Sonic Foundry (SOFO) Risk Analysis

Our future success will continue to depend upon our ability to create an effective product development strategy, to develop new products, product enhancements and service offerings that address future and rapidly changing needs of our existing target markets and enable us to expand the market for our products and service offerings. Our success is also dependent upon our ability to respond to changing standards and practices on a timely basis, particularly as customers move away from hardware to software solutions. The success of new strategies, products, product enhancements and service offerings depend on several factors, including timely completion, quality and stability, and market acceptance. Our Mediasite brand is highly valued by the majority of our customers but faces significant competition from other products that may include features Mediasite doesn't include. Maintaining a competitive advantage has been and will likely continue to be challenging. Our fiscal 2024 business plan includes an expectation that we continue to develop and introduce new products and service offerings under our new Vidable and Global Learning Exchange brands. These offerings will likely take significant investment in key engineering, sales and management resources with little impact on fiscal 2024 revenue. While the Company believes that investment in areas where it believes there is a much greater opportunity for growth will yield significant revenue improvement in future years, there can be no assurance we will be successful due to market acceptance, correct identification of opportunity markets, speed to market, unknown competitors, stability of educational and learning needs and other relevant new product development risks. Our revenue could be adversely impacted if we do not capitalize on opportunities to develop innovative new products, product enhancements and service offerings that will increase the likelihood that our products and services will be accepted in preference to the products and services of our current and future competitors. Some of our prospective customers may delay the purchase of our products or services until certain features are completed, may require custom development of certain features as part of the purchase decision, or may condition additional payments tied to completion of such features. Prioritizing such custom features can be difficult to adapt to other customers and distracts our engineering team from implementing features required by other customers.

Our customers may use our products and services to share confidential and sensitive information, the security of which is critical to their business. Third parties may attempt to breach our security for customer hosted content or the networks of our customers. Malicious third-parties may also conduct attacks designed to temporarily deny customers access to our services. Customers may take inadequate security precautions with their sensitive information and may inadvertently make that information public. We may be liable to our customers or subject to fines for a breach in security, and any breach could harm our reputation and cause us to lose customers. In addition, customers are vulnerable to computer viruses, physical or electronic break-ins and similar disruptions, which could lead to interruptions, delays, or loss of data. We may be required to expend significant capital and other resources to further protect against security breaches or to resolve problems caused by any breach, including litigation-related expenses if we are sued.

The market for our products and services is intensely competitive, dynamic and subject to rapid technological change. The intensity of the competition and the pace of change are expected to increase in the future, and likely will require the Company to compete on price and our offerings more than in the past, which could adversely affect our business and operating results. Increased competition has reduced gross margins, has resulted in new customer losses and may result in a loss of market share, any one of which could seriously harm our business. Competitors vary in size and in the scope and breadth of the products and services offered, many of which have greater financial resources, greater name recognition, more employees and greater financial, technical, marketing, public relations and distribution resources than we have. In addition, new competitors with greater financial resources may arise through partnerships, distribution agreements, mergers, acquisitions, or other types of transactions at any time. In particular, large companies have begun to make investments in and/or partner with smaller companies to enter the lecture capture and video management markets. Various vendors provide lecture capture, enterprise webcasting or video content management capabilities, but few offer an end-to-end solution that addresses all phases of the video content lifecycle (capture, delivery, transformation, and management) in a single platform like Mediasite. Lecture capture solutions designed specifically for higher education differ in their technological approach. - Appliance- or room-based lecture capture provides a fully integrated system with complete recording automation for live or on-demand content. The automated, pre-scheduled workflow results in the greatest faculty and staff adoption and largest volumes of recorded content in the shortest amount of time. - Software-based lecture capture that resides on a podium or computer in the classroom also captures and publishes rich media content but relies on campus- or user-supplied hardware. - Desktop capture tools reside on individual users' laptops or computers allowing them to record user-generated content. Few lecture capture vendors offer a mix of all lecture capture approaches to best suit customers' needs. Most vendors, including Extron and Panopto, support only one approach to lecture capture. Likewise, a very small number of vendors provide an integrated platform like Mediasite to archive and manage video and rich media recorded with their solution. Most rely on a third-party platform, typically the institution's learning or course management system, to publish, search and secure content. Enterprise video management solutions serve as centralized media repositories that facilitate the delivery, publishing, and management of on-demand video. Unlike Mediasite, most platforms do not include a video capture, webcasting, or live streaming component, but instead ingest or import video-based content captured by other third-party devices or solutions. Also, most other platforms focus on ingesting video-only content rather than rich video which combines multiple synchronous videos and/or slide streams into an interactive media experience. Some current and potential customers develop their own home-grown lecture capture, webcasting or video content solutions which may also compete with Mediasite. However, we often find many of these organizations are now looking for a commercial solution that offers comprehensive management capabilities, requires fewer resources and internal maintenance, and delivers a less cumbersome workflow. The competitive environment has required us to make changes in our products, pricing, licensing, services, or marketing to maintain and extend our current technology. Price concessions or the emergence of other pricing, licensing, and distribution strategies or technology solutions of competitors has impacted revenue growth and may in the future further reduce our revenue, margins, or market share. Other changes we have to make in response to competition, such as our desktop user interface or changes to address privacy concerns, could cause us to expend significant financial and other resources, disrupt our operations, strain relationships with partners, release products and enhancements before they are thoroughly tested or result in customer dissatisfaction, any of which could harm our operating results and stock price.

Part of our strategic challenge is to convince enterprise customers of the stability, productivity, improved communications, cost savings, suitability and other benefits of our products and services, some of which are new or being developed. The market for content delivery solutions is very complex, includes many products and solutions that address various aspects of customer needs and as a result it is often difficult for customers and channel partners to understand how our products and services compare. Further, corporate customers may use video as a tool, but may choose to rely upon their own IT infrastructure and resources to manage their video content. Because many companies generally are predisposed to maintaining control of their IT systems and infrastructure, there may be resistance to using software as a service provided by a third party. Our future revenue and revenue growth rates will depend in large part on migrating more customers to our cloud platform, on our success in delivering products effectively, creating market acceptance for these products in existing markets that we sell into and in new markets, and meeting customer's needs for new or enhanced products. If we fail to do so, our products will not achieve widespread market acceptance, or will no longer be used by our customers, and we may not generate sufficient revenue to offset our product development and selling and marketing costs, which will adversely impact the valuation of the Company, the price of our stock, and will harm our business.

Most of our customers and potential customers are public colleges, universities, schools and other education providers who depend substantially on government funding and saw substantially increased costs and reduced tuition revenue during the COVID pandemic. Accordingly, any general decrease, delay or change in federal, state or local funding for colleges, universities, schools and other education providers could cause our current and potential customers to reduce or delay their purchases of our products and services, or to decide not to renew service contracts, either of which could cause us to lose revenues. Many of our customers were unable to renew support during the pandemic due to many of these challenges and while many are still using the product and we expect they will renew support in the coming fiscal year, there can be assurances that will happen. In addition, a specific reduction in governmental funding support for products such as ours would also cause us to lose revenues. Unfavorable economic conditions may result in further budget cuts and lead to lower overall spending, including information technology spending, by our current and potential clients, which may cause our revenues to decrease.

Regulation related to the provision of services on the Internet is increasing, as federal, state, and foreign governments continue to adopt new laws and regulations addressing data privacy and the collection, processing, storage and use of personal information, including health data. In some cases, foreign data privacy laws and regulations, such as the European Union's General Data Protection Regulation that was enacted in May 2018, and an amended Act on the Protection of Personal Information in Japan, impose new obligations directly on us both as a data controller and a data processor, as well as on many of our customers. These new laws may require us to make changes to our services and/or our customers to meet the new legal requirements and may also increase our potential liability exposure through higher potential penalties for non-compliance. Further, laws such as the European Union's proposed e-Privacy Regulation are increasingly aimed at the use of personal information for marketing purposes, and the tracking of individuals' online activities. These new or proposed laws and regulations are subject to differing interpretations and may be inconsistent among jurisdictions. These and other requirements could reduce demand for our services, require us to take on more onerous obligations in our contracts, restrict our ability to store, transfer and process data or, in some cases, impact our ability to offer our services in certain locations or our customers' ability to deploy our solutions globally. For example, ongoing legal challenges in Europe to the mechanisms allowing companies to transfer personal data from the European Economic Area to the United States could result in further limitations on the ability to transfer data across borders, particularly if governments are unable or unwilling to reach new or maintain existing agreements that support cross-border data transfers, such as the EU-U.S. and Swiss-U.S. Privacy Shield framework. Additionally, certain countries have passed or are considering passing laws requiring local data residency. In addition, domestic data privacy laws, such as the California Consumer Privacy Act ("CCPA"), which took effect in January 2020, continue to evolve and could expose us to further regulatory burdens. Further, laws such as the European Union's proposed e-Privacy Regulation are increasingly aimed at the use of personal information for marketing purposes, and the tracking of individuals' online activities. The costs of compliance with, and other burdens imposed by, privacy laws, regulations and standards may limit the use and adoption of our services, reduce overall demand for our services, make it more difficult to meet expectations from or commitments to customers, lead to significant fines, penalties, or liabilities for noncompliance, or slow the pace at which we close sales transactions, any of which could harm our business. We likely will need to acquire software and hardware in order to enhance our ability to defend and to detect intrusions to our network infrastructure, hire additional personnel experienced in data security and may need to seek certifications we currently do not have such as SOC2, ISO 27001 or both. These enhancements will be expensive and require significant staff time to deploy and develop. These risks are mitigated, to the extent possible, by our ability to maintain and improve business and data governance policies, enhanced processes, and internal security controls, including our ability to escalate and respond to known and potential risks. Our executive management are regularly briefed on our cyber-security policies and practices and ongoing efforts to improve security, as well as periodic updates on cyber-security events. In addition, we update our Audit Committee at least annually regarding our processes for evaluating and mitigating risks including cyber related risks. Although we have developed systems and processes designed to protect our customers' and our customers' customers' proprietary and other sensitive data, we can provide no assurances that such measures will be effective. In addition to government activity, privacy advocacy and other industry groups have established, or may establish, new self-regulatory standards that may place additional burdens on us. Many of our customers in the European Union face increasingly complex procurement requirements that have delayed some projects and caused us not to be successful in winning other opportunities. If we are unable to maintain these certifications or meet these standards, it could adversely affect our ability to provide our solutions to certain customers and could harm our business. Our customers and potential customers do business in a variety of industries, including financial services, the public sector, healthcare and telecommunications. Regulators in certain industries have adopted and may in the future adopt regulations or interpretive positions regarding the use of cloud computing and other outsourced services. The costs of compliance with, and other burdens imposed by, industry-specific laws, regulations and interpretive positions may limit customers' use and adoption of our services and reduce overall demand for our services. The costs of compliance with, and other burdens imposed by laws, regulations and standards, may limit the use and adoption of our service and reduce overall demand for it, or lead to significant fines, penalties or liabilities for any noncompliance. Furthermore, concerns regarding data privacy may cause the users of our customers' data to resist providing the data necessary to allow our customers to use our service effectively. Even the perception that the privacy of personal information is not satisfactorily protected or does not meet regulatory requirements could inhibit sales of our products or services and could limit adoption of our cloud-based solutions.

We subcontract the manufacturing of our recorders to a third-party contract manufacturer. Although we believe there are multiple sources of supply from other contract manufacturers, as well as multiple suppliers of component parts required by our contract manufacturer, there have been recent periods of global shortages of most component parts. The inability to get parts or completed systems required to satisfy customer demand would have a material negative impact on our revenues. Likewise, we are susceptible to any material change in terms, such as pricing, level of services performed or changes to payment terms by our contract manufacturer. In particular, the cost of our products increased as a result of increased tariffs, an imbalance between supply and demand, inflation and challenges finding sources of distribution. Many component parts currently have long delivery lead times or cease production of certain components with limited notice in which to evaluate or obtain alternate supply, requiring conservative estimation of production requirements. Lengthening lead times, product design changes and other third-party manufacturing disruptions have caused delays in delivery in the past and will likely continue to occur. We have a past due balance with our subcontract manufacturer which has resulted in finance charges, reduced service and has strained relationships. In order to compensate for supply delays, we have sourced components from increased order lead-time from approximately three months to fifteen months, shopped other offshore locations, used cross component parts, paid significantly higher prices or premium fees to expedite delivery for short supply components, produced alternate versions and converted inventory from one version to another. We have typically maintained greater amounts of inventory as insurance against delays. Our inventory levels at September 30, 2023 were $1.9 million compared to $1.5 million at September 30, 2022. Many of these strategies have increased our costs or require substantial resources to maintain and may not be sufficient to ensure against a product shortage. We depend on our subcontract manufacturer to produce our products efficiently while maintaining high levels of quality despite frequent changes in configuration and scheduling imposed by us. Any manufacturing or component defects, delay in production or changes in product features will likely cause customer dissatisfaction and may harm our reputation. Moreover, any incapacitation of the manufacturing site due to destruction, natural disaster or similar events could result in a loss of product inventory. As a result of any of the foregoing, we may not be able to meet demand for our products, which could negatively affect revenues in the quarter of the disruption or longer depending upon the magnitude of the event, and could harm our reputation.

Our future success depends upon the continued service of our key management, technical, sales and other critical personnel, including our Chief Executive Officer. Most of our officers and other key personnel are employees-at-will, and we cannot assure that we will be able to retain them. Key personnel have left our Company in the past, sometimes to accept employment with companies that sell similar products or services to existing or potential customers of ours. The technology industry is subject to substantial and continuous competition for engineers with high levels of experience in designing, developing, and managing software and Internet-related services, as well as competition for sales and operations personnel. There will likely be additional departures of key personnel from time to time in the future and such departures could result in additional competition, loss of institutional knowledge, reduced capacity to execute our business, loss of customers or confusion in the marketplace. As we seek to replace such departures, or expand our business, the hiring of qualified sales, technical and support personnel is difficult due to the limited number of qualified professionals and may be impossible to do in a timely manner. Training of new sales, technical and support personnel can take six months or longer before they become productive. Sales and technical strategies have changed and will likely change further in the future and require different skills to sell to different customer types and develop new and changing products. The loss of any key employee could result in significant disruptions to our operations, including adversely affecting the timeliness of product releases, the successful implementation and completion of Company initiatives and the results of our operations. In addition, we do not have life insurance policies on any of our key employees. If we lose the services of any of our key employees, the integration of replacement personnel could be time-consuming, potentially causing disruptions to our operations and may be unsuccessful.

We need to provide value-added services in order to avoid being viewed as a commodity supplier, which could adversely impact the valuation of the Company, and the price of our stock. This entails building long-term customer relationships and developing features that will distinguish our products. Our technology is complex and is often confused with other products and technologies in the marketplace, including video conferencing, streaming and collaboration. We have developed lower cost hardware, software products and cloud solutions to better address the more cost-conscious customers. Such products have more limited features compared to our existing products. While we believe we can preserve the market for our full-featured products due to differentiation between the two and migration to full featured products, release of lower cost products has and could continue to reduce gross margins and demand for products sold at higher prices, which could further adversely affect our business and operating results. Potential large-scale deployments of our products often include the lower cost products we sell, putting greater pressure on gross margin due to expectations for greater volume discounts. Our video solutions business pursued a greater percentage of virtual events during the onset of COVID restrictions. Some attendees and companies are less likely to attend virtual events which negatively impacted the number of events held yet increased per event revenue. Now that COVID restrictions have lapsed, some events have migrated back to in-person but at much lower levels than pre COVID, resulting in a lesser number of events without enhanced services associated with virtual events. If we fail to build long-term customer relationships, develop features that distinguish our products in the marketplace and address the market for lower function and cost solutions, our margins will shrink, and our stock may be adversely impacted.

International product and service billings represented 29% and 25% of the Company's total billings in 2022 and 2023, respectively, and are expected to continue to account for a significant portion of our business in the future. International sales are subject to a variety of risks, including: - Difficulties in establishing and managing international subsidiaries, distribution channels and operations;- Difficulties in selling, servicing, and supporting overseas products, translating products into foreign languages and compliance with local hardware requirements;- Restrictions related to COVID on traveling to support our international customers.   - Difficulties in managing the demands of large international deployments, many of which distract key sales personnel from opportunities in other parts of the world;- Challenges associated with management transition;- Challenges related to language or cultural differences;- The uncertainty of laws and enforcement in certain countries, such as China, relating to the protection of intellectual property or requirements for product certification, protection of personal data or other restrictions;- Competitive pressure impacting other parts of the world;- Multiple and possibly overlapping tax structures;- Currency and exchange rate fluctuations and imposition of tariffs or quotas;- Difficulties in collecting accounts receivable in foreign countries, including complexities in documenting letters of credit;- Economic or political changes in international markets;- Restrictions on access to the Internet; and - Difficulty in complying with international employment related requirements.