Risk Factors - TDC

-New additions in green
-Changes in blue
-Hover to see similar sentence in last filing

$TDC Risk Factor changes from 00/02/23/24/2024 to 00/02/21/25/2025

Item 1A. Risk Factors, in this Annual Report.We believe that the principal competitive factors for our products and services include: data analytics and AI/ML experience; business outcome delivery; hybrid multi-cloud offerings and experience; total cost of ownership; customer references; technology leadership; product quality; performance, scalability, availability, integrity, security, and manageability; partner relationships; support and consulting services capabilities; management of technologies in a complex analytical ecosystem; delivery of a platform and tools that are designed to enable AI/ML for our customers; and industry knowledge. Research and Development ("R&D"). We remain focused on designing and developing our hybrid cloud analytics and data platform that anticipates our customers' evolving needs and supports solving their complex business challenges. Our teams are extending Teradata technologies and innovations for the Teradata platform, including ClearScape Analytics and Teradata AI Unlimited to have consistent and differentiated capabilities that meet the demands of todays’ hybrid ecosystems. With extensive in-database functionality, seamless and expedited interconnectivity, and robust features for easy operationalization, ClearScape Analytics is designed to enable companies to scale AI/ML quicker and more cost effectively.With a focus on creating an open and connected platform, we continue to build a deep integration with cloud data and analytic ecosystems, including advanced analytics and AI/ML tools. Furthermore, with our strong partnerships, our R&D team is extending our platform to enable deeper integration with a broader range of solution and service providers.Our extensive and talented R&D workforce is one of our core strengths. Our R&D team is globally dispersed to take advantage of global engineering talent. We anticipate that we will continue to have significant R&D expenditures, which may include complementary strategic acquisitions, to help support the flow of innovative, high-quality data and analytic offerings.Intellectual Property and Technology. We own 565 patents in the United States. We are also the exclusive licensee of four additional patents in the United States and counterpart patents in foreign countries. Many of the patents that we own are licensed to others, and we are licensed to use certain patents owned by others. While our 11Table of Contentsportfolio of patents and patent applications in aggregate is of significant value to our Company, we do not believe that any individual patent is by itself of material importance to our business.In addition, we own copyrights and trade secrets in our code base that comprises all of the Teradata software offerings, including analytic data platforms and analytic applications and capabilities. Teradata’s software offerings reflect the investment of hundreds of person-years of development work.The source code versions of our offerings are protected as trade secrets and, in all major markets, as unpublished copyright works. We take great efforts to protect our rights in all software offerings and related intellectual property; however, there can be no assurance that these measures will be successful. The Company owns the Teradata® word and logo trademarks, which are registered in the United States and in many foreign countries, as well as other trade names, service marks, and trademarks.Sources of Materials. Our hardware components are assembled and configured by Flex Ltd. Our hardware components are assembled and configured by Flex. ("Flex"). Our platform line is designed to leverage the components from manufacturers that we believe are industry leaders. Our data storage devices and memory components utilize industry-standard technologies but are selected and configured to work optimally with our software and hardware platform. Flex also procures a wide variety of components used in the assembly process on our behalf. Although many of these components are available from multiple sources, Teradata utilizes preferred supplier relationships to better ensure more consistent quality, cost and delivery. Although many of these components are available from multiple sources, we utilize preferred supplier relationships to better ensure more consistent quality, cost and delivery. Typically, these preferred suppliers maintain alternative processes and/or facilities to ensure business continuity of supply. Given our strategy to outsource product assembly activities to Flex and to source certain components from single suppliers, a disruption in production at Flex or at a supplier, a global shortage of components, commodity, transportation, and/or inflationary pressures could impact the timing or profitability of customer shipments. In addition, a significant change in the forecasts to any of these preferred suppliers could result in purchase obligations for components that may be in excess of demand. In addition, past financial performance may not be a reliable indicator of future performance, and historical trends should not be used to anticipate results or trends in future periods. Although we have not experienced issues from inflationary challenges or otherwise, the current inflation environment could present potential supply chain uncertainty, and we have implemented programs to mitigate these potential risks. For more information, see Item 1A, Risk Factors in this Annual Report.Human CapitalTeradata operates with a fully flexible work environment, empowering employees to make decisions about where and how they can be most productive. Our global workforce is located in approximately 40 countries, and our corporate headquarters are in San Diego, California.Teradata’s people objectives are to attract, retain, develop, and nurture the most innovative, curious, and skilled talent available. Along with our fully flexible work environment, we offer competitive pay and comprehensive health and wellness benefits and programs designed to help our people thrive.As of December 31, 2024, we had approximately 5,700 employees globally, with approximately 30% employed in the United States and 70% across the rest of the world. Our global workforce is critical to our overall business strategy across target markets. During fiscal 2024, our overall headcount decreased as we continue to align and optimize our talent needs to drive our cloud and profitable growth strategies.Culture and Engagement. At Teradata, we believe people thrive when empowered with trusted information. We have designed our culture to be the guiding force behind our ability to deliver on that purpose. We empower our people to live our core principles: customer and market driven, agility in execution, and accountability to each other. We strive to create a workplace that is free from discrimination where everyone feels they belong. We cultivate a trusted environment where every individual feels not only valued, but truly empowered to thrive.Health, Safety, and Wellness. We are committed to the health, safety, and wellness of our employees and their families. We provide flexible and inclusive programs that cater to diverse needs of well-being. This includes quarterly well-being days, global paid holidays for all employees, as well as half-day Fridays, providing employees extra paid time off each week during 3 months of the year. Compensation and Benefits. Our compensation and benefits reflect our commitment to fairness and inclusion. We have robust compensation and benefit programs designed to attract and retain talent and meet the varied and evolving needs of a global workforce. In addition to our competitive base pay, these programs, which vary by country/region, include sales incentives, annual bonuses, stock awards, an Employee Stock Purchase Plan, a Retirement Savings Plans, healthcare and insurance benefits, and paid time off. One specific example of our 12Table of Contentsinclusive benefits includes parental leave, offering birthing and non-birthing parents up to 14 weeks of paid leave for bonding with a new child arriving through birth, adoption, placement, or foster care. Talent Development. Teradata is committed to supporting the professional development of our employees by providing resources and pathways for growth. Over the last several years, we have evolved our talent practices to facilitate frequent conversations between managers and employees on performance and development. We have launched on-demand learning resources, such as LinkedIn Learning and Country Navigator, which give employees flexibility in when and how they learn. We also provide facilitated learning opportunities to help build specific capabilities and skills, such as Basics of Communication, Emotional Intelligence, Influence, and Time Management. We offer executive and leadership development programs designed to enable our leaders to role model our leadership principles and empower individuals to lead at every level. Community Engagement. We believe building connections between our employees, their families, and our communities creates a more meaningful, fulfilling, and enjoyable workplace. We support local STEM education programs to ensure emerging leaders in our communities have opportunities to explore their interests. Our Teradata Cares program empowers our employees to make a positive difference where we live and work through volunteerism and giving. We support our employees’ giving and volunteer efforts by providing matching donations for employee contributions to qualified not-for-profit agencies, project grants, Annual Days of Caring, and supporting communities where we have employee populations. To further enable employees to support the charity of their choice, we provide every employee four days a year, during normal working hours, for volunteer efforts of their choice. Properties and Facilities. Our corporate headquarters is located in San Diego, California. As of December 31, 2024, we operated 41 facilities in 29 countries throughout the world. We own our San Diego complex, while all other facilities are leased.Information About Our Executive Officers. The following table and biographies sets forth information as of February 21, 2025 regarding the individuals who are serving as our executive officers. Stephen McMillan. Stephen McMillan is the Company’s President and Chief Executive Officer and has served in this role since joining the Company in June 2020. Mr. McMillan has served on the Company’s Board of Directors since June 2020. Previously, he served as the Executive Vice President of Global Services for F5 Networks, Inc., a transnational company that specializes in application services and application delivery networking, from October 2017 when he joined F5 until May 2020. Prior to joining F5, from September 2015 until October 2017, he was Senior Vice President, Customer Success and Managed Cloud Services at Oracle Corporation, a global software and services company, where he was responsible for developing, overseeing, and expanding a customer success organization focused on the company’s strategic SaaS portfolio. From May 2012 to September 2015, he served as Senior Vice President, Managed Cloud Services at Oracle. Claire Bramley. Claire Bramley is the Company's Chief Financial Officer and has served in this role since joining Teradata in June 2021. She served as the Global Controller for HP Inc., a multinational information technology company, from December 2018 until June 2021. From June 2015 until December 2018, she served as HP's Regional Head for Finance for EMEA, and from January 2013 to May 2015, she served as Vice President, Corporate Financial Planning and Analysis at HP. Ms. Bramley also serves on the Board of Directors of Ansys, Inc. On February 11, 2025, we announced that Ms. Bramley decided to resign from her position as Chief Financial Officer of the Company (including as its principal financial officer and principal accounting officer) and that her last day with the Company will be March 31, 2025.13Table of ContentsKathleen Cullen-Cote. Kathleen Cullen-Cote is the Company’s Chief People Officer and has served in this role since joining Teradata in July 2019. Prior to joining Teradata, Ms. Cullen-Cote served in human resource leadership roles at PTC Inc., a global computer software and services company, from 2002 to June 2019, including Executive Vice President and Chief Human Resources Officer from April 2019 to July 2019; Corporate Vice President, Human Resources from 2012 until March 2019; Senior Vice President, Human Resources, from December 2010 to 2012; and Vice President, Human Resources, from October 2009 until December 2010. Michael Hutchinson. Michael Hutchinson is the Company's Chief Customer Officer and has served in this role since January 2022. Previously, from June 2021 when he joined the Company until December 2022, he served as Senior Vice President World-Wide Customer Success, Consulting and Renewals. Prior to joining Teradata, Mr. Hutchinson served as the Senior Vice President and Chief Customer Officer at Verint Systems Inc., a customer engagement solutions provider, from August 2020 to May 2021 and as its Senior Vice President, Global Professional Services and Support from April 2018 until August 2020. From 1990-2018, he held several positions with Oracle Corporation, a global software and services company, most recently as the Group Vice President, North America Customer Success from December 2015 to March 2018.Richard Petley. Richard Petley is the Company’s Chief Revenue Officer and has served in this role since April 2024. Previously, Mr. Petley served as Teradata’s Executive Vice President, Global Sales, from April 2022, when he joined the Company, until April 2024. He served as General Manager, Western Europe, for Oracle Cloud, at Oracle Corporation, a global software and services company, from 2021 until April 2022. From 2018 until 2021, he was the Managing Director, Oracle UK. Prior to Oracle, Mr. Petley held sales leadership positions at IBM Corporation, a global technology company, with consistent success in growth areas of enterprise software, SaaS and AI, most recently serving as Vice President, IBM Cognitive and Industry Solutions, IBM UK and Ireland from 2017 until 2018.Margaret Treese. Margaret Treese is the Company’s Chief Legal Officer and has served in this role since November 2020. Previously, from 2018 until January 2020, she served as Teradata’s Deputy General Counsel and Secretary. From 2007 until 2018, she served as the Chief Corporate and Governance Counsel and Assistant Secretary and was named Corporate Secretary of Teradata in 2018. Jacqueline Woods. Jacqueline Woods is the Company's Chief Marketing Officer and has served in this role since joining Teradata in December 2021. Previously, she served as the Global Chief Marketing and Communications Officer for NeilsenIQ, a consumer intelligence company, from 2019 until November 2021. Prior to that, Ms. Woods was with IBM Corporation, a global technology company, serving as the company's Chief Marketing Officer of IBM Global Partner Ecosystem Division from 2017 until 2019 and, Chief Marketing Officer of IBM Global Financing from 2015 until 2017. Ms. Woods also serves on the Board of Directors of Winnebago Industries, Inc. There are no family relationships between any of the executive officers or directors of Teradata.There are no contractual obligations regarding the election of our executive officers or directors.Information.

Teradata makes available through its website, free of charge, its Annual Report on Form 10-K, Quarterly Reports on Form 10-Q, and Current Reports on Form 8-K, and all amendments to such reports, as soon as reasonably practicable after these reports are electronically filed or furnished to the U.S. Securities and Exchange Commission ("SEC") pursuant to Section 13(a) or 15(d) of the Securities Exchange Act of 1934 (the "Exchange Act"). These reports and other information are available, free of charge, at www.sec.gov. Teradata will furnish, without charge to a security holder upon written request, the Notice of Meeting and Proxy Statement for the 2025 Annual Meeting of Stockholders. Teradata will furnish the Code of Conduct and any other exhibit at cost (the Code of Conduct is also available through Teradata’s website at https://www.teradata.com/about-us/corporate-governance/code-of-conduct/). Document requests are available by calling or writing to:Teradata - Investor Relations17095 Via Del CampoSan Diego, CA 92127Phone: 858-485-2088 Website: www.teradata.com14Table of ContentsItem 1A. RISK FACTORSYou should carefully consider each of the following risk factors and all other information set forth in this Annual Report. Based on the information currently known to us, we believe that the following information identifies the most significant risk factors affecting our company in each of these categories of risks. However, the risks and uncertainties our Company faces are not limited to those set forth in the risk factors described below. Additional risks and uncertainties not presently known to us or that we currently believe to be immaterial may also adversely affect our business. In addition, past financial performance may not be a reliable indicator of future performance, and historical trends should not be used to anticipate results or trends in future periods. If any of the following risks and uncertainties develops into actual events or occurrences, these events could have a material adverse effect on our business, financial condition or results of operations. In such case, the trading price of our common stock could decline. RISKS RELATED TO OUR BUSINESS AND OPERATIONSOur failure to successfully execute our strategy and achieve the anticipated benefits of our business transformation, which includes successfully developing, launching, and scaling cloud- and on-premises-based products and product enhancements and/or enabling our data platform to operate effectively in various environments, including cloud, hybrid, and on-premises, or those of our cloud service provider partners, and/or for various uses, including artificial intelligence ("AI") and machine learning ("ML"), could have a material adverse effect on our business, brand and reputation, competitive position, financial condition, results of operations, and cash flows.The successful implementation of our strategy to be the hybrid cloud platform for trusted AI at scale, coupled with the continued execution of our business transformation can present organizational and infrastructure challenges.The successful implementation of our cloud-first strategy coupled with the continued execution of our business transformation presents organizational and infrastructure challenges. We may not be able to implement, execute, and realize some or all of the anticipated benefits from our strategy or our business transformation plan on a timely basis. Even if the anticipated benefits and savings are substantially realized, there may be unforeseen consequences, internal control issues, or business impacts. A core component of our business strategy is to expand and enhance our product offerings, particularly for analytic solutions in cloud and hybrid environments, to include newer market-relevant features, functionality, and cloud-native options, including AI/ML, and to keep pace with price-to-performance gains. A core component of our business strategy is to expand and enhance our product offerings, particularly for analytic solutions in a cloud-based environment with cloud service providers, to include newer market-relevant features, functionality, and cloud native options, including AI/ML, and to keep pace with price-to-performance gains. In this regard, please see Item 1. Business, for a description of our product offerings and innovations. We expect that we will continue to enhance our cloud, hybrid, on-premises, and AI/ML offerings in the future. Shortened product life cycles due to customer demands and competitive pressures impact the pace at which we must develop, introduce, and implement new technology as part of our product offerings. Shortened product life cycles due to customer demands and competitive pressures impact the pace at which we must introduce and implement new technology as part of our product offerings. This requires high-level anticipation of customer needs and technology trends, as well as innovation by both our software developers and the suppliers of the third-party software components included in our solutions. This requires a high-level anticipation of customer needs and technology trends, as well as innovation by both our software developers and the suppliers of the third-party software components included in our solutions. Bringing new offerings to the market entails a costly and, at times, lengthy process, that may increase our risk of liability and cause us to incur significant technical, legal, or other costs. Bringing new offerings to the market entails a costly and, at times, lengthy process, may increase our risk of liability and cause us to incur significant technical, legal or other costs. Furthermore, as we migrate our customers from on-premises environments to the cloud, upgrade customers’ VantageCloud environments, and expand our customers’ workloads in cloud, hybrid, and on-premises deployments, we may incur unexpected costs or delays. Furthermore, as we migrate our customers from on-premises environments to the cloud, upgrade customers from VantageCloud Enterprise to VantageCloud Lake, and expand our customer's workloads we may incur unexpected costs or delays. New cloud offerings, migrations, expansions, upgrades, and deployment models that we rollout may not be successful, and we may not be able to develop the necessary business models, infrastructure, and systems to support and scale the business as our business evolves. This includes acquiring, retaining and developing the right people to execute our business strategy in a competitive job market. In addition, market acceptance of new product and service offerings will be dependent in part on our ability to include functionality and usability that address customer requirements, and to optimally price our offerings and services to meet customer demand and cover our costs. Our go-to-market strategies, including for AI/ML, cloud, and hybrid also must adjust to customers’ changing buying preferences, and there can be no assurance that our go-to-market approach will adequately and completely address such preferences. Our go-to-market, cloud, and multi-cloud strategies also must adjust to customers' changing buying preferences, and there can be no assurance that our go-to-market approach will adequately and completely address such preferences. As part of our business strategy, we continue to dedicate a significant amount of resources to our R&D efforts in order to maintain and advance our competitive position. However, we may not receive significant revenues from 15Table of Contentsthese investments for several years, if at all. However, we may not receive significant revenues from these investments for several years, if at all. R&D expenses represent a significant portion of our discretionary fixed costs. We may not successfully execute our strategy because of challenges we may face, including with regard to product planning and timing, technical hurdles that we fail to overcome in a timely fashion, cloud service provider costs or other requirements, or a lack of appropriate resources. We may not successfully execute on our vision or strategy because of challenges we may face, including with regard to product planning and timing, technical hurdles that we fail to overcome in a timely fashion, cloud service provider costs or other requirements, or a lack of appropriate resources. If we are unable to: successfully execute on our strategy and/or continue to respond to market demands; develop leading technologies; timely deliver offerings to the market; timely scale of our cloud business to achieve gross margins comparable or better than our on-premises business; continue successful migrations, expansions, and upgrades for our customers; maintain our industry leading hybrid-environment capabilities; and maintain our leadership in analytic data solutions’ performance and scalability; then our competitive position, business, brand and reputation, talent acquisition, financial condition, guidance, and forecasts, results of operations, future Total Annual Recurring Revenue ("ARR") growth potential, and cash flows may be adversely affected.The Company's indebtedness could:•Expose us to interest rate risk;•Increase our vulnerability to general adverse economic and industry conditions;•Limit our ability to obtain additional financing or refinancing at attractive rates;•Require the dedication of a substantial portion of our cash flow from operations to the payment of principal of, and interest on, our indebtedness, thereby reducing the availability of such cash flow to fund our growth strategy, working capital, capital expenditures, share repurchases and other general corporate purposes;•Limit our flexibility in planning for, or reacting to, changes in our business and the industry; and•Place us at a competitive disadvantage relative to our competitors with less debt. Unanticipated delays or accelerations in our sales cycles makes accurate estimation of our Total ARR, Public Cloud ARR, and revenues difficult, and have resulted in, and could in the future result in, significant fluctuations in our quarterly operating results and have impacted, and could in the future impact, our ability to achieve any financial guidance and forecasts that we may provide.Unanticipated delays or accelerations in our sales cycles makes accurate estimation of our revenues difficult and have resulted in, and could in the future result in, significant fluctuations in our quarterly operating results and could impact any financial guidance and forecasts that we may provide. The length of our sales cycle varies depending on several factors over which we may have little or no control, including: •the size and complexity of a potential transaction; •whether a sale involves a cloud or hybrid offering; •the level of competition that we encounter in our selling activities; •customers’ budgeting and approval process, with increasing involvement of the customer C-suite in transactions given the enterprise-wide strategic value our platform provides, including for AI/ML; •corporate events impacting our customers, including reorganizations or acquisitions, where personnel we are engaging with who have institutional knowledge and history with us have departed or are otherwise unavailable to us; and •overall macro-economic conditions. In addition, our account teams have had difficulty in the past obtaining and assessing information as to whether a transaction is proceeding as planned or whether a longer sales cycle will be required, and such difficulty may continue in the future. In addition, our account team has had difficulty in the past obtaining and assessing information as to whether a transaction is proceeding as planned or if a longer sales cycle will be required, and such difficulty may continue in the future. Because of a generally long sales cycle, we may expend significant effort over a long period of time in an attempt to obtain an order, but ultimately not complete the sale, or the order ultimately received may be smaller than anticipated. The long sales cycle for our products also makes it difficult to predict the quarter in which sales will occur. Delays in sales have caused, and could in the future cause, significant variability in our results for any particular period and have impacted, and could in the future impact, our ability to achieve any financial guidance and forecasts that we may provide. Delays in sales have caused, and could in the future cause, significant variability in our results for any particular period and have impacted, and could in the future impact, any financial guidance and forecasts that we may provide. We may experience variability in our operating results based on the purchasing behavior of our customers. Our business has substantially shifted from a traditional, perpetual pricing and revenue model to a subscription-based model in which less revenue is recognized upfront at the time the customer enters into a transaction. The pace and extent to which customers will continue to purchase, consume and renew our offerings on a subscription basis is variable and, therefore, has impacts on our results and operations. We also have flexible pricing options for our cloud customers, including consumption-unit based, "pay as you go" pricing. In addition, we have flexible pricing options for our cloud customers, including consumption-unit based, "pay as you go" pricing. Under such a pricing model, we generally recognize revenue based on consumption. To the extent that customers opt for such a flexible pricing model, we may not be able to accurately forecast the timing of customer consumption of our offerings. In addition, the needs of our customers have quickly evolved from a cloud-only approach to considering hybrid platforms or remaining on-premises. As a result, our actual results may differ from our projections, particularly for Public Cloud ARR and Total ARR. As a result, our actual results may differ from our projections. Furthermore, our on-premises subscription arrangements may provide the customers with the right to cancel our agreement upon certain notice periods, which we may change in the future. Such arrangements may impact the timing of revenue recognition for these customers and result in fluctuations in our quarterly operating results.16Table of ContentsAs we develop new offerings with enhanced capacity, delivery and performance capabilities, the increased difficulty and complexity associated with producing these offerings may increase the likelihood of reliability, quality, operability, and/or security issues.As we develop new offerings with enhanced capacity, delivery and performance capabilities, the increased difficulty and complexity associated with producing these offerings may increase the likelihood of reliability, quality, operability, and/or security issues. From time to time, errors or security flaws are identified in our offerings, which in certain cases can be discovered after the offerings are introduced and delivered to customers. From time to time, errors or security flaws are identified in our offerings, which in certain cases are discovered after the offerings are introduced and delivered to customers. This risk is enhanced when offerings are first introduced, when new versions are released, or if customers choose to either delay or deny an upgrade to the most recent version of our platform. In particular, when we develop offerings with more advanced technology, the production of such offerings involves increased difficulty and complexity and as a result may increase the likelihood of reliability, quality, operability, and/or security issues with such offerings. In particular, when we develop offerings with more advanced technology, the production of such offerings involve increased difficulty and complexity and as a result may increase the likelihood of reliability, quality, operability, and/or security issues with such offerings. Our products and services may also fail to perform to the full specifications and expectations of our customers, including as part of transitioning customers to the cloud, in particular those that involve customer and/or third-party dependencies. Additionally, third-party components that we integrate into our solutions can have undetected quality issues that can impact the performance of our offerings. We may not be able to detect or remedy all errors, including those that may be deemed critical by our customers, prior to release or deployment. Such reliability, quality, operability, and security issues may negatively impact our ability to retain current customers, including due to customer cancellations or non-renewals, as well as our ability to obtain new customers and could expose us to liability, performance and warranty claims, as well as harm our brand and reputation. These and other risks associated with new offerings may have a material adverse impact on our results of operations and future performance.A cybersecurity incident, disruption, or failure of our information systems or those of our third-party providers could adversely impact our reputation, business, and financial results.Our operations are critically dependent on the security of our computer systems, the computer systems of our key suppliers and third parties, and the information stored in such systems. We face risks from, among other things, natural disasters (such as earthquakes and fires), technological threats (such as cyber-attacks, power outages, and telecommunications failures), and human actions (such as unauthorized access or exploitations, insider actions, phishing schemes, and other events). Increasingly, companies are subject to a wide variety of attacks on their networks on an ongoing basis. Incidences of cyber-attacks and other cybersecurity breaches and incidents have increased and are likely to continue to increase. Incidences of cyberattacks and other cybersecurity breaches and incidents have 16Table of Contentsincreased and are likely to continue to increase. The occurrence of one or more of these events could result in data loss, system outages, and other interruptions in our operations, which could have a material adverse effect on our business, financial condition or results of operations. Despite robust data security measures and skilled computer programmers, nation state sponsored cyber attackers (including from countries such as Iran, China, Russia and certain Eastern European nations) and hackers may be able to penetrate our network security or that of our third-party providers and misappropriate or compromise our intellectual property or other confidential information or that of our customers, create system disruptions or cause shutdowns. They may also be able to develop and deploy viruses, worms, and other malicious software programs that attack our systems or products or otherwise exploit security vulnerabilities of our systems or products. In addition, phishing-scheme-perpetrators may be able to lure employees or contractors into providing such perpetrators with information that may enable them to avoid some of our network security controls or those of third-party providers which could result in system disruptions or a loss of confidential and proprietary information.While immaterial in impact, we have been subject to actual and threatened cyber-attacks, and there can be no assurance that our defensive measures will be adequate to prevent them in the future. From time to time, we discover vulnerabilities in our software products, and while we routinely perform regular system updates and patches to our various information systems and our products to address such vulnerabilities, we may be unable to timely implement patches and security measures which could result in a cyber-attack. When cyber-attacks occur, we could incur significant liability to our customers whose information was compromised, and our product platform may be perceived as less desirable, which could negatively affect our business and damage our reputation. Further, because we do not control our third-party service providers, or the processing of data by our third-party service providers, we cannot fully ensure the integrity or security of measures they take to protect customer information and prevent data loss. Further, because we do not control our third-party service providers, or the processing of data by our third-party service providers, we cannot ensure the integrity or security of measures they take to protect customer information and prevent data loss. These types of activities will recur and persist, one or more of them may be successful in the future, and one or more of them may have been or will be successful but not detected, prevented, remediated or 17Table of Contentsmitigated by us, and the costs to us to eliminate, detect, prevent, remediate, mitigate or alleviate cyber security or security vulnerabilities could be significant, and our efforts to address these problems may not be successful and could adversely impact our future results of operations. These types of activities will recur and persist, one or more of them may be successful in the future, and one or more of them may have been or will be successful but not detected, prevented, remediated or mitigated by us, and the costs to us to eliminate, detect, prevent, remediate, mitigate or alleviate cyber security or security vulnerabilities could be significant, and our efforts to address these problems may not be successful and could adversely impact our future results of operations. If as a result of these events, the information stored on our or our customers’ systems could be accessed, publicly disclosed, altered, lost or stolen, they can subject us to additional liability and cause us financial harm. In addition, our disclosures concerning security incidents may become the subject of litigation, and cause us, especially in the event of an adverse court ruling, additional financial strain and reputational harm. While we take and will continue to take remediation steps, there is no guarantee that our preventative and mitigation actions with respect to any cybersecurity incident will fully eliminate the risk of a malicious compromise of our, our third-party service providers’ or our customers’ systems.Additionally, we offer the ability for our employees to choose a remote work location which introduces additional security challenges. The increase in endpoints to manage and reliance on employees to adhere to information security policies and hygiene practices, heightens the vulnerability of our systems to security breaches.While we maintain insurance coverage for certain liabilities related to cyber-attacks and/or data breaches, such coverage may not adequately cover all costs, expenses, liability and damages that we or our customers may incur as a result of such incidents.The offering of our cloud- and hybrid-based platforms has increased our exposure to information security risks by increasing our joint responsibility with customers and third-party cloud providers for protecting sensitive information processed through these platforms, preventing any unauthorized access to or use of such platforms, preventing data breaches, and addressing vulnerabilities in customer-managed applications, the failure of which could adversely impact our results of operation, reputation, compliance obligations, and relationships with our customers. Prior to our transition to offering cloud- and hybrid-based platforms, our customers generally purchased or leased on-premises hardware systems used in connection with our software solutions, which our customers deployed and operated.Prior to our transition to a subscription-based business, our customers generally purchased or leased on-premises hardware systems used in connection with our software solutions, which our customers deployed and operated. With respect to these types of customer on-premises solutions, the customer, directly or through its selected services providers, has full control over its data security. While we continue to provide on-premises capabilities for our customers, we also provide cloud- and hybrid-based platforms, which has expanded our information security risk landscape. Our cloud- and hybrid-based platforms generally require us to deploy or operate solutions for our customers, directly or through the use of third-party services providers, either on-premises at customer-selected data center facilities, or at third-party-hosted data center facilities. Cloud-based SaaS offerings generally require us to deploy or operate solutions for our customers, directly or through the use of third-party services providers, either on-premises at customer-selected data center facilities, or at third-party-hosted data 17Table of Contentscenter facilities. As a result, more responsibility for data security has been transferred to us and our third-party service providers due to the data security responsibilities allocated among us, our customers, and third-party providers that are inherent in cloud- and hybrid-based platforms. As a result, more responsibility for data security has been transferred to us and our third-party service providers. For example, gaps in security responsibilities can materialize if roles among us, our customers, or third-party providers are not clearly defined or effectively managed and can lead to additional security risks (such as compromised credentials, hijacked accounts, data breaches due to misconfigured cloud storage, inadequate security practices by third-party providers, and vulnerabilities in shared technology). Furthermore, in cloud environments, we are exposed to additional security risks (such as compromised credentials, hijacked accounts, data breaches due to misconfigured cloud storage, inadequate security practices by third-party providers, and vulnerabilities in shared technology) and bear greater responsibility for securing data against unauthorized access, data breaches, and other cyber threats. The distributed and multi-tenant nature of our cloud- and hybrid-based platforms can also complicate data governance and compliance. The distributed nature of cloud computing can also complicate data governance and compliance with various global data protection regulations. While customers handle application development and deployment within our platform, vulnerabilities stemming from various actions, including unsecure coding practices, data leakage, performance issues, or mismanagement of configurations, can impact the broader platform's integrity and security. Further, we are required to maintain and obtain various global security certifications for our platforms, such as the International Organization for Standardization 27001 ("ISO 27001"), Payment Card Industry Data Security Standard ("PCI"), Federal Risk and Authorization Management Program ("FedRAMP®"), and any delays or failure in maintaining or obtaining such certifications may hinder our competitiveness, particularly in regulated industries, and impact customer confidence. If unauthorized access to or use of our cloud- or hybrid-based platforms, failure to prevent data breaches, or failure to address vulnerabilities in customer-managed applications occurs, despite robust data security measures and third-party commitments to protect them, our results of operation, reputation, compliance obligations, and relationships with our customers could be adversely impacted. Even the perception of inadequate security, including delays or failure to obtain necessary security certifications such as FedRAMP, may damage our reputation and negatively 18Table of Contentsimpact our ability to win new customers and retain existing customers, consequently adversely impacting our financial performance and condition. Even the perception of inadequate security, including as a result of delays or failure to obtain necessary security certifications, may damage our reputation and negatively impact our ability to win new customers and retain existing customers, consequently adversely impacting our financial performance and condition. If our existing customers fail to renew, or cancel, their subscription license arrangements or support agreements, or if customers do not renew on terms favorable to us, our business could be adversely affected. If our existing customers fail to renew, or cancel, their subscription license arrangements or support agreements, or if customers do not renew on terms favorable to us, our business could be adversely affected. Teradata’s platform offerings have been expanded to include a variety of subscription options, which impact the timing of when revenues are recognized and related cash flows are collected. The IT industry generally has been experiencing increasing pricing pressure from customers when purchasing or renewing support agreements. As our on-premises customers migrate all or a portion of their data analytics solutions to a cloud-based environment, some customers have selected a cloud-based offering of one of our competitors and existing customers may do so in the future. As a result, such customers have cancelled all or a portion of their arrangements with us and may continue to do so in the future. While customer cancellations we have had to date have not been material to our business, they could become material in the future. Mergers and acquisitions in certain industries that we serve could result in a reduction of the software and hardware being supported and put pressure on our subscription and support terms with customers who have merged. Given these factors, there can be no assurance that our current customers will migrate from on-premises to the cloud with Teradata, renew their subscription and/or support agreements, or agree to the same terms when they renew, which could result in our reducing or losing subscription and/or support fees which could adversely impact operating results.Our future results depend in part on our relationships with strategic partners, key suppliers, and other third parties.Our development, marketing, and distribution plans depend in part on our ability to form strategic alliances with third parties that have complementary offerings, software, services, and skills. Our strategic partners include cloud service providers, consultants and system integrators, software and technology providers, hardware support service providers, and indirect channel distributors in certain countries. These relationships involve risks, including our partners changing their business focus, entering strategic alliances with other companies, being acquired, including by our competitors, failing to meet regulatory requirements, data privacy or other laws, or performance criteria, improperly using our confidential information, exposing our data and/or customer information through the transfer of data to the cloud or otherwise or through other security breaches, or their market reputation deteriorating. If we fail to maintain or expand our relationships with strategic partners or if we are forced to seek alternative technology or technology for new solutions that may not be available on commercially reasonable terms, our business may be adversely affected.As part of our strategy, our relationships with public cloud service providers, Amazon Web Services ("AWS"), Google Cloud, and Microsoft Azure, can impact our business. Our strategic relationships with these cloud service providers for our cloud offerings on their platforms require significant investments to ensure that our solutions are optimized in these cloud environments. Our strategic partnerships with these cloud service providers for our cloud offerings on their platforms require significant investments to ensure that our solutions are optimized in these cloud environments. In addition, there are geographies in which we operate that utilize alternative, local cloud-platform service providers where AWS, Google Cloud, and Microsoft Azure are inaccessible or not available. The cloud service providers maintain relationships with certain of our competitors, and our competitors may in the future establish relationships with additional competing cloud data platform providers. The cloud service providers maintain relationships 18Table of Contentswith certain of our competitors, and our competitors may in the future establish relationships with additional competing cloud data platform providers. Furthermore, cloud service providers do and may in the future provide platforms that compete with VantageCloud and VantageCloud Lake. Any of these cloud service providers may decide to modify or terminate our business relationship, change the terms of any agreement or pricing terms that we have with them, or may otherwise enter into preferred relationships with one or more competing cloud data platform providers. If we are unsuccessful in meeting performance requirements or obtaining future returns on these investments, or if we are otherwise unable to maintain adequate relationships with any of these cloud service providers, our financial results may be adversely impacted.Third-party vendors provide important elements to our solutions; if we do not maintain our relationships with these vendors or if these vendors cease to be going concerns, interruptions in the supply of our offerings may result. There are some components of our solutions that we purchase from single sources due to price, quality, technology or other reasons. For example, we rely on Flex as a key single source contract manufacturer for our on-premises hardware systems. In addition, we buy servers from Dell Technologies Inc. and storage disk systems from NetApp, Inc. Some components supplied by third parties may be critical to our solutions, and several of our suppliers may terminate their agreements with us without cause with 180-days' notice. In addition, we rely on certain vendors for hardware support services and parts supply. If we were unable to purchase necessary services, parts, components or 19Table of Contentsofferings from a particular vendor and had to find an alternative supplier, our shipments and deliveries could be delayed. If we were unable to purchase necessary services, parts, components or offerings from a particular vendor and had to find an alternative supplier, our shipments and deliveries could be delayed. Also, quality issues, commodity, transportation, wage, or other inflationary pressures, a disruption in our supply chain or the need to find alternative suppliers could impact the costs and/or timing associated with procuring necessary offerings, components and services. In any case, our operations could be adversely impacted. Similarly, our suppliers’ offerings and services have certain dependencies with respect to their own supply chain networks, and supply and/or inflation issues among our suppliers may also adversely impact our business.Demand for the offerings and services we sell could decline if we fail to maintain positive brand perception and recognition.In 2023, Teradata introduced a new brand identity, including our messaging around trusted data and trusted AI.In 2023, Teradata introduced a new brand identity. With this brand we strive to be modern, innovative, and reflective of our vision for the future. Our updated brand is designed to highlight Teradata’s role as a leader in AI and hybrid cloud data and analytics. Our updated brand is designed to highlight Teradata’s role as a leader in AI, analytics, and cloud data. We believe that recognition and the reputation of our brand is key to our success, including our ability to retain existing customers as well as attract new customers and partners. We believe that recognition and the reputation of our brand is key to our success, including our ability to retain existing customers and attract new customers. While we leverage our decades of experience in data analytics and database management services, we believe we have evolved to provide the modern offerings customers need. These include the cloud-native architecture of Teradata VantageCloud Lake, the end-to-end pipeline of AI/ML capabilities in ClearScape Analytics, our on-demand AI/ML engine in the cloud that delivers a completely self-service experience with Teradata AI Unlimited, and our commitment to providing a platform compatible with OTFs to provide an open and connected ecosystem offering to our customers. These include the cloud-native architecture of Teradata VantageCloud Lake, the end-to-end pipeline of AI/ML capabilities in ClearScape Analytics, and our AI and ML engine in the cloud that delivers a completely self-service and serverless experience of Teradata AI Unlimited. The failure for the market to recognize our brand attributes or for there to be misperceptions in the market regarding our cloud, hybrid, AI, or other capabilities could negatively impact our ability to upgrade existing on-premises customers to our hybrid cloud-based solutions, drive expansion/consumption growth, and/or acquire new customers for our on-premises and hybrid cloud businesses. The failure for the market to recognize our new brand or misperceptions in the market regarding our cloud, AI, or other capabilities could negatively impact our ability to upgrade existing on-premises customers to our cloud-based solutions or from VantageCloud Enterprise to VantageCloud Lake, drive expansion/consumption growth, and/or acquire new customers for our on-premises and cloud businesses. In addition, damage to the reputation of our brand could result in, among other things, customer cancellations or non-renewals, lower employee retention and productivity, vendor relationship issues, and investor and other stakeholder scrutiny, any of which could materially affect our revenue and profitability. In addition, damage to the reputation of our brands could result in, among other things, customer cancellations or non-renewals, lower employee retention and productivity, vendor relationship issues, and investor and other stakeholder scrutiny, all of which could materially affect our revenue and profitability. Increases in the cost of components used in our product, and/or increases in our other costs of doing business, have, and could continue to, adversely affect our profit margins.Our cloud offerings are dependent on cloud service providers and require significant investments to ensure that our solutions are optimized in these cloud environments. In addition, our profit margins are currently adversely impacted by the price we pay for cloud services and will continue to do so until we effectively scale our cloud business. Our hardware components are assembled and configured by Flex. Flex also procures a wide variety of components used in the assembly process on our behalf. Although many of these components are available from multiple sources, we utilize preferred supplier relationships to better ensure more consistent quality, cost and delivery. Components used in our products require commodities as part of their manufacturing. In addition, we have a global employee population. As such, increased costs and/or commodity and other inflation, and/or increased tariffs on certain items imported from foreign countries have affected our profit margins and could continue to result in declines in our profit margins. Historically, we have mitigated certain cost increases, in part, by increasing prices on some of our products and collaborating with suppliers, reviewing alternative sourcing options, and engaging in internal cost reduction efforts, all as appropriate. Historically, we have mitigated certain cost increases, in part, by increasing prices on 19Table of Contentssome of our products and collaborating with suppliers, in particular Flex, reviewing alternative sourcing options, and engaging in internal cost reduction efforts, all as appropriate. However, we may not be able to fully offset increased costs. Further, if any price increases we adopt are not accepted by our customers and the market, our net sales, profit margins, earnings, and market share could be adversely affected.Challenges with the design and implementation of our new enterprise resource planning ("ERP") system could adversely impact our business and operations. We commenced a multi-year initiative to transform and modernize our ERP system, and expect to complete the final go-live phase in the first quarter of 2025.

The 1st phase of the system's implementation has been used to support the preparation of our Annual Report on Form 10-K for 2024. The ERP system is designed to accurately maintain the Company’s financial records, enhance operational functionality, and provide timely information to the Company’s management team related to the operation of the business. The implementation of the new ERP system requires an investment in financial and personnel resources, including substantial expenditures for outside consultants and system expenses in connection with the transformation of our financial and operating processes. While the ERP system is intended to improve and enhance our information management systems, the ongoing implementation and initial use of this new ERP system exposes us to integration complexities and challenges with 20Table of Contentsour existing systems and processes, including the possible disruption of our financial reporting. While the ERP system is intended to further improve and enhance our information management systems, the ongoing implementation of this new ERP system exposes us to integration complexities and challenges with our existing systems and processes, including the possible disruption of our financial reporting. If we failed to properly design our ERP system or are unable to successfully implement and use the new ERP system as planned, we may experience increased expenditure and the diversion of personnel resources which could adversely affect our internal control over financial reporting, business operations and financial condition. If we failed to properly design our ERP system or are unable to successfully implement the new ERP system as planned, we may experience increased expenditure and the diversion of personnel resources which could adversely affect our internal control over financial reporting, business operations and financial condition. Any disruption, including as a result of natural disasters or climate change, at or near any of our facilities or other operations or those of our customers, vendors, data warehouses, distribution channels, and public cloud service providers could adversely affect our business.Disruptions could occur as a result of supply chain challenges; decreases in work force availability; natural resources availability; natural disasters; inclement weather, including as exacerbated by global climate change; man-made disasters; or other external events, such as terrorist acts or acts of war, pandemics and/or epidemics, boycotts and sanctions, widespread criminal activities, or protests and/or social unrest, or other events, at or in proximity to any of our facilities or those of our customers, vendors, data warehouses, distribution channels, and public cloud service providers. Such events and disruptions could make it difficult or impossible to deliver products and services to our customers or perform critical business functions and could adversely affect our business. Our headquarters and data center are located in California, a region with a history of seismic activity, wildfires and an extreme risk of drought, flooding, and vulnerability to future water scarcity. Our headquarters and data centers are located in California, a region with a history of seismic activity and wildfires and an extreme risk of drought, flooding, and vulnerability to future water scarcity. As such, we could experience disruptions as a result of natural disasters and/or extreme weather conditions, including sea-level rise, earthquakes, tornadoes, hurricanes, earthquakes, floods, tsunamis, typhoons, drought, and fire, that could impact our business and operations. Such events could pose physical risks to our facilities and data center, result in power outages and shortages, and/or result in failures of global critical infrastructure, telecommunication and security systems, natural resource availability, such as energy and water sources, employees’ ability to work, availability of supply chain and logistics, and the additional costs to maintain or resume operations such as costs to repair damages to our facilities, equipment, infrastructure, and business relationships, each of which could negatively impact our business and operations. Such events could pose physical risks to our facilities and data warehouses, result in power outages and shortages, and/or result in failures of global critical infrastructure, telecommunication and security systems, natural resource availability, such as energy and water sources, employees’ ability to work, availability of supply chain and logistics, and the additional costs to maintain or resume operations such as costs to repair damages to our facilities, equipment, infrastructure, and business relationships, each of which could negatively impact our business and operations. Furthermore, environmental regulations are increasing in their frequency of issuance and applicability to our company, particularly due to our operations in California and the European Union. Such regulations may result in changes in the demand for resources that could adversely impact the availability or cost of goods and services, including natural resources necessary to run our business. The world economy, including our business, realized significant disruption during the COVID-19 pandemic. The occurrence of future global pandemics and/or regional epidemics may disrupt our business in the future. The extent to which our business may be affected in the future is highly uncertain and cannot be predicted as it would be dependent on factors such the duration and scope of the pandemic; governmental, business, and individuals' actions in response to the pandemic; and the impact on economic activity such as financial market instability. Failure to successfully complete reorganization activities in connection with our transformation activities or otherwise could negatively affect our operations.We have completed reorganization efforts in connection with our business transformation and we may continue to complete reorganization activity in furtherance of our strategy. In addition, from time to time, we may wind down certain business activities and/or facilities, cease doing business in certain geographic areas, and/or perform other organizational reorganization projects in an effort to reduce costs and optimize operations. For example, in 2022, we ceased our operations in Russia to comply with sanctions imposed as a result of Russia’s invasion of Ukraine and in 2023 we ceased our direct operations in China. For example, in 2022, we ceased our operations in Russia to comply with sanctions imposed as a result of Russia’s invasion of Ukraine and in 20Table of Contents2023 we ceased our direct operations in China. In addition, on August 5, 2024, we announced that we had realigned our sales function and had initiated global restructuring and cost reduction actions to optimize operations, reduce non-revenue generating expenses, and drive efficiencies for long-term growth and profitability. Reorganization activities involve risks as they may divert management's attention from our core businesses, increase expenses on a short‑term basis or reduce revenues. We may also experience a loss of continuity, loss of accumulated knowledge, or loss of efficiency during such transitional periods, all of which may negatively impact our business, financial condition, operating results, and cash flows.Our business is affected by the global economies in which we operate and the economic climate of the industries we serve.Our business and results of operations are affected by international, national and regional economic conditions. In particular, the IT industry in which we operate is susceptible to significant changes in the strength of the economy and the financial health of companies and governmental entities that make spending commitments for new technologies. Accordingly, adverse global economic, inflationary, recessionary, and market conditions, including in 21Table of Contentscertain economic sectors in which many of our customers operate (such as retail, manufacturing, financial services or government), may adversely impact our business. Accordingly, adverse global economic, inflationary, recessionary, and market conditions, including in certain economic sectors in which many of our customers operate (such as retail, manufacturing, financial services or government), may adversely impact our business. For example, adverse changes to the economy could impact the timing of purchases by our current and potential customers or the ability of our customers to fulfill their obligations to us. In addition, decreased or more closely scrutinized spending in our customers’ businesses and in the industries we serve, may adversely impact our business. Uncertainty about future economic conditions may make it difficult for us to forecast operating results and to make decisions about future investments. In addition, our inability or failure to quickly respond to inflation and the resulting buying behaviors of our customers could harm our business, results of operations and financial condition. Our success in periods of economic uncertainty may also be dependent, in part, on our ability to reduce costs in response to changes in demand, inflation or other activity.Generating substantial revenues from our international operations pose several risks.In 2024, the percentage of our total revenues from outside of the United States was 49%. We have exposure to more than 30 functional currencies. The risks associated with the geographic scope of our business operations include, among other things the following:•Cultural, management, and staffing challenges associated with operating in countries around the world, including developing countries;•Realignment of our international strategy and organization structure;•The imposition of additional and/or different country laws, governmental controls and regulations; •The ever-changing macro-economic and geo-political (including local conflicts and wars) environments we operate in; •Longer payment cycles for sales in certain foreign countries and difficulties in enforcing contracts and collecting accounts receivable;•Fluctuations in the value of local currencies and foreign currency controls in various jurisdictions where we operate, including Argentina;•Tariffs or other restrictions on foreign trade or investment; •Foreign trade policy changes, trade regulations, and/or disputes may adversely affect sales of our solutions and services and may result in longer sales cycles;•The imposition of sanctions against a country, company, person or entity with whom we do business that would restrict or prohibit our business; and•Foreign or domestic government activities that favor domestic companies, including those that may require companies to procure goods and services from locally-based suppliers.Any of these events, among others, could materially and adversely affect our financial condition and operating results. Our offerings are subject to United States export controls and, when exported from the United States, or re-exported to another country, must be authorized under applicable United States export regulations. Our offerings may also be subject to local country import controls. Changes in our offerings or changes in export or import regulations, including the implementation of adverse tariffs, may create delays in the introduction of our offerings in international markets, prevent our customers with international operations from deploying our offerings throughout their global systems or, in some cases, prevent the export or import of our offerings to certain countries or customers altogether. Changes in our offerings or changes in export regulations may create delays in the introduction of our offerings in international markets, prevent our customers with international operations from deploying our offerings throughout their global systems or, in some cases, prevent the export of our offerings to certain countries or customers altogether. Any change in export or import regulations or related legislation, shift in approach to the enforcement or scope of existing regulations, change in tariff policy, or change in the countries, persons or technologies targeted by these regulations could result in decreased use of our offerings by, or in our decreased ability to export, import or sell our offerings to, existing or potential customers with international operations. Any change in export regulations or related legislation, shift in approach to the enforcement or scope of existing regulations, or change in the countries, persons or technologies targeted by these regulations could result in decreased use of our offerings by, or in our decreased ability to export or sell our offerings to, existing or potential customers with 21Table of Contentsinternational operations. There is active enforcement and ongoing focus by the Securities and Exchange Commission (the "SEC") and other governmental authorities on the United States Foreign Corrupt Practices Act, the U.K. Bribery Act of 2010 and similar anti-bribery, anti-corruption laws in other countries. Given the breadth and scope of our international operations, we may not in all cases be able to detect improper or unlawful conduct by our partners, distributors, resellers, customers, and employees, despite our high ethics, governance and compliance standards, which could put the Company at risk regarding possible violations of such laws and could result in various civil or criminal fines, penalties or administrative sanctions, and related costs, which could negatively impact the Company's business, brand, results of operations or financial condition.22Table of ContentsInadequate internal control over financial reporting and accounting practices could lead to errors, which could adversely impact our ability to assure timely and accurate financial reporting.Inadequate internal control over financial reporting and accounting practices could lead to errors, which could adversely impact our ability to assure timely and accurate financial reporting. Internal control over financial reporting, no matter how well designed and operated, can provide only reasonable, not absolute, assurance that the control objectives will be met. These inherent limitations include system errors, the potential for human error and unauthorized actions of employees or contractors, inadequacy of controls, temporary lapses in controls due to shortfalls in transition planning and oversight of resources, internal control failures as a result of the implementation and use of our new ERP system, and other factors. These inherent limitations include system errors, the potential for human error and unauthorized actions of employees or contractors, inadequacy of controls, temporary lapses in controls due to shortfalls in transition planning and oversight of resources, and other factors. Consequently, such controls may not prevent or detect misstatements in our reported financial results as required under the SEC and the New York Stock Exchange ("NYSE") rules, which could increase our operating costs or impair our ability to operate our business. Consequently, such controls may not prevent or detect misstatements in our reported financial results as required under the Securities and Exchange Commission ("SEC") and the New York Stock Exchange ("NYSE") rules, which could increase our operating costs or impair our ability to operate our business. Controls may also become inadequate due to changes in circumstances, and it is necessary to replace, upgrade or modify our internal information systems from time to time. In addition, unforeseen risks may arise in connection with financial reporting systems, including with our new ERP system, due to inefficient business processes, business process reengineering projects, or changes in accounting standards. In addition, unforeseen risks may arise in connection with financial reporting systems due to inefficient business processes, business process reengineering projects, or changes in accounting standards. If management is not successful in maintaining a strong internal control environment, material weaknesses could occur, causing investors to lose confidence in our reported financial information. This could lead to a decline in our stock price, limit our ability to access the capital markets in the future, and require us to incur additional costs to improve our internal control systems and procedures.Increased scrutiny from governments, investors, rating agencies, customers, and other stakeholders regarding our environmental, social, and governance ("ESG") practices, commitments, and performance and our inability to achieve any ESG goals we establish could impose additional costs, expose us to new risks, or negatively impact our reputation.Increased scrutiny from governments, investors, raters, customers, and others regarding our environmental, social, and governance ("ESG") practices and our inability to achieve any ESG goals we establish could impose additional costs, expose us to new risks, or negatively impact our reputation. The ESG landscape is constantly changing, with regulatory requirements and stakeholder expectations continuously evolving. As a result, our ability to meet program goals and objectives may be challenged by a variety of factors, including the complexity of implementing ESG initiatives across our operations and supply chain, unforeseen economic or operational constraints, and shifts in market dynamics or regulatory frameworks. We are working to align our reporting with emerging ESG disclosure frameworks, new regulations, including those passed in the European Union and the state of California, and potential new disclosure requirements, while we also seek to report timely on progress toward our ESG objectives.To meet expectations from our stakeholders, we are working to align our reporting with emerging ESG disclosure frameworks, new regulations, including those passed in the European Union and the state of California, and potential new disclosure requirements, while we also seek to report timely on progress toward our ESG objectives. We have established ESG goals, and we expect to continue to establish additional ESG goals in which our ESG goals and/or our ESG program performance may be reviewed by third-party providers such as rating agencies who may unfavorably evaluate our ESG initiatives. If we fail, or are perceived to fail, to meet our stakeholders’ and/or raters’ expectations or regulatory requirements, we could be exposed to increased costs associated with compliance or operational changes, risk of litigation, difficulty in attracting and retaining employees, negative investor sentiment, and an adverse impact on our reputation. If we fail, or are perceived to fail, to meet our stakeholders’ and/or raters’ expectations, including the achievement of the ESG goals that we establish, we could be exposed to increased risk of litigation, difficulty in attracting and retaining employees, negative investor sentiment, and an adverse impact on our reputation. RISKS RELATED TO OUR INDUSTRYOur cloud and service offerings are designed to offer AI/ML capabilities, which exposes us to an emerging and uncertain regulatory environment and rapidly changing technology where any inability to comply with any such regulations may result in reputational harm, liability and disruption to our business operations.RISKS RELATED TO OUR INDUSTRYOur cloud and service offerings are designed to offer AI/ML capabilities, which exposes us to an uncertain regulatory environment and rapidly changing technology where any inability to comply with any such regulations may result in reputational harm, liability and disruption to our business operations. The AI/ML regulatory environment is rapidly evolving, and it is difficult to predict the impact the evolving regulatory landscape may have on our business, results of operations and financial condition. Teradata’s platforms and ClearScape Analytics are designed to deliver harmonized data, AI/ML, and faster innovation to facilitate better decision-making. AI/ML technologies are rapidly changing, and with the evolving regulatory environment, we may be subject to increased regulatory requirements, as well as other risks such as data privacy concerns, intellectual property disputes, and exposure to litigation. AI/ML technologies are rapidly 22Table of Contentschanging, and with the evolving regulatory environment, we may be subject to increased regulatory requirements, as well as other risks such as data privacy concerns, intellectual property disputes, and exposure to litigation. The IT industry is intensely competitive and evolving, and competitive pressures could adversely affect our pricing practices or demand for our offerings and services.We operate in the intensely competitive IT industry, which is characterized by rapidly changing technology, evolving industry standards and models for consuming and delivering business and IT services, frequent new 23Table of Contentsproduct introductions, and frequent price and cost reductions.We operate in the intensely competitive IT industry, which is characterized by rapidly changing technology, evolving industry standards and models for consuming and delivering business and IT services, frequent new product introductions, and frequent price and cost reductions. In general, as a participant in the data analytics and AI solutions market, we face:•Changes in customer spending preferences and other shifts in market demands, which drive changes in the Company's competition;•Changes in pricing, marketing and product strategies, such as potential aggressive price discounting and the use of different pricing models by our competitors;•Rapid changes in product delivery models, such as on-premises solutions versus cloud or hybrid solutions; •Rapid changes in computing technology and capabilities that challenge our ability to maintain differentiation; •New and emerging analytic technologies, including for AI/ML workloads, competitors, and business models; •Continued emergence of open-source software that often rivals current technology offerings at a much lower cost, despite its limited functionality;•Changing competitive requirements and deliverables in developing and emerging markets; and •Continuing trend toward consolidation of companies, which could adversely affect our ability to compete, including if our key partners merge or partner with our competitors. In general, as a participant in the data analytic solutions market, we face:•Changes in customer spending preferences and other shifts in market demands, which drive changes in the Company's competition;•Changes in pricing, marketing and product strategies, such as potential aggressive price discounting and the use of different pricing models by our competitors;•Rapid changes in product delivery models, such as on-premises solutions versus cloud solutions; •Rapid changes in computing technology and capabilities that challenge our ability to maintain differentiation; •New and emerging analytic technologies, including for AI/ML, competitors, and business models; •Continued emergence of open-source software that often rivals current technology offerings at a much lower cost despite its limited functionality;•Changing competitive requirements and deliverables in developing and emerging markets; and •Continuing trend toward consolidation of companies, which could adversely affect our ability to compete, including if our key partners merge or partner with our competitors. Our competitors include established companies within our industry, including Amazon, Google, IBM, Oracle, Microsoft, and SAP, which are well-capitalized companies with widespread distribution, brand recognition and penetration of our product platforms and service offerings. The significant purchasing and market power of these larger competitors, which have greater financial resources than we do, could allow them to surpass our market penetration and marketing efforts to promote and sell their offerings and services. In addition, many other companies participate in specific areas of our business, such as enterprise applications, analytic platforms and business intelligence software. In some cases, we may partner with a company in one area of our business and compete with them in another. In particular, in delivering our Teradata VantageCloud offerings in a cloud environment to certain of our customers, we partner with each of Amazon Web Services, Google, and Microsoft, which are public cloud service providers. The status of our business relationships with these companies can influence our ability to compete for analytic data solutions opportunities in such areas. In addition, we see additional competition from both established and emerging cloud-only data vendors and open-source providers. Failure to compete successfully with new or existing competitors in these and other areas could have a material adverse impact on our ability to generate additional revenues or sustain existing revenue levels.Current and evolving privacy laws and regulations, cross-border data transfer restrictions and other aspects of data privacy may impact the use and adoption of our solutions and services and adversely affect our business.Current and evolving privacy laws and regulations regarding cloud computing, cross-border data transfer restrictions and other aspects of data privacy may impact the use and adoption of our solutions and services and adversely affect our business. Federal, state and foreign governments continue to adopt new, or modify existing, laws and regulations addressing data privacy and the collection, processing, storage, transfer and use of data. Some of these impose new obligations directly on the Company as both a data controller and a data processor, as well as on many of our customers. New laws also require us to evaluate any required changes to our solutions and services on an ongoing basis to enable Teradata and/or our customers to comply with the new legal requirements and may also increase our potential liability through higher potential penalties for non-compliance. Further, laws such as the European Union’s proposed e-Privacy Regulation are increasingly aimed at the use of personal information for marketing purposes, and the tracking of individuals’ online activities. These new or proposed laws and regulations are also subject to differing interpretations which may be inconsistent among jurisdictions. These and other requirements could reduce demand for our solutions and services, require us to take on more onerous obligations in our contracts, restrict our ability to store, transfer and process data or, in some cases, impact our ability to offer our solutions and services in certain locations or our customers' ability to deploy our solutions globally. For example, existing and developing laws regarding how companies transfer personal data across borders can be unpredictable and subject to legal challenge and could result in further limitations on the ability to transfer data across borders, particularly if governments are unable or unwilling to create new, or maintain existing, mechanisms that support cross-border data transfers. For example, existing and developing laws regarding how companies transfer personal data from the European Economic Area to the United States and other third-world countries can be unpredictable and could result in further limitations on the ability to transfer data 23Table of Contentsacross borders, particularly if governments are unable or unwilling to create new, or maintain existing, mechanisms that support cross-border data transfers. Additionally, certain countries have passed or are considering passing laws requiring local data residency. The costs of compliance with, and other burdens imposed by, privacy laws, regulations and standards may limit the use and adoption of our solutions and services, reduce overall demand for our solutions and services, make it more 24Table of Contentsdifficult to meet expectations from or commitments to customers, lead to significant fines, penalties or liabilities for noncompliance, or slow the pace at which we close sales transactions, any of which could harm our business. The costs of compliance with, and other burdens imposed by, privacy laws, regulations and standards may limit the use and adoption of our solutions and services, reduce overall demand for our solutions and services, make it more difficult to meet expectations from or commitments to customers, lead to significant fines, penalties or liabilities for noncompliance, or slow the pace at which we close sales transactions, any of which could harm our business. In addition to government activity, privacy advocacy and other industry groups establish new self-regulatory standards that may place additional burdens on our ability to provide our solutions and services globally. Our customers expect us to meet voluntary certification and other standards established by third parties, such as related ISO standards. Our customers expect us to meet voluntary certification and other standards established by third parties, such as related International Organization for Standardization ("ISO") standards. If we are unable to maintain these certifications or meet these standards, it could adversely affect our ability to provide our solutions to certain customers and could harm our business.Furthermore, concerns regarding data privacy may cause our customers’ customers to resist providing the data necessary to allow our customers to use our solutions and services effectively. Even the perception that the privacy of personal information is not satisfactorily protected or does not meet regulatory requirements could inhibit sales of our offerings or services and could limit adoption of our cloud-based solutions.RISKS RELATED TO HUMAN CAPITALWe depend on key employees and face competition in hiring and retaining qualified employees.Our employees and access to talent are critical to our success. Our future success depends on our ability to attract, retain, develop, and motivate the services of senior management and key personnel in all areas of our Company, including engineering and development, marketing and sales professionals, and consultants. Competition for highly skilled personnel and acquired talent in the current environment, specifically the IT industry is intense. Competition for highly skilled personnel and acquired talent in the IT industry is intense. We have experienced, and may continue to experience, voluntary workforce attrition, including the loss of senior management and key personnel, in part due to the highly competitive job market in our industry. Furthermore, we are required to attract and retain talent with expertise in cloud-based technologies and AI/ML capabilities, particularly with respect to our engineering, development and services teams. Furthermore, we are required to attract and retain talent with expertise in cloud-based technologies, particularly with respect to our engineering and development teams. No assurance can be made that key personnel will remain with us, and it may be difficult and costly to replace such employees and/or obtain qualified talent who are not employees. We implemented a remote working policy to expand our talent pool for key personnel and we cannot predict the longer-term workforce implications. Our failure to execute on our key culture initiatives, hire, retain or replace our key personnel could have a material adverse impact on our business operations.RISKS RELATED TO LEGAL AND REGULATORY MATTERSWe face uncertainties regarding legal proceedings, complex and changing laws and regulations, and other related matters.In the normal course of business, we are subject to proceedings, lawsuits, claims and other matters, including those that could relate to the environment, health and safety, employee benefits, export compliance, shareholder matters, intellectual property, a variety of local laws and regulations, and other regulatory compliance and general matters.In the normal course of business, we are subject to proceedings, lawsuits, claims and other matters, including those that could relate to the environment, health and safety, employee benefits, export compliance, intellectual property, a variety of local laws and regulations, and other regulatory compliance and general matters. See "Note 10-Commitments and Contingencies" in the Notes to Consolidated Financial Statements in this Annual Report. Because such matters are subject to many uncertainties, their outcomes are not predictable. There can be no assurances that the amounts required to satisfy alleged liabilities from such matters will not impact future operating results.In addition, we are subject to diverse and complex laws and regulations, including those relating to technology, including AI/ML, corporate governance, ESG reporting, environmental protection, data privacy, public disclosure, and reporting, which are rapidly changing and subject to possible changes in the future.In addition, we are subject to diverse and complex laws and regulations, including those relating to technology, including AI/ML, corporate governance, data privacy, public disclosure, and reporting, which are rapidly changing and subject to possible changes in the future. From time to time, we may conduct internal investigations to ensure compliance with such laws and regulations, the costs or results of which could impact our financial results. In addition, we may be subject to unexpected costs in connection with new public disclosure or other accounting or regulatory requirements that are issued from time to time. In addition, we may be subject to unexpected costs in connection with new public disclosure or other regulatory requirements that are issued from time to time. Laws and regulations impacting our customers, such as those relating to privacy, data protection and digital marketing, could also impact our future business. Because we do business in the government sector, we are generally subject to audits and investigations which could result in various civil or criminal fines, penalties or administrative sanctions, including debarment from future government business, which could negatively impact the Company’s results of operations or financial condition. Because we do 24Table of Contentsbusiness in the government sector, we are generally subject to audits and investigations which could result in various civil or criminal fines, penalties or administrative sanctions, including debarment from future government business, which could negatively impact the Company’s results of operations or financial condition. 25Table of ContentsGaps in protection of Teradata’s intellectual property or unlicensed use of third-party intellectual property could impact our business and financial condition.Gaps in protection of Teradata’s intellectual property or unlicensed use of third-party intellectual property could impact our business and financial condition. As a technology company, our intellectual property portfolio is crucial to our continuing ability to be a leading hybrid cloud data and analytics platform provider for trusted AI.As a technology company, our intellectual property portfolio is crucial to our continuing ability to be a leading multi-cloud data and analytics platform provider. We strive to enhance and, as much as is legally and reasonably possible, protect our proprietary intellectual property rights through patent, copyright, trademark and trade secret laws, as well as through technological safeguards and the actions of our people. These efforts include protection of the offerings and application, diagnostic and other software we develop.Where gaps exist in our intellectual property protection, even if such gaps are reasonable, our business could be materially adversely impacted. We may be unable to prevent third parties from using our technology without our authorization or independently developing technology that is similar to ours, particularly in those countries where the laws do not protect our proprietary rights as fully as in the United States (such as Iran, China and certain Eastern European countries who may use NSSAPC to advance their own industries). With respect to inventions for which we choose to file patent applications, we may not be successful in securing patents for these claims, and our competitors may already have applied for patents that, once issued, will prevail over our patent rights or otherwise limit our ability to sell our offerings.While we take steps to provide for confidentiality obligations of employees and third parties with whom we do business (including customers, suppliers and strategic partners), there is a risk that such parties will breach such obligations and jeopardize our intellectual property rights. Many customers have outsourced the administration and management of their data and analytics environments to third parties, including some of our competitors, who then have access to our confidential information. Although we have agreements in place to mitigate this risk, there can be no assurance that such protections will be sufficient. In addition, our ability to capture and re-use field-based developed intellectual property is important to future business opportunities and profits.We are seeing an extended trend towards aggressive enforcement of intellectual property rights, especially by so-called "patent assertion entities" ("PAEs") or "non-practicing entities" ("NPEs"), as the functionality of offerings in our industry increasingly overlaps and the volume of issued software patents continues to grow. As a result, we have been, and in the future could be, subject to infringement claims which, regardless of their validity, could:•Be expensive, time consuming, and divert company resources and management attention away from normal business operations;•Require us to pay monetary damages or enter into non-standard royalty and licensing agreements;•Require us to modify our product sales and development plans; or•Require us to satisfy indemnification obligations to our customers.Regardless of whether these claims have any merit, they can be burdensome to defend or settle and can harm our business, reputation, financial condition and results of operations.A change in our effective tax rate can have a significant adverse impact on our business.A number of factors may adversely impact our future effective tax rates, such as:•The jurisdictions in which our profits are determined to be earned and taxed; •Changes in corporate tax rates in the jurisdictions in which we operate;•The resolution of issues arising from tax audits with various tax authorities;•Changes in the valuation of our deferred tax assets and liabilities; •Adjustments to estimated taxes upon finalization of various tax returns; and •Changes in available tax credits, especially surrounding tax credits in the United States for our research and development activities and foreign tax credits.A number of factors may adversely impact our future effective tax rates, such as:•The jurisdictions in which our profits are determined to be earned and taxed; 25Table of Contents•The resolution of issues arising from tax audits with various tax authorities;•Changes in the valuation of our deferred tax assets and liabilities; •Adjustments to estimated taxes upon finalization of various tax returns; and •Changes in available tax credits, especially surrounding tax credits in the United States for our research and development activities and foreign tax credits. Tax rules may change in a manner that adversely affects our future reported results of operations or the way we conduct our business. Further changes in the tax laws could arise as a result of the base erosion and profit shifting project that was undertaken by the Organization for Economic Co-operation and Development ("OECD"). Further changes in the tax laws of foreign jurisdictions could arise as a result of the base erosion and profit shifting project that was undertaken by the Organization for Economic Co-operation and Development ("OECD"). The OECD, which represents a coalition of member countries, recommended changes to numerous long-standing tax principles impacting how large multinational enterprises are taxed. In particular, the OECD has issued its guidance on the Global Anti-Base Erosion rules, with the purpose of ensuring multinational companies pay a 15% global minimum tax on the income generated in each of the jurisdictions where they operate in, referred to as "Pillar Two." 26Table of ContentsMany jurisdictions, including several European Union members and G20 countries, have enacted Pillar Two as of January 1, 2024. Pillar Two did not have a material impact to our effective tax rate in 2024. We are continuing to monitor developments and evaluating the impacts these new rules will have on our future tax rate, including eligibility to qualify for the safe harbor rules. We are monitoring developments and evaluating the impacts these new rules will have on our tax rate, including eligibility to qualify for these safe harbor rules. Further, the increased scrutiny on international tax and continuous changes to countries’ tax legislation may also affect the policies and decisions of tax authorities with respect to certain income tax and transfer pricing positions taken by the Company in prior or future periods. Further, the increased scrutiny on international tax and continuous changes to countries’ tax legislation may also affect the policies and decisions of tax authorities with respect to certain income tax and transfer pricing positions taken by the Company in prior or future periods. It is not uncommon for taxing authorities in different countries to have conflicting views, for instance, with respect to, among other things, the manner in which the arm’s length standard is applied for transfer pricing purposes, or with respect to the valuation of intellectual property. Our income tax obligations are based partly on our corporate structure and inter-company arrangements, including how we develop, value, and use our intellectual property and the valuations of our inter-company transactions. Tax authorities may disagree with certain positions we have taken and assess additional taxes. We regularly assess the likely outcomes of these audits to determine the appropriateness of our tax provision; however, there can be no assurance that we will accurately predict the outcomes of these audits, and the actual outcomes of these audits could have a material impact on our financial condition or results of operations. In addition, governmental authorities in the United States and throughout the world may increase or impose new income taxes or indirect taxes, or revise interpretations of existing tax rules and regulations, as a means of financing the costs of stimulus and other measures enacted or taken, or that may be enacted or taken in the future. Such actions could have an adverse effect on our results of operations and cash flows.RISKS RELATED TO OUR FINANCIAL CONDITIONOur indebtedness could adversely affect our financial condition and limit our financial flexibility.The Company's indebtedness could:•Expose us to interest rate risk;•Increase our vulnerability to general adverse economic and industry conditions;•Limit our ability to obtain additional financing or refinancing at attractive rates and terms;•Require the dedication of a substantial portion of our cash flow from operations to the payment of principal of, and interest on, our indebtedness, thereby reducing the availability of such cash flow to fund our growth strategy, working capital, capital expenditures, share repurchases and other general corporate purposes;•Limit our flexibility in planning for, or reacting to, changes in our business and the industry; and•Place us at a competitive disadvantage relative to our competitors with less debt.The Company's indebtedness could:•Expose us to interest rate risk;•Increase our vulnerability to general adverse economic and industry conditions;•Limit our ability to obtain additional financing or refinancing at attractive rates;•Require the dedication of a substantial portion of our cash flow from operations to the payment of principal of, and interest on, our indebtedness, thereby reducing the availability of such cash flow to fund our growth strategy, working capital, capital expenditures, share repurchases and other general corporate purposes;•Limit our flexibility in planning for, or reacting to, changes in our business and the industry; and•Place us at a competitive disadvantage relative to our competitors with less debt. Further, our outstanding indebtedness is subject to financial and other covenants, which may be affected by changes in economic or business conditions or other events that are beyond our control. If we fail to comply with the covenants in any of our indebtedness, we may be in default under the loan, which may entitle the lenders to accelerate the debt obligations. To avoid defaulting on our indebtedness, we may be required to take actions such as reducing or delaying capital expenditures, reducing or eliminating stock repurchases, selling assets, seeking additional equity capital, and restructuring or refinancing all or part of our existing debt. To avoid defaulting on our indebtedness, we may be required to take actions such as reducing or delaying capital expenditures, reducing or eliminating stock repurchases, selling assets, restructuring or refinancing all or part of our existing debt, or seeking additional equity capital, any of which may not be available on terms that are favorable to us, if at all. In addition, our ability to refinance any of our outstanding or future indebtedness will depend on market conditions and our financial condition at such time, which could result in our ability to engage in these activities on desirable rates and terms, or at all. In addition, market acceptance of new product and service offerings will be dependent in part on our ability to include functionality and usability that address customer requirements, and to optimally price our offerings and services to meet customer demand and cover our costs. Fluctuations in foreign currency exchange rates have affected our operating results and could continue to impact our revenue and net earnings.26Table of Contentsfluctuations in foreign currency exchange rates have affected our operating results and could continue to impact our revenue and net earnings. Because the functional currency of most of our foreign activities is the applicable local currency, but our financial reporting currency is the U.S. dollar, we are required to translate the assets, liabilities, expenses, and revenues of our foreign activities into U.S. dollars at the applicable exchange rate in preparing our Consolidated Financial Statements. We operate in approximately 40 countries and are exposed to various foreign currencies. We operate in approximately 40 countries and are exposed to various foreign currencies in the Americas region (North America and Latin America), EMEA region (Europe, Middle East, and Africa) and APJ region (Asia Pacific and Japan). Accordingly, we face foreign currency exchange rate risk arising from transactions in the normal course of business. In addition, we operate in certain jurisdictions that utilize foreign currency controls that may temporarily restrict access to foreign currency which results in excess cash in the jurisdiction that cannot be remitted outside of the country and is, therefore, subject to foreign currency exchange rate risk. For example, the Company has operations 27Table of Contentsin Argentina. For example, the Company has operations in Argentina. Commencing in October 2023 and continuing throughout 2024, the Company began entering into Blue Chip Swap transactions (a foreign exchange mechanism which effectively results in a parallel U.S. dollar exchange rate) in order to remit cash from its Argentine operations and such action resulted in a pre-tax loss on investment of $4 million and $13 million during 2024 and during 2023, respectively. dollar exchange rate) in order to remit cash from its Argentine operations and such action resulted in a pre-tax loss on investment of $13 million during the fourth quarter of 2023. Foreign currency exchange rates and foreign currency controls have affected our revenue and net earnings and could continue to impact our revenue and net earnings. While we actively manage our foreign currency market risk in the normal course of business by entering into various derivative instruments to hedge against such risk, these derivative instruments involve risks and may not effectively limit our underlying exposure to foreign currency exchange rate fluctuations or minimize our net earnings and cash volatility associated with foreign currency exchange rate changes. Further, the failure of one or more counterparties to our foreign currency exchange rate contracts to fulfill their obligations to us could adversely affect our operating results.Item 1B.UNRESOLVED STAFF COMMENTSNone. Item 1C.CYBERSECURITYRisk Management and StrategyOur cybersecurity program is designed to protect information and information systems from unauthorized access, use, disclosure, disruption, modification, or destruction. Enterprise Risk Management. We have processes in place for assessing, identifying, and managing material risks from cybersecurity threats, which are integrated into our Enterprise Risk Management ("ERM") program. We have processes in place for assessing, identifying, and managing material risks from cybersecurity threats, which are integrated into our Enterprise Risk Management ("ERM") program. Our ERM program, which is coordinated through our Enterprise Risk and Internal Audit function ("ERAS team"), includes the identification of risks relevant to Teradata’s business, including material risks from cybersecurity threats; assigning personnel responsible for such risks; the development of strategies and plans to monitor, assess, and mitigate such risks; and oversight of the identified risks through regular reporting and risk evaluations with management, our Board, and/or relevant Board committee. Our ERAS team works closely with the Information Security function, including our Chief Information Security Officer ("CISO"), in the cybersecurity risk management process that informs the ERM program. Cybersecurity Processes. The processes in place for managing cybersecurity threats, including threats associated with our use of third-party service providers, include identifying potential cybersecurity threats; defining the roles and responsibilities of our personnel pursuant to our Cybersecurity Incident Response Plan ("CIRP"); continuous testing and training of our employees on cybersecurity risks and security hygiene; communication and escalation protocols; and tools and technologies for incident detection and responses. The processes in place for managing cybersecurity threats, including threats associated with our use of third-party service providers, include identifying potential cybersecurity threats; defining the roles and responsibilities of our personnel pursuant to our Cybersecurity Incident Response Plan ("CIRP"); continuous testing and training of our employees on cybersecurity risks and security hygiene; communication and escalation protocols; and tools and technologies for incident detection and responses. We continuously assess risks and changes in the cybersecurity environment and adjust our processes and cybersecurity investments as appropriate.•Our information security processes are built upon a foundation of advanced security technology, a trained team of security experts, and operations based on various global practices, standards, and frameworks, including the International Organization for Standardization, International Electrotechnical Commission, and National Institute of Standards and Technology Cybersecurity Framework.•Our information security processes are built upon a foundation of advanced security technology, a trained team of security experts, and operations based on various global practices, standards, and frameworks, 27Table of Contentsincluding the International Organization for Standardization, International Electrotechnical Commission, and National Institute of Standards and Technology Cybersecurity Framework. •We maintain policies, procedures, and controls that are designed to identify, protect, detect, respond to, and recover from information security and cybersecurity threats and incidents. Such items are reviewed, approved, and maintained by our CISO on an ongoing basis. In addition, we engage external advisors periodically to review and assess our policies, procedures, and controls. •Our CIRP provides a documented framework for handling cybersecurity incidents. The CIRP addresses cybersecurity incident detection, containment, analysis, eradication, recovery, escalation protocols, and coordination across multiple functions of the organization. •We have processes to manage cybersecurity risks associated with third-party service providers. Such providers are subject to information security assessments at the time of onboarding and at certain other times during their engagement with us. We require our providers to meet appropriate security requirements, controls, and responsibilities and comply with certain cybersecurity and data security standards that we 28Table of Contentshave. We monitor compliance with these standards and investigate security incidents to take appropriate actions as necessary. However, despite the controls that we have in place, we also rely on our third-parties to implement security programs and we cannot ensure in all circumstances that their efforts will be successful.•We maintain an annual cybersecurity training plan including employee training on cybersecurity risks, requirements, and incident reporting. As part of our training plan, we regularly perform phishing tests of our employees. In addition, our security training incorporates awareness of cyber threats (including but not limited to malware, ransomware, and social engineering attacks), password hygiene, incident reporting process, as well as physical security best practices. On an annual basis, our employees must complete cybersecurity awareness training.•We perform simulations and drills to review and test our information security program, including tabletop exercises, penetration and vulnerability testing, and other exercises to evaluate the effectiveness of our information security program and improve our security measures and planning.•We maintain insurance to provide coverage for certain losses from cybersecurity threats and incidents. •We have developed business continuity and disaster recovery capabilities to mitigate interruptions to critical information systems and the loss of data and services from the effects of natural or man-made disasters to Teradata systems. Cybersecurity Incidents. To protect our information systems from cybersecurity incidents and threats, we use various security tools that help prevent, identify, escalate, investigate, resolve, and recover from identified vulnerabilities and security incidents in a timely manner. We maintain controls and procedures that are designed to ensure prompt escalation of certain cybersecurity incidents so that decisions regarding materiality of the incident and any necessary public disclosure and reporting of such incidents can be made in a timely manner. In the last three fiscal years, we have not experienced any material cybersecurity incident and the expenses we have incurred from security incidents were immaterial. As a result, we do not believe that cybersecurity threats, including as a result of any previous cybersecurity incidents, have materially impacted our results of operations and financial condition. As cybersecurity threats become more sophisticated and coordinated, it is reasonably likely that we will be required to expend greater resources to continue to modify and enhance our protective measures as we pursue our business strategies. Cybersecurity Risks. Notwithstanding the extensive approach we take to cybersecurity, we may not be successful in preventing or mitigating a cybersecurity incident that could have a material adverse effect on us. While we maintain cybersecurity insurance, the costs related to cybersecurity incidents may not be fully insured. See "Risk Factors — A cybersecurity incident, disruption, or failure of our information systems or those of our third-party providers could adversely impact our reputation, business, and financial results."GovernanceBoard Oversight of Cybersecurity Risk. Our Board’s role is to engage in informed oversight of enterprise-wide risks as managed through our ERM program, including cybersecurity. While the full Board has overall responsibility for risk oversight, the Board has delegated oversight responsibility related to risks from cybersecurity threats to the Audit Committee. While the full Board has overall 28Table of Contentsresponsibility for risk oversight, the Board has delegated oversight responsibility related to risks from cybersecurity threats to the Audit Committee. The Audit Committee is responsible for reviewing the adequacy and effectiveness of the Company’s information security policies, the internal controls regarding information security and cybersecurity, and risks related to such exposures and actions taken to monitor and/or mitigate such risks. The Audit Committee receives quarterly reports as part of its meeting materials prepared by our CISO regarding the assessment of the status, adequacy, and effectiveness of our processes related to assessing, identifying, and managing cybersecurity risks and related mitigation plans. In addition, at least twice per year, the Audit Committee meeting agenda includes a presentation by the CISO to review and discuss the CISO’s report on cybersecurity risks, mitigation plans and the steps the security team has taken to monitor and control related exposures. The Audit Committee reports to the Board on cybersecurity matters discussed at its meetings and the CISO’s quarterly reports are provided to the Board as part of their meeting materials for their information as well. Executive Oversight of Cybersecurity. Management is responsible for the Company’s planning, identification, assessment, and mitigation of risks from cybersecurity threats. Our CISO, Chief Legal Officer, and Chief Financial Officer comprise our Core Cybersecurity Management Team (the "CCMT"). The CCMT has oversight of 29Table of ContentsTeradata’s CIRP and is informed and consulted on the response and resolution process for cybersecurity incidents. The CCMT has oversight of Teradata’s CIRP and is informed and consulted on the response and resolution process for cybersecurity incidents. The CCMT is responsible for determining communications to inform relevant stakeholders of cybersecurity incidents as applicable, relevant, and/or required, including the Board; Audit Committee; the executive leadership team; investors; customers; employees; law enforcement; and regulators. Depending on the nature and/or severity of the incident, additional stakeholders within the broader enterprise-wide management team may be included in the assessment, response, and resolution of an incident by the CCMT. The broader management team for this purpose may include, but is not limited to, executive and senior leaders in our Product, Customer, People, Information Technology, and Law functions, as well as others that may be considered necessary (collectively referred to as the "ECMT"). The ECMT provides oversight, perspective, and support from their respective areas of expertise to assist in analyzing the cybersecurity incident, materiality of the incident, and remediation considerations.CISO and Cybersecurity Team. Our Information Security function is led by our CISO and is responsible for executing our enterprise-wide cybersecurity strategy, policy, standards, architecture, and processes. •The Information Security function consists of qualified professionals in cybersecurity. This team sets the cybersecurity strategy for Teradata; develops Teradata’s cybersecurity architecture and deploys and manages tools and technologies aligned with such architecture to safeguard our information systems; manages the cybersecurity training required of our employees; monitors our cybersecurity threats and incidents; escalates the occurrence of cybersecurity incidents pursuant to the CIRP; and addresses and incorporates mitigation items. •The CISO appoints a Cybersecurity Incident Response Coordinator ("CIRC") to lead the management of cybersecurity incidents. The primary responsibilities of the CIRC include, but are not limited to: ◦receiving and tracking all reported potential cybersecurity threats;◦escalating incident response;◦determining relevant stakeholders of the Information Technology function and cybersecurity incident response team, which team is selected by CIRC to serve as the lead function for investigating and coordinating cybersecurity incidents; ◦alerting the applicable support functions of the potential cybersecurity threat and any defensive action that would be required; and◦alerting management, as applicable and necessary, of the potential cybersecurity threat.•Members of our Information Security function have broad ranges of qualifications and experience in information technology and security. ◦Our CISO has over 25 years of information security experience during which he has worked on various information technology and security programs, including privacy operations and security risk management. He has experience with many different types of enterprises, including the federal government, private companies, and publicly listed companies. Our CISO was also a founding member of the U.S. Department of Homeland Security and is a veteran who served in the United States Marine Corps. Our CISO has a Bachelor of Science in Information Technology and an MBA. ◦The team within the Information Security function (referred hereinto as the "cybersecurity team") possesses a robust blend of technical knowledge, practical skills, and strategic insight, gained through years of experience in the field of cybersecurity. 29Table of Contents◦The team within the Information Security function (referred hereinto as the "cybersecurity team") possesses a robust blend of technical knowledge, practical skills, and strategic insight, gained through years of experience in the field of cybersecurity. Our cybersecurity team includes professionals certified in a wide array of cybersecurity disciplines. Their qualifications include, but are not limited to, Certified Information Systems Security Professional for general security practices, Certified Ethical Hacker for penetration testing capabilities, Certified Information Systems Auditor for information systems auditing, Certified Information Security Manager for overseeing enterprise security, Certified Risk and Information Systems Control for risk management, and Certified Cloud Security Professional for cloud security expertise. Their qualifications include, but are not limited to, Certified Information Systems Security Professional ("CISSP") for general security practices, Certified Ethical Hacker ("CEH") for penetration testing capabilities, Certified Information Systems Auditor ("CISA") for information systems auditing, Certified Information Security Manager ("CISM") for overseeing enterprise security, Certified Risk and Information Systems Control ("CRISC") for risk management, and Certified Cloud Security Professional ("CCSP") for cloud security expertise. Additionally, they possess various other certifications in specific technologies and cloud security from providers like AWS and Microsoft, along with numerous other industry-relevant security certifications. This diverse expertise underscores their comprehensive understanding of the cybersecurity landscape.◦The cybersecurity team attends training programs to update their skills and knowledge.30Table of Contents.