UNITED STATES 

SECURITIES AND EXCHANGE COMMISSION

WASHINGTON, D.C. 20549

FORM 10-K

(Mark One) 

For the fiscal year ended December 31, 2024

For the transition period from _____________to____________________________

Commission File No. 000-54579

DATA STORAGE CORPORATION

(Exact name of registrant as specified in its charter)

Registrant’s telephone number, including area code: (212) 564-4922

Securities registered under Section 12(b) of the Exchange Act:

Securities registered under Section 12(g) of the Exchange Act:

Common Stock, par value $0.001 per share

(Title of class)

Indicate by check mark if the registrant is a well-known seasoned issuer, as defined in Rule 405 the Securities Act. Yes ☐ No ☒

Indicate by check mark if the registrant is not required to file reports pursuant to Section 13 or Section 5(d) of the Act. Yes ☐ No ☒

Indicate by check mark whether the registrant (1) has filed all reports required to be filed by Section 13 or 15(d) of the Securities Exchange Act of 1934 during the preceding 12 months (or for such shorter period that the registrant was required to file such reports), and (2) has been subject to such filing requirements for the past 90 days.

Yes ☒ No ☐

Indicate by check mark whether the registrant has submitted electronically every Interactive Data File required to be submitted pursuant to Rule 405 of Regulation ST (§232.405 of this chapter) during the preceding 12 months (or for such shorter period that the registrant was required to submit such files). Yes ☒ No ☐

Indicate by check mark whether the registrant is a large accelerated filer, an accelerated filer, a non-accelerated filer, a smaller reporting company and an “emerging growth company.” See the definitions of “large accelerated filer,” “accelerated filer” “smaller reporting company” and “emerging growth company” in Rule 12b-2 of the Exchange Act.

If an emerging growth company, indicate by check mark if the registrant has elected not to use the extended transition period for complying with any new or revised financial accounting standards provided pursuant to Section 13(a) of the Exchange Act. ☐

Indicate by check mark whether the registrant has filed a report on and attestation to its management’s assessment of the effectiveness of its internal control over financial reporting under Section 404(b) of the Sarbanes-Oxley Act (15 U.S.C. 7262(b)) by the registered public accounting firm that prepared or issued its audit report. ☐

If securities are registered pursuant to Section 12(b) of the Act, indicate by check mark whether the financial statements of the registrant included in the filing reflect the correction of an error to previously issued statements. ☐

Indicate by check mark whether any of those error corrections are restatements that required a recovery analysis of incentive-based compensation received by any of the registrant’s executive officers during the relevant recovery period pursuant to Section 240.10D-1(b). ☐

Indicate by check mark whether the registrant is a shell company as defined in Rule 12b-2 of the Exchange Act. Yes ☐ No ☒

As of June 28, 2024, the last business day of the Registrant’s most recently completed second fiscal quarter, the aggregate market value of the Company’s voting and non-voting common equity held by non-affiliates of the Registrant was $26,955,729. 

The number of shares of the registrant’s common stock outstanding as of March 27, 2025, was 7,094,081. 

Documents incorporated by reference: Portions of the registrant’s definitive proxy statement relating to the 2025 annual meeting of stockholders are incorporated by reference into Part III of this Annual Report on Form 10-K where indicated. Such definitive proxy statement will be filed with the Securities and Exchange Commission within 120 days after the end of the registrant’s fiscal year ended December 31, 2024 (the “2025 Proxy Statement”).

Data Storage Corporation

Table of Contents

PART I

Forward-Looking Statements

This Annual Report on Form 10-K (this “Annual Report”) contains forward-looking statements within the meaning of Section 27A of the Securities Act of 1933, as amended (the “Securities Act”), and Section 21E of the Securities Exchange Act of 1934, as amended (the “Exchange Act”), that involve substantial risks and uncertainties. The forward-looking statements are contained principally in Part I, Item 1. “Business,” Part I, Item 1A. “Risk Factors,” and Part II, Item 7. “Management’s Discussion and Analysis of Financial Condition and Results of Operations,” but are also contained elsewhere in this Annual Report and in some cases you can identify forward-looking statements by terminology such as “may,” “should,” “potential,” “continue,” “expects,” “anticipates,” “intends,” “plans,” “believes,” “estimates,” and similar expressions. These statements are based on our current beliefs, expectations, and assumptions and are subject to a number of risks and uncertainties, many of which are difficult to predict and generally beyond our control, that could cause actual results to differ materially from those expressed, projected or implied in or by the forward-looking statements.

You should refer to Item 1A. “Risk Factors” section of this Annual Report for a discussion of important factors that may cause our actual results to differ materially from those expressed or implied by our forward-looking statements. As a result of these factors, we cannot assure you that the forward-looking statements in this Annual Report will prove to be accurate. Furthermore, if our forward-looking statements prove to be inaccurate, the inaccuracy may be material. In light of the significant uncertainties in these forward-looking statements, you should not regard these statements as a representation or warranty by us or any other person that we will achieve our objectives and plans in any specified time frame, or at all. We do not undertake any obligation to update any forward-looking statements. Unless the context requires otherwise, references to “DSC,” “we,” “us,” “our,” and “Company,” refer to Data Storage Corporation and its subsidiaries.

Summary Risk Factors

Risks Related to the Company’s Business

Risks Related to the Company’s Industry

Risks Related to Intellectual Property

Risks Related to the Company’s Common Stock and Securities

ITEM 1. BUSINESS

Corporate Overview

The Company is a leading provider of enterprise cloud and business continuity solutions, specializing in fully managed cloud hosting, disaster recovery, cybersecurity, and IT automation services. DSC leverages its expertise through its subsidiaries: CloudFirst Technologies Corporation (“CloudFirst Technologies”), CloudFirst Europe Ltd. (“CloudFirst Europe” and, together with CloudFirst Technologies, “CloudFirst”), and Nexxis Inc. (“Nexxis”). Through its CloudFirst platform – built on IBM Power Systems infrastructure – DSC delivers high-performance cloud solutions tailored for IBM i and AIX workloads. This niche focus on IBM Power environments distinguishes CloudFirst in the market: none of the major public cloud providers (AWS, Microsoft Azure, or Google Cloud) natively support IBM i/AIX workload, giving DSC a distinct competitive edge in serving clients with these mission-critical systems. The Company leverages long-term subscription contracts for its cloud and disaster-recovery services, yielding a highly recurring revenue base and strong customer retention (historically over 90% annual subscription renewal rates). DSC’s client base exceeds 425 organizations across diverse sectors – including government, healthcare, education, manufacturing, and Fortune 500 enterprises – reflecting broad market demand for its multi-cloud hosting and business continuity solutions. In recent years, DSC has undertaken strategic expansions (organically and via acquisitions) to reinforce its position as an emerging growth leader in the multi-billion-dollar cloud hosting and business continuity market. Notably, the integration of Flagship Solutions, LLC (“Flagship”) (which became a subsidiary of DSC in 2021) into CloudFirst was completed in January 2024, unlocking operational synergies and enabling cross-selling of the full CloudFirst suite to Flagship’s established customer base. This integration, combined with enhanced distribution and marketing capabilities post-2021 Nasdaq uplisting, has bolstered DSC’s growth trajectory and technical expertise.

Solutions and Services

DSC provides a comprehensive portfolio of solutions to ensure clients’ critical IT systems remain operational, secure, and resilient:

• Cloud Infrastructure Services (IaaS) – CloudFirst offers fully managed cloud hosting for IBM Power systems (IBM i and AIX) as well as x86 environments. Clients can migrate on-premises IBM workloads to DSC’s owned and operated cloud and run them on enterprise-grade IBM Power infrastructure, with interoperability to public clouds like AWS, Azure, and Google for hybrid deployments. DSC’s cloud solutions include comprehensive migration services to ensure seamless transfer of data and applications from legacy systems to the cloud with minimal downtime.

• Disaster Recovery & Business Continuity – DSC delivers robust disaster-recovery-as-a-service and business continuity solutions to protect organizations from downtime and data loss. CloudFirst’s recovery services provide off-site data replication, rapid failover for IBM i/AIX and Windows/Linux systems, and cloud-based backup to meet stringent recovery time objectives. These services ensure that clients can quickly restore critical applications in the event of cyberattacks, hardware failures, or natural disasters, thereby minimizing operational disruption.

• Cybersecurity Solutions – Through its security suite, DSC offers comprehensive cybersecurity and compliance services. This includes endpoint protection, network security, data encryption, ransomware defense, vulnerability assessments, and IBM i security monitoring. By integrating cybersecurity into its cloud and DR offerings, DSC provides a layered defense to safeguard client data and systems across on-premise and cloud environments.

• Managed IT Services and Support – DSC augments its core cloud offerings with managed services such as systems monitoring, IT automation, and voice & data communications solutions. For example, through its Nexxis subsidiary, DSC provides Voice over Internet Protocol (“VoIP”)/Unified Communications and dedicated internet connectivity as part of its one-stop solution set. These ancillary services enable clients to rely on a single provider for a broad range of IT infrastructure needs.

This integrated solutions portfolio positions DSC as a single-source provider for cloud infrastructure, disaster recovery, cybersecurity, and connectivity. From initial cloud migration through ongoing management and support, the Company ensures clients’ workloads run securely and efficiently in a multi-cloud environment. DSC’s value proposition is underscored by its high service reliability (Tier III data centers with 99.999% uptime SLAs) and a consultative approach by in-house solution architects to meet each client’s unique requirements.

Competitive Positioning and CloudFirst Strategy

CloudFirst occupies a distinct competitive niche as a premier cloud solution for IBM Power Systems, an area with high barriers to entry and limited competition. Because IBM i and AIX workloads cannot be easily re-platformed to standard x86 cloud environments, hyperscale cloud providers (Amazon, Microsoft, Google) generally do not compete in this segment. DSC has capitalized on this gap by building a cloud platform specialized for IBM Power – complete with the necessary hardware, OS expertise, and tools to support mission-critical IBM environments. This focus, combined with DSC’s deep IBM technical know-how, allows the Company to address complex legacy modernization and disaster recovery needs that others cannot readily fulfill. At the same time, CloudFirst is designed for interoperability with mainstream clouds: the platform integrates via high-bandwidth, low-latency connections to AWS, Azure, Google, and IBM Cloud, enabling clients to run IBM i/AIX systems in parallel with their other cloud-native workloads. This multi-cloud capability gives enterprises the “best of both worlds” – they can maintain essential IBM systems, whereby protecting their applications designed for the IBM operating platform on CloudFirst, while interfacing seamlessly with applications hosted on public clouds.

Security and compliance are core to CloudFirst’s value proposition. DSC’s data centers meet Tier III standards and SOC 2 Type II compliance, offering the highest levels of reliability and data protection. CloudFirst’s infrastructure and processes are aligned with stringent regulatory requirements in the United States, Canada, and the United Kingdom, which is crucial for clients in regulated industries (financial services, government, healthcare, etc.). Additionally, DSC’s cloud services adhere to data sovereignty laws by enabling clients to keep data within country borders (e.g., Canadian data in Canada, UK data in UK data centers). By prioritizing security certifications and regional compliance, CloudFirst provides enterprise customers with confidence that their critical systems are hosted in an environment that meets national security standards and privacy laws. This commitment to security, combined with 24x7 managed support, has solidified DSC’s reputation as a trusted partner for business continuity. Industry recognition of this niche leadership is evident – DSC is viewed as an emerging growth leader in cloud infrastructure and the migration of data to the cloud for IBM Power workloads.

Global Footprint and Infrastructure

DSC has established a global cloud infrastructure footprint to serve its clients’ multi-national needs. The Company operates and leverages a network of Tier III data center facilities across North America and Europe, including five in the United States, which includes one new data center facility in Chicago, two in Canada, and three in the United Kingdom (Scotland and England). This expansive footprint was built through strategic investments and partnerships: historically, DSC operated out of seven primary data centers across the U.S. and Canada, and in 2024 it expanded into Europe by partnering with leading regional data center providers (e.g., Brightsolid in Scotland and Pulsant in England). By early 2025, CloudFirst’s platform spanned three countries and served over 400 clients globally.

Having infrastructure in multiple geographies allows DSC to deliver cloud infrastructure and recovery services from a single source across continents, a capability few competitors offer. Clients with international operations can rely on CloudFirst to host and protect data in-region for performance and compliance, while managing everything through one provider. For example, a U.S.-based enterprise with subsidiaries in Canada and the UK can run IBM i production in DSC’s U.S. cloud, have disaster recovery in Canada, and extend certain workloads or backups to the UK – all under CloudFirst’s management. This one-stop, multi-country service model is highly differentiated in the mid-market enterprise segment, where companies often struggle to find integrated solutions for IBM Power workloads across regions. DSC’s data centers are inter-connected and built with full redundancy (power, cooling, network) and round-the-clock operations support, ensuring consistent service levels worldwide. The geographic diversity of these sites also adds resiliency (e.g., data can be replicated to a different country for added protection). Management believes this global infrastructure approach for cross-border cloud services provides DSC with a competitive advantage in winning customers seeking a single vendor for all their cloud hosting and business continuity needs.

Growth Strategy and Cross-Selling Opportunities

DSC’s growth strategy is centered on expanding its cloud footprint and cross-selling its full suite of solutions to meet the evolving needs of its clients. A key pillar of this strategy is capitalizing on cross-sell opportunities that arise from the Company’s multi-country presence and broadened solution set. As the Company enters new regions like Europe, DSC can target existing North American clients who have overseas operations, offering to migrate or protect those international workloads via CloudFirst’s new UK facilities. Similarly, partnerships with local providers (such as Pulsant in the UK) open access to new customer bases that DSC can serve with its IBM expertise – including European organizations and U.S. multinationals operating abroad. Management has structured these partnerships to maximize customer engagement across different industry verticals and regions, thereby creating access to a much broader addressable market. Early success of this approach is evidenced by growing demand in the UK/EU for IBM cloud services, which CloudFirst is now positioned to fulfill as one of the few specialized providers in that area.

In North America, DSC continues to deepen penetration in high-value verticals such as finance, healthcare, and insurance that require the reliable continuity solutions DSC provides. The Company’s unified sales team now markets an expanded portfolio – for instance, a disaster recovery customer can be upsold to production hosting on CloudFirst, cybersecurity services, and even voice/data connectivity, all through one relationship. Internally, the consolidation of Flagship into the CloudFirst brand has enhanced this cross-selling: Flagship’s legacy customers (who may have originally engaged for IBM hardware or software solutions) are being introduced to DSC’s cloud and DR services, driving incremental recurring revenue. To support these efforts, DSC is investing in its distribution channels, including IBM Business Partners, Managed Service Provider’s (MSPs), and resellers, to refer and resell CloudFirst services globally. The Company is also pursuing selective acquisitions and alliances to broaden its technical capabilities and customer reach.

In 2024, DSC reported $25.4 million in total revenue, with greater than 80% stemming from recurring sources, including cloud-based hosting and disaster recovery solutions, infrastructure-as-a-service hosting, managed services, cyber security and maintenance subscriptions. This base of annual recurring revenue reflects the effectiveness of the Company’s subscription-focused model. The remaining contract value for cloud services totals approximately $39.2 million, providing revenue visibility and supporting future growth expectations. The Company ended the year with a $21.5 million Annual Recurring Revenue (ARR) run rate. With a contract renewal rate exceeding 90%, DSC is positioned to maintain and expand its customer base. DSC operates with no debt and continues to improve operating margins as it scales its cloud solutions and service offerings. Looking forward, the Company is advancing its strategy, expanding its company owned and managed IBM Power platform into new markets, including a recent entry into Europe. Management believes that there is a global migration of IBM power systems and disaster recovery to cloud based solutions. DSC is uniquely positioned to capitalize on these trends, driving sustained revenue growth and long-term shareholder value.

Overall, DSC’s integrated approach – a unique IBM-focused cloud platform, compliance-driven global data center presence, and a broad suite of continuity and security solutions – positions the Company as a comprehensive one-stop provider for enterprises undergoing digital transformation and cloud migration. By emphasizing its CloudFirst differentiators and executing on cross-sell opportunities, DSC aims to strengthen its market position as a trusted partner for cloud infrastructure and business continuity worldwide.

Government Regulation

DSC operates within a complex and evolving regulatory landscape, governed by a multitude of federal, state, local, and international privacy laws. These laws regulate the Company’s handling of personal and customer data, reflecting the growing importance of privacy in the digital age. Compliance with these regulations is critical, as failure to do so could result in legal action, loss of customer trust, and negative impacts on the Company’s reputation and operations.

Key Regulatory Frameworks:

Compliance Measures Include:

The regulatory environment for DSC is marked by rapid changes and requires continuous vigilance to ensure compliance. As privacy regulations evolve, the Company may need to adjust its services and practices to remain compliant, thereby safeguarding its reputation and facilitating the development of new and innovative services that respect customer privacy.

Human Capital Resources

DSC attributes its success to the skill and dedication of its workforce, consisting of fifty-three full-time and two part-time employees as of March 15, 2025. The team is diverse, with roles across executive management, administration, finance, sales, marketing, and a robust technical team, complemented by independent contractors for service support and installations as needed. The Company has no collective bargaining agreements in place and maintains a positive relationship with its employees.

Key aspects of the Company’s human capital management include:

Corporate Information

Data Storage Corporation, a Delaware corporation founded in 2001, became a subsidiary of the Company, a Nevada corporation (DSC), in 2008. DSC was initially incorporated as Euro Trend Inc. on March 27, 2007, and consummated a share exchange transaction in October 2008. The Company underwent a name change to its current identity post-acquisition.

On May 31, 2021, the Company completed a merger of Flagship, a Florida limited liability company, and the Company’s wholly-owned subsidiary, Data Storage FL, LLC, a Florida limited liability company. Flagship is a provider of Hybrid Cloud solutions, managed services and cloud solutions. On January 1, 2024, Flagship Solutions, LLC was consolidated into the Company’s wholly-owned subsidiary, CloudFirst Technologies Corporation, a Delaware corporation incorporated in 2001.

On January 27, 2022, we formed Information Technology Acquisition Corporation a special purpose acquisition company for the purpose of entering into a merger, capital stock exchange, asset acquisition, stock purchase, recapitalization, reorganization or other similar business combination with one or more businesses or entities.

On August 12, 2024, the Company formed UK Cloud Host Technologies Ltd., a company formed under the laws of the United Kingdom, for the purpose of establishing an executive presence in London, United Kingdom and managing the business and affairs of the Company within Europe. On December 27, 2024, the name of the entity was changed to CloudFirst Europe Ltd. 

Facilities

The Company’s corporate headquarters are located at 225 Broadhollow Road, Suite 307, Melville, New York 11747, which are leased pursuant to a lease agreement, dated January 17, 2024. The lease commenced on April 1, 2024, and has a term of sixty-seven months. The monthly rent is $11,931 and the lease expires on October 30, 2029. The Company believes that these headquarters are adequate for its current operations and needs.

Available Information

Official filings with the SEC, including the Annual Report on Form 10-K, Quarterly Reports on Form 10-Q, Current Reports on Form 8-K, proxy statements, and any amendments, are accessible for free on the Company’s website (www.dtst.com) under the Investor Relations section following their SEC submission. The content on the Company’s website is not incorporated by reference into this Annual Report or any other SEC filings.

ITEM 1A. RISK FACTORS 

Investing in the Company’s common stock involves a high degree of risk. Investors should carefully consider the risks described below before deciding whether to invest in our securities. If any of the following risks actually occur, our business, financial condition or results of operations could be adversely affected. In such case, the trading price of our Common Stock could decline and you could lose all or part of your investment. Our actual results could differ materially from those anticipated in the forward-looking statements made throughout this Annual Report as result of different factors, including the risks we face described below.

Risks Related to the Company’s Business

The Company has not generated a significant amount of net income and it may not be able to sustain profitability in the future.

As reflected in the consolidated financial statements, the Company had net income attributable to common shareholders of $523,214 and $381,575 for the years ended December 31, 2024, and 2023, respectively As of December 31, 2024, the Company had cash of $1,070,097, marketable securities of $11,261,006, and working capital of $11,869,914. There can be no assurance that the Company will continue to generate income in the future or that the income will be significant.

If the Company is unable to attract new customers to its infrastructure and disaster recovery/cloud subscription services on a cost-effective basis, its revenue and operating results would be adversely affected.

The Company generates the majority of its revenue from the sale of subscriptions to its infrastructure and disaster recovery/cloud solutions as well as contracted managed services and software and hardware renewals. In order to grow, the Company must continue to reach the many businesses in need of its unique services, many of whom may have not previously used infrastructure as a service and cloud disaster recovery backup solutions. The Company uses and periodically adjusts a diverse mix of advertising and marketing programs to promote its solutions. Significant increases in the pricing of one or more of the Company’s advertising channels would increase its advertising costs or cause it to choose less expensive and perhaps fewer effective channels. As the Company adds to or changes the mix of its advertising and marketing strategies, it may expand into channels with significantly higher costs than its current programs, which could adversely affect its operating results. The Company may incur advertising and marketing expenses significantly in advance of the time it anticipates recognizing any revenue generated by such expenses, and it may only at a later date, or never, experience an increase in revenue or brand awareness as a result of such expenditures. Additionally, because the Company recognizes revenue from customers over the terms of their subscriptions, a sizeable portion of its revenue for each quarter reflects deferred revenue from subscriptions entered into during previous quarters, and downturns or upturns in subscription sales or renewals may not be reflected in the Company’s operating results until later periods. It has made in the past, and may make, in the future, significant investments to test new advertising, and there can be no assurance that any such investments will lead to the cost-effective acquisition of additional customers. If the Company is unable to maintain effective advertising programs, its ability to attract new customers could be adversely affected, its advertising and marketing expenses could increase substantially, and its operating results may suffer.

A portion of the Company’s potential customers locate its website through search engines, such as Google, Bing, and Yahoo!. The Company’s ability to maintain the number of visitors directed to its website is not entirely within its control. If search engine companies modify their search algorithms in a manner that reduces the prominence of the Company’s listing, or if its competitors’ search engine optimization efforts are more successful than the Company’s, fewer potential customers may click through to its website. In addition, the cost of purchased listings has increased in the past and may increase in the future. A decrease in website traffic or an increase in search costs could adversely affect the Company’s customer acquisition efforts and its operating results.

The Company expects to continue to acquire or invest in other companies, which may divert its management’s attention, result in additional dilution to its stockholders, and consume resources that are necessary to sustain its business.

The Company expects to continue to acquire complementary solutions, services, technologies, or businesses in the future. The Company may also enter into relationships with other businesses to expand its portfolio of solutions or its ability to provide its solutions in foreign jurisdictions, which could involve preferred or exclusive licenses, additional channels of distribution, discount pricing, or investments in other companies. Negotiating these transactions can be time-consuming, difficult, and expensive, and its ability to complete these transactions may often be subject to conditions or approvals that are beyond its control. Consequently, these transactions, even if a definitive purchase agreement is executed and announced, may not close.

Acquisitions may also disrupt the Company’s business, divert its resources, and require significant management attention that would otherwise be available for the development of its business. Moreover, the anticipated benefits of any acquisition, investment, or business relationship may not be realized on a timely basis or at all or the Company may be exposed to known or unknown liabilities, including litigation against the companies that it may acquire. In connection with any such transaction, the Company may:

Any of these risks could harm the Company’s business and operating results.

Integration of an acquired company’s operations may present challenges.

The integration of an acquired company requires, among other things, coordination of administrative, sales and marketing, accounting and finance functions, and expansion of information and management systems. Integration may prove to be difficult due to the necessity of coordinating geographically separate organizations and integrating personnel with disparate business backgrounds and accustomed to different corporate cultures. The Company may not be able to retain key employees of an acquired company. Additionally, the process of integrating a new solution or service may require a disproportionate amount of time and attention of the Company’s management and financial and other resources. Any difficulties or problems encountered in the integration of a new solution or service could have a material adverse effect on the Company’s business.

The Company intends to continue to acquire businesses that it believes will help achieve its business objectives. As a result, the Company’s operating costs will likely continue to grow. The integration of an acquired company may cost more than the Company anticipates, and it is possible that the Company will incur significant additional unforeseen costs in connection with such integration, which may negatively impact its earnings.

In addition, the Company may only be able to conduct limited due diligence on an acquired company’s operations. Following an acquisition, the Company may be subject to liabilities arising from an acquired company’s past or present operations, including liabilities related to data security, encryption and privacy of customer data, and these liabilities may be greater than the warranty and indemnity limitations that the Company negotiates. Any liability that is greater than these warranty and indemnity limitations could have a negative impact on the Company’s financial condition.

Even if successfully integrated, there can be no assurance that the Company’s operating performance after an acquisition will be successful or will fulfill management’s objectives.

The Company may fail to maintain an effective system of internal controls, which may result in material misstatements of its consolidated financial statements or cause it to fail to meet its periodic reporting obligations.

As a public company, The Company is required to maintain internal control over financial reporting and to report any material weaknesses in such internal controls. Section 404 requires an annual management assessment of the effectiveness of the Company’s internal control over financial reporting. The rules governing the standards that must be met for management to assess the Company’s internal control over financial reporting are complex and require significant documentation, testing, and possible remediation.

The Company can give no assurance that additional material weaknesses will not be identified in the future. The Company’s failure to implement and maintain effective internal controls over financial reporting could result in errors in its consolidated financial statements that could result in a restatement of its financial statements and could cause it to fail to meet its reporting obligations, any of which could diminish investor confidence in the Company and cause a decline in the price of its common stock.

The Company is controlled by three principal stockholders who serve as its executive officers and directors.

As of March 27, 2025, through their aggregate voting power, Messrs. Piluso, Schwartz and Kempster control approximately 36% of the Company’s outstanding common stock, giving them the ability to control a significant portion of the votes for the Company’s directors and all other matters requiring the approval of its stockholders, including the election of all its directors and the approval of a reverse stock split.

To date, a substantial portion of the Company’s revenues have come from a limited number of customers, making it dependent on those few customers.

Though the Company continues to expand its customer base, the Company remains dependent on a limited number of customers for a substantial portion of its revenues. For the year ended December 31, 2024, the Company had two customers that each, individually, accounted for 12% of revenue. For the year ended December 31, 2023, the Company had two customers that accounted for 12% and 10% of revenue. The loss of, or a significant reduction of business from, any of the Company’s primary customers could have a material adverse effect on its business, financial condition, and results of operations unless it is able to replace such customers with other primary customers.

Risks Related to the Company’s Industry

The market for cloud solutions is highly competitive, and if the Company does not compete effectively, its operating results will be harmed.

The market for the Company’s services is highly competitive, quickly evolving and subject to rapid changes in technology. The Company expects to continue to face intense competition from its existing competitors as well as additional competition from new market entrants in the future as the market for its services continues to grow.

The Company competes with cloud backup and infrastructure providers and providers of traditional hardware-based systems and IBM Power Systems. Its current and potential competitors vary by size, service offerings, and geographic region. These competitors may elect to partner with each other or with focused companies to grow their businesses. They include:

Many of these competitors benefit from significant competitive advantages over the Company, given their desire to enter this niche marketplace, such as greater name recognition, longer operating histories, more varied services, and larger marketing budgets, as well as greater financial, technical, and other resources. In addition, many of these competitors have established marketing relationships and major distribution agreements with computer manufacturers, internet service providers, and resellers, giving them access to larger customer bases. Some of these competitors may make acquisitions or enter strategic relationships to offer a more comprehensive service than the Company does. As a result, some of these competitors may be able to:

In addition, demand for the Company’s cloud solutions is sensitive to price. Many factors, including the Company’s customer acquisition, advertising and technology costs, and its current and future competitors’ pricing and marketing strategies, can significantly affect its pricing strategies. Certain of the Company’s competitors offer, or may in the future offer, lower-priced or free solutions that compete with its solutions.

Additionally, consolidation activity through strategic mergers, acquisitions and joint ventures may result in new competitors that can offer a broader range of products and services that, may have a greater scale or a lower cost structure. To the extent such consolidation results in the ability of vertically integrated companies to offer more integrated services to customers than the Company can, customers may prefer the single-source approach and direct more business to such competitors, thereby impairing the Company’s competitive position. Furthermore, new entrants not currently considered to be competitors may enter the market through acquisitions, partnerships, or strategic relationships. As the Company looks to market and sell its services to potential customers, the Company must convince its internal stakeholders that the Company’s services are superior to their current solutions. If the Company is unable to anticipate or react to these competitive challenges, its competitive position would weaken, which could adversely affect its business, financial condition, and results of operations. These combinations may make it more difficult for the Company to compete effectively and its inability to compete effectively would negatively impact its operating results. In addition, there can be no assurance that the Company will not be forced to engage in price-cutting initiatives, or to increase its advertising and other expenses to attract and retain customers in response to competitive pressures, either of which could have a material adverse effect on the Company’s revenue and operating results.

If a cyberattack was able to breach the Company’s security protocols and disrupt its data protection platform and solutions, any such disruption could increase its expenses, damage its reputation, harm its business and adversely affect its stock price.

The Company has implemented various protocols and regularly monitors its systems via security software to reduce any security vulnerabilities. The Company also relies on third-party providers for several critical aspects of its infrastructure cloud and disaster recovery business continuity services, and consequently, it does not maintain direct control over the security or stability of those associated systems. Furthermore, the firmware, software, and/or open-source software that its data protection solutions may utilize could be susceptible to hacking or misuse. In the event of the discovery of a significant security vulnerability, the Company would incur additional substantial expenses and its business would be harmed.

The process of developing new technologies is complex and uncertain, and if the Company fails to accurately predict customers’ changing needs and emerging technological trends or if the Company fails to achieve the benefits expected from its investments, its business could be harmed. The Company believes that it must continue to dedicate a significant amount of resources to its research and development efforts to maintain its competitive position and it must commit significant resources to develop new solutions before knowing whether its investments will result in solutions the market will accept. The Company’s new solutions or solution enhancements could fail to attain sufficient market acceptance or harm its business for many reasons, including:

In addition, new technologies have the risk of defects that may not be discovered until after the product launches, resulting in adverse publicity, loss of revenue or harm to the Company’s business and reputation.

Any significant disruption in service in the Company’s computer systems, or caused by its third-party storage and system providers, could damage its reputation and result in a loss of customers, which would harm its business, financial condition, and operating results.

The Company’s reputation, and ability to attract, retain and serve its customers is dependent upon the reliable performance of its network infrastructure and payment systems, and its customers’ ability to readily access their stored files. The Company has experienced interruptions in these systems in the past, including server failures that temporarily slowed down its customers’ ability to access their stored files, or made the Company’s infrastructure inaccessible and it may experience interruptions or outages in the future.

In addition, while the Company both operates and maintains elements of network infrastructure, some elements of this complex system are operated by third parties that the Company does not control and that would require considerable time to replace. The Company expects this dependence on third parties to increase. In particular, the Company utilizes IBM and Intel to provide equipment and support. All of these third-party systems are located in data center facilities operated by third parties. While these data centers are of the highest level, Tier 3, there can be no assurance that they will not experience disruptions that will adversely impact the Company’s ability to service its customers. The Company’s data center agreements expire at various times between 2027 and 2029 with rights of extension. If the Company were unable to renew these agreements on commercially reasonable terms, it may be required to transfer that portion of its computing and storage capacity to new data center facilities, and it may incur significant costs and possible service interruption in connection with doing so.

The Company also relies upon third-party colocation providers to host its main servers. If these providers are unable to handle current or higher volumes of use, experience any interruption in operations or cease operations for any reason or if the Company is unable to agree on satisfactory terms for continued hosting relationships, the Company would be forced to enter into a relationship with other service providers or assume hosting responsibilities itself. If the Company is forced to switch data center facilities, which in itself is a competitive industry, it may not be successful in finding an alternative service provider on acceptable terms or in hosting the computer servers itself. The Company may also be limited in its remedies against these providers in the event of a failure of service.

Interruptions, outages and/or failures in the Company’s own systems, the third-party systems and facilities on which we rely, or the use of its data center facilities, whether due to system failures, computer viruses, cybersecurity attacks, physical or electronic break-ins, damage or interruption from human error, power losses, natural disasters or terrorist attacks, hardware failures, systems failures, telecommunications failures or other factors, could affect the security or availability of infrastructure, prevent the Company from being able to continuously back up its customers’ data or its customers from accessing their stored data, and may damage or delete its customers’ stored files. If this were to occur, the Company’s reputation could be compromised, and it could be subject to liability to the customers that were affected.

Any financial difficulties, such as bankruptcy, faced by the Company’s third-party data center operators, its third-party colocation providers, or any of the service providers with whom the Company or they contract, may have negative effects on its business, the nature and extent of which are difficult to predict. Moreover, if its third-party data center providers or its third-party colocation providers are unable to keep up with the Company’s growing capacity needs, this could have an adverse effect on the Company’s business. Interruptions in the Company’s services might reduce its revenue, cause it to issue credits or refunds to customers, subject it to potential liability, or harm its renewal rates. In addition, prolonged delays or unforeseen difficulties in connection with adding storage capacity or upgrading its network architecture when required may cause the Company’s service quality to suffer. Problems with the reliability or security of the Company’s systems could harm its reputation, and the cost of remedying these problems could negatively affect the Company’s business, financial condition, and operating results.

Security vulnerabilities, data protection breaches and cyberattacks could disrupt the Company’s data protection platform and solutions, and any such disruption could increase its expenses, damage its reputation, harm its business, and adversely affect its stock price.

The Company relies on third-party providers for several critical aspects of its infrastructure cloud and disaster recovery business continuity services, and consequently, it does not maintain direct control over the security or stability of the associated systems. Furthermore, the firmware, software and/or open-source software that its data protection solutions may utilize could be susceptible to hacking or misuse. In the event of the discovery of a significant security vulnerability, the Company would incur additional substantial expenses and its business would be harmed.

The Company’s customers rely on its solutions for production, replication, and storage of digital copies of their files, including financial records, business information, photos, and other personally meaningful content. The Company also stores credit card information and other personal information about its customers. An actual or perceived breach of the Company’s network security and systems or other cybersecurity related events that cause the loss or public disclosure of, or access by third parties to, its customers’ stored files could have serious negative consequences for its business, including possible fines, penalties and damages, reduced demand for its solutions, an unwillingness of customers to provide the Company with their credit card or payment information, an unwillingness of its customers to use its solutions, harm to its reputation and brand, loss of its ability to accept and process customer credit card orders, and time-consuming and expensive litigation. If this occurs, the Company’s business and operating results could be adversely affected. Third parties may be able to circumvent the Company’s security by deploying viruses, worms, and other malicious software programs that are designed to attack or attempt to infiltrate its systems and networks and it may not immediately discover these attacks or attempted infiltrations. Further, outside parties may attempt to fraudulently induce the Company’s employees, consultants, or affiliates to disclose sensitive information in order to gain access to its information or its customers’ information. The techniques used to obtain unauthorized access, disable or degrade service, or sabotage systems change frequently, often are not recognized until launched against a target, and may originate from less regulated or remote areas around the world. As a result, the Company may be unable to proactively address these techniques or to implement adequate preventative or reactionary measures. In addition, employee or consultant error, malfeasance, or other errors in the storage, use, or transmission of personal information could result in a breach of customer or employee privacy. The Company maintains insurance coverage to mitigate the potential financial impact of these risks; however, its insurance may not cover all such events or may be insufficient to compensate it for the potentially significant losses, including the potential damage to the future growth of its business, that may result from the breach of customer or employee privacy. If the Company or its third-party providers are unable to successfully prevent breaches of security relating to its solutions or customer private information, it could result in litigation and potential liability for the Company, cause damage to its brand and reputation, or otherwise harm its business and its stock price.

Many states have enacted laws requiring companies to notify consumers of data security breaches involving their personal data. In addition, the SEC now also requires disclosure of material data security breaches. These mandatory disclosures regarding a security breach often lead to widespread negative publicity, which may cause the Company’s customers to lose confidence in the effectiveness of its data security measures. Any security breach, whether successful or not, would harm the Company’s reputation and could cause the loss of customers. Similarly, if a publicized breach of data security at any other cloud backup service provider or other major consumer website were to occur, there could be a general public loss of confidence in the use of the internet for cloud backup services or commercial transactions generally. Any of these events could have material adverse effects on the Company’s business, financial condition, and operating results.

The Company’s ability to provide services to its customers depends on its customers’ continued high-speed access to the internet and the continued reliability of the internet infrastructure.

The Company’s business depends on its customers’ continued high-speed access to the internet, as well as the continued maintenance and development of the internet infrastructure. While the Company also provides broadband internet services, many of its clients depend on third-party internet service providers to expand high-speed internet access, to maintain a reliable network with the necessary speed, data capacity, and security, and to develop complementary solutions and services, including high-speed solutions, for providing reliable and timely internet access and services. All of these factors are out of the Company’s control. To the extent that the internet continues to experience an increased number of users, frequency of use, or bandwidth requirements, the internet may become congested and be unable to support the demands placed on it, and its performance or reliability may decline. Any internet outages or delays could adversely affect the Company’s ability to provide services to its customers.

Currently, internet access is provided by telecommunications companies and internet access service providers that have significant and increasing market power in the broadband and internet access marketplace. In the absence of government regulation, these providers could take measures that affect their customers’ ability to use the Company’s products and services, such as attempting to charge their customers more for using the Company’s products and services. To the extent that internet service providers implement usage-based pricing, including meaningful bandwidth caps, or otherwise try to monetize access to their networks, the Company could incur greater operating expenses and customer acquisition and retention could be negatively impacted. Furthermore, to the extent network operators were to create tiers of internet access service and either charge the Company for or prohibit the Company’s services from being available to its customers through these tiers, its business could be negatively impacted. Some of these providers also offer products and services that directly compete with the Company’s own offerings, which could potentially give them a competitive advantage.

If the Company is unable to retain its existing customers, its business, financial condition, and operating results would be adversely affected.

If the Company’s efforts to satisfy its existing customers are not successful, it may not be able to retain them, and as a result, its revenue and ability to grow would be adversely affected. The Company may not be able to accurately predict future trends in customer renewals. Customers choose not to renew their subscriptions for many reasons, including if customer service issues are not satisfactorily resolved, a desire to reduce discretionary spending, or a perception that they do not use the service sufficiently, that the solution is a poor value, or that competitive services provide a better value or experience. If the Company’s retention rate significantly decreases, it may need to increase the rate at which it adds new customers in order to maintain and grow its revenue, which may require it to incur significantly higher advertising and marketing expenses than it currently anticipates, or its revenue may decline. A significant decrease in the Company’s retention rate would therefore have an adverse effect on its business, financial condition, and operating results. The Company’s estimates of the number of employees it retains, and advertising costs are based to a large extent upon its subscription contracts, which may be terminated by customers typically upon 90 days’ notice prior to the ending term of their contract for services.

A decline in demand for the Company’s cyber security, disaster recovery, and/or infrastructure solutions, in general, would cause its revenue to decline.

The Company derives, and expects to continue to derive, a significant portion of its revenue from subscription services for business continuity, such as data protection solutions including its disaster recovery backup, replication, archive, and infrastructure as a service offering. Some of the potential factors that could affect interest in and demand for cloud solutions include:

In addition, substantially all of the Company’s revenue is currently derived from customers in the U.S. Consequently, a decrease of interest in and demand for the Company’s solutions in the U.S. could have a disproportionately greater impact on it than if its geographic mix of revenue was less concentrated.

The Company primarily depends upon third-party distribution companies to generate new customers. The Company’s relationships with its partners and distributors may be terminated or may not continue to be beneficial in generating new customers, which could adversely affect its ability to increase its customer base.

The Company maintains a network of distributors, which refer customers to it through links on their websites or promotion to their customers. The number of customers that the Company can add through these relationships is dependent on the marketing efforts of distributors, over which it has little control. If the Company is unable to maintain its relationships, or renew contracts on favorable terms, with existing partners and distributors or establish new contractual relationships with potential partners and distributors, it may experience delays and increased costs in adding customers, which could have a material adverse effect on the Company. The Company’s distributors also provide services to other third parties and therefore may not devote their full time and attention to promoting the Company’s products and services.

If the Company is unable to expand its base of business customers, its future growth and operating results could be adversely affected.

The Company has committed and continues to commit substantial resources to the expansion and increased marketing of its business solutions. If the Company is unable to market and sell its solutions to businesses with competitive pricing and in a cost-effective manner its ability to grow its revenue and achieve profitability may be harmed.

If the Company is unable to sustain market recognition of and loyalty to its brand, or if its reputation were to be harmed, it could lose customers or fail to increase the number of its customers, which could harm its business, financial condition, and operating results.

Given the Company’s market focus, maintaining and enhancing its brand is critical to its success. The Company believes that the importance of brand recognition and loyalty will increase in light of the increasing competition in its markets. The Company plans to continue investing substantial resources to promote its brand, both domestically and internationally, but there is no guarantee that its brand development strategies will enhance the recognition of its brand. Some of the Company’s existing and potential competitors have well-established brands with greater recognition than it has. If the Company’s efforts to promote and maintain the Company’s brand are not successful, the Company’s operating results and its ability to attract and retain customers may be adversely affected. In addition, even if the Company’s brand recognition and loyalty increase, it may not result in increased use of its solutions or higher revenue.

The Company’s solutions, as well as those of its competitors, are regularly reviewed in computer and business publications. Negative reviews, or reviews in which the Company’s competitors’ solutions and services are rated more highly than its solutions, could negatively affect its brand and reputation. From time to time, the Company’s customers express dissatisfaction with its solutions, including, among other things, dissatisfaction with its customer support, its billing policies, and the way its solutions operate. If the Company does not handle customer complaints effectively, its brand and reputation may suffer, it may lose its customers’ confidence, and they may choose not to renew their subscriptions. In addition, many of the Company’s customers participate in online blogs about computers and internet services, including the Company’s solutions, and its success depends in part on its ability to generate positive customer feedback through such online channels where consumers seek and share information. If actions that the Company takes or changes that it makes to its solutions upset these customers, their blogging could negatively affect its brand and reputation. Complaints or negative publicity about the Company’s solutions or billing practices could adversely impact its ability to attract and retain customers and its business, financial condition, and operating results.

The Company is subject to governmental regulation and other legal obligations related to privacy, and any actual or perceived failure to comply with such obligations would harm its business.

The Company receives, stores, and processes personal information and other customer data and maintains specific protocols and procedures to help safeguard the privacy of that personal information and customer data. Personal privacy has become a significant issue in the United States and in many other countries where the Company may offer its offering of solutions. The regulatory framework for privacy issues worldwide is currently complex and evolving, and it is likely to remain uncertain for the foreseeable future. There are numerous federal, state, local, and foreign laws regarding privacy and the storing, sharing, use, processing, disclosure and protection of personal information and other customer data, the scope of which are changing, subject to differing interpretations, and may be inconsistent among countries or conflict with other rules. The Company generally seeks to comply with industry standards and is subject to the terms of its privacy policies and privacy-related obligations to third parties. The Company strives to comply with all applicable laws, policies, legal obligations, and industry codes of conduct relating to privacy and data protection to the extent possible. However, it is possible that these obligations may be interpreted and applied in a manner that is inconsistent from one jurisdiction to another and may conflict with other rules or the Company’s practices. Any failure or perceived failure by the Company to comply with its privacy policies, its privacy-related obligations to customers or other third parties, its privacy-related legal obligations, or any compromise of security that results in the unauthorized release or transfer of personally identifiable information or other customer data, may result in governmental enforcement actions, litigation, or public statements against the Company by consumer advocacy groups or others and could cause its customers to lose trust in the Company, which could have an adverse effect on the Company’s reputation and business.

The Company’s customers may also accidentally disclose their passwords or store them on a mobile device that is lost or stolen, creating the perception that its systems are not secure against third-party access. Additionally, if third parties that the Company works with, such as vendors or developers, violate applicable laws or its policies, such violations may also put its customers’ information at risk and could in turn have an adverse effect on its business. Any significant change to applicable laws, regulations, or industry practices regarding the use or disclosure of the Company’s customers’ data, or regarding the manner in which the express or implied consent of customers for the use and disclosure of such data is obtained, could require it to modify its solutions and features, possibly in a material manner, and may limit its ability to develop new services and features that make use of the data that its customers voluntarily share with the Company.

The Company’s solutions are used by customers in the health care industry, and it must comply with numerous federal and state laws related to patient privacy in connection with providing its solutions to these customers.

The Company’s solutions are used by customers in the health care industry, and it must comply with numerous federal and state laws related to patient privacy in connection with providing its solutions to these customers. In particular, the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”), and the Health Information Technology for Economic and Clinical Health Act (“HITECH”) include privacy standards that protect individual privacy by limiting the uses and disclosures of individually identifiable health information and implementing data security standards. Because the Company’s solutions may backup individually identifiable health information for its customers, its customers are mandated by HIPAA to enter into written agreements with us known as business associate agreements that require the Company to safeguard individually identifiable health information. Business associate agreements typically include:

The Company may not be able to adequately address the business risks created by HIPAA or HITECH implementation or comply with its obligations under its business associate agreements. Furthermore, the Company is unable to predict what changes to HIPAA, HITECH or other laws or regulations might be made in the future or how those changes could affect its business or the costs of compliance. Failure by the Company to comply with any of the federal and state standards regarding patient privacy may subject the Company to penalties, including civil monetary penalties and, in some circumstances, criminal penalties, which could have an adverse effect on its business, financial condition, and operating results.

Errors, failures, bugs in or unavailability of the Company’s solutions released by it could result in negative publicity, damage to its brand, returns, loss of or delay in market acceptance of its solutions, loss of competitive position, or claims by customers or others.

The Company offers solutions that operate in a wide variety of environments, systems, applications, and configurations, that are often installed and used in large-scale computing environments with different operating systems, system management software, and equipment and networking configurations. The Company’s customers’ computing environments are often characterized by a wide variety of standard and non-standard configurations that can make pre-release testing for programming or compatibility errors very difficult and time-consuming. In addition, despite testing by the Company and others, errors, failures, or bugs may not be found in new solutions or releases until after distribution. In the past, when the Company has discovered any software errors, failures or bugs in certain of its solution offerings after their introduction or when new versions are released, it, in some cases, has experienced delayed or lost revenues as a result of these errors. In addition, the Company relies on hardware purchased or leased and software licensed from third parties to offer its solutions, and any defects in, or unavailability of, its third-party software or hardware could cause interruptions to the availability of its solutions.

Errors, failures, bugs in or unavailability of the Company’s solutions released by it could result in negative publicity, damage to its brand, returns, loss of or delay in market acceptance of its solutions, loss of competitive position, or claims by customers or others. Many of the Company’s end-user customers use its solutions in applications that are critical to their business and may have a greater sensitivity to defects in its solutions than to defects in other, less critical, software solutions. In addition, if an actual or perceived breach of information integrity or availability occurs in one of its end-user customer’s systems, regardless of whether the breach is attributable to its solutions, the market perception of the effectiveness of its solutions could be harmed. Alleviating any of these problems could require significant expenditures of the Company’s capital and other resources and could cause interruptions, delays, or cessation of its solution licensing, which could cause it to lose existing or potential customers and could adversely affect its operating results.

The Company faces many risks associated with its growth and plans to expand, which could harm its business, financial condition, and operating results.

The Company continues to experience sales growth in its business. This growth has placed, and may continue to place, significant demands on its management and its operational and financial infrastructure. As the Company’s operations grow in size, scope, and complexity, it will need to improve and upgrade its systems and infrastructure to attract, service, and retain an increasing number of customers. The expansion of its systems and infrastructure will require the Company to commit substantial financial, operational, and technical resources in advance of an increase in the volume of business, with no assurance that the volume of business will increase. Any such additional capital investments will increase the Company’s cost base. Continued growth could also strain the Company’s ability to maintain reliable service levels for its customers, develop and improve its operational, financial, and management controls, enhance its reporting systems and procedures, and recruit, train, and retain highly skilled personnel. If the Company fails to achieve the necessary level of efficiency in its organization as it grows, its business, financial condition, and operating results could be harmed.

The Company has office locations in New York, Florida, Texas and the United Kingdom, and data centers in New York, Massachusetts, North Carolina, Texas, Canada and the United Kingdom. If the Company is unable to effectively manage a large and geographically dispersed group of employees and contractors or to anticipate its future growth and personnel needs, its business may be adversely affected. As the Company expands its business, it adds complexity to its organization and must expand and adapt its operational infrastructure and effectively coordinate throughout its organization. As a result, the Company has incurred and expects to continue to incur additional expenses related to its continued growth.

The Company also anticipates that its ongoing efforts to continue to expand internationally will entail the marketing and advertising of its services and brand and the development of localized websites. The Company does not have substantial experience in selling its solutions in international markets or in conforming to the local cultures, standards, or policies necessary to successfully compete in those markets, and it must invest significant resources in order to do so. The Company may not succeed in these efforts or achieve its customer acquisition or other goals. For some international markets, customer preferences and buying behaviors may be different, and the Company may use business or pricing models that are different from its traditional subscription model to provide cloud backup and related services to customers. The Company’s revenue from new foreign markets may not exceed the costs of establishing, marketing, and maintaining its international solutions, and therefore may not be profitable on a sustained basis, if at all.

The Company’s international expansion will subject it to risks typically encountered when operating internationally including economic and political instability, fluctuations in currency exchange rates, differing legal and regulatory environments, challenges in managing a geographically dispersed workforce, and cultural differences.

International operations are subject to numerous political and economic factors, including changes in foreign national priorities, foreign government budgets, global economic conditions, and fluctuations in foreign currency exchange rates, the possibility of trade sanctions and other government actions, regulatory requirements, significant competition, taxation, and other risks associated with doing business outside the United States. Competition for international sales is intense.

As a result of the Company’s international expansion into Europe, it will be exposed to risks inherent in foreign operations. These risks, which can vary substantially by market, include:

In addition, the Company may experience gains and losses resulting from fluctuations in foreign currency exchange rates. To date, the majority of the Company’s revenues and costs are denominated in U.S. dollars; however, the majority of revenues and costs in its international operations [are/will be] denominated in foreign currencies. Where the Company’s prices are denominated in U.S. dollars, its sales could be adversely affected by declines in foreign currencies relative to the U.S. dollar, thereby making its products and services more expensive in local currencies. The Company is also exposed to risks resulting from fluctuations in foreign currency exchange rates in connection with its international expansion. To the extent the Company pay contractors in foreign currencies, international expansions could cost more than anticipated as a result of declines in the U.S dollar relative to foreign currencies. In addition, fluctuating foreign currency exchange rates have a direct impact on how the Company’s international results of operations translate into U.S. dollars, which may adversely affect reported earnings.

Even if the Company may decide in the future to undertake foreign exchange hedging transactions to reduce foreign currency transaction exposure, it does not currently intend to eliminate all foreign currency transaction exposure. Therefore, any weakness of the U.S. dollar may have a positive impact on the Company’s consolidated results of operations because the currencies in the foreign countries in which it operates may translate into more U.S. dollars. However, if the U.S. dollar strengthens relative to the currencies of the foreign countries in which the Company operates its consolidated financial position and results of operations may be negatively impacted as amounts in foreign currencies will generally translate into fewer U.S. dollars. There can be no assurance as to the future effect of any such changes on our results of operations, financial condition or cash flows.

The Company’s international business involves sales directly to international customers which are subject to U.S. and foreign laws and regulations, technology transfer restrictions, investments, taxation, repatriation of earnings, exchange controls, the Foreign Corrupt Practices Act and other anti-corruption laws and regulations, and the anti-boycott provisions of the U.S. Export Control Reform Act of 2018. While the Company has policies in place to comply with such laws and regulations, failure by the Company, its employees or others working on its behalf to comply with these laws and regulations could result in administrative, civil, or criminal liabilities, which could have a material adverse effect on the Company.

Additionally, international procurement and local country rules and regulations, contract laws and judicial systems differ from those in the U.S. and, in some cases, may be less predictable than those in the U.S., which could impair our ability to enforce contracts and increase the risk of adverse or unpredictable outcomes, including the possibility that certain matters that would be considered civil matters in the U.S. are treated as criminal matters in other countries.

We may not be able to adequately address these additional risks. If we were unable to do so, our operations might suffer, which may adversely impact our results of operations and financial condition.

The Company’s software contains encryption technologies, certain types of which are subject to U.S. and foreign export control regulations and, in some foreign countries, restrictions on importation and/or use. Any failure on the Company’s part to comply with encryption or other applicable export control requirements could result in financial penalties or other sanctions under the U.S. export regulations, including restrictions on future export activities, which could harm its business and operating results. Regulatory restrictions could impair the Company’s access to technologies that it seeks for improving its solutions and may also limit or reduce the demand for its solutions outside of the U.S.

The loss of the Company’s key personnel, or its failure to attract, integrate, and retain other highly qualified personnel, could harm its business and growth prospects.

The Company depends on the continued service and performance of its key personnel. In addition, many of the Company’s key technologies and systems are custom-made for its business by its personnel. The loss of key personnel, including key members of the Company’s management team, as well as certain of its key marketing, sales, product development, or technology personnel, could disrupt its operations and have an adverse effect on its ability to grow its business. In addition, several of the Company’s key personnel have only recently been employed by it, and the Company is still in the process of integrating these personnel into its operations. The Company’s failure to successfully integrate these key employees into its business could adversely affect its business.

To execute the Company’s growth plan, it must attract and retain highly qualified personnel. Competition for these employees is intense, and the Company may not be successful in attracting and retaining qualified personnel. The Company, from time to time in the past, experienced, and expects to continue to experience, difficulty in hiring and retaining highly-skilled employees with appropriate qualifications. New hires require significant training and, in most cases, take significant time before they achieve full productivity. The Company’s recent hires and planned hires may not become as productive as it expects, and it may be unable to hire or retain sufficient numbers of qualified individuals. Many of the companies with which it competes for experienced personnel have greater resources than it has. In addition, in making employment decisions, particularly in the internet and high-technology industries, job candidates often consider the value of the equity that they are to receive in connection with their employment. In addition, employees may be more likely to voluntarily exit the Company if the shares underlying their vested and unvested options, as well as unvested restricted stock units, have significantly depreciated in value resulting in the options they are holding potentially being significantly above the market price of the Company’s common stock and the value of the restricted stock units decreasing. If the Company fails to attract new personnel, or fails to retain and motivate its current personnel, its business and growth prospects could be severely harmed.

Declining general economic or business conditions and changes to trade policy, including tariff and customs regulations, may have a negative impact on the Company’s business.

Continuing concerns over U.S. health care reform legislation and energy costs, geopolitical issues, including those in Eastern Europe, the availability and cost of credit and government stimulus programs in the United States and other countries have contributed to increased volatility and diminished expectations for the global economy. These factors, combined with low business and consumer confidence and high unemployment, precipitated an economic slowdown and recession and stagnant economy for more than a decade. Additionally, political changes in the U.S. and elsewhere in the world have created a level of uncertainty in the markets. If the economic climate does not improve or deteriorate, our business, as well as the financial condition of our suppliers and our third-party payors, could be adversely affected, resulting in a negative impact on our business, financial condition and results of operations.

Changes in U.S. or international social, political, regulatory and economic conditions or in laws and policies governing trade, manufacturing, development and investment in the countries where the Company currently conduct its business could adversely affect its business, reputation, financial condition and results of operations. Changes or proposed changes in U.S. or other countries’ trade policies may result in restrictions and economic disincentives on international trade. The U.S. government has recently imposed, or is currently considering imposing, tariffs on certain trade partners. Tariffs, economic sanctions and other changes in U.S. trade policy have in the past and could in the future trigger retaliatory actions by affected countries, and certain foreign governments have instituted or are considering imposing retaliatory measures on certain U.S. goods. Further, any emerging protectionist or nationalist trends (whether regulatory- or consumer-driven) either in the United States or in other countries could affect the trade environment. Our business, like many other corporations, would be impacted by changes to the trade policies of the United States and foreign countries (including governmental action related to tariffs, international trade agreements, or economic sanctions). Such changes have the potential to adversely impact the U.S. economy or certain sectors thereof, the global economy, and the Company’s industry, and as a result, could have a material adverse effect on its business, financial condition and results of operations.

In addition, the global macroeconomic environment could be negatively affected by, among other things, COVID-19 or other pandemics or epidemics, instability in global economic markets, instability in the global credit markets, supply chain weaknesses, instability in the geopolitical environment as a result of the withdrawal of the United Kingdom from the European Union, the Russian invasion of Ukraine, the war in the Middle East and other political tensions, and foreign governmental debt concerns. Such challenges have caused, and may continue to cause, uncertainty and instability in local economies and in global financial markets.

Risks Related to Intellectual Property

Assertions by a third party that the Company’s solutions infringe its intellectual property, whether or not correct, could subject the Company to costly and time-consuming litigation or expensive licenses.

There is frequent litigation in the software and technology industries based on allegations of infringement or other violations of intellectual property rights. Any such claims or litigation may be time-consuming and costly, divert management resources, require the Company to change its services, require it to credit or refund subscription fees, or have other adverse effects on its business. Many companies are devoting significant resources to obtaining patents that could affect many aspects of the Company’s business. Third parties may claim that the Company’s technologies or solutions infringe or otherwise violate their patents or other intellectual property rights.

If the Company is forced to defend itself against intellectual property infringement claims, whether they have merit or are determined in its favor, it may face costly litigation, diversion of technical and management personnel, limitations on its ability to use its current websites and technologies, and an inability to market or provide its solutions. As a result of any such claim, the Company may have to develop or acquire non-infringing technologies, pay damages, enter into royalty or licensing agreements, cease providing certain services, adjust its marketing and advertising activities, or take other actions to resolve the claims. These actions, if required, may be costly or unavailable on terms acceptable to the Company, or at all.

Furthermore, the Company has licensed proprietary technologies from third parties that it uses in its technologies and business, and it cannot be certain that the owners’ rights in their technologies will not be challenged, invalidated, or circumvented. In addition to the general risks described above associated with intellectual property and other proprietary rights, the Company is subject to the additional risk that the seller of such technologies may not have appropriately created, maintained, or enforced their rights in such technology.

The Company relies on third-party software to develop and provide its solutions, including server software and licenses from third parties to use patented intellectual property.

The Company relies on software licensed from third parties to develop and offer its solutions. In addition, the Company may need to obtain future licenses from third parties to use intellectual property associated with the development of its solutions, which might not be available to the Company on acceptable terms, or at all. Any loss of the right to use any software required for the development and maintenance of the Company’s solutions could result in delays in the provision of its solutions until equivalent technology is either developed by the Company, or, if available from others, is identified, obtained, and integrated, which delay could harm its business. Any errors or defects in third-party software could result in errors or a failure of its solutions, which could harm its business.

If the Company is unable to protect its domain names, its reputation, brand, customer base, and revenue, as well as its business and operating results, it could be adversely affected.

The Company has registered domain names for websites (“URLs”) that it uses in its business, such as www.datastoragecorp.com. If the Company is unable to maintain its rights in these domain names, its competitors or other third parties could capitalize on the Company’s brand recognition by using these domain names for their own benefit. In addition, although the Company owns the Company’s domain name under various global top-level domains such as .com and .net, as well as under various country-specific domains, it might not be able to, or may choose not to, acquire or maintain other country-specific versions of the Company’s domain name or other potentially similar URLs. Domain names similar to the Company have already been registered in the U.S. and elsewhere, and its competitors or other third parties could capitalize on its brand recognition by using domain names similar to the Company’s. The regulation of domain names in the U.S. and elsewhere is generally conducted by internet regulatory bodies and is subject to change. If the Company loses the ability to use a domain name in a particular country, it may be forced to either incur significant additional expenses to market its solutions within that country, including the development of a new brand and the creation of new promotional materials, or elect not to sell its solutions in that country. Either result could substantially harm its business and operating results. Regulatory bodies could establish additional top-level domains, appoint additional domain name registrars, or modify the requirements for holding domain names. As a result, the Company may not be able to acquire or maintain the domain names that utilize the Company’s name in all of the countries in which it currently conducts or intends to conduct business. Further, the relationship between regulations governing domain names and laws protecting trademarks and similar proprietary rights varies among jurisdictions and is unclear in some jurisdictions. The Company may be unable to prevent third parties from acquiring and using domain names that infringe, are similar to, or otherwise decrease the value of, its brand or its trademarks. Protecting and enforcing the Company’s rights in its domain names and determining the rights of others may require litigation, which could result in substantial costs, divert management attention, and not be decided favorably to the Company.

Risks Related to the Company’s Common Stock and Securities

The Company’s stock price has fluctuated in the past and may be volatile in the future, and as a result, investors in its common stock could incur substantial losses.

The Company’s stock price has fluctuated in the past, has recently been volatile, and may be volatile in the future. By way of example, on March 28, 2024, the reported low sale price of the Company’s common stock was $5.52, and the reported high sales price was $7.02. For comparison purposes, on May 29, 2024, the last closing price of the Company’s common stock was $7.81 while the last closing price on September 6, 2024, was $3.32. The Company may incur rapid and substantial decreases in its stock price in the foreseeable future that are unrelated to its operating performance or prospects. The stock market has experienced extreme volatility that has often been unrelated to the operating performance of particular companies. As a result of this volatility, investors may experience losses on their investment in the Company’s common stock. The market price for the Company’s common stock may be influenced by many factors, including the following:   

These broad market and industry factors may seriously harm the market price of the Company’s common stock, regardless of its operating performance. Since the stock price of its common stock has fluctuated in the past, has been volatile recently and may be volatile in the future, investors in its common stock could incur substantial losses. In the past, following periods of volatility in the market, securities class-action litigation has often been instituted against companies. Such litigation, if instituted against the Company, could result in substantial costs and diversion of management’s attention and resources, which could materially and adversely affect its business, financial condition, results of operations and growth prospects. There can be no guarantee that the Company’s stock price will remain at current prices or that future sales of its common stock will not be at prices lower than those sold to investors.

Additionally, recently, securities of certain companies have experienced significant and extreme volatility in stock price due to short sellers of shares of common stock, known as a “short squeeze.” These short squeezes have caused extreme volatility in those companies and in the market and have led to the price per share of those companies to trade at a significantly inflated rate that is disconnected from the underlying value of the company. Many investors who have purchased shares in those companies at an inflated rate face the risk of losing a significant portion of their original investment as the price per share has declined steadily as interest in those stocks has abated. While the Company has no reason to believe its shares would be the target of a short squeeze, there can be no assurance that it won’t be in the future, and investors may lose a significant portion or all of their investment if they purchase the Company’s shares at a rate that is significantly disconnected from its underlying value.

The Company cannot be assured that it will be able to maintain its listing on the Nasdaq Capital Market.

The Company’s securities are listed on The Nasdaq Capital Market, a national securities exchange. The Company cannot be assured that it will continue to comply with the rules, regulations or requirements governing the listing of its common stock on The Nasdaq Capital Market or that its securities will continue to be listed on Nasdaq Capital Market in the future. If Nasdaq should determine at any time that the Company failed to meet Nasdaq requirements, it may be subject to a delisting action by Nasdaq.

On January 18, 2024, Nasdaq notified the Company that due to the passing of Mr. Hoffman, a member of the Company’s Board of Directors and member of the Audit Committee, the Company was no longer compliant with Nasdaq’s audit committee requirements as set forth in Rule 5605(c)(2)(A) of the Nasdaq listing standards.

On April 2, 2024, the Company received a letter (the “Notification Letter”) from Nasdaq stating that, based on the information regarding the appointment of Nancy M. Stallone, CPA to the Company’s Board of Directors and Audit Committee, Nasdaq has determined that the Company complies with the Audit Committee requirement for continued listing on The Nasdaq Capital Market set forth in Listing Rules 5605(c)(2), which requires that the Company maintain an audit committee of at least three members, each of whom must meet specified criteria, including certain independence criteria. Accordingly, the Nasdaq staff has determined that the Company has regained compliance with Nasdaq Listing Rule 5605(c)(2) and has indicated that the matter is now closed.

If Nasdaq delists the Company’s securities from trading on its exchange at some future date, the Company could face significant material adverse consequences, including:

Upon exercising the Company’s outstanding options or warrants, it will be obligated to issue a substantial number of additional shares of common stock which will dilute its present shareholders.

The Company is obligated to issue additional shares of its common stock in connection with any exercise or conversion, as applicable, of its outstanding options, warrants, and shares of its convertible preferred stock. As of December 31, 2024, there were options and warrants outstanding convertible into an aggregate of 3,174,162 shares of common stock. The exercise of warrants or options will cause the Company to issue additional shares of its common stock and will dilute the percentage ownership of its shareholders. In addition, the Company has in the past, and may in the future, exchange outstanding securities for other securities on terms that are dilutive to the securities held by other shareholders not participating in such an exchange.

Offers or availability for sale of a substantial number of shares of the Company’s common stock may cause the price of its common stock to decline.

Sales of large blocks of the Company’s common stock could depress the price of its common stock. The existence of these shares and shares of common stock that may be issuable upon conversion or exercise, as applicable, of outstanding shares of convertible preferred stock, warrants and options create a circumstance commonly referred to as an “overhang” which can act as a depressant to the Company’s common stock price. The existence of an overhang, whether or not sales have occurred or are occurring, also could make the Company’s ability to raise additional financing through the sale of equity or equity-linked securities more difficult in the future at a time and price that the Company deems reasonable or appropriate. If the Company’s existing shareholders and investors seek to convert or exercise such securities or sell a substantial number of shares of its common stock, such selling efforts may cause significant declines in the market price of its common stock. In addition, the shares of the Company’s common stock included in the Units and underlying warrants sold in the offering will be freely tradable without restriction or further registration under the Securities Act. As a result, a substantial number of shares of the Company’s common stock may be sold in the public market following this offering. If there are significantly more shares of common stock offered for sale than buyers are willing to purchase, then the market price of the Company’s common stock may decline to a market price at which buyers are willing to purchase the offered common stock and sellers remain willing to sell its common stock.

The Company does not expect to declare any common stock cash dividends in the foreseeable future.

The Company does not anticipate declaring any cash dividends to holders of its common stock in the foreseeable future. Consequently, common stockholders may need to rely on sales of their shares after price appreciation, which may never occur, as the only way to realize any future gains on their investment.

Because the Company may issue preferred stock without the approval of its shareholders and have other anti-takeover defenses, it may be more difficult for a third party to acquire the Company and could depress its stock price.

In general, the Company’s Board may issue, without a vote of its shareholders, one or more additional series of preferred stock that has more than one vote per share. Without these restrictions, the Company’s Board could issue preferred stock to investors who support it and its management and give effective control of its business to its management. Additionally, the issuance of preferred stock could block an acquisition resulting in both a drop in the Company’s stock price and a decline in interest of its common stock. This could make it more difficult for shareholders to sell their common stock. This could also cause the market price of the Company’s common stock shares to drop significantly, even if its business is performing well.

Provisions of Nevada law could delay or prevent an acquisition of DSC, even if the acquisition would be beneficial to its stockholders and could make it more difficult for stockholders to change DSC’s management.

DSC is subject to anti-takeover provisions under Nevada law, which could delay or prevent a change of control. Together, these provisions may make more difficult the removal of management and may discourage transactions that otherwise could involve payment of a premium over prevailing market prices for the Company’s securities. These provisions include: limitations on the ability to engage in any “combination” with an “interested stockholder” (each, as defined in the Nevada Revised Statutes (“NRS”)) for two years from the date the person first becomes an “interested stockholder”; being subject to Sections 78.378 to 78.3793 of the NRS and allowing an “acquiring person” to obtain voting rights in “control shares” without shareholder approval; the ability of the Board to issue shares of currently undesignated and unissued preferred stock without prior stockholder approval; limitations on the ability of stockholders to call special meetings; and the ability of the Board to amend its amended Bylaws without stockholder approval.

ITEM 1B. UNRESOLVED STAFF COMMENTS

Not Applicable.

ITEM 1C. CYBERSECURITY

The Company maintains a cyber risk management program designed to identify, assess, manage, mitigate, and respond to cybersecurity threats.

The Company’s cyber risk management program’s underlying processes and controls incorporate recognized best practices and standards for cybersecurity and information technology. We conduct annual risk assessments to identify risks related to company assets and business processes, assess the risk’s likelihood and potential consequences to the organization, and document any mitigating controls that are in place. Risks that are either highly likely to occur or whose impact on the organization is high are addressed through risk treatment, including risk acceptance, mitigation, transfer, or avoidance. The Company documents risk treatments and corresponding action items and tracks progress quarterly through an information security steering committee.

The Company maintains a comprehensive set of policies, standards, processes, and other documentation per the ISO 27001:2013 standard’s requirements, the most widely industry-accepted standard for managing organizational information and data security risks, for implementing an Information Security Management System (ISMS). Documentation addresses overall information security, access management, asset management, encryption, data retention and disposal, vulnerability management, and more. Together, these documents form the foundation of the Company’s ISMS and ensure organizational assets and processes for information security are managed, governed, and are operating effectively.

The Company’s management team oversees and administers its risk management program and informs senior management, the Cyber Security & Risk Committee of the Company’s Board of Directors (the “Board” or the “Board of Directors”), and other relevant stakeholders regarding the prevention, detection, mitigation, and remediation of cybersecurity incidents. The Cyber Security & Risk Committee of the Board of Directors consists of Matthew Grover and Uwayne A. Mitchell. The Company’s ISMS Steering Committee also oversees risks from cybersecurity threats. In addition, the Company also contracts with a third-party consultant to ensure the ISMS and information security controls comply with applicable standards and requirements.

The Company’s management team possesses extensive experience in selecting, deploying, and overseeing cybersecurity technologies, initiatives, and processes, and relies on threat intelligence and other information obtained from governmental, public, and private sources to guide its approach. Matthew Grover brings over 15 years of experience in enterprise IT governance and has held senior leadership positions overseeing global information security operations. Uwayne A. Mitchell holds certifications such as CISSP and CISM and has a background in regulatory compliance and incident response within highly regulated industries. The ISMS Steering Committee includes members with technical and strategic expertise in cybersecurity risk assessment, data protection, and ISO/IEC 27001 implementation, providing the Company with robust oversight capabilities.

The ISMS Steering Committee is specifically responsible for reviewing the adequacy of the Company’s information security controls. The committee, including member(s) of management assigned with cybersecurity oversight responsibility and/or third-party consultants providing cyber risk services, reviews vulnerabilities identified through the risk management process, the effectiveness of the Company’s cyber risk management program, and the emerging threat landscape and new cyber risks on a quarterly basis. This includes updates on the Company’s processes to prevent, detect, and mitigate cybersecurity incidents. In addition, cybersecurity risks are reviewed by the Cyber Security and Risk Committee at least annually as part of the Company’s corporate risk oversight processes. The Company also undergoes annual internal and external ISO 27001:2013 audits to proactively identify nonconformity issues within the ISMS and demonstrate ongoing compliance with the standard.

As part of its review of the adequacy of the Company’s system of internal controls over financial reporting and disclosure controls and procedures, the Cyber Security & Risk Committee of the Board of Directors, comprised of independent directors, is specifically responsible for reviewing the adequacy of the Company’s computerized information system controls and security related thereof, the Company’s cybersecurity threat landscape, risks and the Company’s management and mitigation of cybersecurity risks and potential breach incidents.

The Company faces risks from cybersecurity threats that could adversely affect its business, financial condition, results of operations, cash flows, or reputation. The Company acknowledges that the risk of cyber incidents is prevalent in the current threat landscape and that a future cyber incident may occur in the normal course of its business. To date, the Company has not experienced a cybersecurity incident. The Company proactively seeks to detect and investigate unauthorized attempts and attacks against its IT assets, data, and services and to prevent their occurrence and recurrence where practicable through changes or updates to internal processes and tools and changes or updates to service delivery; however, potential vulnerabilities to known or unknown threats will remain. Further, there is increasing regulation regarding responses to cybersecurity incidents, including reporting to regulators, investors, and additional stakeholders, which could subject the Company to additional liability and reputational harm. See Item 1A. “Risk Factors” for more information on cybersecurity risks.

ITEM 2. PROPERTIES     

The Company currently maintains two leases for office space located in Melville, NY, and one lease for office space in Austin, TX.

On July 31, 2021, the Company signed a three-year lease for approximately 2,880 square feet of office space at 980 North Federal Highway, Boca Raton, FL. The commencement date of the lease was August 2, 2021. The monthly rent is approximately $4,965. The lease has since expired.

On January 1, 2022, the Company entered into a lease agreement for office space with WeWork in Austin, TX. On September 3, 2024, the Company amended this agreement and is on an eight month lease agreement with payments of a $1,056 per month.

On January 17, 2024, the Company entered into a lease agreement for office space in Melville, NY. The lease commenced on April 1, 2024, and has a term of sixty-seven months. The lease requires monthly payments of $11,931 and expires on October 30, 2029.

ITEM 3. LEGAL PROCEEDINGS

From time to time, the Company may become involved in legal proceedings or be subject to claims arising in the ordinary course of its business. The Company is not presently a party to any legal proceedings that, if determined adversely to it, would individually or taken together have a material adverse effect on its business, operating results, financial condition, or cash flows. Regardless of the outcome, litigation can have an adverse impact on the Company because of defense and settlement costs, diversion of management resources and other factors.

Not applicable.

PART II

ITEM 5. MARKET FOR REGISTRANT’S COMMON EQUITY, RELATED STOCKHOLDER MATTERS AND ISSUER PURCHASES OF EQUITY SECURITIES

Market Information

The Company’s common stock trades on The Nasdaq Capital Market under the symbol “DTST.”

Holders of the Company’s Common Stock

As of March 27, 2025, we had 31 shareholders of record of the Company’s common stock, one of which was Cede & Co., a nominee for Depository Trust Company (“DTC”). All the shares of the Company’s common stock held by brokerage firms, banks and other financial institutions as nominees for beneficial owners are deposited into participant accounts at DTC and are therefore considered to be held or recorded by Cede & Co. as one stockholder.

Dividend Policy

The Company has not declared or paid dividends on common stock since its formation and does not anticipate paying dividends in the foreseeable future. The declaration or payment of dividends, if any, in the future, will be at the discretion of DSC’s Board of Directors and will depend on the then- current financial condition, results of operations, capital requirements and other factors deemed relevant by the Board. Each share of Series A Preferred Stock entitles its holder to receive cash dividends at a rate of ten percent (10%) per annum on the original issue price, compounding annually, in preference to holders of common stock. Preferred dividends are accrued quarterly. No shares of Series A Preferred Stock are outstanding, and no dividends have been paid to date since May 2021 when all of the then outstanding shares of Series A Preferred Stock were converted into shares of the Company’s common stock.

Recent Sales of Unregistered Securities

The Company did not sell any equity securities during the three months ended, or the fiscal year ended, December 31, 2024, that were not registered under the Securities Act, other than as previously disclosed in its filings with the Securities and Exchange Commission (the “SEC”).

Issuer Purchases of Equity Securities

There were no issuer purchases of equity securities during the year ended, December 31, 2024.

Securities Authorized for Issuance Under Equity Compensation Plans

The following table contains information about the Company’s equity compensation plans as of December 31, 2024:

Equity Compensation Plan Information

ITEM 6. RESERVED

ITEM 7. MANAGEMENT’S DISCUSSION AND ANALYSIS OF FINANCIAL CONDITION AND RESULTS OF OPERATION

The following discussion of our plan of operation and results of operations should be read in conjunction with the consolidated financial statements and related notes to the consolidated financial statements included elsewhere in this Annual Report on Form 10-K. This discussion contains forward-looking statements that relate to future events or our future financial performance. These statements involve known and unknown risks, uncertainties and other factors that may cause our actual results, levels of activity, performance or achievements to be materially different from any future results, levels of activity, performance or achievements expressed or implied by these forward-looking statements. These risks and other factors include, among others, those listed under “Forward-Looking Statements” and “Risk Factors” and those included elsewhere in this report.

COMPANY OVERVIEW SUMMARY 

DSC is a leading provider of enterprise cloud and business continuity solutions, specializing in fully managed cloud hosting, disaster recovery, cybersecurity, and IT automation services. DSC leverages its expertise through its three subsidiaries: CloudFirst Technologies, CloudFirst Europe and Nexxis. Through its CloudFirst platform – built on IBM Power Systems infrastructure – DSC delivers high-performance cloud solutions tailored for IBM i and AIX workloads This niche focus on IBM Power environments distinguishes CloudFirst in the market: none of the major public cloud providers (AWS, Microsoft Azure, or Google Cloud) natively support IBM i/AIX workload, giving DSC a distinct competitive edge in serving clients with these mission-critical systems. The Company leverages long-term subscription contracts for its cloud and disaster-recovery services, yielding a highly recurring revenue base and strong customer retention (historically over 90% annual subscription renewal rates) DSC’s client base exceeds 425 organizations across diverse sectors – including government, healthcare, education, manufacturing, and Fortune 500 enterprises – reflecting broad market demand for its multi-cloud hosting and business continuity solutions. In recent years, DSC has undertaken strategic expansions (organically and via acquisitions) to reinforce its position as an emerging growth leader in the multi-billion-dollar cloud hosting and business continuity market. Notably, the integration of Flagship (acquired 2021) into CloudFirst was completed in January 2024, unlocking operational synergies and enabling cross-selling of the full CloudFirst suite to Flagship’s established customer base. This integration, combined with enhanced distribution and marketing capabilities post-2021 Nasdaq uplisting, has bolstered DSC’s growth trajectory and technical expertise.

Recent Developments

On July 18, 2024, the Company entered into an Equity Distribution Agreement (the “Agreement”), with Maxim Group LLC (“Maxim”), pursuant to which it may offer and sell, from time to time, through Maxim, as sales agent or principal, shares of the Company’s common stock. Subject to the terms and conditions of the Agreement, Maxim will use commercially reasonable efforts consistent with its normal trading and sales practices, applicable state and federal law, rules and regulations and the rules of the Nasdaq Capital Market to sell shares from time to time based upon the Company’s instructions, including any price, time or size limits specified by us. Under the Agreement, Maxim may sell shares by any method deemed to be an “at the market” offering as defined in Rule 415 under the Securities Act of 1933, as amended, or any other method permitted by law, including in privately negotiated transactions. Maxim’s obligations to sell shares under the Agreement are subject to satisfaction of certain conditions, including customary closing conditions for transactions of this nature. The Company will pay Maxim a commission of 2.5% of the aggregate gross proceeds from each sale of shares and have agreed to provide Maxim with customary indemnification and contribution rights. The Company also agreed to reimburse Maxim for certain specified expenses of up to $50,000. Sales of shares of common stock under the Agreement will be made pursuant to the Company’s registration statement on Form S-3 (File No. 333-280881) (the “Registration Statement”) and a related prospectus supplement (the “ATM Prospectus”), both of which were filed with the SEC on July 18, 2024. The ATM Prospectus relates to the offering of up to $10,600,000 shares of the Company’s common stock. The issuance and sale, if any, of common stock under the Agreement is subject to the Company maintaining an effective registration statement. The Registration Statement was declared effective on July 26, 2024.

RESULTS OF OPERATIONS

Year ended December 31, 2024, as compared to December 31, 2023

Revenue

Revenue for the year ended December 31, 2024, increased by approximately 2% to $25,371,303 as compared to sales for the year ended December 31, 2023, of $24,959,576. The Company derives its sales from four types of services that it provides: infrastructure & disaster recovery/cloud services which is the largest source of its sales, followed by managed services, equipment and software sales, and Nexxis VoIP and internet access services. The cloud infrastructure & disaster recovery/cloud services are subscription-based. The Company also provides equipment and software and actively participates in collaboration with IBM to provide innovative business solutions to clients. The professional services are providing the client cloud infrastructure and or disaster recovery implementation services as well as time and materials billing. Substantially all of the Company’s sales were to customers in the United States, with 2% of its sales to international customers. During the year ended December 31, 2024, the Company derived approximately 31% of revenue from equipment and software sales, 51% of revenue from infrastructure & disaster recovery/cloud services, 12% of revenue from managed services, 5% of revenue from Nexxis VoIP services. During the year ended December 31, 2023, the Company derived approximately 41% of our revenue from equipment and software sales, 40% of its revenue from infrastructure & disaster recovery/cloud services, 13% of revenue from managed services, and 4% of revenue from Nexxis VoIP services.

The following chart details the changes in the Company’s sales for the years ended December 31, 2024, and 2023, respectively.

Expenses

Cost of sales. For the year ended December 31, 2024, cost of sales was $14,267,936, a decrease of $1,115,315, or 7%, compared to $15,383,251 for the year ended December 31, 2023. The decrease of $1,115,315 was mostly related to the decrease in one-time equipment and managed services related cost of sales.

Selling, general and administrative expenses. For the year ended December 31, 2024, selling, general and administrative expenses were $11,023,476, an increase of $1,278,740, or 13%, as compared to $9,744,736 for the year ended December 31, 2023. The increase is reflected in the chart below.

Salaries and Director Fees. Salaries and director fees increased as a result of an increase in headcount, an increase in the number of Board Members and an increase due to annual employee performance reviews.

Stock Based Compensation. Stock Based Compensation increased primarily due to an increase in the number of RSU’s granted and higher fair value per share for both RSU’s and stock options.

Professional Fees. Professional fees increased primarily due to business development consulting fees, an increase in legal and accounting fees related to the filing of certain registration statements, and an increase in recruiting fees.

Software as a Service Expense (SaaS). SaaS increased due to new projects for improvement initiatives for one of the Company’s customer relationship management systems. 

Advertising Expenses. Advertising expense decreased due to the Company’s strategy to offset stadium expense by re-selling the suite for certain events.

Commissions Expense. Commissions expense decreased due to lower one-time equipment sales.

Travel and Entertainment. Travel and entertainment expenses increased due to international expansion efforts in addition to travel related to domestic customer expansion efforts.

All Other Expenses. All other expenses increased primarily due to the Company receiving communications from the New York State Department of Taxation and Finance regarding sales and use tax matters. On July 31, 2024, the Company received additional correspondence and entered into discussions with the agency concerning an audit of its sales and use tax filings. On February 4, 2025, the Company received a Statement of Proposed Audit Change from the Department, proposing a total liability of $219,352. The proposed liability related to the audit period from December 1, 2018 through May 31, 2023, and included $142,021 in tax and $77,331 in interest, with no penalties assessed. As of September 30, 2024, the Company recorded an initial accrual of $89,000 based on the information available at the time. Upon receipt of the proposed assessment and completion of its evaluation, the Company recorded the remaining liability of $53,021 in other expenses and $77,331 in interest expense as of December 31, 2024, bringing the total accrual to $219,352. The Company subsequently paid the full amount to the New York State Department of Taxation and Finance in February 2025. 

Income before provision for income taxes. Income before provision for income taxes for the years ended December 31, 2024, and 2023 was $552,103, and $299,316 respectively, primarily attributable to the items discussed above.

LIQUIDITY AND CAPITAL RESOURCES

The consolidated financial statements have been prepared in accordance with generally accepted accounting principles in the United States of America (“GAAP”) applicable for a going concern, which assumes that the Company will realize its assets and discharge its liabilities in the ordinary course of business.

To the extent the Company is successful in growing its business, identifying potential acquisition targets, and negotiating the terms of such acquisitions, and where the purchase price may include a cash component, the Company expects to use its working capital and the proceeds of any financing to finance such acquisition costs.

The Company’s conclusion concerning its liquidity is based on current information. If this information proves to be inaccurate, or if circumstances change, the Company may not be able to meet its liquidity needs, which will require a renegotiation of related party capital equipment leases, a reduction in advertising and marketing programs, and/or a reduction in salaries for officers that are major shareholders.

The Company has long-term contracts to supply its subscription-based solutions that are invoiced to clients monthly. The Company believes its total contract value of its subscription contracts with clients based on the actual contracts that it has to date exceeds $10 million. Further, the Company continues to see an uptick in client interest in distribution channel expansion and in sales proposals. In 2025, the Company intends to continue to work to increase its presence in the IBM “Power I” infrastructure cloud and business continuity marketplace in the niche of IBM “Power” and in the disaster recovery global marketplace utilizing its technical expertise, data centers utilization, assets deployed in the data centers, 24 x 365 monitoring and software. 

On July 18, 2024, the Company entered into the Agreement with Maxim, discussed under “Recent Developments” above, pursuant to which the Company may offer and sell, from time to time, through Maxim, as sales agent or principal, shares of its common stock. There can be no guarantee that the Company will be able to raise capital from sales under the Agreement. To date, the Company has not made any sales under the Agreement.

The Company’s working capital was $11,869,914 on December 31, 2024, increasing by $858,507 from $11,011,407 at December 31, 2023. The increase is primarily attributable to an increase in accounts receivable and prepaid expenses and other current assets which was offset, in part, by an increase in accounts payable.

Cash Flows for the year ended December 31, 2024, as compared to December 31, 2023

The following table summarizes the Company’s cash flows:

Operating activities

For the year ended December 31, 2024, cash provided by operating activities was $1,740,089, compared to $3,873,047 for the year ended December 31, 2023. The decrease is primarily due to an increase in accounts receivable of $1,010,880 for the year ended December 31, 2024, as compared to a decrease in accounts receivable for the year ended December 31, 2023 of $2,242,864.

Investing activities

During the year ended December 31, 2024, net cash used in investing activities totaled $1,743,174, compared to $3,852,245 during the year ended December 31, 2023. The decrease of $2,109,071 was primarily due to a net decrease in the purchases of marketable securities.

Financing activities

During the year ended December 31, 2024, net cash used in financing activities totaled $352,957, compared to $878,794 during the year ended December 31, 2023. The decrease of $525,837 was primarily due to lower repayments of finance lease obligations.

Off-Balance Sheet Arrangements

The Company does not have any off-balance sheet arrangements, financings, or other relationships with unconsolidated entities or other persons, also known as “special purpose entities.”

Non-GAAP Financial Measures

Adjusted EBITDA

To supplement the Company’s consolidated financial statements presented in accordance with GAAP and to provide investors with additional information regarding the Company’s financial results, the Company considers and is including herein Adjusted EBITDA, a Non-GAAP financial measure. The Company views Adjusted EBITDA as an operating performance measure and, as such, the Company believes that the GAAP financial measure most directly comparable to it is net income (loss). The Company defines Adjusted EBITDA as net income adjusted for interest and financing fees, depreciation, amortization, stock-based compensation, sales tax settlement, and other non-cash income and expenses. The Company believes that Adjusted EBITDA provides an important measure of operating performance because it allows management, investors, debt holders and others to evaluate and compare ongoing operating results from period to period by removing the impact of the Company’s asset base, any asset disposals or impairments, stock-based compensation and other non-cash income and expense items associated with its reliance on issuing equity-linked debt securities to fund its working capital.

The Company’s use of Adjusted EBITDA has limitations as an analytical tool, and this measure should not be considered in isolation or as a substitute for an analysis of its results as reported under GAAP, as the excluded items may have significant effects on its operating results and financial condition. Additionally, the Company’s measure of Adjusted EBITDA may differ from other companies’ measure of Adjusted EBITDA. When evaluating the Company’s performance, Adjusted EBITDA should be considered with other financial performance measures, including various cash flow metrics, net income and other GAAP results. In the future, the Company may disclose different non-GAAP financial measures in order to help its investors and others more meaningfully evaluate and compare the Company’s future results of operations to its previously reported results of operations.

The following table shows the Company’s reconciliation of net income (loss) to adjusted EBITDA for the years ended December 31, 2024, and 2023:

CRITICAL ACCOUNTING ESTIMATES 

Use of Estimates

The preparation of financial statements in conformity with US GAAP requires management to make estimates and assumptions that affect the reported amounts of assets and liabilities and disclosure of contingent assets and liabilities at the date of the financial statements and the reported amounts of revenue and expenses during the reporting period. Actual results could differ from these estimates. The Company believes that the accounting estimates employed are appropriate and resulting balances are reasonable; however, due to inherent uncertainties in making estimates, actual results may differ from the original estimates, requiring adjustments to these balances in future periods. There are accounting policies, each of which requires significant judgments and estimates on the part of management, that the Company believes are significant to the presentation of its consolidated financial statements. The most significant accounting estimates are set forth below.

Estimated Fair Value of Financial Instruments

The Company’s financial instruments include cash, accounts receivable, accounts payable and lease commitments. Management believes the estimated fair value of these accounts on December 31, 2024, approximate their carrying value as reflected in the balance sheet due to the short-term nature. The carrying values of certain of the Company’s notes payable and capital lease obligations approximate their fair values based upon a comparison of the interest rate and terms of such debt given the level of risk to the rates and terms of similar debt currently available to the Company in the marketplace.

Property and Equipment

Property and equipment are recorded at cost and depreciated over their estimated useful lives or the term of the lease using the straight-line method for financial statement purposes. Estimated useful lives in years for depreciation are five to seven years for property and equipment. Additions, betterments and replacements are capitalized, while expenditures for repairs and maintenance are charged to operations when incurred. As units of property are sold or retired, the related cost and accumulated depreciation are removed from the accounts, and any resulting gain or loss is recognized in income.

Goodwill and Other Intangibles

The Company assesses goodwill for impairment on an annual basis on December 31, or more frequently if events occur or circumstances change indicating that the fair value of the goodwill may be below its carrying amount. The Company has four reporting units. The Company uses an income-based approach to determine the fair value of the reporting units. This approach uses a discounted cash flow methodology and the ability of the Company’s reporting units to generate cash flows as measures of fair value of its reporting units. The Company performs a qualitative analysis of goodwill and other intangible assets for impairment indicators on at least an annual basis. If this assessment shows impairment indicators the Company will perform an impairment test to determine if the carrying value of a reporting unit exceeds its estimated fair value.

For the year ended December 31, 2024, the Company was not required to perform an impairment test of goodwill since the qualitative analysis did not show any impairment indicators and no triggering events were identified. To determine the fair value of goodwill and intangible assets, the Company uses many assumptions and estimates using a market participant approach that directly impacts the testing results. In making these assumptions and estimates, the Company uses industry accepted valuation models and set criteria that are reviewed and approved by various levels of management.

For the year ended December 31, 2023, the Company was required to complete its annual impairment tests of goodwill since the Company combined two reporting units. The Company performed the quantitative assessment and determined that the fair value of the reporting units was more likely than not greater than their carrying value, including goodwill at December 31, 2023. Based on the completion of the annual impairment test on December 31, 2023, the Company did not record an impairment charge. 

Revenue Recognition

Nature of goods and services

The following is a description of the products and services from which the Company generates revenue, as well as the nature, timing of satisfaction of performance obligations, and significant payment terms for each:

Cloud Infrastructure provides clients with the ability to migrate their on-premise computing and digital storage to CloudFirst’s enterprise-level technical compute and digital storage assets located in Tier 3 data centers. DSC owns the assets and provides a turnkey solution whereby achieving reliable and cost-effective, multi-tenant IBM Power compute, x86/intel, flash digital storage, while providing disaster recovery and cyber security while eliminating client capital expenditures. The client pays a monthly fee and can increase capacity as required.

Clients can subscribe to an array of disaster recovery solutions without subscribing to cloud infrastructure. Product offerings provided directly from DSC are High Availability, Data Vaulting and retention solutions, including standby servers which allows clients to centralize and streamline their mission-critical digital information and technical environment while ensuring business continuity if they experience a cyber-attack or natural disaster. Client’s data is vaulted, at two data centers with the maintenance of retention schedules for corporate governances and regulations all to meet their back to work objective in a disaster.

These services are performed at the inception of a contract. The Company provides professional assistance to its clients during the implementation processes. On-boarding and set-up services ensure that the solution or software is installed properly and function as designed to provide clients with the best solutions. In addition, clients that are managed service clients have a requirement for DSC to offer time and material billing supplementing the client’s staff.

The Company also derives both one-time and subscription-based revenue from providing support, management and renewal of software, hardware, third party maintenance contracts and third-party cloud services to clients. The managed services include help desk, remote access, operating system and software patch management, annual recovery tests and manufacturer support for equipment and on-gong monitoring of client system performance.

The Company provides equipment and software and actively participates in collaboration with IBM to provide innovative business solutions to clients. The Company is a partner of IBM and the various software, infrastructure and hybrid cloud solutions are provided to clients.

The Company provides VoIP, Internet access and data transport services to ensure businesses are fully connected to the internet from any location, remote and on premise. The Company provides Hosted VoIP solutions with equipment options for IP phones and internet speeds of up to 10Gb delivered over fiber optics.

Transaction price allocated to the remaining performance obligations

The Company has the following performance obligations:

Impairment of Long-Lived Assets

The Company reviews its long-lived assets for impairment whenever events and circumstances indicate that the carrying value of an asset might not be recoverable. An impairment loss, measured as the amount by which the carrying value exceeds the fair value, is recognized if the carrying amount exceeds estimated un-discounted future cash flows.

Stock-Based Compensation

The Company follows the requirements of FASB ASC 718-10-10, Share-Based Payments with regards to stock-based compensation issued to employees and non-employees. The Company has agreements and arrangements that call for stock to be awarded to the employees and consultants at various times as compensation and periodic bonuses. The expense for this stock-based compensation is equal to the fair value of the stock price on the day the stock was awarded multiplied by the number of shares awarded. The Company has a relatively low forfeiture rate of stock-based compensation, and forfeitures are recognized as they occur.

The valuation methodology used to determine the fair value of the options issued during the period is the Black-Scholes option-pricing model. The Black-Scholes model requires the use of a number of assumptions including the volatility of the stock price, the average risk-free interest rate, and the weighted average expected life of the options. Risk-free interest rates are calculated based on continuously compounded risk-free rates for the appropriate term. The dividend yield is assumed to be zero as the Company has never paid or declared any cash dividends on its Common Stock and does not intend to pay dividends on its Common Stock in the foreseeable future. The expected forfeiture rate is estimated based on management’s best assessment.

Estimated volatility is a measure of the amount by which DSC’s stock price is expected to fluctuate each year during the expected life of the award. The Company’s calculation of estimated volatility is based on historical stock prices over a period equal to the expected life of the awards.

Impact of Recently Issued Accounting Standards

In the normal course of business, we evaluate all new accounting pronouncements issued by the FASB, SEC, or other authoritative accounting bodies to determine the potential impact they may have on the Company’s Consolidated Financial Statements. See Note 2 “Summary of Significant Accounting Policies” of the notes to the Company’s consolidated financial statements in this Annual Report for additional information about these recently issued accounting standards and their potential impact on the Company’s financial condition or results of operations.

ITEM 7A. QUANTITATIVE AND QUALITATIVE DISCLOSURES ABOUT MARKET RISK

As a smaller reporting company, this item is not required.

ITEM 8. FINANCIAL STATEMENTS AND SUPPLEMENTARY DATA.

REPORT OF INDEPENDENT REGISTERED PUBLIC ACCOUNTING FIRM

To the Board of Directors and

Stockholders of Data Storage Corporation and Subsidiaries

Opinion on the Financial Statements

We have audited the accompanying balance sheets of Data Storage Corporation and Subsidiaries (the Company) as of December 31, 2024 and 2023, and the related statements of income, comprehensive income, stockholders’ equity, and cash flows for the years then ended, and the related notes (collectively referred to as the financial statements). In our opinion, the financial statements present fairly, in all material respects, the financial position of the Company as of December 31, 2024 and 2023 and the results of its operations and its cash flows for the years then ended, in conformity with accounting principles generally accepted in the United States of America.

Basis for Opinion

These financial statements are the responsibility of the Company’s management. Our responsibility is to express an opinion on the Company’s financial statements based on our audits. We are a public accounting firm registered with the Public Company Accounting Oversight Board (United States) (PCAOB) and are required to be independent with respect to the Company in accordance with the U.S. federal securities laws and the applicable rules and regulations of the Securities and Exchange Commission and the PCAOB.

We conducted our audits in accordance with the standards of the PCAOB. Those standards require that we plan and perform the audit to obtain reasonable assurance about whether the financial statements are free of material misstatement, whether due to error or fraud. The Company is not required to have, nor were we engaged to perform, an audit of its internal control over financial reporting. As part of our audits, we are required to obtain an understanding of internal control over financial reporting but not for the purpose of expressing an opinion on the effectiveness of the Company’s internal control over financial reporting. Accordingly, we express no such opinion.

Our audits included performing procedures to assess the risks of material misstatement of the financial statements, whether due to error or fraud, and performing procedures that respond to those risks. Such procedures included examining, on a test basis, evidence regarding the amounts and disclosures in the financial statements. Our audits also included evaluating the accounting principles used and significant estimates made by management, as well as evaluating the overall presentation of the financial statements. We believe that our audits provide a reasonable basis for our opinion.

Critical Audit Matters

Critical audit matters are matters arising from the current period audit of the financial statements that were communicated or required to be communicated to the audit committee and that (1) relate to accounts or disclosures that are material to the financial statements and (2) involved our especially challenging, subjective, or complex judgments. We determined that there were no critical audit matters.

To the Board of Directors and

Stockholders of Data Storage Corporation and Subsidiaries

/s/ Rosenberg Rich Baker Berman, P.A.

We have served as the Company’s auditor since 2008.

Somerset, New Jersey

March 31, 2025

 89