New regulations stemming from the Dodd-Frank Wall Street Reform and Consumer Protection Act, along with a number of new policies from federal and state regulators, are the number one concern of U.S. technology companies, according to a new risk report from accounting and consulting firm BDO USA.

BDO analyzed the risk factors section of the most recent 10-K filings of the 100 largest publicly-traded technology companies in the U.S. for its 2013 BDO RiskFactor Report for Technology Businesses. It found that 96 percent cited pressures from federal, state or local regulations as a risk.

This is the first time regulation was the most-often-cited risk factor for technology companies in the five years BDO has conducted the study, says Aftab Jamil, partner and Technology & Life Sciences practice leader at BDO and co-author of the report.

“The regulatory burden is in a heightened state already, and, other than financial services, technology is probably the most heavily exposed industry to any changes in the rules,” says Jamil. “While their business is not regulatory in nature like financial services, the number of things happening with state, federal and international regulation right now weigh pretty heavily upon the minds of technology CFOs. The [Dodd-Frank] Act’s impact on corporate America is really across the board, and technology companies are not exempt.”

In particular, the Dodd-Frank provisions regarding conflict minerals and executive compensation are affecting technology companies. But even as tech businesses adapt to those new rules, they are also navigating new state and local regulatory requirements, such as those relating to R&D projects and state-to-state sales taxes on online goods.

Networking equipment manufacturer Cisco Systems, in its 2012 10-K, cited “uncertainty of regulation of commerce on the Internet,” along with  “changes in telecommunications regulation” as potentially harming its business, while e-commerce giant Amazon acknowledged in its latest annual report that “regulations and laws specifically governing the Internet, e-commerce and electronic devices … may impede our growth.”

Breaches of technology security or privacy are another worry for technology companies, the BDO report shows. Eighty-one percent of company filings analyzed by BDO cited risks associated with data security breaches, up 14 percent since last year and 42 percent two years ago Preventing these breaches is placing considerable stress on the IT infrastructures of technology companies. In 10-K filings, 71 percent of them cited operational infrastructure maintenance as a concern and, amid heavy competition, 79 percent of companies identified protection of their intellectual property as a top priority.

“It’s a double-edged sword for tech companies, since they have all the normal risk factors of other industries, but also [intellectual property] concerns,” Jamil says. “IP drives their business. If they lose that because someone stole and copied it, they could lose a core aspect of their business.”

Furthermore, technology companies often manufacture overseas and sell into international markets, so they must navigate the intellectual property laws in every country in which they conduct business. “And in some markets, the IP laws and frameworks are just not as defined as in the U.S.,” Jamil asserts.

In other findings, the BDO report said executing merger and acquisition transactions and successfully integrating acquired businesses remains a top concern for technology companies, with 88 percent citing it in year-end 2012 filings. 

“The technology industry continues to be one of the most competitive, with M&A allowing companies to enhance their human capital and access to intellectual property,” says Jamil. “M&A allows companies to remain competitive and to pursue their strategic goals, but poor investments can prove to be a thorn in the side of a [buyer] if [it does] not conduct thorough pre-merger due diligence and properly integrate the acquired business.”