← back to summary

AKAM, §1A diff (2020 → 2021)

Similarity1.00
Added+10263 words
Removed-8671 words

Added paragraphs (10263 words)

Item 1A. Risk Factors

The following are important factors that could cause our actual operating results to differ materially from those indicated or suggested by forward-looking statements made in this annual report on Form 10-K or presented elsewhere by management from time to time.

Financial and Operational Risks

We may face slowing revenue growth which could negatively impact our profitability and stock price.

The revenue growth rate we have enjoyed in recent years may not continue in future periods and could decline, which could negatively impact our profitability and stock price. Our revenue depends on the amount of traffic we deliver, continued growth in demand for our performance and security solutions and our ability to maintain the prices we charge for them.

We experienced a significant increase in revenue from our media solutions in 2020 due in large part to greater consumption of online media and games during the onset of the COVID-19 pandemic and associated stay-at-home orders across the globe. In 2021, our revenue growth from media solutions declined as stay-at-home orders were lifted. Numerous other factors impact our revenue and traffic growth including:

•the pace of introduction of over-the-top video delivery initiatives by our customers;

•the popularity of our customers’ streaming offerings as compared to those offered by companies that do not use our solutions;

•variation in the popularity of online gaming;

•media and other customers utilizing their own data centers and implementing delivery approaches that limit or eliminate reliance on third-party providers like us;

•the adoption of permanent hybrid or work from home policies by employees; and

•general macro-economic and geopolitical conditions and industry pressures.

We have experienced significant growth in revenue from our security solutions in recent years. To maintain or accelerate growth in security revenue, we must increase our industry recognition as a security solutions provider and develop or acquire new solutions in a rapidly-changing environment where security threats are constantly evolving. We must also ensure that our solutions operate effectively and are competitive with products offered by others.

We are dependent upon the overall economic health of our current and prospective customers and the continued growth and evolution of information technology. We have experienced revenue declines in recent quarters from our web performance solutions and expect this trend to continue because of increasing pricing pressure due to competition and business conditions affecting many of our customers. In addition, in 2021, some of our customers continued to experience disruptions to their businesses following the emergence of COVID-19 variants. These disruptions or changes in international, national, regional and local economic conditions, such as inflation, increasing energy prices, recessionary economic cycles, protracted economic slowdowns or any deterioration in the economy could adversely affect our business. Any of these circumstances would negatively impact our revenues.

Our ability to increase our overall revenue also depends on many other factors including how well we can:

•retain existing customers, including by maintaining the levels of existing services they buy and by delivering consistent and quality performance levels;

•upsell new solutions to existing customers;

•expand our customer base;

•develop and sell innovative and appealing new solutions;

•successfully integrate our recent acquisitions into our business;

•address potential commoditization of our delivery-based solutions, which can lead to lower prices and loss of customers to competitors;

•counteract multi-vendor policies that could cause customers to reduce their reliance on us;

•handle other competitive threats to our business;

•adapt to changes in our customer contracting models from a committed revenue structure to a "pay-as-you-go" approach, which would make it easier for customers to stop doing business with us, or from traditional overage billing models to ones that do not incorporate surcharges for usage above committed levels; and

•manage the impact of changes in general economic conditions, public health issues, natural disasters and public unrest on our ability to sell, market and provide our solutions.

If we are unable to increase revenues, our profitability and stock price could suffer.

Failure to control expenses could reduce our profitability, which would negatively impact our stock price.

Maintaining or improving our profitability depends both on our ability to increase our revenue, even with the potential challenges discussed above, and limit our expenses. We base our decisions about expense levels and investments on estimates of our future revenue and future anticipated rates of growth; however, many of our expenses are fixed costs for a certain amount of time so it may not be possible to reduce costs in a timely manner or without incurring fees to exit certain obligations early. If we are unable to increase revenue through traffic growth or otherwise and limit expenses, our results of operations will suffer. If we are required to significantly reduce expenses to maintain or improve profitability, such actions may negatively affect our ability to invest in our business for innovation, systems improvements and other initiatives.

If we do not develop or acquire new solutions that are attractive to enterprises, our revenue and operating results could be adversely affected.

Innovation is important to our future success. In particular, as security solutions have become, and are expected to continue to be, an increasingly important part of our business, we must be particularly adept at developing new security services that

meet the constantly-changing threat landscape. The process of developing new solutions is complex, lengthy and uncertain; we must commit significant resources to developing new services or features without knowing whether our investments will result in solutions the market will accept, and we may choose to invest in business areas for which a viable market for our products does not ultimately develop. We have also experienced, and may in the future experience, delays in developing and releasing new products and product enhancements. This could cause our expenses to grow more rapidly than our revenue.

Trying to innovate through acquisition can be costly and with uncertain prospects for success; we may find that attractive acquisition targets are too expensive for us to pursue which could cause us to pursue more time-consuming internal development.

Failure to develop, on a cost-effective basis, innovative new or enhanced solutions that are attractive to customers and profitable to us could have a material detrimental effect on our business, results of operations, financial condition and cash flows.

If we are unable to compete effectively and adapt to changing market conditions, our business will be adversely affected.

We compete in markets that are intensely competitive and rapidly changing. Our current and potential competitors vary by size, product offerings and geographic region, and range from start-ups that offer solutions competing with a discrete part of our business to large technology or telecommunications companies that offer, or may be planning to introduce, products and services that are broadly competitive with what we do. The primary competitive factors in our market are differentiation of technology, global presence, quality of solutions, customer service, technical expertise, security, ease-of-use, breadth of services offered, price and financial strength.

Many of our current and potential competitors have substantially greater financial, technical and marketing resources, larger customer bases, broader product portfolios, longer operating histories, greater brand recognition and more established relationships in the industry than we do. As a result, some of these competitors may be able to:

•develop superior products or services;

•leverage better name recognition, particularly in the security market;

•enter new markets more easily;

•gain greater market acceptance for their products and services;

•expand their offerings more efficiently and more rapidly;

•bundle their products that are competitive with ours with other solutions they offer in a way that makes our offerings less appealing to current and potential customers;

•more quickly adapt to new or emerging technologies and changes in customer requirements;

•take advantage of acquisition, investment and other opportunities more readily;

•offer lower prices than ours, including at levels that may not be profitable for us to match;

•spend more money on the promotion, marketing and sales of their products and services; and

•spend more money on research and development, including offering higher salaries to talented professionals which may impact our ability to hire or retain engineering and other personnel.

Smaller and more nimble competitors may be able to:

•attract customers by offering less sophisticated versions of products and services than we provide at lower prices than those we charge;

•develop new business models that are disruptive to us;

•in some cases, use funds from public securities offerings or private financings to strengthen their business to enable them to better compete with us; and

•respond more quickly than we can to new or emerging technologies, changes in customer requirements and market and industry developments, resulting in superior offerings.

Ultimately, any type of increased competition could result in price and revenue reductions, loss of customers and loss of market share, each of which could materially impact our business, profitability, financial condition, results of operations and cash flows.

We and other companies that compete in this industry and these markets experience continually shifting business relationships, reputations, commercial focuses and business priorities, all of which occur in reaction to industry and market forces and the emergence of new opportunities. These shifts have led or could lead to our customers or partners becoming our competitors; network suppliers no longer seeking to work with us; and large technology companies that previously did not

11

appear to show interest in the markets we seek to address entering into those markets as our competitors. With this constantly changing environment, we may face operational difficulties in adjusting to the changes or our core strategies could become obsolete. Any of these developments could harm our business.

Defects or disruptions in our products and IT systems could require us to increase spending on upgrading systems, diminish demand for our solutions or subject us to substantial liability.

Our solutions are highly complex and are designed to be deployed in and across numerous large and complex networks that we do not control. From time to time, we have needed to correct errors and defects in the proprietary and open-source software that underlies our platform that have given rise to service incidents, outages and disruptions or otherwise impacted our operations. For example, during the summer of 2021, we experienced service incidents that interrupted the availability of some of our customers' websites. We could face the loss of customers as a result of recent and any future incidents as they seek alternative or supplemental providers. We have also periodically experienced customer dissatisfaction with the quality of some of our media delivery and other services, which has led to a loss of business and could lead to a loss of customers in the future. Furthermore, most of our customer agreements contain service level commitments. If we fail to meet these contractual commitments, we could be obligated to provide credits for future service, or face contract termination with refunds of prepaid amounts, which could harm our business.

While we have robust quality control processes in place, there may be additional errors and defects in our software and open-source software that we leverage that may adversely affect our operations. We may not have in place adequate quality assurance procedures to ensure that we detect errors in our software and open-source software we use in a timely manner, and we may have insufficient resources to efficiently address multiple service incidents happening simultaneously or in rapid succession. We continue to invest in improving our processes and systems. If we are unable to efficiently and cost-effectively fix errors or other problems that we identify and improve the quality of our solutions or systems, or if there are unidentified errors that allow persons to improperly access our services or systems, we could experience litigation, the need to issue credits to customers, loss of revenue and market share, damage to our reputation, diversion of management attention, increased expenses and reduced profitability.

An increasing portion of our revenue is derived from sales of security solutions. Defects in our security solutions could lead to negative publicity, loss of business, damages payments to customers and other negative consequences. As our solutions are adopted by an increasing number of enterprises and governments, it is possible that the individuals and organizations behind advanced malware attacks will specifically focus on finding ways to defeat our products and services. If they are successful, we could experience a serious impact on our reputation as a provider of security solutions.

Our business relies on our data systems, traffic measurement systems, billing systems, ordering processes and other operational and financial reporting and control systems. We also rely on third-party software for certain essential operational services and a failure or disruption in these services could materially and adversely affect our ability to manage our business effectively. All of these systems have become increasingly complex due to the complexity of our business, use of third-party software and services, acquisitions of new businesses with different systems, and increased regulation over controls and procedures. As a result, these systems could generate errors that impact traffic measurement or invoicing, revenue recognition and financial forecasting or other parts of our business. We will need to continue to upgrade and improve our data systems, traffic measurement systems, billing systems, ordering processes and other operational and financial systems, procedures and controls. These upgrades and improvements may be difficult and costly. In addition, we could face strains on, or failures of, our internal IT systems if governmental restrictions or vaccine or other mandates due to the ongoing COVID-19 pandemic limit the ability of our command center personnel to work in our physical locations. If we are unable to adapt our systems and organization in a timely, efficient and cost-effective manner to accommodate changing circumstances, our business may be adversely affected.

Cybersecurity breaches and attacks on us, as well as steps we need to take in an effort to prevent them, can lead to significant costs and disruptions that would harm our business, financial results and reputation.

We regularly face attempts to gain unauthorized access or deliver malicious software to the Akamai Intelligent Edge Platform and our internal IT systems, with the goal of stealing proprietary information related to our business, products, employees and customers; disrupting our systems and services or those of our customers or others; or demanding ransom to return control of such systems and services. These attempts take a variety of forms, including Distributed Denial of Service attacks, infrastructure attacks, botnets, malicious file uploads, application abuse, credential abuse, ransomware, bugs, viruses, worms and malicious software programs. There could be attempts to infiltrate our systems through our supply chain and contractors. Malicious actors are known to attempt to fraudulently induce employees and suppliers to disclose sensitive information through illegal electronic spamming, phishing or other tactics. Other parties may attempt to gain unauthorized physical access to our facilities in order to infiltrate our internal-use information systems. We may not be able to anticipate the techniques used in such attacks, as they change frequently and may not be recognized until launched. To date, cyber threats and

12

other attacks have not resulted in any material adverse impact to our business or operations, but such threats are constantly evolving, increasing the difficulty of detecting and successfully defending against them.

The complexities in managing the security profile of a distributed network with vast scale and geographic reach that evolves to incorporate new capabilities expose us to both known and unknown vulnerabilities. We have discovered vulnerabilities in software used in our technology, such as the vulnerability in Apache Log4j 2 referred to as “Log4Shell” identified in late 2021 that impacted a large portion of the internet ecosystem, and may have other undiscovered vulnerabilities. These vulnerabilities, resident in either software or configurations, may require significant operational efforts to mitigate and may persist for extended periods of time and the effects of any such vulnerability could be exacerbated. Our ability to detect vulnerabilities could be particularly limited during extraordinary events, such as the ongoing COVID-19 pandemic, where more staff are working remotely and dealing with unusual distractions. Similar security risks exist with respect to acquired companies, our business partners and the third-party vendors that we rely on for aspects of our information technology support services and administrative functions. As a result, we are subject to risks that the activities of our business partners and third-party vendors may adversely affect our business even if an attack or breach does not directly target our systems. See also the risk factor captioned We utilize third-party technology in our business, and failures or vulnerabilities, and/or litigation, related to these technologies may adversely affect our business below.

To protect our corporate and deployed networks, we must continuously engineer more secure solutions, enhance security and reliability features, improve the deployment of software updates to address security vulnerabilities, develop mitigation technologies that help to secure customers from attacks and maintain the digital security infrastructure that protects the integrity of our network and services. This is frequently costly, with a negative impact on near-term profitability. We may need to increase our spending in the future; these costs could reduce our operating margin.

Any actual, alleged or perceived breach of network security in our systems or networks, or any other actual, alleged or perceived data security incident we, our customers or our third-party suppliers suffer, can result in damage to our reputation; negative publicity; loss of channel partners, customers and sales; loss of competitive advantages; increased costs to remedy any problems and otherwise respond to any incident; regulatory investigations and enforcement actions; costly litigation; and other liabilities. In addition, we may incur significant costs and operational consequences of investigating, remediating, eliminating and putting in place additional tools and devices designed to prevent actual or perceived security breaches and other security incidents, as well as the costs to comply with any notification obligations resulting from any security incidents. Any of these negative outcomes could adversely impact the market perception of our solutions and customer and investor confidence in our company and otherwise seriously harm our business and operating results.

If we cannot maintain compatibility with our customers’ IT infrastructure, including their chosen third-party applications, our business will be harmed.

Our products interoperate with our customers' IT infrastructure, that often has different specifications, utilizes diverse technology, and requires compatibility with multiple communication protocols. Therefore, the functionality of our technology often needs to have, and maintain, compatibility with our customers' technology environment, including their chosen third-party technology. Customers, and in particular these chosen third-party applications, may change features, restrict our access to, or alter their applications in a manner that causes incompatibilities or causes us significant costs to maintain compatibility, and as a result our business could be adversely affected. Such changes could functionally limit or prevent the compatibility of our products with our customers’ IT infrastructure, which would negatively affect adoption of our products and harm our business. If we fail to update our products to achieve compatibility with new third-party applications that our customers use, we may not be able to offer the functionality that our customers need, which would harm our business.

We face risks associated with global operations that could harm our business.

A significant portion of our employee increases, customer additions and revenue growth in recent quarters has been attributable to revenue gains outside the U.S. Our operations in foreign countries subject us to risks that may increase our costs, disrupt our operations or make our operations less efficient and require significant management attention. These risks include:

•uncertainty regarding liability for content or services, including uncertainty as a result of local laws and lack of legal precedent;

•loss of revenues if the U.S. or foreign governments impose limitations on doing business with significant current or potential customers;

•adjusting to different employee/employer relationships and different regulations governing such relationships;

•becoming subject to regulatory oversight;

•corporate and personal liability for alleged or actual violations of laws and regulations;

13

•difficulty in staffing, training, developing and managing foreign operations as a result of distance, language, cultural differences or regulations;

•theft of intellectual property in high-risk countries where we operate;

•difficulties in enforcing contracts, collecting accounts and longer payment cycles in certain countries;

•difficulties in transferring funds from, or converting currencies in, certain countries;

•managing the costs and processes necessary to comply with export control, sanctions, anti-corruption, data protection and competition laws and regulations or other regulatory or contractual limitations on our ability to sell or develop our products and services in certain foreign markets;

•geopolitical developments, including any that impact our or our customers’ ability to operate or deliver content to a country;

•other circumstances outside of our control such as trade disputes, political unrest, the imposition of sanctions, export controls, warfare, military or armed conflict, such as the Russian invasion of Ukraine, terrorist attacks, public health emergencies such as the ongoing COVID-19 pandemic and natural disasters that could disrupt our ability to provide services or limit customer purchases of them;

•reliance on one or more channel partners over which we have limited control or influence on a day-to-day basis; and

•potentially adverse tax consequences.

We are subject to laws and regulations worldwide that differ among jurisdictions, affecting our operations in areas such as intellectual property ownership and infringement; tax; anti-corruption; internet and technology regulations; foreign exchange controls and cash repatriation; data privacy; competition; and employment. Compliance with such requirements can be onerous and expensive and may otherwise impact our business operations negatively. Although we have policies, controls, and procedures designed to help ensure compliance with applicable laws, there can be no assurance that our employees, contractors, suppliers or agents will not violate such laws or our policies. Violations of these laws and regulations can result in fines; criminal sanctions against us, our officers or our employees; prohibitions on the conduct of our business; and damage to our reputation. See also the risk factor captioned Other regulatory developments could negatively impact our business below.

Our business strategy depends on the ability to source adequate transmission capacity and the equipment we need to operate our network; failure to have access to those resources could lead to loss of revenue and service disruptions.

To operate our network, we are dependent in part upon transmission capacity provided by third-party telecommunications network providers, the availability of co-location facilities to house our servers and equipment to support our operations. We may be unable to purchase the bandwidth and space we need from these providers due to limitations on their resources or other reasons outside of our control. Inability to access facilities where we would like to install servers, or perform maintenance on existing servers, because of governmental restrictions on access due to stay-at-home orders or social distancing requirements due to the ongoing COVID-19 pandemic or other events impedes our ability to expand or maintain capacity. As a result, there can be no assurance that we are adequately prepared for unexpected increases in bandwidth demands by our customers, particularly those under cyber-attack or impacted by pandemic-related events. Failure to put in place the capacity we require to operate our business effectively could result in a reduction in, or disruption of, service to our customers and ultimately a loss of those customers.

The Akamai Intelligent Edge Platform relies on hardware equipment, including hundreds of thousands of servers deployed around the world. Global supply chain constraints in the wake of the COVID-19 pandemic continue to increase lead times for equipment components, which adds risk to our ability to flex to meet future business needs. Disruptions in our supply chain could prevent us from purchasing needed equipment at attractive prices or at all. For example, from time to time, it has been, and may continue to be, more difficult to purchase equipment that is manufactured in areas that face disruptions to operations due to unrest or other political activity, public health issues (such as the ongoing COVID-19 pandemic), safety issues, natural disasters or general economic conditions. Failure to have adequate equipment, including server equipment, could harm the quality of our services, which could lead to the loss of customers and revenue.

Acquisitions and other strategic transactions we complete could result in operating difficulties, dilution, diversion of management attention and other harmful consequences that may adversely impact our business and results of operations.

We expect to continue to pursue acquisitions and other types of strategic relationships that involve technology sharing or close cooperation with other companies. Acquisitions and other complex transactions are accompanied by a number of risks, including the following:

•difficulty integrating the technologies, operations and personnel of acquired businesses;

•potential disruptions of our ongoing business;

•potential distraction of management;

•diversion of business resources from core operations;

14

•financial consequences, such as increased operating expenses, incurrence of additional debt and other dilutive effects on our earnings, particularly in the current environment where we have generally seen escalating valuations of many technology companies and increasing allocation of risk to acquirors;

•assumption of legal risks related to compliance with laws, including privacy and anti-corruption regulations;

•failure to realize synergies or other expected benefits;

•lawsuits resulting from an acquisition or disposition;

•acquisition of IT systems that expose us to cybersecurity risks;

•increased accounting charges such as impairment of goodwill or intangible assets, amortization of intangible assets acquired and a reduction in the useful lives of intangible assets acquired; and

•potential unknown liabilities associated with acquired businesses.

Any inability to integrate completed acquisitions or combinations in an efficient and timely manner could have an adverse impact on our results of operations. If we use a significant portion of our available cash to pay for acquisitions that are not successful, it could harm our balance sheet and limit our flexibility to pursue other opportunities without having enjoyed the intended benefits of the acquisition. As we complete any future acquisitions, we may encounter difficulty in incorporating acquired technologies into our offerings while maintaining the quality standards that are consistent with our brand and reputation. If we are not successful in completing acquisitions or other strategic transactions that we may pursue in the future, we may incur substantial expenses and devote significant management time and resources without a successful result. Future acquisitions could require use of substantial portions of our available cash or result in dilutive issuances of securities.

If current and potential large customers shift to hardware-based or other DIY internal solutions, our business will be negatively impacted.

We are reliant on large media and other customers to direct traffic to our network for a significant part of our revenues. In the past, some of those customers have determined that it is better for them to employ a “do-it-yourself” or “DIY” strategy by putting in place equipment, software and other technology solutions for content and application delivery and security protection within their internal systems instead of using our solutions for some or all of their needs. Essentially, this is another form of competition for us. As the amount of money a customer spends with us increases, the risk that they will seek alternative solutions such as DIY or a multi-vendor policy likewise increases. If additional large customers shift to this model, traffic on our network and our contracted revenue commitments would decrease, which would negatively impact our business, profitability, financial condition, results of operations and cash flows.

If we are unable to recruit and retain key employees and qualified sales, research and development, technical, marketing and support personnel, our ability to compete could be harmed.

Our future success depends upon the services of our executive officers and other key technology, sales, research and development, marketing and support personnel who have critical industry experience and relationships. Like other companies in our industry, we have experienced, and we expect to continue to experience, difficulty in hiring and retaining highly skilled employees with appropriate qualifications, and, if we fail to attract new personnel or fail to retain and motivate our current personnel, our business and future growth prospects could suffer. For example, none of our officers or key employees is bound by an employment agreement for any specific term, and members of our senior management have left our company over the years for a variety of reasons. In addition, effective succession planning is important to our long-term success and our failure to ensure effective transfer of knowledge and smooth transitions involving our officers and other key personnel could hinder our strategic planning and execution.

In addition, our future success will depend upon our ability to attract and retain employees. Such efforts will require time, expense and attention by our employees as there is significant competition for talented individuals in the regions in which our primary offices are located, which affects both our ability to retain key employees and hire new ones and new hires require significant training. This competition results in increased costs in the form of cash and stock-based compensation and can have a dilutive impact on our stock. The loss of the services of a significant number of our employees or any of our key employees or our inability to attract and retain new talent in a timely fashion may be disruptive to our operations and overall business.

Our failure to effectively manage our operations and maintain our company culture as our business evolves and our work practices change could harm us.

Our future operating results will depend on our ability to manage our operations and we believe our culture has been a key contributor to our success to date. As a result of the diversification of our business, personnel growth, increased usage of alternative working arrangements, including the designation of over 90% of roles as flexible and able to work remotely, including after the pandemic, acquisitions and international expansion in recent years, many of our employees are now based

15

outside of our Cambridge, Massachusetts headquarters; however, most key management decisions are made by a relatively small group of individuals based primarily at our headquarters.

If we are unable to appropriately increase management depth, enhance succession planning and decentralize our decision-making at a pace commensurate with our actual or desired growth rates, we may not be able to achieve our financial or operational goals. It is also important to our continued success that we hire qualified personnel, properly train them and manage out poorly-performing personnel, all while maintaining our corporate culture and spirit of innovation. If we are not successful in these efforts, our growth and operations could be adversely affected.

Due to the ongoing COVID-19 pandemic, nearly all of our employees worldwide have been working remotely since the first quarter of 2020. We plan to roll out our FlexBase program in May 2022, which will allow the more than 90% of our workforce designated as flexible to choose whether they want to work from an Akamai office or their home office. Although we believe a flexible working policy will help us attract and retain talent, the long-term continuation of pandemic-based restrictions and implementation of our FlexBase program could, among other things, negatively impact employee morale and productivity, inhibit our ability to hire and train new employees and impede our ability to support customers at the levels they expect. In addition, certain security systems in homes or other remote workplaces may be less secure than those used in our offices, which may subject us to increased security risks, including cybersecurity-related events, and expose us to risks of data or financial loss and associated disruptions to our business operations. Members of our workforce who access company data and systems remotely may not have access to technology that is as robust as that in our offices, which could cause the networks, information systems, applications and other tools available to those remote workers to be more limited or less reliable than in our offices. We may also be exposed to risks associated with the locations of remote workers, including compliance with local laws and regulations or exposure to compromised internet infrastructure. Allowing members of our workforce to work remotely may create intellectual property risk if employees create intellectual property on our behalf while residing in a jurisdiction with unenforced or uncertain intellectual property laws. Further, if employees fail to inform us of changes in their work location, we may be exposed to additional risks without our knowledge. If we are unable to effectively transition to a hybrid workforce, manage the cybersecurity and other risks of remote work, and maintain our corporate culture and workforce morale, our business could be harmed or otherwise negatively impacted.

Our restructuring and reorganization activities may be disruptive to our operations and harm our business.

Over the past several years, we have implemented internal restructurings and reorganizations designed to reduce the size and cost of our operations, improve operational efficiencies, enhance our ability to pursue market opportunities and accelerate our technology development initiatives. In February 2021, we announced a significant reorganization to create two new business groups linked to our security and edge delivery technologies as well as establishing a unified global sales force. We may take similar steps in the future as we seek to realize operating synergies, optimize our operations to achieve our target operating model and profitability objectives, respond to market forces or better reflect changes in the strategic direction of our business. Disruptions in operations may occur as a result of taking these actions. Taking these actions may also result in significant expense for us, including with respect to workforce reductions, as well as decreased productivity due to employee distraction and unanticipated employee turnover. Substantial expense or business disruptions resulting from restructuring and reorganization activities could adversely affect our operating results.

We may have exposure to greater-than-anticipated tax liabilities.

Our future income taxes could be adversely affected by earnings being lower than anticipated in jurisdictions that have lower statutory tax rates and higher than anticipated in jurisdictions that have higher statutory tax rates, or changes in tax laws, regulations or accounting principles, as well as certain discrete items such as equity-related compensation. In particular, in October 2021, a global consortium of countries agreed to establishing a new framework for international tax reform; if implemented, such reform may increase our tax liabilities and reduce our profitability. We have recorded certain tax reserves to address potential exposures involving our income tax and sales and use tax positions. These potential tax liabilities result from the varying application of statutes, rules, regulations and interpretations by different jurisdictions. We are currently subject to tax audits in various jurisdictions including the Commonwealth of Massachusetts. In the second quarter of 2018, we filed an appeal with the Massachusetts Appellate Tax Board, or MATB, contesting adverse audit findings relating to our eligibility to claim certain tax benefits and exemptions. In July 2020, the MATB ruled in our favor; however the Massachusetts Department of Revenue has appealed the decision. If the ultimate outcome of the appeal and other audits are adverse to us, our reserves may not be adequate to cover our total actual liability, and we would need to take a financial charge. Although we believe our estimates, our reserves and the positions we have taken in all jurisdictions are reasonable, the ultimate tax outcome may differ from the amounts recorded in our financial statements and may materially affect our financial results in the period or periods for which such determination is made.

16

Fluctuations in foreign currency exchange rates affect our reported operating results in U.S. dollar terms.

Revenue generated and expenses incurred by our international subsidiaries are often denominated in the currencies of the local countries. As a result, our consolidated U.S. dollar financial statements are subject to fluctuations due to changes in exchange rates as the financial results of our international subsidiaries are translated from local currencies into U.S. dollars. In addition, our financial results are subject to changes in exchange rates that impact the settlement of transactions in non-functional currencies. While we have implemented a foreign currency hedging program to mitigate transactional exposures, there is no guarantee that such program will be effective.

If the accounting estimates we make, and the assumptions on which we rely, in preparing our financial statements prove inaccurate, our actual reported results may be adversely affected.

Our financial statements have been prepared in accordance with accounting principles generally accepted in the U.S. The preparation of these financial statements requires us to make estimates and judgments about, among other things, taxes, revenue recognition, stock-based compensation, capitalization of internal-use software development costs, investments, contingent obligations, allowance for current expected credit losses, intangible assets and restructuring charges. These estimates and judgments affect, among other things, the reported amounts of our assets, liabilities, revenue and expenses, the amounts of charges accrued by us, and related disclosure of contingent assets and liabilities. We base our estimates on historical experience and on various other assumptions that we believe to be reasonable under the circumstances and at the time they are made. If our estimates or the assumptions underlying them are not correct, actual results may differ materially from our estimates and we may need to, among other things, accrue significant additional charges that could adversely affect our results of operations, which in turn could adversely affect our stock price. In addition, new accounting pronouncements and interpretations of accounting pronouncements have occurred and may occur in the future that could adversely affect our reported financial results.

Our sales to government clients subject us to risks including early termination, audits, investigations, sanctions and penalties.

We have customer contracts with the U.S. government, as well as foreign, state and local governments and their respective agencies and we may in the future increase sales to government entities. Sales to government entities are subject to a number of risks. Selling to government entities can be highly competitive, expensive, and time consuming, often requiring significant upfront time and expense without any assurance that these efforts will generate a sale. Such government entities often have the right to terminate these contracts at any time, without cause. There is increased pressure for governments and their agencies, both domestically and internationally, to reduce spending and demand and payment for our services may be impacted by public sector budgetary cycles and funding authorizations. These factors may combine to potentially limit the revenue we derive from government contracts in the future. Additionally, government contracts generally have requirements that are more complex than those found in commercial enterprise agreements and therefore are more costly to comply with. Such contracts are also subject to audits and investigations that could result in civil and criminal penalties and administrative sanctions, including termination of contracts, refund of a portion of fees received, forfeiture of profits, suspension of payments, fines and suspensions or debarment from future government business.

We utilize third-party technology in our business, and failures or vulnerabilities, and/or litigation, related to these technologies may adversely affect our business.

We utilize third party technology software, services, and other technology in order to operate critical functions of our business, including the integration of certain of these technologies into our network, products and services. If these software, services, or other technology become unavailable or contain vulnerabilities, our expenses could increase and our ability to operate our network, provide our products, and our results of operations could be impaired until equivalent software, technology, or services are purchased or developed or any identified vulnerabilities are remedied. If we are unable to procure the necessary third-party technology we may need to acquire or develop alternative technology, we may have to resort to utilizing alternative technology of lower quality. This could limit and delay our ability to offer new or competitive products and increase our costs of production. As a result, our business could be significantly harmed. In addition, the use of third-party technology may expose us to third-party claims of intellectual property infringement which could cause us to incur significant costs in defense or alternative sourcing.

We rely on certain “open-source” software, the use of which could result in our having to distribute our proprietary software, including our source code, to third parties on unfavorable terms, which could materially affect our business.

Certain of our offerings use software that is subject to open-source licenses. Open-source code is software that is freely accessible, usable and modifiable; however, certain open-source code is governed by license agreements, the terms of which

17

could require users of such software to make any derivative works of the software available to others on unfavorable terms or at no cost. Because we use open-source code, we may be required to take remedial action in order to protect our proprietary software. Such action could include replacing certain source code used in our software, discontinuing certain of our products or taking other actions that could be expensive and divert resources away from our development efforts. In addition, the terms relating to disclosure of derivative works in many open-source licenses are unclear and have not been interpreted by U.S. courts. If a court interprets one or more such open-source licenses in a manner that is unfavorable to us, we could be required to make certain of our key software available at no cost. We could also be subject to similar conditions or restrictions should there be any changes in the licensing terms of the open source software incorporated into our products. In either event, we could be required to seek licenses from third parties in order to continue offering our products, to re-engineer our products or to discontinue the sale of our products in the event re-engineering cannot be accomplished on a timely or successful basis, any of which could adversely affect our business, operating results and financial condition. Furthermore, open-source software may have security flaws and other deficiencies that could make our solutions less reliable and damage our business.

Legal and Regulatory Risks

Evolving privacy regulations could negatively impact our profitability and business operations.

Laws and regulations that apply to the internet related to privacy and data localization could pose risks to our revenues, intellectual property and customer relationships, as well as increase expenses or create other disadvantages to our business.

Privacy laws are rapidly proliferating, changing and evolving globally. Governments, privacy advocates and class action attorneys are increasingly scrutinizing how companies collect, process, use, store, share and transmit personal data. Laws, such as the European Union General Data Protection Regulation, or GDPR, and the California Consumer Privacy Act of 2018, or CCPA, and industry self-regulatory codes have been enacted, and more laws are being considered that may affect how we use data generated from our network as well as our ability to reach current and prospective customers, understand how our solutions are being used and respond to customer requests allowed under the laws. Any perception that our business practices, our data collection activities or how our solutions operate represent an invasion of privacy, whether or not consistent with current regulations and industry practices, may subject us to public criticism or boycotts, class action lawsuits, reputational harm or actions by regulators, or claims by industry groups or other third parties, all of which could disrupt our business and expose us to liability.

Engineering efforts to build new capabilities to facilitate compliance with increasing data localization requirements and new and changing privacy laws could require us to take on substantial expense and divert engineering resources from other projects. We might experience reduced demand for our offerings if we are unable to engineer products that meet our legal duties or help our customers meet their obligations under the GDPR, the CCPA or other data regulations, or if the changes we implement to comply with such laws and regulations make our offerings less attractive.

Our ability to leverage the data generated by our global network of servers is important to the value of many of the solutions we offer, our operational efficiency and future product development opportunities. Our ability to use data in this way may be constrained by regulatory developments. Compliance with applicable laws and regulations regarding personal data may require changes in services, business practices or internal systems that result in increased costs, lower revenue, reduced efficiency or greater difficulty in competing with other firms. Compliance with data regulations might limit our ability to innovate or offer certain features and functionality in some jurisdictions where we operate. Failure to comply with existing or new rules may result in significant penalties or orders to stop the alleged non-compliant activity, as well as negative publicity and diversion of management time and effort.

Although we take steps intended to improve the security controls across our business groups and geographies, our security controls over personal data, our training of employees and third parties on data security and other practices we follow may not prevent the improper disclosure or misuse of customer or end-user data we store and manage. Improper disclosure or misuse of personal data could harm our reputation, lead to legal exposure to customers or end users, or subject us to liability under laws that protect personal data, resulting in increased costs or loss of revenue.

Other regulatory developments could negatively impact our business.

Local and foreign laws and regulations that apply to the internet related to, among other things, content liability, security requirements, law enforcement access to information, critical infrastructure, data localization requirements and restrictions on social media or other content could pose risks to our revenues, intellectual property and customer relationships as well as increase expenses or create other disadvantages to our business. Section 230 of the U.S. Communications Decency Act, often referred to as Section 230, gives websites that host user-generated content broad protection from legal liability for content posted on their sites. Proposals to repeal or amend Section 230 could expose us to greater legal liability in the conduct of our

18

business. Our Acceptable Use Policy prohibits customers from using our network to deliver illegal or inappropriate content; if customers violate that policy, we may nonetheless face reputational damage or lawsuits related to their content. Regulations have been enacted or proposed in a number of countries that limit the delivery of certain types of content into those countries. Enactment and expansion of such laws and regulations would negatively impact our revenues. For example, restrictions were adopted in India in 2020 prohibiting access to identified Chinese applications which caused a reduction in revenue to us. In addition, such laws and regulations could cause internet service providers, or others, to block our products in order to enforce content blocking efforts. In addition, efforts to block a single product or domain name may end up blocking a number of other products or domain names in an overbroad manner that could affect our business. Interpretations of laws or regulations that would subject us to regulatory supervision or, in the alternative, require us to exit a line of business or a country, could lead to loss of significant revenues and have a negative impact on the quality of our solutions. As noted with privacy compliance above, engineering efforts to build new capabilities to facilitate compliance with law enforcement access requirements, content access restrictions, or other regulations could require us to take on substantial expense and divert engineering resources from other projects. These circumstances could harm our profitability.

We may need to defend against patent or copyright infringement claims, which would cause us to incur substantial costs or limit our ability to use certain technologies in the future.

As we expand our business and develop new technologies, products and services, we have become increasingly subject to intellectual property infringement and other claims and related litigation. We have also agreed to indemnify our customers and channel and strategic partners if our solutions infringe or misappropriate specified intellectual property rights; as a result, we have been and could again become involved in litigation or claims brought against customers or channel or strategic partners if our solutions or technology are the subject of such allegations. Any litigation or claims, whether or not valid, brought against us or pursuant to which we indemnify our customers or partners could result in substantial costs and diversion of resources and require us to do one or more of the following:

•cease selling, incorporating or using features, functionalities, products or services that incorporate the challenged intellectual property;

•pay substantial damages and incur significant litigation expenses;

•obtain a license from the holder of the infringed intellectual property right, which license may not be available on reasonable terms or at all; or

•redesign products or services.

If we are forced to take any of these actions, our business may be seriously harmed.

Our business will be adversely affected if we are unable to protect our intellectual property rights from unauthorized use or infringement by third parties.

We rely on a combination of patent, copyright, trademark and trade secret laws and contractual restrictions on disclosure to protect our intellectual property rights. These legal protections afford only limited protection, particularly in some regions outside the United States. We have previously brought lawsuits against entities that we believed were infringing our intellectual property rights but have not always prevailed. Such lawsuits can be expensive and require a significant amount of attention from our management and technical personnel, and the outcomes are unpredictable. Monitoring unauthorized use of our solutions is difficult, and we cannot be certain that the steps we have taken or will take will prevent unauthorized use of our technology. Furthermore, we cannot be certain that any pending or future patent applications will be granted, that any future patent will not be challenged, invalidated or circumvented, or that rights granted under any patent that may be issued will provide competitive advantages to us. If we are unable to protect our proprietary rights from unauthorized use, the value of our intellectual property assets may be reduced. Although we have licensed from other parties proprietary technology covered by patents, we cannot be certain that any such patents will not be challenged, invalidated or circumvented. Such licenses may also be non-exclusive, meaning our competition may also be able to access such technology.

Litigation may adversely impact our business.

From time to time, we are or may become involved in various legal proceedings relating to matters incidental to the ordinary course of our business, including patent, commercial, product liability, breach of contract, employment, class action, whistleblower and other litigation and claims, and governmental and other regulatory investigations and proceedings. In addition, under our charter, we could be required to indemnify and advance expenses to our directors and officers in connection with their involvement in certain actions, suits, investigations and other proceedings. Such matters can be time-consuming, divert management’s attention and resources and cause us to incur significant expenses. Furthermore, because litigation is

19

inherently unpredictable and may not be covered by insurance, there can be no assurance that the results of any litigation matters will not have an adverse impact on our business, results of operations, financial condition or cash flows.

Global climate change and related natural resource conservation regulations could adversely impact our business.

The long-term effects of climate change on the global economy and our industry in particular remain unknown. For example, changes in weather where we operate may increase the costs of powering and cooling computer hardware we use to develop software and provide cloud-based services. In addition, catastrophic natural disasters, such as an earthquake, fire, flood or other act of God, catastrophic event or pandemic, and any similar disruption, as well as any derivative disruption, such as those to services provided through localized physical infrastructure, including utility or telecommunication outages, or any to the continuity of our, our partners’, suppliers’ and our customers’ workforce, could have a material adverse impact on our business and operating results. Our global operations are dependent on our network infrastructure, technology systems and website, including the supply of servers from our third party partners, as well as our intellectual property and personnel and any disruption to these dependencies may negatively impact our ability to respond to customers, provide services and maintain local and global business continuity. Furthermore, some of our products and business functions are hosted or carried out by third parties that may be vulnerable to these same types of disruptions, the response to or resolution of which may be beyond our control. Any disruption to our business could cause us to incur significant costs to repair damages to our facilities, equipment, infrastructure and business relationships.

In addition, in response to concerns about global climate change, governments may adopt new regulations affecting the use of fossil fuels or requiring the use of alternative fuel sources which could adversely impact our business. Our deployed network of servers consumes significant energy resources, including those generated by the burning of fossil fuels. While we have invested in projects to support renewable energy development, our customers, investors and other stakeholders may require us to take more steps to demonstrate that we are taking ecologically responsible measures in operating our business. The costs and any expenses we may incur to make our network more energy-efficient and comply with any new regulations could make us less profitable in future periods. Failure to comply with applicable laws and regulations or other requirements imposed on us could lead to fines, lost revenue and damage to our reputation.

Investment-Related Risks

Our stock price has been, and may continue to be, volatile, and your investment could lose value.

The market price of our common stock has historically been volatile. Trading prices may continue to fluctuate in response to a number of events and factors, including the following:

•quarterly variations in operating results;

•announcements by our customers related to their businesses that could be viewed as impacting their usage of our solutions;

•market speculation about whether we are a takeover target or considering a strategic transaction;

•announcements by competitors;

•activism by any single large stockholder or combination of stockholders or rumors about such activity;

•changes in financial estimates and recommendations by securities analysts;

•failure to meet the expectations of securities analysts;

•purchases or sales of our stock by our officers and directors;

•general economic conditions and other macro-economic factors, such as inflationary pressures;

•repurchases of shares of our common stock;

•successful cyber-attacks affecting our network or systems;

•performance by other companies in our industry; and

•geopolitical conditions such as acts of terrorism, military or armed conflicts, such as the Russian invasion of Ukraine, or global pandemics.

Furthermore, our revenue, particularly that portion attributable to usage of our solutions beyond customer commitments, can be difficult to forecast, and, as a result, our quarterly operating results can fluctuate substantially. This concern is particularly acute with respect to our media and commerce customers. In the future, our customer contracting models may change to move away from a committed revenue structure to a “pay-as-you-go” approach, which could make it easier for customers to reduce the amount of business they do with us or leave altogether. Changes in billing models and committed revenue requirements could, therefore, create challenges with our forecasting processes. Because a significant portion of our cost structure is largely fixed in the short-term, revenue shortfalls tend to have a disproportionately negative impact on our profitability. If we announce revenue or profitability results that do not meet or exceed our guidance or make changes in our guidance with respect to future operating results, our stock price may decrease significantly as a result.

20

Any of these events, as well as other circumstances discussed in these Risk Factors, may cause the price of our common stock to fall. In addition, the stock market in general, and the market prices of stock of publicly-traded technology companies in particular, have experienced significant volatility that often has been unrelated to the operating performance of affected companies. These broad stock market fluctuations may adversely affect the market price of our common stock, regardless of our operating performance.

Any failure to meet our debt obligations would damage our business.

As of the date of this report, we had total principal amount of $1,150.0 million of convertible senior notes outstanding due in 2025, and we had total principal amount of $1,150.0 million of convertible senior notes outstanding due in 2027. We also entered into a credit facility in May 2018 that provides for an initial $500.0 million in revolving loans; under specified circumstances, we would be able to borrow an additional $500.0 million thereunder. Our ability to repay any amounts we borrow under our credit facility, refinance the notes, make cash payments in connection with conversions of the notes or repurchase the notes in the event of a fundamental change (as defined in the applicable indenture governing the notes) will depend on market conditions and our future performance, which is subject to economic, financial, competitive and other factors beyond our control. We also may not use the cash we have raised through future borrowing under the credit facility or the issuance of the convertible senior notes in an optimally productive and profitable manner. If we are unable to remain profitable or if we use more cash than we generate in the future, our level of indebtedness at such time could adversely affect our operations by increasing our vulnerability to adverse changes in general economic and industry conditions and by limiting or prohibiting our ability to obtain additional financing for additional capital expenditures, acquisitions and general corporate and other purposes. If we do not have sufficient cash upon conversion of the notes or to repurchase the notes following a fundamental change, we would be in default under the terms of the notes, which could seriously harm our business. Although the terms of our credit facility include certain financial ratios that potentially limit our future indebtedness, the terms of the notes do not. If we incur significantly more debt, this could intensify the risks described above.

We may issue additional shares of our common stock or instruments convertible into shares of our common stock and thereby materially and adversely affect the market price of our common stock.

Our board of directors has the authority to issue additional shares of our common stock or other instruments convertible into, or exchangeable or exercisable for, shares of our common stock. If we issue additional shares of our common stock or instruments convertible into, or exchangeable or exercisable for, shares of our common stock, it may materially and adversely affect the market price of our common stock.

Because we currently do not intend to pay dividends, stockholders will benefit from an investment in our common stock only if it appreciates in value.

We currently intend to retain our future earnings, if any, for use in the operation of our business and do not expect to pay any cash dividends in the foreseeable future on our common stock. As a result, the success of an investment in our common stock will depend upon any future appreciation in its value. There is no guarantee that our common stock will appreciate in value or even maintain the price at which stockholders have purchased their shares.

Provisions of our charter, by-laws and Delaware law may have anti-takeover effects that could prevent a change in control even if the change in control would be beneficial to our stockholders.

Provisions of our charter, by-laws and Delaware law could make it more difficult for a third party to control or acquire us, even if doing so would be beneficial to our stockholders. These provisions include:

•our board of directors having the right to elect directors to fill a vacancy created by the expansion of the board of directors or the resignation, death or removal of a director;

•stockholders needing to provide advance notice to nominate individuals for election to the board of directors or to propose matters that can be acted upon at a stockholders' meeting; and

•the ability of our board of directors to issue, without stockholder approval, shares of undesignated preferred stock.

Further, as a Delaware corporation, we are also subject to certain Delaware anti-takeover provisions. Under Delaware law, a corporation may not engage in a business combination with any holder of 15% or more of its capital stock unless the holder has held the stock for three years or, among other things, the board of directors has approved the transaction. Our board of directors could rely on Delaware law to prevent or delay an acquisition of us.

21

If we fail to maintain an effective system of internal controls, we may not be able to accurately report our financial results or prevent fraud. As a result, our stockholders could lose confidence in our financial reporting, which could harm our business and the trading price of our common stock.

We have complied with Section 404 of the Sarbanes-Oxley Act of 2002 by assessing, strengthening and testing our system of internal controls. Even though we concluded our internal control over financial reporting and disclosure controls and procedures were effective as of the end of the period covered by this report, we need to continue to maintain our processes and systems and adapt them to changes as our business evolves and we rearrange management responsibilities and reorganize our business. This continuous process of maintaining and adapting our internal controls and complying with Section 404 is expensive and time-consuming and requires significant management attention. We cannot be certain that our internal control measures will continue to provide adequate control over our financial processes and reporting and ensure compliance with Section 404. Furthermore, as our business changes, including by expanding our operations in different markets, increasing reliance on channel partners and completing acquisitions, our internal controls may become more complex and we will be required to expend significantly more resources to ensure our internal controls remain effective. Failure to implement required new or improved controls, or difficulties encountered in their implementation, could harm our operating results or cause us to fail to meet our reporting obligations. If we or our independent registered public accounting firm identify material weaknesses, the disclosure of that fact, even if quickly remediated, could reduce the market's confidence in our financial statements and harm our stock price.

Removed paragraphs (8671 words)

Item 1A. Risk Factors The following are important factors that could cause our actual operating results to differ materially from those indicated or suggested by forward-looking statements made in this annual report on Form 10-K or presented elsewhere by management from time to time. Financial and Operational Risks We may face slowing revenue growth which could negatively impact our profitability and stock price. The revenue growth rate we have enjoyed in recent years may not continue in future periods and could decline, which could negatively impact our profitability and stock price. Our revenue depends on the amount of traffic we deliver, continued growth in demand for our performance and security solutions and our ability to maintain the prices we charge for them. We experienced a significant increase in revenue from our media solutions in 2020 due in significant part to greater consumption of online media and games during the COVID-19 pandemic and associated stay-at-home orders across the globe. Numerous other factors impact our traffic growth including: •the pace of introduction of over-the-top (often referred to as OTT) video delivery initiatives by our customers; •the popularity of our customers’ streaming offerings as compared to those offered by companies that do not use our solutions; •variation in the popularity of online gaming; •media and other customers utilizing their own data centers and implementing delivery approaches that limit or eliminate reliance on third party providers like us; and •general macro-economic conditions and industry pressures. We saw traffic levels on our network begin to stabilize in the fourth quarter of 2020. Accordingly, we do not expect traffic growth in 2021 to continue at the same levels we saw earlier in 2020 absent other significant industry developments. We have experienced significant growth in revenue from our security solutions in recent years. To maintain or accelerate growth in security revenue, we must increase our industry recognition as a security solutions provider and develop new solutions in a rapidly-changing environment where security threats are constantly evolving. We must also ensure that our solutions operate effectively and are competitive with products offered by others. We have experienced revenue declines in recent quarters from our web performance solutions and expect this trend to continue because of increasing pricing pressure in certain verticals and geographies due to competition and business conditions affecting many of our customers, particularly in travel and hospitality. In 2020, many of these customers faced significant disruptions to their business as a result of the international public health emergency associated with the COVID-19 pandemic. The economic fallout from the pandemic has continued into 2021 and can be expected to have far-reaching consequences across many industries, including additional bankruptcies, continued reductions in technology spending and economic recession. Any of these circumstances would negatively impact our revenues. Our ability to increase our overall revenue also depends on many other factors including how well we can: •retain existing customers, including maintaining the levels of existing services they buy; •upsell new solutions to existing customers; •expand our customer base; •develop and sell innovative and appealing new solutions; •address potential commoditization of our delivery-based solutions, which can lead to lower prices and loss of customers to competitors; •counteract multi-vendor policies that could cause customers to reduce their reliance on Akamai; •handle other competitive threats to our business; •adapt to changes in our customer contracting models from a committed revenue structure to a "pay-as-you-go" approach, which would make it easier for customers to stop doing business with us, or from traditional overage billing models to ones that do not incorporate surcharges for usage above committed levels; and •manage the impact of changes in general economic conditions, public health issues, natural disasters and public unrest on our ability to sell, market and provide our solutions. If we are unable to increase revenues, our profitability and stock price could suffer. Failure to control expenses could reduce our profitability, which would negatively impact our stock price. Maintaining or improving our profitability depends both on our ability to increase our revenue, even with the potential challenges discussed above, and limit our expenses. We base our decisions about expense levels and investments on estimates of our future revenue and future anticipated rate of growth; however, many of our expenses are fixed cost in nature for some minimum amount of time so it may not be possible to reduce costs in a timely manner or without incurring fees to exit certain obligations early. If we are unable to increase revenue through traffic growth or otherwise and limit expenses, our results of operations will suffer. If we are required to significantly reduce expenses to maintain or improve profitability, such actions may negatively affect our ability to invest in our business for innovation, systems improvement and other initiatives. If we do not develop new solutions that are attractive to enterprises, our revenue and operating results could be adversely affected. Innovation is important to our future success. In particular, as security solutions have become, and are expected to continue to, be an increasingly important part of our business, we must be particularly adept at developing new security services that meet the constantly-changing threat landscape. The process of developing new solutions is complex, lengthy and uncertain; we must commit significant resources to developing new services or features without knowing whether our investments will result in solutions the market will accept, and we may choose to invest in business areas for which a viable market for our products does not ultimately develop. This could cause our expenses to grow more rapidly than our revenue. Trying to innovate through acquisition can be costly and with uncertain prospects for success; we may find that attractive acquisition targets are too expensive for us to pursue which could cause us to pursue more time-consuming internal development. Continuing restrictions on the ability of our developers and other employees to work in our facilities as a result of restrictions imposed by governments to combat the COVID-19 pandemic could reduce their effectiveness including, for example, by making it more difficult for them to collaborate as effectively in the development of new solutions. Failure to develop, on a cost-effective basis, innovative new or enhanced solutions that are attractive to customers and profitable to us could have a material detrimental effect on our business, results of operations, financial condition and cash flows. If we are unable to compete effectively and adapt to changing market conditions, our business will be adversely affected. We compete in markets that are intensely competitive and rapidly changing. Our current and potential competitors vary by size, product offerings and geographic region, and range from start-ups that offer solutions competing with a discrete part of our business to large technology or telecommunications companies that offer, or may be planning to introduce, products and services that are broadly competitive with what we do. The primary competitive factors in our market are differentiation of technology, global presence, quality of solutions, customer service, technical expertise, security, ease-of-use, breadth of services offered, price and financial strength. Many of our current and potential competitors have substantially greater financial, technical and marketing resources, larger customer bases, broader product portfolios, longer operating histories, greater brand recognition and more established relationships in the industry than we do. As a result, some of these competitors may be able to: •develop superior products or services; •leverage better name recognition, particularly in the security market; •enter new markets more easily; •gain greater market acceptance for their products and services; •expand their offerings more efficiently and more rapidly; •bundle their products that are competitive with ours with other solutions they offer in a way that makes our offerings less appealing to current and potential customers; •more quickly adapt to new or emerging technologies and changes in customer requirements; •take advantage of acquisition, investment and other opportunities more readily; •offer lower prices than ours, including at levels that may not be profitable; •spend more money on the promotion, marketing and sales of their products and services; and •spend more money on research and development, including offering higher salaries to talented professionals which may impact our ability to hire or retain engineering and other personnel. Smaller and more nimble competitors may be able to: •attract customers by offering less sophisticated versions of products and services than we provide at lower prices than those we charge; •develop new business models that are disruptive to us; •in some cases, use funds from recent public securities offerings or private financings to strengthen their business to enable them to better compete with us; and •respond more quickly than we can to new or emerging technologies, changes in customer requirements and market and industry developments, resulting in superior offerings. Ultimately, any type of increased competition could result in price and revenue reductions, loss of customers and loss of market share, each of which could materially impact our business, profitability, financial condition, results of operations and cash flows. We and other companies that compete in this industry and these markets experience continually shifting business relationships, commercial focuses and business priorities, all of which occur in reaction to industry and market forces and the emergence of new opportunities. These shifts have led or could lead to our customers or partners becoming our competitors; network suppliers no longer seeking to work with us; and large technology companies that previously did not appear to show interest in the markets we seek to address entering into those markets as our competitors. With this constantly changing environment, we may face operational difficulties in adjusting to the changes or our core strategies could become obsolete. Any of these developments could harm our business. If current and potential large customers shift to hardware-based or other DIY internal solutions, our business will be negatively impacted. We are reliant on large media and other customers to direct significant amounts of traffic to our network for a significant part of our revenues. In the past, some of those customers have determined that it is better for them to employ a “do-it-yourself” or “DIY” strategy by putting in place equipment, software and other technology solutions for content and application delivery and security protection within their internal systems instead of using Akamai solutions for some or all of their needs. Essentially, this is another form of competition for us. As the amount of money a customer spends with us increases, the risk that they will seek alternative solutions such as DIY or a multi-vendor policy likewise increases. If additional large customers shift to this model, traffic on our network and our contracted revenue commitments would decrease, which would negatively impact our business, profitability, financial condition, results of operations and cash flows. Cybersecurity breaches and attacks on us, as well as steps we need to take to prevent them, could lead to significant costs and disruptions that harm our business, financial results and reputation. We regularly face attempts to gain unauthorized access or deliver malicious software to the Akamai Intelligent Edge Platform and our internal IT systems, with the goal of stealing proprietary information related to our business, products, employees and customers; disrupting our systems and services or those of our customers or others; or demanding ransom to return control of such systems and services. These attempts take a variety of forms, including DDoS attacks, infrastructure attacks, botnets, malicious file uploads, cross-site scripting, credential abuse, ransomware, bugs, viruses, worms and malicious software programs. There could be attempts to infiltrate our systems through our supply chain and contractors. Malicious actors are known to attempt to fraudulently induce employees and suppliers to disclose sensitive information through illegal electronic spamming, phishing or other tactics. Other parties may attempt to gain unauthorized physical access to our facilities in order to infiltrate our internal-use information systems. To date, cyber threats and other attacks have not resulted in any material adverse impact to our business or operations, but such threats are constantly evolving, increasing the difficulty of detecting and successfully defending against them. The complexities in managing the security profile of a distributed network with vast scale and geographic reach that evolves to incorporate new capabilities expose us to both known and unknown vulnerabilities. These vulnerabilities, resident in either software or configurations, may persist for extended periods of time. Our ability to detect vulnerabilities could be particularly limited during extraordinary events, such as the COVID-19 pandemic, where more staff are working remotely and dealing with unusual distractions. Similar security risks exist with respect to acquired companies, our business partners and the third-party vendors that we rely on for aspects of our information technology support services and administrative functions. As a result, we are subject to risks that the activities of our business partners and third-party vendors may adversely affect our business even if an attack or breach does not directly target our systems. To protect our corporate and deployed networks, we must continuously engineer more secure solutions, enhance security and reliability features, improve the deployment of software updates to address security vulnerabilities, develop mitigation technologies that help to secure customers from attacks and maintain the digital security infrastructure that protects the integrity of our network and services. This is frequently costly, with a negative impact on near-term profitability. We may need to increase our spending in the future; these costs could reduce our operating margin. Any actual, alleged or perceived breach of network security in our systems or networks, or any other actual, alleged or perceived data security incident we or our third-party suppliers suffer, could result in damage to our reputation; negative publicity; loss of channel partners, customers and sales; loss of competitive advantages; increased costs to remedy any problems and otherwise respond to any incident; regulatory investigations and enforcement actions; costly litigation; and other liability. In addition, we may incur significant costs and operational consequences of investigating, remediating, eliminating and putting in place additional tools and devices designed to prevent actual or perceived security breaches and other security incidents, as well as the costs to comply with any notification obligations resulting from any security incidents. Any of these negative outcomes could adversely impact the market perception of our solutions and customer and investor confidence in our company and otherwise seriously harm our business and operating results. Defects or disruptions in our products and IT systems could require us to increase spending on upgrading systems, diminish demand for our solutions or subject us to substantial liability. Our solutions are highly complex and are designed to be deployed in and across numerous large and complex networks that we do not control. From time to time, we have needed to correct errors and defects in the software that underlies our platform that have given rise to service incidents or otherwise impacted our operations. We have also periodically experienced customer dissatisfaction with the quality of some of our media delivery and other services, which has led to loss of business and could lead to loss of customers in the future. While we have robust quality control processes in place, there may be additional errors and defects in our software that may adversely affect our operations. We may not have in place adequate quality assurance procedures to ensure that we detect errors in our software in a timely manner, and we may have insufficient resources to efficiently address multiple service incidents happening simultaneously or in rapid succession. If we are unable to efficiently and cost-effectively fix errors or other problems that may be identified and improve the quality of our solutions or systems, or if there are unidentified errors that allow persons to improperly access our services or systems, we could experience loss of revenue and market share, damage to our reputation, increased expenses and delayed payments and be exposed to legal actions by our customers. An increasing portion of our revenue is derived from sales of security solutions. Defects in our security solutions could lead to negative publicity, loss of business, damages payments to customers and other negative consequences. As our solutions are adopted by an increasing number of enterprises and governments, it is possible that the individuals and organizations behind advanced malware attacks will specifically focus on finding ways to defeat our products and services. If they are successful, we could experience a serious impact on our reputation as a provider of security solutions. Our business relies on our data systems, traffic measurement systems, billing systems, ordering processes and other operational and financial reporting and control systems. All of these systems have become increasingly complex due to the complexity of our business, acquisitions of new businesses with different systems, and increased regulation over controls and procedures. As a result, these systems could generate errors that impact traffic measurement or invoicing, revenue recognition and financial forecasting. We will need to continue to upgrade and improve our data systems, traffic measurement systems, billing systems, ordering processes and other operational and financial systems, procedures and controls. These upgrades and improvements may be difficult and costly. In addition, we could face strains on, or failures of, our internal IT systems if the COVID-19 pandemic persists for a longer period or governmental restrictions limit the ability of our command center personnel to work in our physical locations. If we are unable to adapt our systems and organization in a timely, efficient and cost-effective manner to accommodate changing circumstances, our business may be adversely affected. We face risks associated with global operations that could harm our business. A significant portion of our revenue growth in recent quarters has been attributable to revenue gains outside the U.S. Our operations in foreign countries subject us to risks that may increase our costs, make our operations less efficient and require significant management attention. These risks include: •uncertainty regarding liability for content or services, including uncertainty as a result of local laws and lack of legal precedent; •loss of revenues if the U.S. or foreign governments impose limitations on doing business with significant current or potential customers; •adjusting to different employee/employer relationships and different regulations governing such relationships; •becoming subject to regulatory oversight; •corporate and personal liability for alleged or actual violations of laws and regulations; •difficulty in staffing, developing and managing foreign operations as a result of distance, language, cultural differences or regulations such as those implemented in connection with the COVID-19 pandemic; •theft of intellectual property in high-risk countries where we operate; •difficulties in transferring funds from, or converting currencies in, certain countries; •managing the costs and processes necessary to comply with export control, sanctions, anti-corruption, data protection and competition laws and regulations; •geo-political developments that impact our customers’ ability to operate or deliver content to a country; •other circumstances outside of our control such as trade disputes, political unrest, public health emergencies such as the COVID-19 outbreak and natural disasters that could disrupt our ability to provide services or limit customer purchases of them; •reliance on channel partners over which we have limited control or influence on a day-to-day basis; and •potentially adverse tax consequences. We are subject to laws and regulations worldwide that differ among jurisdictions, affecting our operations in areas such as intellectual property ownership and infringement; tax; anti-corruption; foreign exchange controls and cash repatriation; data privacy; competition; and employment. Compliance with such requirements can be onerous and expensive and may otherwise impact our business operations negatively. Although we have policies, controls, and procedures designed to help ensure compliance with applicable laws, there can be no assurance that our employees, contractors, suppliers or agents will not violate such laws or our policies. Violations of these laws and regulations can result in fines; criminal sanctions against us, our officers or our employees; prohibitions on the conduct of our business; and damage to our reputation. See also the risk factor captioned Other regulatory developments could negatively impact our business below. Our business strategy depends on the ability to source adequate transmission capacity and the servers we need to operate our network; failure to have access to those resources could lead to loss of revenue and service disruptions. To operate our network, we are dependent in part upon transmission capacity provided by third-party telecommunications network providers and availability of co-location facilities to house our servers. We may be unable to purchase the bandwidth and space we need from these providers due to limitations on their resources or other reasons outside of our control. Inability to access facilities where we would like to install servers, or perform maintenance on existing servers, because of governmental restrictions on access due to stay-at-home orders or social distancing requirements during pandemics or other events impedes our ability to expand or maintain capacity. As a result, there can be no assurance that we are adequately prepared for unexpected increases in bandwidth demands by our customers, particularly those under cyber-attack or impacted by pandemic-type events. Failure to put in place the capacity we require to operate our business effectively could result in a reduction in, or disruption of, service to our customers and ultimately a loss of those customers. The Akamai Intelligent Edge Platform relies on hundreds of thousands of servers deployed around the world. Disruptions in our supply chain could prevent us from purchasing servers and other needed equipment at attractive prices or at all. For example, from time to time, it has been, and may continue to be, more difficult to purchase servers, component parts and other equipment that are manufactured in areas that face disruptions to operations due to unrest or other political activity, public health issues (such as the COVID-19 pandemic), safety issues, natural disasters or general economic conditions. Failure to have adequate server deployment could harm the quality of our services, which could lead to the loss of customers and revenue. Acquisitions and other strategic transactions we complete could result in operating difficulties, dilution, diversion of management attention and other harmful consequences that may adversely impact our business and results of operations. We expect to continue to pursue acquisitions and other types of strategic relationships that involve technology sharing or close cooperation with other companies. Acquisitions and other complex transactions are accompanied by a number of risks, including the following: •difficulty integrating the technologies, operations and personnel of acquired businesses; •potential disruption of our ongoing business; •potential distraction of management; •diversion of business resources from core operations; •financial consequences including an increase in operating expenses and other dilutive effects on our earnings, particularly in the current environment where we have seen escalating valuations of many technology companies; •assumption of legal risks related to compliance with laws, including privacy and anti-corruption regulations; •failure to realize synergies or other expected benefits; •acquisition of IT systems that expose us to cybersecurity risks; •increased accounting charges such as impairment of goodwill or intangible assets, amortization of intangible assets acquired and a reduction in the useful lives of intangible assets acquired; and •potential unknown liabilities associated with acquired businesses. Any inability to integrate completed acquisitions or combinations in an efficient and timely manner could have an adverse impact on our results of operations. If we use a significant portion of our available cash to pay for acquisitions that are not successful, it could harm our balance sheet and limit our flexibility to pursue other opportunities without having enjoyed the intended benefits of the acquisition. As we complete any future acquisitions, we may encounter difficulty in incorporating acquired technologies into our offerings while maintaining the quality standards that are consistent with our brand and reputation. If we are not successful in completing acquisitions or other strategic transactions that we may pursue in the future, we may incur substantial expenses and devote significant management time and resources without a successful result. Future acquisitions could require use of substantial portions of our available cash or result in dilutive issuances of securities. If we are unable to retain our key employees and hire and retain qualified sales, technical, marketing and support personnel, our ability to compete could be harmed. Our future success depends upon the services of our executive officers and other key technology, sales, marketing and support personnel who have critical industry experience and relationships. There is significant competition for talented individuals in the regions in which our primary offices are located, which affects both our ability to retain key employees and hire new ones. None of our officers or key employees is bound by an employment agreement for any specific term, and members of our senior management have left Akamai over the years for a variety of reasons. The loss of the services of a significant number of our employees or any of our key employees or our inability to attract and retain new talent may be disruptive to our operations and overall business. Our failure to effectively manage our operations as our business evolves could harm us. Our future operating results will depend on our ability to manage our operations. As a result of the diversification of our business, personnel growth, increased usage of alternative working arrangements, acquisitions and international expansion in recent years, many of our employees are now based outside of our Cambridge, Massachusetts headquarters; however, most key management decisions are made by a relatively small group of individuals based primarily at our headquarters. If we are unable to appropriately increase management depth, enhance succession planning and decentralize our decision-making at a pace commensurate with our actual or desired growth rates, we may not be able to achieve our financial or operational goals. It is also important to our continued success that we hire qualified personnel, properly train them and manage out poorly-performing personnel, all while maintaining our corporate culture and spirit of innovation. If we are not successful in these efforts, our growth and operations could be adversely affected. With the restrictions on businesses intended to curb the spread of the COVID-19 virus, nearly all of our employees worldwide have been working remotely since the first quarter of 2020; we expect this situation to continue through at least the second quarter of 2021. A longer-term continuation of these restrictions could, among other things, negatively impact employee morale and productivity, inhibit our ability to hire and train new employees and impede our ability to support customers at the levels they expect. As a result, our business could suffer. Our restructuring and reorganization activities may be disruptive to our operations and harm our business. Over the past several years, we have implemented internal restructurings and reorganizations designed to reduce the size and cost of our operations, improve operational efficiencies, enhance our ability to pursue market opportunities and accelerate our technology development initiatives. In February 2021, we announced a significant reorganization to create two new business groups linked to our security and edge delivery technologies as well as establishing a unified global sales force. We may take similar steps in the future as we seek to realize operating synergies, optimize our operations to achieve our target operating model and profitability objectives, respond to market forces or better reflect changes in the strategic direction of our business. Disruptions in operations may occur as a result of taking these actions. Taking these actions may also result in significant expense for us, including with respect to workforce reductions, as well as decreased productivity due to employee distraction and unanticipated employee turnover. Substantial expense or business disruptions resulting from restructuring and reorganization activities could adversely affect our operating results. We may have exposure to greater-than-anticipated tax liabilities. Our future income taxes could be adversely affected by earnings being lower than anticipated in jurisdictions that have lower statutory tax rates and higher than anticipated in jurisdictions that have higher statutory tax rates, or changes in tax laws, regulations or accounting principles, as well as certain discrete items such as equity-related compensation. We have recorded certain tax reserves to address potential exposures involving our income tax and sales and use tax positions. These potential tax liabilities result from the varying application of statutes, rules, regulations and interpretations by different jurisdictions. We are currently subject to tax audits in various jurisdictions including the Commonwealth of Massachusetts. In the second quarter of 2018, we filed an appeal with the Massachusetts Appellate Tax Board, or MATB, contesting adverse audit findings relating to our eligibility to claim certain tax benefits and exemptions. In July 2020, the MATB ruled in our favor; however the decision is eligible for appeal by the Massachusetts Department of Revenue. If the ultimate outcome of the potential appeal and other audits are adverse to us, our reserves may not be adequate to cover our total actual liability, and we would need to take a financial charge. Although we believe our estimates, our reserves and the positions we have taken in all jurisdictions are reasonable, the ultimate tax outcome may differ from the amounts recorded in our financial statements and may materially affect our financial results in the period or periods for which such determination is made. Fluctuations in foreign currency exchange rates affect our reported operating results in U.S. dollar terms. Revenue generated and expenses incurred by our international subsidiaries are often denominated in the currencies of the local countries. As a result, our consolidated U.S. dollar financial statements are subject to fluctuations due to changes in exchange rates as the financial results of our international subsidiaries are translated from local currencies into U.S. dollars. In addition, our financial results are subject to changes in exchange rates that impact the settlement of transactions in non-functional currencies. While we have implemented a foreign currency hedging program to mitigate transactional exposures, there is no guarantee that such program will be effective. If the accounting estimates we make, and the assumptions on which we rely, in preparing our financial statements prove inaccurate, our actual reported results may be adversely affected. Our financial statements have been prepared in accordance with accounting principles generally accepted in the U.S. The preparation of these financial statements requires us to make estimates and judgments about, among other things, taxes, revenue recognition, stock-based compensation, capitalization of internal-use software development costs, investments, contingent obligations, allowance for current expected credit losses, intangible assets and restructuring charges. These estimates and judgments affect, among other things, the reported amounts of our assets, liabilities, revenue and expenses, the amounts of charges accrued by us, and related disclosure of contingent assets and liabilities. We base our estimates on historical experience and on various other assumptions that we believe to be reasonable under the circumstances and at the time they are made. If our estimates or the assumptions underlying them are not correct, actual results may differ materially from our estimates and we may need to, among other things, accrue significant additional charges that could adversely affect our results of operations, which in turn could adversely affect our stock price. In addition, new accounting pronouncements and interpretations of accounting pronouncements have occurred and may occur in the future that could adversely affect our reported financial results. Our sales to government clients subject us to risks including early termination, audits, investigations, sanctions and penalties. We have customer contracts with the U.S. government, as well as foreign, state and local governments and their respective agencies. Such government entities often have the right to terminate these contracts at any time, without cause. There is increased pressure for governments and their agencies, both domestically and internationally, to reduce spending. Most of our government contracts are subject to legislative approval of appropriations to fund the expenditures under these contracts. These factors combine to potentially limit the revenue we derive from government contracts in the future. Additionally, government contracts generally have requirements that are more complex than those found in commercial enterprise agreements and therefore are more costly to comply with. Such contracts are also subject to audits and investigations that could result in civil and criminal penalties and administrative sanctions, including termination of contracts, refund of a portion of fees received, forfeiture of profits, suspension of payments, fines and suspensions or debarment from future government business. We rely on certain “open-source” software the use of which could result in our having to distribute our proprietary software, including our source code, to third parties on unfavorable terms, which could materially affect our business. Certain of our offerings use software that is subject to open-source licenses. Open-source code is software that is freely accessible, usable and modifiable; however, certain open-source code is governed by license agreements, the terms of which could require users of such software to make any derivative works of the software available to others on unfavorable terms or at no cost. Because we use open-source code, we may be required to take remedial action in order to protect our proprietary software. Such action could include replacing certain source code used in our software, discontinuing certain of our products or taking other actions that could be expensive and divert resources away from our development efforts. In addition, the terms relating to disclosure of derivative works in many open-source licenses are unclear. If a court interprets one or more such open-source licenses in a manner that is unfavorable to us, we could be required to make certain of our key software available at no cost. Furthermore, open-source software may have security flaws and other deficiencies that could make our solutions less reliable and damage our business. Legal and Regulatory Risks Evolving privacy regulations could negatively impact our profitability and business operations. Laws and regulations that apply to the internet related to privacy and data localization could pose risks to our revenues, intellectual property and customer relationships, as well as increase expenses or create other disadvantages to our business. Privacy laws are rapidly proliferating, changing and evolving globally. Governments, privacy advocates and class action attorneys are increasingly scrutinizing how companies collect, process, use, store, share and transmit personal data. Laws, such as the European Union General Data Protection Regulation, or GDPR, and the California Consumer Privacy Act of 2018, or CCPA, and industry self-regulatory codes have been enacted, and more laws are being considered that may affect how we use data generated from our network as well as our ability to reach current and prospective customers, understand how our solutions are being used and respond to customer requests allowed under the laws. Any perception that our business practices, our data collection activities or how our solutions operate represent an invasion of privacy, whether or not consistent with current regulations and industry practices, may subject us to public criticism or boycotts, class action lawsuits, reputational harm or claims by regulators, industry groups or other third parties, all of which could disrupt our business and expose us to liability. Engineering efforts to build new capabilities to facilitate compliance with data localization and privacy laws could require us to take on substantial expense and divert engineering resources from other projects. We might experience reduced demand for our offerings if we are unable to engineer products that meet our legal duties or help our customers meet their obligations under the GDPR, the CCPA or other data regulations, or if the changes we implement to comply with such laws and regulations make our offerings less attractive. Our ability to leverage the data generated by our global network of servers is important to the value of many of the solutions we offer, our operational efficiency and future product development opportunities. Our ability to use data in this way may be constrained by regulatory developments. Compliance with applicable laws and regulations regarding personal data may require changes in services, business practices or internal systems that result in increased costs, lower revenue, reduced efficiency or greater difficulty in competing with other firms. Compliance with data regulations might limit our ability to innovate or offer certain features and functionality in some jurisdictions where we operate. Failure to comply with existing or new rules may result in significant penalties or orders to stop the alleged non-compliant activity, as well as negative publicity and diversion of management time and effort. Although we take steps intended to improve the security controls across our business groups and geographies, our security controls over personal data, our training of employees and third parties on data security and other practices we follow may not prevent the improper disclosure or misuse of customer or end user data we store and manage. Improper disclosure or misuse of personal data could harm our reputation, lead to legal exposure to customers or end users, or subject us to liability under laws that protect personal data, resulting in increased costs or loss of revenue. Other regulatory developments could negatively impact our business. Laws and regulations that apply to the internet related to, among other things, content liability, security requirements, law enforcement access to information, data localization requirements and restrictions on social media or other content could pose risks to our revenues, intellectual property and customer relationships as well as increase expenses or create other disadvantages to our business. Section 230 of the U.S. Communications Decency Act, often referred to as Section 230, gives websites that host user-generated content broad protection from legal liability for content posted on their sites. Proposals to repeal or amend Section 230 could expose us to greater legal liability in the conduct of our business. Our Acceptable Use Policy prohibits customers from using our network to deliver illegal or inappropriate content; if customers violate that policy, we may nonetheless face reputational damage or lawsuits related to their content. Regulations have been enacted or proposed in a number of countries that limit the delivery of certain types of content into those countries; these include restrictions adopted in India in 2020 prohibiting access to identified Chinese applications (which caused a reduction in revenue to us) and proposed regulations in the U.S. on delivery of certain Chinese mobile applications. Enactment and expansion of such laws and regulations would negatively impact our revenues. Interpretations of laws or regulations that would subject us to regulatory supervision or, in the alternative, require us to exit a line of business or a country, could lead to loss of significant revenues and have a negative impact on the quality of our solutions. As noted with privacy compliance above, engineering efforts to build new capabilities to facilitate compliance with law enforcement access requirements, content access restrictions, or other regulations could require us to take on substantial expense and divert engineering resources from other projects. These circumstances could harm our profitability. We may need to defend against patent or copyright infringement claims, which would cause us to incur substantial costs or limit our ability to use certain technologies in the future. As we expand our business and develop new technologies, products and services, we have become increasingly subject to intellectual property infringement and other claims and related litigation. We have also agreed to indemnify our customers and channel and strategic partners if our solutions infringe or misappropriate specified intellectual property rights; as a result, we have been and could again become involved in litigation or claims brought against customers or channel or strategic partners if our solutions or technology are the subject of such allegations. Any litigation or claims, whether or not valid, brought against us or pursuant to which we indemnify our customers or partners could result in substantial costs and diversion of resources and require us to do one or more of the following: •cease selling, incorporating or using features, functionalities, products or services that incorporate the challenged intellectual property; •pay substantial damages and incur significant litigation expenses; •obtain a license from the holder of the infringed intellectual property right, which license may not be available on reasonable terms or at all; or •redesign products or services. If we are forced to take any of these actions, our business may be seriously harmed. Our business will be adversely affected if we are unable to protect our intellectual property rights from unauthorized use or infringement by third parties. We rely on a combination of patent, copyright, trademark and trade secret laws and contractual restrictions on disclosure to protect our intellectual property rights. These legal protections afford only limited protection, particularly in some regions outside the United States. We have previously brought lawsuits against entities that we believed were infringing our intellectual property rights but have not always prevailed. Such lawsuits can be expensive and require a significant amount of attention from our management and technical personnel, and the outcomes are unpredictable. Monitoring unauthorized use of our solutions is difficult, and we cannot be certain that the steps we have taken or will take will prevent unauthorized use of our technology. Furthermore, we cannot be certain that any pending or future patent applications will be granted, that any future patent will not be challenged, invalidated or circumvented, or that rights granted under any patent that may be issued will provide competitive advantages to us. If we are unable to protect our proprietary rights from unauthorized use, the value of our intellectual property assets may be reduced. Although we have licensed from other parties proprietary technology covered by patents, we cannot be certain that any such patents will not be challenged, invalidated or circumvented. Such licenses may also be non-exclusive, meaning our competition may also be able to access such technology. Litigation may adversely impact our business. From time to time, we are or may become involved in various legal proceedings relating to matters incidental to the ordinary course of our business, including patent, commercial, product liability, breach of contract, employment, class action, whistleblower and other litigation and claims, and governmental and other regulatory investigations and proceedings. In addition, under our charter, we could be required to indemnify and advance expenses to our directors and officers in connection with their involvement in certain actions, suits, investigations and other proceedings. Such matters can be time-consuming, divert management’s attention and resources and cause us to incur significant expenses. Furthermore, because litigation is inherently unpredictable and may not be covered by insurance, there can be no assurance that the results of any litigation matters will not have an adverse impact on our business, results of operations, financial condition or cash flows. Global climate change and related natural resource conservation regulations could adversely impact our business. The long-term effects of climate change on the global economy and our industry in particular remain unknown. Changes in weather where we operate may increase the costs of powering and cooling computer hardware we use to develop software and provide cloud-based services. Catastrophic natural disasters could negatively impact our office locations. In response to concerns about global climate change, governments may adopt new regulations affecting the use of fossil fuels or requiring the use of alternative fuel sources. Our deployed network of servers consumes significant energy resources, including those generated by the burning of fossil fuels. While we have invested in projects to support renewable energy development, our customers, investors and other stakeholders may require us to take more steps to demonstrate that we are taking ecologically responsible measures in operating our business. The costs and any expenses we may incur to make our network more energy-efficient and comply with any new regulations could make us less profitable in future periods. Failure to comply with applicable laws and regulations or other requirements imposed on us could lead to fines, lost revenue and damage to our reputation. Investment-Related Risks Our stock price has been, and may continue to be, volatile, and your investment could lose value. The market price of our common stock has historically been volatile. Trading prices may continue to fluctuate in response to a number of events and factors, including the following: •quarterly variations in operating results; •announcements by our customers related to their businesses that could be viewed as impacting their usage of our solutions; •market speculation about whether we are a takeover target or considering a strategic transaction; •announcements by competitors; •activism by any single large stockholder or combination of stockholders; •changes in financial estimates and recommendations by securities analysts; •failure to meet the expectations of securities analysts; •purchases or sales of our stock by our officers and directors; •general economic conditions and other macro-economic factors; •repurchases of shares of our common stock; •successful cyber-attacks affecting our network or systems; •performance by other companies in our industry; and •geopolitical conditions such as acts of terrorism, military conflicts or global pandemics. Furthermore, our revenue, particularly that portion attributable to usage of our solutions beyond customer commitments, can be difficult to forecast, and, as a result, our quarterly operating results can fluctuate substantially. This concern is particularly acute with respect to our media and commerce customers. We have introduced new billing models over the years, including recently offering a zero overage plan that eliminates surcharges for certain traffic. In the future, our customer contracting models may change to move away from a committed revenue structure to a “pay-as-you-go” approach, which could make it easier for customers to reduce the amount of business they do with us or leave altogether. Changes in billing models and committed revenue requirements could, therefore, create challenges with our forecasting processes. Because a significant portion of our cost structure is largely fixed in the short-term, revenue shortfalls tend to have a disproportionately negative impact on our profitability. If we announce revenue or profitability results that do not meet or exceed our guidance or make changes in our guidance with respect to future operating results, our stock price may decrease significantly as a result. Any of these events, as well as other circumstances discussed in these Risk Factors, may cause the price of our common stock to fall. In addition, the stock market in general, and the market prices of stock of publicly-traded technology companies in particular, have experienced significant volatility that often has been unrelated to the operating performance of affected companies. These broad stock market fluctuations may adversely affect the market price of our common stock, regardless of our operating performance. Any failure to meet our debt obligations would damage our business. As of the date of this report, we had total principal amount of $1,150.0 million of convertible senior notes outstanding due in 2025, and we had total principal amount of $1,150.0 million of convertible senior notes outstanding due in 2027. We also entered into a credit facility in May 2018 that provides for an initial $500.0 million in revolving loans; under specified circumstances, we would be able to borrow an additional $500.0 million thereunder. Our ability to repay any amounts we borrow under our credit facility, refinance the notes, make cash payments in connection with conversions of the notes or repurchase the notes in the event of a fundamental change (as defined in the applicable indenture governing the notes) will depend on market conditions and our future performance, which is subject to economic, financial, competitive and other factors beyond our control. We also may not use the cash we have raised through future borrowing under the credit facility or the issuance of the convertible senior notes in an optimally productive and profitable manner. If we are unable to remain profitable or if we use more cash than we generate in the future, our level of indebtedness at such time could adversely affect our operations by increasing our vulnerability to adverse changes in general economic and industry conditions and by limiting or prohibiting our ability to obtain additional financing for additional capital expenditures, acquisitions and general corporate and other purposes. In addition, if we are unable to make cash payments upon conversion of the notes, we would be required to issue significant amounts of our common stock, which would be dilutive to the stock of existing stockholders. If we do not have sufficient cash to repurchase the notes following a fundamental change, we would be in default under the terms of the notes, which could seriously harm our business. Although the terms of our credit facility include certain financial ratios that potentially limit our future indebtedness, the terms of the notes do not do so. If we incur significantly more debt, this could intensify the risks described above. We may issue additional shares of our common stock or instruments convertible into shares of our common stock and thereby materially and adversely affect the market price of our common stock. Our board of directors has the authority to issue additional shares of our common stock or other instruments convertible into, or exchangeable or exercisable for, shares of our common stock. If we issue additional shares of our common stock or instruments convertible into, or exchangeable or exercisable for, shares of our common stock, it may materially and adversely affect the market price of our common stock. Because we currently do not intend to pay dividends, stockholders will benefit from an investment in our common stock only if it appreciates in value. We currently intend to retain our future earnings, if any, for use in the operation of our business and do not expect to pay any cash dividends in the foreseeable future on our common stock. As a result, the success of an investment in our common stock will depend upon any future appreciation in its value. There is no guarantee that our common stock will appreciate in value or even maintain the price at which stockholders have purchased their shares. Provisions of our charter, by-laws and Delaware law may have anti-takeover effects that could prevent a change in control even if the change in control would be beneficial to our stockholders. Provisions of our charter, by-laws and Delaware law could make it more difficult for a third party to control or acquire us, even if doing so would be beneficial to our stockholders. These provisions include: •our board of directors having the right to elect directors to fill a vacancy created by the expansion of the board of directors or the resignation, death or removal of a director; •stockholders needing to provide advance notice to nominate individuals for election to the board of directors or to propose matters that can be acted upon at a stockholders' meeting; and •the ability of our board of directors to issue, without stockholder approval, shares of undesignated preferred stock. Further, as a Delaware corporation, we are also subject to certain Delaware anti-takeover provisions. Under Delaware law, a corporation may not engage in a business combination with any holder of 15% or more of its capital stock unless the holder has held the stock for three years or, among other things, the board of directors has approved the transaction. Our board of directors could rely on Delaware law to prevent or delay an acquisition of us. If we fail to maintain an effective system of internal controls, we may not be able to accurately report our financial results or prevent fraud. As a result, our stockholders could lose confidence in our financial reporting, which could harm our business and the trading price of our common stock. We have complied with Section 404 of the Sarbanes-Oxley Act of 2002 by assessing, strengthening and testing our system of internal controls. Even though we concluded our internal control over financial reporting and disclosure controls and procedures were effective as of the end of the period covered by this report, we need to continue to maintain our processes and systems and adapt them to changes as our business evolves and we rearrange management responsibilities and reorganize our business. This continuous process of maintaining and adapting our internal controls and complying with Section 404 is expensive and time-consuming and requires significant management attention. We cannot be certain that our internal control measures will continue to provide adequate control over our financial processes and reporting and ensure compliance with Section 404. Furthermore, as our business changes, including by expanding our operations in different markets, increasing reliance on channel partners and completing acquisitions, our internal controls may become more complex and we will be required to expend significantly more resources to ensure our internal controls remain effective. Failure to implement required new or improved controls, or difficulties encountered in their implementation, could harm our operating results or cause us to fail to meet our reporting obligations. If we or our independent registered public accounting firm identify material weaknesses, the disclosure of that fact, even if quickly remediated, could reduce the market's confidence in our financial statements and harm our stock price. Item 1B.

Current §1A text (2021)

Show full section (10290 words)

Item 1A. Risk Factors

The following are important factors that could cause our actual operating results to differ materially from those indicated or suggested by forward-looking statements made in this annual report on Form 10-K or presented elsewhere by management from time to time.

Financial and Operational Risks

We may face slowing revenue growth which could negatively impact our profitability and stock price.

The revenue growth rate we have enjoyed in recent years may not continue in future periods and could decline, which could negatively impact our profitability and stock price. Our revenue depends on the amount of traffic we deliver, continued growth in demand for our performance and security solutions and our ability to maintain the prices we charge for them.

We experienced a significant increase in revenue from our media solutions in 2020 due in large part to greater consumption of online media and games during the onset of the COVID-19 pandemic and associated stay-at-home orders across the globe. In 2021, our revenue growth from media solutions declined as stay-at-home orders were lifted. Numerous other factors impact our revenue and traffic growth including:

•the pace of introduction of over-the-top video delivery initiatives by our customers;

•the popularity of our customers’ streaming offerings as compared to those offered by companies that do not use our solutions;

•variation in the popularity of online gaming;

•media and other customers utilizing their own data centers and implementing delivery approaches that limit or eliminate reliance on third-party providers like us;

•the adoption of permanent hybrid or work from home policies by employees; and

•general macro-economic and geopolitical conditions and industry pressures.

We have experienced significant growth in revenue from our security solutions in recent years. To maintain or accelerate growth in security revenue, we must increase our industry recognition as a security solutions provider and develop or acquire new solutions in a rapidly-changing environment where security threats are constantly evolving. We must also ensure that our solutions operate effectively and are competitive with products offered by others.

We are dependent upon the overall economic health of our current and prospective customers and the continued growth and evolution of information technology. We have experienced revenue declines in recent quarters from our web performance solutions and expect this trend to continue because of increasing pricing pressure due to competition and business conditions affecting many of our customers. In addition, in 2021, some of our customers continued to experience disruptions to their businesses following the emergence of COVID-19 variants. These disruptions or changes in international, national, regional and local economic conditions, such as inflation, increasing energy prices, recessionary economic cycles, protracted economic slowdowns or any deterioration in the economy could adversely affect our business. Any of these circumstances would negatively impact our revenues.

Our ability to increase our overall revenue also depends on many other factors including how well we can:

•retain existing customers, including by maintaining the levels of existing services they buy and by delivering consistent and quality performance levels;

•upsell new solutions to existing customers;

•expand our customer base;

•develop and sell innovative and appealing new solutions;

•successfully integrate our recent acquisitions into our business;

•address potential commoditization of our delivery-based solutions, which can lead to lower prices and loss of customers to competitors;

•counteract multi-vendor policies that could cause customers to reduce their reliance on us;

•handle other competitive threats to our business;

•adapt to changes in our customer contracting models from a committed revenue structure to a "pay-as-you-go" approach, which would make it easier for customers to stop doing business with us, or from traditional overage billing models to ones that do not incorporate surcharges for usage above committed levels; and

•manage the impact of changes in general economic conditions, public health issues, natural disasters and public unrest on our ability to sell, market and provide our solutions.

If we are unable to increase revenues, our profitability and stock price could suffer.

Failure to control expenses could reduce our profitability, which would negatively impact our stock price.

Maintaining or improving our profitability depends both on our ability to increase our revenue, even with the potential challenges discussed above, and limit our expenses. We base our decisions about expense levels and investments on estimates of our future revenue and future anticipated rates of growth; however, many of our expenses are fixed costs for a certain amount of time so it may not be possible to reduce costs in a timely manner or without incurring fees to exit certain obligations early. If we are unable to increase revenue through traffic growth or otherwise and limit expenses, our results of operations will suffer. If we are required to significantly reduce expenses to maintain or improve profitability, such actions may negatively affect our ability to invest in our business for innovation, systems improvements and other initiatives.

If we do not develop or acquire new solutions that are attractive to enterprises, our revenue and operating results could be adversely affected.

Innovation is important to our future success. In particular, as security solutions have become, and are expected to continue to be, an increasingly important part of our business, we must be particularly adept at developing new security services that

meet the constantly-changing threat landscape. The process of developing new solutions is complex, lengthy and uncertain; we must commit significant resources to developing new services or features without knowing whether our investments will result in solutions the market will accept, and we may choose to invest in business areas for which a viable market for our products does not ultimately develop. We have also experienced, and may in the future experience, delays in developing and releasing new products and product enhancements. This could cause our expenses to grow more rapidly than our revenue.

Trying to innovate through acquisition can be costly and with uncertain prospects for success; we may find that attractive acquisition targets are too expensive for us to pursue which could cause us to pursue more time-consuming internal development.

Failure to develop, on a cost-effective basis, innovative new or enhanced solutions that are attractive to customers and profitable to us could have a material detrimental effect on our business, results of operations, financial condition and cash flows.

If we are unable to compete effectively and adapt to changing market conditions, our business will be adversely affected.

We compete in markets that are intensely competitive and rapidly changing. Our current and potential competitors vary by size, product offerings and geographic region, and range from start-ups that offer solutions competing with a discrete part of our business to large technology or telecommunications companies that offer, or may be planning to introduce, products and services that are broadly competitive with what we do. The primary competitive factors in our market are differentiation of technology, global presence, quality of solutions, customer service, technical expertise, security, ease-of-use, breadth of services offered, price and financial strength.

Many of our current and potential competitors have substantially greater financial, technical and marketing resources, larger customer bases, broader product portfolios, longer operating histories, greater brand recognition and more established relationships in the industry than we do. As a result, some of these competitors may be able to:

•develop superior products or services;

•leverage better name recognition, particularly in the security market;

•enter new markets more easily;

•gain greater market acceptance for their products and services;

•expand their offerings more efficiently and more rapidly;

•bundle their products that are competitive with ours with other solutions they offer in a way that makes our offerings less appealing to current and potential customers;

•more quickly adapt to new or emerging technologies and changes in customer requirements;

•take advantage of acquisition, investment and other opportunities more readily;

•offer lower prices than ours, including at levels that may not be profitable for us to match;

•spend more money on the promotion, marketing and sales of their products and services; and

•spend more money on research and development, including offering higher salaries to talented professionals which may impact our ability to hire or retain engineering and other personnel.

Smaller and more nimble competitors may be able to:

•attract customers by offering less sophisticated versions of products and services than we provide at lower prices than those we charge;

•develop new business models that are disruptive to us;

•in some cases, use funds from public securities offerings or private financings to strengthen their business to enable them to better compete with us; and

•respond more quickly than we can to new or emerging technologies, changes in customer requirements and market and industry developments, resulting in superior offerings.

Ultimately, any type of increased competition could result in price and revenue reductions, loss of customers and loss of market share, each of which could materially impact our business, profitability, financial condition, results of operations and cash flows.

We and other companies that compete in this industry and these markets experience continually shifting business relationships, reputations, commercial focuses and business priorities, all of which occur in reaction to industry and market forces and the emergence of new opportunities. These shifts have led or could lead to our customers or partners becoming our competitors; network suppliers no longer seeking to work with us; and large technology companies that previously did not

11

appear to show interest in the markets we seek to address entering into those markets as our competitors. With this constantly changing environment, we may face operational difficulties in adjusting to the changes or our core strategies could become obsolete. Any of these developments could harm our business.

Defects or disruptions in our products and IT systems could require us to increase spending on upgrading systems, diminish demand for our solutions or subject us to substantial liability.

Our solutions are highly complex and are designed to be deployed in and across numerous large and complex networks that we do not control. From time to time, we have needed to correct errors and defects in the proprietary and open-source software that underlies our platform that have given rise to service incidents, outages and disruptions or otherwise impacted our operations. For example, during the summer of 2021, we experienced service incidents that interrupted the availability of some of our customers' websites. We could face the loss of customers as a result of recent and any future incidents as they seek alternative or supplemental providers. We have also periodically experienced customer dissatisfaction with the quality of some of our media delivery and other services, which has led to a loss of business and could lead to a loss of customers in the future. Furthermore, most of our customer agreements contain service level commitments. If we fail to meet these contractual commitments, we could be obligated to provide credits for future service, or face contract termination with refunds of prepaid amounts, which could harm our business.

While we have robust quality control processes in place, there may be additional errors and defects in our software and open-source software that we leverage that may adversely affect our operations. We may not have in place adequate quality assurance procedures to ensure that we detect errors in our software and open-source software we use in a timely manner, and we may have insufficient resources to efficiently address multiple service incidents happening simultaneously or in rapid succession. We continue to invest in improving our processes and systems. If we are unable to efficiently and cost-effectively fix errors or other problems that we identify and improve the quality of our solutions or systems, or if there are unidentified errors that allow persons to improperly access our services or systems, we could experience litigation, the need to issue credits to customers, loss of revenue and market share, damage to our reputation, diversion of management attention, increased expenses and reduced profitability.

An increasing portion of our revenue is derived from sales of security solutions. Defects in our security solutions could lead to negative publicity, loss of business, damages payments to customers and other negative consequences. As our solutions are adopted by an increasing number of enterprises and governments, it is possible that the individuals and organizations behind advanced malware attacks will specifically focus on finding ways to defeat our products and services. If they are successful, we could experience a serious impact on our reputation as a provider of security solutions.

Our business relies on our data systems, traffic measurement systems, billing systems, ordering processes and other operational and financial reporting and control systems. We also rely on third-party software for certain essential operational services and a failure or disruption in these services could materially and adversely affect our ability to manage our business effectively. All of these systems have become increasingly complex due to the complexity of our business, use of third-party software and services, acquisitions of new businesses with different systems, and increased regulation over controls and procedures. As a result, these systems could generate errors that impact traffic measurement or invoicing, revenue recognition and financial forecasting or other parts of our business. We will need to continue to upgrade and improve our data systems, traffic measurement systems, billing systems, ordering processes and other operational and financial systems, procedures and controls. These upgrades and improvements may be difficult and costly. In addition, we could face strains on, or failures of, our internal IT systems if governmental restrictions or vaccine or other mandates due to the ongoing COVID-19 pandemic limit the ability of our command center personnel to work in our physical locations. If we are unable to adapt our systems and organization in a timely, efficient and cost-effective manner to accommodate changing circumstances, our business may be adversely affected.

Cybersecurity breaches and attacks on us, as well as steps we need to take in an effort to prevent them, can lead to significant costs and disruptions that would harm our business, financial results and reputation.

We regularly face attempts to gain unauthorized access or deliver malicious software to the Akamai Intelligent Edge Platform and our internal IT systems, with the goal of stealing proprietary information related to our business, products, employees and customers; disrupting our systems and services or those of our customers or others; or demanding ransom to return control of such systems and services. These attempts take a variety of forms, including Distributed Denial of Service attacks, infrastructure attacks, botnets, malicious file uploads, application abuse, credential abuse, ransomware, bugs, viruses, worms and malicious software programs. There could be attempts to infiltrate our systems through our supply chain and contractors. Malicious actors are known to attempt to fraudulently induce employees and suppliers to disclose sensitive information through illegal electronic spamming, phishing or other tactics. Other parties may attempt to gain unauthorized physical access to our facilities in order to infiltrate our internal-use information systems. We may not be able to anticipate the techniques used in such attacks, as they change frequently and may not be recognized until launched. To date, cyber threats and

12

other attacks have not resulted in any material adverse impact to our business or operations, but such threats are constantly evolving, increasing the difficulty of detecting and successfully defending against them.

The complexities in managing the security profile of a distributed network with vast scale and geographic reach that evolves to incorporate new capabilities expose us to both known and unknown vulnerabilities. We have discovered vulnerabilities in software used in our technology, such as the vulnerability in Apache Log4j 2 referred to as “Log4Shell” identified in late 2021 that impacted a large portion of the internet ecosystem, and may have other undiscovered vulnerabilities. These vulnerabilities, resident in either software or configurations, may require significant operational efforts to mitigate and may persist for extended periods of time and the effects of any such vulnerability could be exacerbated. Our ability to detect vulnerabilities could be particularly limited during extraordinary events, such as the ongoing COVID-19 pandemic, where more staff are working remotely and dealing with unusual distractions. Similar security risks exist with respect to acquired companies, our business partners and the third-party vendors that we rely on for aspects of our information technology support services and administrative functions. As a result, we are subject to risks that the activities of our business partners and third-party vendors may adversely affect our business even if an attack or breach does not directly target our systems. See also the risk factor captioned We utilize third-party technology in our business, and failures or vulnerabilities, and/or litigation, related to these technologies may adversely affect our business below.

To protect our corporate and deployed networks, we must continuously engineer more secure solutions, enhance security and reliability features, improve the deployment of software updates to address security vulnerabilities, develop mitigation technologies that help to secure customers from attacks and maintain the digital security infrastructure that protects the integrity of our network and services. This is frequently costly, with a negative impact on near-term profitability. We may need to increase our spending in the future; these costs could reduce our operating margin.

Any actual, alleged or perceived breach of network security in our systems or networks, or any other actual, alleged or perceived data security incident we, our customers or our third-party suppliers suffer, can result in damage to our reputation; negative publicity; loss of channel partners, customers and sales; loss of competitive advantages; increased costs to remedy any problems and otherwise respond to any incident; regulatory investigations and enforcement actions; costly litigation; and other liabilities. In addition, we may incur significant costs and operational consequences of investigating, remediating, eliminating and putting in place additional tools and devices designed to prevent actual or perceived security breaches and other security incidents, as well as the costs to comply with any notification obligations resulting from any security incidents. Any of these negative outcomes could adversely impact the market perception of our solutions and customer and investor confidence in our company and otherwise seriously harm our business and operating results.

If we cannot maintain compatibility with our customers’ IT infrastructure, including their chosen third-party applications, our business will be harmed.

Our products interoperate with our customers' IT infrastructure, that often has different specifications, utilizes diverse technology, and requires compatibility with multiple communication protocols. Therefore, the functionality of our technology often needs to have, and maintain, compatibility with our customers' technology environment, including their chosen third-party technology. Customers, and in particular these chosen third-party applications, may change features, restrict our access to, or alter their applications in a manner that causes incompatibilities or causes us significant costs to maintain compatibility, and as a result our business could be adversely affected. Such changes could functionally limit or prevent the compatibility of our products with our customers’ IT infrastructure, which would negatively affect adoption of our products and harm our business. If we fail to update our products to achieve compatibility with new third-party applications that our customers use, we may not be able to offer the functionality that our customers need, which would harm our business.

We face risks associated with global operations that could harm our business.

A significant portion of our employee increases, customer additions and revenue growth in recent quarters has been attributable to revenue gains outside the U.S. Our operations in foreign countries subject us to risks that may increase our costs, disrupt our operations or make our operations less efficient and require significant management attention. These risks include:

•uncertainty regarding liability for content or services, including uncertainty as a result of local laws and lack of legal precedent;

•loss of revenues if the U.S. or foreign governments impose limitations on doing business with significant current or potential customers;

•adjusting to different employee/employer relationships and different regulations governing such relationships;

•becoming subject to regulatory oversight;

•corporate and personal liability for alleged or actual violations of laws and regulations;

13

•difficulty in staffing, training, developing and managing foreign operations as a result of distance, language, cultural differences or regulations;

•theft of intellectual property in high-risk countries where we operate;

•difficulties in enforcing contracts, collecting accounts and longer payment cycles in certain countries;

•difficulties in transferring funds from, or converting currencies in, certain countries;

•managing the costs and processes necessary to comply with export control, sanctions, anti-corruption, data protection and competition laws and regulations or other regulatory or contractual limitations on our ability to sell or develop our products and services in certain foreign markets;

•geopolitical developments, including any that impact our or our customers’ ability to operate or deliver content to a country;

•other circumstances outside of our control such as trade disputes, political unrest, the imposition of sanctions, export controls, warfare, military or armed conflict, such as the Russian invasion of Ukraine, terrorist attacks, public health emergencies such as the ongoing COVID-19 pandemic and natural disasters that could disrupt our ability to provide services or limit customer purchases of them;

•reliance on one or more channel partners over which we have limited control or influence on a day-to-day basis; and

•potentially adverse tax consequences.

We are subject to laws and regulations worldwide that differ among jurisdictions, affecting our operations in areas such as intellectual property ownership and infringement; tax; anti-corruption; internet and technology regulations; foreign exchange controls and cash repatriation; data privacy; competition; and employment. Compliance with such requirements can be onerous and expensive and may otherwise impact our business operations negatively. Although we have policies, controls, and procedures designed to help ensure compliance with applicable laws, there can be no assurance that our employees, contractors, suppliers or agents will not violate such laws or our policies. Violations of these laws and regulations can result in fines; criminal sanctions against us, our officers or our employees; prohibitions on the conduct of our business; and damage to our reputation. See also the risk factor captioned Other regulatory developments could negatively impact our business below.

Our business strategy depends on the ability to source adequate transmission capacity and the equipment we need to operate our network; failure to have access to those resources could lead to loss of revenue and service disruptions.

To operate our network, we are dependent in part upon transmission capacity provided by third-party telecommunications network providers, the availability of co-location facilities to house our servers and equipment to support our operations. We may be unable to purchase the bandwidth and space we need from these providers due to limitations on their resources or other reasons outside of our control. Inability to access facilities where we would like to install servers, or perform maintenance on existing servers, because of governmental restrictions on access due to stay-at-home orders or social distancing requirements due to the ongoing COVID-19 pandemic or other events impedes our ability to expand or maintain capacity. As a result, there can be no assurance that we are adequately prepared for unexpected increases in bandwidth demands by our customers, particularly those under cyber-attack or impacted by pandemic-related events. Failure to put in place the capacity we require to operate our business effectively could result in a reduction in, or disruption of, service to our customers and ultimately a loss of those customers.

The Akamai Intelligent Edge Platform relies on hardware equipment, including hundreds of thousands of servers deployed around the world. Global supply chain constraints in the wake of the COVID-19 pandemic continue to increase lead times for equipment components, which adds risk to our ability to flex to meet future business needs. Disruptions in our supply chain could prevent us from purchasing needed equipment at attractive prices or at all. For example, from time to time, it has been, and may continue to be, more difficult to purchase equipment that is manufactured in areas that face disruptions to operations due to unrest or other political activity, public health issues (such as the ongoing COVID-19 pandemic), safety issues, natural disasters or general economic conditions. Failure to have adequate equipment, including server equipment, could harm the quality of our services, which could lead to the loss of customers and revenue.

Acquisitions and other strategic transactions we complete could result in operating difficulties, dilution, diversion of management attention and other harmful consequences that may adversely impact our business and results of operations.

We expect to continue to pursue acquisitions and other types of strategic relationships that involve technology sharing or close cooperation with other companies. Acquisitions and other complex transactions are accompanied by a number of risks, including the following:

•difficulty integrating the technologies, operations and personnel of acquired businesses;

•potential disruptions of our ongoing business;

•potential distraction of management;

•diversion of business resources from core operations;

14

•financial consequences, such as increased operating expenses, incurrence of additional debt and other dilutive effects on our earnings, particularly in the current environment where we have generally seen escalating valuations of many technology companies and increasing allocation of risk to acquirors;

•assumption of legal risks related to compliance with laws, including privacy and anti-corruption regulations;

•failure to realize synergies or other expected benefits;

•lawsuits resulting from an acquisition or disposition;

•acquisition of IT systems that expose us to cybersecurity risks;

•increased accounting charges such as impairment of goodwill or intangible assets, amortization of intangible assets acquired and a reduction in the useful lives of intangible assets acquired; and

•potential unknown liabilities associated with acquired businesses.

Any inability to integrate completed acquisitions or combinations in an efficient and timely manner could have an adverse impact on our results of operations. If we use a significant portion of our available cash to pay for acquisitions that are not successful, it could harm our balance sheet and limit our flexibility to pursue other opportunities without having enjoyed the intended benefits of the acquisition. As we complete any future acquisitions, we may encounter difficulty in incorporating acquired technologies into our offerings while maintaining the quality standards that are consistent with our brand and reputation. If we are not successful in completing acquisitions or other strategic transactions that we may pursue in the future, we may incur substantial expenses and devote significant management time and resources without a successful result. Future acquisitions could require use of substantial portions of our available cash or result in dilutive issuances of securities.

If current and potential large customers shift to hardware-based or other DIY internal solutions, our business will be negatively impacted.

We are reliant on large media and other customers to direct traffic to our network for a significant part of our revenues. In the past, some of those customers have determined that it is better for them to employ a “do-it-yourself” or “DIY” strategy by putting in place equipment, software and other technology solutions for content and application delivery and security protection within their internal systems instead of using our solutions for some or all of their needs. Essentially, this is another form of competition for us. As the amount of money a customer spends with us increases, the risk that they will seek alternative solutions such as DIY or a multi-vendor policy likewise increases. If additional large customers shift to this model, traffic on our network and our contracted revenue commitments would decrease, which would negatively impact our business, profitability, financial condition, results of operations and cash flows.

If we are unable to recruit and retain key employees and qualified sales, research and development, technical, marketing and support personnel, our ability to compete could be harmed.

Our future success depends upon the services of our executive officers and other key technology, sales, research and development, marketing and support personnel who have critical industry experience and relationships. Like other companies in our industry, we have experienced, and we expect to continue to experience, difficulty in hiring and retaining highly skilled employees with appropriate qualifications, and, if we fail to attract new personnel or fail to retain and motivate our current personnel, our business and future growth prospects could suffer. For example, none of our officers or key employees is bound by an employment agreement for any specific term, and members of our senior management have left our company over the years for a variety of reasons. In addition, effective succession planning is important to our long-term success and our failure to ensure effective transfer of knowledge and smooth transitions involving our officers and other key personnel could hinder our strategic planning and execution.

In addition, our future success will depend upon our ability to attract and retain employees. Such efforts will require time, expense and attention by our employees as there is significant competition for talented individuals in the regions in which our primary offices are located, which affects both our ability to retain key employees and hire new ones and new hires require significant training. This competition results in increased costs in the form of cash and stock-based compensation and can have a dilutive impact on our stock. The loss of the services of a significant number of our employees or any of our key employees or our inability to attract and retain new talent in a timely fashion may be disruptive to our operations and overall business.

Our failure to effectively manage our operations and maintain our company culture as our business evolves and our work practices change could harm us.

Our future operating results will depend on our ability to manage our operations and we believe our culture has been a key contributor to our success to date. As a result of the diversification of our business, personnel growth, increased usage of alternative working arrangements, including the designation of over 90% of roles as flexible and able to work remotely, including after the pandemic, acquisitions and international expansion in recent years, many of our employees are now based

15

outside of our Cambridge, Massachusetts headquarters; however, most key management decisions are made by a relatively small group of individuals based primarily at our headquarters.

If we are unable to appropriately increase management depth, enhance succession planning and decentralize our decision-making at a pace commensurate with our actual or desired growth rates, we may not be able to achieve our financial or operational goals. It is also important to our continued success that we hire qualified personnel, properly train them and manage out poorly-performing personnel, all while maintaining our corporate culture and spirit of innovation. If we are not successful in these efforts, our growth and operations could be adversely affected.

Due to the ongoing COVID-19 pandemic, nearly all of our employees worldwide have been working remotely since the first quarter of 2020. We plan to roll out our FlexBase program in May 2022, which will allow the more than 90% of our workforce designated as flexible to choose whether they want to work from an Akamai office or their home office. Although we believe a flexible working policy will help us attract and retain talent, the long-term continuation of pandemic-based restrictions and implementation of our FlexBase program could, among other things, negatively impact employee morale and productivity, inhibit our ability to hire and train new employees and impede our ability to support customers at the levels they expect. In addition, certain security systems in homes or other remote workplaces may be less secure than those used in our offices, which may subject us to increased security risks, including cybersecurity-related events, and expose us to risks of data or financial loss and associated disruptions to our business operations. Members of our workforce who access company data and systems remotely may not have access to technology that is as robust as that in our offices, which could cause the networks, information systems, applications and other tools available to those remote workers to be more limited or less reliable than in our offices. We may also be exposed to risks associated with the locations of remote workers, including compliance with local laws and regulations or exposure to compromised internet infrastructure. Allowing members of our workforce to work remotely may create intellectual property risk if employees create intellectual property on our behalf while residing in a jurisdiction with unenforced or uncertain intellectual property laws. Further, if employees fail to inform us of changes in their work location, we may be exposed to additional risks without our knowledge. If we are unable to effectively transition to a hybrid workforce, manage the cybersecurity and other risks of remote work, and maintain our corporate culture and workforce morale, our business could be harmed or otherwise negatively impacted.

Our restructuring and reorganization activities may be disruptive to our operations and harm our business.

Over the past several years, we have implemented internal restructurings and reorganizations designed to reduce the size and cost of our operations, improve operational efficiencies, enhance our ability to pursue market opportunities and accelerate our technology development initiatives. In February 2021, we announced a significant reorganization to create two new business groups linked to our security and edge delivery technologies as well as establishing a unified global sales force. We may take similar steps in the future as we seek to realize operating synergies, optimize our operations to achieve our target operating model and profitability objectives, respond to market forces or better reflect changes in the strategic direction of our business. Disruptions in operations may occur as a result of taking these actions. Taking these actions may also result in significant expense for us, including with respect to workforce reductions, as well as decreased productivity due to employee distraction and unanticipated employee turnover. Substantial expense or business disruptions resulting from restructuring and reorganization activities could adversely affect our operating results.

We may have exposure to greater-than-anticipated tax liabilities.

Our future income taxes could be adversely affected by earnings being lower than anticipated in jurisdictions that have lower statutory tax rates and higher than anticipated in jurisdictions that have higher statutory tax rates, or changes in tax laws, regulations or accounting principles, as well as certain discrete items such as equity-related compensation. In particular, in October 2021, a global consortium of countries agreed to establishing a new framework for international tax reform; if implemented, such reform may increase our tax liabilities and reduce our profitability. We have recorded certain tax reserves to address potential exposures involving our income tax and sales and use tax positions. These potential tax liabilities result from the varying application of statutes, rules, regulations and interpretations by different jurisdictions. We are currently subject to tax audits in various jurisdictions including the Commonwealth of Massachusetts. In the second quarter of 2018, we filed an appeal with the Massachusetts Appellate Tax Board, or MATB, contesting adverse audit findings relating to our eligibility to claim certain tax benefits and exemptions. In July 2020, the MATB ruled in our favor; however the Massachusetts Department of Revenue has appealed the decision. If the ultimate outcome of the appeal and other audits are adverse to us, our reserves may not be adequate to cover our total actual liability, and we would need to take a financial charge. Although we believe our estimates, our reserves and the positions we have taken in all jurisdictions are reasonable, the ultimate tax outcome may differ from the amounts recorded in our financial statements and may materially affect our financial results in the period or periods for which such determination is made.

16

Fluctuations in foreign currency exchange rates affect our reported operating results in U.S. dollar terms.

Revenue generated and expenses incurred by our international subsidiaries are often denominated in the currencies of the local countries. As a result, our consolidated U.S. dollar financial statements are subject to fluctuations due to changes in exchange rates as the financial results of our international subsidiaries are translated from local currencies into U.S. dollars. In addition, our financial results are subject to changes in exchange rates that impact the settlement of transactions in non-functional currencies. While we have implemented a foreign currency hedging program to mitigate transactional exposures, there is no guarantee that such program will be effective.

If the accounting estimates we make, and the assumptions on which we rely, in preparing our financial statements prove inaccurate, our actual reported results may be adversely affected.

Our financial statements have been prepared in accordance with accounting principles generally accepted in the U.S. The preparation of these financial statements requires us to make estimates and judgments about, among other things, taxes, revenue recognition, stock-based compensation, capitalization of internal-use software development costs, investments, contingent obligations, allowance for current expected credit losses, intangible assets and restructuring charges. These estimates and judgments affect, among other things, the reported amounts of our assets, liabilities, revenue and expenses, the amounts of charges accrued by us, and related disclosure of contingent assets and liabilities. We base our estimates on historical experience and on various other assumptions that we believe to be reasonable under the circumstances and at the time they are made. If our estimates or the assumptions underlying them are not correct, actual results may differ materially from our estimates and we may need to, among other things, accrue significant additional charges that could adversely affect our results of operations, which in turn could adversely affect our stock price. In addition, new accounting pronouncements and interpretations of accounting pronouncements have occurred and may occur in the future that could adversely affect our reported financial results.

Our sales to government clients subject us to risks including early termination, audits, investigations, sanctions and penalties.

We have customer contracts with the U.S. government, as well as foreign, state and local governments and their respective agencies and we may in the future increase sales to government entities. Sales to government entities are subject to a number of risks. Selling to government entities can be highly competitive, expensive, and time consuming, often requiring significant upfront time and expense without any assurance that these efforts will generate a sale. Such government entities often have the right to terminate these contracts at any time, without cause. There is increased pressure for governments and their agencies, both domestically and internationally, to reduce spending and demand and payment for our services may be impacted by public sector budgetary cycles and funding authorizations. These factors may combine to potentially limit the revenue we derive from government contracts in the future. Additionally, government contracts generally have requirements that are more complex than those found in commercial enterprise agreements and therefore are more costly to comply with. Such contracts are also subject to audits and investigations that could result in civil and criminal penalties and administrative sanctions, including termination of contracts, refund of a portion of fees received, forfeiture of profits, suspension of payments, fines and suspensions or debarment from future government business.

We utilize third-party technology in our business, and failures or vulnerabilities, and/or litigation, related to these technologies may adversely affect our business.

We utilize third party technology software, services, and other technology in order to operate critical functions of our business, including the integration of certain of these technologies into our network, products and services. If these software, services, or other technology become unavailable or contain vulnerabilities, our expenses could increase and our ability to operate our network, provide our products, and our results of operations could be impaired until equivalent software, technology, or services are purchased or developed or any identified vulnerabilities are remedied. If we are unable to procure the necessary third-party technology we may need to acquire or develop alternative technology, we may have to resort to utilizing alternative technology of lower quality. This could limit and delay our ability to offer new or competitive products and increase our costs of production. As a result, our business could be significantly harmed. In addition, the use of third-party technology may expose us to third-party claims of intellectual property infringement which could cause us to incur significant costs in defense or alternative sourcing.

We rely on certain “open-source” software, the use of which could result in our having to distribute our proprietary software, including our source code, to third parties on unfavorable terms, which could materially affect our business.

Certain of our offerings use software that is subject to open-source licenses. Open-source code is software that is freely accessible, usable and modifiable; however, certain open-source code is governed by license agreements, the terms of which

17

could require users of such software to make any derivative works of the software available to others on unfavorable terms or at no cost. Because we use open-source code, we may be required to take remedial action in order to protect our proprietary software. Such action could include replacing certain source code used in our software, discontinuing certain of our products or taking other actions that could be expensive and divert resources away from our development efforts. In addition, the terms relating to disclosure of derivative works in many open-source licenses are unclear and have not been interpreted by U.S. courts. If a court interprets one or more such open-source licenses in a manner that is unfavorable to us, we could be required to make certain of our key software available at no cost. We could also be subject to similar conditions or restrictions should there be any changes in the licensing terms of the open source software incorporated into our products. In either event, we could be required to seek licenses from third parties in order to continue offering our products, to re-engineer our products or to discontinue the sale of our products in the event re-engineering cannot be accomplished on a timely or successful basis, any of which could adversely affect our business, operating results and financial condition. Furthermore, open-source software may have security flaws and other deficiencies that could make our solutions less reliable and damage our business.

Legal and Regulatory Risks

Evolving privacy regulations could negatively impact our profitability and business operations.

Laws and regulations that apply to the internet related to privacy and data localization could pose risks to our revenues, intellectual property and customer relationships, as well as increase expenses or create other disadvantages to our business.

Privacy laws are rapidly proliferating, changing and evolving globally. Governments, privacy advocates and class action attorneys are increasingly scrutinizing how companies collect, process, use, store, share and transmit personal data. Laws, such as the European Union General Data Protection Regulation, or GDPR, and the California Consumer Privacy Act of 2018, or CCPA, and industry self-regulatory codes have been enacted, and more laws are being considered that may affect how we use data generated from our network as well as our ability to reach current and prospective customers, understand how our solutions are being used and respond to customer requests allowed under the laws. Any perception that our business practices, our data collection activities or how our solutions operate represent an invasion of privacy, whether or not consistent with current regulations and industry practices, may subject us to public criticism or boycotts, class action lawsuits, reputational harm or actions by regulators, or claims by industry groups or other third parties, all of which could disrupt our business and expose us to liability.

Engineering efforts to build new capabilities to facilitate compliance with increasing data localization requirements and new and changing privacy laws could require us to take on substantial expense and divert engineering resources from other projects. We might experience reduced demand for our offerings if we are unable to engineer products that meet our legal duties or help our customers meet their obligations under the GDPR, the CCPA or other data regulations, or if the changes we implement to comply with such laws and regulations make our offerings less attractive.

Our ability to leverage the data generated by our global network of servers is important to the value of many of the solutions we offer, our operational efficiency and future product development opportunities. Our ability to use data in this way may be constrained by regulatory developments. Compliance with applicable laws and regulations regarding personal data may require changes in services, business practices or internal systems that result in increased costs, lower revenue, reduced efficiency or greater difficulty in competing with other firms. Compliance with data regulations might limit our ability to innovate or offer certain features and functionality in some jurisdictions where we operate. Failure to comply with existing or new rules may result in significant penalties or orders to stop the alleged non-compliant activity, as well as negative publicity and diversion of management time and effort.

Although we take steps intended to improve the security controls across our business groups and geographies, our security controls over personal data, our training of employees and third parties on data security and other practices we follow may not prevent the improper disclosure or misuse of customer or end-user data we store and manage. Improper disclosure or misuse of personal data could harm our reputation, lead to legal exposure to customers or end users, or subject us to liability under laws that protect personal data, resulting in increased costs or loss of revenue.

Other regulatory developments could negatively impact our business.

Local and foreign laws and regulations that apply to the internet related to, among other things, content liability, security requirements, law enforcement access to information, critical infrastructure, data localization requirements and restrictions on social media or other content could pose risks to our revenues, intellectual property and customer relationships as well as increase expenses or create other disadvantages to our business. Section 230 of the U.S. Communications Decency Act, often referred to as Section 230, gives websites that host user-generated content broad protection from legal liability for content posted on their sites. Proposals to repeal or amend Section 230 could expose us to greater legal liability in the conduct of our

18

business. Our Acceptable Use Policy prohibits customers from using our network to deliver illegal or inappropriate content; if customers violate that policy, we may nonetheless face reputational damage or lawsuits related to their content. Regulations have been enacted or proposed in a number of countries that limit the delivery of certain types of content into those countries. Enactment and expansion of such laws and regulations would negatively impact our revenues. For example, restrictions were adopted in India in 2020 prohibiting access to identified Chinese applications which caused a reduction in revenue to us. In addition, such laws and regulations could cause internet service providers, or others, to block our products in order to enforce content blocking efforts. In addition, efforts to block a single product or domain name may end up blocking a number of other products or domain names in an overbroad manner that could affect our business. Interpretations of laws or regulations that would subject us to regulatory supervision or, in the alternative, require us to exit a line of business or a country, could lead to loss of significant revenues and have a negative impact on the quality of our solutions. As noted with privacy compliance above, engineering efforts to build new capabilities to facilitate compliance with law enforcement access requirements, content access restrictions, or other regulations could require us to take on substantial expense and divert engineering resources from other projects. These circumstances could harm our profitability.

We may need to defend against patent or copyright infringement claims, which would cause us to incur substantial costs or limit our ability to use certain technologies in the future.

As we expand our business and develop new technologies, products and services, we have become increasingly subject to intellectual property infringement and other claims and related litigation. We have also agreed to indemnify our customers and channel and strategic partners if our solutions infringe or misappropriate specified intellectual property rights; as a result, we have been and could again become involved in litigation or claims brought against customers or channel or strategic partners if our solutions or technology are the subject of such allegations. Any litigation or claims, whether or not valid, brought against us or pursuant to which we indemnify our customers or partners could result in substantial costs and diversion of resources and require us to do one or more of the following:

•cease selling, incorporating or using features, functionalities, products or services that incorporate the challenged intellectual property;

•pay substantial damages and incur significant litigation expenses;

•obtain a license from the holder of the infringed intellectual property right, which license may not be available on reasonable terms or at all; or

•redesign products or services.

If we are forced to take any of these actions, our business may be seriously harmed.

Our business will be adversely affected if we are unable to protect our intellectual property rights from unauthorized use or infringement by third parties.

We rely on a combination of patent, copyright, trademark and trade secret laws and contractual restrictions on disclosure to protect our intellectual property rights. These legal protections afford only limited protection, particularly in some regions outside the United States. We have previously brought lawsuits against entities that we believed were infringing our intellectual property rights but have not always prevailed. Such lawsuits can be expensive and require a significant amount of attention from our management and technical personnel, and the outcomes are unpredictable. Monitoring unauthorized use of our solutions is difficult, and we cannot be certain that the steps we have taken or will take will prevent unauthorized use of our technology. Furthermore, we cannot be certain that any pending or future patent applications will be granted, that any future patent will not be challenged, invalidated or circumvented, or that rights granted under any patent that may be issued will provide competitive advantages to us. If we are unable to protect our proprietary rights from unauthorized use, the value of our intellectual property assets may be reduced. Although we have licensed from other parties proprietary technology covered by patents, we cannot be certain that any such patents will not be challenged, invalidated or circumvented. Such licenses may also be non-exclusive, meaning our competition may also be able to access such technology.

Litigation may adversely impact our business.

From time to time, we are or may become involved in various legal proceedings relating to matters incidental to the ordinary course of our business, including patent, commercial, product liability, breach of contract, employment, class action, whistleblower and other litigation and claims, and governmental and other regulatory investigations and proceedings. In addition, under our charter, we could be required to indemnify and advance expenses to our directors and officers in connection with their involvement in certain actions, suits, investigations and other proceedings. Such matters can be time-consuming, divert management’s attention and resources and cause us to incur significant expenses. Furthermore, because litigation is

19

inherently unpredictable and may not be covered by insurance, there can be no assurance that the results of any litigation matters will not have an adverse impact on our business, results of operations, financial condition or cash flows.

Global climate change and related natural resource conservation regulations could adversely impact our business.

The long-term effects of climate change on the global economy and our industry in particular remain unknown. For example, changes in weather where we operate may increase the costs of powering and cooling computer hardware we use to develop software and provide cloud-based services. In addition, catastrophic natural disasters, such as an earthquake, fire, flood or other act of God, catastrophic event or pandemic, and any similar disruption, as well as any derivative disruption, such as those to services provided through localized physical infrastructure, including utility or telecommunication outages, or any to the continuity of our, our partners’, suppliers’ and our customers’ workforce, could have a material adverse impact on our business and operating results. Our global operations are dependent on our network infrastructure, technology systems and website, including the supply of servers from our third party partners, as well as our intellectual property and personnel and any disruption to these dependencies may negatively impact our ability to respond to customers, provide services and maintain local and global business continuity. Furthermore, some of our products and business functions are hosted or carried out by third parties that may be vulnerable to these same types of disruptions, the response to or resolution of which may be beyond our control. Any disruption to our business could cause us to incur significant costs to repair damages to our facilities, equipment, infrastructure and business relationships.

In addition, in response to concerns about global climate change, governments may adopt new regulations affecting the use of fossil fuels or requiring the use of alternative fuel sources which could adversely impact our business. Our deployed network of servers consumes significant energy resources, including those generated by the burning of fossil fuels. While we have invested in projects to support renewable energy development, our customers, investors and other stakeholders may require us to take more steps to demonstrate that we are taking ecologically responsible measures in operating our business. The costs and any expenses we may incur to make our network more energy-efficient and comply with any new regulations could make us less profitable in future periods. Failure to comply with applicable laws and regulations or other requirements imposed on us could lead to fines, lost revenue and damage to our reputation.

Investment-Related Risks

Our stock price has been, and may continue to be, volatile, and your investment could lose value.

The market price of our common stock has historically been volatile. Trading prices may continue to fluctuate in response to a number of events and factors, including the following:

•quarterly variations in operating results;

•announcements by our customers related to their businesses that could be viewed as impacting their usage of our solutions;

•market speculation about whether we are a takeover target or considering a strategic transaction;

•announcements by competitors;

•activism by any single large stockholder or combination of stockholders or rumors about such activity;

•changes in financial estimates and recommendations by securities analysts;

•failure to meet the expectations of securities analysts;

•purchases or sales of our stock by our officers and directors;

•general economic conditions and other macro-economic factors, such as inflationary pressures;

•repurchases of shares of our common stock;

•successful cyber-attacks affecting our network or systems;

•performance by other companies in our industry; and

•geopolitical conditions such as acts of terrorism, military or armed conflicts, such as the Russian invasion of Ukraine, or global pandemics.

Furthermore, our revenue, particularly that portion attributable to usage of our solutions beyond customer commitments, can be difficult to forecast, and, as a result, our quarterly operating results can fluctuate substantially. This concern is particularly acute with respect to our media and commerce customers. In the future, our customer contracting models may change to move away from a committed revenue structure to a “pay-as-you-go” approach, which could make it easier for customers to reduce the amount of business they do with us or leave altogether. Changes in billing models and committed revenue requirements could, therefore, create challenges with our forecasting processes. Because a significant portion of our cost structure is largely fixed in the short-term, revenue shortfalls tend to have a disproportionately negative impact on our profitability. If we announce revenue or profitability results that do not meet or exceed our guidance or make changes in our guidance with respect to future operating results, our stock price may decrease significantly as a result.

20

Any of these events, as well as other circumstances discussed in these Risk Factors, may cause the price of our common stock to fall. In addition, the stock market in general, and the market prices of stock of publicly-traded technology companies in particular, have experienced significant volatility that often has been unrelated to the operating performance of affected companies. These broad stock market fluctuations may adversely affect the market price of our common stock, regardless of our operating performance.

Any failure to meet our debt obligations would damage our business.

As of the date of this report, we had total principal amount of $1,150.0 million of convertible senior notes outstanding due in 2025, and we had total principal amount of $1,150.0 million of convertible senior notes outstanding due in 2027. We also entered into a credit facility in May 2018 that provides for an initial $500.0 million in revolving loans; under specified circumstances, we would be able to borrow an additional $500.0 million thereunder. Our ability to repay any amounts we borrow under our credit facility, refinance the notes, make cash payments in connection with conversions of the notes or repurchase the notes in the event of a fundamental change (as defined in the applicable indenture governing the notes) will depend on market conditions and our future performance, which is subject to economic, financial, competitive and other factors beyond our control. We also may not use the cash we have raised through future borrowing under the credit facility or the issuance of the convertible senior notes in an optimally productive and profitable manner. If we are unable to remain profitable or if we use more cash than we generate in the future, our level of indebtedness at such time could adversely affect our operations by increasing our vulnerability to adverse changes in general economic and industry conditions and by limiting or prohibiting our ability to obtain additional financing for additional capital expenditures, acquisitions and general corporate and other purposes. If we do not have sufficient cash upon conversion of the notes or to repurchase the notes following a fundamental change, we would be in default under the terms of the notes, which could seriously harm our business. Although the terms of our credit facility include certain financial ratios that potentially limit our future indebtedness, the terms of the notes do not. If we incur significantly more debt, this could intensify the risks described above.

We may issue additional shares of our common stock or instruments convertible into shares of our common stock and thereby materially and adversely affect the market price of our common stock.

Our board of directors has the authority to issue additional shares of our common stock or other instruments convertible into, or exchangeable or exercisable for, shares of our common stock. If we issue additional shares of our common stock or instruments convertible into, or exchangeable or exercisable for, shares of our common stock, it may materially and adversely affect the market price of our common stock.

Because we currently do not intend to pay dividends, stockholders will benefit from an investment in our common stock only if it appreciates in value.

We currently intend to retain our future earnings, if any, for use in the operation of our business and do not expect to pay any cash dividends in the foreseeable future on our common stock. As a result, the success of an investment in our common stock will depend upon any future appreciation in its value. There is no guarantee that our common stock will appreciate in value or even maintain the price at which stockholders have purchased their shares.

Provisions of our charter, by-laws and Delaware law may have anti-takeover effects that could prevent a change in control even if the change in control would be beneficial to our stockholders.

Provisions of our charter, by-laws and Delaware law could make it more difficult for a third party to control or acquire us, even if doing so would be beneficial to our stockholders. These provisions include:

•our board of directors having the right to elect directors to fill a vacancy created by the expansion of the board of directors or the resignation, death or removal of a director;

•stockholders needing to provide advance notice to nominate individuals for election to the board of directors or to propose matters that can be acted upon at a stockholders' meeting; and

•the ability of our board of directors to issue, without stockholder approval, shares of undesignated preferred stock.

Further, as a Delaware corporation, we are also subject to certain Delaware anti-takeover provisions. Under Delaware law, a corporation may not engage in a business combination with any holder of 15% or more of its capital stock unless the holder has held the stock for three years or, among other things, the board of directors has approved the transaction. Our board of directors could rely on Delaware law to prevent or delay an acquisition of us.

21

If we fail to maintain an effective system of internal controls, we may not be able to accurately report our financial results or prevent fraud. As a result, our stockholders could lose confidence in our financial reporting, which could harm our business and the trading price of our common stock.

We have complied with Section 404 of the Sarbanes-Oxley Act of 2002 by assessing, strengthening and testing our system of internal controls. Even though we concluded our internal control over financial reporting and disclosure controls and procedures were effective as of the end of the period covered by this report, we need to continue to maintain our processes and systems and adapt them to changes as our business evolves and we rearrange management responsibilities and reorganize our business. This continuous process of maintaining and adapting our internal controls and complying with Section 404 is expensive and time-consuming and requires significant management attention. We cannot be certain that our internal control measures will continue to provide adequate control over our financial processes and reporting and ensure compliance with Section 404. Furthermore, as our business changes, including by expanding our operations in different markets, increasing reliance on channel partners and completing acquisitions, our internal controls may become more complex and we will be required to expend significantly more resources to ensure our internal controls remain effective. Failure to implement required new or improved controls, or difficulties encountered in their implementation, could harm our operating results or cause us to fail to meet our reporting obligations. If we or our independent registered public accounting firm identify material weaknesses, the disclosure of that fact, even if quickly remediated, could reduce the market's confidence in our financial statements and harm our stock price.