Risk Factors - TDC

-New additions in green
-Changes in blue
-Hover to see similar sentence in last filing

$TDC Risk Factor changes from 00/02/24/23/2023 to 00/02/23/24/2024

Item 1A. RISK FACTORSYou should carefully consider each of the following risk factors and all other information set forth in this Annual Report. Based on the information currently known to us, we believe that the following information identifies the most significant risk factors affecting our company in each of these categories of risks. However, the risks and uncertainties our Company faces are not limited to those set forth in the risk factors described below. Additional risks and uncertainties not presently known to us or that we currently believe to be immaterial may also adversely affect our business. In addition, past financial performance may not be a reliable indicator of future performance, and historical trends should not be used to anticipate results or trends in future periods. If any of the following risks and uncertainties develops into actual events or occurrences, these events could have a material adverse effect on our business, financial condition or results of operations. In such case, the trading price of our common stock could decline. 14Table of ContentsRISKS RELATED TO OUR BUSINESS AND OPERATIONSOur failure to successfully execute our cloud-first strategy and achieve the anticipated benefits of our business transformation, which includes successfully developing, launching, and scaling cloud-based products and product enhancements and/or enabling our data platform to operate effectively in cloud environments, including those of our cloud service provider partners, could have a material adverse effect on our competitive position, business, brand and reputation, financial condition, results of operations and cash flows. RISKS RELATED TO OUR BUSINESS AND OPERATIONSOur failure to successfully execute our cloud-first strategy and achieve the anticipated benefits of our business transformation, which includes successfully developing, launching, and scaling cloud-based products and product enhancements and/or enabling our data platform to operate effectively in cloud environments, could have a material adverse effect on our competitive position, business, brand and reputation, financial condition, results of operations and cash flows. The successful implementation of our cloud-first strategy coupled with the continued execution of our business transformation presents organizational and infrastructure challenges.The successful implementation of our cloud-first strategy and continued execution of our business transformation presents organizational and infrastructure challenges. We may not be able to implement, execute and realize some or all of the anticipated benefits from our strategy or our business transformation plan on a timely basis, or at all. Even if the anticipated benefits and savings are substantially realized, there may be unforeseen consequences, internal control issues, or business impacts. A core component of our business strategy is to expand and enhance our product offerings, particularly for analytic solutions in a cloud-based environment with cloud service providers, to include newer market-relevant features, functionality, and cloud native options, including AI/ML, and to keep pace with price-to-performance gains. A core component of our business strategy is to expand and enhance our product offerings, particularly for analytic solutions in a cloud-based environment, to include newer market-relevant features, functionality, and cloud native options and to keep pace with price-to-performance gains. In this regard, we have launched our Teradata VantageCloud Lake and Teradata VantageCloud Enterprise components of our Teradata Vantage platform, have focused on migrating our customers from on-premises environments to the cloud and upgrading our customers from our VantageCloud Enterprise environment to our VantageCloud Lake environment, and consistently released additional capabilities and new cloud platforms throughout 2023, and we expect that we will continue to enhance our cloud offerings in the future. In addition, we are focused on expanding our customer's workloads in both our on-premises and cloud platforms. Shortened product life cycles due to customer demands and competitive pressures impact the pace at which we must introduce and implement new technology as part of our product offerings. This requires a high-level anticipation of customer needs and technology trends, as well as innovation by both our software developers and the suppliers of the third-party software components included in our solutions. Bringing new offerings to the market entails a costly and, at times, lengthy process, may increase our risk of liability and cause us to incur significant technical, legal or other costs. In addition, bringing new offerings to the market entails a costly and lengthy process, may increase our risk of liability and cause us to incur significant technical, legal or other costs. Furthermore, as we migrate our customers from on-premises environments to the cloud, upgrade customers from VantageCloud Enterprise to VantageCloud Lake, and expand our customer's workloads we may incur unexpected costs or delays. New cloud offerings, migrations, expansions, upgrades, and deployment models that we rollout may not be successful and we may not be able to develop the necessary business models, infrastructure and systems to support and scale the business as our business evolves. This includes acquiring, retaining and developing the right people to execute our business strategy in a competitive job market. In addition, market acceptance of new product and service offerings will be dependent in part on our ability to include functionality and usability that address customer requirements, and to optimally price our offerings and services to meet customer demand and cover our costs. Our go-to-market, cloud, and multi-cloud strategies also must adjust to customers' changing buying preferences, and there can be no assurance that our go-to-market approach will adequately and completely address such preferences.As part of our business strategy, we also continue to dedicate a significant amount of resources to our R&D efforts in order to maintain and advance our competitive position, including our initiatives to provide and improve our offerings for cloud environments and to enable our data platform to operate effectively in cloud environments. However, we may not receive significant revenues from these investments for several years, if at all. R&D expenses represent a significant portion of our discretionary fixed costs. We may not successfully execute on our vision or strategy because of challenges we may face, including with regard to product planning and timing, technical hurdles that we fail to overcome in a timely fashion, cloud service provider costs or other requirements, or a lack of appropriate resources. We may not successfully execute on our vision or strategy because of challenges we may face, including with regard to product planning and timing, technical hurdles that we fail to overcome in a timely fashion, or a lack of appropriate resources. If we are unable to successfully execute on our cloud-first strategy and/or continue to respond to market demands, develop leading technologies, timely deliver offerings to the market, timely scale our cloud business to achieve gross margins comparable or better than our on-premises business, continue successful migrations for our customers, and maintain our leadership in analytic data solutions performance and scalability, our competitive position, business, brand and reputation, financial condition, guidance, and forecasts, results of operations, and cash flows may be adversely affected. If we are unable to successfully execute on our cloud-first strategy and/or continue to respond to market demands, develop leading technologies, timely deliver offerings to the market, timely scale our cloud 14Table of Contentsbusiness to achieve gross margins comparable or better than our on-premises business, and maintain our leadership in analytic data solutions performance and scalability, our competitive position, business, brand and reputation, financial condition, guidance, and forecasts, results of operations, and cash flows may be adversely affected. Unanticipated delays or accelerations in our sales cycles makes accurate estimation of our revenues difficult and have resulted in, and could in the future result in, significant fluctuations in our quarterly operating results and could impact any financial guidance and forecasts that we may provide.Unanticipated delays or accelerations in our sales cycles makes accurate estimation of our revenues difficult and could result in significant fluctuations in our quarterly operating results and could impact any financial guidance and forecasts that we may provide. 15Table of ContentsThe length of our sales cycle varies depending on several factors over which we may have little or no control, including the size and complexity of a potential transaction, whether a sale involves a cloud offering, the level of competition that we encounter in our selling activities, and our current and potential customers’ internal budgeting and approval process, as well as overall macro-economic conditions.The length of our sales cycle varies depending on several factors over which we may have little or no control, including the size and complexity of a potential transaction, whether a sale involves a cloud offering, the level of competition that we encounter in our selling activities and our current and potential customers’ internal budgeting and approval process, as well as overall macro-economic conditions. In addition, our account team has had difficulty in the past obtaining and assessing information as to whether a transaction is proceeding as planned or if a longer sales cycle will be required, and such difficulty may continue in the future. Because of a generally long sales cycle, we may expend significant effort over a long period of time in an attempt to obtain an order, but ultimately not complete the sale, or the order ultimately received may be smaller than anticipated. The long sales cycle for our products also makes it difficult to predict the quarter in which sales will occur. For instance, in the fourth quarter of 2023, we experienced elongated sales cycles resulting in Teradata’s Public Cloud ARR for the 2023 fiscal year falling below the 2023 Public Cloud ARR guidance range that had previously been provided. Delays in sales have caused, and could in the future cause, significant variability in our results for any particular period and have impacted, and could in the future impact, any financial guidance and forecasts that we may provide.We may experience variability in our operating results based on the purchasing behavior of our customers. Our business has substantially shifted from a traditional, perpetual pricing and revenue model to a subscription-based model in which less revenue is recognized upfront at the time the customer enters into a transaction. The pace and extent to which customers will continue to purchase, consume and renew our offerings on a subscription basis is variable and, therefore, has impacts on our results and operations. The pace 15Table of Contentsand extent to which customers will continue to purchase, consume and renew our offerings on a subscription basis is variable and, therefore, has impacts on our results and operations. In addition, we have flexible pricing options for our cloud customers, including consumption-unit based, "pay as you go" pricing. Under such a pricing model, we generally recognize revenue based on consumption. To the extent that customers opt for such a flexible pricing model, we may not be able to accurately forecast the timing of customer consumption of our offerings. As a result, our actual results may differ from our projections. Furthermore, our on-premises subscription arrangements may provide the customers with the right to cancel our agreement upon certain notice periods, which we may change in the future. Such arrangements may impact the timing of revenue recognition for these customers and result in fluctuations in our quarterly operating results.As we develop new offerings with enhanced capacity, delivery and performance capabilities, the increased difficulty and complexity associated with producing these offerings may increase the likelihood of reliability, quality, operability, and/or security issues. From time to time, errors or security flaws are identified in our offerings, which in certain cases are discovered after the offerings are introduced and delivered to customers. This risk is enhanced when offerings are first introduced or when new versions are released. In particular, when we develop offerings with more advanced technology, the production of such offerings involve increased difficulty and complexity and as a result may increase the likelihood of reliability, quality, operability, and/or security issues with such offerings. Our products and services may also fail to perform to the full specifications and expectations of our customers, including as part of transitioning customers to the cloud, in particular those that involve customer and/or third-party dependencies. Additionally, third-party components that we integrate into our solutions can have undetected quality issues that can impact the performance of our offerings. We may not be able to detect or remedy all errors, including those that may be deemed critical by our customers, prior to release or deployment. Such reliability, quality, operability, and security issues may negatively impact our ability to retain current customers, including due to customer cancellations or non-renewals, as well as our ability to obtain new customers and could expose us to liability, performance and warranty claims, as well as harm our brand and reputation. These and other risks associated with new offerings may have a material adverse impact on our results of operations and future performance.A cybersecurity incident, disruption, or failure of our information systems or those of our third-party providers could adversely impact our reputation, business, and financial results.A breach of security, disruption, or failure of our information systems or those of our third-party providers could adversely impact our business and financial results. Our operations are critically dependent on the security of our computer systems, the computer systems of our key suppliers and third parties, and the information stored in such systems. We face risks from, among other things, natural disasters (such as earthquakes and fires), technological threats (such as cyber-attacks, power outages, and telecommunications failures), and human actions (such as unauthorized access or exploitations, insider actions, phishing schemes, and other events). Increasingly, companies are subject to a wide variety of attacks on their networks on an ongoing basis. Incidences of cyberattacks and other cybersecurity breaches and incidents have 16Table of Contentsincreased and are likely to continue to increase. The occurrence of one or more of these events could result in data loss, system outages, and other interruptions in our operations, which could have a material adverse effect on our business, financial condition or results of operations. The occurrence of one or more of these events could result in system failures and other interruptions in our operations, which could have a material adverse effect on our business, financial condition or results of operations. Despite robust data security measures and skilled computer programmers, nation state sponsored cyber attackers (including from countries such as Iran, China, Russia and certain Eastern European nations) and hackers may be able to penetrate our network security or that of our third-party providers and misappropriate or compromise our intellectual property or other confidential information or that of our customers, create system disruptions or cause shutdowns.Experienced computer programmers, Nation State Sponsored Advanced Persistent Code ("NSSAPC") attackers (from countries such as Iran, China, Russia and certain European Eastern Bloc countries) and hackers may be able to penetrate our network security or that of our third-party providers and misappropriate or compromise our intellectual property or other confidential information or that of our customers, create system disruptions or cause shutdowns. They may also be able to develop and deploy viruses, worms, and other malicious software programs that attack our systems or products or otherwise exploit security vulnerabilities of our systems or products. In addition, phishing-scheme-perpetrators may be able to lure employees or contractors into providing such perpetrators with information that may enable them to avoid some of our network security controls or those of third-party providers which could result in system disruptions or a loss of confidential and proprietary information.While immaterial in impact, we have been subject to actual and threatened cyber-attacks, and there can be no assurance that our defensive measures will be adequate to prevent them in the future.We have been subject to actual and potential cyber-attacks, and there can be no assurance that our defensive measures will be adequate to prevent them in the future. From time to time we discover vulnerabilities in our software products, and while we routinely perform regular system updates and patches to our various information systems and our products to address such vulnerabilities, our security measures may not be able to detect and address each vulnerability, which if exploited by threat actors, can result in a cyber incident with material impact to our business, financial condition and results of operations. When such attacks occur, we could incur significant liability to our customers whose information was compromised, and our product platform may be perceived as less desirable, which could negatively affect our business and damage our reputation. Further, because we do not control our third-party service providers, or the processing of data by our third-party service providers, we cannot ensure the integrity or security of measures they take to protect customer information and prevent data loss. These types of activities will recur and persist, one or more of them may be successful in the future, and one or more of them may have been or will be successful but not detected, prevented, remediated or mitigated by us, and the costs to us to eliminate, detect, prevent, remediate, mitigate or alleviate cyber security or security vulnerabilities could be significant, and our efforts to address these problems may not be successful and could adversely impact our future results of operations. If as a result of these events, the information stored on our or our customers’ systems could be accessed, publicly disclosed, altered, lost or stolen, they can subject us to additional liability and cause us financial harm. In addition, our disclosures concerning security incidents may become the subject of litigation, and cause us, especially in the event of an adverse court ruling, additional financial strain and reputational harm. While we take and will continue to take remediation steps, there is no guarantee that our preventative and mitigation actions with respect to any cybersecurity incident will fully eliminate the risk of a malicious compromise of our, our third-party service providers’ or our customers’ systems.Additionally, we offer the ability for our employees to choose a remote work location which introduces additional security challenges. The increase in endpoints to manage and reliance on employees to adhere to information security policies and hygiene practices, heightens the vulnerability of our systems to security breaches.While we maintain insurance coverage for certain liabilities related to cyber-attacks and/or data breaches, such coverage may not adequately cover all costs, expenses, liability and damages that we or our customers may incur as a result of such incidents. In addition, while we 17Table of Contentsmaintain insurance coverage to cover certain liabilities related to cyber-attacks and/or data breaches, such coverage may not adequately cover all costs, expenses, liability and damages that we or our customers may incur as a result of such incidents. The transition to cloud-based software-as-a-service (SaaS) and cloud solutions has increased our exposure to information security risks related to the protection of sensitive information processed through these solutions and any unauthorized access to or use of such systems could adversely impact our results of operation, reputation, and relationships with our customers.Prior to our transition to a subscription-based business, our customers generally purchased or leased on-premises hardware systems used in connection with our software solutions, which our customers deployed and operated. With respect to these types of customer on-premises solutions, the customer, directly or through its selected services providers, has full control over its data security. Our ongoing transition from traditional on-premises hardware systems to cloud-based SaaS offerings has altered our information security risk landscape. Cloud-based SaaS offerings generally require us to deploy or operate solutions for our customers, directly or through the use of third-party services providers, either on-premises at customer-selected data center facilities, or at third-party-hosted data 17Table of Contentscenter facilities. By contrast, our software-as-a-service or cloud offerings generally require us to deploy or operate solutions for our customers, directly or through the use of third-party services providers, either on-premises at customer-selected data center facilities, or at third-party-hosted data center facilities. As a result, more responsibility for data security has been transferred to us and our third-party service providers. Furthermore, in cloud environments, we are exposed to additional security risks (such as compromised credentials, hijacked accounts, data breaches due to misconfigured cloud storage, inadequate security practices by third-party providers, and vulnerabilities in shared technology) and bear greater responsibility for securing data against unauthorized access, data breaches, and other cyber threats. This responsibility extends not only to our infrastructure but also to third-party cloud service providers we engage. The transition to cloud-based SaaS and cloud solutions has increased our exposure to risks related to the protection of sensitive information processed through these solutions and the need to obtain various security certifications for our Vantage Cloud platforms, such as the Federal Risk and Authorization Management Program ("FedRAMP®"), to remain competitive in certain industries. The distributed nature of cloud computing can also complicate data governance and compliance with various global data protection regulations. If unauthorized access to or use of such information or systems occurs, despite data security measures and third-party commitments to protect them, our results of operation, reputation, and relationships with our customers could be adversely impacted. Even the perception of inadequate security, including as a result of delays or failure to obtain necessary security certifications, may damage our reputation and negatively impact our ability to win new customers and retain existing customers, consequently adversely impacting our financial performance and condition. If our existing customers fail to renew, or cancel, their subscription license arrangements or support agreements, or if customers do not renew on terms favorable to us, our business could be adversely affected.If our existing customers fail to renew, or cancel, their subscription license arrangements or support agreements, or if customers do not renew on terms favorable to us, our business could be adversely affected. Teradata’s platform offerings have been expanded to include a variety of subscription options, which impact the timing of when revenues are recognized and related cash flows are collected. The IT industry generally has been experiencing increasing pricing pressure from customers when purchasing or renewing support agreements. In addition, we are in a transformation to a cloud-first company. As our on-premises customers migrate all or a portion of their data analytics solutions to a cloud-based environment, some customers have selected a cloud-based offering of one of our competitors and existing customers may do so in the future. In addition, as our on-premises customers migrate all or a portion of their data analytics solutions to a cloud-based environment, some customers may select a cloud-based offering of one of our competitors and consequently cancel all or a portion of their arrangements with us. As a result, such customers have cancelled all or a portion of their arrangements with us and may continue to do so in the future. While customer cancellations we have had to date have not been material to our business, they could become material in the future. Mergers and acquisitions in certain industries that we serve could result in a reduction of the software and hardware being supported and put pressure on our subscription and support terms with customers who have merged. Given these factors, there can be no assurance that our current customers will migrate from on-premises to the cloud with Teradata, renew their subscription and/or support agreements, or agree to the same terms when they renew, which could result in our reducing or losing subscription and/or support fees which could adversely impact operating results. Given these factors, there can be no assurance that our current customers will renew their subscription and/or support agreements or agree to the same terms when they renew, which could result in our reducing or losing subscription and/or support fees which could adversely impact operating results. Our future results depend in part on our relationships with strategic partners, key suppliers, and other third parties.Our development, marketing, and distribution plans depend in part on our ability to form strategic alliances with third parties that have complementary offerings, software, services, and skills. Our strategic partners include cloud service providers, consultants and system integrators, software and technology providers, hardware support service providers, and indirect channel distributors in certain countries. These relationships involve risks, including our partners changing their business focus, entering strategic alliances with other companies, being acquired, including by our competitors, failing to meet regulatory requirements, data privacy or other laws, or performance criteria, improperly using our confidential information, exposing our data and/or customer information through the transfer of data to the cloud or otherwise or through other security breaches, or their market reputation deteriorating. These relationships involve risks, including our partners changing their business focus, entering strategic alliances with other companies, being acquired by our competitors, failing to meet regulatory requirements or performance criteria, improperly using our confidential information or their market reputation deteriorating. If we fail to maintain or expand our relationships with strategic partners or if we are forced to seek alternative technology or technology for new solutions that may not be available on commercially reasonable terms, our business may be adversely affected.As part of our cloud-first strategy, the growth of our business is dependent primarily on our relationships with public cloud service providers, Amazon Web Services ("AWS"), Google Cloud, and Microsoft Azure. Our strategic partnerships with these cloud service providers for our cloud offerings on their platforms require significant investments to ensure that our solutions are optimized in these cloud environments. In addition, there are geographies in which we operate that utilize alternative, local cloud-platform service providers where AWS, Google Cloud, and Microsoft Azure are inaccessible or not available. The cloud service providers maintain relationships 18Table of Contentswith certain of our competitors, and our competitors may in the future establish relationships with additional competing cloud data platform providers. The cloud service providers maintain relationships with certain of our competitors, and our competitors may in the future establish relationships with additional competing cloud data platform providers. Furthermore, cloud service providers do and may in the future provide platforms that compete with VantageCloud and VantageCloud Lake. Any of these cloud service providers may decide to modify or terminate our business relationship, change the terms of any agreement or pricing terms that we have with them, or may otherwise enter into preferred relationships with one or more competing cloud data platform providers. Any of these cloud service providers may decide to modify or terminate our business relationship or may otherwise enter into preferred relationships with one or more competing cloud data platform providers. If we are unsuccessful in meeting performance requirements or obtaining future returns on these investments, or if we are otherwise unable to maintain adequate relationships with any of these cloud service providers, our financial results may be adversely impacted.Third-party vendors provide important elements to our solutions; if we do not maintain our relationships with these vendors or if these vendors cease to be going concerns, interruptions in the supply of our offerings may result. There are some components of our solutions that we purchase from single sources due to price, quality, technology or other reasons. For example, we rely on Flex as a key single source contract manufacturer for our on-premises hardware systems. In addition, we buy servers from Dell Technologies Inc. and storage disk systems from NetApp, Inc. Some components supplied by third parties may be critical to our solutions, and several of our suppliers may terminate their agreements with us without cause with 180-days' notice. Some components supplied by third parties may be critical to our solutions, and several of our suppliers may 16Table of Contentsterminate their agreements with us without cause with 180-days' notice. In addition, we rely on certain vendors for hardware support services and parts supply. If we were unable to purchase necessary services, parts, components or offerings from a particular vendor and had to find an alternative supplier, our shipments and deliveries could be delayed. Also, quality issues, commodity, transportation, wage, or other inflationary pressures, a disruption in our supply chain or the need to find alternative suppliers could impact the costs and/or timing associated with procuring necessary offerings, components and services. In any case, our operations could be adversely impacted. Similarly, our suppliers’ offerings and services have certain dependencies with respect to their own supply chain networks, and supply and/or inflation issues among our suppliers may also adversely impact our business.Demand for the offerings and services we sell could decline if we fail to maintain positive brand perception and recognition.In 2023, Teradata introduced a new brand identity. With this brand we strive to be modern, innovative, and reflective of our vision for the future. Our updated brand is designed to highlight Teradata’s role as a leader in AI, analytics, and cloud data. We believe that recognition and the reputation of our brand is key to our success, including our ability to retain existing customers and attract new customers. While we leverage our decades of experience in data analytics and database management services, we believe we have evolved to provide the modern offerings customers need. These include the cloud-native architecture of Teradata VantageCloud Lake, the end-to-end pipeline of AI/ML capabilities in ClearScape Analytics, and our AI and ML engine in the cloud that delivers a completely self-service and serverless experience of Teradata AI Unlimited. The failure for the market to recognize our new brand or misperceptions in the market regarding our cloud, AI, or other capabilities could negatively impact our ability to upgrade existing on-premises customers to our cloud-based solutions or from VantageCloud Enterprise to VantageCloud Lake, drive expansion/consumption growth, and/or acquire new customers for our on-premises and cloud businesses. In addition, damage to the reputation of our brands could result in, among other things, customer cancellations or non-renewals, lower employee retention and productivity, vendor relationship issues, and investor and other stakeholder scrutiny, all of which could materially affect our revenue and profitability.In addition, damage to the reputation of our brands could result in, among other things, declines in customer loyalty, customer cancellations or non-renewals, lower employee retention and productivity, and vendor relationship issues, all of which could materially affect our revenue and profitability. Increases in the cost of components used in our product, and/or increases in our other costs of doing business, have, and could continue to, adversely affect our profit margins.Increases in the cost of components used in our product, employee compensation, and/or increases in our other costs of doing business, have, and could continue to, adversely affect our profit margins. Our cloud offerings are dependent on cloud service providers and require significant investments to ensure that our solutions are optimized in these cloud environments. In addition, our profit margins are currently adversely impacted by the price we pay for cloud services and will continue to do so until we effectively scale our cloud business. Our hardware components are assembled and configured by Flex.Our hardware components are assembled and configured by Flex. Flex also procures a wide variety of components used in the assembly process on our behalf. Although many of these components are available from multiple sources, we utilize preferred supplier relationships to better ensure more consistent quality, cost and delivery. Components used in our products require commodities as part of their manufacturing. In addition, we have a global employee population. As such, increased costs and/or commodity and other inflation, and/or increased tariffs on certain items imported from foreign countries have affected our profit margins and could continue to result in declines in our profit margins. Historically, we have mitigated certain cost increases, in part, by increasing prices on 19Table of Contentssome of our products and collaborating with suppliers, in particular Flex, reviewing alternative sourcing options, and engaging in internal cost reduction efforts, all as appropriate. Historically, we have mitigated certain cost increases, in part, by increasing prices on some of our products and collaborating with suppliers, in particular Flex, reviewing alternative sourcing options, and engaging in internal cost reduction efforts, all as appropriate. However, we may not be able to fully offset increased costs. Further, if any price increases we adopt are not accepted by our customers and the market, our net sales, profit margins, earnings, and market share could be adversely affected.Challenges with the design and implementation of our new enterprise resource planning ("ERP") system could adversely impact our business and operations. We are executing a multi-year initiative to transform and modernize our ERP system. The ERP system is designed to accurately maintain the Company’s financial records, enhance operational functionality, and provide timely information to the Company’s management team related to the operation of the business. The implementation of the new ERP system requires an investment in financial and personnel resources, including substantial expenditures for outside consultants and system expenses in connection with the transformation of our financial and operating processes. While the ERP system is intended to further improve and enhance our information management systems, the ongoing implementation of this new ERP system exposes us to integration complexities and challenges with our existing systems and processes, including the possible disruption of our financial reporting. If we failed to properly design our ERP system or are unable to successfully implement the new ERP system as planned, we may experience increased expenditure and the diversion of personnel resources which could adversely affect our internal control over financial reporting, business operations and financial condition. Any disruption, including as a result of natural disasters or climate change, at or near any of our facilities or other operations or those of our customers, vendors, data warehouses, distribution channels, and public cloud service providers could adversely affect our business.Disruptions could occur as a result of supply chain challenges; decreases in work force availability; natural resources availability; natural disasters; inclement weather, including as exacerbated by global climate change; man-made disasters; or other external events, such as terrorist acts or acts of war, pandemics and/or epidemics, boycotts and sanctions, widespread criminal activities, or protests and/or social unrest, or other events, at or in proximity to any of our facilities or those of our customers, vendors, data warehouses, distribution channels, and public cloud service providers.Disruptions could occur as a result of supply chain challenges; decreases in work force availability; natural resources availability; natural disasters; inclement weather; man-made disasters or other external events, such as terrorist acts or acts of war, pandemics and/or epidemics, boycotts and sanctions, widespread criminal activities, or protests and/or social unrest, or other events, at or in proximity to any of our facilities or those of our customers, vendors, data warehouses, distribution channels, and public cloud service providers. Such events and disruptions could make it difficult or impossible to deliver products and services to our customers or perform critical business functions and could adversely affect our business. Our headquarters and data centers are located in California, a region with a history of seismic activity and wildfires and an extreme risk of drought, flooding, and vulnerability to future water scarcity. As such, we could experience disruptions as a result of natural disasters and/or extreme weather conditions, including sea-level rise, earthquakes, tornadoes, hurricanes, earthquakes, floods, tsunamis, typhoons, drought, and fire, that could impact our business and operations. Such events could pose physical risks to our facilities and data warehouses, result in power outages and shortages, and/or result in failures of global critical infrastructure, telecommunication and security systems, natural resource availability, such as energy and water sources, employees’ ability to work, availability of supply chain and logistics, and the additional costs to maintain or resume operations such as costs to repair damages to our facilities, equipment, infrastructure, and business relationships, each of which could negatively impact our business and operations. Unfavorable weather conditions could pose physical risks to our facilities and data warehouses, result in power outages and shortages, and/or result in failures of global critical infrastructure, telecommunication and security systems, natural resource availability, such as energy and water sources, employees’ ability to work, availability of supply chain and logistics, and the additional costs to maintain or resume operations, each of which could negatively impact our business and operations. Furthermore, environmental regulations are increasing in their frequency of issuance and applicability to our company, particularly due to our operations in California and the European Union. Such regulations may result in changes in the demand for resources that could adversely impact the availability or cost of goods and services, including natural resources necessary to run our business. Climate change and environmental regulations may result in changes in the demand for resources that could adversely impact the availability or cost of goods and services, including natural resources necessary to run our business. The world economy, including our business, realized significant disruption during the COVID-19 pandemic. The occurrence of future global pandemics and/or regional epidemics may disrupt our business in the future. The extent to which our business may be affected in the future is highly uncertain and cannot be predicted as it would be dependent on factors such the duration and scope of the pandemic; governmental, business, and individuals' actions in response to the pandemic; and the impact on economic activity such as financial market instability. Failure to successfully complete reorganization activities in connection with our transformation activities or otherwise could negatively affect our operations.Failure to successfully complete reorganization activities in connection with our transformation activities or otherwise could negatively affect our operations. We have completed reorganization efforts in connection with our business transformation and we may continue to complete reorganization activity in furtherance of our strategy. In addition, from time to time, we may wind down certain business activities and/or facilities, cease doing business in certain geographic areas, and/or perform other organizational reorganization projects in an effort to reduce costs and optimize operations. For example, in 2022, we ceased our operations in Russia to comply with sanctions imposed as a result of Russia’s invasion of Ukraine and in 20Table of Contents2023 we ceased our direct operations in China. For example, in 2022, we ceased our operations in Russia and Belarus to comply with sanctions imposed as a result of Russia’s invasion of Ukraine. Reorganization activities involve risks as they may divert management's attention from our core businesses, increase expenses on a short‑term basis or reduce revenues. We may also experience a loss of continuity, loss of accumulated knowledge, or loss of efficiency during such transitional periods, all of which may negatively impact our business, financial condition, operating results, and cash flows.Our business is affected by the global economies in which we operate and the economic climate of the industries we serve.Our business and results of operations are affected by international, national and regional economic conditions. In particular, the IT industry in which we operate is susceptible to significant changes in the strength of the economy and the financial health of companies and governmental entities that make spending commitments for new technologies. Accordingly, adverse global economic, inflationary, recessionary, and market conditions, including in certain economic sectors in which many of our customers operate (such as retail, manufacturing, financial services or government), may adversely impact our business. For example, adverse changes to the economy could impact the timing of purchases by our current and potential customers or the ability of our customers to fulfill their obligations to us. In addition, decreased or more closely scrutinized spending in our customers’ businesses and in the industries we serve, may adversely impact our business. Uncertainty about future economic conditions may make it difficult for us to forecast operating results and to make decisions about future investments. In addition, our inability or failure to quickly respond to inflation and the resulting buying behaviors of our customers could harm our business, results of operations and financial condition. Our success in periods of economic uncertainty may also be dependent, in part, on our ability to reduce costs in response to changes in demand, inflation or other activity.Generating substantial revenues from our international operations poses several risks.In 2023, the percentage of our total revenues from outside of the United States was 47%. We have exposure to more than 30 functional currencies. The risks associated with the geographic scope of our business operations include, among other things the following:•Cultural, management, and staffing challenges associated with operating in countries around the world, including developing countries;•Realignment of our international strategy and organization structure;•The imposition of additional and/or different country laws, governmental controls and regulations; •The ever-changing macro-economic and geo-political (including local conflicts and wars) environments we operate in; •Longer payment cycles for sales in certain foreign countries and difficulties in enforcing contracts and collecting accounts receivable;•Fluctuations in the value of local currencies and foreign currency controls in various jurisdictions where we operate, including Argentina;•Tariffs or other restrictions on foreign trade or investment; •Foreign trade policy changes, trade regulations, and/or disputes may adversely affect sales of our solutions and services and may result in longer sales cycles;•The imposition of sanctions against a country, company, person or entity with whom we do business that would restrict or prohibit our business; and•Foreign government activities that favor domestic companies, including those that may require companies to procure goods and services from locally-based suppliers. The risks associated with the geographic scope of our business operations include, among other things the following:•Cultural, management, and staffing challenges associated with operating in countries around the world, including developing countries;•Realignment of our international strategy and organization structure;•The imposition of additional and/or different governmental controls and regulations; •The ever-changing macro-economic and geo-political environment we operate in; •Longer payment cycles for sales in foreign countries and difficulties in enforcing contracts and collecting accounts receivable;•Fluctuations in the value of local currencies;•Tariffs or other restrictions on foreign trade or investment; •Foreign trade policy changes, trade regulations, and/or disputes may adversely affect sales of our solutions and services and may result in longer sales cycles;•The imposition of sanctions against a country, company, person or entity with whom we do business that would restrict or prohibit our business; and•Foreign government activities that favor domestic companies, including those that may require companies to procure goods and services from locally-based suppliers. Any of these events, among others, could materially and adversely affect our financial condition and operating results. Our offerings are subject to United States export controls and, when exported from the United States, or re-exported to another country, must be authorized under applicable United States export regulations. Changes in our offerings or changes in export regulations may create delays in the introduction of our offerings in international markets, prevent our customers with international operations from deploying our offerings throughout their global systems or, in some cases, prevent the export of our offerings to certain countries or customers altogether. Any change in export regulations or related legislation, shift in approach to the enforcement or scope of existing regulations, or change in the countries, persons or technologies targeted by these regulations could result in decreased use of our offerings by, or in our decreased ability to export or sell our offerings to, existing or potential customers with 21Table of Contentsinternational operations. There is active enforcement and ongoing focus by the SEC and other governmental authorities on the United States Foreign Corrupt Practices Act, the U.There is active enforcement and ongoing focus by the SEC and other governmental authorities on the United States Foreign Corrupt Practices Act, the U. K. Bribery Act of 2010 and similar anti-bribery, anti-corruption laws in other countries. Given the breadth and scope of our international operations, we may not in all cases be able to detect improper or unlawful conduct by our partners, distributors, resellers, customers, and employees, despite our high ethics, governance and compliance standards, which could put the Company at risk regarding possible violations of such laws and could result in various civil or criminal fines, penalties or administrative sanctions, and related costs, which could negatively impact the Company's business, brand, results of operations or financial condition. Given the breadth and scope of our international operations, we may not be able to detect improper or unlawful conduct by our international partners and employees, despite our high ethics, governance and compliance standards, which could put the Company at risk regarding possible violations of such laws and could result in various civil or criminal fines, penalties or administrative sanctions, and related costs, which could negatively impact the Company's business, brand, results of operations or financial condition. Inadequate internal control over financial reporting and accounting practices could lead to errors, which could adversely impact our ability to assure timely and accurate financial reporting.Internal control over financial reporting, no matter how well designed and operated, can provide only reasonable, not absolute, assurance that the control objectives will be met. These inherent limitations include system errors, the potential for human error and unauthorized actions of employees or contractors, inadequacy of controls, temporary lapses in controls due to shortfalls in transition planning and oversight of resources, and other factors. Consequently, such controls may not prevent or detect misstatements in our reported financial results as required under the Securities and Exchange Commission ("SEC") and the New York Stock Exchange ("NYSE") rules, which could increase our operating costs or impair our ability to operate our business. Controls may also become inadequate due to changes in circumstances, and it is necessary to replace, upgrade or modify our internal information systems from time to time. In addition, unforeseen risks may arise in connection with financial reporting systems due to inefficient business processes, business process reengineering projects, or changes in accounting standards.If management is not successful in maintaining a strong internal control environment, material weaknesses could occur, causing investors to lose confidence in our reported financial information. This could lead to a decline in our stock price, limit our ability to access the capital markets in the future, and require us to incur additional costs to improve our internal control systems and procedures.Increased scrutiny from governments, investors, raters, customers, and others regarding our environmental, social, and governance ("ESG") practices and our inability to achieve any ESG goals we establish could impose additional costs, expose us to new risks, or negatively impact our reputation. Increased scrutiny from governments, investors, raters, customers, and others regarding our environmental, social, and governance ("ESG") practices and our inability to achieve any ESG goals we establish could impose additional costs, expose us to new risks, or negatively impact our reputation. The ESG landscape is constantly changing, with an increased focus from certain investors, raters, employees, customers, and other stakeholders which could result in greater expectations of us and our ESG initiatives, goals, efforts, transparency, and communications which may not satisfy our stakeholders. The ESG landscape is constantly changing, with an increased focus from certain investors, raters, employees, customers and other stakeholders which could result in greater expectations of us and our ESG initiatives, goals, efforts, transparency and communications which may not satisfy our stakeholders. To meet expectations from our stakeholders, we are working to align our reporting with emerging ESG disclosure frameworks, new regulations, including those passed in the European Union and the state of California, and potential new disclosure requirements, while we also seek to report timely on progress toward our ESG objectives. We have established ESG goals, and we expect to continue to establish additional ESG goals in which our ESG goals and/or our ESG program performance may be reviewed by third-party providers such as raters and rankers who may unfavorably evaluate our ESG initiatives. If we fail, or are perceived to fail, to meet our stakeholders’ and/or raters’ expectations, including the achievement of the ESG goals that we establish, we could be exposed to increased risk of litigation, difficulty in attracting and retaining employees, negative investor sentiment, and an adverse impact on our reputation.RISKS RELATED TO OUR INDUSTRYOur cloud and service offerings are designed to offer AI/ML capabilities, which exposes us to an uncertain regulatory environment and rapidly changing technology where any inability to comply with any such regulations may result in reputational harm, liability and disruption to our business operations.The AI/ML regulatory environment is rapidly evolving, and it is difficult to predict the impact the evolving regulatory landscape may have on our business, results of operations and financial condition. Teradata VantageCloud Enterprise, Teradata VantageCloud Lake, and ClearScape Analytics are designed to deliver harmonized data, AI/ML, and faster innovation to facilitate better decision-making. AI/ML technologies are rapidly 22Table of Contentschanging, and with the evolving regulatory environment, we may be subject to increased regulatory requirements, as well as other risks such as data privacy concerns, intellectual property disputes, and exposure to litigation. The IT industry is intensely competitive and evolving, and competitive pressures could adversely affect our pricing practices or demand for our offerings and services.RISKS RELATED TO OUR INDUSTRYThe IT industry is intensely competitive and evolving, and competitive pressures could adversely affect our pricing practices or demand for our offerings and services. We operate in the intensely competitive IT industry, which is characterized by rapidly changing technology, evolving industry standards and models for consuming and delivering business and IT services, frequent new product introductions, and frequent price and cost reductions. In general, as a participant in the data analytic solutions market, we face:•Changes in customer spending preferences and other shifts in market demands, which drive changes in the Company's competition;•Changes in pricing, marketing and product strategies, such as potential aggressive price discounting and the use of different pricing models by our competitors;•Rapid changes in product delivery models, such as on-premises solutions versus cloud solutions; •Rapid changes in computing technology and capabilities that challenge our ability to maintain differentiation; •New and emerging analytic technologies, including for AI/ML, competitors, and business models; •Continued emergence of open-source software that often rivals current technology offerings at a much lower cost despite its limited functionality;•Changing competitive requirements and deliverables in developing and emerging markets; and •Continuing trend toward consolidation of companies, which could adversely affect our ability to compete, including if our key partners merge or partner with our competitors. In general, as a participant in the data analytic solutions market, we face:•Changes in customer IT spending preferences and other shifts in market demands, which drive changes in the Company's competition;•Changes in pricing, marketing and product strategies, such as potential aggressive price discounting and the use of different pricing models by our competitors;•Rapid changes in product delivery models, such as on-premises solutions versus cloud solutions; •Rapid changes in computing technology and capabilities that challenge our ability to maintain differentiation at the lower range of business intelligence analytic functions; •New and emerging analytic technologies, competitors, and business models; •Continued emergence of open-source software that often rivals current technology offerings at a much lower cost despite its limited functionality;•Changing competitive requirements and deliverables in developing and emerging markets; and •Continuing trend toward consolidation of companies, which could adversely affect our ability to compete, including if our key partners merge or partner with our competitors. Our competitors include established companies within our industry, including Amazon, Google, IBM, Oracle, Microsoft, and SAP, which are well-capitalized companies with widespread distribution, brand recognition and penetration of our product platforms and service offerings. The significant purchasing and market power of these larger competitors, which have greater financial resources than we do, could allow them to surpass our market penetration and marketing efforts to promote and sell their offerings and services. In addition, many other companies participate in specific areas of our business, such as enterprise applications, analytic platforms and business intelligence software. In some cases, we may partner with a company in one area of our business and compete with them in another. In particular, in delivering our Teradata VantageCloud offerings in a cloud environment to certain of our customers, we partner with each of Amazon Web Services, Google, and Microsoft, which are public cloud service providers. In particular, in delivering our Teradata VantageCloud and ClearScape Analytics platforms in a cloud environment to certain of our customers, we partner with each of Amazon Web Services, Google, and Microsoft, which are public cloud service providers. The status of our business relationships with these companies can influence our ability to compete for analytic data solutions opportunities in such areas. In addition, we see additional competition from both established and emerging cloud-only data vendors and open-source providers. Failure to compete successfully with new or existing competitors in these and other areas could have a material adverse impact on our ability to generate additional revenues or sustain existing revenue levels.Current and evolving privacy laws and regulations regarding cloud computing, cross-border data transfer restrictions and other aspects of data privacy may impact the use and adoption of our solutions and services and adversely affect our business.Federal, state and foreign governments continue to adopt new, or modify existing, laws and regulations addressing data privacy and the collection, processing, storage, transfer and use of data. Some of these impose new obligations directly on the Company as both a data controller and a data processor, as well as on many of our customers. New laws also require us to evaluate any required changes to our solutions and services on an ongoing basis to enable Teradata and/or our customers to comply with the new legal requirements and may also increase our potential liability through higher potential penalties for non-compliance. New laws require us to evaluate any required changes to our solutions and services on an ongoing basis to enable Teradata and/or our customers to comply with the new legal requirements and may also increase our potential liability exposure through higher potential penalties for non-compliance. Further, laws such as the European Union’s proposed e-Privacy Regulation are increasingly aimed at the use of personal information for marketing purposes, and the tracking of individuals’ online activities. These new or proposed laws and regulations are also subject to differing interpretations which may be inconsistent among jurisdictions. These new or proposed laws and regulations are subject to differing interpretations and may be inconsistent among jurisdictions. These and other requirements could reduce demand for our solutions and services, require us to take on more onerous obligations in our contracts, restrict our ability to store, transfer and process data or, in some cases, impact our ability to offer our solutions and services in certain locations or our customers' ability to deploy our solutions globally. For example, existing and developing laws regarding how companies transfer personal data from the European Economic Area to the United States and other third-world countries can be unpredictable and could result in further limitations on the ability to transfer data 23Table of Contentsacross borders, particularly if governments are unable or unwilling to create new, or maintain existing, mechanisms that support cross-border data transfers. For example, existing and developing laws regarding how companies transfer personal data from the European Economic Area to the United States could result in further limitations on the ability to transfer data across borders, particularly if governments are unable or unwilling to create new, or maintain existing, mechanisms that support cross-border data transfers, such as the long-awaited replacement for the EU-U. Additionally, certain countries have passed or are considering passing laws requiring local data residency. The costs of compliance with, and other burdens imposed by, privacy laws, regulations and standards may limit the use and adoption of our solutions and services, reduce overall demand for our solutions and services, make it more difficult to meet expectations from or commitments to customers, lead to significant fines, penalties or liabilities for noncompliance, or slow the pace at which we close sales transactions, any of which could harm our business.In addition to government activity, privacy advocacy and other industry groups establish new self-regulatory standards that may place additional burdens on our ability to provide our solutions and services globally. Our customers expect us to meet voluntary certification and other standards established by third parties, such as related International Organization for Standardization ("ISO") standards. If we are unable to maintain these certifications or meet these standards, it could adversely affect our ability to provide our solutions to certain customers and could harm our business.Furthermore, concerns regarding data privacy may cause our customers’ customers to resist providing the data necessary to allow our customers to use our solutions and services effectively. Even the perception that the privacy of personal information is not satisfactorily protected or does not meet regulatory requirements could inhibit sales of our offerings or services and could limit adoption of our cloud-based solutions.RISKS RELATED TO HUMAN CAPITALWe depend on key employees and face competition in hiring and retaining qualified employees.Our employees and access to talent are critical to our success. Our future success depends on our ability to attract, retain, develop, and motivate the services of senior management and key personnel in all areas of our Company, including engineering and development, marketing and sales professionals, and consultants. Competition for highly skilled personnel and acquired talent in the IT industry is intense. We have experienced, and may continue to experience, voluntary workforce attrition, including the loss of senior management and key personnel, in part due to the highly-competitive job market in our industry. Furthermore, we are required to attract and retain talent with expertise in cloud-based technologies, particularly with respect to our engineering and development teams. Furthermore, to advance our cloud-first strategy, we are required to attract and retain talent with expertise in cloud-based technologies, particularly with respect to our engineering and development teams. No assurance can be made that key personnel will remain with us, and it may be difficult and costly to replace such employees and/or obtain qualified talent who are not employees. We implemented a remote working policy to expand our talent pool for key personnel and we cannot predict the longer-term workforce implications. Competition is heightened for diverse talent as companies, including us, develop and enhance DEI initiatives. Our failure to execute on our key culture initiatives, hire, retain or replace our key personnel could have a material adverse impact on our business operations.RISKS RELATED TO LEGAL AND REGULATORY MATTERSWe face uncertainties regarding legal proceedings, complex and changing laws and regulations, and other related matters.In the normal course of business, we are subject to proceedings, lawsuits, claims and other matters, including those that could relate to the environment, health and safety, employee benefits, export compliance, intellectual property, a variety of local laws and regulations, and other regulatory compliance and general matters.In the normal course of business, we are subject to proceedings, lawsuits, claims and other matters, including those that relate to the environment, health and safety, employee benefits, export compliance, intellectual property, a variety of local laws and regulations, and other regulatory compliance and general matters. See "Note 10-Commitments and Contingencies" in the Notes to Consolidated Financial Statements in this Annual Report. See "Note 10-22Table of ContentsCommitments and Contingencies" in the Notes to Consolidated Financial Statements in this Annual Report. Because such matters are subject to many uncertainties, their outcomes are not predictable. There can be no assurances that the amounts required to satisfy alleged liabilities from such matters will not impact future operating results.In addition, we are subject to diverse and complex laws and regulations, including those relating to technology, including AI/ML, corporate governance, data privacy, public disclosure, and reporting, which are rapidly changing and subject to possible changes in the future.In addition, we are subject to diverse and complex laws and regulations, including those relating to corporate governance, public disclosure and reporting, which are rapidly changing and subject to many possible changes in the future. From time to time, we may conduct internal investigations to ensure compliance with such laws and regulations, the costs or results of which could impact our financial results. From time to time, we may conduct internal investigations in connection with our efforts to ensure compliance with such laws and regulations, the costs or results of which could impact our financial results. In addition, we may be subject to unexpected costs in connection with new public disclosure or other regulatory requirements that are issued from time to time. Laws and regulations impacting our customers, such as those relating to privacy, data protection and digital marketing, could also impact our future business. Because we do 24Table of Contentsbusiness in the government sector, we are generally subject to audits and investigations which could result in various civil or criminal fines, penalties or administrative sanctions, including debarment from future government business, which could negatively impact the Company’s results of operations or financial condition. Because we do business in the government sector, we are generally subject to audits and investigations which could result in various civil or criminal fines, penalties or administrative sanctions, including debarment from future government business, which could negatively impact the Company’s results of operations or financial condition. In addition, our facilities and operations, including former facilities and former operations for which we may have liabilities, are subject to a wide range of environmental protection laws. There can be no assurances that the costs required to comply with applicable environmental laws will not adversely impact future operating results.Management time and resources are spent to understand and comply with changing laws, regulations and standards relating to such matters as corporate governance, accounting principles, public disclosure, SEC regulations, and the rules of the NYSE where our shares are listed. Rapid changes in accounting standards, and federal securities laws and regulations, among others, may substantially increase costs to our organization, challenge our ability to timely comply with all of them and could have a negative impact on our future operating results.Gaps in protection of Teradata’s intellectual property or unlicensed use of third-party intellectual property could impact our business and financial condition.As a technology company, our intellectual property portfolio is crucial to our continuing ability to be a leading multi-cloud data and analytics platform provider. We strive to enhance and, as much as is legally and reasonably possible, protect our proprietary intellectual property rights through patent, copyright, trademark and trade secret laws, as well as through technological safeguards and the actions of our people. These efforts include protection of the offerings and application, diagnostic and other software we develop.Where gaps exist in our intellectual property protection, even if such gaps are reasonable, our business could be materially adversely impacted. We may be unable to prevent third parties from using our technology without our authorization or independently developing technology that is similar to ours, particularly in those countries where the laws do not protect our proprietary rights as fully as in the United States (such as Iran, China and certain Eastern European countries who may use NSSAPC to advance their own industries). With respect to inventions for which we choose to file patent applications, we may not be successful in securing patents for these claims, and our competitors may already have applied for patents that, once issued, will prevail over our patent rights or otherwise limit our ability to sell our offerings.While we take steps to provide for confidentiality obligations of employees and third parties with whom we do business (including customers, suppliers and strategic partners), there is a risk that such parties will breach such obligations and jeopardize our intellectual property rights. Many customers have outsourced the administration and management of their data and analytics environments to third parties, including some of our competitors, who then have access to our confidential information. Although we have agreements in place to mitigate this risk, there can be no assurance that such protections will be sufficient. In addition, our ability to capture and re-use field-based developed intellectual property is important to future business opportunities and profits.We are seeing an extended trend towards aggressive enforcement of intellectual property rights, especially by so-called "patent assertion entities" ("PAEs") or "non-practicing entities" ("NPEs"), as the functionality of offerings in our industry increasingly overlaps and the volume of issued software patents continues to grow. As a result, we have been, and in the future could be, subject to infringement claims which, regardless of their validity, could:•Be expensive, time consuming, and divert company resources and management attention away from normal business operations;•Require us to pay monetary damages or enter into non-standard royalty and licensing agreements;•Require us to modify our product sales and development plans; or•Require us to satisfy indemnification obligations to our customers. As a result, we have been, and in the future could be, subject to infringement claims which, regardless of their validity, could:23Table of Contents•Be expensive, time consuming, and divert company resources and management attention away from normal business operations;•Require us to pay monetary damages or enter into non-standard royalty and licensing agreements;•Require us to modify our product sales and development plans; or•Require us to satisfy indemnification obligations to our customers. Regardless of whether these claims have any merit, they can be burdensome to defend or settle and can harm our business, reputation, financial condition and results of operations.A change in our effective tax rate can have a significant adverse impact on our business.A number of factors may adversely impact our future effective tax rates, such as:•The jurisdictions in which our profits are determined to be earned and taxed; 25Table of Contents•The resolution of issues arising from tax audits with various tax authorities;•Changes in the valuation of our deferred tax assets and liabilities; •Adjustments to estimated taxes upon finalization of various tax returns; and •Changes in available tax credits, especially surrounding tax credits in the United States for our research and development activities and foreign tax credits.A number of factors may adversely impact our future effective tax rates, such as:•The jurisdictions in which our profits are determined to be earned and taxed; •The resolution of issues arising from tax audits with various tax authorities;•Changes in the valuation of our deferred tax assets and liabilities; •Adjustments to estimated taxes upon finalization of various tax returns; and •Changes in available tax credits, especially surrounding tax credits in the United States for our research and development activities. Tax rules may change in a manner that adversely affects our future reported results of operations or the way we conduct our business. Further changes in the tax laws of foreign jurisdictions could arise as a result of the base erosion and profit shifting project that was undertaken by the Organization for Economic Co-operation and Development ("OECD"). The OECD, which represents a coalition of member countries, recommended changes to numerous long-standing tax principles impacting how large multinational enterprises are taxed. The OECD, which represents a coalition of member countries, recommended changes to numerous long-standing tax principles related to transfer pricing. In particular, the OECD has issued its guidance on the Global Anti-Base Erosion rules, with the purpose of ensuring multinational companies pay a 15% global minimum tax on the income generated in each of the jurisdictions where they operate in, referred to as "Pillar Two." Many jurisdictions, including several European Union members and G20 countries, have now committed to an effective enactment date for Pillar Two starting January 1, 2024. We are monitoring developments and evaluating the impacts these new rules will have on our tax rate, including eligibility to qualify for these safe harbor rules. Further, the increased scrutiny on international tax and continuous changes to countries’ tax legislation may also affect the policies and decisions of tax authorities with respect to certain income tax and transfer pricing positions taken by the Company in prior or future periods. It is not uncommon for taxing authorities in different countries to have conflicting views, for instance, with respect to, among other things, the manner in which the arm’s length standard is applied for transfer pricing purposes, or with respect to the valuation of intellectual property. Our income tax obligations are based partly on our corporate structure and inter-company arrangements, including how we develop, value, and use our intellectual property and the valuations of our inter-company transactions. Our income tax obligations are based in part on our corporate structure and inter-company arrangements, including the manner in which we develop, value, and use our intellectual property and the valuations of our inter-company transactions. Tax authorities may disagree with certain positions we have taken and assess additional taxes. We regularly assess the likely outcomes of these audits to determine the appropriateness of our tax provision; however, there can be no assurance that we will accurately predict the outcomes of these audits, and the actual outcomes of these audits could have a material impact on our financial condition or results of operations. In addition, governmental authorities in the United States and throughout the world may increase or impose new income taxes or indirect taxes, or revise interpretations of existing tax rules and regulations, as a means of financing the costs of stimulus and other measures enacted or taken, or that may be enacted or taken in the future. Such actions could have an adverse effect on our results of operations and cash flows.RISKS RELATED TO OUR FINANCIAL CONDITIONOur indebtedness could adversely affect our financial condition and limit our financial flexibility.The Company's indebtedness could:•Expose us to interest rate risk;•Increase our vulnerability to general adverse economic and industry conditions;•Limit our ability to obtain additional financing or refinancing at attractive rates;•Require the dedication of a substantial portion of our cash flow from operations to the payment of principal of, and interest on, our indebtedness, thereby reducing the availability of such cash flow to fund our growth strategy, working capital, capital expenditures, share repurchases and other general corporate purposes;•Limit our flexibility in planning for, or reacting to, changes in our business and the industry; and•Place us at a competitive disadvantage relative to our competitors with less debt. Further, our outstanding indebtedness is subject to financial and other covenants, which may be affected by changes in economic or business conditions or other events that are beyond our control. If we fail to comply with the covenants in any of our indebtedness, we may be in default under the loan, which may entitle the lenders to accelerate the debt obligations. If we fail to comply with the covenants under any of our indebtedness, we may be in default under the loan, which may entitle the lenders to accelerate the debt obligations. To avoid defaulting on our indebtedness, we may be required to take actions such as reducing or delaying capital expenditures, reducing or eliminating stock repurchases, selling assets, restructuring or refinancing all or part of our existing debt, or seeking additional equity capital, any of which may not be available on terms that are favorable to us, if at all.26Table of Contentsfluctuations in foreign currency exchange rates have affected our operating results and could continue to impact our revenue and net earnings.24Table of ContentsFluctuations in foreign currency exchange rates have affected our operating results and could continue to impact our revenue and net earnings. Because the functional currency of most of our foreign activities is the applicable local currency, but our financial reporting currency is the U.S. dollar, we are required to translate the assets, liabilities, expenses, and revenues of our foreign activities into U.S. dollars at the applicable exchange rate in preparing our Consolidated Financial Statements. We operate in approximately 40 countries and are exposed to various foreign currencies in the Americas region (North America and Latin America), EMEA region (Europe, Middle East, and Africa) and APJ region (Asia Pacific and Japan). Accordingly, we face foreign currency exchange rate risk arising from transactions in the normal course of business. In addition, we operate in certain jurisdictions that utilize foreign currency controls that may temporarily restrict access to foreign currency which results in excess cash in the jurisdiction that cannot be remitted outside of the country and is, therefore, subject to foreign currency exchange rate risk. For example, the Company has operations in Argentina. The Central Bank of Argentina maintains currency controls that limit the Company’s ability to access U.S. dollars in Argentina and remit cash from its Argentine operations. During October of 2023, the Company began entering into Blue Chip Swap transactions (a foreign exchange mechanism which effectively results in a parallel U.S. dollar exchange rate) in order to remit cash from its Argentine operations and such action resulted in a pre-tax loss on investment of $13 million during the fourth quarter of 2023.Foreign currency exchange rates and foreign currency controls have affected our revenue and net earnings and could continue to impact our revenue and net earnings. While we actively manage our foreign currency market risk in the normal course of business by entering into various derivative instruments to hedge against such risk, these derivative instruments involve risks and may not effectively limit our underlying exposure to foreign currency exchange rate fluctuations or minimize our net earnings and cash volatility associated with foreign currency exchange rate changes. Further, the failure of one or more counterparties to our foreign currency exchange rate contracts to fulfill their obligations to us could adversely affect our operating results.Item 1B.UNRESOLVED STAFF COMMENTSNone. Item 1C.Item 1A. CYBERSECURITYRisk Management and StrategyOur cybersecurity program is designed to protect information and information systems from unauthorized access, use, disclosure, disruption, modification, or destruction. Enterprise Risk Management. We have processes in place for assessing, identifying, and managing material risks from cybersecurity threats, which are integrated into our Enterprise Risk Management ("ERM") program. Our ERM program, which is coordinated through our Enterprise Risk and Internal Audit function ("ERAS team"), includes the identification of risks relevant to Teradata’s business, including material risks from cybersecurity threats; assigning personnel responsible for such risks; the development of strategies and plans to monitor, assess, and mitigate such risks; and oversight of the identified risks through regular reporting and risk evaluations with management, our Board, and/or relevant Board committee. Our ERAS team works closely with the Information Security function, including our Chief Information Security Officer ("CISO"), in the cybersecurity risk management process that informs the ERM program. Cybersecurity Processes. The processes in place for managing cybersecurity threats, including threats associated with our use of third-party service providers, include identifying potential cybersecurity threats; defining the roles and responsibilities of our personnel pursuant to our Cybersecurity Incident Response Plan ("CIRP"); continuous testing and training of our employees on cybersecurity risks and security hygiene; communication and escalation protocols; and tools and technologies for incident detection and responses. We continuously assess risks and changes in the cybersecurity environment and adjust our processes and cybersecurity investments as appropriate.•Our information security processes are built upon a foundation of advanced security technology, a trained team of security experts, and operations based on various global practices, standards, and frameworks, 27Table of Contentsincluding the International Organization for Standardization, International Electrotechnical Commission, and National Institute of Standards and Technology Cybersecurity Framework. •We maintain policies, procedures, and controls that are designed to identify, protect, detect, respond to, and recover from information security and cybersecurity threats and incidents. Such items are reviewed, approved, and maintained by our CISO on an ongoing basis. In addition, we engage external advisors periodically to review and assess our policies, procedures, and controls. •Our CIRP provides a documented framework for handling cybersecurity incidents. The CIRP addresses cybersecurity incident detection, containment, analysis, eradication, recovery, escalation protocols, and coordination across multiple functions of the organization. •We have processes to manage cybersecurity risks associated with third-party service providers. Such providers are subject to information security assessments at the time of onboarding and at certain other times during their engagement with us. We require our providers to meet appropriate security requirements, controls, and responsibilities and comply with certain cybersecurity and data security standards that we have. We monitor compliance with these standards and investigate security incidents to take appropriate actions as necessary. However, despite the controls that we have in place, we also rely on our third-parties to implement security programs and we cannot ensure in all circumstances that their efforts will be successful.•We maintain an annual cybersecurity training plan including employee training on cybersecurity risks, requirements, and incident reporting. As part of our training plan, we regularly perform phishing tests of our employees. In addition, our security training incorporates awareness of cyber threats (including but not limited to malware, ransomware, and social engineering attacks), password hygiene, incident reporting process, as well as physical security best practices. On an annual basis, our employees must complete cybersecurity awareness training.•We perform simulations and drills to review and test our information security program, including tabletop exercises, penetration and vulnerability testing, and other exercises to evaluate the effectiveness of our information security program and improve our security measures and planning.•We maintain insurance to provide coverage for certain losses from cybersecurity threats and incidents. •We have developed business continuity and disaster recovery capabilities to mitigate interruptions to critical information systems and the loss of data and services from the effects of natural or man-made disasters to Teradata systems. Cybersecurity Incidents. To protect our information systems from cybersecurity incidents and threats, we use various security tools that help prevent, identify, escalate, investigate, resolve, and recover from identified vulnerabilities and security incidents in a timely manner. We maintain controls and procedures that are designed to ensure prompt escalation of certain cybersecurity incidents so that decisions regarding materiality of the incident and any necessary public disclosure and reporting of such incidents can be made in a timely manner. In the last three fiscal years, we have not experienced any material cybersecurity incident and the expenses we have incurred from security incidents were immaterial. As a result, we do not believe that cybersecurity threats, including as a result of any previous cybersecurity incidents, have materially impacted our results of operations and financial condition. As cybersecurity threats become more sophisticated and coordinated, it is reasonably likely that we will be required to expend greater resources to continue to modify and enhance our protective measures as we pursue our business strategies. Cybersecurity Risks. Notwithstanding the extensive approach we take to cybersecurity, we may not be successful in preventing or mitigating a cybersecurity incident that could have a material adverse effect on us. While we maintain cybersecurity insurance, the costs related to cybersecurity incidents may not be fully insured. See "Risk Factors — A cybersecurity incident, disruption, or failure of our information systems or those of our third-party providers could adversely impact our reputation, business, and financial results."GovernanceBoard Oversight of Cybersecurity Risk. Our Board’s role is to engage in informed oversight of enterprise-wide risks as managed through our ERM program, including cybersecurity. While the full Board has overall 28Table of Contentsresponsibility for risk oversight, the Board has delegated oversight responsibility related to risks from cybersecurity threats to the Audit Committee. The Audit Committee is responsible for reviewing the adequacy and effectiveness of the Company’s information security policies, the internal controls regarding information security and cybersecurity, and risks related to such exposures and actions taken to monitor and/or mitigate such risks. The Audit Committee receives quarterly reports as part of its meeting materials prepared by our CISO regarding the assessment of the status, adequacy, and effectiveness of our processes related to assessing, identifying, and managing cybersecurity risks and related mitigation plans. In addition, at least twice per year, the Audit Committee meeting agenda includes a presentation by the CISO to review and discuss the CISO’s report on cybersecurity risks, mitigation plans and the steps the security team has taken to monitor and control related exposures. The Audit Committee reports to the Board on cybersecurity matters discussed at its meetings and the CISO’s quarterly reports are provided to the Board as part of their meeting materials for their information as well. Executive Oversight of Cybersecurity. Management is responsible for the Company’s planning, identification, assessment, and mitigation of risks from cybersecurity threats. Our CISO, Chief Legal Officer, and Chief Financial Officer comprise our Core Cybersecurity Management Team (the "CCMT"). The CCMT has oversight of Teradata’s CIRP and is informed and consulted on the response and resolution process for cybersecurity incidents. The CCMT is responsible for determining communications to inform relevant stakeholders of cybersecurity incidents as applicable, relevant, and/or required, including the Board; Audit Committee; the executive leadership team; investors; customers; employees; law enforcement; and regulators. Depending on the nature and/or severity of the incident, additional stakeholders within the broader enterprise-wide management team may be included in the assessment, response, and resolution of an incident by the CCMT. The broader management team for this purpose may include, but is not limited to, executive and senior leaders in our Product, Customer, People, Information Technology, and Law functions, as well as others that may be considered necessary (collectively referred to as the "ECMT"). The ECMT provides oversight, perspective, and support from their respective areas of expertise to assist in analyzing the cybersecurity incident, materiality of the incident, and remediation considerations.CISO and Cybersecurity Team. Our Information Security function is led by our CISO and is responsible for executing our enterprise-wide cybersecurity strategy, policy, standards, architecture, and processes. •The Information Security function consists of qualified professionals in cybersecurity. This team sets the cybersecurity strategy for Teradata; develops Teradata’s cybersecurity architecture and deploys and manages tools and technologies aligned with such architecture to safeguard our information systems; manages the cybersecurity training required of our employees; monitors our cybersecurity threats and incidents; escalates the occurrence of cybersecurity incidents pursuant to the CIRP; and addresses and incorporates mitigation items. •The CISO appoints a Cybersecurity Incident Response Coordinator ("CIRC") to lead the management of cybersecurity incidents. The primary responsibilities of the CIRC include, but are not limited to: ◦receiving and tracking all reported potential cybersecurity threats;◦escalating incident response;◦determining relevant stakeholders of the Information Technology function and cybersecurity incident response team, which team is selected by CIRC to serve as the lead function for investigating and coordinating cybersecurity incidents; ◦alerting the applicable support functions of the potential cybersecurity threat and any defensive action that would be required; and◦alerting management, as applicable and necessary, of the potential cybersecurity threat.•Members of our Information Security function have broad ranges of qualifications and experience in information technology and security. ◦Our CISO has over 25 years of information security experience during which he has worked on various information technology and security programs, including privacy operations and security risk management. He has experience with many different types of enterprises, including the federal government, private companies, and publicly listed companies. Our CISO has a Bachelor of Science in Information Technology and an MBA. 29Table of Contents◦The team within the Information Security function (referred hereinto as the "cybersecurity team") possesses a robust blend of technical knowledge, practical skills, and strategic insight, gained through years of experience in the field of cybersecurity. Our cybersecurity team includes professionals certified in a wide array of cybersecurity disciplines. Their qualifications include, but are not limited to, Certified Information Systems Security Professional ("CISSP") for general security practices, Certified Ethical Hacker ("CEH") for penetration testing capabilities, Certified Information Systems Auditor ("CISA") for information systems auditing, Certified Information Security Manager ("CISM") for overseeing enterprise security, Certified Risk and Information Systems Control ("CRISC") for risk management, and Certified Cloud Security Professional ("CCSP") for cloud security expertise. Additionally, they possess various other certifications in specific technologies and cloud security from providers like AWS and Microsoft, along with numerous other industry-relevant security certifications. This diverse expertise underscores their comprehensive understanding of the cybersecurity landscape.◦The cybersecurity team attends training programs to update their skills and knowledge..