Risk Factors

The occurrence of any of the following risks could affect the Trend Micro group's business, financial condition, and operating results. If this should happen, the trading price of shares of Trend Micro Incorporated, Trend Micro group's parent company, could decline and its investors/shareholders could lose all or part of their investment. Other risks and uncertainties unknown to us, the Trend Micro group, or that we, the Trend Micro group, think are immaterial may also impair our business.

Compare to any other general software venders with a wide range products, we are mainly focusing our business in the field of cyber security business based on antivirus software. Although we have begun to offer more comprehensive network and internet security and management software and services, we expect antivirus and other security products and services to continue to account for the largest portion of our net sales in the foreseeable future. While such a situation is expected to continue for the time being, the cyber security industry to which our group belongs is intensifying market competition, and it is strategic to cooperate with other companies to provide new security products and services. We are preparing for a rapidly changing business environment by taking an active stance on alliances and considering acquisitions of other companies in order to expand our business domain.

The reliance on a single business area of our group can result in many risk and uncertainties, including:

  • A material loss of both sales and market share in not only Japan where current leading market position to our entire group sales, but also any other regions as a result of invest substantial cash and other resources in product development, marketing promotions and support and maintenance activities, could have a material adverse effect on our business, financial condition and results of operations.
  • May not earn revenue successfully as we expected from alliances despite our efforts
  • May be terminated or dissolved due to various causes before generating revenue.
  • Our inability to retain customers, suppliers and other important business relationships of an acquired business
  • Difficulties in effective merging an acquired company into Trend Micro, including the acquired company’s operations, personnel, products and information systems
  • Diversion of our management’s attention from other business concerns
  • Possibilities of adverse effects on our results of operations arising from acquisition-related charges due to impairment of goodwill and purchased technology and recognition of impairment charge
  • Possibilities of dilution in our current shareholders’ ownership interests in a case of using our stock for such an acquisition

The cyber security industry, which our group belongs to, is characterized by:

  • Rapid technological change
  • Proliferation of new and changing computer viruses, malware programs, and threats over the internet
  • Frequent product and services introductions and updates
  • Changeable customer needs
  • Changing market competition rapidly

These characteristics of our market create significant risks and uncertainties for our business success. For example, our competitors might introduce computer security products and services that are technologically superior to our wide range of products and services. Moreover, customers might still choose these vendors’ antivirus products even if they offered fewer functions and less effective in detecting and cleaning virus-infected files than our wide range of products and services due to lower cost or for any other reasons. As a result, such a customer behavior may decline our competitiveness, various products and services of our group may not be accepted by the market, and the business environment may change due to the emergence of new computing and security technologies.

If our group is unable to respond promptly and appropriately to such changes, it may have a significant impact on our business, financial position and operating results.

We rely on specified third parties, which design and manufacture of various products in accordance with the international standard that specifies requirements for a quality management system including ISO, etc., to manufacture our hardware-based products. Reliance on those third-party manufacturers involves a number of risks, including a lack of control over the manufacturing process, the potential absence or unavailability of adequate capacity and the unexpected loss of any of our manufacturers could disrupt our business.

Against such supply chain risks, we are taking measures to ensure sustainable supply with sufficient buffers of product inventories based on careful analysis of past sales performance and future sales forecasts. However, even if we set those measures, those above factors might be caused by opportunity losses including customer orders cancellation and significant shortage of components, etc. In that case, our financial condition and results of operation are adversely affected.

Our group’s reputation may be more susceptible to problems than other software companies in cyber security risks including unauthorized access, cyber attacks, hackers / crackers trying to break into or attack our networks, steal secrets, and deface our site. Also, there are considered some cases of loss or theft of technical or private information for taking out and unfair use by our group insiders despite taking legislative actions, etc., our group’s security products and services may also fail to properly identify, prevent unwanted, and falsely identify. In addition, as the system risks, should we fail to properly test these products, solutions, or protection files and distribution a defective file, vulnerabilities, etc., these could cause damage to customers. In those risk cases, it would adversely impact our reputation and lose the credibility of our business.

Our group has established the Global Chief Information Security Officer (CISO), which oversees information security governance, and has established and operates the CSIRT (Computer Security Incident Response Team) as an organization that responds to security incidents. In addition, in the event that the risk level is related to the entire world, we have established a system to respond to the crisis company-wide in cooperation with the global crisis management system. Especially, the head office in Japan has a comprehensive crisis management system called SWAT to establish a system to visualize risks, regularly review them with management, and take appropriate measures promptly.

Also, our group has acquired the international standards "ISO27001" and JISQ15001 (privacy mark) for information security management systems, concludes contracts with subcontractors and employees with the purpose of preservation of confidentiality, establishes information management regulations, employees and consignments. In addition to striving to strengthen and thoroughly manage and prevent leaks, such as educating and thoroughly disseminating information, strengthening infrastructure security, and taking measures to prevent intrusion from the outside into the in-house information system, in addition to providing products and services in advance We are conducting appropriate tests. Moreover, we also provide products and services that have been certified and certified by various external organizations such as FIPS 140-2, PCI DSS 3.2, and FedRAMP.

However, even if these measures are taken, the above risks may not be prevented. If these incidents occur, we could significantly discredit us, which could result in a significant loss of customers and other important business relationships until recovery of confidence. Not only our disrepute, there may be possible that our group’s business may reduce the adoption of our products and services. We could also incur costs to fix technical problems or fix problems created by hackers gaining access to our proprietary information. In addition, if a proceeding is filed against our group and a huge claim for damages is granted, it will have a significant impact on our business, as well as on our financial position and operating results.

We market substantially all of our products and services to end users through intermediaries, including distributors, resellers and value-added resellers. Our distributors sell other products that are complementary to, or compete with, our products and services. While we encourage our distributors to focus on our wide range of products and services, these distributors may give greater priority to products of other suppliers, including competitors'. They may also return the products to us under certain circumstances.

Additionally, we regularly review the collectability and creditworthiness of those our distributors and intermediaries to determine an appropriate allowance for doubtful receivables. If some of our distributors are experiencing financial difficulties worldwide, which may adversely impact our collection of accounts receivable. In such a case, our uncollectible accounts could exceed our current or future allowance for doubtful receivables, which would be adversely significant impact our operating results.

Our business field has been expanding. This expansion has placed, and any future business expansion or growth will continue to place, a significant strain on our limited personnel, management and other resources. We have been strengthening and improving the following points in order to sustain growth in the future we will.

  • attract, train, retain, motivate and manage new employees successfully;
  • Effectively integrate new employees into our operations; and
  • continue to improve our operational, financial, management and information systems and controls.

If we continue to expand or grow, our group’s management systems in place may be inadequate or we may not be able to effectively manage our growth. In particular, we may be unable to:

  • In a timely manner, provide effective customer service and develop and deliver products;
  • implement effective financial reporting and control systems; and
  • exploit new market opportunities and effectively respond to competitive pressures.

The cyber security industry which our group belongs to, has grown increasingly competitive. In this competitive environment, recruiting top-class human resources has been the most important challenges to support innovative technology for all the companies. At the same time, we are required to take defense against possibility of human resources flow including major technical specialist personnel.

Our ability to manage any future expansion or growth in our business, we are strengthening and improving the acquisition and securing of new human resources, attract, train, retain, motivate and manage new employees successfully and effectively integrate new employees into our operations. Additionally, our group has made contracts with all employees for the purpose of preservation of confidentiality and obligation not to compete.

Despite taking such legislative actions, we could suffer substantial disruptions in our business to our reputation due to outflow of technical and strategic vital information, and other companies developing similar technology with ours. In addition, our group’s business, operations and financial condition could suffer as a result of the above. Today, the majority of Trend Micro staff as of 53.7% is based in Asia including the emerging countries. Due to this region's rising inflation and costs of living, salaries will also have to increase. Any increase in costs caused by the above could cause our group’s business, results of operations and financial condition could suffer. Also, the talent war with competitors could adversely affect to our group's labor cost. Moreover, unexpected high turnover and recruitment which does not work out as planned, may hurt our group's business performance.

If any of cost increase caused by those above, our group’s business, results of operations and financial condition could suffer.

Due to all the factors listed in this risk factors information, we believe that our quarterly financial results may fluctuate in ways that do not reflect the long-term trend of our future financial performance. It is likely that in some future quarterly periods, our operating results may be below the expectations of public market analysts and investors which could cause our quarterly financial results to fluctuate. In this event, the share price of Trend Micro Incorporated, Trend Micro group’s parent company, could fall.

Our reporting currency is the Japanese yen and the functional currency of each of our subsidiaries is the currency of the country in which the subsidiary is domiciled. However, a significant portion of our revenues and operating expenses is denominated in currencies other than the Japanese yen, primarily the US dollar, Euro, and Asian currencies. If we are successful in increasing our sales in markets outside of Japan, the impact of exchange rate fluctuations between these currencies and the Japanese yen may be greater and these negative effects from currency fluctuations could become more significant.

Also, we have a portion of marketable securities for fund management. Those values will be affected by the ups and downs of exchange rate denominated in foreign currencies and significant currency fluctuations could hurt our corporate earnings significantly.

We have marketable securities and security investments for efficient fund management. Those values of the capital holdings will be affected by fluctuations in the financial market and exchange rates. In the future, if financial market fluctuates widely, this could have a material adverse effect on our financial condition and results of operations proportionate devaluation loss on investment in securities.

We rely, and will continue to rely, on a number of key managements, including our Chief Executive Officer, Eva Yi-Fen Chen. If any of our key managements leave, our business, results of operations and financial condition could suffer. If key managements who are in our group violates the constitution or other laws or regulations, our group’s business could suffer substantial disruptions in our business and to our reputation which could result in a loss of customers and other important business relationships until recovery of confidence.

In such cases, there is the possibility to have a material adverse effect on our operating results.

All our business would be under various laws and regulations in each country and each region. If we would fail to comply with those laws and regulations, it would provide more severe administrative guidance and penal regulations.

Also, in the case of the laws and regulations legal amendments, there are the possibilities to be tightening regulations and restrictions on our products and services and carry a cost in terms of relevant issues. In such a case, our business may have a material adverse effect on our operating results.

Our wide range of products and services may be considered to be capital purchases by certain enterprise customers. Capital purchases are often uncertain and, therefore, are canceled or delayed if the customer experiences a downturn in its business prospects or as a result of unfavorable economic conditions. Any cancellation or delay could adversely affect our results of operations.

For all our group’s customer users including above enterprise customer users, our products and services are designed to protect customers’ network systems and personal computers from damage caused by computer viruses, web threats and data stealing malware. As a result, if a customer suffers damage from any of these threats or if the actual functions of our group's products and services differ from the stated, the customers may return those products and also demanded refunds for services and the customer could sue us on product liability or related grounds, claim damages for data loss or make other claims.

Additionally, as threats are constantly evolving, purchasers of our software products must regularly update the software they have purchased from us with signature protection files that we make available for download from our website. Should we fail to properly test these protection files and distribute a defective file including vulnerabilities, these files could cause damage to the personal computers, network environment, and various devices of our customers who have downloaded a defective file. In addition, our hardware products as a defective appliance, etc. could cause damage to human lives, health, and the personal property of our customers who have used a defective appliance, etc. As a result, if a customer suffers damage from our products, the customer could sue us on product liability or related grounds, claim damages for data loss or make other claims. Otherwise, we could order a recall of products at the discretion of company.

Our license agreements typically contain provisions, such as disclaimers of warranty and limitations of liability, which seek to limit our exposure to certain types of product liability claims. Also, we have insurance for product liability compensation. However, in some jurisdictions or products recall cases these provisions may not be enforceable on statutory, public policy or other grounds. In the case of losing such a lawsuit, there is a possibility that the case filed by our service and product users for damages and recovery of pain and suffering damages could have a material adverse effect on our business.

Our success depends on the development of proprietary software technology. We rely on a combination of contractual rights and patent, copyright, trademark and trade secret laws. If we are unable to establish and protect these rights, our competitors may be able to use our intellectual property to compete against us. This could limit our growth and hurt our business. It is possible that no additional patents will be issued to us or any of our subsidiaries. In addition, our issued patents may not prevent other companies from competing with us. On the other hand, there is the possibility of the suspension of our products and services sales, compensation, and royalty payment of licensee because of our patent infringement upon another company.

Our group has been taking all possible measures to prevent the leakage of important information such as technologies and strategies and the development of similar technologies. Specifically, we have license agreements with users that includes provisions regarding intellectual property rights, enter into confidentiality and non-competition agreements with all employees, and deploy enable network access control to our group highly confidential information, etc.

However, even if these measures are taken, it may not be possible to prevent unauthorized use or development similar technology in our group's technology.

In addition, if our group infringes the intellectual property rights of a third party, it may result in suspension of sales of products or services, payment of damages or royalties associated with the conclusion of a license agreement. Moreover, there is also a possibility that a case brought against a service invention and suit filed by employee. In the case of losing such a lawsuit, payment to compensate the employee may be incurred.

Our group have been taking risk dispersion with our own management system to ensure stable business continuity. Our business model has not depended on specific regions, customers, supply chains, either products or services. Furthermore, regarding the service provision platform, we are taking recovery measures (business continuity management) under business continuity management, and we are conducting regular training after introducing mechanisms and processes to maintain measurableness. However, if power shortages, earthquakes and other natural disasters, hazards attribute to climate change such as torrential rains, floods, and forest fires caused by global warming, geopolitical risk, and virus infection disease, etc. continue to be a problem, our business may be materially adversely affected. Those events are difficult to predict, thus it is impossible to estimate those damage on our facilities, infrastructure and overall operations. In addition, even if we take full preparation for those, it may not be possible to limit the damage. Therefore, we face the possibility that we should stop all our business operations and significant impact on our group business.

There is no guarantee that nature disasters would not seriously disturb our entire business operations. In addition, many of the key countries and regions in which we operate have sustained negative economic impact from events such as the continued fear of future virus infection disease / acute respiratory syndrome, etc., terrorist attacks and other geopolitical risks prolonged continuation of these adverse factors may hurt our results of operations and financial condition.

Shares of the common stock of Trend Micro Incorporated, Trend Micro group’s parent company, are traded on Prime Market of the Tokyo Stock Exchange. Recently, the Japanese securities markets have experienced significant price and volume fluctuations. The market price of our shares is likely to fluctuate in the future.

In addition, this market set a price range limit, so even if an investor intends to sell shares, it may not be possible to sell at a stock price that exceeds the price range.