Business Risks

Our operating results may vary from period to period.

Our operating results may vary significantly from quarter to quarter and from year to year, depending on a variety of factors, including:

Consequently, results for any interim or full year period may not necessarily be indicative of results in subsequent periods.

A significant proportion of our Products revenues are from academic centers, funded by government grants in our major markets globally.

Governments around the world have been reviewing long term public funding of life science research in response to the problems arising from global financial pressures. As a result, the available funds for discretionary purchases from market to market have been capped or reduced based on available national budgets. Reduced grants for researchers could impact our business, in the amount, price and type of products bought and used by customers.

A significant proportion of our Products revenues are from customers in pharmaceutical and biotech companies.

Globally, pharmaceutical companies are challenging internal budgets and the return of investment from their R&D spend. This could impact our business, in the amount, price and type of products bought and used by customers.

Our future success will depend in part upon our ability to enhance existing products, develop and introduce new products and realize commercial acceptance of those products, in a rapidly changing technological environment.

The market for our products is characterized by rapidly changing technology, evolving industry standards and new product introductions, which may make our existing products obsolete. Our future success will depend in part upon our ability to enhance existing products, develop and introduce new products, and realize commercial acceptance of those products.

The development of new or enhanced products is a complex and uncertain process requiring the accurate anticipation of technological and market trends, as well as precise technological execution. In addition, the successful development of new products will depend on the development of new technologies. We will be required to undertake time-consuming and costly development activities and may need to seek regulatory approval for these new products. We may experience difficulties that could delay or prevent the successful development, introduction and marketing of these new products. Regulatory clearance or approval of any new products may not be granted by the FDA, state-wide agency or foreign regulatory authorities on a timely basis, or at all, and the new products may not be successfully commercialized.

Our inability to carry out certain of our marketing and sales plans may make it difficult for us to grow or maintain our business.

Our marketing program is designed to more directly service its end users, while simultaneously promoting the Enzo Life Sciences brand, with reference to our acquired brands. We will continue to reach out to our customers using our direct field sales force, in-house business team, the on-going enhancement of our interactive websites, continued attendance at top industry trade meetings, and publications to customers and in leading scientific journals. In addition to our direct sales, we operate worldwide through wholly-owned subsidiaries in the U.S., Switzerland, Belgium, Germany, and the UK, a branch office in France and a network of third-party distributors in most other significant markets. If we are unable to successfully continue these programs, we may be unable to grow and our business could suffer.

We face significant competition, which could cause us to decrease the prices for our products or render our products uneconomical or obsolete, any of which could reduce our revenues and limit our growth.

Our competitors in the biotechnology industry in the United States and abroad are numerous and include major pharmaceutical, energy, food and chemical companies, as well as specialized genetic engineering firms. Many of our large competitors have substantially greater resources than us and have the capability of developing products which compete directly with our products. Many of these companies are performing research in the same areas as we are. The markets for our products are also subject to competitive risks because markets are highly price competitive. Our competitors have competed in the past by lowering prices on certain products.

These competitive conditions could, among other things:

We depend on distributors and contract manufacturers and suppliers for materials, which could impair our ability to manufacture or distribute our products.

We manufacture and distribute our own brand products and the products of third party manufacturers and suppliers. Distributors also sell our branded products. To the extent we are unable to maintain or replace a distributor in a reasonable time period, or on commercially reasonable terms, if at all, our operations could be disrupted.

Outside distributors, suppliers and contract manufacturers provide key finished goods, components and raw materials used in the sale and manufacture of our products. Although we believe that alternative sources for components and raw materials are available, any supply interruption in a limited or sole source component or raw material would harm our ability to manufacture our products until a new source of supply is identified and qualified. In addition, an uncorrected defect or supplier’s variation in a component or raw material, either unknown to us or incompatible with our manufacturing process, could harm our ability to manufacture products. We might not be able to find a sufficient alternative supplier in a reasonable time period, or on commercially reasonable terms, if at all. If we fail to obtain a supplier for the components of our products, our operations could be disrupted.

We use hazardous materials in our business. Any claims relating to improper handling, storage or disposal of these materials could be costly and time-consuming.

Our manufacturing and research and development processes involve the storage, use and disposal of hazardous substances, including hazardous chemicals, biological hazardous materials and radioactive compounds. We are subject to governmental regulations governing the use, manufacture, storage, handling and disposal of materials and waste products. Although we believe that our safety and environmental management practices and procedures for handling and disposing of these hazardous materials are in accordance with good industry practice and comply with applicable laws, permits, licenses and regulations, the risk of accidental environmental or human contamination or injury from the release or exposure of hazardous materials cannot be completely eliminated. In the event of an accident, we could be held liable for any damages that result, including environmental clean-up or decontamination costs, and any such liability could exceed the limits of, or fall outside the coverage of, our insurance.

We may not be able to maintain insurance on acceptable terms, or at all. We could be required to incur significant costs to comply with current or future environmental and public and workplace safety and health laws and regulations.

Risks relating to our Intellectual Property and Regulatory Approval

We are currently subject to, and may in the future become subject to additional, U.S. state and federal, and non-U.S. laws and regulations, industry guidelines, and contracts, imposing obligations on how we collect, store, use and process personal information. Our actual or perceived failure to comply with such obligations could harm our business. Ensuring compliance with such laws could also impair our efforts to maintain and expand our customer base, and thereby decrease our revenue.

We are, and may increasingly become, subject to various laws and regulations, as well as contractual obligations and mandatory industry standards, relating to data privacy and security in the jurisdictions in which we operate and/or offer our goods and/or services. The regulatory environment related to data privacy and security is increasingly rigorous, with new and constantly changing requirements potentially applicable to our business, and some enforcement practices are likely to remain uncertain for the foreseeable future. These laws and regulations may be interpreted and applied differently over time and from jurisdiction to jurisdiction, and it is possible that they will be interpreted and applied in ways that may have a material adverse effect on our business, financial condition, results of operations and prospects. As an example, the HIPAA privacy regulations govern the use and disclosure of protected health information by covered healthcare providers, as well as health insurance plans. They also set forth certain rights that an individual has with respect to his or her protected health information maintained by a covered plan, including the right to access or amend certain records containing protected health information or to request restrictions on the use or disclosure of protected health information. The HIPAA security regulations establish requirements for safeguarding the confidentiality, integrity and availability of protected health information that is electronically transmitted or electronically stored. HIPAA violations are subject to civil and criminal penalties. In the United States, various federal and state regulators, including governmental agencies like the FTC, have adopted, or are considering adopting, laws and regulations regarding the processing of personal information, privacy and/or data security. According to the FTC, failing to take appropriate steps to keep consumers’ personal information secure or using or disclosing personal information in violation of a company’s privacy notice may constitute unfair or deceptive acts or practices, in or affecting commerce in violation of the FTC Act. The FTC generally expects a company’s data security measures to be reasonable and appropriate in light of the sensitivity and volume of consumer information it holds, the size and complexity of its business and the cost of available tools to improve security and reduce vulnerabilities. In addition, media or other reports of perceived security vulnerabilities to our systems or those of third parties upon which the Company’s business relies, even if nothing has actually been attempted or occurred, could also adversely impact our brand and reputation and materially affect our business. On the state specific level, several state laws generally require data owners to implement reasonable security measures to protect the personal information collected from residents. These laws generally require a data owner to implement reasonable security procedures and practices appropriate to the nature of the information, and to protect the personal information from unauthorized access, destruction, use, modification, or disclosure. As state laws are changing rapidly, we may also become subject to additional data privacy and security laws and regulations in the future, and we anticipate that states and potentially, the federal government, could enact new or amended legislation to strengthen data privacy and security standards, which may cause us to incur additional costs and expenses to maintain compliance and could subject us to fines, penalties and negative publicity in the event of a breach or violation under any such law or regulation. Certain state laws may be more stringent or broader in scope, or offer greater individual rights, with respect to personal information than federal, international or other state laws, and such laws may differ from each other, all of which may complicate compliance efforts. For example, the California Consumer Privacy Act of 2018, which provides comprehensive consumer privacy rights for California residents and imposes obligations on companies that process their personal information and meet certain revenue or volume processing thresholds, came into effect on January 1, 2020, and was further amended by the CPRA, effective January 1, 2023. The CCPA is also subject to extensive regulations, which are still being finalized. Among other things, the CCPA requires covered companies to provide certain disclosures to California residents and provide such residents consumer privacy rights, including the ability to opt-out of certain sales of their personal information, as well as to be able to delete or access personal information. In addition, media or other reports of perceived security vulnerabilities to our systems or those of third parties upon which the Company’s business relies, even if nothing has actually been attempted or occurred, could also adversely impact our brand and reputation and materially affect our business. The CCPA provides for civil penalties for violations, as well as a private right of action for certain data breaches. This limited private right of action may increase the likelihood of, and risks associated with, data breach litigation, including class action litigation. In addition, laws in all 50 U.S. states require businesses to provide notice to individuals, and in some states, to regulators and consumer reporting agencies, in the event of a data breach. Notification triggers and exceptions vary by state. Generally, all states with breach notification laws require notice if the information breached includes a state resident’s name in combination with: a Social Security number, state ID or driver’s license number, or financial account information. Some states include other types of personal information as a trigger, such as health information, biometrics, login credentials, tax ID or date of birth. The majority of state data security breach notification laws also provide a safe harbor from the laws’ notification requirements if the personal information affected by the security breach was encrypted and the encryption key was not affected by the security breach. International laws, regulations and standards in many jurisdictions apply to certain collection, use, retention, security, disclosure, transfer, marketing and other processing of personal information. For example, the GDPR, which became effective in May 2018, increased the jurisdictional reach of data protection laws of the European Economic Area and introduced new requirements for handling personal data. EU member states are tasked under the GDPR to enact, and have enacted, certain implementing legislation that adds to and/or further interprets the GDPR requirements and potentially extends our obligations and potential liability for failing to meet such obligations. The GDPR, together with national legislation, regulations and guidelines of the EU member states governing the processing of personal data, impose strict obligations and restrictions on the ability to collect, use, retain, protect, disclose, transfer and otherwise process personal data. In particular, the GDPR includes requirements to establish a legal basis for processing, higher standards for obtaining consent from individuals to process certain types of personal data, more robust disclosures to individuals, a strengthened individual data rights regime, requirements to implement safeguards to protect the security and confidentiality of personal data, data breach notification obligations to appropriate data protection authorities or individuals, limitations on retention and secondary uses of personal information, increased requirements pertaining to health data and other sensitive types of personal data, and additional obligations when entities contract with third-party processors to process personal data, including personal data transfer restrictions. The GDPR allows for fines for certain serious violations of up to 4% of global annual revenue or €20 million, whichever is greater, and other administrative penalties. Following the withdrawal of the United Kingdom from the European Union, data privacy and security laws that are substantially similar to the GDPR are in effect in the United Kingdom, which carry similar risks and authorize similar fines for certain violations. Certain legal regimes outside of the United States, including in the United Kingdom and under the GDPR in the European Economic Area, restrict the transfer of personal data to the United States unless certain measures are in place, including, for example, executing Standard Contractual Clauses through certification to the Data Privacy Framework. Due to evolving regulatory guidance, we are continuing to evaluate the validity of the data transfer mechanisms and we may need to invest in additional technical, legal and organizational safeguards in the future to avoid disruptions to data flows within our business and to and from our customers and service providers. We use third-party credit card processors to process payments from our customers. Through our agreements with our third-party credit card processors, we are subject to payment card association operating rules, including the PCI-DSS, which governs a variety of areas, including how consumers and customers may use their cards, the security features of cards, security standards for processing, data security and allocation of liability for certain acts or omissions, including liability in the event of a data breach. Any change in these rules or standards and related requirements could make it difficult or impossible for us to comply. Additionally, any data breach or failure to hold certain information in accordance with PCI-DSS may have an adverse effect on our business and its operations. All of these evolving compliance and operational requirements impose significant costs, such as costs related to organizational changes, implementing additional protection technologies, training employees and engaging consultants and legal advisors, which are likely to increase over time. In addition, such requirements may require us to modify our data processing practices and policies, utilize management’s time or divert resources from other initiatives and projects, all of which could have a material adverse effect on our business, financial condition, results of operations and prospects. In addition, media or other reports of perceived security vulnerabilities to our systems or those of third parties upon which the Company’s business relies, even if nothing has actually been attempted or occurred, could also adversely impact our brand and reputation and materially affect our business. Any failure or perceived failure by us to comply with any applicable federal, state or similar non-U.S. laws and regulations relating to data privacy and security could result in damage to our reputation, as well as proceedings or litigation by governmental agencies or other third parties, including class action privacy litigation in certain jurisdictions, which could subject us to significant fines, sanctions, awards, injunctions, penalties or judgments. Any of the foregoing could have a material adverse effect on our business, financial condition, results of operations and prospects.

Protecting our proprietary rights is difficult and costly. If we fail to adequately protect or enforce our proprietary rights, we could lose potential revenue from licensing and royalties.

Our potential revenue may be affected by our ability to obtain, maintain and enforce our patents. In addition, our ability to commercialize any product successfully may depend on our ability to obtain and maintain patents of sufficient scope to prevent third parties from developing similar or competitive products. Our ability to commercialize any product successfully will largely depend on our ability to obtain and maintain patents of sufficient scope to prevent third parties from developing similar or competitive products. In the absence of patent protection, competitors may impact our business by developing and marketing substantially equivalent products and technology.

Patent disputes are frequent and can preclude the commercialization of products. We have in the past been, are currently, and may in the future be, involved in material patent litigation, such as the matters discussed under “Part I - Item 3. Legal Proceedings” in this report. Patent protection litigation is time-consuming, and we have incurred and anticipate continuing to incur significant legal costs. In addition, an adverse decision could force us to either obtain third-party licenses at a material cost or cease using the technology or product in dispute.

We have filed applications for United States and foreign patents covering certain aspects of our technology, but there is no assurance that pending patents will issue or as to the degree of protection which any owned patent might afford.

Lawsuits, including claimed patent infringements, in the biotechnology industry are not uncommon. If we become involved in any significant litigation, we would suffer as a result of the diversion of our management’s attention, the expense of litigation and any judgments against us.

In addition to intellectual property litigation for infringement, other substantial, complex or extended litigation could result in large expenditures by us and distraction of our management. Patent litigation is time-consuming and costly in its own right and could subject us to significant liabilities to third parties. In addition, an adverse decision could force us to either obtain third-party licenses at a material cost or cease using the technology or product in dispute. In addition, lawsuits by employees, stockholders, collaborators or distributors could be very costly and substantially disrupt our business. Disputes from time to time with companies or individuals are not uncommon in the biotechnology industry, and we cannot assure you that we will always be able to resolve them out of court.

We also utilize certain unpatented proprietary technology, and no assurance can be given that others will not independently develop substantially equivalent proprietary technology, that such proprietary technology will not be disclosed or that we can meaningfully protect our rights to such proprietary technology.

We market certain of our products as Research Use Only, or RUO, in the United States. Our RUO products support the research and development activities conducted by academic/research institutions and biopharmaceutical companies of potential diagnostic and therapeutic products and services for which they may later pursue investigation and clearance, authorization or approval from regulatory authorities, such as the FDA.

RUO products belong to a separate regulatory classification under a long-standing FDA regulation. From an FDA perspective, products that are intended for research use only and are labeled as RUO are not regulated by the FDA as in vitro diagnostic devices for clinical use, and are therefore not subject to those specific regulatory requirements. RUO products may be used or distributed for research use without first obtaining FDA clearance, authorization or approval. The products must bear the statement: “For Research Use Only. Not for Use in Diagnostic Procedures.” RUO products cannot make any claims related to safety, effectiveness or diagnostic utility, and they cannot be intended for human clinical diagnostic use. Accordingly, a product labeled RUO, but intended or promoted for clinical diagnostic use, may be viewed by the FDA as adulterated and misbranded under the Food, Drug and Cosmetic Act (“FDCA”) and subject to FDA enforcement action. The FDA will consider the totality of the circumstances surrounding distribution and use of an RUO product, including how the product is marketed and to whom, when determining its intended use. If the FDA disagrees with our RUO status for our product, we may be subject to FDA enforcement activities, including, without limitation, requiring us to seek clearance, authorization or approval for our products.

If we are unable to meet regulatory quality and manufacturing requirements and standards applicable to the products we manufacture, our business, financial condition and operating results could be harmed.

As a manufacturer of products for the biopharmaceutical, research and development, diagnostic manufacturing, and personal care industries, we are required to comply with certain quality and good manufacturing practices requirements and standards.

We maintain compliance with various quality management systems and good manufacturing practices requirements and standards imposed by the FDA and international regulatory authorities, including ensuring that we maintain documentation and standard operating procedures for quality control, quality assurance, and the manufacturing of our products. We are also required to register our diagnostic manufacturing facilities and list our diagnostic products with the FDA. As such, we are subject to review and inspections by regulators and our customers to assess our compliance with these requirements. Accordingly, we must continue to spend time, money, and effort to ensure regulatory compliance.

Any failure to comply with ongoing regulatory requirements or to meet customer expectations may significantly and adversely affect our ability to commercialize and generate revenue from our products, and the value of our business and our operating results may be adversely affected.

Financial Risks

We have experienced significant losses in our continuing operations in fiscal years ended July 31, 2024 and 2023, and our losses have resulted in the use of cash in operations. If such losses and cash uses continue, the value of your investment could decline significantly.

We incurred net losses before income taxes from continuing operations of $9.8 million and $25.0 million for the fiscal years ended July 31, 2024 and 2023, respectively. If our revenues do not increase, or if our operating expenses exceed expectations or cannot be reduced, we may continue to suffer substantial losses and use cash in operations, which could have an adverse effect on our business and adversely affect your investment in our Company. We have an accumulated deficit of $294.4 million as of July 31, 2024. For fiscal 2024, net cash used in operating activities of the continuing operations was $11.3 million, which is net of approximately $15.0 million used in the discontinued operations. We have an accumulated deficit of $268.4 million as of July 31, 2023 and net cash used in operating activities was $37.0 million for the fiscal year 2023. We may continue to generate net losses. We may continue to generate net losses. We believe our cash and cash equivalents at July 31, 2024 are sufficient for our operations and non-discretionary capital needs for at least twelve months from the filing of this report. Failure to generate additional product revenues at higher margins, obtain additional capital or manage discretionary spending could have an adverse effect on our financial position, results of operations and liquidity.

Other risks relating to our business

Our failure to establish and maintain effective internal controls over financial reporting and information technology access could result in material misstatements in our consolidated financial statements, our failure to meet our reporting obligations and cause investors to lose confidence in our reported financial information, which in turn could cause the trading price of our common stock to decline.

Under Section 404 of the Sarbanes-Oxley Act of 2002 and rules promulgated by the SEC, companies are required to conduct a comprehensive evaluation of their internal control over financial reporting. As part of this process, we are required to document and test our internal control over financial reporting; and management is required to assess and issue a report concerning our internal control over financial reporting. As part of this process, we are required to document and test our internal control over financial reporting; management is required to assess and issue a report concerning our internal control over financial reporting; and our independent registered public accounting firm may be required to attest to the effectiveness of our internal control over financial reporting. Our internal control over financial reporting may not prevent or detect misstatements because of its inherent limitations, including the possibility of human error, the circumvention or overriding of controls, or fraud.

Over time, controls may become inadequate because of changes in conditions or deterioration in the degree of compliance with policies or procedures. Because of the inherent limitations in a cost-effective control system, misstatements due to error or fraud may occur and not be prevented or detected timely. Even effective internal controls over financial reporting can provide only reasonable assurance with respect to the preparation and fair presentation of consolidated financial statements.

The existence of a material weakness could result in errors in our consolidated financial statements that could result in a restatement of consolidated financial statements, which could cause us to fail to meet our reporting obligations, lead to a loss of investor confidence and have a negative impact on the trading price of our common stock.

In connection with our July 31, 2023 audited consolidated financial statements, Enzo’s management identified a deficiency, which it considered to be a “material weakness,” which could have reasonably resulted in a material misstatement in the Company’s consolidated financial statements. The Company has implemented remediation measures. As of the year ended July 31, 2024, management believes that it has implemented measures sufficient to fully remediate the deficiency that had resulted in the material weakness.

Material weaknesses in our internal control over financial reporting could materially adversely affect our ability to timely and accurately report our results of operations and financial condition. The accuracy of Enzo’s financial reporting depends on the effectiveness of its internal controls over financial reporting.

Internal controls over financial reporting can provide only reasonable assurance with respect to the preparation and fair presentation of consolidated financial statements and may not prevent or detect misstatements. Failure to maintain effective internal controls over financial reporting, or lapses in disclosure controls and procedures, could undermine the ability to provide accurate disclosure (including with respect to financial information) on a timely basis, which could cause investors to lose confidence in Enzo’s disclosures (including with respect to financial information), require significant resources to remediate the lapse or deficiency, and expose it to legal or regulatory proceedings. In connection with our July 31, 2023 audited consolidated financial statements, Enzo’s management identified a deficiency, which it considered to be a “material weakness,” which could have reasonably resulted in a material misstatement in the Company’s consolidated financial statements. In connection with our April 30, 2023 unaudited consolidated financial statements, Enzo’s management identified a deficiency, which it considers to be a “material weakness,” which could reasonably result in a material misstatement in the Company’s financial statements. As noted above, the Company implemented remediation measures. As of our fiscal year ended July 31, 2024, management believes that it has implemented measures sufficient to fully remediate the deficiency resulting in the material weakness. Management concluded that the internal controls over financial reporting were effective as of July 31, 2024.

Cyber security risks and the failure to maintain the confidentiality, integrity, and availability of our computer hardware, software, and Internet applications and related tools and functions could result in damage to the Company’s reputation and/or subject the Company to costs, fines, or lawsuits.

The integrity and protection of our own data, and that of our customers and employees, is critical to the Company’s business. The regulatory environment governing information, security and privacy laws is increasingly demanding and continues to evolve. Maintaining compliance with applicable security and privacy regulations may increase the Company’s operating costs and/or adversely impact the Company’s ability to market its products and services to customers. Although the Company’s computer and communications hardware is protected through physical and software safeguards, it is still vulnerable to fire, storm, flood, power loss, earthquakes, telecommunications failures, physical or software break-ins, software viruses, and similar events. These events could lead to the unauthorized access, disclosure and use of non-public information. The techniques used by criminal elements to attack computer systems are sophisticated, change frequently and may originate from less regulated and remote areas of the world. As a result, the Company may not be able to address these techniques proactively or implement adequate preventative measures. If the Company’s computer systems are compromised, it could be subject to fines, damages, litigation, and enforcement actions, customers could curtail or cease using its applications, and the Company could lose trade secrets, the occurrence of which could harm its business.

We rely on network and information systems and other technology whose failure or misuse could cause, and has caused, a disruption of services or loss or improper disclosure of personal data, business information, including intellectual property, or other confidential information, resulting in increased costs, loss of revenue or other harm to our business.

Network and information systems and other technologies, including those related to the Company’s network management, are important to its business activities. The Company also relies on third party providers for certain technology and “cloud-based” systems and services that support a variety of business operations. Network and information systems-related events affecting the Company’s systems, or those of third parties upon which the Company’s business relies, such as computer compromises, cyber threats and attacks, ransomware attacks, computer viruses, worms or other destructive or disruptive software, process breakdowns, denial of service attacks, malicious social engineering or other malicious activities, or any combination of the foregoing, as well as power outages, equipment failure, natural disasters (including extreme weather), terrorist activities, war, human or technological error or malfeasance that may affect such systems, could result in disruption of the Company’s business and/or loss, corruption or improper disclosure of personal data, business information, including intellectual property, or other confidential information. In addition, any design or manufacturing defects in, or the improper implementation of, hardware or software applications the Company develops or procures from third parties could unexpectedly compromise information security. In recent years, there has been a rise in the number of cyber-attacks and ransomware attacks on companies’ network and information systems, and such attacks have become more sophisticated, targeted and difficult to detect and prevent. As a result, the risks associated with such an event continue to increase, particularly as the Company’s digital businesses expand. The Company’s security measures and internal controls that are designed to protect personal data, business information, including intellectual property, and other confidential information, to prevent data loss, and to prevent or detect security breaches, have not always provided, and cannot provide, absolute security and have at times failed and may not be successful in preventing these events from occurring, particularly given that techniques used to access, disable or degrade service, or sabotage systems change frequently, and any network and information systems-related events have required and could continue to require the Company to expend significant resources to remedy such event. Moreover, the development and maintenance of these measures is costly and requires ongoing monitoring and updating as technologies change and efforts to overcome security measures become more sophisticated. The Company’s cyber risk insurance may not be sufficient to cover all losses from any future breaches of our systems.

A significant cyber attack, ransomware attack, failure, compromise, breach or interruption of the Company’s systems, or those of third parties upon which its business relies, could result in a disruption of its operations, damage to its reputation or brands, regulatory investigations and enforcement actions, lawsuits, remediation costs, a loss of customers, or revenues and other financial losses. If any such failure, interruption or similar event results in the improper disclosure of information maintained in the Company’s information systems and networks or those of its vendors, including financial, personal, credit card, confidential and proprietary information relating to personnel, customers, vendors and the Company’s business, including its intellectual property, the Company could also be subject to liability under relevant contractual obligations and laws and regulations protecting personal data and privacy. In addition, media or other reports of perceived security vulnerabilities to our systems or those of third parties upon which the Company’s business relies, even if nothing has actually been attempted or occurred, could also adversely impact our brand and reputation and materially affect our business.

In April 2023, the Company experienced a ransomware attack that impacted certain critical information technology systems, principally of the discontinued operation. The Company has incurred, and may continue to incur, certain expenses related to this attack and remains subject to risks and uncertainties as a result of the incident. Additionally, security and privacy incidents have led to, and may continue to lead to, additional regulatory scrutiny and class action litigation exposure. This incident severely curtailed our ability to perform clinical reference testing, and we were forced to outsource much of the testing to third parties, including Labcorp, which negatively impacted the 2023 fiscal period’s services revenue and increased costs due to a higher volume of outsourcing testing to third parties in the discontinued operations. This incident severely curtailed our ability to perform clinical reference testing and we were forced to outsource much of the testing to third parties, including Labcorp, which negatively impacted the 2023 period’s services revenue and increased costs due to a higher volume of outsourcing testing to third parties in the discontinued operations. See Item 3 Legal Proceedings for additional information.

If we fail to attract and retain key personnel, including our senior management, our business could be adversely affected.

Most of our products and services are highly technical in nature. In general, only highly qualified and trained scientists and technician personnel have the necessary skills to develop proprietary technological products and market our products and support our research and development programs.

In addition, some of our manufacturing, quality control, safety and compliance, information technology and e-commerce related positions are highly technical as well. Further, our sales personnel are highly trained and are important to retaining and growing our businesses. Our success depends in large part upon our ability to identify, hire, retain and motivate highly skilled professionals.

We face intense competition for these professionals from our competitors, customers, marketing partners and other companies throughout the industries in which we compete. Since our inception, we have successfully recruited and hired qualified key employees. Any failure on our part to hire, train, and retain a sufficient number of qualified professionals would seriously damage our business.

We depend heavily on the services of our senior management. We believe that our future success depends on the continued services of such management. Our business may be harmed by the loss of a significant number of our senior management in a short period of time.

The insurance we purchase to cover our potential business risk may be inadequate.

Although we believe that our present insurance coverage is sufficient to cover our current estimated exposures, there can be no assurance that we will not incur losses or liabilities in excess of our policy limits. In addition, although we believe that we will be able to continue to obtain adequate coverage, there can be no assurance that we will be able to do so at acceptable costs. In addition, although we believe that will be able to continue to obtain adequate coverage, we cannot assure that we will be able to do so at acceptable costs.

We are, and may become subject to, legal proceedings, arbitration proceedings, investigations, and other claims or disputes, which are costly to defend and, if determined adversely to us, could require us to pay fines or damages, undertake remedial measures, or prevent us from taking certain actions, any of which could adversely affect our business.

We are, and in the future may become, a party to legal proceedings, arbitration proceedings, investigations, and other claims or disputes, which have related and may relate to subjects including our recent ransomware attack and data breach, breach of fiduciary duties relating to our commercial transactions, intellectual property, securities, employee relations, or compliance with applicable laws and regulations (see Part I - Item 3, Legal Proceedings).

We face a significant risk due to ongoing litigation that has the potential to result in future financial obligations, adversely impacting the company’s business and profitability. The outcome of the present legal proceedings may lead to financial liabilities, such as settlements or damages, posing a material threat to our financial condition and cash flow. Moreover, adverse litigation outcomes may harm our reputation, affecting customer trust and investor confidence, thereby influencing market share and brand value. While we are actively managing and addressing the litigation, uncertainties persist, emphasizing the importance of transparency in communication with stakeholders and the implementation of effective risk mitigation strategies.

Risks relating to our international operations

Foreign currency exchange rate fluctuations may adversely affect our business.

Since we operate as a multinational corporation that sells and sources products in many different countries, changes in exchange rates could in the future adversely affect our cash flows and results of operations.

Furthermore, reported sales and purchases made in non-U.S. currencies by our international businesses, when translated into U.S. dollars for financial reporting purposes, fluctuate due to exchange rate movement. Due to the number of currencies involved, the variability of currency exposures and the potential volatility of currency exchange rates, we cannot predict the effect of exchange rate fluctuations on future sales and operating results.

We are subject to economic, political and other risks associated with our significant international business, which could adversely affect our financial results.

We operate internationally primarily through wholly-owned subsidiaries located in North America and Europe. Revenues outside the United States were approximately 39% of total revenues in fiscal year 2024. Our sales and earnings could be adversely affected by a variety of factors resulting from our international operations, including

If any of these risks materialize, we could face substantial increases in costs, the reduction of profits and the inability to do business.

With our commercialization activities outside of the United States, we are subject to the risk of inadvertently conducting activities in a manner that violates the U.S. Foreign Corrupt Practices Act and similar laws. If that occurs, we may be subject to civil or criminal penalties which could have a material adverse effect on our business, financial condition, results of operations and growth prospects.

We are subject to the U.S. Foreign Corrupt Practices Act (“FCPA”), which prohibits corporations and individuals from paying, offering to pay, or authorizing the payment of anything of value to any foreign government official, government staff member, political party, or political candidate in an attempt to obtain or retain business or to otherwise influence a person working in an official capacity. We are also subject to the UK Anti-Bribery Act, which prohibits both domestic and international bribery, as well as bribery across both public and private sectors.

In the course of establishing and expanding our commercial operations and seeking regulatory approvals outside of the United States, we will need to establish and expand business relationships with various third parties and we will interact more frequently with foreign officials, including regulatory authorities. Expanded programs to maintain compliance with such laws will be costly and may not be effective. Any interactions with any such parties or individuals where compensation is provided that are found to be in violation of such laws could result in substantial fines and penalties and could materially harm our business. Furthermore, any finding of a violation under one country’s laws may increase the likelihood that we will be prosecuted and be found to have violated another country’s laws. If our business practices outside the United States are found to be in violation of the FCPA, UK Anti-Bribery Act or other similar law, we may be subject to significant civil and criminal penalties, which could have a material adverse effect on our financial condition and results of operations.

International political, compliance and business factors, including the military conflict in Ukraine, the conflict in Gaza, and trade tensions between the U.S. and China, can negatively impact our operations and financial results.

We engage in business globally, with approximately 39% of our revenue in fiscal 2024 coming from outside the U.S. Changes, potential changes or uncertainties in social, political, regulatory, and economic conditions or laws and policies governing foreign trade, manufacturing, and development and investment in the territories and countries where we or our customers operate, or governing the health care system, can adversely affect our business and financial results. Such impacts could negatively impact certain markets we serve, resulting in an adverse impact on our sales revenue.

Political and military conflicts may disrupt our business or negatively impact global economic or business conditions. For example, Russia’s military invasion of Ukraine, and the response by the US and European countries to that invasion, have caused severe political, humanitarian and economic crises, not only in Europe but globally. Restrictions on trade, particularly involving certain foods and energy supplies, have increased prices, led to widespread inflation and otherwise aggravated economic challenges. While we have not historically had significant business in either Russia, Ukraine, or Israel, the broader impact of the conflict could negatively impact our operations and financial results.

The application of laws and regulations impacting global transactions is often unclear and may at times conflict. Compliance with these laws and regulations may involve significant costs or require changes in our business practices that result in reduced revenue and profitability. Non-compliance could also result in fines, damages, criminal sanctions, prohibited business conduct, and damage to our reputation. We incur additional legal compliance costs associated with our global operations and could become subject to legal penalties in foreign countries if we do not comply with local laws and regulations, which may be substantially different from those in the U.S.

Risks Relating to our Common Stock

Our stock price has been volatile, which could result in substantial losses for investors.

Our common stock is quoted on the New York Stock Exchange, and there has been historical volatility in the market price of our common stock. The trading price of our common stock has been, and is likely to continue to be, subject to significant fluctuations due to a variety of factors, including:

In addition, the stock market in general has experienced extreme price and volume fluctuations that have affected the market price of our common stock, as well as the stock of many companies in our industries. Often, price fluctuations are unrelated to the operating performance of the specific companies whose stock is affected. Often, price fluctuations are unrelated to operating performance of the specific companies whose stock is affected.

In the past, following periods of volatility in the market price of a company’s stock, securities class action litigation has often occurred against the issuing company. If we were subject to this type of litigation in the future, we could incur substantial costs and a diversion of our management’s attention and resources, each of which could have a material adverse effect on our revenue and earnings. Any adverse determination in this type of litigation could also subject us to significant liabilities.

It may be difficult for a third party to acquire us, which could inhibit stockholders from realizing a premium on their stock price.

Our certificate of incorporation, as amended, and by-laws contain provisions that could have the effect of delaying, deferring or preventing a change in control of the Company that stockholders may consider favorable or beneficial due to a majority stockholder vote requirement. These provisions could discourage proxy contests and make it more difficult for stockholders to elect directors and take other corporate actions. These provisions could also limit the price that investors might be willing to pay in the future for shares of our common stock. These provisions include advance notice requirements for the submission by stockholders of nominations for election to the board of directors and for proposing matters that can be acted upon by stockholders at a meeting.

Future sales of shares of our common stock or the issuance of securities senior to our common stock could adversely affect the trading price of our common stock and our ability to raise funds in new equity offerings.

We are not restricted from issuing additional common stock, preferred stock or securities convertible into or exchangeable for common stock. Future sales of a substantial number of our shares of common stock or equity-related securities in the public market or privately, or the perception that such sales could occur, could adversely affect prevailing trading prices of our common stock, and could impair our ability to raise capital through future offerings of equity or equity-related securities. No prediction can be made as to the effect, if any, that future sales of shares of common stock or the availability of shares of common stock for future sale will have on the trading price of our common stock.

Our audit committee does not currently have three (3) independent members. If we fail to appoint an independent director that meets the New York Stock Exchange listing requirements for audit committees, the New York Stock Exchange could delist our common stock.

Upon the resignation of Dr. Mary Tagliaferri from the Board, effective as of August 6, 2024, our audit committee is composed of two independent directors, which is insufficient for purposes of Section 303A.07(a) of the NYSE Listed Company Manual, which requires an audit committee of at least three independent directors (the “Audit Committee Requirements”).

Although as of the date of this Annual Report on Form 10-K we have not regained compliance with the Audit Committee Requirements, we are in the process of searching for an independent director for appointment to the Board who can serve on our audit committee in accordance with NYSE listing requirements. We intend to regain compliance with the Audit Committee Requirements but cannot be sure that such compliance will be achieved.

If we fail to satisfy the Audit Committee Requirements, the NYSE may suspend from trading or delist our common stock. Such suspension or delisting would likely have a negative effect on the liquidity and price of our common stock and would impair the ability of investors to sell or purchase our common stock. In the event of a delisting, we can provide no assurance that any action taken by us to restore compliance with the Audit Committee Requirements would allow our common stock to become listed again, stabilize the market price or improve the liquidity of our common stock, or prevent future non-compliance with the NYSE’s listing requirements.

Item 1B. Unresolved Staff Comments

None

Item 1C. Cybersecurity

Risk Management and Strategy

We have implemented and maintain various information security processes and technologies designed to identify, assess and manage material risks from cybersecurity threats to our computer networks, third party hosted services, communications systems, hardware and software, and our critical data, including intellectual property and confidential information that is proprietary, strategic, or competitive in nature (“Information Systems and Data”).

Our Senior VP of Global IT and System Operations, IT Security Officer and the information security team, in conjunction with our legal team and third-party service providers, help identify, assess and manage our cybersecurity threats and risks. Our Senior VP of Global IT and System Operations, IT Security Officer and the information security team identify and assess risks from cybersecurity threats by continuously monitoring and evaluating our threat environment using various methods, including, for example: conducting vulnerability assessments to identify vulnerabilities, conducting scans of corporate devices and network infrastructure, analyzing reports of potential, known and identified threats and actors, using automated and manual tools to monitor for, identify, or evaluate threats and risks, conducting audits and threat assessments, and utilize third party managed detection and response (MDR) 24/7/365 cybersecurity vendor services that help identify cybersecurity threats, using third party threat assessments and external intelligence feeds, and evaluating our company’s and our industry’s risk profile.

We implement and maintain technical, physical, and organizational measures, processes, and policies that are designed to manage and mitigate material risks from cybersecurity threats to our Information Systems and Data, including, for example: dedicated cybersecurity staff, an incident response plan and policy, a vulnerability management policy, risk assessment process, processes and policies to address access to systems and networks, physical security protocols, processes for asset management, encryption of certain Company data, systems and networks, penetration testing, IT risk assessments and employee training. We also maintain cybersecurity insurance.

Our assessment and management of risks from cybersecurity threats are integrated into our overall risk management processes. For example, cybersecurity risk is identified and addressed as a component of our general risk management strategy. We have also established a cybersecurity committee consisting of our Senior VP of Global IT and System Operations, IT Security Officer, information security team, and other senior leaders to oversee our cybersecurity risk management process and strategies to mitigate cybersecurity threats.

We use third-party service providers to assist us from time to time to identify, assess, and manage risks from cybersecurity threats, including professional services firms, cybersecurity consultants, managed cybersecurity service providers and penetration testing firms.

We have a vendor management program to manage cybersecurity risks associated with our use of certain service providers. The program includes, depending on the nature of the services and the identity of the service provider, completion of security questionnaires, review of the service provider’s written security program, and imposition of cybersecurity-related contractual obligations on the provider.

For a description of the risks from cybersecurity threats that may materially affect us and how they may do so, see our risk factors under Item 1A. Risk Factors of this Form 10-K, including “Cybersecurity risks and the failure to maintain the confidentiality, integrity, and availability of our computer hardware, software and internet applications and related tools and functions could result in damage to the Company’s reputation and/or subject the Company to costs, fines, or lawsuits”, and “We rely on network and information systems and other technology whose failure or misuse could cause, and has caused, a disruption of services or loss or improper disclosure of personal data, business information, including intellectual property, or other confidential information, resulting in increased costs, loss of revenue or other harm to our business.”

Governance

Our Board addresses the Company’s cybersecurity risk management as part of its general oversight function. The Board is responsible for overseeing our cybersecurity risk management processes, including oversight of mitigation of risks from cybersecurity threats.

Our cybersecurity risk assessment and management processes are implemented and maintained by our Senior VP of Global IT and System Operations and IT Security Officer.

Our Senior VP of Global IT and System Operations in conjunction with the IT Security Officer implements programs and policy recommendations to integrate cybersecurity risk considerations into our overall risk management strategy and works with the information security team to communicate key priorities. Our Senior VP of Global IT and System Operations and IT Security Officer are responsible for helping to prepare the Company for cybersecurity incidents, approving cybersecurity processes, and reviewing security assessments and other security-related reports.

Our incident response plan is designed to escalate certain cybersecurity incidents to members of our incident response team and members of management depending on the circumstances, including executive management and the Board. Our Senior VP of Global IT and System Operations, IT Security Officer and information security team work with our incident response team to help us mitigate and remediate cybersecurity incidents of which they are notified. In addition, our incident response plan includes reporting to the Governance and Compliance Committee (“the Committee”) for certain cybersecurity incidents. The Committee periodically evaluates overall business continuity, compliance, regulatory, quality and safety systems effectiveness. The Committee includes, but is not limited to, the Company’s IT Security Officer, Data Privacy Officer, Safety Officer, and Senior VP of Global IT and System Operations.

The Committee is updated during the quarterly Committee meetings by the Senior VP of Global IT and System Operations and the IT Security Officer concerning the Company’s significant cybersecurity threats and risk and the processes we have implemented to address them. The Committee also receives reports, summaries or presentations related to cybersecurity threats, risk and mitigation. The Company’s Senior VP of Commercial Operations, General Counsel, Chief Financial Officer and Chief Executive Officer may also participate in Committee meetings and will receive updates from the Committee as appropriate.

Recently Filed

Click on a ticker to see risk factors

Ticker *	File Date
CMTL	1 day, 3 hours ago
SLP	1 day, 4 hours ago
PSMT	1 day, 5 hours ago
RYES	2 days, 3 hours ago
PURE	2 days, 4 hours ago
ENZ	2 days, 4 hours ago
FDS	2 days, 4 hours ago
CLEV	2 days, 4 hours ago
PCNT	2 days, 4 hours ago
ZDGE	2 days, 5 hours ago
HFUS	2 days, 5 hours ago
SMPL	2 days, 6 hours ago
NMEX	2 days, 6 hours ago
JRVS	2 days, 7 hours ago
HITC	2 days, 11 hours ago
BCTX	3 days, 3 hours ago
JBL	3 days, 4 hours ago
AZO	3 days, 4 hours ago
AYI	3 days, 5 hours ago
PCYN	6 days, 4 hours ago
NIMU	6 days, 4 hours ago
HRBR	1 week ago
SGH	1 week ago
LNN	1 week ago
GBX	1 week ago
MSM	1 week ago
SCHN	1 week ago
IIIN	1 week ago
MAYS	1 week ago
WGO	1 week, 1 day ago
VIVC	1 week, 1 day ago
CIIT	1 week, 2 days ago
NXEN	1 week, 2 days ago
WOLV	1 week, 6 days ago
UNQL	2 weeks ago
CMC	2 weeks ago
VRDR	2 weeks, 1 day ago
SGLY	2 weeks, 2 days ago
FRST	2 weeks, 2 days ago
AWYS	2 weeks, 6 days ago
GHST	2 weeks, 6 days ago
SHMY	2 weeks, 6 days ago
ENOB	3 weeks ago
ODC	3 weeks ago
PAXH	3 weeks ago
VRTC	3 weeks ago
ACN	3 weeks ago
VLGEA	3 weeks, 1 day ago
CZNI	3 weeks, 1 day ago
ALDS	3 weeks, 1 day ago

OTHER DATASETS

House Trading

Dashboard

Corporate Flights

Dashboard

App Ratings

Dashboard