personnel responsible for such risks; the development of strategies and plans to monitor, assess, and mitigate such risks; and oversight of the identified risks through regular reporting and risk evaluations with management, our Board, and/or relevant Board committee. Our ERAS team works closely with the Information Security function, including our Chief Information Security Officer ("CISO"), in the cybersecurity risk management process that informs the ERM program.
Cybersecurity Processes. The processes in place for managing cybersecurity threats, including threats associated with our use of third-party service providers, include identifying potential cybersecurity threats; defining the roles and responsibilities of our personnel pursuant to our Cybersecurity Incident Response Plan ("CIRP"); continuous testing and training of our employees on cybersecurity risks and security hygiene; communication and escalation protocols; and tools and technologies for incident detection and responses. We continuously assess risks and changes in the cybersecurity environment and adjust our processes and cybersecurity investments as appropriate.
•Our information security processes are built upon a foundation of advanced security technology, a trained team of security experts, and operations based on various global practices, standards, and frameworks, including the International Organization for Standardization, International Electrotechnical Commission, and National Institute of Standards and Technology Cybersecurity Framework.
26
•We maintain policies, procedures, and controls that are designed to identify, protect, detect, respond to, and recover from information security and cybersecurity threats and incidents. Such items are reviewed, approved, and monitored by our CISO on an ongoing basis. In addition, we engage external advisors periodically to review and assess our policies, procedures, and controls.
•We engage periodically independent security firms and other third-party experts, where appropriate, to assess, test, and certify components of our cybersecurity program, and to assist with aspects of our cybersecurity processes and controls.
•Our incident response process provides a documented framework for handling cybersecurity incidents. The program includes protocols for preventing, detecting and responding to cybersecurity incidents, and cross-functional coordination across multiple functions of the organization. The CIRP addresses cybersecurity incident detection, containment, analysis, eradication, recovery, escalation protocols, and coordination across multiple functions of the organization.
•We have processes to manage cybersecurity risks associated with third-party service providers. Risk management process for third-party service providers and vendors includes due diligence and information security assessments in the selection process and periodic monitoring regarding adherence to applicable cybersecurity standards. However, despite the controls that we have in place, we also rely on our third-parties to implement security programs and we cannot ensure in all circumstances that their efforts will be successful.
•We maintain an annual cybersecurity training plan including employee training on cybersecurity risks, requirements, and incident reporting. As part of our training plan, we regularly perform phishing tests of our employees. On an annual basis, our employees must complete cybersecurity awareness training.
•We perform simulations to review and test our information security program, including tabletop exercises, penetration and vulnerability testing, and other exercises to evaluate the effectiveness of our information security program and improve our security measures and planning.
•We maintain insurance to provide coverage for certain losses from cybersecurity threats and incidents.
•We have developed business continuity and disaster recovery capabilities to mitigate interruptions to critical information systems and the loss of data and services from the effects of natural or man-made disasters to Teradata systems.
Cybersecurity Incidents. To protect our information systems from cybersecurity incidents and threats, we use various security tools that help prevent, identify, escalate, investigate, resolve, and recover from identified vulnerabilities and security incidents in a timely manner. We maintain controls and procedures that include escalation procedures based on the nature and severity of the incident to ensure prompt escalation so that decisions regarding materiality of the incident and any necessary public disclosure and reporting of such incidents can be made in a timely manner. We maintain controls and procedures that are designed to ensure prompt escalation of certain cybersecurity incidents so that decisions regarding materiality of the incident and any necessary public disclosure and reporting of such incidents can be made in a timely manner. In the last several fiscal years, we have not experienced any material cybersecurity incident and the expenses we have incurred from security incidents were immaterial. As a result, we do not believe that cybersecurity threats, including as a result of any previous cybersecurity incidents, have materially impacted our results of operations and financial condition. As cybersecurity threats become more sophisticated and coordinated, it is reasonably likely that we will be required to expend greater resources to continue to modify and enhance our protective measures as we pursue our business strategies.
Cybersecurity Risks. Notwithstanding the extensive approach we take to cybersecurity, we may not be successful in preventing or mitigating a cybersecurity incident that could have a material adverse effect on us. While we maintain cybersecurity insurance, the costs related to cybersecurity incidents may not be fully insured. See "Risk Factors — A cybersecurity incident, disruption, or failure of our information systems or those of our third-party providers could adversely impact our reputation, business, and financial results."
Governance
Board Oversight of Cybersecurity Risk. Our Board’s role is to engage in informed oversight of enterprise-wide risks as managed through our ERM program, including cybersecurity. While the full Board has overall responsibility for risk oversight, the Board has delegated oversight responsibility related to risks from cybersecurity threats to the Audit Committee.
27
Executive Oversight of Cybersecurity. Management is responsible for the Company’s planning, identification, assessment, and mitigation of risks from cybersecurity threats. Our CISO, Chief Administrative Officer, and Chief Operating Officer comprise our Core Cybersecurity Management Team (the "CCMT"). The CCMT has oversight of Teradata’s CIRP and is informed and consulted on the response and resolution process for cybersecurity incidents. The CCMT is responsible for determining communications to inform relevant stakeholders of cybersecurity incidents as applicable, relevant, and/or required, including the Board; Audit Committee; the executive leadership team; investors; customers; employees; law enforcement; and regulators.
Depending on the nature and/or severity of the incident, additional stakeholders within the broader enterprise-wide management team may be included in the assessment, response, and resolution of an incident by the CCMT. Depending on the nature and/or severity of the incident, additional stakeholders within the broader enterprise-wide management team may be included in the assessment, response, and resolution of an incident by the CCMT. The broader management team for this purpose may include, but is not limited to, executive and senior leaders in our Product, Customer, People, Information Technology, and Law functions, as well as others that may be considered necessary (collectively referred to as the "ECMT"). The ECMT provides oversight, perspective, and support from their respective areas of expertise to assist in analyzing the cybersecurity incident, materiality of the incident, and remediation considerations.
CISO and Cybersecurity Team. Our Information Security function is led by our CISO and is responsible for executing our enterprise-wide cybersecurity strategy, policy, standards, architecture, and processes.
•The Information Security function consists of qualified professionals in cybersecurity. This team sets the cybersecurity strategy for Teradata; develops Teradata’s cybersecurity architecture and deploys and manages tools and technologies aligned with such architecture to safeguard our information systems; manages the cybersecurity training required of our employees; monitors our cybersecurity threats and incidents; escalates the occurrence of cybersecurity incidents pursuant to the CIRP; and addresses and incorporates mitigation items.
•The CISO appoints a Cybersecurity Incident Response Coordinator ("CIRC") to lead the management of cybersecurity incidents. The primary responsibilities of the CIRC include, but are not limited to:
◦receiving and tracking all reported potential cybersecurity threats;
◦escalating incident response;
◦determining relevant stakeholders of the Information Technology function and cybersecurity incident response team, which team is selected by CIRC to serve as the lead function for investigating and coordinating cybersecurity incidents;
◦alerting the applicable support functions of the potential cybersecurity threat and any defensive action that would be required; and
◦alerting management, as applicable and necessary, of the potential cybersecurity threat.
Members of our Information Security function have broad ranges of qualifications and experience in information technology and security. The team within the Information Security function (referred hereinto as the "cybersecurity team") possesses technical knowledge, practical skills, and strategic insight, gained through years of experience in the field of cybersecurity. ◦The team within the Information Security function (referred hereinto as the "cybersecurity team") possesses a robust blend of technical knowledge, practical skills, and strategic insight, gained through years of experience in the field of cybersecurity. Additionally, they possess various certifications in specific technologies and cloud security from providers like AWS and Microsoft, along with numerous other industry-relevant security certifications. Additionally, they possess various other certifications in specific technologies and cloud security from providers like AWS and Microsoft, along with numerous other industry-relevant security certifications. The cybersecurity team periodically attends training programs to update their skills and knowledge. Our CISO is a seasoned cybersecurity executive with 20+ years of experience working with security programs across global technology organizations. He brings experience in cloud security, regulatory compliance, and incident response. He has experience with many different types of enterprises, including, private companies, consumer platforms, and publicly listed companies. He has experience with many different types of enterprises, including the federal government, private companies, and publicly listed companies.
28
Recently Filed
Click on a ticker to see risk factors
| Ticker * | File Date |
|---|---|
| NVTS | 43 minutes ago |
| DAN | 46 minutes ago |
| FSBC | 50 minutes ago |
| CLMB | an hour ago |
| NPKI | an hour ago |
| SBGI | an hour ago |
| BXP | an hour ago |
| SHO | an hour ago |
| HFWA | an hour ago |
| SSP | an hour ago |
| FBP | an hour ago |
| WULF | an hour ago |
| GSG | an hour ago |
| SLV | an hour ago |
| IBIT | an hour ago |
| IAUM | an hour ago |
| IAU | an hour ago |
| ETHA | an hour ago |
| SOLV | 2 hours ago |
| NWN | 2 hours ago |
| TDC | 2 hours ago |
| SAFT | 2 hours ago |
| RPC | 2 hours ago |
| FMAO | 2 hours ago |
| HMN | 2 hours ago |
| STLD | 2 hours ago |
| UBSI | 2 hours ago |
| DKL | 2 hours ago |
| DK | 2 hours ago |
| SBAC | 2 hours ago |
| GLP | 2 hours ago |
| CCBG | 3 hours ago |
| CRI | 3 hours ago |
| SBR | 3 hours ago |
| MSIF | 3 hours ago |
| MAIN | 3 hours ago |
| FMC | 3 hours ago |
| FMBH | 3 hours ago |
| NYT | 4 hours ago |
| LASR | 4 hours ago |
| TXRH | 4 hours ago |
| DRH | 4 hours ago |
| DROR | 4 hours ago |
| ACA | 4 hours ago |
| HOMB | 5 hours ago |
| AVB | 5 hours ago |
| EPD | 5 hours ago |
| WWW | 5 hours ago |
| CHE | 6 hours ago |
| MBWM | 6 hours ago |
