HTG Molecular Diagnostics (HTGMQ) Risk Factors

Our business requires collecting, receiving, processing, generating, transferring, disposing of, transmitting, sharing, manipulating, analyzing, disclosing, storing, making accessible and otherwise using (collectively, processing) large amounts of proprietary, confidential and sensitive data, including personal data about our employees and others, information we collect from samples we process, intellectual property, trade secrets, and proprietary business information owned or controlled by ourselves or other third parties (collectively, sensitive data). The confidentiality, availability, integrity and protection of our data and information technology systems is critical to our business and relevant stakeholders have a high expectation that we will adequately protect sensitive data. Our business therefore depends on the continuous, effective, reliable and secure operation of our data and information technology systems. To the extent that our information technology systems malfunction or access to our data is interrupted or otherwise compromised, our business could suffer. If we or the third parties upon which we rely have experienced or in the future experience any security incident(s) or other interruption(s) that result in any data loss, deletion or destruction, unauthorized, unlawful or accidental access to, loss of, acquisition of or disclosure of, alteration, encryption or exposure of sensitive data, or compromise related to the security, confidentiality, integrity or availability of our (or their) information technology systems or data, it may result in material adverse impacts. We and third parties upon which we rely are vulnerable to cyberattacks, malicious internet-based activity and online and offline fraud and other similar activities, such as social-engineering attacks, credential harvesting, supply-chain attacks, software bugs, malicious code (such as viruses and worms), employee theft or misuse, denial-of-service attacks (such as credential stuffing), ransomware attacks, phishing attacks, viruses, malware installation, server malfunction, software or hardware failures, telecommunications failures, physical or software break-ins, loss of data and other computer assets, adware or other similar issues. Such threats are prevalent and continue to increase and come from a variety of sources, including traditional computer "hackers", threat actors, "hacktivists", organized criminal threat actors, personnel (such as through theft or misuse), sophisticated nation states, and nation-state-supported actors. Some actors now engage and are expected to continue to engage in cyber-attacks, including without limitation nation-state actors for geopolitical reasons and in conjunction with military conflicts and defense activities. During times of war and other major conflicts, we and the third parties upon which we rely may be vulnerable to a heightened risk of these attacks, including retaliatory cyber-attacks, that could materially disrupt our systems and operations, supply chain, and ability to produce, sell and distribute our services. For example, some third parties upon which we rely to support our business are located in unstable regions and regions experiencing (or expected to experience) geopolitical or other conflicts, including Ukraine which was attacked by Russia in February 2022 through various means, including cyberattacks. In particular, severe ransomware attacks, including those from organized criminal threat actors, nation-states and nation-state supported actors, are becoming increasingly prevalent and severe and can lead to significant interruptions, delays, or outages in our operations, loss of data (including sensitive data) and income, significant extra expenses to restore data or systems, reputational loss and the diversion of funds. To alleviate the financial, operational and reputational impact of a ransomware attack, it may be preferable to make extortion payments, but we may be unwilling or unable to do so (including, for example, if applicable laws or regulations prohibit such payments). Additionally, as remote work has become more common, there is an increased risk to our information technology systems and data, as more of our employees utilize network connections, computers and devices outside our premises or network, including working at home, while in transit and in public locations. Moreover, future or past business transactions (such as acquisitions or integrations) could expose us to additional cybersecurity risks and vulnerabilities, as our systems could be negatively affected by vulnerabilities present in acquired or integrated entities' systems and technologies. Furthermore, we may discover security issues that were not found during due diligence of such acquired or integrated entities, and it may be difficult to integrate companies into our information technology environment and security program. In addition, we rely on enterprise software systems and third-party service providers and sub-processors to operate and manage our business, and to process sensitive data in a variety of contexts, including, without limitation, cloud-based infrastructure, data center facilities, encryption and authentication technology, employee email, content delivery to customers, and other functions. Our ability to monitor these third parties' information security practices is limited, and these third parties may not have adequate information security measures in place. If our third-party service providers experience a security incident or other interruption, we could experience adverse consequences. While we may be entitled to damages if our third-party service providers fail to satisfy their privacy or security-related obligations to us, any award may be insufficient to cover our damages, or we may be unable to recover such award. Additionally, supply chain attacks have increased in frequency and severity, and we cannot guarantee that third parties and infrastructure in our supply chain have not been compromised or that they do not contain exploitable defects or bugs that could result in a breach of or disruption to our systems and networks or the systems and networks of third parties that support us and our services. While we have implemented security measures designed to protect against security incidents, and take steps to detect and remediate vulnerabilities, we may not be able to detect and remediate all vulnerabilities because the threats and techniques used to exploit the vulnerability change frequently and are often sophisticated in nature. Therefore, such vulnerabilities could be exploited but may not be detected until after a security incident has occurred. Further, we may experience delays in developing and deploying remedial measures designed to address any such identified vulnerabilities. We could be required to expend significant resources, fundamentally change our business activities and practices or modify our services, software, operations or information technology in an effort to protect against security incidents and to mitigate, detect and remediate actual and potential vulnerabilities and security incidents. There can be no assurances that our security measures or those of the third parties upon which we rely will be effective in protecting against all security incidents and the material adverse impacts that may arise from such incidents. Despite the security controls we have in place, security incidents are very difficult to avoid. We have experienced specific instances of cyber events, including attempted compromises, in the past, and there could be unauthorized access, acquisition, disclosure and use of non-public information (including personal data) in the future. The techniques used to attack information technology systems are sophisticated and change. As a result, we or the third parties upon which we rely may not be able to address these techniques proactively or implement adequate preventative measures. If our data or information technology systems (or those of third parties upon which we rely) are compromised, we could be subject to restrictions on processing sensitive data (including personal data), negative publicity, monetary fund diversions, interruptions in our operations (including availability of data), financial loss, reputational damage, fines, penalties, damages, litigation (including class claims) and enforcement actions (for example, investigations, audits and inspections), and we could lose trade secrets, the occurrence of which could harm our business. In addition, a security incident may require notification to governmental agencies, supervisory bodies, credit reporting agencies, the media or individuals pursuant to various obligations. Such disclosures are costly, and the disclosures or the failure to comply with such requirements, could lead to material adverse impacts, including without limitation, negative publicity, a loss of customer confidence in our services or security measures or breach of contract claims. There can be no assurance that the limitations of liability in our contracts would be enforceable or adequate or would otherwise protect us from liabilities or damages if we fail to comply with obligations related to security incidents. We cannot be sure that our insurance coverage will be adequate or sufficient to protect us from or adequately mitigate liabilities or damages with respect to claims, costs, expenses, litigation, fines, penalties, business loss, data loss, regulatory actions or material adverse impacts arising out of our privacy and security practices, processing or security incidents we may experience, or that such coverage will continue to be available on commercially reasonable terms or at all. The successful assertion of one or more large claims against us that exceeds our available insurance coverage, or results in changes to our insurance policies (including premium increases or the imposition of large deductible or co-insurance requirements) could have an adverse effect on our business. In addition, we cannot be sure that our existing insurance coverage and coverage for errors and omissions will continue to be available on acceptable terms or that our insurers will not deny coverage as to any future claim.

Our operations are subject to complex and stringent environmental, health, safety and other governmental laws and regulations that both public officials and private individuals may seek to enforce. Our activities that are subject to these regulations include, among other things, our use of hazardous materials and the generation, transportation and storage of waste. We could discover that we or an acquired business is not in material compliance with these regulations. Existing laws and regulations may also be revised or reinterpreted, or new laws and regulations may become applicable to us, whether retroactively or prospectively, that may have a negative effect on our business and results of operations. It is also impossible to eliminate completely the risk of accidental environmental contamination or injury to individuals. In such an event, we could be liable for any damages that result, and any liability could exceed our resources or any applicable insurance coverage we may have, which events could adversely affect our business.

We do not carry insurance for all categories of risk that our business may encounter. Some of the policies we currently maintain include general liability, foreign liability, employee benefits liability, property, automobile, umbrella, workers' compensation, crime (including cybercrime), fiduciary, products liability, pollution, errors and omissions and directors and officers insurance. We do not know, however, if we will be able to maintain existing insurance with adequate levels of coverage. Any significant uninsured liability may require us to pay substantial amounts, which would adversely affect our cash position and results of operations.

We face significant competition in the drug discovery, life sciences research and diagnostics markets. The biopharmaceutical sector is populated with companies seeking to advance new and differentiated approaches to discovery and experimental therapeutics by way of different platform technologies or modalities with the intent for application to specific disease areas through focus on pharmacologic targets or through phenotypic approaches. In drug discovery, companies such as Accent Therapeutics, Arrakis Therapeutics, Storm Therapeutics and other discovery-stage biotechnology companies are focused in similar therapeutic areas. We currently compete with both established and early-stage life sciences research companies that design, manufacture and market instruments and consumables for gene expression analysis, liquid-based specimen analysis (e.g., plasma, blood and urine), single-cell analysis, PCR, digital PCR, other nucleic acid detection and additional applications. These companies use well-established laboratory techniques such as microarrays or qPCR as well as newer technologies such as next-generation sequencing. We believe our principal competitors in the life sciences research market are Abbott Molecular, Affymetrix, Inc., Agilent Technologies, Inc., BioRad Laboratories, Invitae, Fluidigm Corporation, Illumina, Inc., Luminex Corporation, NanoString Technologies, Inc., Personal Genome Diagnostics (acquired by Labcorp), entities owned and controlled by QIAGEN N.V., Roche Diagnostics, a division of the Roche Group of companies, and Thermo Fisher Scientific, Inc. In addition, there are several other market entrants in the process of developing novel technologies for the life sciences market. One or more of our competitors could develop a product that is superior to a product we offer or intend to offer, or our technology and products may be rendered obsolete or uneconomical by advances in existing technologies. Within the diagnostic market, there are competitors that manufacture systems for sales to hospitals and laboratories and other competitors that offer tests conducted through CLIA certified laboratories. We will also compete with commercial diagnostics companies. Most of our current competitors are either publicly traded, or are divisions of publicly traded companies, and enjoy a number of competitive advantages over us, including: - greater name and brand recognition, financial and human resources;- broader product lines;- larger sales forces and more established distributor networks;- substantial intellectual property portfolios;- larger and more established customer bases and relationships; and - better established, larger scale, and lower cost manufacturing capabilities. We believe that the principal competitive factors in all of our target markets include: - cost of capital equipment;- cost of consumables and supplies;- reputation among customers;- innovation in product offerings;- flexibility and ease-of-use;- accuracy and reproducibility of results; and - compatibility with existing laboratory processes, tools and methods. We believe that additional competitive factors specific to the diagnostics market include: - breadth of clinical decisions that can be influenced by information generated by tests;- volume, quality, and strength of clinical and analytical validation data;- availability of coverage and adequate reimbursement for testing services; and - economic benefit accrued to customers based on testing services enabled by products. Our products may not compete favorably, and we may not be successful in the face of increasing competition from new products and technologies introduced by our existing competitors or new companies entering our markets. In addition, our competitors may have or may develop products or technologies that currently or in the future will enable them to produce competitive products with greater capabilities or at lower costs than ours. Any failure to compete effectively could materially and adversely affect our business, financial condition and operating results.

Our revenue is currently derived from sales of our HTG EdgeSeq instrument and related proprietary panels, the design of custom RUO assays and sample processing for research applications to biopharmaceutical companies, academic institutions and molecular labs, predominantly in the United States and Europe. The demand for our products and services will depend in part upon the research and development budgets of these customers, which are impacted by factors beyond our control, such as: - changes in government programs that provide funding to research institutions and companies;- macroeconomic conditions and the political climate;- changes in the regulatory environment;- differences in budgetary cycles;- market-driven pressures to consolidate operations and reduce costs; and - market acceptance of relatively new technologies, such as ours. We believe that any uncertainty regarding the availability of research funding may adversely affect our operating results and may adversely affect sales to customers or potential customers that rely on government funding. In addition, academic, governmental and other research institutions that fund research and development activities may be subject to stringent budgetary constraints that could result in spending reductions, reduced allocations or budget cutbacks, which could jeopardize the ability of these customers to purchase our products or services. Our operating results may fluctuate substantially due to reductions and delays in research and development expenditures by these customers. Any decrease in our customers' budgets or expenditures, or in the size, scope or frequency of capital or operating expenditures, could materially and adversely affect our business, operating results and financial condition.

The global economy, including credit and financial markets particularly in the emerging biotech sector, has experienced extreme volatility and disruptions, including severely diminished liquidity and credit availability, declines in consumer confidence, declines in economic growth, record inflation and uncertainty about economic stability. For example, the COVID-19 pandemic resulted in widespread unemployment, economic slowdown and extreme volatility in the capital markets. Similarly, the current Russia-Ukraine conflict has resulted and may result in the future in volatility in the global capital markets and has disrupted the global supply chain and energy markets. Any such volatility and disruptions may have adverse consequences on us or the third parties on whom we rely. If the equity and credit markets deteriorate, including as a result of bank failures, political unrest or war, it may make any necessary debt or equity financing more difficult to obtain in a timely manner or on favorable terms, more costly or more dilutive.

For the three months ended March 31, 2023, approximately 51% of our revenue was generated from sales originated by customers located outside of the United States, respectively, compared with 18% for the three months ended March 31, 2022. We expect that a percentage of our future revenue will continue to come from international sources, and we expect to expand our overseas operations and develop opportunities in additional areas. Engaging in international business involves a number of difficulties and risks, including: - required compliance with existing and changing foreign regulatory requirements and laws;- required compliance with anti-bribery laws, such as the U.S. Foreign Corrupt Practices Act and U.K. Bribery Act, data privacy requirements, labor laws and anti-competition regulations;- export and import restrictions;- various reimbursement, pricing and insurance regimes;- laws and business practices favoring local companies;- longer payment cycles and difficulties in enforcing agreements and collecting receivables through certain foreign legal systems;- political and economic instability, including due to the current Russia-Ukraine conflict;- potentially adverse tax consequences, tariffs, customs charges, bureaucratic requirements and other trade barriers, including transfer pricing, value added and other tax systems, double taxation and restrictions and/or taxation on repatriation of earnings;- tariffs, customs charges, bureaucratic requirements and other trade barriers;- difficulties and costs of staffing and managing foreign operations, including difficulties and costs associated with foreign employment laws;- increased financial accounting and reporting burdens and complexities; and - difficulties protecting, procuring, or enforcing intellectual property rights, including from reduced or varied protection for intellectual property rights in some countries. As we expand internationally our results of operations and cash flows will become increasingly subject to fluctuations due to changes in foreign currency exchange rates. Historically, most of our revenue has been denominated in U.S. dollars, although we have sold our products and services in local currency outside of the United States, principally the Euro. Our expenses are generally denominated in the currencies in which our operations are located, which is primarily in the United States. As our operations in countries outside of the United States grows, our results of operations and cash flows will increasingly be subject to fluctuations due to changes in foreign currency exchange rates, which could negatively impact our results of operations in the future. For example, if the value of the U.S. dollar increases relative to foreign currencies, in the absence of an offsetting change in local currency prices, our revenue could be adversely affected as we convert revenue from local currencies to U.S. dollars. If we dedicate significant resources to our international operations and are unable to manage these risks effectively, our business, operating results and prospects will suffer. Moreover, we cannot be certain that the investment and additional resources required in establishing operations in other countries will produce desired levels of revenue or profitability. In addition, any failure to comply with applicable legal and regulatory obligations could negatively impact us in a variety of ways that include, but are not limited to, significant criminal, civil and administrative penalties, including imprisonment of individuals, fines and penalties, denial of export privileges, seizure of products and restrictions on certain business activities.