UNITED STATES

SECURITIES AND EXCHANGE COMMISSION

WASHINGTON, D.C. 20549

FORM 10-K

(Mark One) 

For the fiscal year ended December 31, 2021

For the transition period from _____________to____________________________

Commission File No. 000-54579

DATA STORAGE CORPORATION 

(Exact name of registrant as specified in its charter)

Registrant’s telephone number, including area code: (212) 564-4922

Securities registered under Section 12(b) of the Exchange Act: None

Securities registered under Section 12(g) of the Exchange Act:

Common Stock, par value $0.001 per share

(Title of class)

Indicate by check mark if the registrant is a well-known seasoned issuer, as defined in Rule 405 the Securities Act. Yes ☐ No ☒

Indicate by check mark if the registrant is not required to file reports pursuant to Section 13 or Section 5(d) of the Act. Yes ☐ No ☒

Indicate by check mark whether the registrant (1) has filed all reports required to be filed by Section 13 or 15(d) of the Securities Exchange Act of 1934 during the preceding 12 months (or for such shorter period that the registrant was required to file such reports), and (2) has been subject to such filing requirements for the past 90 days.

Yes ☒ No ☐

Indicate by check mark whether the registrant has submitted electronically every Interactive Data File required to be submitted pursuant to Rule 405 of Regulation ST (§232.405 of this chapter) during the preceding 12 months (or for such shorter period that the registrant was required to submit such files). Yes ☒ No ☐

Indicate by check mark whether the registrant is a large accelerated filer, an accelerated filer, a non-accelerated filer, a smaller reporting company and an “emerging growth company”. See the definitions of “large accelerated filer,” “accelerated filer” “smaller reporting company” and “emerging growth company” in Rule 12b-2 of the Exchange Act.

If an emerging growth company, indicate by check mark if the registrant has elected not to use the extended transition period for complying with any new or revised financial accounting standards provided pursuant to Section 13(a) of the Exchange Act. ☐

Indicate by check mark whether the registrant has filed a report on and attestation to its management’s assessment of the effectiveness of its internal control over financial reporting under Section 404(b) of the Sarbanes-Oxley Act (15 U.S.C. 7262(b)) by the registered public accounting firm that prepared or issued its audit report. ☐

Indicate by check mark whether the registrant is a shell company as defined in Rule 12b-2 of the Exchange Act. Yes ☐ No ☒

As of June 30, 2021, the last business day of the Registrant’s most recently completed second fiscal quarter, the aggregate market value of the Company’s voting and non-voting common equity held by non-affiliates of the Registrant was $11,921,452.

The number of shares of the registrant’s common stock outstanding as of March 31, 2022 was 6,697,127.

Documents incorporated by reference: None

Data Storage Corporation

Table of Contents

 PART I

Forward-Looking Statements

This Annual Report on Form 10-K (this “Annual Report”) contains forward-looking statements within the meaning of Section 27A of the Securities Act of 1933, as amended (the “Securities Act”), and Section 21E of the Securities Exchange Act of 1934, as amended (the “Exchange Act”), that involve substantial risks and uncertainties. The forward-looking statements are contained principally in Part I, Item 1. “Business,” Part I, Item 1A. “Risk Factors,” and Part II, Item 7. “Management’s Discussion and Analysis of Financial Condition and Results of Operations,” but are also contained elsewhere in this Annual Report in some cases you can identify forward-looking statements by terminology such as “may,” “should,” “potential,” “continue,” “expects,” “anticipates,” “intends,” “plans,” “believes,” “estimates,” and similar expressions. These statements are based on our current beliefs, expectations, and assumptions and are subject to a number of risks and uncertainties, many of which are difficult to predict and generally beyond our control, that could cause actual results to differ materially from those expressed, projected or implied in or by the forward-looking statements.

You should refer to Item 1A. “Risk Factors” section of this Annual Report for a discussion of important factors that may cause our actual results to differ materially from those expressed or implied by our forward-looking statements. As a result of these factors, we cannot assure you that the forward-looking statements in this Annual Report will prove to be accurate. Furthermore, if our forward-looking statements prove to be inaccurate, the inaccuracy may be material. In light of the significant uncertainties in these forward-looking statements, you should not regard these statements as a representation or warranty by us or any other person that we will achieve our objectives and plans in any specified time frame, or at all. We do not undertake any obligation to update any forward-looking statements. Unless the context requires otherwise, references to “Data Storage,” “we,” “us,” “our,” and “Company,” refer to Data Storage Corporation and its subsidiaries.

ITEM 1. BUSINESS

The Industry and Opportunity

Data Storage Corporation provides Cloud Managed Services and technologies across multiple platforms. The Company’s technical assets are located in geographically diverse Tier 3 compliant data centers throughout the USA and Canada. 

Hybrid and Multi-Cloud have become mainstream technological offerings of the Cloud Managed Services industry as companies have moved away from legacy, on-premise technology solutions. This approach is growing more complex, as companies utilize disparate technical environments, including on-premises equipment and software, multi-clouds interfacing with Software as a Service providers, Amazon AWS and others while focusing on the remote employee or contractor for higher levels of security is driving growth in managed cloud services.

Cloud Managed Service Providers assist businesses in achieving their desired security levels, technical cloud infrastructure and financial objectives while optimizing the value of these technologies and cloud resources through multi-cloud management, ensuring business continuity, governance, and operational efficiencies.

This is a five hundred-billion-dollar industry. One subset, a highly-focused segment of the Company, is IBM Power cloud infrastructure and disaster recovery. Globally estimated at over one million virtual IBM Power servers. According to the most recent information received from IBM typical industries utilizing IBM Power servers are finance, retail, healthcare, government, and distribution organizations.

The Company is a leader in providing IBM Power cloud infrastructure, disaster recovery and the creation of unique offerings for over 15 years.  

The opportunity, for the Company, in the IBM Power server portfolio segment is to capture a share of this annual recurring revenue marketplace that is currently under migration to cloud infrastructure.

The Company believes businesses are increasingly under pressure to improve the proficiency of their information and storage systems accelerating the migration from self-managed technical equipment and solutions to fully managed multi-cloud technologies to reduce cost and compete effectively. These trends create an opportunity for cloud technology service providers.

The Company’s market opportunity is derived from the demand for fully managed cloud and cybersecurity services across all major operating systems.

The Company’s target is the $46.7 billion marketplace in the United States and Canada of this overall, projected $1 trillion global marketplace.

According to Fortune Business Insights, the Cloud Managed Services industry in North America was $16.3 billion in 2019 and has been growing at a rate of 13.8% CAGR bringing us to $24 billion by the end of 2022. Disaster Recovery is projected to be a $3.6 billion in the US by the end of 2022 which is 35% of the $10.3 billion globally based on Grandview Research Disaster Recovery Solutions Market Size report. Cyber Security, specifically the MDR segment, is an established market recognized by buyers. Gartner observed a 35% growth in end users’ inquiries on the topic in the last year. Gartner estimates that by 2025, the MDR market will reach $2.15 billion in revenue, up from $1.03 billion in 2021, for a compound annual growth rate (CAGR) of 20.2%. The Company’s VOIP solutions fit well into this steadily growing segment which is expected to reach $90 billion worldwide in 2022 with a CAGR of 3.1% with $17 billion in the US according to Globe Newswire Market Analysis and Insights: Global VoIP Market. Data and Analytics is another market that is growing rapidly and the Company is breaking into, according to Globe Newswire this market was valued at $198 billion in 2020 and with a projected 13.5% CAGR we see this hitting $263 billion by the end of 2022 and based on the Big Data Business Analytics market share report posted on statista.com the US has 51% of that growth.

The Company is positioned to support this growth, in the IBM Power multi-cloud marketplace as businesses continue to migrate towards this strategy.

The Company has designed and built its solutions and services to support the demanding IBM Power System workload, manage hybrid cloud deployments and continue to provide solutions that keep data and workloads protected from disasters and security attacks.

Company Overview

Data Storage Corporation, headquartered in Melville, New York, with its three subsidiaries, DSC, Flagship Solutions LLC and Nexxis, Inc., provides solutions and services to a broad range of clients in several industries, including healthcare, banking and finance, distribution services, manufacturing, construction, education, and government. The subsidiaries maintain business development teams, as well as independent distribution companies. As an example, the Company’s distribution channel of companies provides long-term subscription-based disaster recovery and cloud infrastructure without investing in the infrastructure, data centers, telecommunications or specialized technical staff, which substantially lowers their barrier of entry in providing these solutions to their client base. The distribution company has typically provided equipment and software. However, a client’s awareness in 2021 of the ability to migrate to an IBM Power cloud infrastructure and disaster recovery affords the distributor the ability to maintain the client and create an annuity year after year. To further support that awareness, over 55,000 visitors arrived at the Company’s website in 2021.

During 2021, based on the May capital raise and the up list to Nasdaq, the Company added distribution, business development representatives, marketing, and technical personnel. Management continues to be focused on building the Company’s sales and marketing strategy and expanding its technology assets throughout its data center network.

The Company’s business offices are located in New York and Florida. The offices include a technology center and lab, adapted to meet the technical requirements of the Company’s clients. The Company maintains its own infrastructure, storage, and networking equipment required to provide subscription solutions in seven geographically diverse data centers located in New York, Massachusetts, Texas, Florida and North Carolina, and in Canada, Toronto, and Barrie, serving clients in the United States and Canada.

The Company’s business continuity solutions allow clients to quickly recover from system outages, human and natural disasters, and cyber security attacks, such as Ransomware. The Company’s managed cloud services begin with migration to the cloud and provide ongoing system support and management that enables its clients to run their software applications and technical workloads in a multi-cloud environment. The Company’s cyber security offerings include comprehensive consultation and a suite of data security, disaster recovery, and remote monitoring services and technologies that can be incorporated into the Company’s cloud solutions or be delivered as a standalone managed security offering covering the client site endpoint devices, users, servers, and equipment.

Solution architects and the Company’s business development teams work with organizations identifying and solving critical business problems. The Company carefully plans and manages the migration and configuration process, continuing the relationship and advising its clients long after the services have been implemented. As of this filing, the Company has proposals outstanding of approximately $20 million in total contract value; and, total proposals outstanding for subscriptions solutions of approximately $14 million in total contract value. Reflecting on client satisfaction, the Company’s renewal rate on client subscription solutions is approximately 94% after their initial contract term expired.

The Company provides its clients subscription-based, long-term agreements for cloud disaster recovery, cloud infrastructure, telecommunications solutions, and high processing on-site computing power and software solutions. While a significant portion of the Company’s revenue has been subscription-based, it also generates revenue from the sale of equipment and software for cybersecurity, data storage, IBM Power systems equipment and managed service solutions. As of this filing the Company has a backlog of over $500,000 in Annual Recurring Revenue (ARR) and equipment and software backlog of approximately $2 million. 

Growth Strategies  

The Company will continue to drive revenues by expanding distribution channels. The Company will continue to build upon its social and digital lead generation programs. Further, the Company will continue to seek synergetic acquisitions that expand distribution, leading a technology trend, add to its existing technical staff and create economies of scale improving gross profit margins.

The Company increases revenue and drives growth by developing and managing collaborative solutions as well as joint marketing initiatives. The Company has a diverse community of distribution partners, ranging from IBM Business Partners, Software Vendors, application support providers, consultants, and other cloud infrastructure providers.

The Company believes there is a significant need for its solutions on a global basis and, accordingly, the opportunity for it to grow its business through international expansion as these markets increase their use of multi-cloud solutions.

The Company’s Core Services: The Company provides an array of multi-cloud information technology solutions in highly secure, enterprise-level cloud services for companies using IBM Power Systems, Microsoft Windows, and Linux. Specifically, the Company’s support services cover:

Solutions and Services

Cyber Security Solutions: The Company’s ezSecurity™ solution offers a suite of comprehensive cyber security products that can be utilized on systems at the client’s location or on systems hosted in the Company’s cloud. These offerings include fully managed endpoint (PCs and other user devices) security with active threat mitigation, system security assessments, risk analysis, and applications to ensure continuous security. ezSecurity™ contains a specialized offering for protecting and auditing IBM systems including a package designed to protect IBM systems against Ransomware attacks.

Data Protection and Recovery Solutions: The Company offers a variety of data protection and disaster recovery solutions services designed to meet its clients’ requirements and budgets.

Cloud Hosted Production Systems: The Company’s ezHost™ solution offers managed cloud services that removes the burden off system management from its clients and ensures that their software applications and IT workloads are running smoothly. ezHost™ provides full-time, scalable compute, storage, and network infrastructure resources to run clients’ workloads on the Company’s enterprise-class infrastructure. ezHost™ replaces the cost of support, maintenance, system administration, space, electrical power, and cooling of the typical hardware on-premises systems with a predictable monthly expense. The Company’s ezHost services are backed by an SLA governing performance, availability, and access.

Voice & Data Solutions: Nexxis, our voice and data division, specializes in fully-managed VoIP, Internet Access, and Data Transport solutions that satisfy the requirements of corporate and remote workforce. Services are delivered over fiber optic, coaxial, and wireless networks to assist businesses fully connected from any location. Nexxis provides dedicated internet access with speeds of up to 10 Gbps, FailSAFE, a Cloud-first SD-WAN solution, that delivers industry-leading connectivity to cloud services, cloud-based Hosted VoIP and Unified Communications that provide business continuity and integration with Microsoft Teams.

Data Analytics: The Company’s trademarked Infralytics™ offering was developed to empower IT organizations to respond quickly and intelligently to business-impact issues as they arise.  With Infralytics custom dashboards, a client can monitor physical servers, virtual machines, network devices, applications, and services across multiple platforms – whether on-premises, virtual, or in the Cloud. It also allows the Company’s clients to gain enhanced visibility and control over their physical, virtual, and cloud IT infrastructure via customized, interactive dashboards. In addition, utilizing IBM’s Watson the Company is taking disparate data sources and developing algorithms to provide greater insight into the aggregation of that data.  All of this is provided as a service with the primary deliverable a real-time dashboard.

Corporate History

On October 20, 2008, the Company consummated a share exchange transaction with Euro Trend Inc. The Company subsequently changed its name from Euro Trend Inc. to Data Storage Corporation.

Data Storage Corporation acquired the assets of SafeData, LLC in June 2010, and the assets of Message Logic LLC, (“Message Logic”) in October 2012.

In November 2012, the Company entered into an agreement with an IBM partner, ABC Services, Inc. to provide an IBM Power cloud infrastructure offering, marketed under the name Secure Infrastructure & Services LLC (“SIAS”), a New York limited liability company.

In October 2016, the Company purchased the assets of ABC Services, Inc., which included the remaining 50% of the SIAS company.

On June 1, 2021, the Company merged its Florida company with Flagship Solutions, LLC. This transaction with an IBM Gold Business Partner was synergetic to the Company’s services and added new solutions such as IP with their Renewalytics managed maintenance/software and data analytics practice.

The result of these acquisitions, combined with the Company’s legacy business continuity disaster recovery and IBM Power cloud infrastructure solutions, positions Data Storage Corporation as a leader.

Competitive Landscape

The markets for the Company’s products and services are competitive. However, competition is limited in the Company’s $46.7 billion marketplace, compared to the limitless competitors, competing against Amazon Web Services (AWS), Google, and Microsoft today which hold an estimated 51% of the marketplace for X86 cloud infrastructure and X86 disaster recovery platforms. Today, the IBM Power community, based on a recent IBM user survey, only 15% of the IBM Power server community utilizes the cloud. Other Company services and solutions, outside of the IBM Power user community face many competitors for cyber security and data analytics, however, these solutions and services are typically provided by the Company to their existing clients and distribution companies.

These markets are characterized by frequent product introductions and rapid technological advances. The Company’s financial condition and operating results can be adversely affected by these and other industry-wide downward pressures on gross margins. Principal competitive factors important to the Company include price, product features, relative price and performance, product quality and reliability, strong third-party software, marketing and distribution capability, service and support and corporate reputation.

The Company is focused on expanding its market opportunities globally related to disaster recovery and cloud infrastructure, primarily focused on the IBM community. These markets are highly competitive and include several large, well-funded and experienced participants.

The Company’s future financial condition and operating results depend on the Company’s ability to continue to provide a high-quality solution as well as increase distribution of the solutions in each of the markets in which it competes.

Flagship Solutions, LLC.

On February 4, 2021, we entered into an Agreement and Plan of Merger (the “Merger Agreement”) with Data Storage FL, LLC, a Florida limited liability company and our wholly-owned subsidiary (the “Merger Sub”), Flagship Solutions, LLC (“Flagship”), a Florida limited liability company, and the owners (collectively, the “Equityholders”) of all of the issued and outstanding limited liability company membership interests in Flagship (collectively, the “Equity Interests”), pursuant to which, upon the Closing (as defined below), we acquired Flagship through the merger of Merger Sub with and into Flagship (the “Merger”), with Flagship being the surviving company in the Merger and becoming, as a result, our wholly-owned subsidiary. The closing of the Merger (the “Closing”) Flagship was completed on June 1, 2021. Flagship is a provider of IBM equipment and solutions, managed services and cloud solutions that include cloud-based server monitoring and management, 24×7 help desk support, and data center infrastructure management.

Concurrently with the Closing, Flagship and Mark Wyllie, Flagship’s Chief Executive Officer, entered into an Employment Agreement (the “Wyllie Employment Agreement”), which became effective upon consummation of the Closing, pursuant to which Mr. Wyllie will continue to serve as Chief Executive Officer of Flagship following the Closing on the terms and conditions set forth therein. Flagship’s obligations under the Wyllie Employment Agreement will also be guaranteed by the Company. The Wyllie Employment Agreement contains customary salary, bonus, employee benefits, severance and restrictive covenant provisions. In addition, pursuant to the Wyllie Employment Agreement, Mr. Wyllie was appointed to serve as a member of the Board during the term of his employment thereunder. Mr. Wyllie, as of November 11, 2021, became an Officer of the Company.

The foregoing information has been filed as an exhibit to the 2021 Annual Report. Readers should review those agreements for a complete understanding of the terms and conditions associated with this transaction.

COVID-19

In December 2019, a novel strain of coronavirus, COVID-19, was reported in Wuhan, China. The World Health Organization determined that the outbreak constituted a “Public Health Emergency of International Concern” and declared a pandemic. The COVID-19 pandemic is disrupting businesses and affecting production and sales across a range of industries, as well as causing volatility in the financial markets. The extent of the impact of the COVID-19 pandemic on the Company’s customer demand, sales and financial performance will depend on certain developments, including, among other things, the duration and spread of the outbreak and the impact on its customers and employees, all of which are uncertain and cannot be predicted. See “Risk Factors” for information regarding certain risks associated with the pandemic.

The COVID-19 pandemic has accelerated cloud transformation efforts for new and existing customers and underscored the importance and mission-critical nature of multi-cloud strategies. Over the last year, customers have increasingly turned to cloud solutions to pivot to new business models, improved their disaster recovery of mission-critical data, migrated to cloud-based solutions and reduced their capital expenditure requirements. 

Since September 2021 the Company has adopted a hybrid model that allows for its employees to either work remotely utilizing solutions the Company provides to their clients and distribution channels, or work in its offices. Additionally, the Company’s remote, technology-enabled model has enabled minimal disruption to its go-to-market efforts and service delivery organizations. 

Currently, the COVID-19 pandemic has not had a significant impact on the Company’s operations or financial performance; however, the ultimate extent of the impact of the COVID-19 pandemic on its operational and financial performance will depend on certain developments, including the duration and spread of the outbreak and its impact on the Company’s customers, vendors and employees and its impact on its sales cycles as well as industry events, all of which are uncertain and cannot be predicted.

The extent of the impact, if any, will depend on future developments, including actions taken to contain COVID-19. See also “Risk Factors” for more information.

On April 30, 2020, the Company was granted a loan from a banking institution, in the principal amount of $481,977 (the “Loan”), pursuant to the Paycheck Protection Program (the “PPP”) under Division A, Title I of the Coronavirus Aid, Relief, and Economic Security Act (the “CARES Act”), which was enacted on March 27, 2020. The Loan, which was in the form of a Note dated April 30, 2020, matures on April 30, 2022, and bears interest at a fixed rate of 1.00% per annum, payable monthly to Signature Bank, as the lender, commencing on November 5, 2020. Funds from the loan may only be used to retain workers and maintain payroll or make mortgage payments, lease payments and utility payments. Management used the entire Loan amount for qualifying expenses. Under the terms of the PPP, certain amounts of the Loan may be forgiven if they are used for qualifying expenses as described in the CARES Act. The Company received forgiveness for the full amount during the year ended December 31, 2021.

The extent of the impact, if any, will depend on future developments, including actions taken to contain COVID-19. See also “Risk Factors” for more information.

Reverse Stock Split

On March 8, 2021, the Company’s Board of Directors and its stockholders that have in excess of 50% of its voting power approved an amendment to its articles of incorporation to effect a reverse stock split with a ratio of between 1:2 to 1:60, to be effected in the discretion of its Board of Directors. Based on the Nasdaq up listing on May 17, 2021, the Company had a reverse split of 40:1.

Government Regulation

The Company is subject to various federal, state, local and international laws with respect to its receipt, storage and processing of personal information and other customer data.

The Company receives, stores, and processes personal information and other customer data. Personal privacy has become a significant issue in the United States and in many other countries where the Company may provide its offering of solutions. The regulatory framework for privacy issues worldwide is currently complex and evolving, and it is likely to remain uncertain for the foreseeable future. There are numerous federal, state, local, and foreign laws regarding privacy and the storing, sharing, use, processing, disclosure, and protection of personal information and other customer data, the scope of which are changing, subject to differing interpretations, and may be inconsistent among countries or conflict with other rules. The Company generally seeks to comply with industry standards and is subject to the terms of its privacy policies and privacy-related obligations to third parties. The Company strives to comply with all applicable laws, policies, legal obligations, and industry codes of conduct relating to privacy and data protection to the extent possible. Any failure or perceived failure by the Company to comply with its privacy policies, its privacy-related obligations to customers or other third parties, its privacy-related legal obligations, or any compromise of security that results in the unauthorized release or transfer of personally identifiable information or other customer data, may result in governmental enforcement actions, litigation, or public statements against the Company by consumer advocacy groups or others and could cause its customers to lose trust in it, which could have an adverse effect on its reputation and business. Any significant change to applicable laws, regulations, or industry practices regarding the use or disclosure of the Company’s customer’s data, or regarding the manner in which the express or implied consent of customers for the use and disclosure of such data is obtained, could require the Company to modify its solutions and features, possibly in a material manner, and may limit its ability to develop new services and features that make use of the data that its customers voluntarily share with the Company.

The Company’s solutions are used by customers in the health care industry, and the Company must comply with numerous federal and state laws related to patient privacy in connection with providing its solutions to these customers. In particular, the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”), and the Health Information Technology for Economic and Clinical Health Act (“HITECH”) include privacy standards that protect individual privacy by limiting the uses and disclosures of individually identifiable health information and implementing data security standards. Because the Company’s solutions may backup individually identifiable health information for its customers, its customers are mandated by HIPAA to enter into written agreements with the Company known as business associate agreements that require it to safeguard individually identifiable health information. Business associate agreements typically include:

Human Capital Resources

The Company believes that its success depends upon its ability to attract, develop and retain key personnel. As of March 31, 2022, the Company employed 60 full-time employees and 2 part-time employees, of which eight are executive management, thirteen are administration and finance, twelve are sales staff and twenty-nine were part of its technical team. None of the Company’s employees are covered by collective bargaining agreements, and management considers relations with the Company’s employees to be in good standing. Although the Company continually seeks to add additional talent to its workforce, management believes that it has sufficient human capital to operate its business successfully.

The Company’s compensation programs are designed to align the compensation of its employees with its performance and to provide the proper incentives to attract, retain and motivate employees to achieve superior results. The structure of the Company’s compensation programs balances incentive earnings for both short-term and long-term performance.

The health and safety of the Company’s employees is its highest priority, and this is consistent with its operating philosophy.

Corporate Information

The primary mailing address for the Company is 48 South Service Road, Suite 203, Melville, NY 11747.

Available Information

The Company’s corporate website address is www.datastoragecorp.com. All filings the Company makes with the Securities and Exchange Commission (“SEC”), including its Annual Report on Form 10-K, its Quarterly Reports on Form 10-Q, its Current Reports on Form 8-K, its proxy statements and any amendments thereto filed or furnished pursuant to Section 13(a) or 15(d) of the Securities Exchange Act of 1934, as amended, are available for free in the Investor Relations section of the Company’s website as soon as reasonably practicable after they are filed with or furnished to the SEC. The reference to the Company’s website address does not constitute inclusion or incorporation by reference of the information contained on the Company’s website in this Form 10-K or other filings with the SEC, and the information contained on the Company’s website is not part of this document.

ITEM 1A. RISK FACTORS

Investing in the Company’s common stock involves a high degree of risk. You should carefully consider the following risks together with the other information in this Annual Report.

Risks Related to Data Storage’s Business

The Company has not generated a significant amount of net income and it may not be able to sustain profitability in the future.

As reflected in the consolidated financial statements, the Company had a net income available to shareholders of $204,161 and $55,339 for the years ended December 31, 2021 and 2020, respectively. As of December 31, 2021, the Company had cash of $12,135,803 and working capital of $12,084,815.

If the Company is unable to attract new customers to its infrastructure and disaster recovery/ cloud subscription services on a cost-effective basis, its revenue and operating results would be adversely affected.

The Company generates the majority of its revenue from the sale of subscriptions to its infrastructure and disaster recovery/cloud solutions. In order to grow, the Company must continue to attract customers, many of whom may have not previously used infrastructure as a service and cloud disaster recovery backup solutions. The Company uses and periodically adjusts a diverse mix of advertising and marketing programs to promote its solutions. Significant increases in the pricing of one or more of the Company’s advertising channels would increase its advertising costs or cause it to choose less expensive and perhaps fewer effective channels. As the Company adds to or changes the mix of its advertising and marketing strategies, it may expand into channels with significantly higher costs than its current programs, which could adversely affect its operating results. The Company may incur advertising and marketing expenses significantly in advance of the time it anticipates recognizing any revenue generated by such expenses, and it may only at a later date, or never, experience an increase in revenue or brand awareness as a result of such expenditures. Additionally, because the Company recognizes revenue from customers over the terms of their subscriptions, a large portion of its revenue for each quarter reflects deferred revenue from subscriptions entered into during previous quarters, and downturns or upturns in subscription sales or renewals may not be reflected in the Company’s operating results until later periods. It has made in the past, and may make in the future, significant investments to test new advertising, and there can be no assurance that any such investments will lead to the cost-effective acquisition of additional customers. If the Company is unable to maintain effective advertising programs, its ability to attract new customers could be adversely affected, its advertising and marketing expenses could increase substantially, and its operating results may suffer. 

A portion of the Company’s potential customers locate its website through search engines, such as Google, Bing, and Yahoo!. The Company’s ability to maintain the number of visitors directed to its website is not entirely within its control. If search engine companies modify their search algorithms in a manner that reduces the prominence of the Company’s listing, or if its competitors’ search engine optimization efforts are more successful than the Company’s, fewer potential customers may click through to its website. In addition, the cost of purchased listings has increased in the past and may increase in the future. A decrease in website traffic or an increase in search costs could adversely affect the Company’s customer acquisition efforts and its operating results.

The Company expects to continue to acquire or invest in other companies, which may divert its management’s attention, result in additional dilution to its stockholders, and consume resources that are necessary to sustain its business.

Having completed the merger with Flagship, the Company expects to continue to acquire complementary solutions, services, technologies, or businesses in the future. The Company may also enter into relationships with other businesses to expand its portfolio of solutions or its ability to provide its solutions in foreign jurisdictions, which could involve preferred or exclusive licenses, additional channels of distribution, discount pricing, or investments in other companies. Negotiating these transactions can be time-consuming, difficult and expensive, and its ability to complete these transactions may often be subject to conditions or approvals that are beyond its control. Consequently, these transactions, even if a definitive purchase agreement is executed and announced, may not close.

Acquisitions may also disrupt the Company’s business, divert its resources, and require significant management attention that would otherwise be available for the development of its business. Moreover, the anticipated benefits of any acquisition, investment, or business relationship may not be realized on a timely basis or at all or the Company may be exposed to known or unknown liabilities, including litigation against the companies that it may acquire. In connection with any such transaction, the Company may:

Any of these risks could harm the Company’s business and operating results.

Integration of an acquired company’s operations may present challenges.

The integration of an acquired company requires, among other things, coordination of administrative, sales and marketing, accounting and finance functions, and expansion of information and management systems. Integration may prove to be difficult due to the necessity of coordinating geographically separate organizations and integrating personnel with disparate business backgrounds and accustomed to different corporate cultures. The Company may not be able to retain key employees of an acquired company. Additionally, the process of integrating a new solution or service may require a disproportionate amount of time and attention of the Company’s management and financial and other resources. Any difficulties or problems encountered in the integration of a new solution or service could have a material adverse effect on the Company’s business.

The Company intends to continue to acquire businesses that it believes will help achieve its business objectives. As a result, the Company’s operating costs will likely continue to grow. The integration of an acquired company may cost more than the Company anticipates, and it is possible that the Company will incur significant additional unforeseen costs in connection with such integration, which may negatively impact its earnings.

In addition, the Company may only be able to conduct limited due diligence on an acquired company’s operations. Following an acquisition, the Company may be subject to liabilities arising from an acquired company’s past or present operations, including liabilities related to data security, encryption and privacy of customer data, and these liabilities may be greater than the warranty and indemnity limitations that the Company negotiates. Any liability that is greater than these warranty and indemnity limitations could have a negative impact on the Company’s financial condition.

Even if successfully integrated, there can be no assurance that the Company’s operating performance after an acquisition will be successful or will fulfill management’s objectives.

Risks Related to the Merger with Flagship

On May 31, 2021, the Company completed the Merger. The Company expects that Flagship’s business will be synergistic with its existing IBM business and anticipates meaningful operation efficiency and that the Merger will provide a comprehensive one-stop provider to cross-sell solutions across each organization’s respective enterprise, as well as middle-market customers. Key offerings for the combined companies are expected to include a wide array of multi-cloud information technology solutions in highly secure, reliable enterprise level cloud services for companies using IBM Power systems, Microsoft Windows and Linux, including: Infrastructure as a Service (IaaS), Disaster Recovery of digital information (DRaaS), Cyber Security as a Service (CSaaS), and Data Analytics as a Service.

Since having completed the merger, however, the Company still faces risks and unknowns associated with the Merger. Ultimately, the Company may not realize the anticipated benefits of the merger with Flagship and integrating and operating Data Storage’s and Flagship’s business may be more difficult, time-consuming, or costly than expected. Additionally, integrating and operating the Flagship business could result in higher capital expenditures than anticipated, which could result in the Company’s need to raise additional capital for its operations.

The Company may fail to maintain an effective system of internal controls, which may result in material misstatements of its consolidated financial statements or cause it to fail to meet its periodic reporting obligations. 

The Company has identified material weaknesses in its internal control over financial reporting for the year ended December 31, 2020.

In connection with the audit of the Company’s consolidated financial statements as of and for the fiscal year ended December 31, 2020, the Company identified a material weakness in its internal control over financial reporting. A material weakness is a deficiency, or a combination of deficiencies, in internal control over financial reporting such that there is a reasonable possibility that a material misstatement of its annual or interim financial statements will not be prevented or detected on a timely basis.

The material weaknesses identified during management’s assessment were a lack of sufficient internal accounting expertise to provide reasonable assurance that its financial statements and notes thereto are prepared in accordance with generally accepted accounting principles. This material weakness did not result in any errors to the consolidated financial statements as of and for the fiscal year ended December 31, 2020.

To address this material weakness, the Company hired Chris H. Panagiotakos to serve as the Company’s Chief Financial Officer. Chris has over 23 years of public company accounting experience and brings a broad range of experience related to public company accounting matters.

The Company also took actions to improve its control environment related to certain aspects of its information technology systems. As of the year ended December 31, 2021, the Company concluded that its remediation efforts have been successful, and that the previously identified material weakness in its internal control over financial reporting has been remediated. However, while the material weakness has been remediated, the Company continues to seek improvements to enhance its control environment and to strengthen its internal controls to provide reasonable assurance that its financial statements continue to be fairly stated in all material respects.

The Company can give no assurance that additional material weaknesses will not be identified in the future. The Company’s failure to implement and maintain effective internal control over financial reporting could result in errors in its consolidated financial statements that could result in a restatement of its financial statements and could cause it to fail to meet its reporting obligations, any of which could diminish investor confidence in the Company and cause a decline in the price of its common stock.

The Company is controlled by three principal stockholders who serve as its executive officers and directors.

As of March 30, 2022, through their aggregate voting power, Messrs. Piluso, Schwartz and Kempster control approximately 37.28% of the Company’s outstanding common stock, giving them the ability to control a significant portion of the votes for the Company’s directors and all other matters requiring the approval of its stockholders, including the election of all of its directors and the approval of the reverse stock split.

Risks Related to the Company’s Industry

The market for cloud solutions is highly competitive, and if the Company does not compete effectively, its operating results will be harmed.

The market for the Company’s services is highly competitive, quickly evolving and subject to rapid changes in technology. The Company expects to continue to face intense competition from its existing competitors as well as additional competition from new market entrants in the future as the market for its services continues to grow.

The Company competes with cloud backup and infrastructure providers and providers of traditional hardware-based systems and IBM Power Systems. Its current and potential competitors vary by size, service offerings, and geographic region. These competitors may elect to partner with each other or with focused companies to grow their businesses. They include:

Many of these competitors benefit from significant competitive advantages over the Company, given their desire to enter into this niche marketplace, such as greater name recognition, longer operating histories, more varied services, and larger marketing budgets, as well as greater financial, technical, and other resources. In addition, many of these competitors have established marketing relationships and major distribution agreements with computer manufacturers, internet service providers, and resellers, giving them access to larger customer bases. Some of these competitors may make acquisitions or enter into strategic relationships to offer a more comprehensive service than the Company does. As a result, some of these competitors may be able to:

In addition, demand for the Company’s cloud solutions is sensitive to price. Many factors, including the Company’s customer acquisition, advertising and technology costs, and its current and future competitors’ pricing and marketing strategies, can significantly affect its pricing strategies. Certain of the Company’s competitors offer, or may in the future offer, lower-priced or free solutions that compete with its solutions.

Additionally, consolidation activity through strategic mergers, acquisitions and joint ventures may result in new competitors that can offer a broader range of products and services, may have a greater scale or a lower cost structure. To the extent such consolidation results in the ability of vertically integrated companies to offer more integrated services to customers than the Company can, customers may prefer the single-source approach and direct more business to such competitors, thereby impairing the Company’s competitive position. Furthermore, new entrants not currently considered to be competitors may enter the market through acquisitions, partnerships or strategic relationships. As the Company looks to market and sell its services to potential customers, the Company must convince its internal stakeholders that the Company’s services are superior to their current solutions. If the Company is unable to anticipate or react to these competitive challenges, its competitive position would weaken, which could adversely affect its business, financial condition and results of operations. These combinations may make it more difficult for the Company to compete effectively and its inability to compete effectively would negatively impact its operating results. In addition, there can be no assurance that the Company will not be forced to engage in price-cutting initiatives, or to increase its advertising and other expenses to attract and retain customers in response to competitive pressures, either of which could have a material adverse effect on the Company’s revenue and operating results.

If a cyberattack was able to breach the Company’s security protocols and disrupt its data protection platform and solutions, and any such disruption could increase its expenses, damage its reputation, harm its business and adversely affect its stock price.

The Company has implemented various protocols and regularly monitors its systems via security software to reduce any security vulnerabilities. The Company also relies on third-party providers for a number of critical aspects of its infrastructure cloud and disaster recovery business continuity services, and consequently, it does not maintain direct control over the security or stability of those associated systems. Furthermore, the firmware, software, and/or open-source software that its data protection solutions may utilize could be susceptible to hacking or misuse. In the event of the discovery of a significant security vulnerability, the Company would incur additional substantial expenses and its business would be harmed.

The process of developing new technologies is complex and uncertain, and if the Company fails to accurately predict customers’ changing needs and emerging technological trends or if the Company fails to achieve the benefits expected from its investments, its business could be harmed. The Company believes that it must continue to dedicate a significant amount of resources to its research and development efforts to maintain its competitive position and it must commit significant resources to develop new solutions before knowing whether its investments will result in solutions the market will accept. The Company’s new solutions or solution enhancements could fail to attain sufficient market acceptance or harm its business for many reasons, including:

In addition, new technologies have the risk of defects that may not be discovered until after the product launches, resulting in adverse publicity, loss of revenue or harm to the Company’s business and reputation.

Any significant disruption in service, in the Company’s computer systems, or caused by its third-party storage and system providers could damage its reputation and result in a loss of customers, which would harm its business, financial condition, and operating results.

The Company’s reputation, and ability to attract, retain and serve its customers is dependent upon the reliable performance of its network infrastructure and payment systems, and its customers’ ability to readily access their stored files. The Company has experienced interruptions in these systems in the past, including server failures that temporarily slowed down its customers’ ability to access their stored files, or made the Company’s infrastructure inaccessible, and it may experience interruptions or outages in the future.

In addition, while the Company both operates and maintains elements of network infrastructure, some elements of this complex system are operated by third parties that the Company does not control and that would require significant time to replace. The Company expects this dependence on third parties to increase. In particular, the Company utilizes IBM and Intel to provide equipment and support. All of these third-party systems are located in data center facilities operated by third parties. While these data centers are of the highest level, Tier 3, there can be no assurance that they will not experience disruptions that will adversely impact the Company’s ability to service its customers. The Company’s data center leases expire at various times between 2021 and 2023 with rights of extension. If the Company were unable to renew these agreements on commercially reasonable terms, it may be required to transfer that portion of its computing and storage capacity to new data center facilities, and it may incur significant costs and possible service interruption in connection with doing so.

The Company also relies upon third-party colocation providers to host its main servers. If these providers are unable to handle current or higher volumes of use, experience any interruption in operations or cease operations for any reason or if the Company is unable to agree on satisfactory terms for continued hosting relationships, the Company would be forced to enter into a relationship with other service providers or assume hosting responsibilities itself. If the Company is forced to switch data center facilities, which in itself is a competitive industry, it may not be successful in finding an alternative service provider on acceptable terms or in hosting the computer servers itself. The Company may also be limited in its remedies against these providers in the event of a failure of service.

Interruptions, outages and/or failures in the Company’s own systems, the third-party systems and facilities on which we rely, or the use of its data center facilities, whether due to system failures, computer viruses, cybersecurity attacks, physical or electronic break-ins, damage or interruption from human error, power losses, natural disasters or terrorist attacks, hardware failures, systems failures, telecommunications failures or other factors, could affect the security or availability of infrastructure, prevent the Company from being able to continuously back up its customers’ data or its customers from accessing their stored data, and may damage or delete its customers’ stored files. If this were to occur, the Company’s reputation could be compromised, and it could be subject to liability to the customers that were affected.

Any financial difficulties, such as bankruptcy, faced by the Company’s third-party data center operators, its third-party colocation providers, or any of the service providers with whom the Company or they contract, may have negative effects on its business, the nature and extent of which are difficult to predict. Moreover, if its third-party data center providers or its third-party colocation providers are unable to keep up with the Company’s growing needs for capacity, this could have an adverse effect on the Company’s business. Interruptions in the Company’s services might reduce its revenue, cause it to issue credits or refunds to customers, subject it to potential liability, or harm its renewal rates. In addition, prolonged delays or unforeseen difficulties in connection with adding storage capacity or upgrading its network architecture when required may cause the Company’s service quality to suffer. Problems with the reliability or security of the Company’s systems could harm its reputation, and the cost of remedying these problems could negatively affect the Company’s business, financial condition, and operating results.

Security vulnerabilities, data protection breaches and cyberattacks could disrupt the Company’s data protection platform and solutions, and any such disruption could increase its expenses, damage its reputation, harm its business, and adversely affect its stock price.

The Company relies on third-party providers for a number of critical aspects of its infrastructure cloud and disaster recovery business continuity services, and consequently, it does not maintain direct control over the security or stability of the associated systems. Furthermore, the firmware, software and/or open-source software that its data protection solutions may utilize could be susceptible to hacking or misuse. In the event of the discovery of a significant security vulnerability, the Company would incur additional substantial expenses and its business would be harmed.

The Company’s customers rely on its solutions for production, replication, and storage of digital copies of their files, including financial records, business information, photos, and other personally meaningful content. The Company also stores credit card information and other personal information about its customers. An actual or perceived breach of the Company’s network security and systems or other cybersecurity related events that cause the loss or public disclosure of, or access by third parties to, its customers’ stored files could have serious negative consequences for its business, including possible fines, penalties and damages, reduced demand for its solutions, an unwillingness of customers to provide the Company with their credit card or payment information, an unwillingness of its customers to use its solutions, harm to its reputation and brand, loss of its ability to accept and process customer credit card orders, and time-consuming and expensive litigation. If this occurs, the Company’s business and operating results could be adversely affected. Third parties may be able to circumvent the Company’s security by deploying viruses, worms, and other malicious software programs that are designed to attack or attempt to infiltrate its systems and networks and it may not immediately discover these attacks or attempted infiltrations. Further, outside parties may attempt to fraudulently induce the Company’s employees, consultants, or affiliates to disclose sensitive information in order to gain access to its information or its customers’ information. The techniques used to obtain unauthorized access, disable or degrade service, or sabotage systems change frequently, often are not recognized until launched against a target, and may originate from less regulated or remote areas around the world. As a result, the Company may be unable to proactively address these techniques or to implement adequate preventative or reactionary measures. In addition, employee or consultant error, malfeasance, or other errors in the storage, use, or transmission of personal information could result in a breach of customer or employee privacy. The Company maintains insurance coverage to mitigate the potential financial impact of these risks; however, its insurance may not cover all such events or may be insufficient to compensate it for the potentially significant losses, including the potential damage to the future growth of its business, that may result from the breach of customer or employee privacy. If the Company or its third-party providers are unable to successfully prevent breaches of security relating to its solutions or customer private information, it could result in litigation and potential liability for the Company, cause damage to its brand and reputation, or otherwise harm its business and its stock price.

Many states have enacted laws requiring companies to notify consumers of data security breaches involving their personal data. These mandatory disclosures regarding a security breach often lead to widespread negative publicity, which may cause the Company’s customers to lose confidence in the effectiveness of its data security measures. Any security breach, whether successful or not, would harm the Company’s reputation and could cause the loss of customers. Similarly, if a publicized breach of data security at any other cloud backup service provider or other major consumer website were to occur, there could be a general public loss of confidence in the use of the internet for cloud backup services or commercial transactions generally. Any of these events could have material adverse effects on the Company’s business, financial condition, and operating results.

The Company’s results of operations could be adversely affected by health outbreaks such as the COVID-19 pandemic.

A significant outbreak, epidemic or pandemic of contagious diseases in any geographic area in which the Company operates or plans to operate could result in a health crisis adversely affecting the economies, financial markets and overall demand for its services in such areas. In addition, any preventative or protective actions that governments implement or that the Company takes in response to a health crisis, such as travel restrictions, quarantines, or site closures, may interfere with the ability of the Company’s employees, suppliers, and customers to perform their responsibilities. Such results could have a material adverse effect on the Company’s business development.

The continued global COVID-19 pandemic has created significant volatility, uncertainty, and economic disruption. The extent to which the COVID-19 pandemic continues to impact the Company’s business, operations and financial results will depend on numerous evolving factors that it may not be able to accurately predict, including the duration and scope of the pandemic; governmental, business and individuals’ actions, including vaccination requirements, that have been and continue to be taken in response to the pandemic; the impact of the pandemic on economic activity and actions taken in response; the effect on future suppliers demand for the Company’s processing technologies and its future customers’ demand for its products; any closures of its and its suppliers’ or customers’ offices and facilities; and the need for enhanced health and hygiene requirements or social distancing or other measures in attempts to counteract future outbreaks in its offices and facilities. Potential business partners may also slow down decision-making, delay planned work or seek to terminate existing agreements. Any of these events could adversely affect the Company’s business development and financial condition.

The Company’s ability to provide services to its customers depends on its customers’ continued high-speed access to the internet and the continued reliability of the internet infrastructure.

The Company’s business depends on its customers’ continued high-speed access to the internet, as well as the continued maintenance and development of the internet infrastructure. While the Company also provides broadband internet services, many of its clients depend on third-party internet service providers to expand high-speed internet access, to maintain a reliable network with the necessary speed, data capacity, and security, and to develop complementary solutions and services, including high-speed solutions, for providing reliable and timely internet access and services. All of these factors are out of the Company’s control. To the extent that the internet continues to experience an increased number of users, frequency of use, or bandwidth requirements, the internet may become congested and be unable to support the demands placed on it, and its performance or reliability may decline. Any internet outages or delays could adversely affect the Company’s ability to provide services to its customers.

Currently, internet access is provided by telecommunications companies and internet access service providers that have significant and increasing market power in the broadband and internet access marketplace. In the absence of government regulation, these providers could take measures that affect their customers’ ability to use the Company’s products and services, such as attempting to charge their customers more for using the Company’s products and services. To the extent that internet service providers implement usage-based pricing, including meaningful bandwidth caps, or otherwise try to monetize access to their networks, the Company could incur greater operating expenses and customer acquisition and retention could be negatively impacted. Furthermore, to the extent network operators were to create tiers of internet access service and either charge the Company for or prohibit the Company’s services from being available to its customers through these tiers, its business could be negatively impacted. Some of these providers also offer products and services that directly compete with the Company’s own offerings, which could potentially give them a competitive advantage.

If the Company is unable to retain its existing customers, its business, financial condition, and operating results would be adversely affected.

If the Company’s efforts to satisfy its existing customers are not successful, it may not be able to retain them, and as a result, its revenue and ability to grow would be adversely affected. The Company may not be able to accurately predict future trends in customer renewals. Customers choose not to renew their subscriptions for many reasons, including if customer service issues are not satisfactorily resolved, a desire to reduce discretionary spending, or a perception that they do not use the service sufficiently, that the solution is a poor value, or that competitive services provide a better value or experience. If the Company’s approximate 94% retention rate significantly decreases, it may need to increase the rate at which it adds new customers in order to maintain and grow its revenue, which may require it to incur significantly higher advertising and marketing expenses than it currently anticipates, or its revenue may decline. A significant decrease in the Company’s retention rate would therefore have an adverse effect on its business, financial condition, and operating results. The Company’s estimates of the number of employees it retains and advertising costs are based to a large extent upon its subscription contracts, which may be terminated by customers typically upon 90 days notice prior to the ending term of their contract for services.

A decline in demand for the Company’s cyber security, disaster recovery, and/or infrastructure solutions, in general, would cause its revenue to decline.

The Company derives, and expects to continue to derive, a significant portion of its revenue from subscription services for business continuity, such as data protection solutions including its disaster recovery backup, replication, archive, and infrastructure as a service offering. Some of the potential factors that could affect interest in and demand for cloud solutions include:

In addition, substantially all of the Company’s revenue is currently derived from customers in the U.S. Consequently, a decrease of interest in and demand for the Company’s solutions in the U.S. could have a disproportionately greater impact on it than if its geographic mix of revenue was less concentrated.

The Company primarily depends upon third-party distribution companies to generate new customers.  The Company’s relationships with its partners and distributors may be terminated or may not continue to be beneficial in generating new customers, which could adversely affect its ability to increase its customer base.

The Company maintains a network of distributors, which refer customers to it through links on their websites or promotion to their customers. The number of customers that the Company is able to add through these relationships is dependent on the marketing efforts of distributors, over which it has little control. If the Company is unable to maintain its relationships, or renew contracts on favorable terms, with existing partners and distributors or establish new contractual relationships with potential partners and distributors, it may experience delays and increased costs in adding customers, which could have a material adverse effect on the Company. The Company’s distributors also provide services to other third parties and therefore may not devote their full time and attention to promote the Company’s products and services.

If the Company is unable to expand its base of business customers, its future growth and operating results could be adversely affected.

The Company has committed and continues to commit substantial resources to the expansion and increased marketing of its business solutions. If the Company is unable to market and sell its solutions to businesses with competitive pricing and in a cost-effective manner its ability to grow its revenue and achieve profitability may be harmed.

If the Company is unable to sustain market recognition of and loyalty to its brand, or if its reputation were to be harmed, it could lose customers or fail to increase the number of its customers, which could harm its business, financial condition, and operating results.

Given the Company’s market focus, maintaining and enhancing its brand is critical to its success. The Company believes that the importance of brand recognition and loyalty will increase in light of the increasing competition in its markets. The Company plans to continue investing substantial resources to promote its brand, both domestically and internationally, but there is no guarantee that its brand development strategies will enhance the recognition of its brand. Some of the Company’s existing and potential competitors have well-established brands with greater recognition than we have. If the Company’s efforts to promote and maintain the Company’s brand are not successful, the Company’s operating results and its ability to attract and retain customers may be adversely affected. In addition, even if the Company’s brand recognition and loyalty increase, it may not result in increased use of its solutions or higher revenue.

The Company’s solutions, as well as those of its competitors, are regularly reviewed in computer and business publications. Negative reviews, or reviews in which the Company’s competitors’ solutions and services are rated more highly than its solutions, could negatively affect its brand and reputation. From time to time, the Company’s customers express dissatisfaction with its solutions, including, among other things, dissatisfaction with its customer support, its billing policies, and the way its solutions operate. If the Company does not handle customer complaints effectively, its brand and reputation may suffer, it may lose its customers’ confidence, and they may choose not to renew their subscriptions. In addition, many of the Company’s customers participate in online blogs about computers and internet services, including the Company’s solutions, and its success depends in part on its ability to generate positive customer feedback through such online channels where consumers seek and share information. If actions that the Company takes or changes that it makes to its solutions upset these customers, their blogging could negatively affect its brand and reputation. Complaints or negative publicity about the Company’s solutions or billing practices could adversely impact its ability to attract and retain customers and its business, financial condition, and operating results.

The Company is subject to governmental regulation and other legal obligations related to privacy, and any actual or perceived failure to comply with such obligations would harm its business.

The Company receives, stores, and processes personal information and other customer data and maintains specific protocols and procedures to help safeguard the privacy of that personal information and customer data. Personal privacy has become a significant issue in the United States and in many other countries where the Company may offer its offering of solutions. The regulatory framework for privacy issues worldwide is currently complex and evolving, and it is likely to remain uncertain for the foreseeable future. There are numerous federal, state, local, and foreign laws regarding privacy and the storing, sharing, use, processing, disclosure and protection of personal information and other customer data, the scope of which are changing, subject to differing interpretations, and may be inconsistent among countries or conflict with other rules. The Company generally seeks to comply with industry standards and is subject to the terms of its privacy policies and privacy-related obligations to third parties. The Company strives to comply with all applicable laws, policies, legal obligations, and industry codes of conduct relating to privacy and data protection to the extent possible. However, it is possible that these obligations may be interpreted and applied in a manner that is inconsistent from one jurisdiction to another and may conflict with other rules or the Company’s practices. Any failure or perceived failure by the Company to comply with its privacy policies, its privacy-related obligations to customers or other third parties, its privacy-related legal obligations, or any compromise of security that results in the unauthorized release or transfer of personally identifiable information or other customer data, may result in governmental enforcement actions, litigation, or public statements against the Company by consumer advocacy groups or others and could cause its customers to lose trust in us, which could have an adverse effect on the Company’s reputation and business.

The Company’s customers may also accidentally disclose their passwords or store them on a mobile device that is lost or stolen, creating the perception that its systems are not secure against third-party access. Additionally, if third parties that the Company works with, such as vendors or developers, violate applicable laws or its policies, such violations may also put its customers’ information at risk and could in turn have an adverse effect on its business. Any significant change to applicable laws, regulations, or industry practices regarding the use or disclosure of the Company’s customers’ data, or regarding the manner in which the express or implied consent of customers for the use and disclosure of such data is obtained, could require it to modify its solutions and features, possibly in a material manner, and may limit its ability to develop new services and features that make use of the data that its customers voluntarily share with the Company.

The Company’s solutions are used by customers in the health care industry and it must comply with numerous federal and state laws related to patient privacy in connection with providing its solutions to these customers.

The Company’s solutions are used by customers in the health care industry and it must comply with numerous federal and state laws related to patient privacy in connection with providing its solutions to these customers. In particular, the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”), and the Health Information Technology for Economic and Clinical Health Act (“HITECH”) include privacy standards that protect individual privacy by limiting the uses and disclosures of individually identifiable health information and implementing data security standards. Because the Company’s solutions may backup individually identifiable health information for its customers, its customers are mandated by HIPAA to enter into written agreements with us known as business associate agreements that require the Company to safeguard individually identifiable health information. Business associate agreements typically include:

The Company may not be able to adequately address the business risks created by HIPAA or HITECH implementation or comply with its obligations under its business associate agreements. Furthermore, the Company is unable to predict what changes to HIPAA, HITECH or other laws or regulations might be made in the future or how those changes could affect its business or the costs of compliance. Failure by the Company to comply with any of the federal and state standards regarding patient privacy may subject the Company to penalties, including civil monetary penalties and, in some circumstances, criminal penalties, which could have an adverse effect on its business, financial condition, and operating results.

Errors, failures, bugs in or unavailability of the Company’s solutions released by it could result in negative publicity, damage to its brand, returns, loss of or delay in market acceptance of its solutions, loss of competitive position, or claims by customers or others.

The Company offers solutions that operate in a wide variety of environments, systems, applications, and configurations, that are often installed and used in large-scale computing environments with different operating systems, system management software, and equipment and networking configurations. The Company’s customers’ computing environments are often characterized by a wide variety of standard and non-standard configurations that can make pre-release testing for programming or compatibility errors very difficult and time-consuming. In addition, despite testing by the Company and others, errors, failures, or bugs may not be found in new solutions or releases until after distribution. In the past, when the Company has discovered any software errors, failures or bugs in certain of its solution offerings after their introduction or when new versions are released, it, in some cases, has experienced delayed or lost revenues as a result of these errors. In addition, the Company relies on hardware purchased or leased and software licensed from third parties to offer its solutions, and any defects in, or unavailability of, its third-party software or hardware could cause interruptions to the availability of its solutions.

Errors, failures, bugs in or unavailability of the Company’s solutions released by it could result in negative publicity, damage to its brand, returns, loss of or delay in market acceptance of its solutions, loss of competitive position, or claims by customers or others. Many of the Company’s end-user customers use its solutions in applications that are critical to their businesses and may have a greater sensitivity to defects in its solutions than to defects in other, less critical, software solutions. In addition, if an actual or perceived breach of information integrity or availability occurs in one of its end-user customer’s systems, regardless of whether the breach is attributable to its solutions, the market perception of the effectiveness of its solutions could be harmed. Alleviating any of these problems could require significant expenditures of the Company’s capital and other resources and could cause interruptions, delays, or cessation of its solution licensing, which could cause it to lose existing or potential customers and could adversely affect its operating results.

The Company faces many risks associated with its growth and plans to expand, which could harm its business, financial condition, and operating results.

The Company continues to experience sales growth in its business. This growth has placed, and may continue to place, significant demands on its management and its operational and financial infrastructure. As the Company’s operations grow in size, scope, and complexity, it will need to improve and upgrade its systems and infrastructure to attract, service, and retain an increasing number of customers. The expansion of its systems and infrastructure will require the Company to commit substantial financial, operational, and technical resources in advance of an increase in the volume of business, with no assurance that the volume of business will increase. Any such additional capital investments will increase the Company’s cost base. Continued growth could also strain the Company’s ability to maintain reliable service levels for its customers, develop and improve its operational, financial, and management controls, enhance its reporting systems and procedures, and recruit, train, and retain highly skilled personnel. If the Company fails to achieve the necessary level of efficiency in its organization as it grows, its business, financial condition, and operating results could be harmed.

The Company has office locations in New York and Florida, and data centers in New York, Massachusetts, North Carolina, Florida, and Texas. If the Company is unable to effectively manage a large and geographically dispersed group of employees and contractors or to anticipate its future growth and personnel needs, its business may be adversely affected. As the Company expands its business, it adds complexity to its organization and must expand and adapt its operational infrastructure and effectively coordinate throughout its organization. As a result, the Company has incurred and expects to continue to incur additional expenses related to its continued growth.

The Company also anticipates that its efforts to expand internationally will entail the marketing and advertising of its services and brand and the development of localized websites. The Company does not have substantial experience in selling its solutions in international markets or in conforming to the local cultures, standards, or policies necessary to successfully compete in those markets, and it must invest significant resources in order to do so. The Company may not succeed in these efforts or achieve its customer acquisition or other goals. For some international markets, customer preferences and buying behaviors may be different, and the Company may use business or pricing models that are different from its traditional subscription model to provide cloud backup and related services to customers. The Company’s revenue from new foreign markets may not exceed the costs of establishing, marketing, and maintaining its international solutions, and therefore may not be profitable on a sustained basis, if at all.

The Company’s intended international expansion will subject it to risks typically encountered when operating internationally.

The Company intends to expand internationally which subjects it to new risks that it has not generally faced in the United States. These risks include:

Operating in international markets also requires significant management attention and financial resources. The investment and additional resources required to establish operations and manage growth in other countries may not produce desired levels of revenue or profitability.

The Company’s software contains encryption technologies, certain types of which are subject to U.S. and foreign export control regulations and, in some foreign countries, restrictions on importation and/or use. Any failure on the Company’s part to comply with encryption or other applicable export control requirements could result in financial penalties or other sanctions under the U.S. export regulations, including restrictions on future export activities, which could harm its business and operating results. Regulatory restrictions could impair the Company’s access to technologies that it seeks for improving its solutions and may also limit or reduce the demand for its solutions outside of the U.S.

The loss of the Company’s key personnel, or its failure to attract, integrate, and retain other highly qualified personnel, could harm its business and growth prospects.

The Company depends on the continued service and performance of its key personnel. In addition, many of the Company’s key technologies and systems are custom-made for its business by its personnel. The loss of key personnel, including key members of the Company’s management team, as well as certain of its key marketing, sales, product development, or technology personnel, could disrupt its operations and have an adverse effect on its ability to grow its business. In addition, several of the Company’s key personnel have only recently been employed by it, and the Company is still in the process of integrating these personnel into its operations. The Company’s failure to successfully integrate these key employees into its business could adversely affect its business.

To execute the Company’s growth plan, it must attract and retain highly qualified personnel. Competition for these employees is intense, and the Company may not be successful in attracting and retaining qualified personnel. The Company has from time to time in the past experienced, and it expects to continue to experience, difficulty in hiring and retaining highly-skilled employees with appropriate qualifications. New hires require significant training and, in most cases, take significant time before they achieve full productivity. The Company’s recent hires and planned hires may not become as productive as it expects, and it may be unable to hire or retain sufficient numbers of qualified individuals. Many of the companies with which it competes for experienced personnel have greater resources than it has. In addition, in making employment decisions, particularly in the internet and high-technology industries, job candidates often consider the value of the equity that they are to receive in connection with their employment. In addition, employees may be more likely to voluntarily exit the Company if the shares underlying their vested and unvested options, as well as unvested restricted stock units, have significantly depreciated in value resulting in the options they are holding is significantly above the market price of the Company’s common stock and the value of the restricted stock units decreasing. If the Company fails to attract new personnel, or fail to retain and motivate its current personnel, its business and growth prospects could be severely harmed.

Risks Related to Intellectual Property

Assertions by a third party that the Company’s solutions infringe its intellectual property, whether or not correct, could subject the Company to costly and time-consuming litigation or expensive licenses.

There is frequent litigation in the software and technology industries based on allegations of infringement or other violations of intellectual property rights. Any such claims or litigation may be time-consuming and costly, divert management resources, require the Company to change its services, require it to credit or refund subscription fees, or have other adverse effects on its business. Many companies are devoting significant resources to obtaining patents that could affect many aspects of the Company’s business. Third parties may claim that the Company’s technologies or solutions infringe or otherwise violate their patents or other intellectual property rights.

If the Company is forced to defend itself against intellectual property infringement claims, whether they have merit or are determined in its favor, it may face costly litigation, diversion of technical and management personnel, limitations on its ability to use its current websites and technologies, and an inability to market or provide its solutions. As a result of any such claim, the Company may have to develop or acquire non-infringing technologies, pay damages, enter into royalty or licensing agreements, cease providing certain services, adjust its marketing and advertising activities, or take other actions to resolve the claims. These actions, if required, may be costly or unavailable on terms acceptable to the Company, or at all.

Furthermore, the Company has licensed proprietary technologies from third parties that it uses in its technologies and business, and it cannot be certain that the owners’ rights in their technologies will not be challenged, invalidated, or circumvented. In addition to the general risks described above associated with intellectual property and other proprietary rights, the Company is subject to the additional risk that the seller of such technologies may not have appropriately created, maintained, or enforced their rights in such technology.

The Company relies on third-party software to develop and provide its solutions, including server software and licenses from third parties to use patented intellectual property.

The Company relies on software licensed from third parties to develop and offer its solutions. In addition, the Company may need to obtain future licenses from third parties to use intellectual property associated with the development of its solutions, which might not be available to the Company on acceptable terms, or at all. Any loss of the right to use any software required for the development and maintenance of the Company solutions could result in delays in the provision of its solutions until equivalent technology is either developed by the Company, or, if available from others, is identified, obtained, and integrated, which delay could harm its business. Any errors or defects in third-party software could result in errors or a failure of its solutions, which could harm its business.

If the Company is unable to protect its domain names, its reputation, brand, customer base, and revenue, as well as its business and operating results, could be adversely affected.

The Company has registered domain names for websites (“URLs”) that it uses in its business, such as www.datastoragecorp.com. If the Company is unable to maintain its rights in these domain names, its competitors or other third parties could capitalize on the Company’s brand recognition by using these domain names for their own benefit. In addition, although the Company owns the Company’s domain name under various global top-level domains such as .com and .net, as well as under various country-specific domains, it might not be able to, or may choose not to, acquire or maintain other country-specific versions of the Company’s domain name or other potentially similar URLs. Domain names similar to the Company’s have already been registered in the U.S. and elsewhere, and its competitors or other third parties could capitalize on its brand recognition by using domain names similar to the Company’s. The regulation of domain names in the U.S. and elsewhere is generally conducted by internet regulatory bodies and is subject to change. If the Company loses the ability to use a domain name in a particular country, it may be forced to either incur significant additional expenses to market its solutions within that country, including the development of a new brand and the creation of new promotional materials, or elect not to sell its solutions in that country. Either result could substantially harm its business and operating results. Regulatory bodies could establish additional top-level domains, appoint additional domain name registrars, or modify the requirements for holding domain names. As a result, the Company may not be able to acquire or maintain the domain names that utilize the Company’s name in all of the countries in which we currently conduct or intend to conduct business. Further, the relationship between regulations governing domain names and laws protecting trademarks and similar proprietary rights varies among jurisdictions and is unclear in some jurisdictions. The Company may be unable to prevent third parties from acquiring and using domain names that infringe, are similar to, or otherwise decrease the value of, its brand or its trademarks. Protecting and enforcing the Company’s rights in its domain names and determining the rights of others may require litigation, which could result in substantial costs, divert management attention, and not be decided favorably to the Company.

Risks Relating to the Company’s Common Stock and Securities

The Company’s stock price has fluctuated in the past and may be volatile in the future, and as a result, investors in its common stock could incur substantial losses.

The Company’s stock price has fluctuated in the past, has recently been volatile, and may be volatile in the future. By way of example, on February 11, 2021, the reported low sale price of the Company’s common stock was $16.80, and the reported high sales price was $38.80. For comparison purposes, on February 3, 2021, the price of the Company’s common stock closed at $6.80 per share, on February 11, 2021, its stock price closed at $30.40 per share, and on March 25, 2021, its stock price closed at $8.40 per share with no discernable announcements or developments by the company or third parties.  The Company may incur rapid and substantial decreases in its stock price in the foreseeable future that are unrelated to its operating performance or prospects. In addition, the recent COVID-19 pandemic has caused broad stock market and industry fluctuations. The stock market has experienced extreme volatility that has often been unrelated to the operating performance of particular companies. As a result of this volatility, investors may experience losses on their investment in the Company’s common stock. The market price for the Company’s common stock may be influenced by many factors, including the following:

These broad market and industry factors may seriously harm the market price of the Company’s common stock, regardless of its operating performance. Since the stock price of its common stock has fluctuated in the past, has been recently volatile and may be volatile in the future, investors in its common stock could incur substantial losses. In the past, following periods of volatility in the market, securities class-action litigation has often been instituted against companies. Such litigation, if instituted against the Company, could result in substantial costs and diversion of management’s attention and resources, which could materially and adversely affect its business, financial condition, results of operations and growth prospects. There can be no guarantee that the Company’s stock price will remain at current prices or that future sales of its common stock will not be at prices lower than those sold to investors.

Additionally, recently, securities of certain companies have experienced significant and extreme volatility in stock price due to short sellers of shares of common stock, known as a “short squeeze.” These short squeezes have caused extreme volatility in those companies and in the market and have led to the price per share of those companies to trade at a significantly inflated rate that is disconnected from the underlying value of the company. Many investors who have purchased shares in those companies at an inflated rate face the risk of losing a significant portion of their original investment as the price per share has declined steadily as interest in those stocks has abated. While the Company has no reason to believe its shares would be the target of a short squeeze, there can be no assurance that it won’t be in the future, and you may lose a significant portion or all of your investment if you purchase the Company’s shares at a rate that is significantly disconnected from its underlying value.

Upon exercise of the Company’s outstanding options or warrants, it will be obligated to issue a substantial number of additional shares of common stock which will dilute its present shareholders.

The Company is obligated to issue additional shares of its common stock in connection with any exercise or conversion, as applicable, of its outstanding options, warrants, and shares of its convertible preferred stock. As of December 31, 2021, there were options and warrants outstanding into an aggregate of 2,419,193 shares of common stock. The exercise of warrants or options will cause the Company to issue additional shares of its common stock and will dilute the percentage ownership of its shareholders. In addition, the Company has in the past, and may in the future, exchange outstanding securities for other securities on terms that are dilutive to the securities held by other shareholders not participating in such exchange.

Offers or availability for sale of a substantial number of shares of the Company’s common stock may cause the price of its common stock to decline.

Sales of large blocks of the Company’s common stock could depress the price of its common stock. The existence of these shares and shares of common stock that may be issuable upon conversion or exercise, as applicable, of outstanding shares of convertible preferred stock, warrants and options create a circumstance commonly referred to as an “overhang” which can act as a depressant to the Company’s common stock price. The existence of an overhang, whether or not sales have occurred or are occurring, also could make the Company’s ability to raise additional financing through the sale of equity or equity-linked securities more difficult in the future at a time and price that we deem reasonable or appropriate. If the Company’s existing shareholders and investors seek to convert or exercise such securities or sell a substantial number of shares of its common stock, such selling efforts may cause significant declines in the market price of its common stock. In addition, the shares of the Company’s common stock included in the Units and underlying warrants sold in the offering will be freely tradable without restriction or further registration under the Securities Act. As a result, a substantial number of shares of the Company’s common stock may be sold in the public market following this offering. If there are significantly more shares of common stock offered for sale than buyers are willing to purchase, then the market price of the Company’s common stock may decline to a market price at which buyers are willing to purchase the offered common stock and sellers remain willing to sell its common stock.

The Company does not expect to declare any common stock cash dividends in the foreseeable future.

The Company does not anticipate declaring any cash dividends to holders of Data Storage common stock in the foreseeable future. Consequently, common stockholders may need to rely on sales of their shares after price appreciation, which may never occur, as the only way to realize any future gains on their investment.

Because the Company may issue preferred stock without the approval of its shareholders and have other anti-takeover defenses, it may be more difficult for a third party to acquire the Company and could depress its stock price.

In general, the Company’s Board may issue, without a vote of its shareholders, one or more additional series of preferred stock that has more than one vote per share. Without these restrictions, the Company’s Board could issue preferred stock to investors who support it and its management and give effective control of its business to its management. Additionally, the issuance of preferred stock could block an acquisition resulting in both a drop in the Company’s stock price and a decline in interest of its common stock. This could make it more difficult for shareholders to sell their common stock. This could also cause the market price of the Company’s common stock shares to drop significantly, even if its business is performing well.

Provisions of Nevada law could delay or prevent an acquisition of Data Storage, even if the acquisition would be beneficial to its stockholders and could make it more difficult for stockholders to change Data Storage’s management.

Data Storage Corporation is subject to anti-takeover provisions under Nevada law, which could delay or prevent a change of control. Together, these provisions may make more difficult the removal of management and may discourage transactions that otherwise could involve payment of a premium over prevailing market prices for the Company’s securities. These provisions include: limitations on the ability to engage in any “combination” with an “interested stockholder” (each, as defined in the NRS) for two years from the date the person first becomes an “interested stockholder”; being subject to Sections 78.378 to 78.3793 of the NRS and allowing an “acquiring person” to obtain voting rights in “control shares” without shareholder approval; the ability of the Board to issue shares of currently undesignated and unissued preferred stock without prior stockholder approval; limitations on the ability of stockholders to call special meetings; and the ability of the Board to amend its amended Bylaws without stockholder approval. For more information, please see the section entitled “Description of Our Securities That We Are Offering-Nevada Anti-Takeover Statutes.”

ITEM 1B. UNRESOLVED STAFF COMMENTS

Not Applicable. 

ITEM 2. PROPERTIES

The Company currently has three leases for office space, with two offices located in Melville, NY, and one office in Boca Raton, FL. The Company’s principal offices are located at 48 South Service Road, Suite 203, Melville, NY 11747. We also maintain offices located at 980 North Federal Highway, Suite 302, Boca Raton, FL 33432. The Company’s data centers are in New York, Massachusetts, North Carolina, Florida and Texas. The Company believes that its current offices and facilities are adequate for the near future.

From 2016 until August 31, 2019, we leased office space in Melville, NY for monthly payments of $8,382. Upon termination of the lease in August 2019, we entered into a new lease for a technology lab in a smaller space commencing on September 1, 2019. The term of this lease is for three years and 11 months and runs co-terminus with the Company’s existing lease in the same building. The base annual rent is $10,764 payable in equal monthly installments of $897.

A second lease for office space in Melville, NY, was entered into on November 20, 2017, which commenced on April 2, 2018. The term of this lease is five years and three months at $86,268 per year with an escalation of 3% per year with an ending date of July 31, 2023.

On July 31, 2021, the Company signed a three-year lease for approximately 2,880 square feet of office space at 980 North Federal Highway, Suite 302, Boca Raton, Florida. The commencement date of the lease is August 1, 2021. The monthly rent is approximately $4,500.

The lease for office space in Warwick, RI, called for monthly payments of $2,324 beginning February 1, 2015, which escalated to $2,460 on February 1, 2017. This lease commenced on February 1, 2015, and originally expired on January 31, 2019. We extended this lease until January 31, 2020, and this lease was further extended until January 31, 2021. The annual base rent was $31,176 payable in equal monthly installments of $2,598. We have satisfied the terms of the lease and no longer occupy this premise.

The Company leases technical space in New York, Massachusetts, North Carolina and Florida. These leases are month to month and the monthly rent is approximately $41,500.

In 2020, the Company entered into a new technical space lease agreement in Dallas, TX. The lease term is 13 months and requires monthly payments of $1,403 and expires on July 31, 2023. 

ITEM 3. LEGAL PROCEEDINGS

From time to time, the Company may become involved in legal proceedings or be subject to claims arising in the ordinary course of its business. The Company is not presently a party to any legal proceedings that, if determined adversely to it, would individually or taken together have a material adverse effect on its business, operating results, financial condition or cash flows. Regardless of the outcome, litigation can have an adverse impact on the Company because of defense and settlement costs, diversion of management resources and other factors.

Not applicable.

PART II

ITEM 5. MARKET FOR REGISTRANT’S COMMON EQUITY, RELATED STOCKHOLDER MATTERS AND ISSUER PURCHASES OF EQUITY SECURITIES

Market Information

The Company’s common stock trades on The NASDAQ Capital Market under the symbol “DTST”.

Holders of the Company’s Common Stock

As of March 30, 2022, we had 39 shareholders of record of the Company’s common stock, one of which was Cede & Co., a nominee for Depository Trust Company (“DTC”). All the shares of the Company’s common stock held by brokerage firms, banks and other financial institutions as nominees for beneficial owners are deposited into participant accounts at DTC and are therefore considered to be held or recorded by Cede & Co. as one stockholder.

Dividend Policy

The Company has not declared or paid dividends on common stock since its formation and does not anticipate paying dividends in the foreseeable future. The declaration or payment of dividends, if any, in the future, will be at the discretion of Data Storage’s Board of Directors (the “Board of Directors” or the “Board”) and will depend on the then- current financial condition, results of operations, capital requirements and other factors deemed relevant by the Board. Each share of Series A Preferred Stock entitles its holder to receive cash dividends at a rate of ten percent (10%) per annum on the original issue price, compounding annually, in preference to holders of common stock. Preferred dividends are accrued quarterly. No Preferred shares are outstanding and no dividends have been paid to date since retiring in May 2021 one shareholder. The Company’s intention is to eliminate the preferred A.

Recent Sales of Unregistered Securities 

The Company did not sell any equity securities during the fiscal year ended December 31, 2021 that were not registered under the Securities Act, other than as previously disclosed in its filings with the SEC.

Issuer Purchases of Equity Securities

There were no issuer purchases of equity securities during the year ended December 31, 2021.

Equity Compensation Plan Information

See Part II–Item 12 under the heading “Security Ownership of Certain Beneficial Owners and Management and Related Stockholder Matters—Equity Compensation Plan Information” of this Annual Report on Form 10-K for equity compensation plan information.

ITEM 6. SELECTED FINANCIAL DATA

As a smaller reporting company, we are not required to provide disclosure pursuant to this item.

ITEM 7. MANAGEMENT’S DISCUSSION AND ANALYSIS OF FINANCIAL CONDITION AND RESULTS OF OPERATION

The following discussion of our plan of operation and results of operations should be read in conjunction with the financial statements and related notes to the financial statements included elsewhere in this Annual Report on Form 10-K. This discussion contains forward-looking statements that relate to future events or our future financial performance. These statements involve known and unknown risks, uncertainties and other factors that may cause our actual results, levels of activity, performance or achievements to be materially different from any future results, levels of activity, performance or achievements expressed or implied by these forward-looking statements. These risks and other factors include, among others, those listed under “Forward-Looking Statements” and “Risk Factors” and those included elsewhere in this report.

COMPANY OVERVIEW

Data Storage Corporation, headquartered in Melville, New York, together with its three subsidiaries, DSC, Flagship Solutions LLC and Nexxis, Inc. provides solutions and services to a broad range of clients in several industries, including healthcare, banking and finance, distribution services, manufacturing, construction, education, and government. The subsidiaries maintain business development teams, as well as independent distribution companies. As an example, the Company’s distribution channel of companies provides long-term subscription-based disaster recovery and cloud infrastructure without investing in the infrastructure, data centers, telecommunications or specialized technical staff, which substantially lowers their barrier of entry in providing these solutions to their client base. The distribution company has typically provided equipment and software. However, a client’s awareness in 2021 of the ability to migrate to an IBM Power cloud infrastructure and disaster recovery affords the distributor the ability to maintain the client and create an annuity year after year. To further support that awareness, over 55,000 visitors arrived at the Company’s website in 2021.

During 2021, based on the May capital raise and the up list to Nasdaq, the Company added distribution, business development representatives, marketing, and technical personnel. Management continues to be focused on building the Company’s sales and marketing strategy and expanding its technology assets throughout its data center network.

The Company’s business offices are in New York and Florida. The offices include a technology center and lab, adapted to meet the technical requirements of the Company’s clients. The Company maintains its own infrastructure, storage, and networking equipment required to provide subscription solutions in seven geographically diverse data centers located in New York, Massachusetts, Texas, Florida and North Carolina, and in Canada, Toronto, and Barrie, serving clients in the United States and Canada.

The Company’s Business Continuity Solutions allow clients to quickly recover from system outages, human and natural disasters, and cyber security attacks, such as Ransomware. The Company’s Managed Cloud Services starts with migration to the cloud and provides ongoing system support and management that enables its clients to run their software applications and technical workloads in a multi-cloud environment. The Company’s Cyber Security offerings include comprehensive consultation and a suite of data security, disaster recovery, and remote monitoring services and technologies that can be incorporated into the Company’s cloud solutions or be delivered as a standalone managed security offering covering the client site endpoint devices, users, servers, and equipment.

Solution architects and the Company’s business development teams work with organizations identifying and solving critical business problems. The Company carefully plans and manages the migration and configuration process, continuing the relationship and advising its clients long after the services have been implemented. As of this filing the Company has proposals outstanding of approximately $14 million in total contract value; and, total proposals outstanding including equipment and software of approximately $20 million. Reflecting on client satisfaction, the Company’s renewal rate on client subscription solutions is approximately 94% after their initial contract term expired.

The Company provides our clients subscription-based, long-term agreements for cloud disaster recovery, cloud infrastructure, telecommunications solutions, and high processing on-site computing power and software solutions. While a significant portion of our revenue has been subscription-based, we also generate revenue from the sale of equipment and software for cybersecurity, data storage, IBM Power systems equipment and managed service solutions. As of this filing the company has a backlog of over $500,000 in Annual Recurring Revenue (ARR) and equipment and software of approximately $2 million. 

2021 Business Update

On May 31, 2021, the Company completed a merger (the “Merger”) under an Agreement and Plan of Merger (the “Merger Agreement”) with Flagship Solutions, LLC (“Flagship”) (a Florida limited liability company) and the Company’s wholly-owned subsidiary, Data Storage FL, LLC, a Florida limited liability company. Flagship is a provider of IBM solutions, managed services, data analytics, cyber security and cloud solutions. The Company expects that Flagship’s business will be synergistic with the Company’s existing IBM business and anticipates meaningful operation efficiency of the two organizations. The Company also believes the Merger will provide the combined entities a comprehensive one-stop provider to cross-sell solutions across each organization’s respective enterprise, as well as middle-market customers. Key offerings for the combined companies are expected to include a wide array of multi-cloud information technology solutions in highly secure, reliable enterprise level cloud services for companies using IBM Power systems, Microsoft Windows and Linux, including: Infrastructure as a Service (IaaS), Disaster Recovery of digital information (DRaaS), Cyber Security as a Service (CSaaS), and Data Analytics as a Service.

Flagship focuses on the IBM user community with solutions and services such as, equipment, software, cyber security, data analytics, managed cloud solutions globally. The Company expects that Flagship’s business will be synergistic with the Company’s existing IBM user community focus and anticipates meaningful operation efficiency through the integration the organizations. The Company also believes the Merger will also provide the combined entities a comprehensive one-stop provider to cross-sell solutions across each organization’s respective enterprise, as well as middle-market customers. Key offerings for the combined companies are expected to include a wide array of multi-cloud information technology solutions in highly secure, reliable enterprise level cloud services for companies using IBM Power systems, Microsoft Windows and Linux, including: cloud Infrastructure as a Service, Disaster Recovery of digital information, Cyber Security as a Service, and Data Analytics. The Company intends to continue its strategy of growth through synergistic acquisitions.

The Company’s offices are in New York and Florida including technology centers, which are adapted to meet the requirements of its clients. In addition to office staffing, the Company employs additional remote staff. The Company maintains its infrastructure, storage and networking equipment required to provide our subscription solutions in seven geographically diverse data centers located in New York, Massachusetts, Texas, Florida, North Carolina and Canada.

RESULTS OF OPERATIONS

Year ended December 31, 2021 as compared to December 31, 2020

Revenue

Sales for the year ended December 31, 2021, increased by approximately 60% to $14,876,227 as compared to sales for the year ended December 31, 2020, or $9,320,933. The increase is primarily attributed to the additional sales from the Flagship merger and an increase in monthly subscription revenue. The Company derives its sales from five types of services that we provide: infrastructure & disaster recovery / cloud services which is the largest source of our sales, followed by equipment and software sales, managed services, professional fees, and Nexxis, VOIP and internet access services. The cloud infrastructure & disaster recovery/cloud services are subscription-based. We also provide equipment and software and actively participate in collaboration with IBM to provide innovative business solutions to clients. The professional services are providing the client cloud infrastructure and or Disaster Recovery implementation services as well as time and materials billing. Substantially all of the Company’s sales were to customers in the United States, with less than 1% of its sales to international customers.

The following chart details the changes in the Company’s sales for the years ended December 31, 2021 and 2020, respectively.

Expenses

Cost of Sales. For the year ended December 31, 2021, cost of sales was $8,459,117, an increase of $3,033,912 or 56% compared to $5,425,205 for the year ended December 31, 2020. The increase of $3,033,912 was mostly related to variable cost incurred to produce and sell the Company’s products or services.

Selling, general and administrative expenses. For the year ended December 31, 2021, selling, general and administrative expenses were $7,184,182, an increase of $3,287,391, or 84%, as compared to $3,896,791 for the year ended December 31, 2020. The net increase is reflected in the chart below.

Salaries. Salaries increased as a result of the increased staff due to the Flagship merger, and the hiring of additional employees, and raises granted to employees.

Professional fees. Professional fees increased primarily due to fees incurred for the Flagship merger, two new investor relations firms, and an increase in fees associated with being on NASDAQ.

Software as a Service Expense (SaaS). SaaS increased due to additional costs paid to existing vendors to make improvements to the Company’s customer relationship management software and purchases of new user licenses.

Advertising Expense. Advertising expense increased primarily due to additional marketing campaigns for the Flagship merger and an increase in existing advertising campaigns.

Commissions Expense. Commissions expense increased due to the increase in new revenues. Commission expense varies due to different contractual agreements with both contracted distributors and employees.

All Other Expenses. Other expenses increased primarily due to a combination of an increase in online training and continuing education, increase in travel after the Flagship merger, and an increase in bad debt expense. This was partially offset by a reduction in costs associated with employees working from home due to the pandemic as well as a reduction in expenses related to the Company’s office space in Melville, New York.  

Other Income (Expense). Other income for the year ended December 31, 2021, increased $452,940 to $627,362 from $174,422 for the year ended December 31, 2020. The increase in other income is primarily attributable to the gain on forgiveness of debt from the PPP loans and a decrease in interest expense. This was offset by the gain on contingent liability recorded in the prior year and the loss on disposal of assets recorded during the year.

Net Income (Loss) before provision for income taxes. Net (loss) before provision for income taxes for the year ended December 31, 2021, was $(105,543), as compared to a net income of $173,359 for the year ended December 31, 2020.

 
LIQUIDITY AND CAPITAL RESOURCES

The consolidated financial statements have been prepared using generally accepted accounting principles in the United States of America (“GAAP”) applicable for a going concern, which assumes that the Company will realize its assets and discharge its liabilities in the ordinary course of business.

To the extent the Company is successful in growing its business, identifying potential acquisition targets, and negotiating the terms of such acquisition, and the purchase price may include a cash component, the Company plans to use its working capital and the proceeds of any financing to finance such acquisition costs.

The Company’s opinion concerning its liquidity is based on current information. If this information proves to be inaccurate, or if circumstances change, The Company may not be able to meet its liquidity needs, which will require a renegotiation of related party capital equipment leases, a reduction in advertising and marketing programs, and/or a reduction in salaries for officers that are major shareholders.

The Company has long-term contracts to supply its subscription-based solutions that are invoiced to clients monthly. The Company believes its total contract value of its subscription contracts with clients based on the actual contracts that it has to date, exceeds $10 million. Further, the Company continues to see an uptick in client interest distribution channel expansion and in sales proposals. In 2021, the Company intends to continue to work to increase its presence in the IBM “Power I” infrastructure cloud and business continuity marketplace in the niche of IBM “Power” and in the disaster recovery global marketplace utilizing its technical expertise, data centers utilization, assets deployed in the data centers, 24 x 365 monitoring and software. 

During the year ended December 31, 2021, Data Storage’s cash increased $11,242,205 to $12,135,803 from $893,598 December 31, 2020. Net cash of $360,690 was used by Data Storage’s operating activities resulting primarily from the changes in assets and liabilities. Net cash of $6,418,110 was used in investing activities primarily from the purchase of Flagship. Net cash of $18,021,005 was provided by financing activities resulting primarily from the sale of common stock and warrants. This was offset by the repayment of principle and accrued dividends as well as finance lease obligations.

The Company’s working capital was $12,084,815 on December 31, 2021, increasing by $14,751,263 from $(2,666,448) at December 31, 2020. The increase is primarily attributable to an increase in cash, accounts receivable, and a decrease in dividend payable. This was offset by an increase in accounts payable and lease payables.

Off-Balance Sheet Arrangements

The Company does not have any off-balance sheet arrangements, financings, or other relationships with unconsolidated entities or other persons, also known as “special purpose entities”.

Non-GAAP Financial Measures

Adjusted EBITDA

To supplement our consolidated financial statements presented in accordance with GAAP and to provide investors with additional information regarding our financial results, we consider and are including herein Adjusted EBITDA, a Non-GAAP financial measure. We view Adjusted EBITDA as an operating performance measure and, as such, we believe that the GAAP financial measure most directly comparable to it is net income (loss). We define Adjusted EBITDA as net income adjusted for interest and financing fees, depreciation, amortization, stock-based compensation, and other non-cash income and expenses. We believe that Adjusted EBITDA provides us an important measure of operating performance because it allows management, investors, debt holders and others to evaluate and compare ongoing operating results from period to period by removing the impact of our asset base, any asset disposals or impairments, stock-based compensation and other non-cash income and expense items associated with our reliance on issuing equity-linked debt securities to fund our working capital.

Our use of Adjusted EBITDA has limitations as an analytical tool, and this measure should not be considered in isolation or as a substitute for an analysis of our results as reported under GAAP, as the excluded items may have significant effects on our operating results and financial condition. Additionally, our measure of Adjusted EBITDA may differ from other companies’ measure of Adjusted EBITDA. When evaluating our performance, Adjusted EBITDA should be considered with other financial performance measures, including various cash flow metrics, net income and other GAAP results. In the future, we may disclose different non-GAAP financial measures in order to help our investors and others more meaningfully evaluate and compare our future results of operations to our previously reported results of operations.

The following table shows our reconciliation of net income to adjusted EBITDA for the year ended December 31, 2021 and 2020, respectively:

CRITICAL ACCOUNTING POLICIES

The Company’s financial statements and related public financial information are based on the application of GAAP. GAAP requires the use of estimates; assumptions, judgments and subjective interpretations of accounting principles that have an impact on the assets, liabilities, revenue, and expense amounts reported. These estimates can also affect supplemental information contained in our external disclosures including information regarding contingencies, risk and financial condition. The Company believes its use of estimates and underlying accounting assumptions adhere to GAAP and are consistently applied. The Company bases its estimates on historical experience and on various other assumptions that it believes to be reasonable under the circumstances. Actual results may differ materially from these estimates under different assumptions or conditions. The Company continues to monitor significant estimates made during the preparation of our financial statements.

The Company’s significant accounting policies are summarized in Note 2 of its financial statements. While all these significant accounting policies impact the Company’s financial condition and results of operations, it views certain of these policies as critical. Policies determined to be critical are those policies that have the most significant impact on the Company’s financial statements and require management to use a greater degree of judgment and estimates. Actual results may differ from those estimates. The Company’s management believes that given current facts and circumstances, it is unlikely that applying any other reasonable judgments or estimate methodologies would cause effect on its consolidated results of operations, financial position or liquidity for the periods presented in this report.

RECENTLY ISSUED AND NEWLY ADOPTED ACCOUNTING PRONOUNCEMENTS

In June 2016, the FASB issued ASU No. 2016-13, Financial Instruments - Credit Losses (Topic 326), Measurement of Credit Losses on Financial Instruments (“ASU-2016-13”). ASU 2016-13 affects loans, debt securities, trade receivables, and any other financial assets that have the contractual right to receive cash. The ASU requires an entity to recognize expected credit losses rather than incurred losses for financial assets. ASU 2016-13 is effective for the fiscal year beginning after December 15, 2022, including interim periods within that fiscal year. The Company expects that there would be no material impact on the Company’s consolidated financial statements upon the adoption of this ASU.

In October 2016, the FASB issued ASU 2016-16, “Income Taxes (Topic 740): Intra-Entity Transfers of Assets Other than Inventory”, which eliminates the exception that prohibits the recognition of current and deferred income tax effects for intra-entity transfers of assets other than inventory until the asset has been sold to an outside party. The updated guidance is effective for annual periods beginning after December 15, 2019, including interim periods within those fiscal years. Early adoption of the update is permitted. The adoption of ASU 2016-16 did not have a material impact on the consolidated financial statements.

In January 2017, the FASB issued ASU 2017-04 Intangibles-Goodwill and Other (“ASC 350”): Simplifying the Accounting for Goodwill Impairment (“ASU 2017-04”). ASU 2017-04 simplifies the subsequent measurement of goodwill by eliminating Step 2 from the goodwill impairment test. In computing the implied fair value of goodwill under Step 2, an entity had to perform procedures to determine the fair value at the impairment testing date of its assets and liabilities (including unrecognized assets and liabilities) following the procedure that would be required in determining the fair value of assets acquired and liabilities assumed in a business combination. Instead, under ASU 2017-04, an entity should perform its annual or interim goodwill impairment test by comparing the fair value of a reporting unit with its carrying amount. An entity should recognize an impairment charge for the amount by which the carrying amount exceeds the reporting unit’s fair value; however, the loss recognized should not exceed the total amount of goodwill allocated to that reporting unit. Additionally, an entity should consider income tax effects from any tax-deductible goodwill on the carrying amount of the reporting unit when measuring the goodwill impairment loss, if applicable. ASU 2017-04 is effective for annual or any interim goodwill impairment tests for fiscal years beginning after December 15, 2019. The adoption of ASU 2017-04 did not have a material impact on the consolidated financial statements.

In July 2021, the FASB issued ASU No. 2021-05, Lessors—Certain Leases with Variable Lease Payments (Topic 842), Which requires a lessor to classify a lease with variable lease payments that do not depend on an index or rate (hereafter referred to as “variable payments”) as an operating lease on the commencement date of the lease if specified criteria are met. ASU 2021-05 is effective for the fiscal year beginning after December 15, 2022, including interim periods within that fiscal year. The Company expects that there would be no material impact on the Company’s condensed consolidated financial statements upon the adoption of this ASU.

In November 2021, the FASB issued ASU No. 2021-08, Business Combinations (Topic 805): Accounting for Contract Assets and Contract Liabilities from Contracts with Customers, issued by the Financial Accounting Standards Board. This ASU requires entities to recognize and measure contract assets and contract liabilities acquired in a business combination in accordance with ASU 2014-09, Revenue from Contracts with Customers (Topic 606). The update will generally result in the recognition of contract assets and contract liabilities at amounts consistent with those recorded by the acquiree immediately before the acquisition date rather than at fair value. The Company expects that there would be no material impact on the Company’s condensed consolidated financial statements upon the adoption of this ASU. 

OFF-BALANCE SHEET TRANSACTIONS

The Company has no off-balance sheet arrangements.

ITEM 7A. QUANTITATIVE AND QUALITATIVE DISCLOSURES ABOUT MARKET RISK

As a smaller reporting company, this item is not required

ITEM 8. CONSOLIDATED FINANCIAL STATEMENTS AND SUPPLEMENTARY DATA.

Report of Independent Registered Public Accounting Firm

To the Board of Directors and

Stockholders of Data Storage Corporation and Subsidiaries

Opinion on the Financial Statements

We have audited the accompanying balance sheets of Data Storage Corporation and Subsidiaries (the Company) as of December 31, 2021 and 2020, and the related statements of operations, stockholders’ equity, and cash flows for the years then ended, and the related notes (collectively referred to as the financial statements). In our opinion, the financial statements present fairly, in all material respects, the financial position of the Company as of December 31, 2021 and 2020 and the results of its operations and its cash flows for the years then ended, in conformity with accounting principles generally accepted in the United States of America.

Basis for Opinion

These financial statements are the responsibility of the Company’s management. Our responsibility is to express an opinion on the Company’s financial statements based on our audits. We are a public accounting firm registered with the Public Company Accounting Oversight Board (United States) (PCAOB) and are required to be independent with respect to the Company in accordance with the U.S. federal securities laws and the applicable rules and regulations of the Securities and Exchange Commission and the PCAOB.

We conducted our audits in accordance with the standards of the PCAOB. Those standards require that we plan and perform the audit to obtain reasonable assurance about whether the financial statements are free of material misstatement, whether due to error or fraud. The Company is not required to have, nor were we engaged to perform, an audit of its internal control over financial reporting. As part of our audits we are required to obtain an understanding of internal control over financial reporting but not for the purpose of expressing an opinion on the effectiveness of the Company's internal control over financial reporting. Accordingly, we express no such opinion.

Our audits included performing procedures to assess the risks of material misstatement of the financial statements, whether due to error or fraud, and performing procedures that respond to those risks. Such procedures included examining, on a test basis, evidence regarding the amounts and disclosures in the financial statements. Our audits also included evaluating the accounting principles used and significant estimates made by management, as well as evaluating the overall presentation of the financial statements. We believe that our audits provide a reasonable basis for our opinion.

Critical Audit Matters

The critical audit matters communicated below are matters arising from the current period audit of the financial statements that were communicated or required to be communicated to the audit committee and that: (1) relate to accounts or disclosures that are material to the financial statements and (2) involved our especially challenging, subjective, or complex judgments. The communication of critical audit matters does not alter in any way our opinion on the financial statements, taken as a whole, and we are not, by communicating the critical audit matters below, providing separate opinions on the critical audit matters or on the accounts or disclosures to which they relate.

As described in Note 12 to the consolidated financial statements, the Company accounted for Flagship Solutions LLC acquisition during 2021 as a business combination and allocated the purchase price among the tangible and intangible assets acquired and liabilities assumed. The acquisition resulted in intangible assets totaling $5,250,340 consisting primarily of customer relationships and goodwill.

The determination of the future cash flows of the goodwill and intangible assets requires management to make significant estimates and assumptions related to forecasts of future revenues, operating margins and discount rates. The Company utilized a valuation specialist to assist in the performance of the purchase price allocation.

We identified the valuation of intangible assets recorded in connection with the acquisition as a critical audit matter. The fair value estimates were based on underlying assumptions about future performance of the acquired business which involves significant estimation uncertainty.

How the Critical Matter Was Addressed in the Audit

The primary procedures we performed to address this critical audit matter included:

/s/ Rosenberg Rich Baker Berman, P.A.

We have served as the Company’s auditor since 2008.

Somerset, New Jersey

March 31, 2022

 89

The accompanying notes are an integral part of these consolidated Financial Statements.

The accompanying notes are an integral part of these consolidated Financial Statements.

The accompanying notes are an integral part of these consolidated Financial Statements.