• 2016 Technology Risk Factor Report

Article: 2016 Technology Risk Factor Report

01 December 2016

The 2016 BDO Technology RiskFactor Report examines the risk factors listed in the most recent annual shareholder reports of the 100 largest publicly traded U.S. technology companies by revenue. The risk factors were analyzed and ranked in order of frequency cited.

Technology in 2016: Slowing Down to Speed Up

Whether you choose to view the glass as half-empty or half-full, 2016 is a turning point for the industry. After an explosive six-year run-up, the technology industry has hit a speed bump as bellwether stocks falter on disappointing earnings reports and jittery investors. Recent tech IPOs have disappointed: 80 percent of tech companies that debuted in 2014 or 2015 are trading below their first-day closing price. But while the robust pace of growth of the last few years may be gone, industry growth has not ground to a halt. The tech sector overall has rallied after a rocky start to the year, recovering most of those early losses. U.S. venture funds raised a record $13 billion in Q1 2016, according to data from Dow Jones VentureWire—though both private and public investors are exhibiting more price consciousness. And although global M&A is down, the tech sector was a standout, totaling $100.3 billion in deal value, the second highest first quarter on record.

Whether you choose to view the glass as half-empty or half-full, 2016 is a turning point for the industry. According to our ninth annual Technology RiskFactor Report, three-quarters (76 percent) of the 100 largest U.S. public technology companies cite uncertain financial performance as a chief risk in their annual filings—up seven percentage points from last year. Growth is no longer a foregone conclusion, and today’s tech investor is far savvier and more selective. Tighter purse strings mean more competition to win limited investor dollars—and more pressure to seize the right opportunities and avoid making mistakes.


Cybersecurity Steals the Top Spot

Cybercrime is the dark underbelly of technology innovation; every instance of progress breeds new opportunity for exploitation. The tech industry creates more advanced cyber solutions, and hackers respond with more sophisticated attacks. Achieving perfect cybersecurity is mission impossible; preparing for the inevitable is best practice.

The tech industry accounts for just 2.6 percent of total reported data breach incidents since 2010, according to TrendMicro data, although it’s important to note that this excludes incidents where public disclosure isn’t required. Personally Identifiable Information (PII) is the most popular record type stolen, so it stands to reason that B2B technology companies would be less frequently targeted than consumer-facing industries like banking and healthcare. The per capita cost of a data breach in the tech industry is also on the lower end, averaging $127 compared to the overall mean of $154, data from the Ponemon Institute shows. However, BDO’s 2016 Technology CFO Outlook Study found that more than half (57 percent) of respondents increased spending on cybersecurity in 2015, corroborating the industry’s growing concerns about data privacy and security.

The true financial impact of a data breach goes far beyond the direct expenses of remediating the incident. Eighty-one percent of technology companies cite the ability to maintain operational infrastructure, including information technology, as a risk. A failure in security or a technical glitch that throws operations offline can erode trust and have lingering reputational impact, particularly in an industry like tech where data integrity and security are part of the organization’s value proposition.

Data breaches don’t necessarily hurt stock prices—historically, shares drop in the immediate aftermath of a security breach and then quickly bounce back—but the long-term reputational and legal consequences can have a heavy financial toll, particularly as regulators step up scrutiny of cyber preparedness. Fifty-one percent of companies specifically cite cyber regulations as a risk factor, reflecting not only the growing cyber threat but potential sanctions for inadequate defense measures.

 The risk for the tech industry is twofold:

  1. technology companies often outsource a number of key business and operational functions that, lacking the proper oversight and controls, may be vulnerable endpoints in the network; and
  2. many tech companies are also service providers to other user entities and, depending on contract terms, may be held liable or become embroiled in a lengthy and expensive data breach lawsuit.

Spotlight on BEPS

In an effort to address perceived emerging global tax issues in a coordinated and comprehensive manner, the G20 finance ministers called on the OECD to develop an action plan to equip countries with instruments that will better align tax with economic activity.

Some of these issues are often identified with multinational technology and life sciences companies. The “Base Erosion and Profit Shifting” (BEPS) initiative consists of 15 points, or “Action Items,” ultimately designed to provide guidelines for constituents to follow in addressing perceived inadequacies of traditional tax frameworks. While companies may be impacted by all elements of the BEPS recommendations, some of the Action Items that are of particular relevance to technology and life sciences companies include the following:

Addressing the Tax Challenges of the Digital Economy

Action Item 1 specifically addresses the digital economy which, to a large extent, is the genesis of the BEPS Project. In particular, the rise of “stateless income,” which prompted many countries to join in the OECD-led effort, is perceived to be directly related to the taxation of the digital economy. Final guidance on this Item includes revised definitions of nexus/permanent establishment, new transfer pricing rules that clarify that legal ownership alone does not necessarily generate rights to the returns generated by the exploitation of intangibles, and the strengthening of controlled foreign company (CFC) rules in order to prevent companies from avoiding home country tax on digital economy-related profits arising in CFCs.

Countering Harmful Tax Practices More Effectively, Taking into Account Transparency and Substance

Action Item 5 focuses on the need for a stronger definition of “substantial activity” in order for companies to benefit from a preferential tax regime. The substantial activity requirement as defined within the final report is in the context of Intellectual Property (IP) regimes, and is later applied to other non-IP regimes. To address the situation of artificially moving IP away from where value is created, the “nexus approach” was developed. This approach uses expenditures to determine where substantial activity takes place, and stipulates that a taxpayer can benefit from a favorable tax regime only if it incurs the qualifying research and development expenditures that generate IP income covered by the regime. This is anticipated to dissuade the use of preferential tax regimes selected as conduits for intangible property transactions based solely on their low or nil tax rates.

Aligning Transfer Pricing Outcomes with Value Creation

Released in a single report, Action Items 8 through 10 address transactions involving intangibles, risk and capital transfers between group entities, and other high-risk transactions. The proposed measures recommend the adoption of a broad and clearly delineated definition of intangibles, which will ensure that profits associated with the transfer and use of intangible property are appropriately allocated in accordance with value creation. They also outline transfer pricing rules or special measures to ensure that an entity does not accrue inappropriate returns solely based on contractually assumed risk or the provision of capital, which are critical principles underlying traditional tax planning structures. Finally, these items also address transactions that would not, or would rarely, occur between third parties, and attempt to clarify the re-characterization of transactions and the application of transfer pricing methods with respect to global value chains, as well as provide protection against common types of base‑eroding payments.

The ripple effect of the BEPS initiative is sure to have an impact on the tax planning activities of technology and life sciences companies in the coming years, as they wait to see what will manifest in the way of the establishment of new tax regimes across the globe.


Global Spotlight

Competition remains a top risk, but will collaboration be on the tip of the global tech industry’s tongue in 2016?

According to Fortune, “we are in the midst of a great convening of global tech powers, who are uniting to tackle this mobile-first, cloud-based, data-driven shift in the way large corporations operate.”

Indeed, innovation is driving more than rapid consolidation and “acqu-hiring;” it’s also driving global tech giants to work together. Apple and SAP, and Fiserv and Cisco are just a couple of examples of powerhouses joining forces to meet evolving international, customer and business needs.

Risks are also evolving for global tech companies. Among the 100 largest U.S. technology companies in our study, 68 operate in more than 15 countries, and for the first time, we analyzed their unique risks to uncover the growing challenges impacting tech companies with a large, multinational presence.

International Risks Peak

While the top risks (regulations and cybersecurity) are the same across all companies analyzed, threats to international operations and sales jumped to the third most-cited risk for global companies, compared to the fifth most-cited overall. When discussing international risks, global companies point to issues dealing with regulatory compliance across numerous markets, tariffs, currency exchange and their ability to protect their IP and operations. Nearly three-fourths of global companies also cite labor concerns, including challenges to managing a geographically dispersed workforce.

Emerging Markets in Focus

International tech companies also appear to be expanding faster than their peers, though their level of confidence depends on the market. While global companies cite risks related to expanding abroad at a similar level to the full sample, emerging markets present a bigger challenge. Sixty percent of global companies point to challenges entering a developing or emerging market this year, compared to 50 percent of companies overall. Still, there is ample opportunity for companies that have the technology, infrastructure and talent to meet the needs of emerging markets:

  • India: More than three-quarters of the global companies analyzed have operations in India, and for good reason. Gartner expects India to be the fastest growing IT market in 2016. Their technology and services market is poised to grow to $350 billion by 2025, according to a Nasscom-McKinsey report.
  • China: More than 75 percent of these global tech companies boast a presence in China. Spending on technology products and services in China is expected to reach $155.8 billion in 2016, according to Gartner. While some large tech companies have disagreed with Chinese policy, Zacks reports that Intel will invest $5.5 billion in its Dailan facility, and its capital arm is investing $67 million in Chinese tech startups.
  • Latin America: International tech companies remain interested in the promise of growth in Latin America. Roughly 70 percent of the global companies have operations in Brazil, while 65 percent have a presence in Mexico, just under half in Argentina, 40 percent in Colombia and 35 percent in Chile. Economic troubles have challenged both Brazil and Argentina, but The Wall Street Journal reported improved investor interest following government changes in both countries.

Global tech companies also remain committed to more mature markets. Seventy-two percent have operations in Canada. In Europe, top markets include the U.K. (76 percent), France (75 percent), Germany (75 percent), Italy (72 percent), Netherlands (68 percent), Spain (68 percent), Belgium (60 percent), Poland (57 percent) and Ireland (46 percent).