Certara (CERT) Risk Analysis

We are subject to claims that arise in the ordinary course of business, such as claims in connection with commercial disputes, employment claims made by our current or former employees, claims brought by third-parties for failure to adequately protect their personal data, or claims by shareholders or government agencies that we have failed to comply with laws and regulations pertaining to public companies or federal or state securities laws and regulations. Third parties may in the future assert intellectual property rights to technologies that are important to our business and demand back royalties or that we license their technology. Litigation may result in substantial costs and may divert management's attention and resources, which may seriously harm our business, overall financial condition and operating results. Insurance may not cover such claims, may not be sufficient for one or more of such claims and may not continue to be available on terms acceptable to us. A claim brought against us that is uninsured or underinsured could result in unanticipated costs and could have a material adverse impact on our business, financial condition and results of operations.

As of December 31, 2024, we had federal and state NOLs of approximately $6.2 million and $4.9 million, respectively, which are available to reduce future taxable income and expire between 2035 and 2036 and 2029 and 2040, respectively. We had federal R&D tax credit carryforwards of approximately $0.3 million to offset future income taxes, which expire between 2027 and 2048. We also had foreign tax credits of approximately $11 million, which will start to expire in 2027. These carryforwards that may be utilized in a future period may be subject to limitations based upon changes in the ownership of our stock in a future period. Additionally, we carried forward foreign NOLs of approximately $78.6 million which will start to expire in 2025, foreign research and development credits of $0.3 million which expire in 2029, and Canadian investment tax credits of approximately $3.9 million which expire between 2032 and 2042. Our carryforwards are subject to review and possible adjustment by the appropriate taxing authorities. In addition, in general, under Section 382 of the Internal Revenue Code of 1986, as amended (the "Code"), and corresponding provisions of state law, a corporation that undergoes an "ownership change," generally defined as a greater than 50 percentage point change (by value) in its equity ownership by certain stockholders over a three year period, is subject to limitations on its ability to utilize its pre-change NOLs, R&D tax credit carryforwards and disallowed interest expense carryforwards to offset future taxable income. We have performed an analysis for the period January 1, 2024 through December 31, 2024 and determined no ownership change occurred during this period. In addition, we determined that ownership changes occurred in prior periods and therefore our NOLs and R&D tax credit carryforwards reflect the amounts available after considering such limitations. We may experience further ownership changes in the future and/or subsequent changes in our stock ownership (which may be outside our control). As a result, if, and to the extent that, we earn net taxable income, our ability to use our pre-change NOLs, R&D tax credit carryforwards and disallowed interest expense carryforwards to offset such taxable income may be subject to limitations.

In the normal course of our business, we collect, process, use and disclose information about individuals, including on behalf of our customers, as well as for our employees around the world. The collection, processing, use, disclosure, disposal and protection of such information is highly regulated both in the U.S. and other jurisdictions, including but not limited to, under HIPAA, as amended by HITECH; United States state privacy, security and breach notification and healthcare information laws, such as the CCPA; the European Union's GDPR, UK GDPR, and other European and UK privacy laws, as well as the expanding number of privacy laws around the world, including China and Canada. These laws are complex and their interpretation is rapidly evolving, making implementation and enforcement, and thus compliance requirements, uncertain and potentially inconsistent. For example, the CCPA imposes obligations and restrictions on businesses regarding their collection, use, and sharing of personal information and provides new and enhanced data privacy rights to California residents, such as affording them the right to access and delete their personal information and to opt out of certain sharing of personal information. Protected health information that is subject to HIPAA is excluded from the CCPA; however, information we hold about individuals that is not subject to HIPAA would be subject to the CCPA. It is unclear how HIPAA and the other exceptions may be applied under the CCPA and how other, similar state laws, amendments, and regulations with similar exceptions for protected health information will be enforced. In addition, our collection, use, disclosure, protection and other processing of information is subject to related contractual requirements. Compliance with such laws and related contractual requirements may require changes to our information processing practices and may thereby increase compliance costs. Failure to comply with such laws and/or related contractual obligations could result in regulatory enforcement or claims against us for breach of contract or may lead third parties to terminate their contracts with us and/or choose not to work with us in the future. Should this occur, there could be a material adverse effect on our business, financial condition and results of operations. Data privacy and security laws and regulations often govern the handling of information about individuals, including personal health information and require the use of standard contracts, privacy and security standards and other administrative simplification provisions. Additionally, the FTC and many state attorneys general are interpreting existing federal and state consumer protection laws to impose evolving standards for the online collection, use, dissemination and security of information about individuals, including health-related information. Courts may also adopt the standards for fair information practices promulgated by the FTC, which concern consumer notice, choice, security and access. Consumer protection laws require us to publish statements that describe how we handle information about individuals and choices individuals may have about the way we handle their information. If such information that we publish is considered untrue, we may be subject to government claims of unfair or deceptive trade practices, which could lead to significant liabilities and consequences. Furthermore, according to the FTC, violating consumers' privacy rights or failing to take appropriate steps to keep information about consumers secure may constitute unfair acts or practices in or affecting commerce in violation of Section 5(a) of the FTC Act. The GDPR and the UK GDPR regulate our processing of personal data, and imposes stringent requirements. Failure to comply with the GDPR or UK GDPR may result in fines up to the greater of €20 million or 4.0% of worldwide gross annual revenue and applies to services providers such as us under each of GDPR and UK GDPR. There is uncertainty regarding transfers of personal data from the EEA to the United States, including regarding the status and enforceability of the European Commission's adequacy decision with the United States and the EU-U.S. Data Privacy Framework ("EU-U.S. DPF") under which personal data could be transferred from the EEA to U.S. entities who had self-certified under the DPF scheme. While the Court of Justice of the European Union (CJEU) has upheld the adequacy of the standard contractual clauses (a standard form of contract approved by the European Commission as an adequate personal data transfer mechanism, and potential alternative to the DPF), it made clear that reliance on them alone may not necessarily be sufficient in all circumstances; and the validity of the standard contractual clauses as a transfer mechanism remains uncertain. We have previously relied on our own DPF certification and our relevant customers' and third parties' DPF certification(s) for the purposes of transferring personal data from the EEA to the United States in compliance with the GDPR's data export conditions. We also currently rely on the standard contractual clauses to transfer personal data outside the EEA, including to the United States. If all or some jurisdictions within the European Union or the United Kingdom determine that the standard contractual clauses do not provide sufficient safeguards to transfer personal data to the United States, our ability to effect cross-border transfers of personal data will be severely limited or cause us to need to establish systems to maintain certain data sovereignty in the EEA or UK, and thereby divert resources from other aspects of our operations, all of which may adversely affect our business or we may face governmental enforcement actions, litigation, fines and penalties or adverse publicity, which could have an adverse effect on our reputation and business. It is possible that we could fail to comply with the requirements of all of the various data privacy laws and regulations and contractual obligations that we are subject to or that we could incur liability due to the acts or omissions of our vendors. In the event we are not able to secure indemnification or the indemnification and any insurance coverage is inadequate to cover our losses, we could suffer significant financial, operational, reputational and other harm and our business, financial condition and results of operations could be materially adversely affected. Furthermore, as supervisory authorities issue further guidance on personal data export mechanisms, including circumstances where the standard contractual clauses cannot be used, and/or start taking enforcement action, we could suffer additional costs, complaints and/or regulatory investigations or fines, and/or if we are otherwise unable to transfer personal data between and among countries and regions in which we operate, it could affect the manner in which we provide our services, the geographical location or segregation of our relevant systems and operations.

Market acceptance of our products depends upon the continuous, effective and reliable operation of our software and other biosimulation tools and models. New or enhanced products or services, whether developed internally or acquired through acquisitions, can require long development and testing periods, which may result in delays in scheduled introduction. Our software solutions and biosimulation tools and models are inherently complex and may contain defects or errors. The risk of errors is particularly significant when a new product is first introduced or when new versions or enhancements of existing software solutions are released, such as the integration of AI technology with our existing software products. Although we extensively test and conduct quality control on each new or enhanced biosimulation product before it is released to the market, there can be no assurance that significant errors will not be found in existing or future releases. As a result, in the months following the introduction of certain releases, we may need to devote significant resources to correct these errors. We cannot provide assurance, however, that all of these errors can be corrected in a timely manner or without impact to our customers or business. Many of our customers also require that new versions of our software be internally validated before implementation, which can result in delays or the decision to skip smaller updates altogether. As such, any errors, defects, disruptions or other performance problems with our products could hurt our reputation and may damage our customers' businesses. Furthermore, any delays in the release schedule for new or enhanced products or services may delay market acceptance of these products or services and may result in delays in new customer orders for these new or enhanced products or services or the loss of customer orders, which may have a material adverse effect on our business, financial condition and results of operations. To the extent that defects or errors cause our software or other biosimulation tools to malfunction and our customers' use of our products is interrupted, or the data derived from the use of our products is incorrect or incomplete, our customers may delay or withhold payment to us, cancel their agreements with us or elect not to renew, make service credit claims, warranty claims or other claims against us, and we could lose future sales. The occurrence of any of these events could result in diminishing demand for our software, a reduction of our revenues, an increase in collection cycles for accounts receivable, and require us to increase our warranty provisions or incur the expense of litigation or substantial liability.

The evolution of technology systems introduces ever more complex risks of cybersecurity threats that are difficult to predict and defend against. An increasing number of companies, including those with significant online operations, have recently disclosed breaches of their cybersecurity systems, some of which involved sophisticated tactics and techniques allegedly attributable to criminal enterprises or nation-state actors. Our efforts to improve our defenses may not always prove successful, and we may detect, or receive notices from customers and both public and private agencies that they have detected, actual or perceived vulnerabilities or fraudulent activity. In addition, cybersecurity threats are constantly evolving, are becoming more frequent and more sophisticated and are being made by groups of individuals with a wide range of expertise and motives, which increases the difficulty of detecting and successfully defending against them. Our infrastructure (and that of the third parties with which we do business) is vulnerable to physical or electronic break-ins, ransomware attacks, computer viruses or similar problems, which in some cases may be outside our control. Like other companies in our industry, we are, in the normal course of business, the target of cyberattack attempts, and we can make no assurance that future cyberattacks will not be material. Our solutions involve the collection, analysis and retention of our customers' proprietary information related to their drug development efforts, including clinical data. Unauthorized access to this information or data (including health information and other personal data), whether deliberate or unintentional, could result in the loss of information, governmental inquiries or investigations, litigation, breach of contract claims, indemnity obligations, damage to our reputation and other liability. Given the trusted nature of our customer relationships and the importance of the data that we manage, any unauthorized access or breach, to any degree, could result in outsized reputational and customer harm, and as a result of which we could lose business and see our commercial prospects and liability exposure seriously and adversely impacted. Our reliance on remote access to our information systems exposes us to potential cybersecurity breaches and the risk of loss or exposure of such information and data. Additionally, we rely on third parties and their cybersecurity procedures for the secure storage, processing, maintenance, and transmission of information that is critical to our operations and such third parties may also suffer cybersecurity incidents. Depending on their nature and scope, this could potentially result in the misappropriation, destruction, corruption or unavailability of critical data and confidential or proprietary information (our own or that of third parties, including information about our customers and employees) and the disruption of business operations. If there is a cybersecurity incident and we know or reasonably suspect that certain personal information has been subject to unauthorized or unlawful access or use, we may need to inform the affected individuals and make certain public disclosures; moreover, we may be subject to significant fines and penalties. Determining whether a cybersecurity incident is notifiable or reportable may not be straightforward, and any such mandatory disclosures could be costly and lead to negative publicity, loss of customer confidence in the effectiveness of our security measures, diversion of management's attention and governmental investigations. In some cases, these determinations will be fact-specific and vary by jurisdiction, with a range of notice periods and information requirements, as, for example, some notices will be sector-relevant or require acceleration depending on scope or categories of data in question. Further, under certain regulatory schemes, such as the CCPA or other similar state privacy laws, individuals may bring private claims for our failure to deploy reasonable and appropriate cybersecurity controls, and we also may be liable for statutory and multiple damages. In addition, if our technical and operational cybersecurity safeguards fail, our existing and prospective customers may lose confidence in our ability to maintain the confidentiality of their intellectual property and other proprietary and sensitive data, we may be subject to breach of contract claims by our customers. Our insurance may not be adequate to cover losses associated with such events, and in any case, such insurance may not cover all of the types of costs, expenses and losses we could incur to respond to and remediate a security breach. Defending against investigations, claims or litigation based on any security breach or incident, regardless of their merit, will be costly. The successful assertion of one or more large claims against us that exceed available insurance coverage, denial of coverage as to any specific claim, or any change or cessation in our insurance policies and coverages, including premium increases or the imposition of large deductible requirements, could have a material adverse effect on our business, financial condition and results of operations.

The market for our biosimulation products and related services for the biopharmaceutical industry is competitive and highly fragmented. In biosimulation software, we compete with other scientific software providers, technology companies, in-house development by biopharmaceutical companies, and certain open source solutions. In the technology-driven services market, we compete with specialized companies, in-house teams at biopharmaceutical companies, and academic and government institutions. In some standard biosimulation services, and in regulatory and market access, we also compete with clinical research organizations. Some of our competitors have longer operating histories in certain segments of our industry than we do and could have greater financial, technical, marketing, R&D and other resources, and can use such resources to develop or adapt products, services or technologies that are comparable, or superior to, or could render obsolete, the products, services and technologies we offer. Some of our competitors offer products and services directed at more specific markets than those we target, enabling these competitors to focus a greater proportion of their efforts and resources on those specific markets. Some competing products are developed and made available at lower cost by government organizations and academic institutions, and these entities may be able to devote substantial resources to product development. Some clinical research organizations or technology companies may decide to enter into or expand their offerings in the biosimulation area, whether through acquisition or internal development. We also face continued competition from open source software initiatives, in which developers provide software and intellectual property free of charge, such as R and PK-Sim software. In addition, some of our customers spend significant internal resources in order to develop their own solutions. Any material decrease in demand for our technologies or services may have a material adverse effect on our business, financial condition and results of operations.

Our products and services are used primarily by modeling and simulation specialists in pharmaceutical, biotechnology, and government research or regulatory organizations. We have relationships with many large companies in the biopharmaceutical sector, and part of our growth strategy entails deriving more revenues from these existing customers by expanding their use of our existing and new products and services. As the total annual expenditure from a particular customer increases, we may experience pricing pressure, often from the customer's procurement department, in the form of requests for discounts or rebates, price freezes and less favorable payment terms, which could have an adverse impact on our profitability. Additionally, our ability to increase revenues with existing customers may be limited without significant investment in marketing and enhancing our existing products and services or developing new products to keep pace with technological developments and meet evolving customer requirements, which could be time-consuming and costly and may not be successful. We are also focused on the emerging or smaller biotechnology customers that we serve. These small companies also contribute to the discovery and development of new molecules and treatments, and their share of the total industry R&D discovery and development dollars continues to be relevant. Attracting these smaller customers may require us to expend additional resources on targeted marketing, as they may not be as familiar with us or our products. And although these small biotechnology companies tend to use third parties such as us for many of their development activities, these smaller companies also tend to be less financially secure. If their products are not successful or they have difficulty raising sufficient investment capital, they may not be able to timely or fully pay for our services, or they may terminate or decrease the scope of projects for which they use our products and services, which could adversely impact our revenues. Our strategy also includes expanding into new markets, new geographies, and new areas within our existing markets, either organically or by acquiring other companies in these markets. If our strategies are not executed successfully, our products and services may not achieve market acceptance, penetration within our existing customers, or reach of new customers. We cannot guarantee that we will be able to identify new biosimulation or regulatory and market access technologies of interest to our customers, or develop or acquire them in a timely fashion. Even if we are able to identify and develop new technologies and biosimulation tools of interest, we may not be able to negotiate license agreements on acceptable terms, or at all. Some of our products, such as our QSP models, require significant time and investment to develop to a point where they can achieve market acceptance, and we may not be able to develop them at a rate that matches market demand. We may also face more significant pricing pressure as we expand geographically and our customer profile evolves. For example, smaller biotechnology companies, or companies based in countries that have less developed economies, may not be able to afford our products and services at our customary rates. If we are unable to develop, acquire and/or create demand for new services and products, our future business, results of operations and financial condition could be adversely affected.

The services we provide to biopharmaceutical companies and other customers are complex and subject to contractual requirements, regulatory standards and ethical considerations. For example, some of our services must adhere to the regulatory requirements of the FDA governing our activities relating to preclinical studies and clinical trials, including GLP and GCP. Additionally, we are subject to compliance with the FDA's regulations set forth in part 11 of title 21 of the Code of Federal Regulations, which relates to the creation, modification, maintenance, archival, retrieval, transmittal or distribution of electronic records under records requirements in FDA regulations and submitted to the FDA. The FDA may also issue or finalize guidance documents that may have implications for our customers and our products, platforms, and services. We may be subject to inspection by regulatory authorities in connection with our customers' marketing applications and other regulatory submissions. If we fail to perform our services in accordance with regulatory requirements, regulatory authorities may take action against us or our customers for failure to comply with applicable regulations governing the development and testing of therapeutic products. Regulatory authorities may also disqualify certain data or analyses from consideration in connection with applications for regulatory approvals, which would result in our customers not being able to rely on our services in connection with their regulatory submissions and may subject our customers to additional or repeat clinical trials and delays in the development and regulatory approval process. Mistakes in providing services to our customers, such as dosing models, could affect medical decisions for patients in clinical trials and create liability for personal injury. Such actions may include sanctions, such as warning or untitled letters, injunctions, or failure of such regulatory authorities to grant marketing approval of products, delay, suspension, or withdrawal of approvals, license revocation, loss of accreditation; product seizures or recalls; operational restrictions; or civil or criminal penalties or prosecutions, damages or fines. Customers may also bring claims against us for breach of our contractual obligations or errors in the outcomes of our products or services, may terminate their contracts with us and/or may choose not to award further work to us. Any such action could have a material adverse effect on our reputation, business, financial condition and results of operations.

We outsource substantially all of the infrastructure relating to our hosted software solutions to third-party hosting services. Customers of our hosted software solutions need to be able to access our software platform at any time, without interruption or degradation of performance, and we provide them with service-level commitments with respect to uptime. Our hosted software solutions depend on protecting the virtual cloud infrastructure hosted by third-party hosting services by maintaining its configuration, architecture, features and interconnection specifications, as well as the information stored in these virtual data centers, which is transmitted by third-party internet service providers. Any limitation on the capacity of our third-party hosting services could impede our ability to onboard new customers or expand the usage of our existing customers, which could adversely affect our business, financial condition and results of operations. In addition, any incident affecting our third-party hosting services' infrastructure that may be caused by catastrophic events could negatively affect our cloud-based solutions. Work-from-home and other flexible work arrangements have impacted our third-party vendors by increasing operational challenges and risks, including vulnerabilities to cybersecurity and information technology infrastructure threats. A prolonged service disruption affecting our cloud-based solutions for any of the foregoing reasons would negatively impact our ability to serve our customers and could damage our reputation with current and potential customers, expose us to liability, cause us to lose customers or otherwise harm our business. We may also incur significant costs for using alternative equipment or taking other actions in preparation for, or in reaction to, events that damage the third-party hosting services we use. In the event that our service agreements with our third-party hosting services are terminated, or there is a lapse or interruption of services or features that we utilize, we could experience interruptions in access to our platform as well as significant delays and additional expense in arranging or creating new facilities and services and/or re-architecting our hosted software solutions for deployment on a different cloud infrastructure service provider, which could adversely affect our business, financial condition and results of operations.

We maintain insurance coverage for protection against many risks of liability, including directors and officers liability, professional errors and omissions, breach of fiduciary duty, and cybersecurity risks. The extent of our insurance coverage is under regular review and is modified as we deem it necessary. Despite this insurance, it is possible that claims or liabilities against us may not have been fully insured, or our insurance carriers may contest coverage, which could have a material adverse impact on our business, financial position and results of operations. In addition, we may not be able to obtain any insurance coverage, or adequate insurance coverage on attractive terms, or at all, when our existing insurance coverage expires and the cost of obtaining such insurance coverage may materially increase.

We operate on a global basis with offices or activities in the United States, Canada, France, Germany, the Netherlands, Poland, Switzerland, the United Kingdom, Australia, India, the Philippines, Japan, China, Hungary, and South Korea. In addition, we derive a significant portion of our total revenue from our operations in international markets. During the years ended December 31, 2024 and 2023, 28% and 27%, respectively, of our revenues were transacted in foreign currencies, the majority of which included the British Pound Sterling, the Euro and Japanese Yen. Our international operations and sales subject us to a number of increased risks, including, among others: - fluctuations in foreign currency exchange rates, which may affect the costs incurred in international operations and foreign acquisitions and could harm our results of operations and financial condition;- changes in general economic and political conditions in countries where we operate, particularly as a result of ongoing economic instability within foreign jurisdictions;- the potential for political unrest, acts of terrorism, hostilities or war;- government trade restrictions, including tariffs, export controls or other trade barriers, and changes to existing trade arrangements, including the unknown impact of current and future U.S. and Chinese trade regulations;- differing protection of intellectual property, technology and data in foreign jurisdictions;- difficulty in staffing and managing widespread operations, including as a result of different employment-related laws (such as those related to safety, discrimination, classification of employees, wages, and benefits);- being subject to complex and restrictive immigration, employment and labor laws and regulations, as well as union and works council restrictions ;- changes in tax laws or rulings in the United States or other foreign jurisdictions that may have an adverse impact on our effective tax rate;- being subject to burdensome foreign laws and regulations, including regulations that may place an increased tax burden on our operations;- being subject to longer payment cycles from customers and experiencing greater difficulties in timely accounts receivable collections; and - required compliance with a variety of foreign laws and regulations, such as data privacy requirements, real estate and property laws, anti-competition regulations, import and trade restrictions, export requirements, U.S. laws such as the FCPA and the U.S. Department of Commerce's Export Administration Regulations, and other U.S. federal laws and regulations established by the Office of Foreign Assets Control, local laws such as the U.K. Bribery Act or other local laws that prohibit corrupt payments to governmental officials or certain payments or remunerations to customers. In particular, political and economic changes, including international conflicts and terrorist acts, throughout the world may interfere with our or our customers' activities in particular locations and result in a material adverse effect on our business, financial condition and operating results. Although we do not believe that current conflicts around the world pose any immediate material impact to our business, if these conflicts intensify or expand beyond the current scope and impact, in their various forms, they could have an adverse impact on our business. Furthermore, political, diplomatic or military events could result in trade disruptions, including tariffs, trade embargoes, export restrictions and other trade barriers. A significant trade disruption, export restriction, or the establishment or increase of any trade barrier in any area where we do business could reduce customer demand and cause customers to search for substitute products and services, make our products and services more expensive or unavailable for customers, increase the cost of our products and services, have a negative impact on customer confidence and spending, make our products or services less competitive, or otherwise have an adverse impact on our business, operating results and financial condition. Moreover, in response to the U.S. adopting tariffs and trade barriers or taking other actions, other countries may also adopt tariffs and trade barriers that could in certain cases limit our ability to offer our products and services. Current and potential customers who are concerned or affected by such tariffs or restrictions may respond by developing their own products or replacing our solutions, which would have an adverse effect on our business. In addition, government or customer efforts, attitudes, laws or policies regarding technology independence may lead to non-U.S. customers favoring their domestic technology solutions that could compete with or replace our products, which would also have a material adverse effect on our business, financial condition and results of operations. In addition to tariffs and other trade barriers, our global operations are subject to numerous U.S. and foreign laws and regulations such as those related to anti-corruption, tax, corporate governance, imports and exports, financial and other disclosures, privacy and labor relations. These laws and regulations are complex and may have differing or conflicting legal standards, making compliance difficult and costly. In addition, there is uncertainty regarding how proposed, contemplated or future changes to these complex laws and regulations could affect our business. We may incur substantial expense in complying with the new obligations to be imposed by these laws and regulations, and we may be required to make significant changes in our business operations, all of which may adversely affect our revenues and our business overall. If we violate these laws and regulations, we could be subject to fines, penalties or criminal sanctions and may be prohibited from conducting business in one or more countries. Any violation individually or in the aggregate could have a material adverse impact on our business, financial condition and results of operations. Our financial results are also affected by fluctuations in foreign currency exchange rates. A weakening U.S. dollar relative to other currencies increases expenses of our foreign subsidiaries when they are translated into U.S. dollars in our consolidated statements of income. Likewise, a strengthening U.S. dollar relative to other currencies reduces revenue of our foreign subsidiaries upon translation and consolidation. Exchange rates are subject to significant and rapid fluctuations due to a number of factors, including interest rate changes and political and economic uncertainty. Therefore, we cannot predict the prospective impact of exchange rate fluctuations. We may be unable to hedge all of our foreign currency risk, which could have a material adverse effect on our business, financial condition and results of operations.

We may be subject to risks related to catastrophic events, including natural disasters, significant or extreme weather events, outbreaks of war, acts of terrorism or other global tensions, epidemic diseases, pandemics, public health crises or other "acts of God," each of which may be exacerbated by the effects of changing weather patterns. We are a global company with offices in many countries, and disruptions in the infrastructure, either on a local or global scale, caused by these types of events could adversely affect our ability to serve our customers. Any of these catastrophic events could adversely impact supply chain interruptions, disruptions or delays to pipeline development and clinical trials and interruptions or delays in regulatory approvals. These and other adverse impacts on our customers and general economic conditions may cause our customers to delay or cancel projects or significantly scale back their operations or R&D spending and limit the use of third parties, which could have a material adverse effect on our business, financial condition and results of operations. Additionally, public health crises could also impact the health of our employees and cause extensive absences from work, which may delay the completion of internal projects and lower our consultant utilization rates. Furthermore, we rely extensively on software applications and other information technology systems that are critically important to our business operations. Any disruptions or incidents caused by cyberattacks and other cyber incidents, network or power outages, software or equipment failure, prolonged service disruptions, user errors, natural disasters or other catastrophic events could have a material adverse effect on our business, financial condition and results of operations. See "Risks Related to Intellectual Property, Information Technology and Data Privacy." Although we have disaster recovery and business continuity plans, carry business interruption insurance policies and typically have provisions in our contracts that protect us in certain force majeure type events, we cannot be certain that our plans will be successful in the event of a disaster, that our insurance coverage will be adequate to compensate us for all losses that may occur or that provisions in our contracts will afford us adequate protection. If our disaster recovery or business continuity plans are unsuccessful in a disaster recovery scenario, we could potentially experience material adverse impacts, including loss of data, disruption to our operations, legal or regulatory proceedings, reputational harm and loss of customers, any of which could have a material adverse effect on our business, financial condition and results of operations.