Akamai (AKAM) Risk Analysis

We and the third-parties upon which we rely face a variety of evolving threats, which could cause cybersecurity incidents and/or data breaches, such as cyber-attacks, malicious internet-based activity, online and offline fraud and other similar activities. Such threats are prevalent and continue to rise, are increasingly difficult to detect and come from a variety of sources and may be enhanced or facilitated by AI. We regularly face attempts to gain unauthorized access or deliver malicious software to Akamai's platforms, products and services and our internal IT systems, with the goal of stealing proprietary information related to our business, products, employees and customers; disrupting our systems and services or those of our customers or others; or demanding ransom to return control of such systems and services. These attempts take a variety of forms, including DDoS attacks, infrastructure attacks, botnets, malicious file uploads, computer malware, application abuse, credential abuse, social engineering (including phishing attacks), ransomware, bugs, viruses, worms malicious software programs, business email compromises, misuse of employee credentials and wrongful conduct by insider employees or vendors, all of which may be enhanced or facilitated by AI. Further, attempts to disrupt or gain unauthorized access to our and our third-party vendors' information systems from malicious third parties or insider threats may incorporate widely varying and frequently changing tactics, which may be enhanced or facilitated by AI. Malicious actors are known to attempt to fraudulently induce employees and suppliers to disclose sensitive information through illegal electronic spamming, phishing or other tactics. Other parties may attempt to gain unauthorized physical access to our facilities in order to infiltrate our internal-use information systems. Furthermore, nation state and hacktivist attacks against us or our customers have in the past and may in the future intensify during periods of heightened geopolitical tensions or armed conflict, such as the ongoing war in Ukraine, the Israel-Hamas war and the escalation of military conflict between Israel and Iran, as well as broader military confrontations involving the United States. We may not be able to anticipate the techniques used in such attacks, as they change frequently and may not be recognized until launched. The rapidly changing technological and geopolitical landscape may also create new, unexpected, or unknown risks for which we may not immediately be prepared, requiring increased risk mitigation expenditures. Our contracts may not contain limitations of liability, and even where they do, there can be no assurance that such terms are sufficient to protect us from liabilities, damages, or claims related to our privacy and data security obligations. Further,although we maintain cyber liability insurance, this insurance may not provide adequate coverage against potential liabilities related to any experienced cybersecurity incident or breach. Like other companies in our industry, we, and our third-party providers, have experienced and will continue to experience threats and cybersecurity incidents relating to our information technology systems and infrastructure. For example, we have discovered vulnerabilities in software and hardware used in our technology, such as the AMD "Inception" vulnerability identified in mid-2023 that potentially impacted a large portion of the internet ecosystem, and may have other undiscovered vulnerabilities. Vulnerabilities, resident in software, hardware or configurations, have in the past and may in the future require significant operational efforts to mitigate and may persist for extended periods of time and the effects of any such vulnerability could be exacerbated. Similar security risks exist with respect to acquired companies, our business partners and the third-party vendors that we rely on for aspects of our information technology support services and administrative functions. As a result, we are subject to risks that the activities of our business partners and third-party vendors may adversely affect our business even if an attack or breach does not directly target our systems. To protect our corporate and deployed networks, we aim to continuously engineer more secure solutions, enhance security and reliability features, improve the deployment of software updates to address security vulnerabilities, develop mitigation technologies that help to secure customers from attacks and maintain the digital security infrastructure that protects the integrity of our network and services. For example, our efforts to continually enhance the security and reliability of our globally distributed infrastructure, customer applications and corporate systems comprise various initiatives and mitigation efforts, including upgrading access and configuration controls; improving security instrumentation, monitoring, detection and prevention tools; enhancing software inventory and tracking and patching systems; upgrading encryption processes and protections; enhancing authorization methods in applications; enhancing data loss prevention and endpoint security management capabilities; upgrading vulnerability identification, assessment and remediation processes and technologies; and enhancing the security of passwords and other credentials, as applicable and appropriate. Our efforts to engineer more secure solutions are frequently costly, with a negative impact on near-term profitability, and may be unsuccessful in preventing security incidents that may have an adverse effect on our business and reputation. For example, with the acquisition of Linode Limited Liability Company ("Linode"), we continue to adapt procedures for mitigating risks that have in the past or may in the future materialize, including any harms that may arise from abuse of our cloud computing products. If we fail to mitigate these harms or if there is a significant cybersecurity event using our cloud computing products or our cloud computing products are perceived to be less reliable than our competitors, it could result in loss of customers and reputational damage. Any actual, alleged or perceived breach of network security in our systems or networks, or any other actual, alleged or perceived outage, compromise or data security incident we, our customers or our third-party suppliers suffer, has in the past and could in the future result in legal reporting obligations; damage to our reputation; negative publicity; loss of channel partners, customers and sales; loss of revenue; loss of competitive advantages; increased costs to remedy any problems and otherwise respond to any incident; regulatory investigations and enforcement actions and fines; costly litigation; and other liabilities.

U.S. and international laws and regulations that apply to the internet, including content liability, security requirements, law enforcement access to information, critical infrastructure, net neutrality, so-called "fair share" or internet content taxes, international data transfer restrictions, sanctions, export controls, restrictions on social media or other platforms, applications or content, as well as developing regulatory concerns related to digital or cloud sovereignty, could pose risks to our revenues, intellectual property and customer relationships and could increase expenses or create other disadvantages to our business. Section 230 of the U.S. Communications Decency Act ("Section 230"), gives websites that host user-generated content broad protection from legal liability for content posted on their sites. Proposals to repeal or amend Section 230 could expose us to greater legal liability in the conduct of our business. Our Acceptable Use Policy prohibits customers from using our network to deliver illegal or inappropriate content; if customers violate that policy, we may nonetheless face reputational damage, enforcement actions or lawsuits related to their content. In addition, laws and regulations related to content could cause internet service providers, or others, to block our products in order to enforce content-blocking efforts. Efforts to block a single product or domain name may end up blocking a number of other products or domain names in an overbroad manner that could affect our business. Certain jurisdictions are adopting or tightening data localization and data residency requirements that restrict where customer or employee data may be stored, processed, accessed or encrypted. In the U.S., regulators are increasingly scrutinizing and restricting certain personal data transfers and transactions involving foreign countries. For example, the Department of Justice's January 8, 2025, rule on "Preventing Access to U.S. Sensitive Personal Data and Government-Related Data by Countries of Concern or Covered Persons," prohibits data brokerage transactions involving certain sensitive personal data categories to countries of concern, including China. The regulations also restrict certain investment agreements, employment agreements and vendor agreements involving such data and countries of concern, absent specified cybersecurity controls. Some jurisdictions, particularly the European Union (the "EU"), are also exploring broader "digital sovereignty" frameworks placing operational, ownership, and control requirements that must be met to provide services to certain markets or sectors. These measures have gathered steam over the past year based on the emergence of geopolitical tensions, including between the US and Europe. Together with limits on cross-border data transfers and government access or audit obligations, they may prevent us from providing services in certain cases, or require us to provide in-country or region-specific hosting, rely on designated local partners, modify or limit features, or maintain segregated environments and duplicative infrastructure, routing, logging and support models. These developments could decrease our addressable market, increase our costs and complexity, lengthen sales cycles, limit the functionality or performance of our services in some markets and reduce economies of scale. These risks may accelerate or vary by region due to geopolitical factors, including changes in sanctions, export or import controls, tariffs and other trade restrictions, or regional conflicts. Regulations have also been enacted or proposed in a number of countries that limit the delivery of certain types of content into those countries. Enactment and expansion of such laws and regulations would negatively impact our revenues. For example, restrictions were adopted in India in 2020 prohibiting access to identified Chinese-owned applications which caused a reduction in revenue to us. In addition, in April 2024, the U.S. government enacted the Protecting Americans from Foreign Adversary Controlled Applications Act ("PAFACA"), which, among other things, prohibited the provision of certain types of services to a Chinese application if the application was not sold to a neutral third party by January 19, 2025. The President of the United States subsequently signed a series of Executive Orders delaying enforcement of the legislation, culminating with an Executive Order issued on September 25, 2025, which declared that a proposed sale of the Chinese-owned application's U.S. operations to a new joint-venture company complied with PAFACA's divestiture requirements and extended non-enforcement of PAFACA until January 23, 2026. These Executive Orders further directed the Department of Justice to issue guidance and letters stating there was no violation and no liability for conduct during the PAFACA non-enforcement periods, resulting in Akamai's receipt of an Attorney General determination that Akamai services had not violated the law and that we could continue providing services as contemplated by the Executive Orders without violating the law and without incurring any legal liability. On January 22, 2026, the divestiture was finalized, and a new U.S.-based joint venture assumed operation of the U.S. application. Although the divestiture has been completed, certain aspects of the transaction could be subject to future governmental review or litigation. Further, it is difficult to predict whether any future legislative, regulatory or judicial actions, including those that may be brought against the Executive Orders, will be successful. There is no assurance that we will not be exposed to liability, and we may face significant fines, litigation, indemnification claims, negative publicity, reputational harm, diversion of management attention, interruptions in our operations, financial loss and other similar harms by continuing to provide services to this customer. In addition, enactment and expansion of laws related to the use of AI and machine learning in our operations and increased regulation of cloud service providers also could increase the costs of doing business, subject us to potential liability or regulatory risk and introduce other disadvantages to our business, including brand or reputational harm. U.S. states have advanced and, in some cases, enacted numerous AI governance laws, creating a complicated legislative patchwork that may be litigated in state and federal courts, notwithstanding a December 2025 executive order endorsing a federal moratorium on enforcement of state AI laws. In Europe, the EU began implementing the Artificial Intelligence Act (the "AI Act") on August 1, 2024, with significant provisions scheduled to take effect in August 2026. The AI Act, which may be amended as part of the EU's Digital Omnibus, imposes significant obligations on providers and deployers of high-risk AI systems, and non-compliance can lead to substantial fines. If we develop or use AI systems governed by these laws or regulations, we may face burdensome and costly compliance obligations relating to data quality, transparency, human oversight, and ethical and administrative requirements, as well as significant enforcement actions or litigation in the event of any perceived non-compliance. Interpretations of laws or regulations that would subject us to regulatory enforcement actions, supervision or, alternatively, require us to exit a line of business or a country, could lead to the loss of significant revenues and have a negative impact on the quality of our solutions. Engineering efforts to build new capabilities to facilitate compliance with law enforcement access requirements, content access restrictions or other regulations could require us to take on substantial expenses and divert engineering resources from other projects. These circumstances could harm our profitability.

Our future income taxes could be adversely affected by earnings being lower than anticipated in jurisdictions that have lower statutory tax rates and higher than anticipated in jurisdictions that have higher statutory tax rates, or changes in tax laws, regulations or accounting principles, as well as certain discrete items such as equity-related compensation. The Organisation for Economic Co-operation and Development ("OECD") and participating OECD member countries continue to work toward the enactment of a 15% global minimum corporate tax rate for large multinational enterprise groups, also known as "Pillar Two." Many of the participating countries have enacted legislation that became effective beginning in 2024, while other countries continue to work on defining the underlying rules and administrative procedures. Although the enacted and effective legislation in some countries was applicable to us as of January 1, 2024, and increased our effective income tax rate, the increase did not have a material impact on our overall results of operations or cash flows. We will continue to monitor and evaluate the impacts of the developing legislation. We have recorded certain tax reserves to address potential exposures involving our income tax and indirect tax positions. These potential tax liabilities result from the varying application of statutes, rules, regulations and interpretations by different jurisdictions. We are currently subject to tax audits in various jurisdictions. If the ultimate outcome of any tax audits are adverse to us, our reserves may not be adequate to cover our total actual liability, and we would need to take a financial charge. Although we believe our estimates, our reserves and the positions we have taken in all jurisdictions are reasonable, the ultimate tax outcome may differ from the amounts recorded in our financial statements and may materially affect our financial results in the period or periods for which such determination is made.

Because we operate globally, our business, revenues and profitability are impacted by global macroeconomic and geopolitical conditions. The success of our activities is affected by general economic, political and market conditions, including inflation, foreign exchange rates, interest rates, tax rates, economic uncertainty or contraction, political instability, warfare or acts of terrorism, public health crises, changes in laws, policy - and regulatory-related changes resulting from U.S. government actions and regulatory priorities, trade barriers including announced or expected tariffs, changes in export controls, the actual or perceived failure or financial difficulties of financial institutions, reduced consumer confidence and spending and economic and trade sanctions. Global economic and geopolitical conditions can impact our customers, potentially making non-U.S. companies reluctant to enter into contracts with U.S. providers or to permit cross-border data transfers. Such conditions can also cause customers to take cost-savings measures-such as optimization and DIY initiatives, reduction or delay of information technology spending, contract renegotiation and lengthening of procurement and sales cycles - which have in the past and may in the future negatively impact our revenues by reducing traffic on our network. The U.S. capital markets have recently experienced and may continue to experience extreme volatility and disruption, and inflation rates in the U.S. have been elevated compared to historical rates and have fluctuated. In addition, the current U.S. presidential administration has imposed or indicated an intention to impose tariffs or export controls (including on advanced computing and networking technologies and services) on certain countries that could further adversely impact trade relations, result in higher costs and decreased purchasing power of our customers, put increased pressure on supply chains and create general market instability. Such economic volatility has in the past and could in the future adversely affect our business, financial condition, results of operations and cash flows and future market disruptions could negatively impact us. For example, these unfavorable economic conditions could slow our revenue growth or increase our operating costs, which could negatively impact our profitability. Geopolitical destabilization,the escalation of international tensions and warfare have impacted and could continue to impact global currency exchange rates, resources from our suppliers, availability or pricing of energy and other inputs, our ability to compete effectively and our ability to operate or grow our business. Cybersecurity threats can also intensify during periods of geopolitical destabilization, increasing the risk of attempted attacks on our systems, suppliers and customers. Additionally, we have offices and employees located in regions that historically have and may again experience periods of political instability, warfare or acts of terrorism, public health crises, changes in laws, trade barriers, and economic and trade sanctions. Adverse conditions in these countries or actions by them to adopt policies that are unfavorable to other countries in which we operate have in the past and may in the future affect our operations, including by causing disruptions to our workforce, supply chains, networks, financial systems and other critical infrastructure, which could adversely affect our business, results of operations, financial condition and cash flows. For example, approximately six percent of our global employees are located in Israel, and have in the past been impacted by the Israel-Hamas war or other hostilities in and around or involving Israel. Any escalations or conflicts impacting Israel, including periodic escalations, could cause harm to our employees or otherwise impair their ability to work for extended periods of time.

A significant portion of our hiring, new customers and revenue growth in recent years has been attributable to our business outside the U.S. Our operations in international countries subject us to risks that may increase our costs, impact our financial results, disrupt our operations or make our operations less efficient and require significant management attention. These risks include: foreign exchange rate risks; uncertainty regarding liability for content or services, including uncertainty as a result of local laws and lack of legal precedent; loss of revenues if the U.S. or international governments impose limitations on doing business with significant current or potential customers; difficulty in staffing, training, developing and managing international operations as a result of distance, language, cultural differences, differences in employee/employer relationships or regulations; theft of intellectual property in high-risk countries where we operate; difficulties in enforcing contracts, collecting accounts and longer payment cycles in certain countries; difficulties in transferring funds from, or converting currencies in, certain countries; managing the costs and processes necessary to comply with export control, sanctions, anti-bribery and anti-corruption, data protection, cybersecurity and competition laws and regulations or other regulatory or contractual limitations on our ability to sell or develop our products and services in certain international markets; changes in regulatory rules or policies or changes in government enforcement priorities and resources; macroeconomic developments and changes in the labor markets in which we operate; geopolitical developments, including increasing international tensions or any that impact our or our customers' ability to operate in or deliver content to a country; other circumstances outside of our control such as trade disputes, including the imposition of tariffs by the United States on imports from certain countries and any resulting counter-tariffs or macroeconomic impacts, political unrest, warfare, military or armed conflict, such as the Russian invasion of Ukraine, the Israel-Hamas war, and periodic escalations involving Israel and Iran or Hezbollah, as well as broader military confrontations involving the United States, terrorist attacks, public health emergencies, energy crises and natural disasters that could disrupt our ability to provide services or limit customer purchases of them. For example, approximately six percent of our global employees are located in Israel and have been and may continue to be impacted by hostilities in the region, including being required to report for military duty, which could impact our ability to operate and successfully complete ongoing initiatives. In addition, we are subject to laws and regulations worldwide that differ among jurisdictions and may change, affecting our operations in areas such as intellectual property ownership and infringement; tax; anti-bribery and anti-corruption; technology sovereignty, internet, technology and export regulations; so-called "fair share" or internet content taxes; foreign exchange controls and cash repatriation; data privacy; cyber security; competition; consumer protection; corporate sustainability; and employment and immigration. Compliance with such requirements can be onerous and expensive and may otherwise impact our business operations negatively. Although we have policies, controls and procedures designed to help ensure compliance with applicable laws, there can be no assurance that our employees, contractors, suppliers, customers, channel partners, intermediaries, agents or acquired businesses will not violate such laws or our policies, or that our controls will timely prevent, detect or remediate misconduct. Violations of these laws and regulations can result in fines or disgorgement of profits; additional costs related to internal or governmental investigations; remedial undertakings; contract damages, criminal sanctions against us, our officers or our employees; suspension or debarment; loss of licenses or certifications; prohibitions on the conduct of our business; and damage to our reputation.

Because we conduct a substantial portion of our business outside the United States, we face exposure to adverse movements in foreign currency exchange rates, which could have a material adverse impact on our financial results and cash flows. These exposures may change over time as business practices evolve and economic conditions change. The fluctuations of currencies in which we conduct business can both increase and decrease our overall revenue and expenses for any given period. This exposure is the result of selling in multiple currencies, headcount in foreign locations and operating in countries where the functional currency is the local currency. Revenue generated and expenses incurred by our international subsidiaries are often denominated in their local currencies, but many of our expenses related to our operations in foreign jurisdictions are denominated in U.S. dollars. As a result, our consolidated U.S. dollar financial statements are subject to fluctuations due to changes in exchange rates as the financial results of our international subsidiaries are translated from local currencies into U.S. dollars. For example, in 2025, the weakening of the U.S. dollar had a positive impact on our revenue and increased our overall profitability, but if this dynamic reverses, it would have a negative impact on our revenue and profitability. In addition, our financial results are subject to changes in exchange rates that impact the settlement of transactions in non-functional currencies. In addition, we have recently experienced increased volatility in foreign currency exchange rates, due to a number of factors, including geopolitical and economic developments. We may not be able to effectively manage such volatility, and our financial results have in the past and could in the future be adversely impacted as a result of such volatility. In addition, such volatility, even when it increases our revenues or decreases our expenses, impacts our ability to accurately predict our future results and earnings.

To operate and grow our globally distributed network serving our portfolio of services, we are dependent in part upon transmission capacity provided by third-party telecommunications network providers and co-location facilities to house our servers and equipment to support our operations. We may be unable to purchase the bandwidth and space we need from these providers due to limitations on their resources, increasing energy costs or other reasons outside of our control, including market dynamics driven by hyperscalers, significant cost increases in servers and memory, and shortages of data center space and power. In particular, our efforts to increase the size and scale of our network infrastructure have required and may continue to require procuring significant additional space in co-location facilities. Inability to access facilities where we would like to install servers, secure sufficient power capacity or perform maintenance on existing servers for any reason impedes our ability to expand or maintain capacity. As a result, there can be no assurance that we are adequately prepared for unexpected increases in capacity demands by our customers. Failure to put in place the capacity we require to operate our business effectively could result in a reduction in, or disruption of, service to our customers and ultimately a loss of those customers. In addition, these third-party providers can experience operational inefficiencies relating to power, climate controls, water, logistics, and other unforeseen events which could result in increased costs, service disruptions and diminished customer experiences. We cannot guarantee that these providers have adequate measures in place to avoid service events that could impact our ability to operate portions of our network. Akamai's platforms, products and services rely on hardware equipment, including hundreds of thousands of servers deployed around the world. Increasing demand and manufacturing limitations for certain necessary equipment or components may significantly impact pricing and availability. In addition, disruptions in our supply chain have occurred in the past and could occur in the future that prevent us from purchasing needed equipment at attractive prices or at all. For example, we are experiencing continued volatility in certain server component costs, including as a result of recently imposed tariffs, that support the continued build out of our AI, infrastructure and platform services. In addition, from time to time, it has been, and may continue to be, more difficult to purchase equipment that is manufactured in areas that face disruptions to operations due to war, unrest, trade sanctions or other political activity, public health issues, safety issues, natural disasters or general economic conditions. For example, tariffs imposed by the United States on other countries and any resulting counter-tariffs have in the past and will in the future likely lead to increasing costs and supply chain disruptions. Failure to have adequate equipment, including server and other networking equipment, could harm the quality of our services, which could lead to the loss of customers and revenue.

Our future success depends upon the services of our executive officers and other key technology, sales, research and development, marketing and support personnel who have critical industry experience and relationships. Attracting, hiring and retaining highly skilled and qualified employees continues to be a priority and a key dependency for our ongoing success. If we fail to attract new personnel, fail to retain and motivate our current personnel or fail to effectively train our employees to support our business needs, our business and future growth prospects could suffer. For example, none of our officers or key employees are bound by an employment agreement for any specific term, and members of our senior management have left our company over the years for a variety of reasons. In addition, effective succession planning is important to our long-term success and our failure to ensure effective transfer of knowledge and smooth transitions involving our officers and other key personnel could hinder our strategic planning and execution. In addition, our future success will depend upon our ability to attract, train and retain employees, particularly in our expected areas of growth such as security and cloud computing. Such efforts will require time, expense and attention by our employees as there is significant competition for talented individuals. This competition results in increased costs in the form of cash and stock-based compensation and can have a dilutive impact on our stock. Our ability to hire and retain employees may be adversely affected by volatility in our stock price or our ability to obtain shareholder approval to offer additional stock to our employees, because a significant portion of our compensation is in the form of equity grants. We are retasking certain employees to work on our cloud computing solutions which will require the use of our resources and if we are unable to successfully retrain our employees, our cloud computing business may suffer. Furthermore, geopolitical events may impact our retention efforts. For example, the Israel-Hamas War and other hostilities in the Middle East have and could continue to impact our workforce in Israel, as employees have been and may continue to be required to report for military service or have other competing priorities. The loss of the services of a significant number of our employees or any of our key employees or our inability to attract and retain new talent in a timely fashion may be disruptive to our operations and overall business.

We compete in markets that are intensely competitive and rapidly changing. Our current and potential competitors vary by size, product offerings and geographic region and range from start-ups that offer solutions competing with a discrete part of our business to large technology or telecommunications companies that offer, or may be planning to introduce, products and services that are broadly competitive with what we do. The primary competitive factors in our market are differentiation of technology, global presence, quality of solutions, reliability, long-term product roadmap, data center maintenance and acquisition, supply chain resilience, customer service, technical expertise, security, ease-of-use, breadth of services offered, price and financial strength. Ultimately, any type of increased competition could result in price and revenue reductions, loss of customers and loss of market share or inability to penetrate new markets, each of which could materially impact our business, profitability, financial condition, results of operations and cash flows. Many of our current and potential competitors have substantially greater financial, technical and marketing resources, larger customer bases, broader product portfolios, longer operating histories, greater brand recognition and more established relationships in the industry than we do. This is particularly true with respect to our AI and cloud computing solutions, as a small number of very large competitors have established themselves as incumbents in these industries and exert significant purchasing power and priority access to servers, memory, co-location capacity and power. As a result, some competitors have in the past and may in the future be able to: develop superior products or services; leverage better name recognition, particularly in the security and cloud computing markets; enter new markets more easily or better manage the impact of changes in general economic conditions, geopolitical conditions and industry pressures; gain greater market acceptance for their products and services; enter into long-term contracts with our potential customers; increase their points of presence and proximity to enterprise data centers and end users faster than us; secure server components (including memory), co-location space and power on preferred terms and with priority access, which can constrain industry supply and increase our costs; expand their offerings more efficiently and more rapidly; bundle their products that are competitive with ours with other solutions they offer in a way that makes our offerings less appealing to, or more costly for, current and potential customers; more quickly adapt to new or emerging technologies and changes in customer requirements; take advantage of acquisition, investment and other opportunities more readily; offer lower prices than ours, including at levels that may not be profitable for us to match; spend more money on the promotion, marketing and sales of their products and services; offer higher salaries to talented professionals which may impact our ability to hire or retain engineering and other personnel; and implement shorter sales cycles with customers and prospects. Smaller and more nimble competitors have in the past and may in the future be able to: attract customers by offering less sophisticated versions of products and services than we provide at lower prices than those we charge; develop new business models that are disruptive to us; and respond more quickly than we can to new or emerging technologies, changes in customer requirements and market and industry developments, resulting in superior offerings. We and other companies that compete in this industry and these markets experience continually shifting business relationships, reputations, commercial focuses and business priorities, all of which occur in reaction to industry and market forces and the emergence of new opportunities. These shifts have led or could lead to our customers or partners becoming our competitors; customers implementing multi-vendor policies and seeking out one or more of our competitors to provide content and application delivery or security protection services; network suppliers no longer seeking to work with us; and technology companies that previously did not appear to show interest in the markets we seek to address entering into those markets as our competitors. With this constantly changing environment, we may face operational difficulties in adjusting to the changes or our core strategies could become obsolete. Any of these or other developments could harm our business.

We are reliant on some of our larger customers to direct traffic to our network for a significant part of our revenues. At times, some of our customers have determined that it is better for them to employ a DIY strategy by putting in place equipment, software and other technology solutions for content and application delivery and security protection within their internal systems instead of using our solutions for some or all of their needs. As the amount of money a customer spends with us increases, the risk that they will seek alternative solutions such as DIY or a multi-vendor policy likewise increases. While the number of customers implementing a DIY strategy had been decreasing, current global economic and geopolitical conditions may cause customers to increase their focus on DIY solutions, which could negatively impact traffic on our network, and, as a result, our revenue. For example, a large social media customer has taken steps to lower costs and reduce reliance on U.S. providers by optimizing its platform, including using a DIY component, which reduced traffic on our network and negatively impacted our revenue in 2024 and may continue to do so in the future. If our customers increase their use of DIY solutions or if multiple additional large customers shift to this model, traffic on our network and our contracted revenue commitments could decrease more significantly, which could negatively impact our business, profitability, financial condition, results of operations and cash flows.