TechTarget Inc

The risks and uncertainties set forth below, as well as other risks and uncertainties described elsewhere in this Annual Report on Form 10-K including in our consolidated financial statements and accompanying notes and “Management’s Discussion and Analysis of Financial Condition and Results of Operations” or in other filings with the SEC, could materially and adversely affect our business, financial condition, operating results and the trading price of our common stock. Additional risks and uncertainties that are not currently known to us or that are not currently believed by us to be material may also harm our business operations and financial results. Because of the following risks and uncertainties, as well as other factors affecting our financial condition and operating results, past financial performance should not be considered to be a reliable indicator of future performance, and investors should not use historical trends to anticipate results or trends in future periods.

In addition, the EU and its member states and Canada have regulations dealing with the collection and use of personal information obtained from their citizens. Regulations in these jurisdictions have focused on the collection, processing, transfer, use, disclosure and security of information that may be used to identify or that actually identifies an individual, such as a name, e-mail address or online identifier (IP address). The General Data Protection Regulation (“GDPR”) was approved by the EU Parliament on April 14, 2016 and became effective on May 25, 2018. GDPR replaces the 1995 Data Protection Directive and was designed to, among other things, harmonize disparate data privacy laws found across Europe. GDPR implemented more rigorous principles relating to the data privacy and data protection, including, among other things, enhanced disclosure requirements regarding how personal information is to obtained, used, and shared, limitations on the purpose and storage of personal information, mandatory data breach notification requirements and enhanced standards for data controllers to demonstrate that they have obtained valid consent for certain data processing activities. Its application and scope are extensive and penalties for non-compliance are significant, including fines of up to 20 million Euros or 4% of total worldwide revenue. In the event the Company is deemed not in compliance with GDPR, or fails to maintain compliance, then the Company would be exposed to material damages, costs and/or fines if an EU regulator or EU resident commenced an action. Failure to comply or maintain compliance could cause considerable harm to us and our reputation (including requiring notification to customers, regulators, and/or members), cause a loss of confidence in our services, and deter current and potential customers from using our services.

On September 20, 2018, the presidency of the council of the EU released a revised draft of the pending Proposal for Regulation on Privacy and Electronic Communications (“ePrivacy Regulation”) which will replace the ePrivacy Directive and is intended to align with the overall EU data privacy and protection framework, including GDPR. The ePrivacy Regulation could disrupt the Company’s ability to use or transfer data or to market and sell its products and services, which could have a material adverse effect on our business, financial condition, and operating results.

We currently retain personal confidential, and/or proprietary information relating to our members, employees, and customers in secure database servers. Although we observe security measures throughout our operations, we experience cyber-attacks targeting our database servers and information systems. Cyber-attacks may involve viruses, malware, distributed denial-of-service attacks, phishing or other forms of social engineering, and other methods seeking to gain unlawful access. We may not be able to prevent unauthorized access to these secure database servers, and information systems as a result of these third-party actions, including intentional misconduct by criminal organizations and hackers or as a result of employee error, malfeasance or otherwise. A security breach could result in intentional malfunctions or loss or corruption of data, software, hardware or other computer equipment, the misappropriation of personal, confidential and/or proprietary information, disruptions in our service, and in the unauthorized access to our customers’ data or our data, including intellectual property, business opportunity, and other confidential business information. Additionally, third parties may attempt to fraudulently induce our employees, vendors, or customers into disclosing access credentials such as user names, passwords or keys in order to gain access to our database servers and information systems.

Our online networks could also be affected by cyber-attacks, and we could inadvertently transmit viruses across our networks to our members or other third parties. Providing unimpeded access to our online networks is critical to servicing our customers and providing superior customer service. Our inability to provide continuous access to our online networks could cause some of our customers to discontinue purchasing marketing and advertising programs and services and/or prevent or deter our members from accessing our networks.

We currently have subsidiaries in the United Kingdom, Hong Kong, Australia, Singapore, Germany and France. Approximately 26% of our revenues for the year ended December 31, 2018 were derived from customers with billing addresses outside of the United States and our foreign exchange gains/losses were not significant. Currently, our largest foreign currency exposures are the euro and British pound. We performed a sensitivity analysis on the impact of foreign exchange fluctuations on our operating income, based on our financial results for the year ended December 31, 2018. For the year ended December 31, 2018, we estimate that a 10% unfavorable movement in foreign currency exchange rates would have decreased operating income by approximately $125, assuming that all currencies moved in the same direction at the same time and a constant ratio of non-U.S. dollar denominated revenue and expenses to U.S. dollar denominated revenue and expenses. Since a portion of our revenue is deferred revenue that is recorded at different foreign currency exchange rates, the impact to revenue of a change in foreign currency exchange rates is recognized over time, and the impact to expenses is more immediate, as expenses are recognized at the current foreign currency exchange rate in effect at the time the expense is incurred. We currently believe our exposure to foreign currency exchange rate fluctuations is financially immaterial and therefore have not entered into foreign currency hedging transactions.

We continue to review this issue and may consider hedging certain foreign exchange risks through the use of currency futures or options in the future. The volatility of exchange rates depends on many factors that we cannot forecast with reliable accuracy. Our continued international expansion increases our exposure to exchange rate fluctuations and as a result such fluctuations could have a significant impact on our future results of operations.

statements for periods prior to adoption. Consequently, an entity's reporting for the comparative periods presented in the financial statements in which it adopts the new leases standard will continue to be in accordance with the previous lease guidance in ASC 840. ASU No. 2018-11 also allows a practical expedient that permits lessors to not separate non-lease components from the associated lease component if certain conditions are present. All of these ASUs related to ASC Topic 842 are effective for annual periods and interim periods within those annual periods beginning after December 15, 2018, and is effective for the Company for the year ending December 31, 2019. The Company is adopting ASU 2016-02 using the modified retrospective method, upon its effective date of January 1, 2019. The Company is electing the package of practical expedients permitted under the transition guidance within the new standard, which among other things, allows the Company to carryforward the historical lease classification for all leases in effect at adoption. The Company will make an accounting policy election to keep leases with an initial term of 12 months or less off of the consolidated balance sheet and will recognize those lease payments in the consolidated statements of income and comprehensive income on a straight-line basis over the lease term. We are substantially complete with our evaluation of the effect that the adoption of this ASU will have on our financial statements. We believe that most of our operating lease commitments will be subject to the new standard. In connection with the adoption of ASC 842, we expect to recognize additional right-of-use assets and operating lease liabilities of within a range of approximately $28 million to $32 million on January 1, 2019, with no material impact to our Consolidated Statements of Income and Comprehensive Income.