Information Services Group Inc. (III) Risk Factors

Item 1A.  Risk Factors

We operate in a highly competitive and rapidly changing environment that involves numerous risks and uncertainties, some of which are beyond our control. In addition, we and our clients are affected by global economic conditions and trends. The following sections address significant factors, events and uncertainties that make an investment in our securities risky. We urge you to consider carefully the factors described below and the risks that they present for our operations, as well as the risks addressed in other reports and materials that we file with the SEC and the other information included or incorporated by reference in this Annual Report on Form 10-K. When the factors, events and contingencies described below or elsewhere in this Annual Report on Form 10-K materialize, there could be a material adverse impact on our business, prospects, results of operations, financial condition and cash flows, any of which could have a potential negative effect on the trading price of our common stock. Additional risks not currently known to us or that we now deem immaterial may also harm us and negatively affect your investment. Additional or unforeseen effects from the global economic and geopolitical climate may give rise to or amplify many of these risks discussed below. Risks in this section are grouped in the following categories: (1) risks related to outstanding debt; (2) risks related to acquisitions and dispositions; (3) strategy and operation risks; (4) risks related to management and employees; (5) macroeconomic risks; (6) risks related to data, cybersecurity and confidential information; and (7) general risk factors. Many risks affect more than one category, and the risks are not in order of significance or probability of occurrence because they have been grouped by categories.

Risks Related to Outstanding Debt

We have a substantial amount of debt outstanding, which may limit our ability to fund general corporate requirements and obtain additional financing, limit our flexibility in responding to business opportunities and competitive developments and increase our vulnerability to adverse economic and industry conditions and changes in our debt rating.

On February 22, 2023, the Company amended and restated its senior secured credit facility to increase the revolving commitments per the revolving facility from $54.0 million to $140.0 million and eliminate its term loan (as further amended on June 27, 2024, the “2023 Credit Agreement”). As a result of the substantial variable costs associated with the debt obligations, we expect that:

These debt obligations may also impair our ability to obtain additional financing, if needed, and our flexibility in the conduct of our business. Our indebtedness under the 2023 Credit Agreement is secured by substantially all of our assets, leaving us with limited collateral for additional financing. Moreover, the terms of our indebtedness under the 2023 Credit Agreement restrict our ability to take certain actions, including the incurrence of additional indebtedness, mergers and acquisitions, investments and asset sales. Our ability to pay the fixed costs associated with our debt obligations will depend on our operating performance and cash flow, which in turn depend on general economic conditions and the advisory services market. A failure to pay interest or indebtedness when due could result in a variety of adverse consequences, including the acceleration of our indebtedness.  In such a situation, it is unlikely that we would be able to fulfill our obligations, repay the accelerated indebtedness or otherwise cover our fixed costs. As of December 31, 2025, the total principal outstanding under the 2023 Credit Agreement was $59.2 million.

Our failure to comply with the covenants in our credit agreement could materially and adversely affect our financial condition and liquidity.

The 2023 Credit Agreement contains financial covenants requiring that we maintain, among other things, certain leverage and interest coverage ratios. Poor financial performance could cause us to be in default of these covenants. While we were in compliance with these covenants as of December 31, 2025, there can be no assurance that we will remain in compliance in the future. If we fail to comply with the covenants in our credit agreement, we may have to seek an amendment or waiver from our lenders to avoid the termination of their commitments and/or the acceleration of the maturity of outstanding amounts under the credit facility. The cost of our obtaining an

11

Table of Contents

amendment or waiver could be significant, and further, there can be no assurance that we would be able to obtain an amendment or waiver. If our lenders were unwilling to enter into an amendment or provide a waiver, all amounts outstanding under our credit facility would become immediately due and payable.

Our variable rate indebtedness subjects us to interest rate risk, which could cause our annual debt service obligations to increase significantly.

Borrowing under 2023 Credit Agreement bears interest at a rate per annum equal to either (i) the “Base Rate” (which is the highest of (a) the rate publicly announced from time to time by the administrative agent as its “prime rate,” (b) the Federal Funds Rate plus 0.5% per annum and (c) Term SOFR, plus 1.0%), plus the applicable margin or (ii) Term SOFR (which is the Term SOFR screen rate for the relevant interest period plus a credit spread adjustment of 0.10%) as determined by the administrative agent, plus the applicable margin. The applicable margin is adjusted quarterly based upon the Company’s consolidated leverage ratio. If interest rates increase, our debt service obligations on our variable rate indebtedness would increase even though the amount borrowed remained the same, and our cash flows could be adversely affected. An increase in debt service obligations under our variable rate indebtedness could affect our ability to make payments required under the terms of our credit facility.

Risks Related to Acquisitions and Dispositions

We have risks associated with acquisitions or investments.

Since our inception, we have expanded through acquisitions, including our most recent acquisition of Martino & Partners s.r.l. (“Martino & Partners”), a strategic advisory firm serving public and private sector clients in Italy, on September 1, 2025. In the future, we plan to pursue additional acquisitions and investments as opportunities arise. We may not be able to successfully integrate businesses that we acquire in the future without substantial expense, delays or other operational or financial problems. In addition, we may not be able to identify, acquire or profitably manage additional businesses. If we pursue acquisition or investment opportunities, these potential risks could disrupt our ongoing business, result in the loss of key customers or personnel, increase expenses and otherwise have a material adverse effect on our business, results of operations and financial condition.

Difficulties in integrating businesses we have acquired, or may acquire in the future, may demand time and attention from our senior management.

Integrating businesses we have acquired, or may acquire in the future, may involve unanticipated delays, costs and/or other operational and financial difficulties. In integrating acquired businesses, we may not achieve expected economies of scale or profitability or realize sufficient revenue to justify our investment. If we encounter unexpected problems as we try to integrate an acquired firm into our business, our management may be required to expend time and attention to address the problems, which would divert their time and attention from other aspects of our business.

We have risks associated with dispositions.

We have conducted dispositions in the past, most recently disposing of our automation business in 2024, and may again in the future. Disposition involve risks and uncertainties, such as our  ability to sell such businesses for a satisfactory price and terms and in a timely manner, or at all, potential disruptions to other parts of our organization and distraction of management, the reallocation of internal resources that would otherwise be devoted to completing strategic acquisitions, potential losses of key employees or customers, exposure to unanticipated liabilities, any ongoing obligations to support the business following any such disposition, and other adverse financial impacts. The realization of any of these risks could adversely affect our business.

Strategy and Operation Risks

Our operating results have in the past been, and may in the future be, adversely affected by worldwide economic conditions and credit tightening.

Our results of operations are affected by the level of business activity of our clients, which in turn is affected by the level of economic activity in the industries and markets that they serve. A decline in the level of business activity of our clients, such as the impact of a pandemic, inflation, slowing growth, rising interest rates and recession, could have a material adverse effect on our revenue and profit margin. Future economic conditions could cause some clients to reduce or defer their expenditures for consulting services. We have implemented and will continue to implement cost-savings initiatives to manage our expenses as a percentage of revenue. However, current and future cost-management initiatives may not be sufficient to maintain our margins if the economic environment should weaken for a prolonged period.

12

Table of Contents

The rate of growth in the broadly defined business information services and advisory sector and/or the use of technology in business may fall significantly below the levels that we currently anticipate.

Our business is dependent upon continued growth in sourcing activity, the use of technology in business by our clients and prospective clients and the continued trend towards sourcing of complex information technology and business process tasks by large and small organizations. If sourcing diminishes as a management and operational tool, the growth in the use of technology slows down or the cost of sourcing alternatives rises, our business could suffer. Companies that have already invested substantial resources in developing in-house information technology and business process functions may be particularly reluctant or slow to move to a sourcing solution that may make some of their existing personnel and infrastructure obsolete.

We may not be successful in our artificial intelligence initiatives, which could adversely affect our business, reputation or financial results.

Artificial intelligence presents new risks and challenges that may affect our business. We have made, and expect to continue to make, investments to integrate AI and machine learning technology into our services. Given the nature of AI technology, we face significant competition from other companies and an evolving regulatory landscape. Our AI efforts may not be successful, and our competitors may incorporate AI into their products more successfully than us, which could impair our ability to compete effectively and adversely affect our financial results. The rapid evolution of AI combined with the uncertain and often inconsistent regulatory landscape may require significant additional resources and costs and could in some cases limit our ability to implement AI capabilities in our solutions or potentially result in the implementation failing to produce the desired outcome. Despite our implementation of programs designed to support responsible AI use and development, we may not successfully address all issues that may arise. For example, privacy concerns, user consent, supply chain security, transparency and the accuracy, completeness and suitability of data sets are all potential issues that could adversely affect our business, reputation or financial results.

The development, deployment, and use of artificial intelligence technologies, including generative AI, involve significant legal, regulatory, operational, ethical and commercial risks, any of which could materially and adversely affect our business, financial condition, results of operations and reputation.

We are increasing our use of AI across our service delivery, advisory offerings and internal operations. AI technologies are at an early stage of development and present uncertainties regarding reliability, accuracy, explainability, data governance and long-term economic viability. Although we are dedicating resources to AI-related investments, training and partnerships, we may be unable to develop, procure, implement, or maintain AI tools and capabilities in a manner that meets client requirements, complies with applicable laws or produces anticipated operational or financial benefits.

AI systems may generate outputs that are inaccurate, biased, incomplete, unpredictable or otherwise unintended. Such outcomes could result in operational failures, adverse client impacts, misinformed decision-making, or reputational harm. Any failure by us—or by third parties whose tools or data we use—to appropriately design, test, validate, monitor or govern AI systems could expose us to contractual claims, indemnification demands, regulatory enforcement, litigation, financial penalties or other liabilities.

The regulatory framework governing AI is rapidly evolving and varies significantly across jurisdictions in which we operate. New or amended laws, regulations, standards or guidance may impose additional obligations on the development, use, auditing or documentation of AI systems, restrict certain uses of AI, require enhanced disclosures, or create new liabilities. Compliance with such frameworks may require substantial investment in governance, controls, reporting processes and oversight mechanisms. Failure to comply—whether actual or perceived—may result in investigations, fines, operational restrictions, adverse publicity or loss of client trust.

Our competitive position may be adversely affected by rapid technological change and heightened competition related to AI. Competitors, including global consultancies, technology vendors, hyperscalers and emerging AI-native firms, may introduce capabilities that exceed or supplant our own. Clients may accelerate internal development of AI capabilities that reduce demand for our services. AI and automation may also diminish the need for certain services currently provided by our personnel, and we may not be able to adjust our delivery model, pricing, staffing, training or organizational structure in a timely or cost-effective manner.

In addition, our AI capabilities depend on access to third-party infrastructure, data sets, cloud environments, software, models and specialized hardware. Supply constraints, increased pricing, licensing limitations, service interruptions, security vulnerabilities and/or incidents, or changes in contractual terms could materially impair our ability to develop, deliver or support AI-related services. Uncertainties regarding ownership, licensing or permissible use of training data, model outputs or other intellectual property may expose us to disputes, forced modifications, operational delays or damages.

13

Table of Contents

Any of the foregoing factors—individually or collectively—could materially and adversely affect our business, financial condition, results of operations and reputation.

Our engagements may be terminated, delayed or reduced in scope by clients at any time.

Our clients may decide at any time to abandon, postpone and/or reduce our involvement in an engagement. Our engagements can be terminated, or the scope of our responsibilities may be diminished, with limited advance notice. If an engagement is terminated, delayed or reduced unexpectedly, the professionals working on the engagement could be underutilized until we assign them to other projects. Accordingly, the termination or significant reduction in the scope of a single large engagement, or multiple smaller engagements, could harm our business results.

Our operating results may fluctuate significantly from period to period as a result of factors outside of our control.

Our revenues and operating results may vary significantly from accounting period to accounting period due to factors including:

● fluctuations in revenues earned on contracts;

● commencement, completion or termination of engagements during any particular period;

● additions and departures of key advisors;

● transitioning of advisors from completed projects to new engagements;

● seasonal trends;

● introduction of new services by us or our competitors;

● changes in fees, pricing policies or compensation arrangements by us or our competitors;

● strategic decisions by us, our clients or our competitors, such as acquisitions, divestitures, spin-offs, joint ventures, strategic investments or changes in business strategy;

● global economic and political conditions and related risks, including acts of terrorism, war, pandemics, inflation, slowing growth, rising interest rates and recession; and

● conditions in the travel industry that could prevent our advisors from traveling to client sites.

We depend on project-based advisory engagements, and our failure to secure new engagements could lead to a decrease in our revenues.

Advisory engagements typically are project-based. Our ability to attract advisory engagements is subject to numerous factors, including the following:

● delivering consistent, high-quality advisory services to our clients;

● tailoring our advisory services to the changing needs of our clients;

● matching the skills and competencies of our advisory staff to the skills required for the fulfillment of existing or potential advisory engagements; and

● maintaining a global business operation.

Any material declines in our ability to secure new advisory arrangements could have an adverse impact on our revenues and financial condition.

Clients’ failure or inability to pay for our services, whether on a timely basis or at all, could materially, adversely affect our results of operations and financial condition.

As further described in Note 2 to the Consolidated Financial Statements, “Summary of Significant Account Policies – Accounts Receivable, Contract Assets and Allowance for Doubtful Accounts,” the Company has been engaged in litigation with certain clients who have either failed to make payments as per the contracted payment schedule or have disputed account receivable balances for services rendered. While we maintain an allowance for doubtful accounts for estimated losses resulting from the inability of clients to pay fees or for disputes that affect our ability to fully collect billed accounts receivable, our actual experience may vary from these estimates, and there is no guarantee that such allowance will ultimately be sufficient. We may be required to record additional allowances or write offs in future periods, which, in turn, could adversely impact our financial condition and results of operation.

14

Table of Contents

Moreover, while the Company continues to aggressively pursue legal action and/or collection against clients who dispute charges or fail to make payments, there is no guarantee that the Company’s legal actions will be successful, that actual collections from clients will reflect the Company’s estimate of amounts owed, and/or that the Company will be able to recoup legal fees expended on such actions.

If we are unable to achieve or maintain adequate utilization for our consultants, our operating results could be adversely impacted.

Our profitability depends to a large extent on the utilization of our consultants. Utilization of our consultants is affected by a number of factors, including:

● additional hiring of consultants because there is generally a transition period for new consultants;

● the number and size of client engagements;

● the unpredictability of the completion and termination of engagements;

● our ability to transition our consultants efficiently from completed engagements to new engagements;

● unanticipated changes in the scope of client engagements or unexpected terminations of client engagements; and

● our ability to maintain an appropriate level of consultants by forecasting the demand for our services.

We could lose money on our fixed-fee or capped-fee contracts.

As part of our strategy, from time to time, we enter into fixed-fee contracts, in addition to contracts based on payment for time and materials with capped fees. Because of the complexity of many of our client engagements, accurately estimating the cost, scope and duration of a particular engagement can be difficult. If we fail to make accurate estimates, we could be forced to devote additional resources to these engagements for which we will not receive additional compensation. While losses on our fixed-fee contracts are rare, to the extent that an expenditure of additional resources is required on an engagement, this could reduce the profitability of, or result in a loss on, the engagement.

Our contracts with contingent-based revenue may cause unusual variations in our operating results.

As part of our strategy, from time to time, we earn incremental revenues, in addition to hourly or fixed-fee billings, which are contingent on the attainment of certain contractual milestones or objectives. Because it is uncertain when the milestones or objectives will be achieved, if ever, any such incremental revenues may cause unusual variations in quarterly revenues and operating results. Also, whether any contractual milestones or objectives are achieved may become subject to dispute.

We may not be able to maintain our existing services and products.

We operate in a rapidly evolving market, and our success depends upon our ability to deliver high-quality advice and analysis to our clients. Any failure to continue to provide credible and reliable information and advice that is useful to our clients could have a significant adverse effect on future business and operating results. Further, if our advice proves to be materially incorrect and the quality of service is diminished, our reputation may suffer and demand for our services and products may decline. In addition, we must continue to improve our methods for delivering our products and services in a cost-effective manner.

Expanding our service offerings may not be profitable.

We may choose from time to time to develop new service offerings because of market opportunities or client demands. Developing new service offerings involves inherent risks, including:

● a lack of market understanding;

● competition from more established market participants;

● any inability to estimate demand for the new service offerings; and

● unanticipated expenses to hire qualified consultants and to market our new service offerings.

If we cannot manage the risks associated with new service offerings effectively, we are unlikely to be successful in these efforts, which could harm our ability to sustain profitability.

15

Table of Contents

We may not have the ability to develop and offer the new services and products that we need to remain competitive.

Our future success will depend in part on our ability to offer new services and products. To maintain our competitive position, we must continue to enhance and improve our services and products, develop or acquire new services and products in a timely manner and appropriately position and price new services and products relative to the marketplace and our costs of producing them. These new services and products must successfully gain market acceptance by addressing specific industry and business sectors and by anticipating and identifying changes in client requirements. The process of researching, developing, launching and gaining client acceptance of a new service or product, or assimilating and marketing an acquired service or product, is risky and costly. We may not be able to introduce new, or assimilate acquired, services and products successfully. Any failure to achieve successful client acceptance of new services and products could have an adverse effect on our business results.

We may fail to anticipate and respond to market trends.

Our success depends in part upon our ability to anticipate rapidly changing technologies and market trends and to adapt our advice, services and products to meet the changing sourcing advisory needs of our clients. Our clients regularly undergo frequent and often dramatic changes. That environment of rapid and continuous change presents significant challenges to our ability to provide our clients with current and timely analysis, strategies and advice on issues of importance to them. Meeting these challenges requires the commitment of substantial resources. Any failure to continue to respond to developments, technologies and trends in a manner that meets market needs could have an adverse effect on our business results.

We may be unable to protect important intellectual property rights.

We rely on copyright and trademark laws, as well as nondisclosure and confidentiality arrangements, to protect our proprietary rights in our methods of performing our services, our data and our tools for analyzing financial and other information. There can be no assurance that the steps we have taken, or may take in the future, to protect our intellectual property rights will be adequate to deter misappropriation of our rights or that we will be able to detect unauthorized use and take timely and effective steps to enforce our rights. If substantial and material unauthorized uses of our proprietary methodologies, data and analytical tools were to occur, we may be required to engage in costly and time-consuming litigation to enforce our rights. There can be no assurance that we would prevail in such litigation. If others were able to use our intellectual property or were to independently develop our methodologies or analytical tools, our ability to compete effectively and to charge appropriate fees for our services may be adversely affected.

We face competition and our failure to compete successfully could materially adversely affect our results of operations and financial condition.

The business information services and advisory sector is highly competitive, fragmented and subject to rapid change. We face competition from many other providers ranging from large organizations to small firms and independent contractors that provide specialized services. Our competitors include any firm that provides sourcing or benchmarking advisory services, IT strategy or business process consulting, which may include a variety of consulting firms, service providers, niche advisors and, potentially, advisors currently or formerly employed by us. Some of our competitors have significantly more financial and marketing resources, larger professional staffs, closer client relationships, broader geographic presences or more widespread recognition than us.

In addition, limited barriers to entry exist in the markets in which we do business. As a result, additional new competitors may emerge, and existing competitors may start to provide additional or complementary services. There can be no assurance that we will be able to successfully compete against current and future competitors and our failure to do so could result in loss of market share, diminished value in our products and services, reduced pricing and increased marketing expenditures. Furthermore, we may not be successful if we cannot compete effectively on quality of advice and analysis, timely delivery of information, client service or the ability to offer services and products to meet changing market needs for information, analysis or price.

We derive a significant portion of our revenues from our largest clients and could be materially and adversely affected if we lose one or more of our large clients.

Our 25 largest clients accounted for approximately 30% of revenue in both 2025 and 2024. If one or more of our large clients terminate, significantly reduce their engagement or fail to remain a viable business, then our revenues could be materially and adversely affected. In addition, sizable receivable balances could be jeopardized if large clients fail to remain a going concern.

Risks Related to Management and Employees

The loss of key executives could adversely affect our business.

The success of our business is dependent upon the continued service of a relatively small group of key executives, including Michael P. Connors, Chairman and Chief Executive Officer; Todd D. Lavieri, Vice Chairman and President – ISG Americas and Asia

16

Table of Contents

Pacific; Michael A. Sherrick, Executive Vice President and Chief Financial Officer; and Thomas S. Kucinski, Executive Vice President and Chief Human Resources Officer, among others.

Although we currently intend to retain our existing management, we cannot assure that such individuals will remain with us for the immediate or foreseeable future.  The unexpected loss of the services of one or more of these executives could adversely affect our business.

We rely heavily on key members of our management team.

We are dependent on our management team. We grant restricted stock units (“RSUs”) from time to time to key employees and, in connection with such grants, require recipients to execute a restrictive covenant agreement. Vested and unvested RSUs will be forfeited upon any violation of the restrictive covenant agreement. We may not be able to retain these managers and may not be able to enforce the restrictive covenants. If we were to lose a number of key members of our management team and were unable to replace such individuals quickly, we could have difficulty maintaining our growth and certain key relationships with large clients and face competition from these former managers if the restrictive covenants are unenforceable.

We depend upon our ability to attract, retain and train skilled advisors and other professionals.

Our business involves the delivery of advisory and consulting services. Therefore, our continued success depends in large part upon our ability to attract, develop, motivate, retain and train skilled advisors and other professionals who have advanced information technology and business processing domain expertise, financial analysis skills, project management experience and other similar abilities.  These advisors could resign and join one of our competitors or provide sourcing advisory services to our clients through their own ventures.

We must also recruit staff globally to support our services and products. We face competition for the limited pool of these qualified professionals from, among others, technology companies, market research firms, consulting firms, financial services companies and electronic and print media companies, some of which have a greater ability to attract and compensate these professionals. Moreover, increasing wage inflation may affect our profit margin as we strive to provide compensation packages that are competitive. We face risks related to global labor shortages, and competitive markets have increased attrition throughout our sector. Some of the personnel that we attempt to hire may be subject to non-compete agreements that could impede our short-term recruitment efforts. Any failure to retain key personnel or hire and train additional qualified personnel as required to support the evolving needs of clients or growth in our business could adversely affect the quality of our products and services, and our future business and operating results.

We may have agreements with certain clients that limit the ability of particular advisors to work on some engagements for a period of time.

We provide services primarily in connection with significant or complex sourcing transactions and other matters that provide potential competitive advantages and/or involve sensitive client information. Our engagement by a client occasionally precludes us from staffing certain advisors on new engagements with other clients because the advisors have received confidential information from a client who is a competitor of the new client. Furthermore, it is possible that our engagement by a client could preclude us from accepting engagements with such client’s competitors because of confidentiality concerns.

Macroeconomic Risks

Our international operations expose us to a variety of risks that could negatively impact our future revenue and growth.

Approximately 34% of our revenues for 2025 and 36% of our revenues for 2024 were derived from sales outside of the Americas.  Our operating results are subject to the risks inherent in international business activities, including:

● tariffs and trade barriers;

● regulations related to customs and import/export matters;

● restrictions on entry visas required for our advisors to travel and provide services;

● tax issues, such as tax law changes and variations in tax laws as compared to the United States;

● cultural and language differences;

● an inadequate banking system;

● foreign exchange controls;

● restrictions on the repatriation of profits or payment of dividends;

● crime, strikes, riots, civil disturbances, pandemics, terrorist attacks and wars;

17

Table of Contents

● nationalization or expropriation of property;

● law enforcement authorities and courts that are inexperienced in commercial matters; and

● deterioration of political relations with the United States.

Air travel, telecommunications and entry through international borders are all vital components of our business. If a pandemic,  military conflict or terrorist attack were to occur, our business could be disproportionately impacted because of the disruption, including potential cancellation of ISG events.

Further, conducting business abroad subjects us to increased regulatory compliance and oversight. For example, in connection with our international operations, we are subject to laws prohibiting certain payments to governmental officials, such as the Foreign Corrupt Practices Act of 1977, as amended. A failure to comply with applicable regulations could result in regulatory enforcement actions as well as substantial civil and criminal penalties assessed against us and our employees.

We intend to continue to expand our global footprint in order to meet our clients’ needs. This may involve expanding into countries beyond those in which we currently operate, including into less-developed countries that may have less political, social or economic stability and less-developed infrastructure and legal systems. As we expand our business into new countries, regulatory, personnel, technological and other difficulties may increase our expenses or delay our ability to start up operations or become profitable in such countries. This may affect our relationships with our clients and could have an adverse effect on our business.

Changes to trade policy, including new or increased tariffs and changing import/export regulations, may adversely affect our business, financial condition and results of operations.

​

Changes in U.S. or international laws and policies governing foreign trade could materially and adversely affect our business. The U.S. has instituted certain changes, and has proposed additional changes, in trade policies that include the negotiation or termination of trade agreements, the imposition of higher tariffs on imports into the U.S. and other government regulations affecting trade between the U.S. and other countries where we conduct our business. The new tariffs and other changes in U.S. trade policy have triggered retaliatory actions by affected countries, and foreign governments have instituted, or are considering imposing, trade sanctions on U.S. goods.

The imposition of tariffs and other trade restrictions, as well as the escalation of trade disputes and any downturns in the global economy resulting therefrom, could materially and adversely affect our business, financial condition and results of operations. The extent and duration of the tariffs and other trade restrictions and the resulting impact on general economic conditions and on our business are uncertain and depend on various factors, such as negotiations between the U.S. and affected countries, the responses of other countries or regions, exemptions or exclusions that may be granted, the availability and cost of alternative sources of supply and demand for our services in affected markets.

We operate in a number of international areas which exposes us to significant foreign currency exchange rate risk.

We have significant international revenue, which is predominantly collected in local currency. It is expected that our international revenues will start to show growth as European and Asian Pacific markets adopt to sourcing solutions. The translation of our revenues into U.S. dollars, as well as our costs of operating internationally, may adversely affect our business, results of operations and financial condition.

Risks Related to Data, Cybersecurity and Confidential Information

Data protection and emerging cybersecurity laws and self-regulatory codes may restrict our activities and increase our costs.

Various statutes and rules regulate conduct in areas such as privacy, data protection, and cybersecurity that may affect our collection, use, storage, and transfer of information both abroad and in the United States. Compliance with these laws and self-regulatory codes may require us to make certain investments or may dictate that we not offer certain types of services or only offer such services after making necessary modifications. Moreover, these laws and regulations impose operational requirements, including disclosures to consumers about personal data practices, opt-out and consent choices and required contractual terms with certain third parties, and obligations to provide notice to individuals, third parties, and/or regulators in the event of certain cybersecurity incidents involving personal data. Failure to comply with these laws and self-regulatory codes may result in, among other things, civil and criminal liability, negative publicity, restrictions on further use of data, fines,  and/or liability under contractual warranties.

In addition, there is an increasing public concern regarding data and consumer protection issues, with the result that the number of jurisdictions with data protection laws continues to increase and the scope of existing privacy laws and the data considered to be covered by such laws keeps expanding. Changes in these laws (including newly released interpretations of these laws by courts and regulatory bodies)

18

Table of Contents

may limit our client data access, use and disclosure, and may require increased expenditures by us or may dictate that we may not offer certain types of services.

As a global company, ISG must comply with various international and domestic data privacy regulations such as (i) the EU and UK General Data Protection Regulation (“GDPR”), which has extra-territorial scope and substantial fines for breaches (up to 4% of global annual revenue or €20 million, whichever is greater), (ii) the California Consumer Privacy Act, which, unlike data privacy provisions enacted by other US states, covers individuals acting in a commercial or employment context not just as consumers, and (iii) the Australian Privacy Act, among others. In addition, India’s Ministry of Electronics and Information Technology notified the Digital Personal Data Protection Rules 2025 (the “Rules”) November 13, 2025, operationalizing the Digital Personal Data Protection Act 2023 (“DPDPA”) enacted by the Parliament of India in August 2023. Companies operating in India must meet the DPDPA’s core compliance obligations, which includes reporting data breaches within seventy-two hours, appointing consent managers and data protection officers, and implementing systems for express user permission, within a phased twelve-to-eighteen-month timeline. Like the GDPR, the DPDPA has extra-territorial reach. The DPDPA shares many provisions with existing privacy laws, and ISG therefore anticipates that its existing processes already broadly align with the law. However, like the GDPR, failure to comply with the DPDPA may lead to substantial fines. ISG is also continuing to monitor the development of and public guidelines regarding the EU’s ePrivacy Regulation to determine whether further action is required.

To mitigate the risk and negative exposure of data outside ISG, we have put in place a data protection framework that includes policies, procedures, guidance and records. This includes policies and procedures for rights and usage of personal and client data.

We are exposed to risks related to cybersecurity.

A significant portion of our business is conducted over the internet, and we rely on the secure processing, storage and transmission of confidential, sensitive, proprietary and other types of information relating to our business operations and confidential and sensitive information about our clients and employees in our computer systems and networks, and in those of our third-party vendors. Individuals, groups, state-sponsored organization, and actors utilizing AI may take steps that pose threats to our operations, our computer systems, our employees, and our clients. The cybersecurity risks we face range from cyberattacks common to most industries, such as the development and deployment of malicious software to gain access to our networks and attempt to steal confidential information, launch distributed denial of service attacks or attempts at other coordinated disruptions, to more advanced threats that target us because of our prominence in the global research and advisory field. Ransomware risk has increased significantly in recent years and presents a significant risk of financial extortion and loss of data. Our operating model allows employees to continue to work remotely or on a hybrid basis, which magnifies the importance of the integrity of our remote access security measures.

We have robust measures in place to address and mitigate cyber-related risks. Notwithstanding this, we continue to experience attack attempts against our environment. We have and continue to expect to invest in the security and resiliency of our networks and products and to enhance our internal controls and processes, which are designed to help protect our systems and infrastructure and the information they contain. These include timely detection of incidents through monitoring, training, incident response capabilities and mitigating cyber and security risks to our data, systems, products and services. However, given the complex, continuing and evolving nature of cyber and other security threats, these efforts may not be fully effective, particularly against previously unknown vulnerabilities that could go undetected for an extended period.

We also face risks related to our use of third-party suppliers, with whom we may share data and operational systems. If such suppliers are affected by a cybersecurity threat or incident, it could result in not only a reduction in or loss of their ability to service us (which could be a significant component of our services to clients) but also the exposure of ISG or client data or a potential backdoor into ISG’s systems and network.

We are exposed to risks related to artificial intelligence.

We recognize that our use of AI introduces risks related to data protection, cybersecurity, model integrity, confidentiality and operational reliability. In particular, our use of AI technologies may expose us to errors, data quality issues, security vulnerabilities, or other harms, especially as these technologies can behave unpredictably, fail, or produce inaccurate or biased outputs. Failures in oversight, system design, or data quality could result in various harms to us or our clients, including, but not limited to, operational disruptions, security or privacy incidents, and/or reputational challenges. Because AI systems can be complex and difficult to fully evaluate or audit, we may be unable to detect errors or vulnerabilities in a timely manner. If we are unable to effectively implement, monitor, and manage these technologies, our business, financial condition, and results of operations could be adversely affected.

In light of these risks, we have established governance processes intended to support the responsible evaluation, approval, deployment and monitoring of AI tools used in our internal operations and in client delivery. These processes include review mechanisms

19

Table of Contents

for higher-risk AI use cases, defined roles and responsibilities for management oversight, and coordination among our information security, legal, compliance and risk management functions.

Our Board of Directors, through its designee, the Information Security Committee (“ISC”), receives periodic updates from management regarding emerging AI-related risks, regulatory developments, and the potential impact of AI on our operations, technology environment and risk profile. Management is responsible for implementing controls, policies, training and monitoring procedures relevant to AI technologies, including restrictions on the use of unapproved or public AI tools that may create confidentiality, cybersecurity or compliance risks.

As AI technologies and associated global and domestic laws and regulations continue to evolve, we may be required to, among other things: enhance our governance frameworks, controls, documentation and reporting practices, increase our compliance costs; and/or limit our use of certain technologies. There can be no assurance that our processes will be sufficient to prevent or mitigate all AI-related risks, and failures or limitations in these processes could have a material adverse effect on our operations, reputation or regulatory posture. Moreover, any failure to comply with emerging AI regulatory frameworks could result in enforcement actions, fines, or other adverse consequences.

We may be subject to claims for substantial damages by our clients arising out of disruptions to their businesses or inadequate service, and our insurance coverage may be inadequate.

Most of our service contracts with clients contain service level and performance requirements, including requirements relating to the quality of our services. Failure to consistently meet the service requirements of a client or errors made by our employees while delivering services to our clients could disrupt the client’s business and result in a reduction in revenues or a claim for damages against us. Additionally, we could incur liability if a process we manage for a client was to result in internal control failures or impair our client’s ability to comply with their own internal control requirements.

Under our service agreements with our clients, our liability for breach of our obligations is generally limited to actual damages suffered by the client and is typically capped at the greater of an agreed amount or the fees paid or payable to us under the relevant agreement.  These limitations and caps on liability may be unenforceable or otherwise may not protect us from liability for damages. In addition, certain liabilities, such as claims of third parties for which we may be required to indemnify our clients or liability for breaches of confidentiality, are generally not limited under those agreements. Although we have general commercial liability insurance coverage, the coverage may not continue to be available on acceptable terms or in sufficient amounts to cover one or more large claims. The successful assertion of one or more large claims against us that exceed available insurance coverage or changes in our insurance policies (including premium increases or the imposition of large deductible or co-insurance requirements) could have a material adverse effect on our business.

We could have liability, or our reputation could be damaged, if we fail to protect client and/or our data from security breaches or cyberattacks.

We are dependent on information technology networks and systems to securely process, transmit and store electronic information and to communicate among our locations around the world and with our people, clients, alliance partners and vendors. As the breadth and complexity of this infrastructure continues to grow, because of the use of mobile technologies, social media and cloud-based services, the risk of security breaches and cyberattacks increases. Such breaches could lead to shutdowns or disruptions of or damage to our systems and those of our clients, alliance partners and vendors and unauthorized disclosure of sensitive or confidential information, including confidential or personal data.

In addition, third party Cyber Security Risk is a critical focus for us. All potential new suppliers go through our Data Protection Impact Assessment (“DPIA”) process. This starts with an initial screening questionnaire. The questionnaire covers what personal data and client data is processed, whether the third party has any access requirements to our environment and how is data is transferred. From this, our security team assesses the third party, conducts further due diligence, and reviews contractual clauses. If the risk assessment identifies that the baseline Information security & privacy technical and organizational controls are not met, the business will be advised accordingly. The outcome of all DPIAs is recorded on the DPIA register. All new third parties processing personal data or client data are assessed to be either Tier 1, 2 or 3, with Tier 1 being the highest risk in terms of data processed or interactions to our environment from a cyber security threat perspective.  Tier 1 and 2 third parties are recorded on our business-critical services register and reviewed annually, and we review the compliance documentation, such as latest ISO certifications, SOC2 reports and pen tests, of those Tier 1 and 2 third parties. Tier 3 third parties are recorded on the DPIA register, but no further due diligence is performed by the security team, as Tier 3 third parties process no client or personal data and have no access or integration to ISG’s network or systems. As part of our continuous improvement in our third-party risk management process, we engage the services of a third-party risk monitoring service to monitor threat intelligence and known vulnerabilities.

Although we seek to prevent, detect, and investigate cybersecurity threats and incidents, and have taken steps to mitigate the likelihood of network security breaches, there can be no assurance that attacks by unauthorized users will not be attempted in the future or

20

Table of Contents

that our security measures will be effective. Unauthorized disclosure of sensitive or confidential client data, whether through breach of our processes, systems or otherwise, could subject us to liability, damage our reputation and cause us to lose existing and potential clients. We may also be subject to civil actions and/or criminal prosecution by government or quasi-government agencies for breaches relating to such data. Our insurance coverage for breaches or mismanagement of such data may not continue to be available on reasonable terms or in sufficient amounts to cover one or more large claims against us.

Client restrictions on the use of client data could adversely affect our activities.

Most of the data we use to populate our databases comes from our client engagements. The insight sought by clients from us relates to the contractual data and terms, including pricing and costs, to which we have access while assisting our clients in the negotiation of our sourcing agreements. Data is obtained through the course of our engagements with clients who agree to contractual provisions permitting us to consolidate and utilize on an aggregate basis such information. If we were unable to utilize key data from previous client engagements, our business, financial condition and results of operations could be adversely affected.

​

General Risk Factors

Failure to maintain effective internal control over financial reporting could adversely affect our business and the market price of our common stock.

Pursuant to rules adopted by the SEC implementing Section 404 of the Sarbanes Oxley Act of 2002, we are required to assess the effectiveness of our internal control over financial reporting and provide a management report on our internal control over financial reporting in all annual reports. This report contains, among other matters, a statement as to whether or not our internal control over financial reporting is effective and the disclosure of any material weaknesses in our internal control over financial reporting identified by management.

The Committee of Sponsoring Organizations of the Treadway Commission (COSO) provides a framework for companies to assess and improve their internal control systems. Auditing Standard No. 5 provides the professional standards and related performance guidance for auditors to attest to, and report on, management’s assessment of the effectiveness of internal control over financial reporting under Section 404. Management’s assessment of internal control over financial reporting requires management to make subjective judgments and some of the judgments will be in areas that may be open to interpretation. Therefore, our management’s report on our internal control over financial reporting may be difficult to prepare, and our auditors may not agree with our management’s assessment.

While we currently believe our internal control over financial reporting is effective, we are required to comply with Section 404 on an annual basis. If, in the future, we identify one or more material weaknesses in our internal control over financial reporting during this continuous evaluation process, our management will be unable to assert such internal control is effective. Therefore, if we are unable to assert that our internal control over financial reporting is effective in the future, or if our auditors are unable to express an opinion on the effectiveness of our internal control, our investors could lose confidence in the accuracy and completeness of our financial reports, which could have an adverse effect on our business and the market price of our common stock.

Our actual operating results may differ significantly from our guidance.

From time to time, we release guidance regarding our future performance that represents our management’s estimates as of the date of release. This guidance, which consists of forward-looking statements, is prepared by our management and is qualified by, and subject to, the assumptions and the other information contained or referred to in the release. Our guidance is not prepared with a view toward compliance with published guidelines of the Public Company Accounting Oversight Board (United States) and neither our independent registered public accounting firm nor any other independent expert or outside party compiles or examines the guidance and, accordingly, no such person or firm expresses any opinion or any other form of assurance with respect thereto. Guidance is based upon a number of assumptions and estimates that, while presented with numerical specificity, is inherently subject to significant business, economic and competitive uncertainties and contingencies, many of which are beyond our control and are based upon specific assumptions with respect to future business decisions, some of which will change. The principal reason that we release this data is to provide a basis for our management to discuss our business outlook with analysts and investors. We do not accept any responsibility for any projections or reports published by any such persons. Guidance is necessarily speculative in nature, and it can be expected that some or all of the assumptions of the guidance furnished by us will not materialize or will vary significantly from actual results. Accordingly, our guidance is only an estimate of what management believes is realizable as of the date of release. Actual results will vary from the guidance and the variations may be material. Investors should also recognize that the reliability of any forecasted financial data diminishes the farther in the future that the data is forecast. In light of the foregoing, investors are urged to put any guidance in context and not to place undue reliance on it. Any failure to successfully implement our operating strategy or the occurrence of any of the events or circumstances set forth in this Annual Report on Form 10-K could result in the actual operating results being different than the guidance, and such differences may be adverse and material.

21

Table of Contents

We may experience employment-related claims, commercial indemnification claims and other legal proceedings that could materially harm our business.

We currently are, and may again in the future be, subject to employment-related claims in certain of the jurisdictions in which we operate, including claims of wage and hour violations. We incur a risk of liability for claims relating to employment-related matters, contractual obligations, government inquiries and other claims. Some or all of these claims may give rise to litigation or settlements, which may cause us to incur costs or have other material adverse impacts on our financial statements. Additionally, new employment and labor laws and regulations may be proposed or adopted in the jurisdictions in which we operate that may increase the potential exposure of employers to employment-related claims and litigation.

Certain clients have negotiated broad indemnification provisions regarding the services we provide. In addition, we may have liability to our clients for the action or inaction of our consultants that may cause harm to our clients or third parties. In some cases, we must indemnify our clients for certain acts of our consultants or arising from our consultants’ presence on the client’s job site. We may also incur fines, penalties, and losses that are not covered by insurance or negative publicity with respect to these matters.

​