Education
About Us
Working with TipRanks
Follow Us
Semrush Holdings, Inc. (SEMR)
:SEMR
Risk Overview Q4, 2024
Risk Distribution
26% Finance & Corporate
24% Tech & Innovation
17% Legal & Regulatory
17% Ability to Sell
12% Production
5% Macro & Political
Finance & Corporate - Financial and accounting risks. Risks related to the execution of corporate activity and strategy
This chart displays the stock's most recent risk distribution according to category. TipRanks has identified 6 major categories: Finance & corporate, legal & regulatory, macro & political, production, tech & innovation, and ability to sell.
Risk Change Over Time
S&P500 Average
Sector Average
Risks removed
Risks added
Risks changed
SEMrush Holdings Risk Factors
New Risk (0)
Risk Changed (0)
Risk Removed (0)
No changes from previous report
The chart shows the number of risks a company has disclosed. You can compare this to the sector average or S&P 500 average.
The quarters shown in the chart are according to the calendar year (January to December). Businesses set their own financial calendar, known as a fiscal year. For example, Walmart ends their financial year at the end of January to accommodate the holiday season.
The quarters shown in the chart are according to the calendar year (January to December). Businesses set their own financial calendar, known as a fiscal year. For example, Walmart ends their financial year at the end of January to accommodate the holiday season.
Risk Highlights Q4, 2024
Main Risk Category
Finance & Corporate
With 11 Risks
Finance & Corporate
With 11 Risks
Number of Disclosed Risks
42
-2
From last reportS&P 500 Average: 31
42
-2
From last reportS&P 500 Average: 31
Recent Changes
1Risks added
3Risks removed
9Risks changed
Since Dec 2024
1Risks added
3Risks removed
9Risks changed
Since Dec 2024
Number of Risk Changed
9
+9
From last reportS&P 500 Average: 3
9
+9
From last reportS&P 500 Average: 3
See the risk highlights of SEMrush Holdings in the last period.
Risk Word Cloud
The most common phrases about risk factors from the most recent report. Larger texts indicate more widely used phrases.
Risk Factors Full Breakdown - Total Risks 42
Finance & Corporate
Total Risks: 11/42 (26%)Below Sector Average
Share Price & Shareholder Rights6 | 14.3%
Share Price & Shareholder Rights - Risk 1
aggregate 79% of the voting power of our capital stock, which will limit your ability to influence corporate matters.Changed
Share Price & Shareholder Rights - Risk 2
Our third amended and restated bylaws designate certain courts as the sole and exclusive forum for certain types of actions and proceedings that may be initiated by our stockholders, which could limit our stockholders' ability to obtain a favorable judicial forum for disputes with us or our directors, officers, or employees.Our third amended and restated bylaws provide that, unless we consent in writing to an alternative forum, the Court of Chancery of the State of Delaware will be the sole and exclusive forum for any state law claim for (i) any derivative action or proceeding brought on our behalf, (ii) any action asserting a claim of breach of or based on a fiduciary duty owed by any of our current or former directors, officers, or employees to us or our stockholders, (iii) any action asserting a claim arising pursuant to any provision of the Delaware General Corporation Law, our amended and restated certificate of incorporation or our third amended and restated bylaws (including the interpretation, validity or enforceability thereof) or (iv) any action asserting a claim that is governed by the internal affairs doctrine (the "Delaware Forum Provision"). The Delaware Forum Provision will not apply to any causes of action arising under the Securities Act or the Exchange Act. Our third amended and restated bylaws further provide that, unless we consent in writing to the selection of an alternative forum, the federal district courts of the United States shall be the sole and exclusive forum for resolving any complaint asserting a cause of action arising under the Securities Act (the "Federal Forum Provision"). In addition, our third amended and restated bylaws provide that any person or entity purchasing or otherwise acquiring any interest in shares of our common stock is deemed to have notice of and consented to the foregoing provisions; provided, however, that stockholders cannot and will not be deemed to have waived our compliance with the federal securities laws and the rules and regulations thereunder. While the Delaware Supreme Court and other courts have upheld the validity of provisions purporting to require claims under the Securities Act be brought in federal court, it is possible that a court could find these types of provisions to be inapplicable or unenforceable.
The Delaware Forum Provision and the Federal Forum Provision in our third amended and restated bylaws may impose additional litigation costs on stockholders in pursuing any such claims. Additionally,the forum selection clauses in our third amended and restated bylaws may limit our stockholders' ability to bring a claim in a forum that they find favorable for disputes with us or our directors, officers or employees, which may discourage such lawsuits against us and our directors, officers and employees even though an action, if successful, might benefit our stockholders. In addition, while the Delaware Supreme Court and other state courts have upheld the validity of federal forum selection provisions purporting to require claims under the Securities Act be brought in federal court, there is uncertainty as to whether other courts will enforce our Federal Forum Provision. If the Federal Forum Provision is found to be unenforceable, we may incur additional costs associated with resolving such matters. The Federal Forum Provision may also impose additional litigation costs on stockholders who assert that the provision is not enforceable or invalid. The Court of Chancery of the State of Delaware and the federal district courts of the United States may also reach different judgments or results than would other courts, including courts where a stockholder considering an action may be located or would otherwise choose to bring the action, and such judgments may be more or less favorable to us than our stockholders.
Share Price & Shareholder Rights - Risk 3
Provisions in our charter documents and under Delaware law could make an acquisition of our company more difficult, limit attempts by our stockholders to replace or remove our current Board, and limit the market price of our Class A common stock.Provisions in our amended and restated certificate of incorporation and third amended and restated bylaws may have the effect of delaying or preventing a change of control or changes in our management. Our amended and restated certificate of incorporation and third amended and restated bylaws, include provisions that:
- provide that the authorized but unissued shares of our common stock and our preferred stock are available for future issuance without stockholder approval;- provide that our Board is classified into three classes of directors with staggered three-year terms;- permit the Board to establish the number of directors and fill any vacancies and newly created directorships;- require super-majority voting to amend some provisions in our amended and restated certificate of incorporation and third amended and restated bylaws;- authorize the issuance of "blank check" preferred stock that our Board could use to implement a stockholder rights plan;- provide that only the Chairperson of our Board, our Chief Executive Officer, or a majority of our Board will be authorized to call a special meeting of stockholders;- provide for a dual class common stock structure in which holders of our Class B common stock have the ability to control the outcome of matters requiring stockholder approval, even if they own significantly less than a majority of the outstanding shares of our Class A and Class B common stock, including the election of directors and significant corporate transactions, such as a merger or other sale of our company or its assets;- prohibit stockholder action by written consent, which requires all stockholder actions to be taken at a meeting of our stockholders;- provide that the Board is expressly authorized to make, alter or repeal our bylaws; and - advance notice requirements for nominations for election to our Board or for proposing matters that can be acted upon by stockholders at annual stockholder meetings.
Moreover, Section 203 of the Delaware General Corporation Law may discourage, delay, or prevent a change in control of our company. Section 203 imposes certain restrictions on mergers, business combinations, and other transactions between us and holders of 15% or more of our common stock.
Share Price & Shareholder Rights - Risk 4
If we do not meet the expectations of equity research analysts, if they do not publish research or reports about our business or if they issue unfavorable commentary or downgrade our Class A common stock, the price of our Class A common stock could decline.The trading market for our Class A common stock will depend in part on the research and reports that equity research analysts publish about us and our business. The analysts' estimates are based upon their own opinions and are often different from our estimates or expectations. If our results of operations are below the estimates or expectations of public market analysts and investors, our stock price could decline. Moreover, the price of our Class A common stock could decline if one or more securities analysts downgrade our Class A common stock or if those analysts issue other unfavorable commentary or cease publishing reports about us or our business.
Share Price & Shareholder Rights - Risk 5
The issuance of additional stock in connection with financings, acquisitions, investments, our stock incentive plans or otherwise will dilute all other stockholders.Our amended and restated certificate of incorporation authorizes us to issue up to 1,000,000,000 shares of Class A common stock and up to 100,000,000 shares of preferred stock with such rights and preferences as may be determined by our Board. Subject to compliance with applicable rules and regulations, we may issue our shares of Class A common stock or securities convertible into our Class A common stock from time to time in connection with a financing, acquisition, investment, our stock incentive plans or otherwise. Any such issuance could result in substantial dilution to our existing stockholders and cause the trading price of our Class A common stock to decline.
Share Price & Shareholder Rights - Risk 6
An active public market for our Class A common stock may not be sustained and could be highly volatile, and you may not be able to resell your shares at or above your original purchase price, if at all. You may lose all or part of your investment.We have a limited trading history. Since shares of our Class A common stock were sold in our initial public offering on March 24, 2021 at a price of $14.00 per share, our stock price has ranged from $7.16 to $32.48 through December 31, 2024. If you purchase shares of our Class A common stock, you may not be able to resell those shares at or above the price you paid. The market prices of the securities of other newly public companies have historically been highly volatile. The market price of our Class A common stock may fluctuate significantly in response to numerous factors, many of which are beyond our control, including:
- actual or anticipated fluctuations in our results of operations;- variance in our results of operations from the expectations of market analysts;- announcements by us or our competitors of significant business developments, changes in service provider relationships, acquisitions or expansion plans;- changes in the prices of our products;- our involvement in litigation;- our sale of Class A common stock or other securities in the future;- market conditions in our industry;- changes in key personnel;- the trading volume of our Class A common stock;- changes in the estimation of the future size and growth rate of our markets; and - general economic and market conditions.
In addition, the stock markets have experienced extreme price and volume fluctuations. Broad market and industry factors may materially harm the market price of our Class A common stock, regardless of our results of operation. In the past, following periods of volatility in the market price of a company's securities, securities class action litigation has often been instituted against that company. If we were involved in any similar litigation we could incur substantial costs, and our management's attention and resources could be diverted.
If you purchase shares of our Class A common stock, you may not be able to resell those shares at or above the price you originally paid. An active or liquid market in our Class A common stock may not be sustainable, which could adversely affect your ability to sell your shares and could depress the market price of our Class A common stock.
Accounting & Financial Operations3 | 7.1%
Accounting & Financial Operations - Risk 1
We do not expect to declare any dividends in the foreseeable future.Accounting & Financial Operations - Risk 2
Failure to maintain effective internal controls over financial reporting in accordance with Section 404 of Sarbanes-Oxley Act of 2002, as amended ("SOX") could impair our ability to produce timely and accurate financial statements or comply with applicable regulations and have a material adverse effect on our business. In the future, our disclosure controls and procedures may not prevent or detect all errors or acts of fraud.Changed
As a public company, we are subject to certain reporting requirements of the Exchange Act and have significant requirements for enhanced financial reporting and internal controls. Our disclosure controls and procedures are designed to reasonably assure that information required to be disclosed by us in reports we file or submit under the Exchange Act is accumulated and communicated to management, recorded, processed, summarized, and reported within the time periods specified in the rules and forms of the SEC. The process of designing and implementing effective internal controls is a continuous effort that requires us to anticipate and react to changes in our business and the economic and regulatory environments, and to expend significant resources to maintain a system of internal controls that is adequate to satisfy our reporting obligations as a public company. If we are unable to maintain appropriate internal financial reporting controls and procedures, it could cause us to fail to meet our reporting obligations on a timely basis, result in material misstatements in our consolidated financial statements, cause us to have to clawback incentive-based compensation from our executives, and harm our operating results. We believe that any disclosure controls and procedures or internal controls and procedures, no matter how well conceived and operated, can provide only reasonable, not absolute, assurance that the objectives of the control system are met. These inherent limitations include the realities that judgments in decision-making can be faulty, and that breakdowns can occur because of simple error or mistake. Additionally, controls can be circumvented by the individual acts of some persons, by collusion of two or more people or by an unauthorized override of the controls. Accordingly, because of the inherent limitations in our control system, misstatements or insufficient disclosures due to error or fraud may occur and not be detected.
In addition, as of December 31, 2024, we were no longer considered to be an emerging growth company, and are now required to comply with Section 404(b) of SOX. We are required to disclose changes made in our internal controls and procedures on a quarterly basis and our management is required to assess the effectiveness of these controls annually. Our independent registered public accounting firm is required to attest to the effectiveness of our internal controls over financial reporting pursuant to Section 404(b) of SOX. An independent assessment of the effectiveness of our internal controls over financial reporting could detect problems that our management's assessment might not. Undetected material weaknesses in our internal controls over financial reporting could lead to restatements of our financial statements and require us to incur the expense of remediation.
Matters impacting our internal controls may cause us to be unable to report our financial information on a timely basis and thereby subject us to adverse regulatory consequences, including sanctions by the SEC or violations of applicable stock exchange listing rules, which may result in a breach of the covenants under future financing arrangements. There also could be a negative reaction in the financial markets due to a loss of investor confidence in us and the reliability of our consolidated financial statements. Confidence in the reliability of our consolidated financial statements also could suffer if we or our independent registered public accounting firm report a material weakness in our internal controls over financial reporting. This could materially adversely affect us and lead to a decline in the market price of our Class A common stock.
We expect to continue our efforts to improve our control processes, though there can be no assurance that our efforts will be successful or avoid potential future material weaknesses, and we expect to incur additional costs as a result of these efforts. If we are unable to successfully remediate future material weaknesses in our internal control over financial reporting the accuracy and timing of our financial reporting may be adversely affected, we may be unable to maintain compliance with securities law requirements regarding timely filing of periodic reports in addition to applicable stock exchange listing requirements, investors may lose confidence in our financial reporting, and our stock price may decline as a result. We also could become subject to investigations by the New York Stock Exchange ("NYSE"), the SEC or other regulatory authorities.
Accounting & Financial Operations - Risk 3
We have incurred losses in the past and may not consistently maintain profitability in the future.We have incurred net losses in the past and, although we have achieved profitability in certain periods, we may not be able to achieve or sustain profitability in the future. We generated a net loss of $33.8 million for the year ended December 31, 2022, and net income of $1.0 million and $7.4 million for the years ended December 31, 2023 and 2024, respectively. We had an accumulated deficit of $63.8 million as of December 31, 2024. We plan to continue to invest in our research and development, and sales and marketing efforts, and we anticipate that our operating expenses will continue to increase as we scale our business and expand our operations. We also expect our general and administrative expenses to increase as a result of our growth and operating as a public company. Our ability to achieve and sustain profitability in future periods is based on numerous factors, many of which are beyond our control.
Debt & Financing1 | 2.4%
Debt & Financing - Risk 1
Our failure to raise additional capital or generate cash flows necessary to expand our operations and invest in new technologies in the future could reduce our ability to compete successfully and harm our results of operations.Corporate Activity and Growth1 | 2.4%
Corporate Activity and Growth - Risk 1
As we acquire and invest in companies or technologies, we may not realize expected business or financial benefits and the acquisitions or investments could prove difficult to integrate, disrupt our business, dilute stockholder value and adversely affect our business, results of operations, and financial condition.Added
Tech & Innovation
Total Risks: 10/42 (24%)Above Sector Average
Innovation / R&D2 | 4.8%
Innovation / R&D - Risk 1
If we fail to maintain and improve our methods and technologies, or fail to anticipate new methods or technologies for data collection and analysis, hardware, software, and software-related technologies, competing products and services could surpass ours in depth, breadth, or accuracy of our data, the insights that we offer or in other respects, which could result in a loss of customers, impact our ability to acquire new customers, and harm our business and financial results.Changed
Innovation / R&D - Risk 2
Our ability to introduce new products, tools, and add-ons is dependent on adequate research and development resources. If we do not adequately fund our research and development efforts or use product and development teams effectively, our business and operating results may be harmed.To remain competitive, we must continue to develop new product offerings, as well as features and enhancements to our existing platform and products. Maintaining adequate research and development personnel and resources to meet the demands of the market is essential. If we experience high turnover of our product and development personnel, a lack of management ability to guide our research and development, or a lack of other research and development resources, we may miss or fail to execute on new product development and strategic opportunities and consequently lose potential and actual market share. The success of our business is dependent on our product and development teams developing and executing on a product roadmap that allows us to retain and increase the spending of our existing customers, attract new customers, and upgrade our free customers to premium subscriptions. Our failure to maintain adequate research and development resources, to use our research and development resources efficiently and effectively, or to address the demands and anticipate future demands of our prospective and actual customers could materially adversely affect our business.
Trade Secrets2 | 4.8%
Trade Secrets - Risk 1
If third parties claim that we infringe upon or otherwise violate their intellectual property rights, our business could be adversely affected.Trade Secrets - Risk 2
We may not be able to adequately protect our proprietary and intellectual property rights in our data or technology.Our success is dependent, in part, upon protecting our proprietary information and technology. Our intellectual property portfolio primarily consists of registered and unregistered trademarks, unregistered copyrights, domain names, know-how, and trade secrets. We may be unsuccessful in adequately protecting our intellectual property. No assurance can be given that confidentiality, non-disclosure, or invention or copyright assignment agreements with employees, consultants, partners or other parties have been entered into, will not be breached, or will otherwise be effective in establishing our rights in intellectual property and in controlling access to and distribution of our platform, or certain aspects of our platform, and proprietary information. Further, these agreements do not prevent our competitors from independently developing technologies that are substantially equivalent or superior to our platform. Additionally, certain unauthorized use of our intellectual property may go undetected, or we may face legal or practical barriers to enforcing our legal rights even where unauthorized use is detected.
Current laws may not provide for adequate protection of our platform or data, especially in foreign jurisdictions which may have laws that provide insufficient protections to companies. Moreover, our exposure to unauthorized copying of certain aspects of our platform, or our data may increase. As our platform and products increasingly integrate with artificial intelligence, the impact of the uncertainties regarding the applicability of intellectual property laws and rights to outputs generated through the use of artificial intelligence becomes more material and increases the risk that we may not be able to adequately protect our platform or data. Further, competitors, foreign governments, foreign government-backed actors, criminals, or other third parties may gain unauthorized access to our proprietary information and technology. Accordingly, despite our efforts, we may be unable to prevent third parties from infringing upon or misappropriating our technology and intellectual property or claiming that we infringe upon or misappropriate their technology and intellectual property.
To protect our intellectual property rights, we may be required to spend significant resources to monitor, protect, and defend these rights, and we may or may not be able to detect infringement by our customers or third parties. Litigation has been and may be necessary in the future to enforce our intellectual property rights and to protect our trade secrets. Such litigation could be costly, time consuming, and distracting to management and could result in the impairment or loss of portions of our intellectual property. Our inability to protect our proprietary technology against unauthorized copying or use, as well as any costly litigation or diversion of our management's attention and resources, could delay further sales or the implementation of our platform, impair the functionality of our platform, delay introductions of new features, integrations, and capabilities, result in our substituting inferior or more costly technologies into our platform, or injure our reputation.
Cyber Security2 | 4.8%
Cyber Security - Risk 1
business including by posing security and other risks to our confidential information, proprietary information and personal information, and as a result we may be exposed to reputational harm and liability.Changed
Cyber Security - Risk 2
If the security of the confidential information or personal information of our customers on our platform is breached or otherwise subjected to unauthorized access or disclosure, our reputation may be harmed, and we may be exposed to significant liability.With consent from our customers, we obtain personal, confidential, and other customer data from our customers' websites, social media accounts, and Google Analytics' accounts to operate certain functionality on our platform or within products that we offer. In addition, with consent from our customers, we collect and store certain personally identifiable information ("personal data"), credit card information, and other data needed to create, support, and administer the customer account, to collect premium subscription fees, conduct our business, and comply with legal obligations, including rules imposed by the Payment Card Industry networks.
We take reasonable steps designed to protect the security, confidentiality, integrity, and availability of the information we and our third-party service providers hold, but there is no guarantee that despite our efforts, inadvertent disclosure (such as may arise from software bugs or other technical malfunctions, employee or vendor error or malfeasance, improper use of third-party artificial intelligence services, or other factors) or unauthorized access, acquisition, misuse, disclosure or loss of personal or other confidential information will not occur or that third parties will not gain unauthorized access to this information or disrupt or disable our systems or infrastructure. Attacks on information technology systems are increasing in their frequency, levels of persistence, sophistication and intensity, and they are being conducted by increasingly sophisticated and organized groups and individuals with a wide range of motives and expertise, including nation-state actors. Such attacks could include the deployment of harmful malware, system-disrupting ransomware, denial-of-service attacks, social engineering (including phishing attacks) and other means to affect service reliability and threaten the confidentiality, integrity and availability of information. Further, the prevalence of remote work by our employees and those of our third-party service providers creates increased risk that a cybersecurity incident or data breach may occur.
Like other companies in our industry, we, and our third party vendors, have experienced and expect to continue to experience threats and cybersecurity incidents relating to our information technology systems and infrastructure. For example, we have been the target of attempts to identify and exploit system vulnerabilities and/or penetrate or bypass our security measures to gain unauthorized access to our systems. Since techniques used to conduct malicious cyber activities change frequently, we and our third-party service providers may be unable to anticipate these techniques or to implement adequate measures to prevent or detect them. If our security measures or the security measures of our third-party service providers fail, or if vulnerabilities in our software are exposed and exploited, and, as a result, a third party disrupts the operations of our systems or obtains unauthorized access to any customers' data, our relationships with our customers may be damaged, and we could incur liability. Further, our customers with annual subscription terms may have the right to terminate their subscriptions before the end of the subscription term due to our uncured material breach of agreement, including with respect to our data security obligations. It is also possible that unauthorized access to customer data may be obtained through inadequate use of security controls by customers, suppliers or other vendors. While we are not currently aware of any impact that supply chain attacks may have had on our business, these events are complex, difficult to defend against, and of unknown scope, therefore we could face a level of ongoing residual risk of data breaches or other cybersecurity incidents resulting from this type of event.
We may also be subject to additional liability risks for failing to disclose data breaches or other cybersecurity incidents under state data breach notification laws or under the private right of action granted to individuals under certain data privacy laws for actions arising from certain data breaches or cybersecurity incidents, such as the California Consumer Privacy Act ("CCPA") (which is further discussed below in this "Risk Factors" section). In addition, some regions, such as the EU, the United Kingdom ("UK"), and the United States, have enacted mandatory notification requirements which require companies to notify data protection authorities, state and federal agencies, or affected stakeholders, including affected individuals, of cybersecurity incidents or data breaches. We may also be contractually required to notify certain customers in the event of a cybersecurity incident or data breach pursuant to the applicable customer agreement. These mandatory disclosures regarding a cybersecurity incident or data breach may lead to negative publicity and may cause our customers to lose confidence in the effectiveness of our data security measures. Any cybersecurity incident or data breach, whether actual or perceived, may harm our reputation, and we could lose customers or fail to acquire new customers.
Federal, state, and provincial regulators and industry groups may also consider and implement from time to time new privacy and security requirements that apply to our business, such as the long established Massachusetts data security regulations and the New York Stop Hacks and Improve Electronic Data Act, both of which establish administrative, technical, and physical data security requirements for companies, and permit civil penalties for each violation.
Compliance with evolving privacy and security laws, requirements, and regulations may result in cost increases due to necessary systems changes, new limitations or constraints on our business models and the development of new administrative processes. They also may impose further restrictions on our collection, disclosure, and use of personal data kept in our databases or those of our vendors. If our security measures fail to protect credit card information adequately, we could be liable to both our customers and their users for their losses, as well as the vendors under our agreements with them such that we could be subject to fines and higher transaction fees, we could face regulatory action, and our customers and vendors could end their relationships with us, any of which could harm our business, results of operations or financial condition. Any intentional or inadvertent cybersecurity incidents, data breaches or other unauthorized access to or disclosure of personal data could expose us to enforcement actions, regulatory or governmental audits, investigations, litigation, fines, penalties, adverse publicity, downtime of our systems, and other possible liabilities. There can be no assurance that the limitations of liability in our contracts would be enforceable or adequate or would otherwise protect us from any such liabilities or damages with respect to any particular claim. In addition, our cybersecurity insurance coverage may be inadequate to cover all costs and expenses associated with a security incident that may occur in the future. We may need to devote significant resources to defend against, respond to and recover from cybersecurity incidents and data breaches, diverting resources from the growth and expansion of our business.
Technology4 | 9.5%
Technology - Risk 1
Technical problems or disruptions that affect either our customers' (and their users') ability to access our platform and products, or the software, internal applications, database, and network systems underlying our platform and products, could damage our reputation and brands, lead to reduced demand for our platform and products, lower revenues, and increased costs.Technology - Risk 2
If third-party applications change such that we do not or cannot maintain the compatibility of our platform with these applications or if we fail to integrate with or provide third-party applications that our customers desire to use with our products, demand for our solutions and platform could decline.The attractiveness of our platform depends, in part, on our ability to integrate via APIs with third-party applications that our customers desire to use with our products, such as Google, Facebook, Instagram, X, YouTube, LinkedIn, Pinterest, AIOSEO, Monday.com, Pagecloud, Renderforest, Scalenut, SurferSEO, Wix, Quickblog, Zoho and others. Third-party application providers may change the features of their applications and platforms, including their APIs, or alter the terms governing use of their applications and platforms in an adverse manner. Further, third-party application providers may refuse to partner with us, may implement an expensive fee based model for API integration, or otherwise limit or restrict our access to their applications and platforms. Such changes could functionally limit or terminate our ability to use these third-party applications with our platform, which could negatively impact our offerings and the customer experience, and ultimately harm our business. If we fail to integrate our platform with new third-party applications that our customers desire, or to adapt to the data transfer requirements of such third-party applications and platforms, we may not be able to offer the functionality that our customers expect, which would negatively impact our offerings and, as a result, harm our business. Additionally, our business could be harmed if our customers have negative experiences in using the third-party integrations that we offer.
Technology - Risk 3
Changes by search engines, social networking sites, and other third-party services to their underlying technology configurations or policies regarding the use of their platforms and/or technologies for commercial purposes, including anti-spam policies, may limit the efficacy of certain of our products, tools, and add-ons and as a result, our business may suffer.Our online visibility management SaaS platform is designed to help our customers connect with consumers across a variety of digital channels, search engines, social networking sites, and other third-party services. These third-party services may adapt and change their strategies and policies over time. Search engines typically provide two types of search results, organic (i.e., non-paid) and purchased listings. Organic search results are determined and organized solely by automated criteria set by the search engine, and a ranking level cannot be purchased. Search engines revise their algorithms from time to time in an attempt to optimize their search result listings, and typically do not publicize the full extent of what has changed in their algorithm (although certain changes may be publicly announced). Changes to search engine algorithms may diminish the efficacy of certain of our products, tools, and add-ons, and potentially render them obsolete. For example, if a given search engine stopped using backlinks in its ranking algorithm, our customers' perception of our backlink analytics tool, which enables customers to analyze and monitor the backlink profile of their own and other websites, may be adversely impacted. Similarly, if a search engine ceases to manually penalize or take action against web pages for unnatural backlinks, then our customers may determine that auditing their backlinks is unnecessary which could cause them to devalue our backlink audit tool, which enables companies to check whether malicious websites have links to their sites, or cease using it altogether. Additionally, increased adoption of artificial intelligence for use and responses to internet search queries may result in significant changes to how search engines rank, return, and display responses. As a result of these types of changes we may be required to recalibrate our solutions, products and add-ons by reducing prices, discontinuing the affected product or tool, or otherwise develop new products or tools to meet the needs of our customers. These responses may be costly, may not be effective, and our business may suffer.
Additionally, search engines, social networking sites, third-party artificial intelligence services and other third-party services typically have terms of service, guidelines, and other policies to which its users are contractually obligated to adhere. For example, Google's Gmail offering has a spam and abuse policy that prohibits sending spam, distributing viruses, or otherwise abusing the service. Our email distribution tool enables our customers to send emails to their desired recipients, such as journalists and bloggers. Our email distribution tool relies on a DMARC integration which enables our customers to send emails using our platform as if they were sending emails directly from their email provider, and our product involves emails initiated by customers over our servers. Our customers' actions using either the link building tool or email distribution tool could be flagged under Google's spam and abuse policy or in the future such actions may be prohibited by subsequent changes to Google's policies. Any change to the policies of the third-party services with which our products, tools, and add-ons integrate or interact, or with which our products are intended to be used, including any anti-spam policies, or any actions taken by these third-party service providers under their policies could adversely impact the efficacy and perceived value of our products, tools, and add-ons, and as a result, our business may be harmed.
Technology - Risk 4
Our use of "open source" software could negatively affect our ability to offer and sell access to our platform and products, and subject us to possible litigation.We use open source software in our platform and products, and expect to continue to use open source software in the future. There are uncertainties regarding the proper interpretation of and compliance with open source licenses, and there is a risk that such licenses could be construed in a manner that imposes unanticipated conditions or restrictions on our ability to use such open source software, and consequently to provide or distribute our platform and products. Although use of open source software has historically been free, recently several open source providers have begun to charge license fees for use of their software. If our current open source providers were to begin to charge for these licenses or increase their license fees significantly, we would have to choose between paying such license fees or incurring the expense to replace the open source software with other software or with our own software, which would increase our research and development costs, and have a negative impact on our results of operations and financial condition.
Additionally, we may from time to time face claims from third parties claiming ownership of, or seeking to enforce the terms of, an open source license, including by demanding release of source code for the open source software, derivative works or our proprietary source code that was developed using or that is distributed with such open source software. These claims could also result in litigation and could require us to make our proprietary software source code freely available, require us to devote additional research and development resources to change our platform or incur additional costs and expenses, any of which could result in reputational harm and would have a negative effect on our business and operating results. In addition, if the license terms for the open source software we utilize change, we may be forced to reengineer our platform or incur additional costs to comply with the changed license terms or to replace the affected open source software. Further, use of certain open source software can lead to greater risks than use of third-party commercial software, as open source licensors generally do not provide warranties or controls on the origin of software or indemnification for third-party infringement claims. Although we have implemented policies to regulate the use and incorporation of open source software into our platform and products, we cannot be certain that we have not incorporated open source software in our platform and products in a manner that is inconsistent with such policies.
Legal & Regulatory
Total Risks: 7/42 (17%)Below Sector Average
Regulation3 | 7.1%
Regulation - Risk 1
We are required to comply with U.S. economic sanctions, export control and anti-corruption laws, and regulations that could impair our ability to compete in international markets or expose us to liability if we were to violate such laws and regulations.Regulation - Risk 2
If the use of cookies or other tracking technologies becomes subject to unfavorable legislation or regulation, is restricted by internet users or other third parties or is blocked or limited by users or by technical changes on end users' devices, our activities could be restricted including, our ability to attract new customers, convert traffic to paying customers and to develop and provide certain products could be diminished or eliminated.We rely on cookies and other technologies, such as web beacons (collectively, "cookies") which are placed on internet browsers to gather data regarding the content of a user's web browsing activity. We use cookies to store users' settings between sessions and to enable visitors to our website to use certain features, such as gaining access to secure areas of the website. We also use cookies, including cookies placed by third-party services with which we integrate, to enable us to gather statistics about our visitors' use of our website and to allow our website visitors to connect our platform to their social networking sites, which enables us to advertise our products to them using retargeting methods. The availability of this data may be limited by numerous potential factors, including government legislation or regulation restricting the use of cookies for certain purposes, such as retargeting, browser limitations on the collection or use of cookies, or internet users deleting or blocking cookies on their web browsers or on our website.
Our ability, like those of other technology companies, to collect, augment, analyze, use, and share information collected through the use of third-party cookies for online behavioral advertising is governed by U.S. and foreign laws and regulations which change from time to time, such as those regulating the level of consumer notice and consent required before a company can employ cookies to collect data about interactions with users online. In the United States, both state and federal legislation govern activities such as the collection and use of data, and privacy in the advertising technology industry has frequently been subject to review, and occasional enforcement, by the Federal Trade Commission (the "FTC"), U.S. Congress, and individual states. Our use of online tracking technologies are regulated by the CCPA and other state privacy laws that require companies to offer consumers the right to opt out of certain tracking activities.
As our business is global, our activities are also subject to foreign legislation and regulation. In the EU, the EU Directive 2002/58/EC (as amended by Directive 2009/136/EC), commonly referred to as the e-Privacy Directive, and related implementing legislation in the EU member states, and in the UK, the Privacy and Electronic Communications (EC Directive) Regulations 2003, require that accessing or storing information on an internet user's device, such as through a cookie, is allowed only if the internet user has been informed thereof, and provided prior unambiguous, specific, and informed consent for the placement of a cookie on a user's device. A new e-Privacy Regulation is currently under discussion by EU member states to replace the e-Privacy Directive. Although it remains under debate, the proposed e-Privacy Regulation would amend rules on third-party cookies and significantly increase penalties for non-compliance. We cannot yet determine the impact such future laws, regulations, and standards may have on our use of third-party cookies. Additionally, the use of third-party cookies in the digital advertising ecosystem, particularly in the context of real-time bidding advertising auctions, is subject to increased regulatory scrutiny in the EU and the UK. Several European data protection authorities (including in Belgium, Ireland, UK, Poland, Spain, Luxembourg, and the Netherlands) have launched investigations or inquiries over Google's and other AdTech companies' practices concerning the collection and sharing of consumer data through cookies, the outcome of which is still uncertain. These investigations or inquiries could result in the imposition of more stringent standards around consent to place cookies or otherwise restrict the use of third-party cookies for online behavioral advertising. We have also received inquiries from, and engaged in correspondence with, European data protection authorities regarding our practices regarding cookies used on our websites, and the outcome of these inquiries is still uncertain.
Additionally, new and expanding "Do Not Track" regulations have been enacted or proposed that protect users' right to choose whether or not to be tracked online. These regulations seek, among other things, to allow end users to have greater control over the use of private information collected online, to forbid the collection or use of online information, to demand a business to comply with their choice to opt out of such collection or use, and to place limits upon the disclosure of information to third-party websites.
Continued regulation of cookies, and changes in the interpretation and enforcement of existing laws, regulations, standards, and other obligations, as well as increased enforcement by industry groups or data protection authorities, could restrict our activities, such as efforts to understand users' internet usage and engage in marketing activities, or require changes to our practices.
New and evolving laws and regulations, and public perception concerning data protection, privacy and cybersecurity, or changes in the interpretation or patterns of enforcement of existing laws and regulations, could impair our efforts to maintain and expand our customer base, impact the manner in which we can interact with our current and prospective customers or users, or impair the ability of our customers and users to use our platform and some or all of our products. Compliance efforts may be costly, and breaches of laws and regulations concerning data protection privacy and cybersecurity could impact our reputation, expose us to significant fines and other penalties, and impact our ability to successfully run our business.
We collect and process personal data about a variety of individuals, such as our customers, users, employees, contractors, and business partners, in connection with our relationship with such individuals,including to collect and process payment from our customers, provide our products and services to our customers, communicate with and recommend products to our customers and prospective customers through our marketing and advertising efforts, comply with legal obligations, and for other internal business purposes. Such processing of personal data is increasingly subject to new and rapidly evolving legislation and regulation globally.
In the United States, we are subject to rules and regulations promulgated under the authority of the Federal Trade Commission, the CCPA and similar state privacy laws, and state breach notification laws. At the federal level, failing to take appropriate steps to keep consumers' personal information secure may constitute unfair acts or practices in or affecting commerce in violation of Section 5(a) of the Federal Trade Commission Act (the FTCA), 15 U.S.C § 45(a). The FTC expects a company's data security measures to be reasonable and appropriate in light of the sensitivity and volume of consumer information it holds, the size and complexity of its business and the cost of available tools to improve security and reduce vulnerabilities. Through executive and legislative action, the federal government has also taken steps to restrict data transactions involving certain sensitive data categories with persons affiliated with China, Russia, and other countries of concern.
In addition, certain state laws govern privacy and security of personal information. The CCPA (as amended by the California Privacy Rights Act ("CPRA")), for example, broadly defines personal information and provides an expansive meaning to activity considered to be a sale of personal information, requires covered companies to provide specific disclosures to California residents, and gives California residents expanded privacy rights and protections, including the right to opt out of the sale or sharing of personal information. The CCPA also provides for civil penalties for violations and a private right of action for certain data breaches involving personal information, which may increase our exposure to litigation. The CPRA, which went into effect January 1, 2023, imposed additional obligations on companies covered by the legislation, including by expanding consumer rights with respect to certain categories of sensitive information. Additionally, similar comprehensive privacy laws have passed in many other states. Other states have also proposed new privacy laws which, if enacted, may add additional complexity, variation in requirements, restrictions and potential legal risk, require additional investment of resources in compliance programs, impact strategies and the availability of previously useful data and could result in increased compliance costs and/or changes in business practices and policies. U.S. state privacy laws are changing rapidly and the U.S. Congress has also contemplated federal data privacy legislation to which we could become subject to, if enacted.
Many foreign jurisdictions in which we do business, including the European Union ("EU"), European Economic Area ("EEA"), United Kingdom ("UK"), Canada, Australia, Japan and others have laws and regulations addressing the collection and use of personal data obtained in connection with their territories, which are more restrictive in certain respects than those in the U.S. We maintain offices in the EU (including Cyprus, the Czech Republic, Germany, the Netherlands, Poland, and Spain), and we have customers in the EEA and the UK. Accordingly, we are subject to the General Data Protection Regulation (EU) 2016/679 (the "EU GDPR"), the UK General Data Protection Regulation ("UK GDPR"), and related or otherwise applicable data protection laws in effect in the member states of the EEA and in the UK (together, the "European Data Protection Law") in connection with the activities of our establishments in the EEA and UK, our offering of goods or services to individuals in the EEA and the UK, and the monitoring of their behavior in these regions. European Data Protection Law places a number of obligations on controllers and processors of personal data, while also establishing rights for individuals with respect to their personal data, including rights of access and deletion in certain circumstances. These obligations include the requirement to obtain consent from individuals in specific situations, provide additional disclosures to individuals regarding data processing activities, implement safeguards to protect the security and confidentiality of personal data, limit personal data retention periods, conduct mandatory data breach notifications in certain circumstances, and put in place specific measures (including contractual requirements) when engaging third-party service providers.
European Data Protection Law also imposes strict rules on the transfer of personal data out of the EEA/UK to third countries deemed to lack adequate privacy protections, including the United States in certain circumstances, unless a derogation applies, or an appropriate transfer safeguard specified by the European Data Protection Law is implemented, such as the Standard Contractual Clauses ("SCCs") approved by the European Commission and the "International Data Transfer Agreement or Addendum ("IDTA") approved by the UK Information Commissioner's Office. International transfers made pursuant to the SCCs and IDTA also need to be analyzed on a case-by-case basis to ensure EEA/UK standards of data protection are met in the jurisdiction where the data importer is based. Any inability to transfer personal data from the EEA/UK to the United States in compliance with data protection laws may impede our operations. Following the UK's exit from the EU or Brexit, there will be increasing scope for divergence in application, interpretation and enforcement of the data protection laws between these territories. For example, the UK has introduced the Data Reform Bill into the UK legislative process with the intention for this bill to reform the UK's data protection regime following Brexit. If passed, the final version of the Data Reform Bill may have the effect of further altering the similarities between the UK and EEA data protection regimes and threaten the UK adequacy decision from the EU Commission allowing the free flow of personal data from the UK to the EEA, which may lead to additional compliance costs and could increase our overall risk. This lack of clarity on future UK laws and regulations and their interaction with those of the EEA could add legal risk, uncertainty, complexity, and cost to our handling of European personal data and our privacy and security compliance programs, and could require us to implement different compliance measures for the UK and EEA.
Following the UK's exit from the EU, or Brexit, there will be increasing scope for divergence in application, interpretation and enforcement of the data protection laws between these territories. For example, the UK has introduced the Data (Use and Access) Bill into the UK legislative process with the intention for this bill to reform the UK's data protection regime following Brexit. If passed, the final version of the bill may have the effect of further altering the similarities between the UK and EEA data protection regimes and threaten the UK adequacy decision from the EU Commission allowing the free flow of personal data from the UK to the EEA, which may lead to additional compliance costs and could increase our overall risk. This lack of clarity on future UK laws and regulations and their interaction with those of the EEA could add legal risk, uncertainty, complexity, and cost to our handling of European personal data and our privacy and security compliance programs, and could require us to implement different compliance measures for the UK and EEA.
We have implemented measures designed to comply with the requirements of applicable data protection, privacy and cybersecurity laws and regulations. In respect of these measures, we rely on positions and interpretations of the law that have yet to be fully tested before the relevant courts and regulators. If a regulator or court of competent jurisdiction determines that one or more of our compliance efforts (such as our data collection and processing consents) does not satisfy the applicable requirements of the law, or if any party brought a claim in this regard, we could be subject to governmental or regulatory investigations, enforcement actions, regulatory fines, compliance orders, litigation or public statements against us by consumer advocacy groups or others, any of which could restrict our ability to collect or otherwise process personal data, cause customers to lose trust in us, or otherwise damage our reputation and business. Likewise, a change in guidance could be costly and have an adverse effect on our business. With regards to data that we license or otherwise receive from third parties, we may not be able to verify with complete certainty the source of such data, how it was collected, and that such data was collected and is being shared with us in compliance with all applicable data protection and privacy laws. Our use of personal data obtained from third-party vendors could result in potential regulatory investigations, fines, penalties, compliance orders, liability, litigation, and remediation costs, as well as reputational harm, any of which could materially adversely affect our business and financial results. The requirements of laws and regulations (including European Data Protection Law) pertaining to the licensing of data or obtaining such data from third parties are not entirely clear in all cases. It is possible that third parties may bring claims against us, alleging non-compliance with such requirements, and seeking damages, seeking to prevent us from using certain data, or seeking to prevent us from using data in particular ways. Such claims could potentially adversely affect our ability to provide our services and the current level of functionality of our platform in such circumstances, which could adversely affect our results of operations.
These new and evolving laws and regulations may, among other things, complicate our compliance efforts and impact how we collect and process personal data, conduct data protection assessments, and transfer personal data to affiliates and other third parties, which could in turn require us to make changes to our platform or products in order to comply, increase the cost of delivering our platform and products in some markets, reduce our ability to lawfully collect personal data used in our platform and products, impact how we respond to consumer rights requests, restrict our ability to reach current and prospective customers, increase the likelihood that we may be subject to enforcement actions or otherwise incur liability for noncompliance, and limit our ability to derive insights from data globally. A new Data (Use and Access) Bill (UK Bill) has now been introduced into parliament.
The uncertain and shifting regulatory environment and trust climate may cause concerns regarding data privacy and may cause our vendors, customers and users to resist providing the data necessary to allow us to offer our platform and products to our customers and users effectively, or could prompt individuals to opt out of our collection of their personal data. Even the perception that the privacy of personal data is not satisfactorily protected or does not meet regulatory requirements could discourage prospective customers from subscribing to our products or discourage current customers from renewing their subscriptions.
Additionally, the evolving nature and complexity of privacy and data security legislation may further increase our risk of litigation, adverse publicity and regulatory or governmental enforcement actions, including fines for non-compliance. For example, CCPA allows for fines of up to $7,500 for each violation, while European Data Protection Law imposes fines up to the greater of €20 million (£17.5 million for the UK) and 4% of worldwide gross annual revenue, also conferring a private right of action on data subjects and consumer associations to lodge complaints with supervisory authorities, seek judicial remedies, and obtain compensation for damages resulting from violations of European Data Protection Law. Our compliance efforts could reduce demand for our platform or products and compliance itself could require us to take on more onerous obligations in our contracts which may expose us to more contractual risk, and may slow the pace at which we close sales transactions. Taken as a whole, these complexities and the evolving nature of data protection and privacy and cybersecurity laws and regulations could have a material adverse effect on our reputation, business and financial results.
Regulation - Risk 3
Federal, state, and foreign laws regulate internet tracking software, the sending of commercial emails and text messages, sales activities, and other activities, which could impact the use of our platform and products, and potentially subject us to regulatory enforcement or private litigation.Changed
Federal, state, and foreign laws in the jurisdictions in which we operate regulate various aspects regarding the development and commercialization of our platform and products, including the use of internet tracking software, the sending of commercial emails and text messages, and how we contract with our customers and sell our products, amongst other areas, all of which could impact the use of our platform and products by our customers, and potentially subject us to regulatory enforcement or private litigation. As a provider of subscription-based products and services, we may be impacted by laws or regulations that govern or regulate how businesses may periodically charge its customers for subscription renewals and how customers may cancel or get out of such subscriptions. While we operate as a business-to-business ("B2B") company whose customers consist of other businesses looking to utilize our platform and products for search engine optimization, content marketing, competitive analysis and other related services, laws and regulations that were historically aimed at protecting consumers only (in the "business-to-consumer" or "B2C" context) may be expanded, or new laws and regulations adopted, to address conversion, renewal and cancellations of subscriptions in the B2B context as well. For example, the FTC adopted its Pre-Notification Negative Option Rule in 2024 (with most provisions of the rule to take effect in April 2025) which imposes additional requirements on the marketing and sale of subscription-based products and services. We are closely monitoring this rule, which is currently being challenged in the federal circuit court system, to determine if we may be required to make changes to the manner in which we market and sell our subscription-based products and services. Compliance with the proposed rule could be costly, and related changes to our platform, products, marketing strategies and administrative processes could adversely affect free to paid customer conversion, upgrades and renewal rates.
We are subject to laws and regulations that govern sending marketing and advertising by electronic means, such as email and telephone. For example, in the United States, the Controlling the Assault of Non-Solicited Pornography and Marketing Act of 2003 (the "CAN-SPAM Act"), among other things, obligates the sender of commercial emails to provide recipients with the ability to opt out of receiving future commercial emails from the sender. In addition, the Telephone Consumer Protection Act (the "TCPA") imposes certain notice, consent, and opt-out obligations on companies that send telephone or text communications using automatic telephone dialing systems, or artificial or prerecorded voice to consumers, and provides consumers with private rights of action for violations. The FCC and the FTC have responsibility for regulating various aspects of these laws. Among other requirements, the TCPA requires us to obtain prior express written consent for certain telemarketing calls. Many states have similar consumer protection laws regulating telemarketing. These laws limit our ability to communicate with potential customers and reduce the effectiveness of our marketing programs. The TCPA does not currently distinguish between voice and data, and, as such, SMS/MMS messages are also "calls" for the purpose of TCPA obligations and restrictions. For violations of the TCPA, the law provides for a private right of action under which a plaintiff may recover monetary damages of $500 for each call or text made in violation of the prohibitions on calls made using an "artificial or pre-recorded voice" or an automatic telephone dialing system. Various state law equivalents of the TCPA may also provide for monetary damages in amounts greater than those provided for under the TCPA. A court may also treble the amount of damages upon a finding of a "willful or knowing" violation. There is no statutory cap on maximum aggregate exposure. An action may be brought by the FCC, a state attorney general, an individual, or a class of individuals. If in the future we are found to have violated the TCPA, or a state law equivalent, the amount of damages and potential liability could be extensive and adversely impact our business. Accordingly, were such a class certified or if we are unable to successfully defend such a suit, then TCPA or other state law damages could have a material adverse effect on our results of operations and financial condition.
Further, certain states and foreign jurisdictions, such as Australia, Canada, and the EU, have enacted laws that prohibit sending unsolicited marketing emails unless the recipient has provided its prior consent to receipt of such email, or in other words has "opted-in" to receiving it. A requirement that recipients opt into, or the ability of recipients to opt out of, receiving commercial emails may minimize the effectiveness of our marketing, which could adversely affect our ability to attract new customers or entice existing customers to upgrade their subscriptions.
Litigation & Legal Liabilities1 | 2.4%
Litigation & Legal Liabilities - Risk 1
We may be subject to litigation for any of a variety of claims, which could harm our reputation and adversely affect our business, results of operations, and financial condition.Taxation & Government Incentives3 | 7.1%
Taxation & Government Incentives - Risk 1
We could be required to collect additional sales and other similar taxes or be subject to other tax liabilities that may increase the costs our customers would have to pay for our subscriptions and adversely affect our operating results.Taxation & Government Incentives - Risk 2
Our international operations may subject us to greater than anticipated tax liabilities.We are expanding our international operations to better support our growth into international markets. We are also hiring workers in several jurisdictions outside our local offices. Our corporate structure and associated transfer pricing policies contemplate future growth in international markets, and consider the functions, risks, and assets of the various entities involved in intercompany transactions. The amount of taxes we pay in different jurisdictions may depend on the application of the tax laws of various jurisdictions, including the United States, to our international business activities, changes in tax rates, new or revised tax laws or interpretations of existing tax laws and policies, and our ability to operate our business in a manner consistent with our corporate structure and intercompany arrangements. The taxing authorities of the jurisdictions in which we operate may challenge our methodologies for pricing intercompany transactions pursuant to our intercompany arrangements or disagree with our determinations as to the income and expenses attributable to specific jurisdictions. If such a challenge or disagreement were to occur, and our position was not sustained, we could be required to pay additional taxes, interest, and penalties, which could result in one-time tax charges, higher effective tax rates, reduced cash flows, and lower overall profitability of our operations and we may be required to revise our intercompany agreements. Our consolidated financial statements could fail to reflect adequate reserves to cover such a contingency.
Taxation & Government Incentives - Risk 3
Unanticipated changes in our effective tax rate and additional tax liabilities may impact our financial results.We are subject to income taxes in the United States and various jurisdictions outside of the United States. Our income tax obligations are generally determined based on our business operations in these jurisdictions. Significant judgment is often required in the determination of our worldwide provision for income taxes. Our effective tax rate could be impacted by changes in the earnings and losses in countries with differing statutory tax rates, changes in non-deductible expenses, changes in excess tax benefits of stock-based compensation, changes in the valuation of deferred tax assets and liabilities and our ability to utilize them, the applicability of withholding taxes, effects from acquisitions, changes in accounting principles, and changes in tax laws in jurisdictions where we operate, such as Section 174 of the Code. Any changes, ambiguity, or uncertainty in taxing jurisdictions' administrative interpretations, decisions, policies, and positions could also materially impact our income tax liabilities.
As our business continues to grow and if we become more profitable, we anticipate that our income tax obligations could significantly increase. If our existing tax credits and net operating loss carry-forwards become fully utilized, we may be unable to offset or otherwise mitigate our tax obligations to the same extent as in prior years. This could have a material impact to our future cash flows or operating results. As of December 31, 2024, 54 countries in Europe, Eurasia, the Middle East, Africa, Asia-Pacific, and the Americas have enacted various aspects of the Organization for Economic Co-operation and Development's Base Erosion and Profit Shifting ("BEPS") 2.0 Pillar Two global minimum tax (GMT). In 35 of those countries, the GMT is effective beginning in 2024. Based on currently enacted law, the impact of GMT on our 2024 results is not expected to be material, however, the impact could change in the future.
In addition, recent global tax developments applicable to multinational companies, including certain approaches of addressing taxation of digital economy recently proposed or enacted by the Organisation for Economic Co-operation and Development, the European Commission or certain major jurisdictions where we operate or might in the future operate, might have a material impact to our business and future cash flow from operating activities, or future financial results. We are also subject to tax examinations in multiple jurisdictions. While we regularly evaluate new information that may change our judgment resulting in recognition, derecognition, or changes in measurement of a tax position taken, there can be no assurance that the final determination of any examinations will not have an adverse effect on our operating results and financial position. In addition, our operations may change, which may impact our tax liabilities. As our brand becomes increasingly recognizable both domestically and internationally, our tax planning structure and corresponding profile may be subject to increased scrutiny, and if we are perceived negatively, we may experience brand or reputational harm.
We may also be subject to additional tax liabilities and penalties due to changes in non-income based taxes resulting from changes in federal, state, or international tax laws, changes in taxing jurisdictions' administrative interpretations, decisions, policies and positions, results of tax examinations, settlements or judicial decisions, changes in accounting principles, and changes to the business operations, including acquisitions, as well as the evaluation of new information that results in a change to a tax position taken in a prior period. Any resulting increase in our tax obligation or cash taxes paid could adversely affect our cash flows and financial results.
Ability to Sell
Total Risks: 7/42 (17%)Above Sector Average
Competition1 | 2.4%
Competition - Risk 1
The market in which we operate is intensely competitive, and if we do not innovate and compete effectively, our ability to attract and retain customers could be harmed, which would negatively impact our business and operating results.Changed
Demand2 | 4.8%
Demand - Risk 1
Our business and operating results may be negatively affected if our paying customers do not upgrade and/or retain their premium subscriptions or if they fail to purchase additional products.Changed
Demand - Risk 2
We derive, and expect to continue to derive, substantially all of our revenue and cash flows from our paying customers with premium subscriptions, and our business and operating results may be negatively affected if our paying customers do not renew their premium subscriptions.We derive, and expect to continue to derive, substantially all of our revenue and cash flows from our paying customers with premium subscriptions. Our business and financial results depend on our paying customers renewing their subscriptions for our products when existing contract terms expire. Although our customer agreements generally provide for auto-renewal of subscriptions, our paying customers have no obligation to renew their premium subscriptions if they provide proper notice of their desire not to renew, and we cannot guarantee that they will renew their premium subscriptions for the same or longer terms, the same or a greater number of user licenses or products and add-ons, or at all. We offer premium subscriptions on a monthly, annual or multi-year basis with our annual and multi-year subscriptions typically receiving a discount for the longer-term commitment. Our paying customers predominantly choose monthly subscription terms, which allow them to terminate or adjust their premium subscriptions on a monthly basis. Because of the short-term nature of these agreements, paying customers can, and sometimes do, terminate with little to no notice and these terminations could cause our results of operations to fluctuate significantly from quarter to quarter. Our renewal rates, including our dollar-based net revenue retention rate, may decline or fluctuate as a result of a number of factors, including customer satisfaction with our platform and products, reliability of our products, our customer success and support experience, the price and functionality of our platform, products and add-ons relative to those of our competitors, mergers and acquisitions affecting our customer base, the effects of global economic conditions and other external factors, or reductions in our customers' spending levels. For example, we believe recent macro-economic pressures affecting some customers in the lower end of our market have contributed to decreased renewal rates and/or lower spending among such customers, impacting our financial results. Our business and operating results will be adversely affected if our paying customers do not renew or downgrade their premium subscriptions.
Sales & Marketing2 | 4.8%
Sales & Marketing - Risk 1
We are exposed to risks associated with payment processing and any disruption to such processing systems could adversely affect our business and results of operations.Sales & Marketing - Risk 2
If we fail to attract new potential customers, register them for free trials, and convert them into paying customers, our operating results would be negatively affected. Additionally, our sales expenses may increase and our average sales cycles may lengthen and become less predictable as our customer base continues to expand to include larger enterprise customers.Changed
The number of new customers we attract, whether as free or paying customers, is a key factor in growing our customer and premium subscription base, which customer base drives our revenues and collections. We utilize various unpaid content marketing strategies, including blogs, webinars, thought leadership, and social media engagement, as well as paid advertising, to attract visitors to our websites. We cannot guarantee that these unpaid or paid marketing efforts will continue to attract the same volume and quality of traffic to our websites or will continue to result in the same level of registrations for free or premium subscriptions as they have in the past. In the future, we may be required to increase our marketing spend to maintain the same volume and quality of traffic. Moreover, we cannot be certain that increased sales and marketing spend will generate more paying customers without increasing our customer acquisition costs on a per paying customer basis.
We have materially grown our number of paying customers through the provision of free subscriptions and through trials of a premium version of our platform and products. Trial subscriptions automatically become premium subscriptions if the customer does not opt out of the trial subscription after the trial period is over, and such trial subscriptions can be upgraded to obtain additional features, functionality, entitlements, and varying levels of access and report generating capabilities. In the future, we may be required to provide additional functionality to our free subscriptions to attract visitors to our websites and incent visitors to sign up for free subscriptions. In addition, we encourage our free customers to upgrade to premium subscriptions through in-product prompts and notifications, by recommending additional features and functionality, and by providing customer support to explain such additional features and functionality. Our failure to attract new free customers and convert them into paying customers could have a material adverse effect on our operating results as our business may be adversely affected by the costs of, and sales lost from, making certain of our products available on a free basis.
Our strategy is to sell premium subscriptions of our platform, including our Enterprise SEO solution, to paying customers of all sizes, from sole proprietors, to SMBs, to large enterprise customers. Selling monthly premium subscriptions to SMBs generally involves lower or plateauing premium subscription upgrade potential, lower retention rates (especially in times of economic uncertainty where marketing and sales budgets are subject to increased scrutiny and reduction), and more limited interaction with our sales and other personnel than sales to large enterprises. Conversely, sales to large enterprises generally entail longer sales cycles, more significant and costly selling and support efforts, and greater uncertainty of completing the sale than sales to SMBs. As our paying customer base continues to expand to include more large enterprise customers, our sales expenses may increase, sales cycles may lengthen and become less predictable, and we may see a greater number of paying customers with longer terms and extended payment terms which, in turn, may increase our paying customer acquisition costs, increase our credit risk, and may in other ways adversely affect our financial results.
Brand / Reputation2 | 4.8%
Brand / Reputation - Risk 1
If we fail to anticipate and adapt to new and increasingly prevalent social media platforms, and the growing use of artificial intelligence platforms, other competing products and services that do so more effectively could surpass us and lead to decreased demand for our platform and products.Brand / Reputation - Risk 2
If we are unable to maintain and enhance our brand, or if events occur that damage our reputation and brand, our ability to maintain and expand our customer base may be impaired, and our business and financial results may be harmed.Maintaining, promoting, and enhancing our brand is critical to maintaining and expanding our customer base. We seek to build our brand through a mix of free and paid initiatives. We market our platform and products through free information resources on our website, including our blog and online digital marketing courses (including through our Semrush Academy), pay-per-click advertisements on search engines and social networking sites, participation in social networking sites, free and paid banner advertisements on other websites, participation at annual industry conferences, and by hosting our own marketing conference (Spotlight by Semrush). The strength of our brand further drives free traffic sources, including customer referrals, word-of-mouth, and direct searches for our "Semrush" name, or web presence solutions, in search engines. In addition, we maintain relationships with agencies and affiliates to further increase brand awareness and generate customer demand. To the extent that new customers are increasingly derived from paid as opposed to free marketing initiatives, our customer acquisition cost will increase.
Beyond direct sales and marketing efforts, maintaining and enhancing our brand will depend largely on our ability to continue to provide a well-designed, useful, reliable, and innovative platform, efficient sales process, and high-quality customer service, which we may not do successfully.
Production
Total Risks: 5/42 (12%)Below Sector Average
Employment / Personnel3 | 7.1%
Employment / Personnel - Risk 1
Our business would be adversely affected if our contract workers were classified as employees.Employment / Personnel - Risk 2
Increases in labor costs, including wages, and an overall tightening of the labor market, could adversely affect our business, results of operations or financial condition.The labor costs associated with our business are subject to several external factors, including unemployment levels and the quality and the size of the labor market, prevailing wage rates, minimum wage laws, wages and other forms of remuneration and benefits offered to prospective employees by competitor employers, potential collective bargaining arrangements, health insurance costs and other insurance costs and changes in employment and labor legislation or other workplace regulation From time to time, the labor market becomes increasingly competitive. Although we have not experienced any material labor shortage to date, we have observed an overall tightening and increasingly competitive labor market and have recently experienced and expect to continue to experience some labor cost pressures. Furthermore, we have recently experienced costs and operational complexities with relocating personnel. Any of these factors or events, if not mitigated, could negatively impact us, for example by increasing our labor costs, making it more difficult to acquire and retain talent, creating customer service issues, or requiring us to increase our prices, the result of which could have an adverse effect on our business, results of operations or financial condition.
Employment / Personnel - Risk 3
We depend on our executive officers and other key employees, and the loss of one or more of these employees could harm our business.Our success depends largely upon the continued services of our executive officers and other key employees. We rely on our leadership team in the areas of research and development, operations, security, marketing, sales, customer service, and general and administrative functions, and on individual contributors and team leaders in our research and development and operations. From time to time, there may be changes in our executive management team resulting from the hiring or departure of executives, which could disrupt our business. For example, on February 26, 2025, we announced that Bill Wagner, a current member of our Board of Directors, has been named the new CEO, effective March 10, 2025, and Oleg Shchegolev, our current CEO, will assume the role of CTO. Additionally, effective March 10, 2025, Vitalii Obischenko will transition from Chief Operating Officer to Chief Product Officer. We cannot provide assurances that we will effectively manage this transition. While we will strive to make this transition as smooth as possible, the loss or transition in roles of one or more of our executive officers or key employees might significantly delay or prevent the achievement of our business objective and could materially harm our business. Changes in our executive management team may also cause disruptions in, and harm to, our business. If we fail to develop effective succession plans for our senior management team, and to identify, recruit, onboard, train and integrate strategic hires, our business, operating results, and financial condition could be adversely affected.
Supply Chain2 | 4.8%
Supply Chain - Risk 1
Failures or loss of, or material changes with respect to, the third-party hardware, software, and infrastructure on which we rely, including third-party data center hosting facilities and third-party distribution channels to support our operations, could adversely affect our business.Supply Chain - Risk 2
Our platform and products depend in part on publicly available, internally developed, and paid third-party data sources, and, if we lose access to data provided by such data sources or the terms and conditions on which we obtain such access become less favorable, our business could suffer.Changed
We developed our platform, products, and add-ons to rely in part on access to data from third-party sources. The primary sources of third-party data include data collected from third-party websites algorithmically through our proprietary data collection techniques, including web crawling of third-party websites, data purchased from independent third-party data providers, which includes clickstream data, search engine data, online advertising data and data from social media sources, and reference data that our customers grant us access to, which includes our customers' website and social media data. We obtain social media data through APIs that connect to social media platform operators, including Facebook, X, Instagram, Pinterest, and LinkedIn. We also collect data from our customers in connection with their use of our platform and other products.
To date, our relationships with most data providers (including social media platforms) are governed by such data providers' respective standard terms and conditions, which govern the availability and access to, and permitted uses of such data (including via APIs), and which are subject to change. Similarly, our access to publicly available data may depend on restrictions that website owners may impose through technical measures or otherwise, including restrictions on automated data collection. We cannot accurately predict the impact of changes in the terms of data providers that may impede our access to the data. If these data providers or websites choose not to make their data available on the same terms, or at all, we would have to seek alternative sources, which could prove expensive and time-consuming, and may be less efficient or effective.
We also rely on negotiated agreements with other data providers from whom we purchase independently sourced data, including clickstream data, search engine data, online advertising data, data from social media, and other sources. These negotiated agreements provide access to additional data that allow us to provide a more comprehensive solution for our customers. These agreements are subject to termination in certain circumstances, and there can be no assurance that we will be able to renew those agreements or that the terms of any such renewal, including pricing and levels of service, will be favorable.
In addition, there can be no assurance that we will not be required to enter into new negotiated agreements with data providers in the future to maintain or enhance the level of functionality of our platform and products, or that the terms and conditions of such agreements, including pricing and levels of service, will not be less favorable, which could adversely affect our results of operations. If we are not able to obtain data, including third-party data, on commercially reasonable terms, if data providers stop making their data available to us, if there are changes or limits in how we may use such data, if currently publicly available data ceases to be available, if we are limited in our ability to collect data from consumers, or if our competitors are able to purchase such data on better terms, the functionality of our platform and our ability to compete could be harmed.
Macro & Political
Total Risks: 2/42 (5%)Below Sector Average
Economy & Political Environment1 | 2.4%
Economy & Political Environment - Risk 1
Adverse or weakened general economic and market conditions may reduce spending on sales and marketing technology and information technology, which could harm our revenue, results of operations, and cash flows.International Operations1 | 2.4%
International Operations - Risk 1
A significant portion of our operations is located outside of the United States, which subjects us to additional risks, including increased complexity, the costs of managing international operations, geopolitical instability, and fluctuations in currency exchange rates.See a full breakdown of risk according to category and subcategory. The list starts with the category with the most risk. Click on subcategories to read relevant extracts from the most recent report.
FAQ
What are “Risk Factors”?
Risk factors are any situations or occurrences that could make investing in a company risky.
The Securities and Exchange Commission (SEC) requires that publicly traded companies disclose their most significant risk factors. This is so that potential investors can consider any risks before they make an investment.
They also offer companies protection, as a company can use risk factors as liability protection. This could happen if a company underperforms and investors take legal action as a result.
It is worth noting that smaller companies, that is those with a public float of under $75 million on the last business day, do not have to include risk factors in their 10-K and 10-Q forms, although some may choose to do so.
How do companies disclose their risk factors?
Publicly traded companies initially disclose their risk factors to the SEC through their S-1 filings as part of the IPO process.
Additionally, companies must provide a complete list of risk factors in their Annual Reports (Form 10-K) or (Form 20-F) for “foreign private issuers”.
Quarterly Reports also include a section on risk factors (Form 10-Q) where companies are only required to update any changes since the previous report.
According to the SEC, risk factors should be reported concisely, logically and in “plain English” so investors can understand them.
How can I use TipRanks risk factors in my stock research?
Use the Risk Factors tab to get data about the risk factors of any company in which you are considering investing.
You can easily see the most significant risks a company is facing. Additionally, you can find out which risk factors a company has added, removed or adjusted since its previous disclosure. You can also see how a company’s risk factors compare to others in its sector.
Without reading company reports or participating in conference calls, you would most likely not have access to this sort of information, which is usually not included in press releases or other public announcements.
A simplified analysis of risk factors is unique to TipRanks.
What are all the risk factor categories?
TipRanks has identified 6 major categories of risk factors and a number of subcategories for each. You can see how these categories are broken down in the list below.
1. Financial & Corporate
- Accounting & Financial Operations - risks related to accounting loss, value of intangible assets, financial statements, value of intangible assets, financial reporting, estimates, guidance, company profitability, dividends, fluctuating results.
- Share Price & Shareholder Rights – risks related to things that impact share prices and the rights of shareholders, including analyst ratings, major shareholder activity, trade volatility, liquidity of shares, anti-takeover provisions, international listing, dual listing.
- Debt & Financing – risks related to debt, funding, financing and interest rates, financial investments.
- Corporate Activity and Growth – risks related to restructuring, M&As, joint ventures, execution of corporate strategy, strategic alliances.
2. Legal & Regulatory
- Litigation and Legal Liabilities – risks related to litigation/ lawsuits against the company.
- Regulation – risks related to compliance, GDPR, and new legislation.
- Environmental / Social – risks related to environmental regulation and to data privacy.
- Taxation & Government Incentives – risks related to taxation and changes in government incentives.
3. Production
- Costs – risks related to costs of production including commodity prices, future contracts, inventory.
- Supply Chain – risks related to the company’s suppliers.
- Manufacturing – risks related to the company’s manufacturing process including product quality and product recalls.
- Human Capital – risks related to recruitment, training and retention of key employees, employee relationships & unions labor disputes, pension, and post retirement benefits, medical, health and welfare benefits, employee misconduct, employee litigation.
4. Technology & Innovation
- Innovation / R&D – risks related to innovation and new product development.
- Technology – risks related to the company’s reliance on technology.
- Cyber Security – risks related to securing the company’s digital assets and from cyber attacks.
- Trade Secrets & Patents – risks related to the company’s ability to protect its intellectual property and to infringement claims against the company as well as piracy and unlicensed copying.
5. Ability to Sell
- Demand – risks related to the demand of the company’s goods and services including seasonality, reliance on key customers.
- Competition – risks related to the company’s competition including substitutes.
- Sales & Marketing – risks related to sales, marketing, and distribution channels, pricing, and market penetration.
- Brand & Reputation – risks related to the company’s brand and reputation.
6. Macro & Political
- Economy & Political Environment – risks related to changes in economic and political conditions.
- Natural and Human Disruptions – risks related to catastrophes, floods, storms, terror, earthquakes, coronavirus pandemic/COVID-19.
- International Operations – risks related to the global nature of the company.
- Capital Markets – risks related to exchange rates and trade, cryptocurrency.