Public companies are required to disclose risks that can affect the business and impact the stock. These disclosures are known as “Risk Factors”. Companies disclose these risks in their yearly (Form 10-K), quarterly earnings (Form 10-Q), or “foreign private issuer” reports (Form 20-F). Risk factors show the challenges a company faces. Investors can consider the worst-case scenarios before making an investment. TipRanks’ Risk Analysis categorizes risks based on proprietary classification algorithms and machine learning.

Backblaze disclosed 51 risk factors in its most recent earnings report. Backblaze reported the most risks in the “Finance & Corporate” category.

Risk Overview Q3, 2024

Risk Distribution

43% Finance & Corporate

18% Tech & Innovation

18% Ability to Sell

8% Legal & Regulatory

8% Production

6% Macro & Political

Finance & Corporate - Financial and accounting risks. Risks related to the execution of corporate activity and strategy

This chart displays the stock's most recent risk distribution according to category. TipRanks has identified 6 major categories: Finance & corporate, legal & regulatory, macro & political, production, tech & innovation, and ability to sell.

Risk Change Over Time

2022

S&P500 Average

Sector Average

Risks removed

Risks added

Risks changed

Backblaze Risk Factors

New Risk (0)

Risk Changed (0)

Risk Removed (0)

No changes from previous report

The chart shows the number of risks a company has disclosed. You can compare this to the sector average or S&P 500 average.

The quarters shown in the chart are according to the calendar year (January to December). Businesses set their own financial calendar, known as a fiscal year. For example, Walmart ends their financial year at the end of January to accommodate the holiday season.

Risk Highlights Q3, 2024

Main Risk Category

Finance & Corporate

With 22 Risks

Finance & Corporate

With 22 Risks

Number of Disclosed Risks

No changes from last report

S&P 500 Average: 31

No changes from last report

S&P 500 Average: 31

Recent Changes

0Risks added

1Risks removed

0Risks changed

Since Sep 2024

0Risks added

1Risks removed

0Risks changed

Since Sep 2024

Number of Risk Changed

No changes from last report

S&P 500 Average: 2

No changes from last report

S&P 500 Average: 2

See the risk highlights of Backblaze in the last period.

Risk Word Cloud

The most common phrases about risk factors from the most recent report. Larger texts indicate more widely used phrases.

Risk Factors Full Breakdown - Total Risks 51

Finance & Corporate

Total Risks: 22/51 (43%)Above Sector Average

Share Price & Shareholder Rights7 | 13.7%

Share Price & Shareholder Rights - Risk 1

We are an emerging growth company, and any decision on our part to comply only with certain reduced reporting and disclosure requirements applicable to emerging growth companies could make our Class A common stock less attractive to investors.

We are an emerging growth company, and for as long as we continue to be an emerging growth company, we may choose to take advantage of exemptions from various reporting requirements applicable to other public companies but not to "emerging growth companies," including: not being required to have our independent registered public accounting firm audit our internal control over financial reporting under Section 404 of the Sarbanes-Oxley Act of 2002, as amended (the Sarbanes Oxley Act), reduced disclosure obligations regarding executive compensation in our periodic reports and proxy statements, and exemptions from the requirements of holding a non-binding advisory vote on executive compensation and stockholder approval of any golden parachute payments not previously approved. Under the JOBS Act, emerging growth companies can also delay adopting new or revised accounting standards until such time as those standards apply to private companies. We have elected to avail ourselves of this accommodation allowing for delayed adoption of new or revised accounting standards, and therefore, we will not be subject to the same new or revised accounting standards as other public companies that are not emerging growth companies. We could be an emerging growth company for up to five years following the completion of our IPO or until we reach certain thresholds. Investors may find our Class A common stock less attractive due to our election to rely on these exemptions and there may be a less active trading market for our Class A common stock and the market price of our Class A common stock may be more volatile.

Share Price & Shareholder Rights - Risk 2

We are a smaller reporting company, and any decision on our part to comply only with reduced reporting and disclosure requirements applicable to such companies could make our ordinary shares less attractive to investors.

As of June 30, 2023, we qualified as a "smaller reporting company," as defined in the Exchange Act. For as long as we continue to be a smaller reporting company, we may choose to take advantage of exemptions from various reporting requirements applicable to other public companies that are not smaller reporting companies, including, but not limited to, reduced disclosure obligations regarding executive compensation in our periodic reports and proxy statements and only being required to provide two years of audited financial statements in annual reports. We will remain a smaller reporting company so long as, as of June 30th of the preceding year, (i) the market value of our common shares held by non-affiliates, or our public float, is less than $250.0 million; or (ii) we have annual revenues less than $100.0 million and either we have no public float or our public float is less than $700.0 million. If we take advantage of some or all of the reduced disclosure requirements available to smaller reporting companies, investors may find our Class A common stock less attractive, which may result in a less active trading market for our Class A common stock and greater stock price volatility. For example, for so long as we are a smaller reporting company and not classified as an "accelerated filer" or "large accelerated filer" pursuant to SEC rules, we will be exempt from the auditor attestation requirements of Section 404(b) of the Sarbanes-Oxley Act.

Share Price & Shareholder Rights - Risk 3

Anti-takeover provisions contained in our Amended and Restated Certificate of Incorporation and Amended and Restated Bylaws, as well as provisions of Delaware law, could impair a takeover attempt.

Our Amended and Restated Certificate of Incorporation, Amended and Restated Bylaws, and Delaware law contain provisions which could have the effect of rendering more difficult, delaying, or preventing an acquisition deemed undesirable by our Board of Directors. Among other things, our Amended and Restated Certificate of Incorporation and Amended and Restated Bylaws include provisions: - creating a classified Board of Directors whose members serve staggered three-year terms;- authorizing "blank check" preferred stock, which could be issued by our Board of Directors without stockholder approval and may contain voting, liquidation, dividend, and other rights superior to our common stock;- limiting the liability of, and providing indemnification to, our directors and officers;- limiting the ability of our stockholders to call and bring business before special meetings;- requiring advance notice of stockholder proposals for business to be conducted at meetings of our stockholders and for nominations of candidates for election to our Board of Directors; and - controlling the procedures for the conduct and scheduling of Board of Directors and stockholder meetings. These provisions, alone or together, could delay or prevent hostile takeovers and changes in control or changes in our management. As a Delaware corporation, we are also subject to provisions of Delaware law, including Section 203 of the Delaware General Corporation law, which prevents certain stockholders holding more than 15% of our outstanding capital stock from engaging in certain business combinations without approval of the holders of at least two-thirds of our outstanding common stock not held by such stockholder. Any provision of our Amended and Restated Certificate of Incorporation, Amended and Restated Bylaws, or Delaware law that has the effect of delaying, preventing, or deterring a change in control could limit the opportunity for our stockholders to receive a premium for their shares of our capital stock, and could also affect the price that some investors are willing to pay for our Class A common stock.

Share Price & Shareholder Rights - Risk 4

The market price of our Class A common stock has been, and will likely continue to be, volatile, and you could lose all or part of your investment.

Prior to the listing of our Class A common stock, there was no public market for shares of our Class A common stock. Since our IPO, the stock price of our Class A common stock has experienced very high volatility and the market prices of securities of other newly public companies have historically been highly volatile. The market price of our Class A common stock could be subject to wide fluctuations in response to various factors, including those listed in this Quarterly Report on Form 10-Q, some of which are beyond our control and may not be related to our operating performance. Fluctuations in the price of our Class A common stock could cause you to lose all or part of your investment because you may be unable to sell your shares at or above the price you paid. Factors that could cause fluctuations in the market price of our Class A common stock include the following: - price and volume fluctuations in the overall stock market from time to time;- volatility in the market prices and trading volumes of technology stocks;- changes in operating performance and stock market valuations of other technology companies generally or those in our industry in particular;- sales of shares of our Class A common stock by us or our stockholders;- failure of securities analysts to maintain coverage of us, changes in financial estimates by securities analysts who follow us, or our failure to meet these estimates or the expectations of investors;- the financial projections we may provide to the public, any changes in those projections or our failure to meet those projections;- announcements by us or our competitors of new products or services;- the public's reaction to our press releases, other public announcements, and filings with the SEC;- rumors and market speculation involving us or other companies in our industry;- actual or anticipated changes in our operating results or fluctuations in our operating results;- actual or anticipated developments in our business, our competitors' businesses, or the competitive landscape generally;- litigation involving us, our industry, or both, or investigations by regulators into our operations or those of our competitors;- developments or disputes concerning our intellectual property or other proprietary rights;- announced or completed acquisitions of businesses or technologies by us or our competitors;- new laws or regulations or new interpretations of existing laws or regulations applicable to our business;- changes in accounting standards, policies, guidelines, interpretations, or principles;- outbreaks of war or other hostilities;- any significant change in our management;- a return of pandemic conditions; and - general economic conditions and slow or negative growth of our markets.

Share Price & Shareholder Rights - Risk 5

Sales of a substantial number of our Class A common stock in the public market could cause our share price to fall.

The market price of our Class A common stock could decline as a result of sales of a large number of shares of our Class A common stock in the market, and the perception that these sales could occur may also depress the market price of our Class A common stock. In addition, our daily trading volume may be limited and significantly less than the amount of shares available for sale. In the event that the number of our Class A common stock shares offered for sale on any given day exceeds the existing demand for our shares, it may cause our stock price to fall. We may also issue additional shares of our Class A common stock, convertible securities or other equity, including pursuant to our equity compensation plans. Such issuances could be dilutive to investors and could cause the price of shares of our Class A common stock to decline. New investors in such issuances could also receive rights senior to those of holders of shares of our Class A common stock. The above factors may make it more difficult for us to sell equity securities in the future at a time and at a price that we deem appropriate. Any such sales also could cause the market price of our Class A common stock to fall and make it more difficult for you to sell shares of our Class A common stock.

Share Price & Shareholder Rights - Risk 6

If securities or industry analysts do not publish or cease publishing research or reports about us, our business, our market, or our competitors, or if they adversely change their recommendations regarding our Class A common stock, the market price of our Class A common stock and trading volume could decline.

The trading market for our Class A common stock will be influenced by the research and reports that securities or industry analysts may publish about us, our business, our market, or our competitors. If any of the analysts who may cover us adversely change their recommendations regarding our Class A common stock or provide more favorable recommendations about our competitors, the market price of our Class A common stock would likely decline. If any of the analysts who may cover us were to cease coverage of our company or fail to regularly publish reports on us, we could lose visibility in the financial markets, which in turn could cause the market price of our Class A common stock or trading volume to decline.

Share Price & Shareholder Rights - Risk 7

Our Amended and Restated Certificate of Incorporation provides that the Court of Chancery of the State of Delaware and the federal district courts of the United States of America are the exclusive forum for substantially all disputes between us and our stockholders, which could limit our stockholders' ability to obtain a favorable judicial forum for disputes with us or our directors, officers, or employees. Specifically, our Amended and Restated Certificate of Incorporation provides that the Court of Chancery of the State of Delaware is the exclusive forum provision for: (i) any derivative action or proceeding brought on behalf of us; (ii) any action asserting a claim of breach of a fiduciary duty; (iii) any action arising pursuant to any provision of the DGCL, our Amended and Restated Certificate of Incorporation or Amended and Restated Bylaws (as either may be amended from time to time); (iv) any action to interpret, apply, enforce, or determine the validity of our Amended and Restated Certificate of Incorporation or our Amended and Restated Bylaws; (v) any action asserting a claim against us that is governed by the internal affairs doctrine; or (vi) any action asserting an "internal corporate claim" as defined in the DGCL. These exclusive forum provisions would not apply to suits brought to enforce a duty or liability created by the Exchange Act. Furthermore, Section 22 of the Securities Act creates concurrent jurisdiction for federal and state courts over all such Securities Act actions. Accordingly, both state and federal courts have jurisdiction to entertain such claims. To prevent having to litigate claims in multiple jurisdictions and the threat of inconsistent or contrary rulings by different courts, among other considerations, our Amended and Restated Certificate of Incorporation further provides that the U.S. federal district courts are the exclusive forum for resolving any complaint asserting a cause of action arising under the Securities Act. While the Delaware courts have determined that such choice of forum provisions are facially valid, a stockholder may nevertheless seek to bring a claim in a venue other than those designated in the exclusive forum provisions. In such instance, we would expect to vigorously assert the validity and enforceability of the exclusive forum provisions of our Amended and Restated Certificate of Incorporation. This may require significant additional costs associated with resolving such action in other jurisdictions and there can be no assurance that the provisions will be enforced by a court in those other jurisdictions. These exclusive-forum provisions may limit a stockholder's ability to bring a claim in a judicial forum that it finds favorable for disputes with us or our directors, officers, or other employees. If a court were to find any of the exclusive forum provisions of our Amended and Restated Certificate of Incorporation to be inapplicable to or unenforceable in an action, we may incur further significant additional costs associated with resolving the dispute in other jurisdictions, all of which could seriously harm our business.

Accounting & Financial Operations9 | 17.6%

Accounting & Financial Operations - Risk 1

We do not expect to declare any dividends in the foreseeable future.

We do not anticipate declaring any cash dividends to holders of our Class A common stock in the foreseeable future. Consequently, investors may need to rely on sales of our Class A common stock after price appreciation, which may never occur, as the only way to realize any future gains on their investment. Investors seeking cash dividends should not purchase shares of our Class A common stock.

Accounting & Financial Operations - Risk 2

We may fail to meet our publicly announced guidance or other expectations about our business, which could cause our stock price to decline.

We may provide from time to time guidance regarding our expected financial and business performance, which may include projections regarding sales and production, as well as anticipated future revenues, gross margins, profitability, and cash flows. Correctly identifying key factors affecting business conditions and predicting future events is inherently an uncertain process, and our guidance may not ultimately be accurate and has in the past been inaccurate in certain respects, such as the timing of new products. Our guidance is based on certain assumptions such as those relating to anticipated production and sales, average sales prices, supplier and commodity costs, and planned cost reductions. If our guidance is not accurate or varies from actual results due to our inability to meet our assumptions or the impact on our financial performance that could occur as a result of various risks and uncertainties, the market value of our Class A common stock could decline significantly.

Accounting & Financial Operations - Risk 3

Our ability to use our net operating loss carryforwards and certain other tax attributes may be limited.

As of December 31, 2023, we had net operating loss carryforwards for U.S. federal income tax purposes of $91.4 million available to offset future U.S. federal taxable income. Also, as of December 31, 2023, we had net operating loss carryforwards for state income tax purposes of $66.0 million available to offset future state taxable income. If not utilized, both the federal and state tax credit carryforwards will begin to expire in 2027. Utilization of our net operating loss carryforwards and other tax attributes, such as research and development tax credits, may be subject to annual limitations, or could be subject to other limitations on utilization or benefit due to the ownership change limitations provided by Sections 382 and 383 of the Internal Revenue Code of 1986, as amended (the Code), and other similar provisions. Under Sections 382 and 383 of the Code, if a corporation undergoes an "ownership change," our ability to use pre-change net operating loss carryforwards and other pre-change attributes, such as research tax credits, to offset post-change income may be limited. Similar rules may apply under state tax laws. We have performed a Section 382 analysis through December 31, 2022. At this time, we have not finalized a study through December 31, 2023 to assess whether such an ownership change has occurred, or whether there have been multiple ownership changes since our formation. We may experience ownership changes in the future as a result of subsequent changes in our stock ownership, some of which may be outside our control. Accordingly, our ability to utilize the aforementioned carryforwards may be limited.

Accounting & Financial Operations - Risk 4

If our estimates or judgments relating to our critical accounting policies prove to be incorrect, our results of operations could be adversely affected.

The preparation of financial statements in conformity with United States Generally Accepted Accounting Principles requires management to make estimates and assumptions that affect the amounts reported in our financial statements and accompanying notes appearing elsewhere in this Quarterly Report on Form 10-Q or in our most recent Annual Report on Form 10-K. We base our estimates on historical experience and on various other assumptions that we believe to be reasonable under the circumstances, as provided in the section titled "Management's Discussion and Analysis of Financial Condition and Results of Operations-Critical Accounting Estimates." The results of these estimates form the basis for making judgments about the carrying values of assets, liabilities, and equity, and the amount of revenue and expenses that are not readily apparent from other sources. Significant estimates and assumptions involve those related to costs to be capitalized as internal-use software, which include determining whether projects will result in new or additional functionality and those related to the valuation of our Employee Stock Purchase Plan expense. Our results of operations may be adversely affected if our assumptions change or if actual circumstances differ from those in our assumptions.

Accounting & Financial Operations - Risk 5

We have identified material weaknesses in our internal controls over financial reporting, and the failure to achieve and maintain effective internal controls over financial reporting could harm our business and negatively impact the value of our Class A common stock.

We have identified material weaknesses in our internal controls over financial reporting, and if we are not able to effectively remediate our outstanding material weaknesses or are otherwise unable to maintain an effective system of internal controls over financial reporting, we may not be able to accurately report our financial results or timely file our periodic reports. As a result, investors may lose confidence in the accuracy and completeness of our financial reports, and the market price of our Class A common stock may be materially impacted. Our management determined that as of December 31, 2023 we did not maintain effective internal controls over financial reporting, and as of September 30, 2024, we had two outstanding material weaknesses, specifically related to control activities, as follows. We completed our remediation plan for both material weaknesses noted below and believe our controls are appropriately designed. Once operating effectiveness has been demonstrated for a sufficient period of time, we expect our outstanding material weaknesses to be fully remediated. i.our controls were not operating effectively to allow sufficient and timely review of significant accounting transactions, account reconciliations and presentation of the statement of cash flows; and ii.our controls over certain equity transactions were not operating effectively to allow management to timely identify errors related to the recording of those transactions; specifically, we did not have sufficient technical resources to appropriately identify errors in the accounting for equity awards, resulting in misstatements relating to completeness and accuracy of stock-based compensation. We have dedicated significant effort and resources towards measures to remediate the identified material weaknesses (see Part 1, Item 4. Controls and Procedures included elsewhere in this Quarterly Report on Form 10-Q for additional information regarding remediation efforts). We are in the process of designing and implementing internal controls intended to address our outstanding material weaknesses, and are also testing the operating effectiveness of these controls. The outstanding material weaknesses cannot be considered fully remediated until the applicable controls operate for a sufficient period of time and management has concluded, through testing, that these controls are operating effectively. We cannot assure you that the measures we have taken to date will be sufficient to remediate the outstanding material weaknesses we identified or prevent additional material weaknesses in the future. Although we plan to complete this remediation, if the steps we take do not remediate these material weaknesses in a timely or sufficient manner, there could continue to be a reasonable possibility that these control deficiencies could result in a material misstatement of our annual or interim financial statements that would not be prevented or detected on a timely basis. Our independent registered public accounting firm is not required to formally attest to the effectiveness of our internal controls over financial reporting until after we are no longer an "emerging growth company" as defined in the JOBS Act. At such time, our independent registered public accounting firm may issue a report that is adverse in the event it is not satisfied with the level at which our internal controls over financial reporting is documented, designed, or operating. Any failure to maintain effective disclosure controls and internal controls over financial reporting could materially and adversely affect our business, results of operations, and financial condition and could cause a decline in the trading price of our Class A common stock.

Accounting & Financial Operations - Risk 6

If we fail to maintain an effective system of disclosure controls and internal control over financial reporting, we may be unable to produce timely and accurate financial statements or comply with applicable regulations, which could negatively impact the price of our Class A common stock.

As a public company, we are subject to the reporting requirements of the Exchange Act, as amended (the Exchange Act), the Sarbanes-Oxley Act, and the rules and regulations of the Nasdaq Global Market. We expect that the requirements of these rules and regulations will continue to increase our legal, accounting, and financial compliance costs, make some activities more difficult, time-consuming, and costly, and place significant strain on our personnel, systems, and resources. The Sarbanes-Oxley Act requires, among other things, that we maintain effective disclosure controls and procedures and internal controls over financial reporting. We are continuing to develop and refine our disclosure controls and other procedures and internal controls over financial reporting and expect that we will need to continue to expend significant resources, including accounting-related costs, and significant management oversight, to meet such requirements. However, our current controls and any new controls that we develop may not be adequate, and weaknesses in our disclosure controls may be discovered in the future. Additionally, we have identified material weaknesses in our internal controls over financial reporting, and such weaknesses may be discovered in the future. See "-We have identified material weaknesses in our internal controls over financial reporting, and the failure to achieve and maintain effective internal controls over financial reporting could harm our business and negatively impact the value of our Class A common stock." Any failure to develop or maintain effective controls or any difficulties encountered in their implementation or improvement could harm our results of operations or cause us to fail to meet our reporting obligations and may result in a restatement of our financial statements for prior periods. Any failure to implement and maintain effective internal controls over financial reporting also could adversely affect the results of periodic management evaluations and annual independent registered public accounting firm attestation reports regarding the effectiveness of our internal controls over financial reporting that we will eventually be required to include in our periodic reports that will be filed with the SEC. Ineffective disclosure controls and procedures and internal controls over financial reporting could also cause investors to lose confidence in our reported financial and other information, which would likely have a negative effect on the trading price of our Class A common stock.

Accounting & Financial Operations - Risk 7

Because we recognize revenue from our subscription services over the term of the subscription, downturns or upturns in new business may not be immediately reflected in our operating results.

We generally recognize revenue from customers of our subscription agreements related to data backup services ratably over the terms of their subscription agreements, a majority of which are one or two-year agreements. Accordingly, the corresponding revenue we report in each quarter from such arrangements is the result of subscription agreements entered into during previous quarters. Consequently, a decline in new or renewed subscriptions in any one quarter may only be partially reflected in our revenue results for that quarter. However, any such decline will negatively affect our revenue in future quarters. Accordingly, the effect of significant downturns in sales and market acceptance of our cloud services, and potential changes in our retention rate may not be fully reflected in our operating results until future periods. This subscription model also makes it difficult for us to rapidly increase our revenue through additional subscription sales in any period as part of new growth initiatives or otherwise, as revenue from new customers must be recognized over the applicable subscription term.

Accounting & Financial Operations - Risk 8

We have a history of cumulative losses, and we do not expect to be profitable for the foreseeable future.

We incurred net losses of $34.2 million and $47.5 million for the nine months ended September 30, 2024 and 2023, respectively. Over our 17 plus years of operations, we had an accumulated deficit of $181.6 million as of September 30, 2024. We cannot guarantee that net losses in future periods will be similar to those from prior periods. We intend to continue scaling our business to increase our customer base and to meet the increasingly complex needs of our customers. We have invested, and expect to continue to invest, in our sales and marketing organization to sell our cloud services around the world and in our development organization to deliver additional features and capabilities of our cloud services to address our customers' evolving needs. We also expect to continue to make significant investments in our data center infrastructure and technical operations organization as we further scale our business. As a result of our continuing investments to scale our business in each of these areas, we do not expect to be profitable for the foreseeable future. We cannot assure you that we will achieve profitability in the future or that, if we do become profitable, we will sustain profitability.

Accounting & Financial Operations - Risk 9

Our quarterly results may fluctuate significantly and may not fully reflect the underlying performance of our business.

Our quarterly results of operations may vary significantly in the future. Accordingly, the results of any one quarter should not be relied upon as an indication of future performance. Our quarterly results of operations may fluctuate as a result of a variety of factors, many of which are outside of our control, and as a result may not fully reflect the underlying performance of our business. Fluctuation in quarterly results may negatively impact the trading price of our Class A common stock. Factors that may cause fluctuations in our quarterly results of operations include, without limitation: - our ability to attract new customers;- the amount of customer churn;- fluctuations in the amount of data customers store with us;- the amount and timing of operating expenses and equipment purchases related to the maintenance and expansion of our business;- interruptions or loss of service of our offerings;- the timing and success of new product feature and service introductions by us or our competitors;- our ability to retain and increase revenue from customers;- changes in deferred revenue balances;- changes in or timing of cash flows;- changes in the competitive dynamics of our industry, including consolidation among competitors;- security breaches of our systems;- our involvement in litigation, or the threat thereof;- the length of the sales cycle;- outbreaks of war or other hostilities, such as the Russia-Ukraine and Israel-Hamas hostilities;- inflation in the United States, which has recently hit a four decade high, and other regions;- the impact of pandemics on our business or that of our customers and partners;- the timing of expenses and receipt of perceived benefits related to any acquisitions;- changes in laws and regulations that impact our business; and - general economic and market conditions. For example, in addition to the risks from sanctions and other restrictions discussed elsewhere in these Risk Factors in connection with the Russian attack on Ukraine that began in February 2022, in order to help the people of Ukraine facing a humanitarian crisis, while it is subject to change, we are currently waiving charges for our services for customers based in Ukraine. We are also unable to receive payments from customers in certain regions that are subject to banking or other credit card payment restrictions, including Russia and Belarus. Although we do not have a significant amount of customers located in these regions, such actions will have some impact on our business. The Russian-Ukraine conflict has also caused oil prices to rise and increased the risk of disruption to the supply chain for oil, and the Israel-Hamas conflict may cause similar effects, particularly if those tensions escalate into a wider Middle East conflict, which could result in higher energy costs for our business and data centers, which could negatively impact our results of operations. The hostilities in various places around the world could also escalate further and directly or indirectly involve other countries, including the United States, which could cause a greater impact on us and our customers, partners and supplies. Further, as we continue to grow and scale our business to meet the needs of our customers, we may overestimate or underestimate our infrastructure capacity requirements, which could adversely affect our results of operations. The costs associated with leasing and maintaining our custom-built infrastructure in co-location facilities and third-party data centers already constitute a significant portion of our capital and operating expenses. We continuously evaluate our short and long-term infrastructure capacity requirements and seek to ensure adequate capacity for new and existing users while minimizing unnecessary excess capacity costs. However, we may not be able to sufficiently predict future demand, or the availability of hardware or infrastructure necessary to support increased demand on a timely basis. If we overestimate the demand for our platform and therefore secure excess infrastructure capacity or equipment, our gross margins could be reduced. If we underestimate our infrastructure capacity requirements or availability of necessary hardware or infrastructure, we may not be able to service the needs of new and existing customers; durability, reliability, and performance could suffer; our costs could rise; and our business could be harmed.

Debt & Financing1 | 2.0%

Debt & Financing - Risk 1

We may require additional capital to support our operations or the growth of our business, and we cannot be certain that this capital will be available on reasonable terms when required, or at all.

We may need additional financing to operate or grow our business. Our ability to obtain additional financing, if and when required, will depend on investor and lender demand, our operating performance, the condition of the capital markets, and other factors. For example, we often use leases to finance the equipment we use to provide our cloud-based services, and we have a revolving credit agreement with City National Bank. In addition, the stock market has recently experienced significant volatility, including with respect to technology stocks, due to high inflation, various economic headwinds and other factors. In the event of a failure of any financial institutions where we maintain deposits, we may lose timely access to our funds at such institutions and incur significant losses to the extent our funds exceed the $250,000 limit insured by the Federal Deposit Insurance Corporation. In addition, we use City National Bank, a subsidiary of RBC, for our banking needs. While we and our bank have not been directly affected by the recent failures of certain banks, the banking industry overall has experienced disruption, greater uncertainty, and tightened lending standards. This may result in reduced access to capital, increased costs of capital, and reduced opportunities to invest with investment grade securities, which could also lower investment yields and investment income. Any such impact could have a material adverse effect upon our liquidity and business. Without additional access to this kind of capital on commercially reasonable terms, or at all, we may not be able to respond to increased demand for our cloud services on a timely or cost-effective basis. We cannot guarantee that additional financing will be available to us on favorable terms when required, or at all. If we raise additional funds through the issuance of equity, equity-linked, or debt securities, those securities may have rights, preferences, or privileges senior to the rights of our Class A common stock, and our existing stockholders may experience dilution. If we are unable to obtain adequate financing or financing on terms satisfactory to us when we require it, our ability to continue to support the operation or growth of our business could be significantly impaired and our operating results may be harmed.

Corporate Activity and Growth5 | 9.8%

Corporate Activity and Growth - Risk 1

The requirements of being a public company, particularly after we are no longer an "emerging growth company", may strain our resources, require us to incur substantial costs and will require substantial management attention.

As a public company, and particularly after we cease to be an "emerging growth company", we have incurred and will continue to incur substantial legal, accounting, and other expenses that we did not incur as a private company. For example, we are subject to the reporting requirements of the Exchange Act, the applicable requirements of the Sarbanes-Oxley Act, the Dodd-Frank Wall Street Reform and Consumer Protection Act, the rules and regulations of the SEC, and the listing standards of the NASDAQ Global Market. For example, the Exchange Act requires, among other things, we file annual, quarterly, and current reports with respect to our business, financial condition, and results of operations. Compliance with these rules and regulations has increased and will continue to increase our legal and financial compliance costs, and increase demand on our systems, particularly after we are no longer an emerging growth company. In addition, as a public company, we may be subject to stockholder activism, which can lead to additional substantial costs, distract management, and impact the manner in which we operate our business in ways we cannot currently anticipate. As a result of disclosure of information in filings required of a public company, our business and financial condition has become more visible, which may result in threatened or actual litigation, including by competitors. Some members of our management team also have limited experience managing a publicly traded company, interacting with public company investors, and complying with the increasingly complex laws pertaining to public companies. Our management team may not successfully or efficiently manage our transition to being a public company subject to significant regulatory oversight and reporting obligations under the federal securities laws and the continuous scrutiny of securities analysts and investors. These new obligations and constituents will require significant attention from our senior management and could divert their attention away from the day-to-day management of our business, which could adversely affect our business, financial condition, and results of operations.

Corporate Activity and Growth - Risk 2

Our corporate culture has contributed to our success, and if we cannot maintain this culture as we grow, we could lose the innovation, creativity, and teamwork fostered by our culture, and our business may be harmed.

We have a culture that encourages employees to be open, collaborate, strive to do the right thing, and develop and launch new and innovative solutions, which we believe is essential to attracting customers and partners and serving the best, long-term interests of our company. As our business grows and becomes more complex, and now that we are a public company, it may become more difficult to maintain this cultural emphasis. Any failure to preserve our culture could negatively affect our ability to retain and recruit personnel, which is critical to our growth, and to effectively focus on and pursue our strategies. If we fail to maintain our company culture, our business and competitive position may be harmed.

Corporate Activity and Growth - Risk 3

If we fail to effectively manage our growth, our business would be harmed.

We have recently experienced, and continue to experience, a period of rapid growth. For example, our headcount grew from 188 employees as of December 31, 2020, to 381 as of December 31, 2023. Also, in just the last two years the amount of storage deployed by us has increased significantly. The number of customer requests on our network has also increased rapidly in recent years. Our growth may not be sustainable. In 2023, we initiated measures to reduce headcount to pursue greater cost efficiency and align strategic initiatives. These measures were completed during the first nine months of 2023. Nevertheless, in the long term, we expect to continue to expand our operations and to increase our headcount, network, and product offerings significantly. Our growth has placed, and future growth will continue to place, a significant strain on our management, corporate culture, quality of our cloud services, and administrative, operational, security, and financial infrastructure. Our headcount needs may also fluctuate on a quarterly and annual basis and we may seek, and have sought by way of the recent restructuring measures, to "right size" our workforce from time to time due to changing business needs and other conditions, and it may be difficult to effectively manage our workforce on a timely basis in response to such changes. It is also important that we successfully leverage our existing employee base and any headcount growth, particularly as our business grows and the corresponding demands on our business increase. Our success will depend in part on our ability to manage this growth effectively, which will require that we, among other things, continue to improve our administrative, operational, financial, and management systems and controls. If we fail to manage our growth, the quality of our services may suffer, which could negatively affect our brand and reputation and harm our ability to retain and attract customers and employees.

Corporate Activity and Growth - Risk 4

Our business depends, in part, on the success of our strategic relationships with third parties.

To maintain and grow our business, we anticipate that we will continue to depend on relationships with third parties, such as channel partners and integrators, which are becoming an increasingly important part of our business and our sales and marketing strategy. Identifying partners and negotiating and building relationships with them requires significant time and resources. Our competitors may be effective in providing incentives to third parties to favor their services over us. In addition, any industry consolidation of such partners or integrators by our competitors or others could result in a decrease in the number of our current and potential customers, as these partners or integrators may no longer facilitate the adoption of our applications by potential customers. Interoperability between our platform and other third-party platforms is also important to our business. Further, some of our partners or integrators are or may become competitive with certain aspects of our cloud services and may elect to no longer integrate with, or support, our platform and cloud services. If we are unsuccessful in establishing or maintaining our relationships with such third parties and maintaining interoperability, our ability to compete in the marketplace or to grow our revenue could be impaired, and our business may suffer. Even if we are successful, we cannot assure you that these relationships will result in increased customer usage of our cloud services or increased revenue.

Corporate Activity and Growth - Risk 5

Future acquisitions and investments could disrupt our business and harm our financial condition and operating results.

Our success will depend, in part, on our ability to grow our business in response to changing technologies, customer demands, and competitive pressures. In some circumstances, we may choose to do so through the acquisition of complementary businesses and technologies rather than through internal development. The identification of suitable acquisition candidates can be difficult, time-consuming, and costly, and we may be unable to successfully complete proposed acquisitions. The risks we face in connection with acquisitions include: - diversion of management time and focus from operating our business to addressing acquisition integration challenges;- coordination of research and development, operational, and sales and marketing functions;- retention of key employees from the acquired company;- cultural challenges associated with integrating employees from the acquired company into our organization;- integration of the acquired company's accounting, management information, human resources, and other administrative systems;- the need to implement or improve controls, procedures, and policies at a business that prior to the acquisition may have lacked effective controls, procedures, and policies;- liability for activities of the acquired company prior to our acquisition of them, including intellectual property infringement claims, violations of laws, commercial disputes, tax liabilities, and other known and unknown liabilities;- unanticipated write-offs or charges; and - litigation or other claims in connection with the acquired company, including claims from terminated employees, customers, former stockholders, or other third parties. Future acquisitions could also result in dilutive issuances of our equity securities, the incurrence of debt, contingent liabilities, amortization expenses, incremental operating expenses, or the write-off of goodwill, any of which could harm our financial condition or operating results.

Tech & Innovation

Total Risks: 9/51 (18%)Below Sector Average

Trade Secrets2 | 3.9%

Trade Secrets - Risk 1

Assertions by a third party that our cloud services infringe, misappropriate, or otherwise violate their intellectual property could subject us to costly and time-consuming litigation and adversely impact our business.

There is frequent litigation in the software and technology industries based on allegations of infringement, misappropriation, or other violations of intellectual property rights. Some software and technology companies, including some of our competitors, as well as non-practicing entities, own patents, trademarks, copyrights and other intellectual property rights that they may use to assert claims against us. In our case, third parties have asserted, and may in the future assert, that we have infringed, misappropriated, or otherwise violated their patents or other intellectual property rights. For example, we have faced patent infringement claims from other non-practicing entities in the past. There may be intellectual property rights held by others, including issued or pending patents, that cover significant aspects of our technologies or solutions, and we cannot assure you that we are not infringing, misappropriating, or violating, and have not infringed, misappropriated, or violated, any third-party intellectual property rights or that we will not be held to have done so or be accused of doing so in the future. In addition, as we face increasing competition and become increasingly visible as a publicly-traded company, or if we become more successful, the possibility of new third-party claims may increase. Any claim that we have violated intellectual property or other proprietary rights of third parties, with or without merit, could be time-consuming and costly to address and resolve, could divert the time and attention of management and technical personnel from our business, could place limitations on our ability to use our current websites and technologies, and could result in an inability to market or provide all or a portion of our cloud services. Furthermore, we could be required to pay substantial monetary damages, including treble damages and attorneys' fees if we are found to have willfully infringed a party's intellectual property rights. We may also be required to enter into a royalty or licensing agreement that could include significant upfront and future licensing fees or expend significant resources to redesign our technologies or solutions, which efforts may not be timely or prove successful at all and require us to indemnify customers or other third parties. Royalty or licensing agreements may be unavailable on terms acceptable to us, or at all. If we cannot develop or license technology for any allegedly infringing aspect of our business, we could be forced to limit our cloud services and may be unable to compete effectively. Any of these events could have a material adverse effect on our business.

Trade Secrets - Risk 2

If we are unable to adequately establish, maintain, protect, and enforce our intellectual property and proprietary rights, our reputation may be harmed, we may be subject to litigation, and our business may be adversely affected.

Our future success and competitive position depend in large part on our ability to establish, maintain, protect, and enforce our intellectual property and proprietary rights. We do not own any issued patents and rely on a combination of trademark, copyright, and trade secret laws, as well as confidentiality procedures and contractual restrictions, to establish and protect our proprietary rights, all of which provide only limited protection and may not now or in the future provide us with a competitive advantage. The steps we have taken and will take may not prevent unauthorized use, reverse engineering, or misappropriation of our technologies and we may be unable to detect any of the foregoing. Furthermore, effective trademark, copyright, and trade secret protection may not be available in every country in which our cloud services are available. Our lack of patent protection may restrict our ability to protect our technologies and processes from competition. Defending and enforcing our intellectual property rights may result in litigation, which can be costly and divert management attention and resources. If our efforts to protect our technologies and intellectual property are inadequate, the value of our brand and other intangible assets may be diminished and competitors may be able to mimic our cloud services. Any of these events could have a material adverse effect on our business. With respect to our technology platform, we consider trade secrets and know-how to be one of our primary sources of intellectual property. However, trade secrets and know-how can be difficult to protect. The use of generative artificial intelligence tools could also expose us to inadvertently disclosing trade secrets or other confidential information or inadvertently cause us to violate third party intellectual property rights. We seek to protect these trade secrets and other proprietary technology, in part, by internal controls and policies as well as entering into non-disclosure and confidentiality agreements with parties who have access to them, such as our employees, outside contractors, consultants, advisors, and other third parties. We also enter into confidentiality and invention assignment agreements with our employees and consultants. The confidentiality agreements are designed to protect our proprietary information and, in the case of agreements or clauses containing invention assignment, to grant us ownership of technologies that are developed through a relationship with employees or third parties. We cannot guarantee that we have entered into such agreements with each party that may have or has had access to our trade secrets or proprietary information, including our technology and processes. Despite these efforts, no assurance can be given that the confidentiality agreements we enter into or our other internal controls and policies will be effective in controlling access to such proprietary information and trade secrets. The confidentiality agreements on which we rely to protect certain technologies may be breached, and these and other actions that we take may not be adequate to protect our confidential information, trade secrets, and proprietary technologies and may not provide an adequate remedy in the event of unauthorized use or disclosure of our confidential information, trade secrets or proprietary technology. Further, these actions do not prevent our competitors or others from independently developing the same or similar technologies and processes, which may allow them to provide a service similar or superior to ours, which could harm our competitive position.

Cyber Security1 | 2.0%

Cyber Security - Risk 1

If our information technology systems, including the data of our customers stored in our systems, are breached or subject to cybersecurity attacks, our reputation and business may be harmed.

Our customers rely on our solutions to store or use their files, which may include confidential or personally identifiable information, critical business information, photos, and other meaningful content. To manage and maintain such data, we are highly dependent on internal and external information technology systems and infrastructure, including the internet, to securely process, transmit, and store critical information. Although we take measures to protect our systems and sensitive information from unauthorized access or disclosure, third parties may be able to circumvent our security by deploying viruses, worms, and other malicious software programs that are designed to attack or attempt to infiltrate our systems and networks, including distributed denial of service (DDoS) or phishing attacks, that can undermine the availability and performance of our systems and cloud services, lead to the blocking of our services by ISPs or governments, fraudulently steal data, or otherwise cause damage to our reputation and negatively impact us and our customers. For example, in December 2021, an industry-wide zero-day vulnerability was discovered in the Apache Log4j logging library commonly used by many companies throughout the world that could permit attackers to take control of vulnerable servers. Although we were not aware of any unauthorized access to our systems due to the Log4j vulnerability, out of an abundance of caution and because Log4j was leveraged widely in our environment, we decided it was in our customers' best interest to take our systems offline for a short period of time until we could apply the security patch. In addition, we regularly encounter attempts to create false or undesirable user accounts and various types of DDoS attacks, which can disrupt our systems, impair system performance and impact analytics. Moreover, cybersecurity attacks evolve rapidly and are expected to continue to accelerate in both frequency and sophistication, and bad actors may utilize new methods not recognized because they are designed to circumvent controls, avoid detection, and remove or obfuscate forensic evidence. Although we have taken, and continue to take, various actions to prevent and mitigate potential cybersecurity attacks, it is very difficult to successfully identify, stop, or resolve such attacks, or implement adequate preventative measures and we will continue to incur costs in our efforts to protect against and respond to cyber-attacks and potential cyber-attacks. Also, the use of generative artificial intelligence, or other societal or political developments resulting in periods of increased political tensions and military conflicts, could result in a greater likelihood of cybersecurity incidents that could either directly or indirectly impact our operations. In addition, employee or consultant error, malfeasance, or other errors in the storage, use, or transmission of customer data could result in a breach. For example, in late March 2021, it was discovered that a Backblaze marketing campaign leveraging the Facebook ad network, which had been launched two weeks earlier, had been incorrectly configured to run on all Backblaze platform pages instead of only the Backblaze marketing pages as intended. Once we became aware of the issue, it was promptly resolved. Although we believe that less than 2% of Backblaze customers may have been affected, and no actual customer files, file contents, or user account information were shared at any time, certain file metadata may have been inadvertently shared with Facebook. Even if a breach is detected, the full extent of the breach may not be determined immediately, or at all. While we maintain insurance coverage to mitigate the potential financial impact of these risks, our insurance may not cover all such events or may be insufficient to compensate us for potentially significant losses, including the potential damage to the future growth of our business, that may result from any such breach. In addition, our business utilizes information technology systems of our partners and vendors, who are also subject to similar cybersecurity risks that could adversely impact the security of our systems and business. Although we take steps to secure customer information that is provided to or accessible by our partners and vendors, such measures may not always be effective and we may have limited or no control over how cybersecurity attacks on our partners or vendors are addressed. An actual or perceived breach of our network security and systems or other cybersecurity-related events that cause the loss, theft or unauthorized disclosure of our customers' information, including any delay in determining the full extent of a potential breach, could have a material adverse impact on our business, results of operations, and financial condition, including harm to our reputation and brand, reduced demand for our solutions, time-consuming and expensive litigation, fines, penalties, and other damages.

Technology6 | 11.8%

Technology - Risk 1

If we are unable to provide successful enhancements, new features, and modifications to our cloud services, our business could be adversely affected.

Our industry is marked by rapid technological developments and new and enhanced applications and cloud services. If we are unable to provide enhancements and new features for our existing services or new services that achieve market acceptance or that keep pace with rapid technological developments, our business could be adversely affected. We have recently launched various new product features and other changes, including Event Notification and Live Read. We cannot be certain whether such features and other changes will achieve a desired level of market adoption and return on investment. In addition, because our cloud services are designed to operate on a variety of systems, we will need to continuously modify and enhance our cloud services to keep pace with changes in internet-related hardware, operating systems, and other software, communication, browser, and database technologies, including the systems of our partners, vendors, and competitors. We also have limited internal resources and thus need to selectively prioritize features and other development and infrastructure projects, and de-prioritize other such projects. Although we seek to prioritize the projects that we believe are the most important and de-prioritize projects of lesser importance based on the information available to us at any given time, there is no guarantee that our prioritization efforts will achieve the desired market adoption or infrastructure improvements and we may not be successful in either developing these modifications and enhancements or in bringing them to market in a timely fashion. In addition, any failure of our cloud services to operate effectively and on a timely basis with network platforms and technologies could reduce the demand for our cloud services, result in customer dissatisfaction and adversely affect our business. Furthermore, future enhancements, features or offerings may increase our research and development expenses and infrastructure costs, which could adversely impact our pricing advantage, undermine our ease of use, make it more difficult to attract and retain customers, and harm our results of operations.

Technology - Risk 2

Material defects or errors in our software or hardware failures could negatively impact our business, harm our reputation, result in significant costs to us, and negatively impact our ability to sell our cloud services.

The software underlying our cloud services is inherently complex and may contain material defects or errors, particularly when first introduced or when new versions or enhancements are released. We have from time to time found defects or errors in our cloud services, and new defects or errors in our existing solutions may be detected in the future by us, our customers or partners, or other third parties. The costs incurred in correcting such defects or errors may be substantial and could negatively impact our business. Backblaze employees could also introduce defects or errors through incompetence, malfeasance, or a mistake that would lead to data loss. For example, to the extent that the encryption keys for encrypted customer data stored by Backblaze were to be deleted or corrupted, the data could become unrecoverable. In addition, we rely on hardware purchased or leased and software licensed from third parties to offer our cloud services. Hardware is susceptible to failures over time and may require increased maintenance effort and costs. Any defects in, or unavailability of, our software or hardware failures that cause interruptions to the availability of our cloud services or that otherwise impact our business could, among other things: - require us to issue refunds or credits to our customers or expose us to claims for damages,- cause us to lose existing customers and make it more difficult to attract new customers,- divert our development resources or require us to make extensive changes to our cloud services or software,- harm our reputation and brand, and - negatively impact our results of operations.

Technology - Risk 3

Any significant disruption in our service, or loss or delay in availability of our customers' data, could damage our reputation and harm our business and operating results.

Our brand, reputation, and ability to manage our systems; attract, retain, and serve our customers; and interface with our partners, are dependent upon the reliable performance of our platform, including our underlying technical infrastructure, as well as the systems and infrastructure of various third parties, including third-party hosted data centers that we use and internet access and infrastructure used by us and our customers and partners. Our customers rely on our platform to store and access their data, including financial records, business information, personal information, documents, media, and other important content. There are various reasons that our platform, or the systems that are used to access or support our platform, could experience a disruption in service, some of which are entirely outside of our control. For example, our facilities as well as the data centers that we use are vulnerable to damage or interruption from human error, intentional bad acts, extreme weather, earthquakes, floods, fires, war or other military conflict, including the conflicts between Russia-Ukraine and Israel-Hamas, which may further escalate and could directly or indirectly involve other countries, including the United States, terrorist attacks, cybersecurity attacks or the risk of potential cybersecurity attacks, power losses, hardware failures, systems failures, telecommunications failures, and similar events, any of which could disrupt our service, destroy user content, or prevent us from being able to continuously back up or record changes in our users' content. For example, a third party vendor that operated one of our multiple data center locations, filed for bankruptcy under Chapter 11 of the United States Bankruptcy Code in 2022. This bankruptcy matter was resolved without disruption to our normal operations, but future bankruptcies or similar events affecting our third-party hosted data center providers could result in disruptions to our Company, access to customer data may become unavailable or customer data could be lost, and it may take a significant period of time to achieve full resumption of our cloud services. Also, in response to the Russian attack on Ukraine that began in February 2022, the United States and many other countries began imposing sanctions on Russia and certain parts of Ukraine, including restrictions on the import and export of goods and services to those regions. These restrictions have also been expanded to other countries, including Belarus. Although we do not have a significant number of customers located in those regions, such actions have had some immaterial impact on our business. It is difficult to predict how long the conflict may last, how the conflict could escalate, and how the sanctions may evolve, which could cause a greater adverse impact on our business and operations. While we maintain incident response plans that include defined processes, roles, communications, responsibilities and procedures for responding to cybersecurity incidents and other events that impact our operations, and such plans are tested and evaluated on a regular basis, our disaster recovery planning cannot account for all eventualities and even if we anticipate an incident, our disaster recovery plans may not be sufficient to timely and effectively address the issue. Moreover, our platform and technical infrastructure may not be adequately designed with sufficient reliability and redundancy to avoid delays or outages or other issues that could be harmful to our business. If our platform is unavailable when users attempt to access it, or if it does not perform as quickly as they expect, or if data is lost, users may not use our platform as often in the future, or at all.

Technology - Risk 4

Our business could be materially harmed to the extent that we do not effectively manage our data center capacity and the costs associated with our data centers.

We must continue to effectively manage our capital expenditures by maintaining and expanding our data center capacity, servers and equipment, and locations. The costs of leasing, building out and maintaining our data centers constitute a significant portion of our capital and operating expenses. To manage our data center capacity and the associated capital expenditures, we continuously evaluate our short and long-term data center capacity requirements. However, because our customer retention and the amount of data that they store with us may increase, decline or fluctuate as a result of a number of factors it is difficult to accurately predict our capacity needs over time. If we underestimate the data center capacity needed to address increases in volume usage, or there is not enough capacity at the data centers at commercially acceptable rates, or at all, we may be unable to increase our data center capacity in an expedient and cost-effective manner, which could result in materially adverse effects on our business and our results of operations. For example, if we are not able to obtain data center capacity on a timely basis, the ability for customers to upload or download data could be negatively impacted. As a result, we might be unable to attract new customers or retain existing customers and could cause existing customers to reduce the amount of data that they store with us. In such a scenario, we may also be required to enter into leases or other agreements for data centers, servers and other equipment that are more expensive than they otherwise would be as a result of the increased demand and competition in the market for data center capacity. It can also take time to add data center capacity, whether at existing data center locations or new locations, and therefore, we may also not be able to expand our data center capacity to address customer needs on a timely basis. In addition, many of our data center sites are subject to multi-year leases. If our capacity needs are reduced, or if we decide to close a data center, we may nonetheless be committed to perform our obligations under the applicable leases including, among other things, paying the base rent for the balance of the lease term and continuing to pay for any servers or other equipment. If we overestimate our data center capacity requirements, and therefore secure excess data center capacity and servers or other equipment, then our capital expenditures could be materially increased and our operating margins could be materially reduced. To the extent we pursue any expansion of our data center footprint, our infrastructure and maintenance costs will increase. In addition, we will generally incur expenses in advance of receiving any increase in customers, revenue or other benefits. Any expansion outside of the United States will also increase the costs of compliance with local laws and regulations. As a result, we may not be able to recover the cost of those investments, which could materially adversely affect our business and results of operations. We may also be subject to risks and unanticipated increases in energy costs as a result of: regulations intended to regulate carbon emissions and other pollutants, laws requiring enhanced energy efficiency measures, surcharges related to recovering the cost of extreme weather events and natural disasters, geopolitical conflicts, military conflicts, grid modernization charges, as well as other charges. Such increases could adversely affect our business financial conditions and results of operations.

Technology - Risk 5

Our ability to maintain customer adoption and satisfaction depends in part on the ease of use of our cloud services, and any such failure could have an adverse effect on our business.

Our success in retaining existing customers and obtaining new customers is dependent in part on the ease of use of our cloud services. If our platform and cloud services, including new service offerings and features as they become available, become more complicated and less easy-to-use, customers could experience increased difficulties or disruption with storing or accessing their data, and we may lose existing customers or experience increased challenges obtaining new customers or existing customers may not choose to use additional features of our cloud services. In addition, our customers sometimes depend on our technical support services to resolve issues relating to our platform. If we do not succeed in helping our customers quickly resolve issues or provide effective ongoing education related to our platform, our reputation and business may be harmed.

Technology - Risk 6

Our use of "open-source" software could negatively affect our ability to sell our cloud services and subject us to possible litigation.

A portion of the technologies used by us incorporates "open-source" software, and we may incorporate open-source software in the future. Such open-source software is generally licensed by its authors or other third parties under open-source licenses. Companies that incorporate open-source software into their solutions have, from time to time, faced claims challenging the use of open-source software and compliance with open-source license terms. These licenses may subject us to certain unfavorable conditions, including requirements that we offer all or parts of our technology or services that incorporate the open-source software at no cost, that we make publicly available source code for modifications or derivative works we create based upon, incorporating, or using the open-source software, and/or that we license such modifications or derivative works under the terms of the particular open-source licensor other license granting third parties certain rights of further use. Although we monitor our use of open-source software, we cannot assure you that all open-source software is reviewed prior to use in our cloud services, that our developers have not incorporated open-source software into our technology platform or services, or that they will not do so in the future. In the event that we become subject to such claims, we could be subject to significant damages, enjoined from the sale of our solutions that contained the open-source software, and required to comply with onerous conditions. In addition, the terms of open-source software licenses may require us to provide software that we develop using such open-source software to others on unfavorable license terms. As a result of our current or future use of open-source software, we may face claims or litigation, be required to release our proprietary source code, pay damages for breach of contract, re-engineer our solutions, discontinue making our solutions available in the event re-engineering cannot be accomplished on a timely basis or take other remedial action. Any such re-engineering or other remediation efforts could require significant additional research and development resources, and we may not be able to successfully complete any such re-engineering or other remediation efforts on a timely basis, or at all. Any of these risks could be difficult to eliminate or manage, and, if not addressed, could disrupt the distribution and sale of our solutions and have a material adverse effect on our business and operating results.

Ability to Sell

Total Risks: 9/51 (18%)Above Sector Average

Competition1 | 2.0%

Competition - Risk 1

The markets in which we participate are intensely competitive, and if we do not compete effectively, our operating results would be harmed.

The markets in which we operate are highly competitive, with relatively low barriers to entry for certain applications and services. Some of our competitors include cloud-based services such as those offered by Amazon.com, Inc. through Amazon Web Services, Alphabet Inc. through Google Cloud Platform, and Microsoft Corporation through Azure, and on-premises offerings such as those offered by EMC/Dell and NetApp. Many of our competitors and potential competitors are larger and have greater name and brand recognition; much longer operating histories; larger budgets for the development, promotion and sale of their products or services; broader service offerings and capabilities; and significantly greater resources than we do. In addition, many of our competitors have established marketing and distribution relationships with channel partners, consultants, system integrators, and resellers. Our competitors may also be able to respond more quickly and effectively to new or changing opportunities, technologies, standards, or customer requirements, including offering multiple types of storage solutions with various price points, feature sets and performance levels. Competition may intensify in the future and may also include new market entrants, including storage offerings by some of our partners. Our competitors could offer their products or services at a lower price or in some combination with other services or applications that we do not offer, which could result in pricing pressures on our business. In the third quarter of 2023, we also announced price increases to our Computer Backup and B2 Cloud Storage offerings, which took effect in the fourth quarter of 2023. While there was some incremental decline in the rate at which customers increase storage with us as well as the number of new customers following the price increase, we did not experience any material impact on customer retention as of December 31, 2023 and September 30, 2024, respectively. However, it is difficult to attribute the impact from the price increase compared to other factors or variances in our quarterly results. In any event, while price increases may provide increased revenue from existing customers, any future price increase by us, or reductions in prices by our competitors, could cause us to lose existing customers who do not wish to renew their subscriptions at the higher prices, reduce the number of new customers that buy our products, or decrease the amount of data that customers store with us or subscriptions they purchase from us. Increased competition generally could result in reduced sales, increased customer churn, lower margins, losses, or the failure of our cloud services to achieve or maintain widespread market acceptance, any of which could harm our business.

Demand3 | 5.9%

Demand - Risk 1

To the extent we target different types of customers, we may face increased demands and challenges that adversely impact our business and operations.

Historically, most of our customers consisted of small-to-medium sized businesses and individuals. Our growth strategy is in part dependent upon attracting and retaining customers that are larger businesses and organizations. To the extent we target other types of customers or customers with different or specific needs, we may face greater demand for certain service enhancements or features that we do not currently offer, or additional performance, availability, durability, and security requirements. We may face increased competition from some of our competitors that typically target larger businesses and organizations and that may have pre-existing relationships or purchase commitments, that may have more experienced sales personnel or greater budgetary resources available to target larger customers, or that may be able to bundle other services with an offering that is competitive with ours. Certain types of customers may also have longer sales cycles, less predictability or higher volatility in the amount of data they store with us, increased pricing or negotiation leverage, and increased customer education, prolonged contract negotiations and overall customer engagement needs. In addition, some customers may demand more customization, integration, and support services. Any of these factors could require us to devote greater sales, engineering, marketing, operations, and support services as well as make significant infrastructure changes, which could increase our costs, divert key resources from other current and prospective customers, and otherwise adversely affect our business and operating results. These increased demands and challenges may also be for the benefit of a limited number of customers. In addition, the loss of any larger customers will have a greater impact on our financial results than the loss of smaller customers. Moreover, we cannot assure you that our efforts to attract and retain customers will be successful or justify the additional investments in a timely manner, or at all.

Demand - Risk 2

Our business is substantially dependent on mid-market organizations, which may be more vulnerable to market fluctuations and other economic factors, and their vulnerability to such factors could negatively impact our business.

If we are unable to successfully market and sell our cloud services to mid-market organizations, our ability to grow our revenue and achieve profitability will be harmed. We expect it will be more difficult and expensive to attract and retain mid-market organization customers than other customers because mid-market organizations are more frequently forced to curtail or cease operations due to the sale or failure of their business; can be more difficult to identify and may require more expensive, targeted sales campaigns; and generally have lesser amounts of data to store than larger organizations, thus requiring us to successfully sell to and support more mid-market organizations for meaningful revenue impact. In addition, mid-market organizations frequently have limited budgets and are more likely to be significantly affected by economic downturns than larger, more established companies. For example, recent high inflation and recession concerns in the United States could have a greater adverse impact on mid-market organizations. As a result, mid-market organizations may choose to spend funds on items other than our cloud services, particularly during difficult economic times. If we do not achieve continued success among mid-market organizations, our business, operating results, and future growth would be adversely affected.

Demand - Risk 3

We are dependent on a small number of service offerings, and any reduced market adoption of these offerings would result in lower revenue and harm our business.

As a specialized cloud vendor, we are dependent on a small number of offerings focused on cloud storage and computer backup, and a limited number of corresponding use cases. Our B2 Cloud Storage and Computer Backup offerings have accounted for substantially all of our total revenue to date and we anticipate that they will continue to do so for the foreseeable future. As a result, our revenue could be reduced as a result of any general or industry decline in demand for cloud-based storage solutions, particularly given that we would not have meaningful revenue from other market sectors to offset any temporary or longer-term downturn in demand for cloud-based storage solutions.

Sales & Marketing3 | 5.9%

Sales & Marketing - Risk 1

Our business is exposed to risks associated with online payment processing methods.

Many of our customers pay for our cloud services and products using credit cards. We rely on internal systems as well as those of third parties, including Stripe, to process payments. Acceptance and processing of these payment methods are subject to certain rules and regulations and require payment of interchange and other fees. To the extent there are increases in payment processing fees, material changes in the payment ecosystem, such as large re-issuances of payment cards, delays in receiving payments from payment processors, changes to rules or regulations concerning payment processing, loss of payment partners, and/or disruptions or failures in our payment processing systems or payment products, including products we use to update payment information, our revenue, operating expenses, and results of operation could be adversely impacted. For example, in response to the Russian attack on Ukraine that began in February 2022, the United States and many other countries began imposing sanctions on Russia and certain other regions, including goods and services imported and exported to Russia and certain other regions. In addition, various banking institutions and companies, including Stripe and credit card companies, began prohibiting any payments from persons located in Russia, which impacts our ability to receive payments from, and transact certain types of business operations with, our customers, and potential new customers, that are located in those regions. Although we do not have a significant number of customers located in those regions, such actions will have some impact on our business. It is also difficult to predict how long the conflict may last, how the conflict could escalate, and how the sanctions may evolve, which could cause a greater adverse impact on our business and operations than we expect.

Sales & Marketing - Risk 2

Our business depends on our ability to retain and increase revenue from customers, and if we are unable to do so, our revenue and operating results would be adversely affected.

It is important for our business that our customers continue to use, and even increase their use of, our cloud services. Many of our customers can terminate their use of our cloud services at will with little-to-no advance notice. Even though some of our customers enter into longer-term multi-year agreements, they generally have no obligation to renew their subscriptions or increase usage. Due to our varied customer base and lack of long-term customer and usage commitments, it can be difficult to accurately predict our customer retention rate on a quarterly basis or long-term basis. Our customer retention and the amount of data that they store with us may decline or fluctuate as a result of a number of factors, including potential customer dissatisfaction with our cloud services and offerings; pricing plans; our customers' own business conditions; customer decisions to delete unneeded or redundant data; the perception, whether or not accurate, that competitive products provide better options; changes in our brand or reputation; and overall general economic conditions. Our recent price increase for Computer Backup and B2 Cloud Storage could make it more difficult to attract new customers and retain existing customers, or cause existing customers to reduce the amount of data that they store with us or subscriptions they purchase from us. Our future financial performance also depends in part on our ability to continue to increase revenue from our customers through new features and additional paid products, such as Event Notifications, Live Read, Enterprise Control and multi-region selection. Our customers' decision whether to opt for additional paid products is driven by a number of factors. If our customers do not perceive the value in such additional paid offerings, we may not realize the anticipated benefits of our investments in such additional features, and our financial results could be harmed. If we cannot successfully retain our existing customers and add new customers consistent with historical rates, including maintaining or growing the amount of data that our customers store with us, our revenue and ability to grow may be adversely affected.

Sales & Marketing - Risk 3

If we are unable to attract and retain customers on a cost-effective basis, our revenue and operating results would be adversely affected.

We generate substantially all of our revenue from the sale of our cloud services either on a consumption or subscription model. To grow, we must continue to attract a large number of customers on a cost-effective basis. While there was no material negative impact on customer retention as of December 31, 2023 as a result of our recent price increase for Computer Backup and B2 Cloud Storage in late 2023, any price increases could make it more difficult to attract new customers and retain existing customers, or cause existing customers to reduce the amount of data that they store with us, thus negatively impacting our revenue and business. We have historically used, and plan to increase our use of, a variety of advertising and marketing programs to promote our cloud services. Our sales and marketing investments intended to accelerate the scaling of our business including any expansion of existing programs and new programs to promote our cloud services, may not be successful or provide a reasonable return on investment within a desired timeframe. Significant increases in the pricing of one or more of our advertising channels would increase our advertising and marketing costs or cause us to choose less expensive and perhaps less effective channels. We may also need to expand into channels with significantly higher costs, which could adversely affect our operating results. We may also incur increased sales and marketing expenses and engineering and operating expenses, including infrastructure expenditures, significantly in advance of the time we anticipate recognizing any revenue generated by such expenses, and we may only at a later date, or never, experience an increase in revenue or other benefits as a result of such expenditures. If we are unable to achieve effective advertising and marketing programs or successfully expand our solution offerings and operations, our ability to attract new customers could be adversely affected, our advertising and marketing expenses could increase substantially, and our operating results may suffer. A portion of our potential customers locate our website through search engines, such as Google, Bing, and Yahoo!. In 2023 we modernized our website to help improve the user experience and increase traffic through search engine optimization to accelerate lead generation, although such efforts may not be as successful as anticipated to increase web traffic and improve the user experience. Our ability to maintain the number of visitors directed to our website is not entirely within our control. If search engine companies modify their search algorithms in a manner that reduces the prominence of our listing, or if our competitors' search engine optimization efforts are more successful than ours, fewer potential customers may click through to our website. In addition, the cost of purchased listings has increased in the past and may increase in the future. A decrease in website traffic or an increase in promoted search result costs could adversely affect our customer acquisition efforts and our operating results. In addition, we also rely on our blog and word of mouth to drive additional customers. To the extent our blog does not continue to attract readers or if our reputation is harmed, these additional means of attracting customers may no longer provide significant numbers of customers in the future. In addition, because we offer our Computer Backup cloud service at a fixed price, the amount of data our customers back up affects our costs and gross margins. Subject to certain limitations, we also offer free egress for our B2 Cloud Storage customers. To the extent current or future customers back up unusually large amounts of data, use an excessive amount of egress or growth in the amount of data backed up per customer outpaces decreases in storage costs, our costs, gross margins and infrastructure could be adversely affected.

Brand / Reputation2 | 3.9%

Brand / Reputation - Risk 1

If we are unable to maintain our brand and reputation, our business, results of operations, and financial condition may be adversely affected.

The successful promotion of our brand and our ability to maintain our reputation will depend on a number of factors, including our performance and the reliability of our cloud services; our advertising and marketing efforts, including our blog and social media presence, which have been important to building and maintaining our brand and reputation; our ability to continue to develop high-quality features and cloud services; and our ability to successfully differentiate our cloud services from competitive products and services. Our brand promotion activities may not be successful or yield increased revenue. The promotion of our brand may require us to make substantial expenditures, particularly as our markets become more competitive and we expand into new markets or offer new products or services, or additional features. Expenditures intended to maintain and enhance our brand may not be cost-effective or effective at all. If we do not successfully maintain and enhance our brand, we may have reduced pricing power relative to our competitors, we could lose customers, we could fail to attract potential new customers or retain our existing customers, or our blog and thought leadership in our industry may decline in popularity, all of which could materially and adversely affect our business.

Brand / Reputation - Risk 2

The material stored using our cloud services may subject us to negative publicity, legal liability, and harm our business.

We are not aware of the contents of the data that customers store using our cloud services. While we do have a detailed process to address any third-party complaint regarding illegal or other inappropriate use of our cloud services by a customer that would violate our terms of service, for security and privacy reasons we do not actively monitor the content of data that is being stored with us. To the extent that sensitive, personally identifiable, illegal, or controversial data is stored in our servers and that becomes known publicly, particularly given the highly volatile nature of the political landscape throughout the world and immediate access by individuals to social media platforms with a broad outreach, it may create negative publicity and adversely impact our reputation and harm our business.

Legal & Regulatory

Total Risks: 4/51 (8%)Below Sector Average

Litigation & Legal Liabilities1 | 2.0%

Litigation & Legal Liabilities - Risk 1

Any future litigation against us could be costly and time-consuming to defend.

We may become subject to legal proceedings, investigations, and claims that arise in the ordinary course of business. For example, we may be subject to claims brought by customers, vendors or other third parties in connection with various types of disputes, including relating to commercial or contract matters, violation of securities laws, intellectual property laws or other laws, or privacy or other data breaches, or employment claims made by our current or former employees. Litigation can often be expensive, even when there is a successful outcome, and can divert management's attention and resources, which could harm our business and financial condition. Any adverse outcome could also result in significant monetary damages or other types of unfavorable relief, which could harm our business as well as our reputation. Although we may have various insurance policies, insurance might not cover such claims or provide sufficient payments to cover all the costs to resolve one or more such claims, and might not continue to be available on terms acceptable to us, including premium increases or the imposition of large deductible or co-insurance requirements. In addition, we may also be subject to subpoena requests from third parties as well as governmental agencies from time to time that require us to provide certain information relating to matters targeted against other third parties, which can be time consuming.

Taxation & Government Incentives2 | 3.9%

Taxation & Government Incentives - Risk 1

Our operating results may be harmed if we are required to collect sales or other related taxes for our cloud services in jurisdictions where we have not historically done so.

We collect sales and value-added tax in connection with our cloud services in a number of jurisdictions. One or more states or countries may seek to impose incremental or new sales, use, or other tax collection obligations on us, including for past sales by us or our resellers and other partners. Online sellers can be required to collect sales and use tax despite not having a physical presence in the buyer's state. A successful assertion by a state, country, or other jurisdiction that we should have been or should be collecting additional sales, use, or other taxes on our cloud services could, among other things, result in substantial tax liabilities for past sales, create significant administrative burdens for us, discourage users from purchasing our platform, or otherwise harm our business, results of operations, and financial condition.

Taxation & Government Incentives - Risk 2

Changes in tax laws could materially affect our financial condition, results of operations and cash flows.

We are unable to predict what changes to the tax laws of the U.S. and other jurisdictions may be proposed or enacted in the future or what effect such changes would have on our business. Any significant increase in our future effective tax rate could have a material adverse impact on our business, financial condition, results of operations, or cash flows. The rules dealing with U.S. federal, state and local income taxation are constantly under review by persons involved in the legislative process and by the Internal Revenue Service and the U.S. Treasury Department. Changes to tax laws (which changes may have retroactive application) could adversely affect us or holders of our common stock. For example, under Section 174 of the Code, in taxable years beginning after December 31, 2021, expenses that are incurred for research and development in the U.S. will be capitalized and amortized, which may have an adverse effect on our cash flow. In recent years, many such changes have been made, and changes are likely to continue to occur in the future. It cannot be predicted whether, when, in what form or with what effective dates tax laws, regulations and rulings may be enacted, promulgated or issued, which could result in an increase in our or our shareholders' tax liability or require changes in the manner in which we operate in order to minimize or mitigate any adverse effects of changes in tax law.

Environmental / Social1 | 2.0%

Environmental / Social - Risk 1

We store personal information and other customer data, which subjects us to various data privacy laws, governmental regulations, and other related legal obligations, and any actual or perceived failure to comply with such requirements could harm our business.

We store personal information and other customer data, as well as use certain cookies on our website, that are subject to numerous federal, state, local, and foreign laws regarding privacy and the storing and protection of personal information and other customer data, and disclosure requirements regarding the use and certain breaches of such laws. For example, we are subject to the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act of 2020 (CPRA), among other laws and regulations around the world. Other comprehensive data privacy or data protection laws or regulations requiring local data residency and/or restricting the international transfer of data have been passed or are under consideration in other jurisdictions. In addition, some industries have industry-specific requirements relating to compliance with certain security and regulatory standards, such as those required by the Health Insurance Portability and Accountability Act (HIPAA). For example, HIPAA imposes privacy, security, and breach reporting obligations with respect to individually identifiable health information upon "covered entities" (e.g., health plans, health care clearinghouses, and certain health care providers), and their respective business associates, individuals, or entities that create, receive, maintain or transmit protected health information in connection with providing a service for or on behalf of a covered entity. Such laws give rise to an increasingly complex set of compliance obligations on us regarding our ability to gather, use, and store customer data and customer account data. These privacy and data protection laws are subject to rapid change and differing interpretations, may require limited timeframes to implement changes, and can be inconsistent among regulatory frameworks or conflict with other rules or our business practices. We strive to comply with all applicable laws, policies, legal obligations, and industry codes of conduct relating to privacy and data protection to the extent possible. Our efforts to comply with the complex matrix of data privacy laws around the world subjects us to increasing costs to review and comply with such laws, including updating our policies, procedures, and business practices to address such evolving privacy laws. We also make public statements and commitments regarding our use and disclosure of personal information through our privacy policy, information provided on our website, and data processing agreements with customers and other third parties. Because the interpretation and application of data protection laws, regulations, standards, and other obligations are often uncertain and in flux, and sometimes contradictory, it is possible that the scope and requirements of these laws and other obligations may be interpreted and applied in a manner that is inconsistent with our practices, and our efforts to comply with rapidly evolving data protection laws and obligations may be unsuccessful. For example, we previously relied on the EU-US Privacy Shield framework, which was invalidated by a European court in July 2020. As a result of such a decision, we have had to take additional steps to comply with applicable EU data protection requirements, including implementation of standard contractual clauses. Any failure, or perceived failure, by us to comply with applicable privacy and security laws, policies, or related contractual obligations, or any compromise of security that results in unauthorized access, or the use or transmission of personal information or other customer data, could result in a variety of claims against us, including governmental enforcement actions and investigations, audits, inquiries, whistleblower complaints, class action privacy litigation in certain jurisdictions, and proceedings by data protection authorities. For example, under the GDPR we may be subject to fines of up to €20 million or up to 4% of the total worldwide annual group turnover of the preceding financial year, as well as potentially face claims from individuals. The CCPA provides for civil penalties for violations, as well as a private right of action for certain data breaches that result in the loss of personal information. This private right of action may increase the likelihood of, and risks associated with, data breach litigation. The CPRA added new requirements and consumer privacy rights as well as the creation of the California Privacy Protection Agency as a dedicated agency to implement and enforce California state privacy laws, investigate violations and assess penalties. Any new or currently applicable privacy and security laws, policies, or related contractual obligations may be enacted, adopted, or modified, the result of which may impact our compliance efforts, especially when certain emerging privacy laws are still subject to a high degree of uncertainty as to their interpretation, application and impact. Any non-compliance with data privacy requirements could subject us to significant fines and penalties, adverse media coverage, reputational damage, the loss of current and potential customers, loss of export privileges, or criminal or other civil sanctions, any of which could materially adversely affect our business and financial condition.

Production

Total Risks: 4/51 (8%)Below Sector Average

Employment / Personnel2 | 3.9%

Employment / Personnel - Risk 1

We rely on the performance of key personnel, including our management and other key employees, and the loss of one or more of such personnel, or of a significant number of our team members, could harm our business.

We believe our success has depended, and continues to depend, on the efforts and talents of senior management and other key personnel. Substantially all of our employees, including our senior management, are employed on an at-will basis. We cannot ensure that we will be able to retain the services of any member of our senior management or other key employees, particularly given that some of these employees may hold equity of the Company that is largely vested, or that we would be able to timely replace members of our senior management or other key employees should any of them depart. The loss of one or more members of our senior management or other key employees could harm our business.

Employment / Personnel - Risk 2

The failure to attract and retain additional qualified personnel could prevent us from executing our business strategy.

To execute our business strategy, we must attract and retain highly qualified personnel. Competition for executive officers, software developers, sales personnel, operational personnel, and other key employees in our industry is intense. In particular, we compete with many other companies for software developers with high levels of experience in designing, developing, and managing cloud-based software, as well as for skilled sales and operations professionals. In addition, we believe that the success of our business and corporate culture depends on employing a diverse workforce, and the competition for such personnel is significant. The market for such talented personnel is particularly competitive in the San Francisco Bay Area, where our headquarters is located. Many of the companies with which we compete for experienced personnel have greater resources than we do and can frequently offer such personnel substantially greater compensation than we can offer. In addition, in 2024 we implemented a new commission structure for our sales team. If our new sales commission program does not effectively incentivize our sales team at appropriate compensation levels, we may not be successful in retaining or hiring qualified sales personnel, obtaining new customers, increasing sales to our existing customer base, or effectively managing compensation levels. In addition, we may be unsuccessful at retaining our key employees, and it may take significant time for new employees to achieve full productivity, either of which would adversely impact our business, results of operations, and financial condition. If we fail to attract new personnel, including accomplished executive talent, or if we fail to retain and motivate our current personnel, our business would be harmed. In addition, if we are unable to hire new employees on a timely basis or reach productive levels in a short time frame, new growth initiatives and other projects may be delayed or otherwise disrupted, which could cause us to miss our performance goals and negatively impact our business.

Supply Chain2 | 3.9%

Supply Chain - Risk 1

We rely on third-party vendors and suppliers, including data center and hard drive providers, which may have limited sources of supply, and this reliance exposes us to potential supply and service disruptions that could harm our business.

We depend on a limited number of third-party data centers and other providers to safely house our equipment and provide sufficient power, bandwidth, and other infrastructure needs to support our operations and cloud services. To support our anticipated growth and as we develop and implement new product features we may require more computing infrastructure,which may include the opening and expansion of data centers. The risks we face in connection with the opening and expansion of data centers include: - we may not be able to find suitable third-party data center locations with sufficient power, or bandwidth, or such data center locations may not be available on commercially reasonable terms;- we will be required to commit substantial operational and financial resources to open new data centers, and we may not have sufficient customer demand in those markets to support the new data centers;- unanticipated delays in the completion of such projects or availability of components may lead to increased project costs, operational inefficiencies, or interruptions in the delivery or degradation of quality of our service;- issues that are not identified during the testing phases of design and implementation, which may only become evident after we have started to fully utilize the underlying equipment, could disrupt the delivery of our cloud services to customers or increase our costs; and - unanticipated technological changes could affect customer requirements for data centers, and we may not have built such requirements into our new data centers. We also rely on key components for our platform, including hard drives and semiconductors, which come from limited sources of supply. Any decrease in hard drive availability could negatively impact our operations. Various events, including a pandemic or fluctuating demands in the cryptocurrency mining markets have impacted, and could impact in the future, our ability to source components in a timely and cost-effective manner from third-party suppliers. For example, for a limited period of time starting in April 2020, we acquired additional hard drives and related infrastructure through finance lease agreements in order to minimize the impact of potential supply chain disruptions due to the COVID-19 pandemic. The additional leased hard drives resulted in a higher balance of capital equipment and related lease liability, an increase in cash used in financing activities from principal payments, as well as a higher ongoing interest and depreciation expense related to these lease agreements. The semiconductor industry also experienced a global chip shortage due to the COVID-19 pandemic and various other factors. Current or future supply chain interruptions that could be exacerbated by global political tensions, such as the Russia-Ukraine and Israel-Hamas hostilities, or tensions between Taiwan and China, particularly if those tensions escalate into an armed conflict or directly or indirectly involve other countries, including the United States, that could disrupt the global supply chain and result in the implementation of trade barriers, including boycotts or the use of economic sanctions and export control restrictions, any of which could negatively impact our ability to acquire hard drives and semiconductors. In addition, our business could be harmed in the event of any industry consolidations, acquisitions or other restructuring events. For example, in September 2023, Toshiba Corp., one of our hard drive suppliers, announced the completion of a buy-out by various private equity firms and others. Also, in October 2023, Western Digital, another one of our hard drive suppliers, announced that it would spin-out its hard drive and other selected businesses into a separate company. Any shortage of key components, including hard drives, could materially and adversely affect our ability to provide our cloud services, as well as negatively impact our financial results by increasing our costs, lease liabilities, interest and depreciation expenses, and inventory levels. Shortages or pricing fluctuations could be material in the future. In the event of a shortage, supply interruption, material pricing change or other significant events involving one of our suppliers, we may be unable to develop alternate sources in a timely manner or at all. For example, a third party vendor that operated one of our multiple data center locations, filed for bankruptcy under Chapter 11 under the United States Bankruptcy Code in 2022. This bankruptcy matter was resolved without disruption to normal operations, but future bankruptcies or similar actions affecting our third-party hosted data center providers could result in disruptions to the company, and access to customer data may become unavailable or customer data could be lost, and it may take a significant period of time to achieve full resumption of our cloud services. Developing alternate sources of supply for these infrastructure needs, and transitioning our customers' data from one provider to another, may result in loss of availability of our services for a period of time, be time-consuming, costly, difficult, and increase the risk of damage and loss. We may also be unable to source them on terms that are acceptable to us, or at all, which may undermine our ability to operate or scale our platform and harm our business.

Supply Chain - Risk 2

We rely on third-party software for certain essential financial and operational services, and a failure or disruption in these services could materially and adversely affect our ability to manage our business effectively.

We rely on third-party software to provide many essential financial and operational services to support our business, including HubSpot, NetSuite, FireHydrant, and Zendesk. Some of these vendors are less established and have shorter operating histories than traditional software vendors. Moreover, many of these vendors provide their services to us via a cloud-based model instead of software that is installed on our premises. As a result, we depend upon these vendors to provide us with services that are always available and are free of errors or defects that could cause disruptions in our business processes. Any failure by these vendors to do so, or any disruption in our ability to access the internet, would materially and adversely affect our ability to manage our operations, disrupt the delivery of our cloud services to customers, and affect other areas such as our ability to timely provide required financial reporting.

Macro & Political

Total Risks: 3/51 (6%)Below Sector Average

Economy & Political Environment1 | 2.0%

Economy & Political Environment - Risk 1

Adverse economic conditions may adversely impact our revenue and profitability.

Our operations and financial performance depend in part on worldwide economic conditions and the impact these conditions have on levels of spending on cloud storage solutions. Our business depends on the overall demand for these products and on the economic health and general willingness of our current and prospective customers to purchase our cloud services. Some of our paying customers may view use of cloud storage services as a discretionary purchase and may reduce their discretionary spending on our cloud services during an economic downturn. Weak economic conditions, whether due to the banking and financial crises, a return of pandemic conditions, inflation, uncertainty relating to the hostilities with Russia-Ukraine and Israel-Hamas, and the potential escalation of geopolitical tensions that could also directly or indirectly involve other countries, including the United States, could cause a reduction in spending on products and solutions storage. Inflation has increased significantly over levels from the last few years in the United States amid a slowing economy and there are numerous indicators suggesting a potential economic recession in the United States and other regions of the world. Any such conditions could reduce sales, lengthen sales cycles, increase customer churn, and lower demand for our cloud services, which could adversely affect our business, results of operations, and financial condition. We also have been, and may in the future be, subject to increased energy costs, particularly with respect to our data center operations in Europe and elsewhere, which could adversely affect our expenses and business. In addition, the upcoming 2024 U.S. presidential election could lead to changes in economic conditions or economic uncertainties in the United States and globally. Any such changes or uncertainties, including in international trade relations, legislation and regulations (including those related to taxation and importation), or economic and monetary policies, could result in heightened diplomatic tensions or political and civil unrest, among other potential impacts, and have a material adverse effect on the global economy as a whole and/or our business, or may require us to significantly modify one or more of our current business practices.

International Operations1 | 2.0%

International Operations - Risk 1

As we expand our operations outside the United States, we may be subject to increased business, regulatory and economic risks that could impact our results of operations.

In the nine months ended September 30, 2024, we derived approximately 27% of our revenue from customers outside of the United States. We may also expand our international operations, which may include the establishment of foreign subsidiaries, the opening and expansion of data centers, hiring employees, building out technical infrastructure, and opening offices in foreign jurisdictions. Any new markets or countries into which we attempt to market and sell our cloud services may not be receptive. For example, we may be unable to expand further in some markets if we are unable to satisfy various government- and region-specific requirements, and the increased costs of compliance with local laws and regulations or standards in other countries may further increase the costs and result in delays, and, as a result, we may not be able to recover the cost of these investments, which could materially adversely affect our business and results of operations. In addition, our ability to manage our business and conduct our operations internationally requires considerable management attention and resources and is subject to the particular challenges and complexities of deploying infrastructure internationally and supporting a rapidly growing business in an environment of multiple languages, cultures, customs, legal and regulatory systems, alternative dispute systems, and commercial markets. International expansion has required, and will continue to require, investment of significant funds and other resources. Growth in our international operations will subject us to new risks and may increase risks that we currently face, including risks associated with: - higher costs of doing business internationally, including increased energy, infrastructure, accounting, travel, and legal compliance costs;- providing our platform, building out the necessary infrastructure and operating our business across a significant distance, in different languages and among different cultures, including the potential need to modify our platform and features to ensure that they are culturally appropriate and relevant in different countries;- compliance with applicable international laws and regulations, including laws and regulations with respect to privacy, data protection, consumer protection, data sovereignty, and unsolicited email, and the risk of penalties to our users and individual members of management or employees if our practices are deemed to be out of compliance, and additional laws and regulations in the United States that are applicable to international operations;- recruiting and retaining talented and capable employees outside the United States, and maintaining our company culture across all of our offices;- management of an employee base in jurisdictions that may not give us the same employment and retention flexibility as does the United States;- operating in jurisdictions that do not protect intellectual property rights to the same extent as does the United States;- compliance by us and our business partners with anti-corruption laws, anti-bribery, anti-money laundering, and similar laws; import and export control laws; tariffs and trade barriers; economic sanctions; and other regulatory limitations on our ability to provide our cloud services in international markets;- foreign exchange controls that might require significant lead time in setting up operations in certain geographic territories;- restrictions that might prevent us from repatriating cash earned outside the United States;- increased tax complexity, including being subject to regular review and audit by both United States federal and state and foreign tax authorities;- taxing authorities of the United States or foreign jurisdictions in which we operate may challenge our methodologies for valuing intercompany arrangements;- double taxation of our international earnings and potentially adverse tax consequences due to changes in the income and other tax laws of the United States or the international jurisdictions in which we operate; and - political and economic instability in various jurisdictions. Expanding our international operations and complying with applicable laws and regulations may substantially increase our cost of doing business in international jurisdictions. We may also be unable to keep current with changes in laws and regulations as they develop, and we or our employees, contractors, partners, and agents may fail to maintain compliance with applicable laws and regulations. Any violations could result in enforcement actions, fines, civil and criminal penalties, damages, injunctions, or reputational harm. If we are unable to comply with these laws and regulations or manage the complexity of our global operations successfully, our business, results of operations, and financial condition could be adversely affected.

Capital Markets1 | 2.0%

Capital Markets - Risk 1

We are exposed to fluctuations in currency exchange rates, which could negatively affect our results of operations.

All of our sales contracts, and substantially all of our operations and related financial arrangements, are currently denominated in U.S. dollars and therefore, our revenue and business operations are not directly subject to significant foreign currency risk. However, a strengthening of the U.S. dollar could increase the real cost of our cloud services to our customers outside of the United States, which could reduce demand for our cloud services and adversely affect our financial condition and results of operations. In addition, as we expand our international operations, we may become more exposed to foreign currency risk and may have some of our sales and other operations denominated in one or more currencies other than the U.S. dollar. If we become more exposed to currency fluctuations and are unable to successfully hedge against the risks associated with currency fluctuations, our results of operations could be materially and adversely affected.

See a full breakdown of risk according to category and subcategory. The list starts with the category with the most risk. Click on subcategories to read relevant extracts from the most recent report.

FAQ

What are “Risk Factors”?

Risk factors are any situations or occurrences that could make investing in a company risky.

The Securities and Exchange Commission (SEC) requires that publicly traded companies disclose their most significant risk factors. This is so that potential investors can consider any risks before they make an investment.

They also offer companies protection, as a company can use risk factors as liability protection. This could happen if a company underperforms and investors take legal action as a result.

It is worth noting that smaller companies, that is those with a public float of under $75 million on the last business day, do not have to include risk factors in their 10-K and 10-Q forms, although some may choose to do so.

How do companies disclose their risk factors?

Publicly traded companies initially disclose their risk factors to the SEC through their S-1 filings as part of the IPO process.

Additionally, companies must provide a complete list of risk factors in their Annual Reports (Form 10-K) or (Form 20-F) for “foreign private issuers”.

Quarterly Reports also include a section on risk factors (Form 10-Q) where companies are only required to update any changes since the previous report.

According to the SEC, risk factors should be reported concisely, logically and in “plain English” so investors can understand them.

How can I use TipRanks risk factors in my stock research?

Use the Risk Factors tab to get data about the risk factors of any company in which you are considering investing.

You can easily see the most significant risks a company is facing. Additionally, you can find out which risk factors a company has added, removed or adjusted since its previous disclosure. You can also see how a company’s risk factors compare to others in its sector.

Without reading company reports or participating in conference calls, you would most likely not have access to this sort of information, which is usually not included in press releases or other public announcements.

A simplified analysis of risk factors is unique to TipRanks.

What are all the risk factor categories?

TipRanks has identified 6 major categories of risk factors and a number of subcategories for each. You can see how these categories are broken down in the list below.

1. Financial & Corporate

Accounting & Financial Operations - risks related to accounting loss, value of intangible assets, financial statements, value of intangible assets, financial reporting, estimates, guidance, company profitability, dividends, fluctuating results.
Share Price & Shareholder Rights – risks related to things that impact share prices and the rights of shareholders, including analyst ratings, major shareholder activity, trade volatility, liquidity of shares, anti-takeover provisions, international listing, dual listing.
Debt & Financing – risks related to debt, funding, financing and interest rates, financial investments.
Corporate Activity and Growth – risks related to restructuring, M&As, joint ventures, execution of corporate strategy, strategic alliances.

2. Legal & Regulatory

Litigation and Legal Liabilities – risks related to litigation/ lawsuits against the company.
Regulation – risks related to compliance, GDPR, and new legislation.
Environmental / Social – risks related to environmental regulation and to data privacy.
Taxation & Government Incentives – risks related to taxation and changes in government incentives.

3. Production

Costs – risks related to costs of production including commodity prices, future contracts, inventory.
Supply Chain – risks related to the company’s suppliers.
Manufacturing – risks related to the company’s manufacturing process including product quality and product recalls.
Human Capital – risks related to recruitment, training and retention of key employees, employee relationships & unions labor disputes, pension, and post retirement benefits, medical, health and welfare benefits, employee misconduct, employee litigation.

4. Technology & Innovation

Innovation / R&D – risks related to innovation and new product development.
Technology – risks related to the company’s reliance on technology.
Cyber Security – risks related to securing the company’s digital assets and from cyber attacks.
Trade Secrets & Patents – risks related to the company’s ability to protect its intellectual property and to infringement claims against the company as well as piracy and unlicensed copying.

5. Ability to Sell

Demand – risks related to the demand of the company’s goods and services including seasonality, reliance on key customers.
Competition – risks related to the company’s competition including substitutes.
Sales & Marketing – risks related to sales, marketing, and distribution channels, pricing, and market penetration.
Brand & Reputation – risks related to the company’s brand and reputation.

6. Macro & Political

Economy & Political Environment – risks related to changes in economic and political conditions.
Natural and Human Disruptions – risks related to catastrophes, floods, storms, terror, earthquakes, coronavirus pandemic/COVID-19.
International Operations – risks related to the global nature of the company.
Capital Markets – risks related to exchange rates and trade, cryptocurrency.

Become an Expert with TipRanks Premium

What am I Missing?

Make informed decisions based on Top Analysts' activity

Know what industry insiders are buying

Get actionable alerts from top Wall Street Analysts

Find out before anyone else which stock is going to shoot up

Get powerful stock screeners & detailed portfolio analysis

Subscribe Now See Plans & Pricing