TechTarget, Inc. (TTGT) Risk Analysis

Our industry is rapidly adopting new technologies and standards to create and satisfy the demands of users and advertisers. It is critical that we continue to innovate by anticipating and adapting to these changes to ensure that our content-delivery, demand generation and data-driven products and services remain effective and interesting to our members, customers and partners. In addition, we may need to make significant expenditures to achieve these goals. If we fail to accomplish these goals, we may lose members and the customers that seek to reach those members, which could harm our operating results. Existing and planned efforts to develop new products, including any subscription-based offerings, may be costly and ultimately not successful.

Our success and ability to compete are dependent in part on the strength of our proprietary rights, on the goodwill associated with our trademarks, trade names and service marks, and on our ability to use U.S. and foreign laws to protect them. Our intellectual property includes, among other things, our original content, our editorial features, logos, brands, domain names, the technology that we use to deliver our services, the various databases of information that we maintain and make available by license, and the appearances of our websites. We claim common law protection on certain names and marks that we have used in connection with our business activities. Although we have applied for and obtained registration of some of our marks in the U.S. and other countries where we do business, we have not been able to obtain registration of all of our key marks in certain non-U.S. jurisdictions due to prior registration or use by third parties employing similar marks. In addition to U.S. and foreign laws and registration processes, we rely on confidentiality agreements with our employees and third parties and other protective contractual provisions to safeguard our intellectual property. Policing our intellectual property rights and identifying infringers worldwide is a difficult task, and even if we are able to identify infringers, we may not be able to stop them from infringing our intellectual property. We cannot be certain that third party licensees of our content will adequately protect our proprietary rights. Intellectual property laws and our agreements may not be sufficient to prevent others from copying or otherwise obtaining and using our content or technologies. In addition, others may develop non-infringing technologies that are similar or superior to ours. In seeking to protect our marks, copyrights, domain names and other proprietary rights, we could face costly litigation and the diversion of our management's attention and resources. Furthermore, the relationship between regulations governing domain names and laws protecting trademarks and similar proprietary rights is still evolving. Therefore, we might be unable to prevent third parties from acquiring domain names that infringe or otherwise decrease the value of our trademarks and other proprietary rights. Any impairment in the value of these important assets could cause our stock price to decline.

We currently retain personal, confidential, and/or proprietary information relating to our members and users, employees, and customers in secure database servers. Our industry is prone to cyber-attacks by third parties seeking access to our data or data we have collected from website visitors and members, or to disrupt our ability to provide service. We have experienced and will continue to experience cyber-attacks targeting our database servers and information systems. Cyber-attacks may involve viruses, malware, ransomware, distributed denial-of-service attacks, phishing or other forms of social engineering (predominantly spear phishing attacks), and other methods seeking to gain unlawful access. We may not be able to prevent unauthorized access to these secure database servers and information systems as a result of these third party actions, including intentional misconduct by criminal organizations and hackers or as a result of employee error, malfeasance or otherwise. A security breach could result in intentional malfunctions or loss or corruption of data, software, hardware or other computer equipment, the misappropriation of personal, confidential and/or proprietary information, disruptions in our service, and in the unauthorized access to our customers' data or our data, including intellectual property, business opportunity, and other confidential business information. Additionally, third parties may attempt to fraudulently induce our employees, vendors, or customers into disclosing access credentials such as usernames, passwords or keys in order to gain access to our database servers and information systems. Our online networks could also be affected by cyber-attacks, and we could inadvertently transmit viruses across our networks to our members or other third parties. Cyber-attacks continue to evolve in sophistication and volume, and inherently may be difficult to detect for long periods of time. Although we have developed systems and processes that are designed to protect our data and user data, to prevent data loss, to disable undesirable accounts and activities on our platform, and to prevent or detect security breaches, we cannot assure that such measures will provide absolute security, and we may incur significant costs in protecting against or remediating cyber-attacks. Providing unimpeded access to our online networks is critical to engaging with our website visitors and members and providing superior service to our customers. Our inability to provide continuous access to our online networks could cause some of our customers to discontinue purchasing marketing and advertising programs and services and/or prevent or deter our members from accessing our networks. We may be required to expend significant capital and other resources to protect against cyber-attacks. We cannot assure that any contractual provisions attempting to limit our liability in these areas will be successful or enforceable, or that our customers or other parties will accept such contractual provisions as part of our agreements. Many states and foreign jurisdictions in which we operate have enacted laws and regulations that require us to notify members, website visitors, customers and, in some cases, governmental authorities and credit bureaus, in the event that certain personal information is accessed, or believed to have been accessed, without authorization. Certain regulations also require proscriptive policies to protect against such unauthorized access. Additionally, increasing regulatory demands are requiring us to provide heightened protection of personal information to prevent identity theft and the disclosure of sensitive information. Should we experience a loss of personal, confidential, and/or proprietary information, then efforts to regain compliance and address penalties imposed by contractual provisions or governmental authorities could increase our costs significantly. If we were to experience a significant cybersecurity breach of our information systems or data, the costs associated with the investigation, remediation and potential notification of the breach to counterparties and data subjects could be material, in addition to potential costs related to regulatory investigations in the United States or other countries. In addition, our remediation efforts may not be successful. If we do not allocate and effectively manage the resources necessary to build and sustain the proper technology and cybersecurity infrastructure, we could suffer significant business disruption, including transaction errors, supply chain or manufacturing interruptions, processing inefficiencies, data loss or the loss of or damage to intellectual property or other proprietary information. In addition to the foregoing, any breach of privacy laws or data security laws, particularly resulting in a significant security incident or breach involving the misappropriation, loss or other unauthorized use or disclosure of sensitive or confidential consumer information, could have a material adverse effect on our business, reputation and financial condition. There is no assurance that privacy and security-related safeguards we implement will protect us from all risks associated with the processing (by us or our service providers), storage and transmission of such information. In certain situations, both in the United States and in other countries, we also may be obligated as a result of a security breach to notify individuals and/or government entities about these breaches.

We compete for potential customers with a number of different types of offerings and companies, including: broad based media outlets such as television, newspapers and business periodicals that are designed to reach a wide audience; general purpose portals and search engines; and offline and online offerings of media companies that produce content specifically for IT and business professionals, including Ziff Davis, Inc. (formerly J2 Global, Inc.), Madison Logic, Inc., and Foundry (formerly IDG Communications), providers of predictive analytics and internet-based analysis including companies like 6sense Insights, Inc., Infer, Inc., Bombora, Inc. and Aberdeen Group, LLC , contact providers such as ZoomInfo Technologies Inc., as well as webinar providers such as LogMeIn, Inc., Intrado Corporation and ON24, Inc. Customers may choose our competitors over us not only because they prefer our competitors' online offerings to ours but also because customers prefer to utilize other forms of marketing and advertising services offered by our competitors that are not offered by us and/or to diversify their marketing and advertising expenditures. Many of our current and potential competitors have longer operating histories, larger customer bases, greater brand recognition and significantly greater financial, marketing and other resources than we have. They may also offer different pricing than we do, which could be more attractive to customers. Competitors have historically responded, and may continue to respond, to market conditions by lowering prices to try to attract our customers. As a result, we could lose market share to our competitors in one or more of our businesses and our revenues could decline.

Building and maintaining recognition of our brands is critical to attracting and retaining our member base. We intend to continue to build existing brands and introduce new brands that will resonate with our targeted audiences. In order to promote our brands, we may find it necessary to increase our marketing budget, hire additional marketing and public relations personnel or otherwise increase our financial commitment to creating and maintaining brand loyalty among our customers. If we fail to promote and maintain our brands effectively, or incur excessive expenses attempting to promote and maintain our brands, our business and financial results may suffer.

We use e-mail as a significant means of communicating with our members. The laws and regulations governing the use of e-mail for marketing purposes continues to evolve, and the growth and development of the market for commerce over the internet may lead to the adoption of additional legislation and/or changes to existing laws. If new laws or regulations are adopted, or existing laws and regulations are interpreted and/or amended or modified to impose additional restrictions on our ability to send e-mail to our members or potential members, we may not be able to communicate with them in a cost-effective manner. In addition to legal restrictions on the use of e-mail, internet service providers and others typically attempt to block the transmission of unsolicited e-mail, commonly known as "spam." If an internet service provider or software program identifies e-mail from us as "spam," we could be placed on a restricted list that would block our e-mail to members or potential members who maintain e-mail accounts with these internet service providers or who use these software programs. If we are unable to communicate by e-mail with our members and potential members as a result of legislation, blockage or otherwise, our business, operating results and financial condition could be harmed. We collect information from those who visit or register as members or users on our websites or webinar platform, co-branded sites, or for services, respond to surveys or, in some cases, view our content. Subject to each member's permission (or right to decline, which we refer to as an "opt-out", a practice that may differ across our various websites and platforms, depending on the applicable needs and requirements of different countries' laws), we may use this information to inform our members and users of services that they have indicated may be of interest to them. We may also share this information with our customers for members and users who have elected to receive additional promotional materials and have expressly or implicitly granted us permission to share their information with third parties. We also collect information on our members and users based on their activity on our sites. The U.S. federal government and certain states have adopted or proposed limitations on the collection, distribution and use of personal information of internet users. Although, to date, our efforts to comply with applicable international, federal and state laws and regulations have not hurt our business, additional, more burdensome laws or regulations, including more restrictive consumer privacy and data security laws, could be enacted or applied to us or our customers. Such laws or regulations could impair our ability to collect member and user information that helps us to provide more targeted content to our website visitors, platform users, members and users and detailed lead data to our customers, thereby impairing our ability to maintain and grow our audience and maximize revenue from our customers. Additionally, the FTC and many state attorneys general are applying federal and state consumer protection laws to require that the online collection, use and dissemination of data, and the presentation of website content, comply with certain standards for notice, choice, security and access. Courts may also adopt these developing standards. In many cases, the specific limitations imposed by these standards are subject to interpretation by courts and other governmental authorities. A few states have also introduced legislation that, if enacted, would restrict or prohibit behavioral marketing and advertising within the state. In the absence of a federal law pre-empting their enforcement, such state legislation would likely have the practical effect of regulating behavioral marketing and advertising nationwide because of the difficulties behind implementing state-specific policies or sending targeted advertising to individuals based on their perceived commercial interests. In the event of additional legislation in this area, our ability to effectively target our website visitors and members may be limited. We believe that we are in compliance with applicable consumer protection laws, but a determination by a state or federal agency or court that any of our practices do not meet these laws and regulations could create liability to us, result in adverse publicity and negatively affect our businesses. New interpretations of these standards could also require us to incur additional costs and restrict our business operations. Overall privacy laws also are expanding in ways that may impact our business. In addition, there are new privacy laws that may impact our business operations. For example, the state of California has adopted a new comprehensive privacy law, the California Consumer Privacy Act ("CCPA"), which took effect in January 2020 and became enforceable in July 2020. Moreover, in November 2020, California voters approved a new privacy law, the California Privacy Rights Act ("CPRA"), which amends the CCPA to create new privacy rights and obligations in California. In addition, other states, including Virginia, Colorado, Connecticut and Utah, already have passed state privacy laws. Several other states are also considering bills similar to the CCPA or other generally applicable privacy laws that may impose additional costs and obligations on us and may impact our ability to conduct our business. States also are reviewing other categories of privacy laws, addressing certain practices (such as marketing), collection of certain data (e.g., biometrics or children's data) or otherwise addressing privacy concerns in various ways. These laws may impact our business activities, including our identification of research subjects, relationships with business partners and ultimately the marketing and distribution of our products. We may be required to devote substantial resources to implement and maintain compliance with the CCPA, and noncompliance with these laws could result in regulatory investigations and fines or private litigation. Furthermore, the U.S. Congress also is considering comprehensive privacy legislation. At this time, it is unclear whether Congress will pass such a law and if so, when and what it will require and prohibit. There are open questions as to whether a federal law will supplement or pre-empt these emerging state laws, as well as how this potential law will impact the requirements of existing US laws related to personal data, including CAN-SPAM and TCPA. Moreover, it is not clear whether any such legislation would give the Federal Trade Commission ("FTC") any new authority to impose civil penalties for violations of the Federal Trade Commission Act in the first instance, whether Congress will grant the FTC rulemaking authority over privacy and information security, or whether Congress will vest some or all privacy and data security regulatory authority and enforcement power in a new agency, akin to EU data protection authorities. In addition, there are laws in a growing number of countries around the world that may impact our business. The regulatory framework for the collection, use, safeguarding, sharing, transfer and other processing of information worldwide is rapidly evolving and is likely to remain uncertain for the foreseeable future. Globally, virtually every jurisdiction in which we operate has established its own data security and privacy frameworks with which we must comply, with additional laws and amendments being passed on a regular basis. The EU and its member states, the United Kingdom, Canada and several other countries and certain states, such as California have regulations dealing with the collection and use of personal information obtained from their citizens. Other countries are considering laws as well. Regulations in these jurisdictions have focused on the collection, processing, transfer, use, disclosure and security of information that may be used to identify or that actually identifies an individual, such as a name, e-mail address or online identifier (such as an IP address in certain cases). These laws also provide consumers the right to access the information a company has collected on them, correct it, request that it be deleted, or to stop the sale of such information to third parties. The General Data Protection Regulation ("GDPR") of the European Union became effective in May 2018 and was designed to, among other things, harmonize disparate data privacy laws found across Europe. GDPR implemented more rigorous principles relating to the data privacy and data protection, including, among other things, enhanced disclosure requirements regarding how personal information is obtained, used, and shared, limitations on the purpose and storage of personal information, mandatory data breach notification requirements and enhanced standards for data controllers to demonstrate that they have obtained valid consent for certain data processing activities. Its application and scope are extensive and penalties for non-compliance are significant, including fines of up to 20 million Euros or 4% of total worldwide revenue. In the event the Company is deemed not in compliance with GDPR, or fails to maintain compliance, then the Company would be exposed to material damages, costs and/or fines if an EU regulator or EU resident commenced an action. Failure to comply or maintain compliance could cause considerable harm to us and our reputation (including requiring notification to customers, regulators, and/or members), cause a loss of confidence in our services, and deter current and potential customers from using our services. Further, the European Union also is considering proposals for the Regulation on Privacy and Electronic Communications ("ePrivacy Regulation") which will replace the ePrivacy Directive and is intended to align with the overall EU data privacy and protection framework, including GDPR. The ePrivacy Regulation could disrupt the Company's ability to use or transfer data or to market and sell its products and services, which could have a material adverse effect on our business, financial condition, and operating results. Our customers may implement compliance measures that do not align with our services, which could limit the scope and delivery of services we are able to provide. Our customers may also require us to take on additional privacy and security or other contractual obligations including, but not limited to, indemnification and liability obligations, which may cause us to incur potential business disruption and expense. If our policies and practices, or those of our customers, are, or are perceived to be, insufficient or if our members, website visitors or customers have concerns regarding our data privacy and data protection practices, particularly with respect to GDPR or the pending ePrivacy Regulation, then we could be subject to enforcement actions or investigations by regulators or lawsuits by private parties, member engagement could decline and our business could be negatively impacted. In addition, there are new and evolving requirements being imposed on the transfer of personal data from other countries to the United States, particularly transfers from the European Union. For certain data transfers and processing activities between the EU and the U.S., our company had relied in part on Court of Justice of the European Union the EU-U.S. Privacy Shield Framework ("the EU Privacy Shield"). The Company self-certified to the EU Privacy Shield and Swiss Privacy Shield most recently on February 23, 2021. On July 16, 2020, however, the Court of Justice of the European Union ("CJEU") invalidated the EU Privacy Shield. The CJEU upheld the adequacy of EU Standard Contractual Clauses ("SCCs") issued by the European Commission for the transfer of personal data to data processors established outside of the EU, however, the court made clear that reliance on SCCs alone may not necessarily be sufficient in all circumstances and that their use must be assessed on a case-by-case basis taking into account the surveillance laws and right of individuals in the destination country. The CJEU's decision took effect immediately. The Company uses several mechanisms to transfer personal data from the EU to the U.S. (including having previously relied on the EU Privacy Shield) and are evaluating what additional mechanisms may be required to establish adequate safeguards for the further transfer of personal data. If supervisory authorities issue guidance on transfer mechanisms, including circumstances where the SCCs cannot be used and/or start taking enforcement action, we could suffer additional costs, complaints, and/or regulatory investigations or fines. Moreover, if we are otherwise unable to transfer personal data between and among countries and regions in which we operate, it could affect the manner in which we provide our services and could adversely affect our financial results. This CJEU decision and subsequent actions from Data Protection Agencies in the EU may lead to increased scrutiny on data transfers from the EU to the U.S. generally and increase our costs of compliance with data privacy legislation as well as our costs of negotiating appropriate privacy and security agreements with our vendors and business partners. In order to continue receiving personal data from the United Kingdom following Brexit, the Company may be required to meet standards for cross-border transfer imposed by the UK itself. As with other issues related to Brexit, there are open questions about how personal data will be protected in the UK and whether personal information can transfer from the EU to the UK. Following the withdrawal of the U.K. from the EU, the U.K. Data Protection Act 2018 applies to the processing of personal data that takes place in the U.K. and includes parallel obligations to those set forth by GDPR. While the Data Protection Act of 2018 in the United Kingdom that "implements" and complements the European Union General Data Protection Regulation, or GDPR, has achieved Royal Assent on May 23, 2018 and is now effective in the United Kingdom, it is still unclear whether transfer of data from the European Economic Area, or EEA, to the United Kingdom will remain lawful under GDPR. The United Kingdom government has already determined that it considers all European Union and EEA member states to be adequate for the purposes of data protection, ensuring that data flows from the United Kingdom to the European Union/EEA remain unaffected. In addition, a recent decision from the European Commission appears to deem the UK as being "essentially adequate" for purposes of data transfer from the EU to the UK, although this decision may be re-evaluated in the future. Our digital properties collect and use data about our website visitors', platform users and members' online behavior, and the revenue associated with this activity could be impacted by government regulation and enforcement, industry trends, self-regulation, technology changes, consumer behavior and attitude, and private action. We also use such information to call website visitors and members who have provided their telephone numbers to be enrolled as a member or user (for free). Our partners may then follow-up to try to sell products or services to such individuals. We also work with our partners to deliver targeted advertisements based on members, user, and website visitors' perceived commercial interests. Many of our users voluntarily provide us with contact and other information when they visit our websites. We may utilize data from third party sources to augment our user profiles and marketing databases so we are better able to personalize content, enhance our analytical capabilities, better target our marketing programs, and better qualify leads for our partners. If changes in user sentiment regarding the sharing of information results in a significant number of visitors to our websites refusing to provide us with contact and other information, our ability to personalize content for our users and provide targeted marketing solutions for our partners would be impaired. If our users choose to opt-out of having their data used for behavioral targeting, it would be more difficult for us to offer targeted marketing programs for our partners. If we are unable to acquire data from third party sources for whatever reason, or if there is a marked increase in the cost of obtaining such data, our ability to personalize content and provide marketing solutions could be negatively impacted. The use of such consumer data by online service providers and advertising networks is a topic of active interest among federal, state, and international regulatory bodies, as well as self-regulatory organizations, and the regulatory environment is unsettled. Federal, state, and international laws and regulations govern the collection, use, retention, disclosure, sharing and security of data that we receive from and about our website visitors and members through cookies and other similar technologies. Our privacy policies and practices concerning the collection, use, and disclosure of user data are posted on our websites. There are new and expanding proposals for laws and regulations regarding "Do Not Track" requirements that protect users' right to choose whether or not to be tracked online. These proposals seek, among other things, to allow consumers to have greater control over the use of private information collected online, to forbid the collection or use of online information, to demand a business to comply with their choice to opt out of such collection or use, and to place limits upon the disclosure of information to third party websites. Any such laws and regulations could have a significant impact on the operation of our advertising and data businesses. U.S. regulatory agencies have also placed an increased focus on online privacy matters and, in particular, on online advertising activities that utilize cookies or other tracking tools. Consumer and industry groups have expressed concerns about online data collection and use by companies, which has resulted in the release of various industry self-regulatory codes of conduct and best practice guidelines that are binding for member companies engaged in online behavioral advertising ("OBA") and similar activities. These codes of conduct and best practice guidelines govern, among other things, the ways in which companies can collect, use and disclose user information for OBA purposes, how companies must give notice of these practices, and what choices companies must provide to consumers regarding these practices. We may be required or otherwise choose to adopt Do Not Track mechanisms, and we may be required to abide by certain self-regulatory principles promulgated by the Digital Advertising Alliance and others for OBA and similar activities, in which case our ability to use our existing tracking technologies, to collect and sell user behavioral data, and permit their use by other third parties could be impaired. This could cause our net revenues to decline and adversely affect our operating results. The Federal Trade Commission and state Attorneys General all are aggressive in reviewing privacy and data security protections for consumers. New laws also are being considered at both the state and federal levels. Accordingly, failure to comply with federal and state laws (both those currently in effect and future legislation) regarding privacy and security of personal information could expose us to fines and penalties under such laws. There also is the threat of consumer class actions related to these laws and the overall protection of personal data. Even if we are not determined to have violated these laws, government investigations into these issues typically require the expenditure of significant resources and generate negative publicity, which could harm our reputation and our business. We believe that we are in material compliance with all laws, regulations and self-regulatory regimes that are applicable to us. However, as referenced above, these laws, regulations, and self-regulatory regimes may be modified, and new laws may be enacted in the future that may apply to us and affect our business. Further, data protection authorities may interpret existing laws in new ways. We may deploy new products and services from time to time, which may also require us to change our compliance practices. Any such developments (or developments stemming from enactment or modification of other laws) or the failure to anticipate accurately the application or interpretation of these laws could create liability for us, result in adverse publicity, increase our future compliance costs, make our products and services less attractive to our members and customers, or cause us to change or limit our business practices, and materially affect our business and operating results. Further, any failure on our part to comply with any relevant laws or regulations may subject us to significant civil, criminal or contractual liabilities.

We could be subject to infringement claims from third parties, which may or may not have merit. Due to the nature of content published on our online network, including content placed on our online network by third parties, and as a creator and distributor of original content and research, we face potential liability based on a variety of theories, including defamation, libel, negligence, copyright or trademark infringement, or other legal theories based on the nature, creation or distribution of this information. Such claims may also include, among others, claims that by providing hypertext links to websites operated by third parties, we are liable for wrongful actions by those third parties through these websites. Similar claims have been brought, and sometimes successfully asserted, against online services. It is also possible that our members could make claims against us for losses incurred in reliance on information provided on our networks. In addition, we could be exposed to liability in connection with material posted to our internet sites by third parties. For example, many of our sites offer members an opportunity to post comments and opinions that are not moderated. Some of this member-generated content may infringe on third party intellectual property rights or privacy rights or may otherwise be subject to challenge under copyright laws. Such claims, whether brought in the U.S. or abroad, could divert management time and attention away from our business and result in significant cost to investigate and defend, regardless of the merit of these claims. In addition, if we become subject to these types of claims and are not successful in our defense, we may be forced to pay substantial damages. These claims could also result in the need to develop alternative trademarks, content or technology or to enter into costly royalty or licensing agreements. Our insurance may not adequately protect us against these claims. The filing of these claims may also damage our reputation as a high-quality provider of unbiased, timely analysis and result in customer cancellations or overall decreased demand for our services. We may not have, in all cases, conducted formal evaluations of our content, technology and services to determine whether they expose us to any liability of the sort described above. As a result, we cannot be certain that our technology, offerings, services or online content do not or will not infringe upon the intellectual property or other rights of third parties. If we were found to have infringed on a third party's intellectual property rights or otherwise found liable for damages as a result of such claims, the value of our brands and our business reputation could be impaired, and our business could suffer.

Our customer contracts are primarily short-term, typically six months or less, and are generally subject to termination without substantial penalty by the customer at any time, generally with minimal notice requirements. We cannot assure you that our current customers will fulfill their obligations under their existing contracts, continue to participate in our existing programs beyond the terms of their existing contracts or enter into any additional contracts for new programs that we offer. In addition, our ongoing efforts to enter into longer-term contracts with customers for our products and services may not continue to be successful, particularly in light of current macroeconomic conditions. If a significant number of customers or a few large customers decided not to continue purchasing marketing and advertising services from us, then we could experience a rapid decline in our revenues over a relatively short period of time. Any factors that limit the amount our customers are willing to and do spend on marketing or advertising with us could have a material adverse effect on our business.

The U.S. and international economies have experienced inconsistent, unpredictable growth and a certain degree of instability, magnified at times by factors including changes in the availability of credit, inflation, volatile business and consumer confidence, unemployment, responses to public health crisis, including pandemics like COVID-19 and epidemics and geopolitical unrest, including from the impacts of the Russian invasion of Ukraine and its global ramifications. These and other macro-economic conditions have contributed to unpredictable changes in the global economy and expectations of future global economic growth. Additionally, economic weakness in the U.S. and international markets has adversely affected our customers and their spending decisions, causing them to reduce or delay their purchases of our offerings, which has adversely affected and may continue to affect our business. Because all components of our budgeting and forecasting are dependent upon estimates of growth or contraction in the economy generally, and in the IT market specifically, it can be difficult for us to accurately estimate future income and expenditures. We cannot predict the duration of current economic conditions or the duration or strength of an economic recovery in the U.S. or worldwide generally or in the IT industry or in any of its segments. Further adverse changes may occur as a result of global, domestic or regional economic conditions, changing consumer and customer confidence, inflation, unemployment, tariffs, declines in stock markets, or other factors affecting economic and geopolitical conditions generally. These macro-economic conditions may also result in increased expenses due to higher allowances for doubtful accounts and potential goodwill and asset impairment charges and may make it more difficult for us to make accurate forecasts of revenue, gross margin, cash flows and expenses. We recognize that these challenging macro-economic conditions have and may continue to negatively affect the sales of our offerings, both in the U.S. and internationally, and could increase exposure to losses from bad debts, increase the cost and decrease the availability of financing, or increase the risk of loss on investments. The impact in the future of these macro-economic conditions on our business, results of operations, financial condition and/or liquidity is uncertain and will depend on future developments that we may not be able to accurately predict.

The Company derives a significant portion of its revenues from customers with billing addresses outside of the U.S. For the year ended December 31, 2022 approximately 36% of our revenues were derived from international geo-targeted campaigns, which are campaigns that are targeted at members who reside outside of North America. We have offices in the United Kingdom, France, Germany, Singapore and Australia. We also publish websites in Spanish, French, German, Portuguese and Chinese, targeting members worldwide who speak those languages. In addition to many of the same challenges we face domestically, there are additional risks and costs to doing business in international markets, including: - limitations on our activities in foreign countries where we have granted rights to existing business partners;- the degree to which our foreign-based customers transition from print to online purchase intent data;- the adaptation of our websites and purchase intent data programs to meet local needs;- our foreign-based competitors having greater resources and more established relationships with local advertisers;- more restrictive data privacy and data protection regulation, which may vary by country and for which there may be little, conflicting or no guidance;- more restrictive website licensing and hosting requirements, which may result in our websites being blocked, may require changes to how we operate our websites, or may involve regulatory or enforcement actions against us that could be harmful to our business;- more extensive labor regulation, which may vary by country;- difficulties in staffing and managing multinational operations;- difficulties in finding appropriate foreign licensees or joint venture partners;- difficulties following changes in local business operations or structure;- distance, language and cultural differences in doing business with foreign entities;- foreign (and domestic) political and economic uncertainty;- less extensive adoption of the internet as an information source and increased restriction on the content of websites;- currency exchange-rate fluctuations; and - potential adverse tax requirements. Brexit. The United Kingdom's June 2016 referendum, in which voters approved an exit of the United Kingdom from the European Union, commonly referred to as "Brexit," resulted in significant general economic uncertainty as well as volatility in global stock markets and currency exchange rate fluctuations. In March 2017, the United Kingdom served notice to the European Council under Article 50 of the Lisbon Treaty of its intention to withdraw from the European Union. As of January 30, 2020, the United Kingdom's membership in the European Union was terminated and an eleven month transition period began which expired on December 31, 2020. In December 2020, the United Kingdom and the European Union agreed on a trade and cooperation agreement, under which the United Kingdom and the European Union will now form two separate markets governed by two distinct regulatory and legal regimes. The trade and cooperation agreement covers the general objectives and framework of the relationship between the United Kingdom and the European Union, including as it relates to trade, transport and visas. Notably, under the trade and cooperation agreement, United Kingdom service suppliers no longer benefit from automatic access to the entire European Union single market, United Kingdom goods no longer benefit from the free movement of goods and there is no longer the free movement of people between the United Kingdom and the European Union. Depending on the application of the terms of the trade and cooperation agreement, we could face new regulatory costs and challenges. The full effect of Brexit remains uncertain and depends on the application of the terms of the trade and cooperation agreement. Moreover, the overall impact of Brexit may create further global economic uncertainty, which may cause a subset of our customers to more closely monitor their costs in the affected region. Our revenue generated from customers who have billing addresses within the United Kingdom was approximately 10% and 14% of our total revenues for the years ended December 31, 2022 and 2021, respectively. As a result, we may face difficulties and unforeseen expenses in expanding our business internationally and, if we attempt to do so, we may be unsuccessful, which could harm our business, operating results and financial condition.