Risks Related to Our Business
We have a history of losses, we may not remain profitable and our revenue growth may not continue.
We incurred net losses in each fiscal year from our inception through 2016. Our net losses in 2016 were $70.3 million. While we generated net income of $22.9 million in 2017, we had an accumulated deficit of $246.8 million as of March 31, 2018. We may not remain profitable in the future if we fail to increase revenue and manage our expenses, or if we incur unanticipated liabilities. Revenue may decline or its growth may slow for a number of possible reasons. Demand for our products or services may slow. Competition may increase. Our overall market may experience a decline or its growth may slow. We may experience difficulty executing on our go-to-market sales plan. We may fail to capitalize on growth opportunities such as subscription renewals and introducing new products and services. In addition, we have incurred, and anticipate that we will continue to incur, significant legal, accounting and other expenses related to being a public company. If our revenue does not increase at a rate that proportionally offsets these expected increases in operating expense, our operating margins will suffer. Further, in future periods, our revenue could decline and, accordingly, we may not be able to sustain profitability and our net losses may increase. We may not be able to sustain or increase profitability on a consistent basis. Any failure by us to maintain or increase profitability and continue our revenue growth could cause the price of our common stock to materially decline.
Our quarterly operating results have and are likely to continue to vary significantly and to be unpredictable, which could cause the trading price of our stock to decline.
Our revenue and operating results have and could continue to vary significantly from period to period as a result of a variety of factors, many of which are outside of our control. As a result, comparing our revenue and operating results on a period-to-period basis may not be meaningful, and you should not rely on our past results as an indication of our future performance. We may not be able to accurately predict our future revenue or results of operations. We base our current and future expense levels on our operating plans and sales forecasts, and our operating costs are relatively fixed in the short-term. As a result, we may not be able to reduce our costs sufficiently to compensate for an unexpected shortfall in revenue, and even a small shortfall in revenue could disproportionately and adversely affect financial results for that quarter. If our revenue or operating results fall below the expectations of investors or any securities analysts that cover our stock, the price of our common stock could decline substantially.
In addition to other risk factors listed in this section, factors that may individually or cumulatively affect our operating results from period to period include:
|
•
|
the level of demand for our products and services, and the timing of orders from channel partners and customers;
|
|
•
|
the timing of sales and shipments of products during a quarter, which may depend on many factors such as inventory and logistics and our ability to ship new products on schedule and accurately forecast inventory requirements;
|
|
•
|
the mix of products sold, the mix of revenue between products and services, including subscription services, and the degree to which products and services are bundled and sold together for a package price;
|
|
•
|
the budgeting, procurement and work cycles of our customers, which may result in seasonal variation as our business and the market for solutions such as ours mature;
|
|
•
|
changes in customer renewal rates for our services;
|
|
•
|
general economic conditions, both domestically and in our foreign markets, and economic conditions specifically affecting industries in which our customers participate;
|
|
•
|
the timing of satisfying revenue recognition criteria for our sales, including shipping and delivery terms, particularly where we accrue the associated commission expense in a different period, which may be affected by the extent to which we bring on new resellers and distributors, and our ability to establish that the customer has obtained control of the promised services;
|
|
•
|
future accounting pronouncements or changes in our accounting policies; and
|
|
•
|
increases or decreases in our expenses caused by fluctuations in foreign currency exchange rates, since a significant portion of our expenses are incurred and paid in the Israeli shekel and other currencies besides the U.S. dollar.
|
45
Reliance on a concentration of shipments at the end of the quarter could cause our
revenue to fall below expected levels, resulting in a decline in our stock price.
Historically, we have received a significant majority of a quarter’s sales orders and generated a significant majority of a quarter’s revenue during the last two weeks of the quarter. This pattern is due in part to customer buying habits and the efforts of our sales force and channel partners to meet or exceed quarterly quotas. The fact that so many orders arrive at the end of a quarter means that our revenue may shift from one quarter to the next if we cannot fulfill all of the orders and satisfy all of the revenue recognition criteria under our accounting policies before the quarter ends. If expected revenue at the end of any quarter is delayed because anticipated purchase orders fail to materialize, our logistics partners fail to ship or deliver products on time, we fail to manage our inventory properly, we fail to release new products on schedule, or for any other reason, then our revenue for that quarter could fall below our expectations or those of securities analysts and investors, resulting in a decline in our stock price.
We rely on third party channel partners to generate a significant portion of, and to fulfill a substantial majority of, our sales. If we fail to expand and manage our distribution channels, our revenue could decline and our growth prospects could suffer.
In 2017, our channel partners originated over 57%, and fulfilled almost 84%, of our sales, and we expect that channel sales will represent a substantial portion of our revenue for the foreseeable future. Our ability to expand our distribution channels depends in part on our ability to educate our channel partners about our products and services, which are often complex. Our agreements with our channel partners are generally non-exclusive and many of our channel partners have more established relationships with our competitors. If our channel partners choose to place greater emphasis on products and services of their own or those offered by our competitors, our ability to grow our business and sell our products may be adversely affected. If our channel partners do not effectively market and sell our products and services, or if they fail to meet the needs of our customers, then our ability to grow our business and sell our products may be adversely affected. The loss of one or more of our larger channel partners, who may cease marketing our products with limited or no notice, and our possible inability to replace them could adversely affect our sales. Our failure to recruit additional channel partners, or any reduction or delay in their sales of our products and services or conflicts between channel sales and our direct sales and marketing activities could materially and adversely affect our revenue.
We face intense competition, especially from larger, better-known companies and we may lack sufficient financial or other resources to maintain or improve our competitive position.
The market for cyber security products is intensely competitive and we expect competition to intensify in the future. Our competitors include companies such as Akamai Technologies, Inc., F5 Networks, Inc., International Business Machines Corporation, Oracle Corporation, McAfee, Inc. and other point solution security vendors.
Many of our existing and potential competitors may have substantial competitive advantages such as:
|
•
|
greater name recognition and longer operating histories;
|
|
•
|
larger sales and marketing budgets and resources and the capacity to leverage their sales efforts and marketing expenditures across a broader portfolio of products;
|
|
•
|
broader, deeper or otherwise more well-established relationships with customers, potential customers and channel partners;
|
|
•
|
broader distribution networks and more established relationships with distributors;
|
|
•
|
wider geographic presence;
|
|
•
|
access to larger customer bases;
|
|
•
|
greater customer support resources;
|
|
•
|
greater resources to make acquisitions;
|
|
•
|
greater resources to develop and introduce products that compete with our products;
|
|
•
|
lower labor and development costs; and
|
|
•
|
substantially greater financial, technical and other resources.
|
As a result, they may be able to adapt more quickly and effectively to new or emerging technologies and changing opportunities, standards or customer requirements. In addition, these companies could reduce the price of their competing products, resulting in intensified pricing pressures within the markets in which we compete. Further, some of our larger competitors have substantially broader product offerings and leverage their relationships based on other products or incorporate functionality into existing products in a manner that discourages customers from purchasing our products.
46
Our competitors may offer a bundled product offering, and our customers may elect to accep
t this offering from our competitors, even if it has more limited functionality than our product offering, instead of adding the additional appliances required to implement our offering. The consolidation in the cyber security industry increases the likeli
hood of competition based on integration or bundling, particularly where our competitors’ products and offerings are effectively integrated, and we believe that consolidation in our industry may increase the competitive pressures we face on all our product
s and services. If we are unable to differentiate our products and services from the integrated or bundled products of our competitors, such as by offering
specialized
functionality, performance or value, we may see a decrease in demand for those products
or services, which would adversely affect our business, operating results and financial condition. Further, it is possible that continued industry consolidation may impact customers’ perceptions of the viability of smaller or even medium-sized software
com
panies
and consequently customers’ willingness to purchase from
companies
of our size. Similarly, if customers seek to concentrate their software purchases in the product portfolios of a few large providers or have already deployed products that are simila
r to ours, we may be at a competitive disadvantage notwithstanding the superior performance that we believe our products and services can deliver. Larger competitors are also often in a better position to withstand any significant reduction in capital spen
ding by customers, and will therefore not be as susceptible to economic downturns.
Many of our smaller competitors that specialize in providing protection from a single type of cyber security threat may deliver these specialized cyber security products to the market more quickly than we can or may introduce innovative new products or enhancements before we do. Conditions in our markets could change rapidly and significantly as a result of technological advancements.
We may not compete successfully against our current or potential competitors. Companies competing with us may introduce products that have greater performance or functionality, are easier to implement or use, or incorporate technological advances that we have not yet developed or implemented. Our current and potential competitors may also establish cooperative relationships among themselves or with third parties that may further enhance their resources. In addition, companies competing with us may price their products more competitively than ours, or have an entirely different pricing or distribution model. Increased competition could result in fewer customer orders, price reductions, reduced operating margins and loss of market share. Further, we may be required to make substantial additional investments in research and development and marketing and sales in order to respond to such competitive threats, and we cannot assure you that we will be able to compete successfully in the future.
We operate in an evolving market that has not yet reached widespread adoption. New or existing technologies that may be perceived to address cyber security risks in better ways could gain widespread adoption and supplant some or all of our products and services, making analysis of trends or predictions about our business difficult and potentially weakening our sales and our financial results.
We operate in new, rapidly evolving categories in the security industry that focus on securing our customers’ business-critical data and applications. We offer database, file and web application security in an integrated, modular cyber security solution, data breach detection, data masking technology and cloud-based security services. Because we depend in part on the market’s acceptance of our products and services and customers may choose to acquire technologies that are not directly comparable to ours, it is difficult to evaluate trends that may affect our business, including how large the cyber security market will be and what products customers will adopt. For example, organizations that use other security products, such as network firewalls, security information and event management products or data loss prevention solutions, may believe that these security solutions sufficiently protect access to sensitive data. Therefore, they may continue to devote their IT security budgets to these products and may not adopt our cyber security solutions in addition to such products. If customers do not recognize the benefits that our cyber security solutions offer in addition to other security products, then our revenue may not grow as anticipated or may decline, and our stock price could decline.
The introduction of products and services embodying new technologies could render some or all of our existing products and services obsolete or less attractive to customers. Other cyber security technologies exist or could be developed in the future, and our business could be materially and adversely affected if such technologies are widely adopted. We may not be able to successfully anticipate or adapt to changing technology or customer requirements on a timely basis, or at all. Even if customers purchase our products, they may not make repeat purchases or purchase products across our various product families, which trend may be exacerbated by the rapid evolution of our market. As of December 31, 2017, approximately 25% of our customers had purchased products from more than one of our product families. If we are unable to sell additional products from multiple product families to our customers, then our revenue may not grow as anticipated or may decline, and our stock price could decline. If we fail to keep up with technological changes or to convince our customers and potential customers of the value of our solutions even in light of new technologies, our business, financial condition and results of operations could be materially and adversely affected.
In addition, because of our rapidly evolving market, any predictions about our revenue in future periods may not be as accurate as they would be if we operated in a more established market.
47
If we do not successfully anticipate market needs and opportunities or changes in the legal, regulatory and industry standard landscape and make timely enhancements to our products and develop new products that meet
those needs, we may not be able to compete effectively and our ability to generate revenue will suffer.
The cyber security market is characterized by rapid technological advances, changes in customer requirements, including changes driven by legal, regulatory and self-regulatory compliance mandates, frequent new product introductions and enhancements and evolving industry standards in computer hardware and software technology. Customers and industry analysts expect speedy introduction of software and new functionality to respond to new threats, requirements and risks and we may be unable to meet these expectations. As a result, we must continually improve our products and introduce new solutions in response to changes in operating systems, application software, computer and communications hardware, networking software, data center architectures, programming tools and computer language technology. Moreover, the technology in our products is especially complex because it needs to effectively identify and respond to methods of attack and theft, while minimizing the impact on network, database, file system and web application performance. In addition, our products must successfully interoperate with products from other vendors and across on-premises and cloud environments.
We cannot guarantee that we will be able to anticipate future market needs and opportunities or be able to develop product enhancements or new products to meet such needs or opportunities in a timely manner or at all. Since developing new products or new versions of, or add-ons to, existing products is complex, the timetable for their commercial release is difficult to predict and may vary from our historical experience, which could result in delays in their introduction from anticipated or announced release dates. We may not offer updates as rapidly as new threats affect our customers or our newly developed products or enhancements may have defects, errors or failures. If we do not quickly respond to the rapidly changing and rigorous needs of our customers by developing and introducing on a timely basis new and effective products, upgrades and services that can respond adequately to new security threats, our competitive position, business and growth prospects will be harmed.
Even if we are able to anticipate, develop and commercially introduce enhancements and new products, there can be no assurance that we will be successful in developing sufficient market awareness of them or that such enhancements or new products will achieve widespread market acceptance. Diversifying our product offerings will require significant investment and planning, will bring us more directly into competition with software providers that may be better established or have greater resources than we do, will require additional investments of time and resources in the development and training of our channel and strategic partners and will entail a significant risk of failure.
Further, one factor that drives demand for our products and services is the legal, regulatory and industry standard framework in which our customers operate, which we expect will continue to be a factor for the foreseeable future. For example, many of our customers purchase our web application security products to help them comply with the security standards developed and maintained by the Payment Card Industry Security Standards Council, which apply to companies that process or store credit card information. Laws, regulations and industry standards are subject to drastic changes that, particularly in the case of industry standards, may arrive with little or no notice, and these could either help or hurt the demand for our products. If we are unable to adapt our products and services to changing regulatory standards in a timely manner, or if our products fail to assist our customers with their compliance initiatives, our customers may lose confidence in our products and could switch to competing solutions. In addition, if regulations and standards related to cyber security are changed in a manner that makes them less onerous, our customers may view government and industry regulatory compliance as less critical to their businesses, and our customers may purchase fewer of our products and services, or none at all. In either case, our sales and financial results would suffer.
Real or perceived errors, failures or bugs in our products, particularly those that result in our customers experiencing security breaches, could adversely affect our reputation and business could be harmed.
Our products and services are very complex and have contained and may contain undetected defects or errors, especially when first introduced or when new versions are released. Defects in our products may impede or block network traffic or cause our products or services to fail to help secure business-critical data and applications. Defects in our products may lead to product returns and require us to implement design changes or software updates. Any defects or errors in our products, or the perception of such defects or errors, could result in:
|
•
|
expenditure of significant financial and product development resources in efforts to analyze, correct, eliminate or work around errors or defects;
|
|
•
|
loss of existing or potential customers or channel partners;
|
|
•
|
delayed or lost revenue;
|
|
•
|
delay or failure to attain market acceptance;
|
|
•
|
delay in the development or release of new products or services;
|
48
|
•
|
negative publicity, which will harm our reputation;
|
|
•
|
warranty claims against us, which could result in an increase in our provision for doubtful accounts;
|
|
•
|
an increase in collection cycles for accounts receivable or the expense and risk of litigation; and
|
|
•
|
harm to our results of operations.
|
Data thieves are sophisticated, often affiliated with organized crime and operate large scale and complex automated attacks. In addition, their techniques change frequently and generally are not recognized until launched against a target. If we fail to identify and respond to new and complex methods of attack and to update our products to detect or prevent such threats in time to protect our customers’ business-critical data and applications, our business and reputation will suffer.
In addition, many of our customers use our products in applications that are critical to their businesses and may have a greater sensitivity to defects in our products than to defects in other, less critical, software products. An actual or perceived security breach or theft of the business-critical data of one of our customers, regardless of whether the breach is attributable to the failure of our products or services, could adversely affect the market’s perception of our security products. Despite our best efforts, there is no guarantee that our products will be free of flaws or vulnerabilities, and, even if we discover these weaknesses, we may be unable to correct them promptly, if at all. Our customers may also misuse our products, which could result in a breach or theft of business-critical data.
Although we have limitation of liability provisions in our standard terms and conditions of sale, they may not fully or effectively protect us from claims as a result of federal, state or local laws or ordinances or unfavorable judicial decisions in the United States or other countries. The sale and support of our products also entail the risk of product liability claims. We maintain insurance to protect against certain claims associated with the use of our products, but our insurance coverage may not adequately cover all claims asserted against us, or cover only a portion of such claims. In addition, even claims that ultimately are unsuccessful could result in our expenditure of funds in litigation and divert management’s time and other resources.
False detection of security breaches or false identification of malicious sources could adversely affect our business.
Our cyber security products may falsely detect threats that do not actually exist. For example, our ThreatRadar Reputation Services product relies on information on attack sources aggregated from third-party data providers who monitor global malicious activity originating from anonymous proxies, specific IP addresses, botnets and phishing sites. If the information from these data providers is inaccurate, the potential for false positives increases. These false positives, while typical in the industry, may affect the perceived reliability of our products and may therefore adversely impact market acceptance of our products. If our products and services restrict access to important databases, files or applications based on falsely identifying users or traffic as an attack or otherwise unauthorized, then our customers’ businesses could be adversely effected. Any such false identification of users or traffic could result in negative publicity, loss of customers and sales, increased costs to remedy any problem and costly litigation.
Our success in acquiring and integrating other businesses, products or technologies could impact our financial position.
In order to remain competitive, we may seek to acquire additional businesses, products or technologies, any of which could be material to our business, operating results and financial condition. For example, we acquired assets from Camouflage Software Inc. in December 2016, completed our acquisition of the remaining shares of Incapsula, Inc. in March 2014, acquired the outstanding shares of Skyfence Networks Ltd. in February 2014 and acquired assets from Tomium Software, LLC in January 2014. The environment for acquisitions in the markets in which we operate is very competitive and acquisition candidate purchase prices will likely exceed what we would prefer to pay, but may be required to pay in order to make an acquisition. Furthermore, we may not find suitable acquisition candidates, and acquisitions we complete may be difficult to successfully integrate into our overall business. Achieving the anticipated benefits of future acquisitions will depend in part upon whether we can integrate acquired operations, products and technology in a timely and cost-effective manner.
Acquisitions involve many risks. Acquisitions could negatively impact our results of operations for a number of reasons including if:
|
•
|
an acquisition requires us incur charges, substantial debt or liabilities;
|
|
•
|
an acquisition causes adverse tax consequences, substantial depreciation or deferred compensation charges;
|
|
•
|
an acquisition results in acquired in-process research and development expenses or in the future may require the amortization, write-down or impairment of amounts related to deferred compensation, goodwill and other intangible assets;
|
|
•
|
an acquisition does not generate sufficient financial return to offset acquisition costs;
|
49
|
•
|
we encounter difficulties or unforeseen expenditures integrating the technologies, products, personnel or operations of any company that we acquire, particul
arly if key personnel of the acquired company decide not to work for us;
|
|
•
|
the acquisition and integration process is complex, expensive and time consuming, and disrupts our ongoing business, diverts resources, increases expense or distracts management;
|
|
•
|
an acquisition results in a delay or reduction of customer purchases both for us and the company acquired due to customer uncertainty about continuity and effectiveness of service from either company;
|
|
•
|
we encounter difficulties in, or are unable to, successfully sell any acquired products;
|
|
•
|
we obtain unanticipated or unknown liabilities or become exposed to unanticipated risks in connection with any acquisition; and
|
|
•
|
an acquisition involves the entry into geographic or business markets in which we have little or no prior experience.
|
If we are unable to effectively execute acquisitions, our business, financial condition and results of operations could be materially and adversely affected.
From time to time, we may seek to divest or wind down portions of our business that are no longer core to our strategy, which could materially affect our results of operations and result in disruption to other parts of the business.
In February 2017, we completed the sale of the assets of our Skyfence business to Forcepoint LLC. The disposition of the Skyfence assets or any other future dispositions we make may involve risks and uncertainties, including our ability to sell these businesses on terms acceptable to us, or at all. Any such dispositions could result in disruption to other parts of our business, potential loss of employees, customers or revenue, exposure to unanticipated liabilities or result in ongoing obligations and liabilities to us following any such divestiture. For example, in connection with a disposition, we may enter into transition services agreements or other strategic relationships, including long-term research and development or sales arrangements, or agree to provide certain indemnities to the purchaser in any such transaction, which may result in additional expense and may adversely affect our financial condition and results of operations. In addition, dispositions may include the transfer or division of technology and/or the licensing of certain IP rights to third party purchasers, which could limit our IP rights or our ability to assert our IP rights against such purchasers or other third parties.
If we are unable to improve our systems and processes, our operating results will be negatively affected.
We rely heavily on information technology systems to help manage critical functions, such as order processing, revenue recognition, financial forecasts and inventory and supply chain management. To manage any future growth effectively, we must continue to improve our information technology and financial infrastructure, operating and administrative systems and controls, and continue to manage headcount, capital and processes in an efficient manner. We may not be able to successfully implement improvements to these systems and processes in a timely manner.
Some of our systems are hosted SaaS technologies from third parties that we use to operate critical functions of our business, including enterprise resource planning services from NetSuite and customer relationship management services from Salesforce.com. If these services become unavailable due to extended outages or interruptions or because they are no longer available on commercially reasonable terms or prices, our expenses could increase, our ability to manage our finances could be interrupted and our processes for managing sales of our products and services and supporting our customers could be impaired until equivalent services, if available, are identified, obtained and integrated, all of which could harm our business.
Our systems and processes may not prevent or detect all errors, omissions or fraud. Our failure to improve our systems and processes, or their failure to operate in the intended manner, may result in our inability to manage the growth of our business and to accurately forecast our revenue, expenses and earnings, or to prevent certain losses. Our productivity and the quality of our products and services may also be adversely affected if we do not integrate and train our new employees quickly and effectively. Any future growth would add complexity to our organization and require effective coordination across our organization. If we fail to achieve the necessary level of efficiency in our organization as it grows or otherwise fail to manage any future growth effectively, we could incur increased costs, and experience a loss of customer and investor confidence in our internal systems and processes, any of which could result in harm to our business, results of operations and financial condition.
If we are unable to hire, retain and motivate qualified personnel, our business will suffer.
In January 2018 we announced and implemented strategy changes that resulted in changes in personnel and have since August 2017 experienced significant changes in the management team. These changes have placed, and will continue to place, a strain on our
50
employees, management systems and other resources. Managing our
employee base
has required, and will continue to require, significant expe
nditures and allocation of valuable management resources.
We depend on the continued contributions of our senior management and other key employees to execute on our business plan, and to identify and pursue new opportunities and product innovations. The loss of services of senior management or other key employees, particularly Christopher Hylen, our President and Chief Executive Officer, could significantly delay or prevent the achievement of our development and strategic objectives.
Our future success depends, in part, on our ability to continue to attract and retain highly skilled technical, managerial and other personnel, particularly in our sales and marketing, research and development, professional services and finance departments. Any of our employees may terminate their employment at any time. Competition for highly skilled personnel is frequently intense, globally for sales personnel, as well as in the San Francisco Bay Area and in Tel Aviv and Rehovot, Israel, the locations in which we have a substantial presence and need for highly-skilled personnel. We may be unable to attract and retain suitably qualified individuals who are capable of meeting our growing technical, operational and managerial requirements, on a timely basis or at all, and we may be required to pay increased compensation in order to do so. If we are unable to attract and retain the qualified personnel we need to succeed, our business will suffer.
Volatility or lack of performance in our stock price may also affect our ability to attract and retain our key employees. Employees may be more likely to leave us if the shares or RSUs they hold have declined in value or if the exercise prices of the options that they hold exceed the market price of our common stock. If we are unable to retain our employees, our business, operating results and financial condition will be harmed.
Restructuring activities may not be as effective as anticipated.
In January 2018, we announced a restructuring plan to improve customer experiences, fuel product innovation and increase operational effectiveness. As a result of these changes, we incurred pre-tax restructuring charges of $2.6 million in the three months ended March 31, 2018, substantially all of which are for cash severance costs. While we anticipate approximately $10.0 million in savings in future periods, which we intend to use to fund incremental investments in new initiatives and growth priorities, we cannot be sure our savings will reach the desired levels, achieve the desired benefits, or improve our results as we expect, or in the time frame that we expect. There may also be unanticipated costs that we will be required to prioritize instead. If we are unable to realize the expected outcomes from the restructuring plan, if our operating costs are higher than we expect or if we do not maintain adequate control of our costs and expenses, our business and operating results may be harmed.
Delays or interruptions in the manufacturing and delivery of SecureSphere appliances by our manufacturers may harm our business.
Our hardware appliances are built by two manufacturers in Taiwan and we rely principally on one of these two manufacturers to build the majority of our hardware appliances. We released entry level products from the second manufacturer for sale in July 2017. Our primary reliance on a single manufacturer for a majority of our hardware revenue, particularly a foreign manufacturer, involves several risks, including a potential inability to obtain an adequate supply of appliances and limited control over pricing, quality and timely delivery of products. In addition, replacing this manufacturer may be difficult and could result in an inability or delay in obtaining products. As a result, we may be unable to fulfill customer orders and our operating results may fluctuate from period to period, particularly if a disruption occurs near the end of a fiscal period.
Our manufacturers’ ability to timely manufacture and ship our appliances in large quantities depends on a variety of factors. They rely on a limited number of sources for the supply of functional components, such as semiconductors, printed circuit boards and, to a lesser extent, hard disk drives. Functional component supply shortages or delays could prevent or delay the manufacture and shipment of appliances and, in the event of shortages or delays, we may not be able to procure alternative functional components on similar pricing terms, if at all. In addition, contractual restrictions or claims for infringement of intellectual property rights may restrict our manufacturers’ use of certain components. These restrictions or claims may require our manufacturers to utilize alternative components or obtain additional licenses or technologies, and may impede their ability to manufacture and deliver appliances on a timely or cost-effective basis. If at some point, either manufacturer is no longer financially viable, we may lose our source of supply with little or no notice or recourse. Further, even if quality products are timely manufactured, delays in shipping may occur, resulting in delayed satisfaction of a primary revenue recognition criterion.
In the event of an interruption from either manufacturer or any quality control issues with a manufacturer, we may be unable to develop alternate sources in a timely manner. If we are unable to procure our appliances in quantities sufficient to meet our requirements, we will not be able to deliver products to our channel partners and customers, which would materially and adversely affect present and future sales.
51
A failure to manage excess inventories or inventory shortages could result in decreased revenue and gross margins and harm our business.
We purchase products from our manufacturing partners outside of, and in advance of, reseller or customer orders and hold our products in inventory. If we fail to accurately predict demand and as a result our manufacturers maintain insufficient hardware or component inventory or excess inventory, we may be unable to timely deliver products to our distributors or customers or may have substantial inventory expense. Because our channel partners do not purchase our products in advance of customer orders, our difficulty in accurately forecasting demand for our hardware products may be exacerbated. There is a risk we may incorrectly forecast demand and may be unable to sell excess products ordered from our manufacturing partners. Inventory levels in excess of customer demand may result in inventory write-downs, and the sale of excess inventory at discounted prices could significantly impair our brand image and have an adverse effect on our financial condition and results of operations.
Conversely, if we underestimate demand for our products or if our manufacturing partners fail to supply products we require in a timely manner, we may experience inventory shortages. Inventory shortages might delay shipments to resellers, distributors and customers or cause us to lose sales. Further, as the size of individual orders increases, the risk that we may be unable to deliver unforecasted orders also increases, particularly near the end of quarterly periods. These shortages may diminish the loyalty of our channel partners or customers.
The difficulty in forecasting demand also makes it difficult to estimate our future financial condition and results of operations from period to period. A failure to accurately predict the level of demand for our products could adversely affect our net revenue and net income, and we are unlikely to forecast such effects with any certainty in advance.
We have operations outside of the United States and a significant portion of our customers and suppliers are located outside of the United States, which subjects us to a number of risks associated with conducting international operations.
We market and sell our products throughout the world and have personnel in many parts of the world. In addition, we have sales offices and research and development facilities outside the United States and we conduct, and expect to continue to conduct, a significant amount of our business with companies that are located outside the United States, particularly in Israel, Asia, Europe and Latin America. We also source our components for our products and deliver our services from various geographical regions. Therefore, we are subject to risks associated with having international sales and worldwide operations, including:
|
•
|
challenges caused by distance, language, cultural and ethical differences and the competitive environment;
|
|
•
|
multiple and conflicting laws and regulations, including complications due to unexpected changes in these laws and regulations;
|
|
•
|
trade and foreign exchange restrictions;
|
|
•
|
foreign currency exchange fluctuations and foreign exchange controls;
|
|
•
|
economic, social or political instability in foreign markets;
|
|
•
|
greater difficulty in enforcing contracts, accounts receivable collection and longer collection periods;
|
|
•
|
changes in regulatory requirements;
|
|
•
|
difficulties and costs of staffing and managing foreign operations or relationships with channel partners;
|
|
•
|
the uncertainty and limitation of protection for intellectual property rights in some countries;
|
|
•
|
costs of complying with U.S. and foreign laws and regulations, including import and export control laws, tariffs, trade barriers, economic sanctions and other regulatory or contractual limitations on our ability to sell our products in certain foreign markets, and the risks and costs of non-compliance or complaints of non-compliance;
|
|
•
|
heightened risks of unethical, unfair or corrupt business practices, actual or claimed, in certain geographies and of improper or fraudulent sales arrangements that may impact financial results and result in restatements of, and irregularities in, financial statements;
|
|
•
|
the potential that our operations in the U.S. may limit the acceptability of our products to some foreign customers, and that our international sourcing and operations may limit the acceptability of our products to some U.S. customers;
|
|
•
|
the potential for acts of terrorism, hostilities or war;
|
|
•
|
management communication and integration problems resulting from cultural differences and geographic dispersion; and
|
|
•
|
multiple and possibly overlapping tax structures.
|
52
Our product and service sales may be subject to
foreign governmental regulations, which vary substantially from country to country and change from time to time. Failure to comply with these regulations could adversely affect our business. Violations of laws or key control policies by our employees, cont
ractors, channel partners or agents could result in delays in revenue recognition, financial reporting misstatements, fines, penalties or the prohibition of the importation or exportation of our products and services and could have a material adverse effec
t on our business and results of operations.
A portion of our revenue is generated by sales to government entities and such sales are subject to a number of challenges and risks.
Sales to U.S. and foreign federal, state and local governmental agency customers across all product lines for the years ended December 31, 2016 and 2017 was approximately 10% and 9% of bookings, respectively, and 7% for the three months ended March 31, 2018. Sales to government entities are subject to a number of risks. Selling to government entities can be highly competitive, expensive and time consuming, often requiring significant upfront time and expense without any assurance that we will complete a sale. Governments and governmental agencies may delay or refrain from purchasing our products and services in the future for the following reasons, which would have an adverse effect on our business, financial condition and results of operations:
|
•
|
changes in fiscal or contracting policies or decreases and uncertainties in available government funding;
|
|
•
|
changes in government programs or applicable requirements;
|
|
•
|
the adoption of new laws or regulations or changes to existing laws or regulations;
|
|
•
|
changes in political or social attitudes with respect to security issues; and
|
|
•
|
potential delays or changes in the government appropriations process, including actions such as spending freezes implemented to address political or fiscal policy concerns.
|
Most of our sales to government entities have been made indirectly through our channel partners. Government entities may have contractual or other legal rights to terminate contracts with our distributors and resellers for convenience or due to a default, and any such termination may adversely impact our results of operations.
In addition, for purchases by the U.S. federal government, we must comply with laws and regulations relating to U.S. federal government contracting, which affect how we and our channel partners do business in connection with U.S. federal agencies. These laws and regulations may impose added costs on our business, and failure to comply with these or other applicable regulations and requirements, including non-compliance in the past, could lead to claims for damages from our channel partners, penalties, termination of contracts and suspension or debarment from government contracting for a period of time. Any such damages, penalties, disruption or limitation in our ability to do business with the U.S. federal government may adversely impact our results of operations.
Our business in countries with a history of corruption and transactions with foreign governments increase the risks associated with our international activities.
As we operate and sell internationally, we are subject to the U.S. Foreign Corrupt Practices Act (“FCPA”) and other laws that prohibit improper payments or offers of payments to foreign governments and their officials and political parties for the purpose of obtaining or retaining business. We have operations, deal with and make sales to governmental customers in countries known to experience corruption, particularly certain emerging countries in Africa, East Asia, Eastern Europe, South America and the Middle East. Our activities in these countries create the risk of unauthorized payments or offers of payments by one of our employees, consultants, sales agents or channel partners that could be in violation of various anti-corruption laws, even though these parties may not be under our control. While we have implemented safeguards to prevent these practices by our employees, consultants, sales agents and channel partners, our existing safeguards and any future improvements to our processes may prove to be less than effective, and our employees, consultants, sales agents or channel partners may engage in conduct for which we might be held responsible. Violations of the FCPA may result in severe criminal or civil sanctions, including suspension or debarment from U.S. government contracting, and we may be subject to other liabilities, which could negatively affect our business, operating results and financial condition.
53
We rely significantly on revenue from maintenance and support which may decline and, because we recognize revenue from such services o
ver the term of the relevant service period, downturns or upturns in sales are not immediately reflected in full in our operating results.
Our maintenance and support revenue accounted for 30% of total revenue for 2016, 28% of total revenue for 2017, and 30% of revenue for the three months ended March 31, 2018. Sales of new maintenance and support contracts or renewal of such services contracts may decline or fluctuate as a result of a number of factors, including customers’ level of satisfaction with our products and services, the prices of our products and services, the prices of products and services offered by our competitors or reductions in our customers’ spending levels. If our sales of new or renewal services contracts decline, our revenue or revenue growth may decline and our business will suffer. In addition, we recognize services revenue ratably over the term of the relevant service period, which is usually one to three years. As a result, much of the revenue we report each quarter is the recognition of deferred revenue from services contracts entered into during previous quarters. Consequently, a decline in new or renewal services contracts in any one quarter will not be fully reflected in revenue in that quarter, but will negatively affect our revenue in future quarters. Accordingly, the effect of significant downturns in new or renewal sales of our services would not be reflected in full in our results of operations until future periods.
If we are unable to increase sales to large customers, our results of operations may suffer.
We continuously seek to increase sales of our products to large enterprises, managed security service providers (“MSSPs”), cloud hosting providers and government entities. Sales to large enterprises, MSSPs, cloud hosting providers and government entities involve risks that may not be present, or are present to a lesser extent, in sales to small to mid-sized entities. These risks include:
|
•
|
preexisting relationships with larger, entrenched providers of security solutions who have access to key decision makers within the organization and who also have the ability to bundle competing products with a broader product offering;
|
|
•
|
increased purchasing power and leverage held by large customers in negotiating contractual arrangements with us;
|
|
•
|
more stringent requirements in our support service contracts, including stricter support response times, and increased penalties for any failure to meet support requirements; and
|
|
•
|
longer sales cycles, including lengthening of sales cycles due to competitive pressures or the evaluation by customers of both our cloud security solutions from Incapsula and our on-premise products as potential alternatives, and the associated risk that substantial time and resources may be spent on a potential customer who elects not to purchase our products and services.
|
In addition, product purchases by large enterprises, MSSPs, cloud hosting providers and government entities are frequently subject to budget constraints, multiple approvals, and unplanned administrative, processing and other delays. Further, large enterprises, MSSPs, cloud hosting providers and government entities typically have longer implementation cycles; require greater product functionality and scalability and a broader range of services; demand that vendors take on a larger share of risks; sometimes require acceptance provisions that can lead to a delay in revenue recognition; and expect greater payment flexibility from vendors. Additionally, the ongoing increase in the number of security vendors competing for these entities’ business, who in some cases use overlapping or confusing messaging, may combine with these factors to extend the sales cycles for our products and services. All these factors can add risk to doing business with these customers. If our sales expectations for large customers do not materialize in a particular quarter or at all, then our business, financial condition and results of operations could be materially and adversely affected.
If our existing and potential customers migrate to hosted, cloud-based data centers that do not deploy our products, our revenue could suffer.
The majority of our current sales are made through a model in which our channel partners sell our cyber security solutions to large enterprise customers that operate their own data centers and have the ability to choose the cyber security solutions and configurations to fit their environment. If our large enterprise customers and potential customers choose to outsource the hosting of their data centers to large, multi-tenancy hosting providers like Rackspace Hosting, Inc., Amazon Web Services (“AWS”) and Savvis, Inc. (dba CenturyLink Technology Solutions), they may not be able to choose what cyber security solutions are deployed in these hosted environments, and our current sales model may not be effective. Although we work with large hosting services providers like Rackspace Hosting, Inc., AWS and Savvis, Inc., to integrate our cyber security solutions into their hosting environments so that our solutions may be offered to their hosting customers, we cannot guarantee that all such hosting service providers will adopt our solutions, offer them as a choice to their customers or promote our solutions over those of our competitors. Even if these large hosting services providers integrate our cyber security solutions into their hosting environments and promote our solutions, they may be able to negotiate larger discounts than individual enterprise customers and, consequently, the average selling price of our products may decrease and our revenue would suffer. Alternatively, they may offer services based on our competitors’ products at lower cost or bundled with other services that we do not offer, and their customers may choose those services even if they would otherwise choose our products if making a decision on a stand-alone basis.
54
We are exposed to fluctuations in currency exchange rates, which could negatively affect our financial cond
ition and results of operations.
Our functional and reporting currency is the U.S. dollar and we generate a majority of our revenue in U.S. dollars. However, in 2016, 2017 and the three months ended March 31, 2018, we incurred approximately 38%, 32% and 33%, respectively, of our expenses outside of the United States in foreign currencies, primarily the Israeli shekel, principally with respect to salaries and related personnel expenses associated with our Israeli operations. The exchange rate between the U.S. dollar and foreign currencies has fluctuated substantially in recent years and may continue to fluctuate substantially in the future. We expect that a majority of our revenue will continue to be generated in U.S. dollars for the foreseeable future and that a significant portion of our expenses, including personnel costs, as well as capital and operating expenditures, will continue to be denominated in Israeli shekels. Our results of operations may be adversely affected by foreign exchange fluctuations.
We use forward foreign exchange contracts to hedge or mitigate the effect of changes in foreign exchange rates on our operating expenses denominated in certain foreign currencies. However, this strategy cannot eliminate our exposure to foreign exchange rate fluctuations and involves costs and risks of its own, such as cash expenditures, ongoing management time and expertise, external costs to implement the strategy and potential accounting implications. Additionally, our hedging activities may contribute to increased losses as a result of volatility in foreign currency markets.
Assertions by third parties of infringement or other violations by us of their intellectual property rights could result in significant costs and substantially harm our business and operating results.
Patent and other intellectual property disputes are common in the IT security industry. Some companies in the IT security industry, including some of our competitors, own large numbers of patents, copyrights, trademarks and trade secrets, which they may use to assert claims against us. This disparity between our patent portfolio and the patent portfolios of our most significant competitors may increase the risk that they may sue us for patent infringement and may limit our ability to counterclaim for patent infringement or settle through patent cross-licenses. In addition, there are patent holding companies or other patent owners who are solely or primarily in the business of building portfolios of patents and asserting them against operating companies, often with little merit, and who have no relevant product revenue so that potential assertions of our patents (and potential patents) against such companies may provide little or no deterrence. Third parties have asserted and may in the future assert claims of infringement, misappropriation or other violations of intellectual property rights against us. For example, in May 2010, F5 Networks, Inc., an IT infrastructure company that competes with us in the web application firewall market, filed a lawsuit against us alleging patent infringement. In September 2010, we filed a counterclaim alleging patent infringement by F5 Networks, Inc. In February 2011, we entered into a settlement and license agreement with F5 Networks, Inc., which dismissed the litigation. Third parties may also assert such claims against our customers or channel partners whom we typically indemnify against claims that our products infringe, misappropriate or otherwise violate the intellectual property rights of third parties. As the numbers of products and competitors in our market increase and overlaps occur, claims of infringement, misappropriation and other violations of intellectual property rights may increase. Also, to the extent we hire personnel from competitors, we may be subject to allegations that they have been improperly solicited by us or have divulged their prior employers’ proprietary or other confidential information to Imperva.
We cannot assure you that we are not infringing or otherwise violating any third-party intellectual property rights. Further, any claim of infringement, misappropriation or other violation of intellectual property rights by a third party, even those without merit, could be asserted against us, cause us to incur substantial costs defending against the claim and could distract our management from our business. An adverse outcome of an IP dispute may require us to pay substantial damages, including treble damages, if we are found to have willfully infringed a third party’s patents, copyrights, or trade secrets; cease making, licensing or using solutions that are alleged to infringe or misappropriate the intellectual property of others; expend additional development resources to attempt to redesign our products or services or otherwise to develop non-infringing technology, which may not be successful; enter into potentially unfavorable royalty or license agreements in order to obtain the right to use necessary technologies or intellectual property rights; and indemnify our customers and partners. Royalty or licensing agreements, if required or desirable, may be unavailable on terms acceptable to us, or at all, or may require significant royalty payments and other expenditures. In addition, some licenses may be non-exclusive, and therefore our competitors may have access to the same technology licensed to us. Any of these events could seriously harm our business, financial condition and results of operations.
We rely on the availability of licenses to third-party software and other intellectual property, the loss of which could increase our costs and delay software shipments.
Many of our products and services include software or other intellectual property licensed from third parties, and we also use software and other intellectual property licensed from third parties in our business. This exposes us to risks over which we may have little or no control. For example, a licensor may have errors or defects in its products that harm our business, may have difficulties keeping up with technological changes or may stop supporting the software or other intellectual property that it licenses to us. Also, it will be necessary in the future to renew licenses, expand the scope of existing licenses or seek new licenses, relating to various aspects of these products and services, or otherwise relating to our business, which may result in increased license fees. In addition, a direct or indirect licensor may assert that we or our customers are in breach of the terms of a license, which could, among other things, give such licensor the right to terminate a license or seek damages from us, or both. Moreover, the inclusion in our products and services of
55
software or other intellectual property licensed from third parties on a nonexclusive basis could limit our ability to d
ifferentiate our products from those of our competitors.
Licensed software may not continue to be available on commercially reasonable terms, or at all. While we believe that there are currently adequate replacements for third-party software, any loss of the right to use any of this software could result in delays in producing or delivering our software until equivalent technology is identified and integrated, which delays could harm our business. Our business would be disrupted if any of the software we license from others or functional equivalents of this software were either no longer available to us or no longer offered to us on commercially reasonable terms. In either case, we would be required to either redesign our products to function with software available from other parties or to develop these components ourselves, which would result in increased costs and could result in delays in our product shipments and the release of new product offerings. Furthermore, we might be forced to limit the features available in our current or future products. If we fail to maintain or renegotiate any of these software licenses, we could face significant delays and diversion of resources in attempting to license and integrate a functional equivalent of the software. Any of these events could have a material adverse effect on our business, financial condition and results of operations.
Our products contain “open source” software, and any failure to comply with the terms of one or more of these open source licenses could negatively affect our business.
Certain of our products are distributed with software licensed under “open source” licenses. Some of these licenses contain requirements that we make available source code for modifications or derivative works we create based upon the open source software, and that we license these modifications or derivative works under the terms of a particular open source license or subject to certain license requirements. If we combine our proprietary software with open source software in a certain manner, we could, under certain provisions of the open source licenses, be required to release the source code of our proprietary software. In addition to risks related to license requirements, usage of open source software can subject us to greater risks than use of third-party commercial software, as licensors of open source software generally do not provide warranties or any indemnification for infringement of third party intellectual property rights. We have established processes to help alleviate these risks, including a review process for screening requests from our development organization for the use of open source software, but we cannot be sure that all open source software is submitted for approval prior to use in our products. In addition, open source license terms may be ambiguous and many of the risks associated with use of open source software cannot be eliminated, and could, if not properly addressed, negatively affect our business. If we were found to have inappropriately used open source software, we might be required to re-engineer our products, to release proprietary source code, to discontinue the sale of our products in the event re-engineering could not be accomplished on a timely basis or to take other remedial action that may divert resources away from our development efforts, any of which could adversely affect our business, operating results and financial condition. Disclosing the source code of our proprietary software could make it easier for malicious third parties to discover vulnerabilities in our cyber security products and allow our competitors to create similar products with decreased development effort and time. Any of these events could have a material adverse effect on our reputation, business, financial condition and results of operations.
Failure to protect our proprietary technology and intellectual property rights could substantially harm our business and operating results.
Our success depends, in part, on our ability to protect proprietary methods and technologies that we develop under the intellectual property laws of the United States and other countries, so that we can prevent others from using our inventions and proprietary information. We attempt to protect our intellectual property under patent, trademark, copyright and trade secret laws, and through a combination of confidentiality procedures, contractual provisions and other methods, all of which offer only limited protection. If we fail to protect our intellectual property rights adequately, our competitors might gain access to our technology, and our business might be harmed. In addition, defending our intellectual property rights might entail significant expenses. Any of our patents, copyrights, trademarks or other intellectual property rights may be challenged by others or invalidated through administrative process or litigation. Imperva and its subsidiaries had 38 issued patents and 18 patent applications pending as of March 31, 2018 in the United States. Our issued patents, which are limited in number compared to some of our competitors, may not provide us with any competitive advantages or may be challenged by third parties, and our patent applications may never be granted at all. Additionally, the process of obtaining patent protection is expensive and time-consuming, and we may not be able to prosecute all necessary or desirable patent applications at a reasonable cost or in a timely manner. Further, for strategic and other reasons we may choose not to seek patent protection for certain innovations and may choose not to pursue patent protection in certain jurisdictions. Even if issued, there can be no assurance that our patents will adequately protect our intellectual property, as the legal standards relating to the validity, enforceability and scope of protection of patent and other intellectual property rights are uncertain.
Any patents that are issued may subsequently be invalidated or otherwise limited, enabling other companies to better develop products that compete with ours, which could adversely affect our competitive business position, business prospects and financial condition. In addition, issuance of a patent does not guarantee that we have a right to practice the patented invention. Patent applications in the United States are typically not published until 18 months after filing, or in some cases not at all, and publications of discoveries in industry-related literature lag behind actual discoveries. We cannot be certain that we were the first to make the
56
inventions claimed in our issued
patents or pending patent applications or otherwise used in our products, that we were the first to file for protection in our patent applications, or that third parties do not have blocking patents that could be used to prevent us from marketing or practi
cing our patented products or technology. Effective patent, trademark, copyright and trade secret protection may not be available to us in every country in which our products and services are available. The laws of some foreign countries may not be as prot
ective of intellectual property rights as those in the United States, and mechanisms for enforcement of intellectual property rights may be inadequate. Accordingly, despite our efforts, we may be unable to prevent third parties from infringing upon or misa
ppropriating our intellectual property.
We might be required to spend significant resources to monitor and protect our intellectual property rights. We may initiate claims or litigation against third parties for infringement of our proprietary rights or to establish the validity of our proprietary rights. Any litigation, whether or not it is resolved in our favor, could result in significant expense to us and divert the efforts of our technical and management personnel, which may adversely affect our business, operating results and financial condition.
We may become subject to claims for remuneration or royalties for assigned service invention rights by our Israeli employees, which could result in litigation and adversely affect our business.
We have entered into assignment of invention agreements with our Israeli employees pursuant to which such individuals agree to assign to us all rights to any inventions created in the scope of their employment or engagement with us. A significant portion of our intellectual property has been developed by our Israeli employees in the course of their employment for us. Under the Israeli Patents Law, 5727-1967 (the “Patents Law”), inventions conceived by an employee during the scope of his or her employment with a company are regarded as “service inventions,” which belong to the employer, absent a specific agreement between the employee and employer giving the employee service invention rights. The Patents Law also provides that if there is no such agreement between an employer and an employee, the Israeli Compensation and Royalties Committee (the “Committee”), a body constituted under the Patents Law, shall determine whether the employee is entitled to remuneration for his or her inventions. The Committee has previously held that employees may be entitled to remuneration for intellectual property that they develop during their service for a company despite their explicit waiver of such right. In a recent decision, however, the Committee overturned its position and upheld that an employee’s waiver of his right to remuneration is valid and binding. The plaintiff in this last case filed a petition with the Israeli Supreme Court requesting to remand the case to the Committee for a second review, but the Israeli Supreme Court decided on July 8, 2015 that the Committee acted within its administrative authority and that it would not intervene in the Committee’s decision. Even though the decision still stands, the Committee’s inconsistency raises doubt as to the outcome in different sets of circumstances. Thus, although our Israeli employees have agreed to assign to us service invention rights, we may face claims demanding remuneration in consideration for assigned inventions. As a consequence of such claims, we could be required to pay additional remuneration or royalties to our current and/or former Israeli employees, or be forced to litigate such claims, which could negatively affect our business.
Confidentiality agreements with partners, employees, consultants and others may not adequately prevent disclosure of trade secrets and other proprietary information.
In order to protect our proprietary technology, processes and methods, we rely in part on confidentiality agreements and other restrictions with our customers, partners, employees, consultants and others. These agreements may not effectively prevent disclosure of confidential information and may not provide an adequate remedy in the event of unauthorized disclosure of confidential information. Despite our efforts to protect our proprietary technology, processes and methods, unauthorized parties may attempt to misappropriate, reverse engineer or otherwise obtain and use them. We may be unable to determine the extent of any unauthorized use or infringement of our products, technologies or intellectual property rights. In addition, others may independently develop identical or substantially similar technology and in these cases we would not be able to assert any trade secret rights against those parties. Moreover, policing unauthorized use of our technologies, products and intellectual property is difficult, expensive and time-consuming, particularly in foreign countries where the laws may not be as protective of intellectual property rights as those in the United States and where mechanisms for enforcement of intellectual property rights may be weak. Costly and time-consuming litigation could be necessary to enforce and determine the scope of our proprietary rights, and failure to obtain or maintain trade secret protection could adversely affect our competitive business position.
We are subject to governmental export and import controls that could subject us to liability or impair our ability to compete in international markets.
Our business activities are subject to various restrictions under U.S. export controls and trade and economic sanctions laws, including the U.S. Commerce Department’s Export Administration Regulations and economic and trade sanctions regulations maintained by the U.S. Treasury Department’s Office of Foreign Assets Control (“OFAC”). If we fail to comply with these laws and regulations, we could be subject to civil or criminal penalties and reputational harm. U.S. export control laws and economic sanctions laws also prohibit certain transactions with U.S. embargoed or sanctioned countries, governments, persons and entities.
57
Many of our products incorporate encryption technology and may be exported outside the U.S. only if we obtain an export license or qualify for an export license exception. Compliance with applicable
regulatory requirements regarding the export of our products may prevent our customers with international operations from deploying our products throughout their global systems or, in some cases, prevent the export of our products to some countries altoge
ther. Further, various countries regulate the import of encryption technology and appliance-based products and have enacted laws that could limit our ability to distribute products, could create delays in the introduction of our products in those countries
or could limit our customers’ ability to implement our products in those countries.
U.S. export control laws and economic sanctions prohibit the shipment of certain products to U.S. embargoed or sanctioned countries, governments and persons. While we and our channel partners take precautions to prevent our products from being shipped to, downloaded or accessed by U.S. sanctions targets, our products could be shipped to, downloaded or accessed by persons located in countries that are the subject of U.S. embargoes despite our efforts. Any such shipment or access could have negative consequences, including government investigations, penalties and reputational harm. For example, in 2015, we discovered that some of our free downloadable software evaluation products may have been downloaded by a limited number of persons located in countries that are the subject of U.S. embargoes. We terminated the unauthorized accounts, filed an initial disclosure with the U.S. Commerce Department’s Bureau of Industry and Security (“BIS”) and with OFAC and filed final reports with BIS and OFAC on September 2, 2015 and September 22, 2015, respectively. We have implemented new screening measures designed to prevent users in embargoed countries and prohibited persons from purchasing, downloading or accessing our free downloadable evaluation software or other products or services. OFAC issued a cautionary letter on October 14, 2015 as a final enforcement response to the apparent violations and did not impose any monetary penalties. BIS issued a warning letter on October 5, 2016 in response to our voluntary self-disclosure and closed the matter, having determined not to take any further action. Even though we take precautions to prevent transactions with U.S. sanctions targets, any such precautions, or any new precautions we may implement in the future, may be ineffective. As a result, there is risk that in the future we could provide our products to or permit our products to be downloaded or accessed by such targets despite these precautions. This could result in negative consequences to us, including government investigations, penalties and reputational harm.
In the future, there may be changes in our products or changes in export and import regulations or economic sanctions. Similarly, there may be shifts in the enforcement or scope of existing regulations or restrictions or changes in the countries, governments, persons or technologies targeted by such regulations and restrictions. Such changes and shifts may create delays in the introduction and sale of our products in international markets, could result in decreased use of our products or, in some cases, prevent the sale of our products to certain countries, governments or persons altogether, including by current customers or potential customers. Any such limitation, delay, restriction or reduction could adversely affect our business, financial condition, results of operations and prospects.
Conditions in Israel may limit our ability to develop and sell our products. This could result in a decline in revenue.
Our principal research and development facilities are located in Israel. Since the establishment of the State of Israel in 1948, a number of armed conflicts have taken place between Israel and its neighboring countries, as well as incidents of civil unrest, and a number of state and non-state actors have publicly committed to its destruction. Political, economic and military conditions in Israel could directly affect our operations. We could be adversely affected by any major hostilities involving Israel, including acts of terrorism or any other hostilities involving or threatening Israel, the interruption or curtailment of trade between Israel and its trading partners, a significant increase in inflation or a significant downturn in the economic or financial condition of Israel. Any on-going or future violence between Israel and the Palestinians, including a resumption of the conflict in Gaza, armed conflicts, terrorist activities, tension along the Israeli borders or with other countries in the region, including Iran, or political instability in the region could disrupt international trading activities in Israel and may materially and negatively affect our business and could harm our results of operations.
Certain countries, as well as certain companies and organizations, continue to participate in a boycott of Israeli companies, companies with large Israeli operations and others doing business with Israel and Israeli companies. In addition, such boycott, restrictive laws, policies or practices may change over time in unpredictable ways, and could, individually or in the aggregate, have a material adverse effect on our business in the future.
Some of our employees in Israel are obligated to perform annual military reserve duty in the Israel Defense Forces, depending on their age and position in the armed forces. Furthermore, they may be called to active reserve duty at any time under emergency circumstances for extended periods of time. For example, in 2017, approximately 70 of our employees in Israel were called for active reserve duty, each serving for an average of nine days. Our operations could be disrupted by the absence of one or more of our executive officers or key employees for a significant period due to military service, and any significant disruption in our operations could harm our business.
58
Our internal network system and website may be subject to intentional disruption that could adversely impact our reputation and future sales.
Because we are a leading provider of cyber security products, hackers and others may try to access our data or compromise our systems. Similarly, experienced computer programmers may attempt to penetrate our network security or the security of our website and cause interruptions of our services. Because the techniques used by hackers to access or sabotage networks change frequently and may not be recognized until launched against a target, we may be unable to anticipate these techniques. The theft and/or unauthorized use or publication of our trade secrets and other confidential business information as a result of such an event could adversely affect our competitive position, reputation, brand and future sales of our products, and could impair our ability to operate our business, including our ability to provide subscription or maintenance and support services to our customers. We could suffer monetary and other losses and reputational harm in the event of such incidents.
Outages, interruptions or delays in hosting services could impair the delivery of our cloud-based security services and harm our business.
We operate infrastructure that supports our ThreatRadar and Security Operations Center services and use third party hosting facilities for certain ThreatRadar services. Despite precautions taken within our own internal network and at these third party facilities, the occurrence of a natural disaster or an act of terrorism or other unanticipated problems could result in lengthy interruptions in our services.
The cloud-based security services that we provide through our subsidiary, Incapsula, are operated from a network of third party facilities that host the software and systems that operate these security services. Any damage to, or failure of, our internal systems or systems at third party hosting facilities could result in outages or interruptions in our cloud-based services. Outages or interruptions in our cloud-based security services may cause our customers and potential customers to believe our cloud-based security services are unreliable or suffer from perceived vulnerabilities, cause us to issue credits or pay penalties, cause customers to terminate their subscriptions and adversely affect our renewal rates and our ability to attract new customers, ultimately harming our business and revenue. Our Incapsula service has experienced outages in the past and we may continue to experience such outages in the future.
Changes in our provision for income taxes or adverse outcomes resulting from examination of our income tax returns could adversely affect our results.
We are subject to income taxation in the United States and numerous foreign jurisdictions, including Israel. Determining our provision for income taxes requires significant management judgment. Our provision for income taxes is subject to volatility and many factors could adversely impact it. Such factors include, among others, changes to our operating or holding structure, changes in the amounts of earnings in jurisdictions with differing statutory tax rates, changes in the valuation of deferred tax assets and liabilities, and changes in tax laws. In particular, changes to tax laws applicable to corporate multinationals in the countries in which we do business could adversely affect our effective tax rates, cause us to change the way in which we structure our business or result in other costs to us.
On December 22, 2017, the U.S. Tax Cuts and Jobs Act of 2017 (the “Tax Act”) was enacted. The Tax Act represents a significant change to the U.S. federal tax code. It lowers the U.S. statutory tax rate from 35% to 21% for years after 2017, and also includes a number of provisions that could adversely impact our U.S. federal income tax position in a reporting period, including the limitation of the utilization of net operating losses generated after 2018 to 80 percent of taxable income but allow for indefinite carryforward of these net operating losses, and a minimum tax on certain foreign earnings in excess of 10 percent of the foreign subsidiaries’ tangible assets. We have remeasured our U.S. deferred tax assets as of December 31, 2017 to reflect the reduced rate that will apply in future periods when the deferred tax assets reverse, offset by a change in valuation allowance, resulting in a net impact of an approximately $0.2 million tax benefit. In connection with the provisional analysis, the Company recorded additional income tax benefit of $0.2 million during the three months ended March 31, 2018. Our final determination of the Tax Act’s impact on deferred tax assets and the related valuation allowance requirements may differ from our estimates due to, among other factors, changes in interpretations of the Tax Act, our analysis of the Tax Act, or any updates or changes to estimates that we have utilized to calculate the transition impacts, including impacts from changes to current year earnings estimates and assertions. In addition, any further changes to tax laws applicable to corporate multinationals in the countries in which we do business could adversely affect our effective tax rates, cause us to change the way in which we structure our business or result in other costs to us.
In addition, on April 22, 2018, the Israeli Supreme Court published a decision confirming the Tel-Aviv District Court ruling in Kontera Technologies Ltd. vs. Tel Aviv Field Office 3. The Court decided that expenses for employee stock-based compensation should be included in the cost base of an Israeli research and development subsidiary implementing a cost-plus arrangement and denied the corresponding tax deduction to the Israeli subsidiary in accordance with the specific provisions of section 102 of the Israeli Income Tax Ordinance. As a result of the Court’s decision, we have reassessed our uncertain tax positions and expect to record additional tax expense for the second quarter of 2018 pursuant to Accounting Standards Codification (“ASC”) 740-10-25-8 on uncertain tax positions and 740-10-35-2 on information affecting the measurement of tax positions. We currently expect to record an adjustment to our tax reserves in second quarter of the fiscal 2018 between $18.0 million and $21.0 million, which includes tax liability and interest.
59
Significant judgment is required to determine the recognition and measurement attributes prescribed
under ASC
740-
10.
In addition, ASC
740-
10
applies to all income tax positions, including the potential recovery of previously paid taxes, which if settled unfavorably could adversely impact our provision for income taxes or additional paid-in capital. In addition, we are subject to the con
tinuous examination of our income tax returns by the U.S. Internal Revenue Service and other tax authorities.
For example, we
are
currently under audit by the Israeli Tax Authority
.
The audit includes the review of our intercompany charges, cross-jurisdict
ional transfer pricing, determinations regarding the inclusion of stock-based compensation expense as part of a cost-plus arrangement and taxes owed on the purchase and sale of Skyfence intellectual proper
ty and related assets in 2017.
While we regularly a
ssess the likely outcomes of these examinations to determine the adequacy of our provision for income taxes, there can be no assurance that the outcomes of such examinations will not have a material impact on our operating results and cash flows.
Our ability to utilize net operating loss carryforwards may be subject to limitations and may result in increased future tax liability to us.
Our ability to utilize net operating loss carryforwards to offset our future tax liability would be limited if we were to undergo an “ownership change” within the meaning of Section 382 of the Internal Revenue Code. Generally, a change of more than 50% in the ownership of a corporation’s stock, by value, over a three-year period constitutes an ownership change for U.S. federal and applicable state income tax purposes. In the event we undergo an ownership change under Section 382, if we earn net taxable income, our ability to use our pre-change net operating loss carryforwards to offset U.S. federal taxable income may become subject to limitations, which could potentially result in increased future tax liability to us.
Our business is subject to the risks of earthquakes, fire, power outages, floods and other catastrophic events, and to interruption by manmade events such as terrorist attacks.
A significant natural disaster, such as an earthquake, fire or a flood, or a significant power outage could have a material adverse impact on our business, financial condition and results of operations. Our corporate headquarters are located in the San Francisco Bay Area, a region known for seismic activity, on land reclaimed from the bay that is susceptible to high liquefaction risk in the event of an earthquake. In addition, natural disasters could affect our manufacturing vendors or logistics providers’ ability to perform services such as manufacturing products on a timely basis and assisting with shipments on a timely basis. In the event our service providers’ information technology systems or manufacturing or logistics abilities are hindered by any of the events discussed above, shipments could be delayed, resulting in missing financial targets, such as revenue and shipment targets, for a particular quarter. Further, if a natural disaster occurs in a region from which we derive a significant portion of our revenue, customers in that region may delay or forego purchases of our products, which may materially and adversely impact our results of operations for a particular period. In addition, acts of terrorism could cause disruptions in our business or the business of our manufacturer, logistics providers, partners, customers or the economy as a whole. Given our typical concentration of sales at each quarter end, any disruption in the business of our manufacturer, logistics providers, partners or customers that impacts sales at the end of our quarter could have a significant adverse impact on our quarterly results. All of the aforementioned risks may be augmented if the business continuity plans for us and our suppliers prove to be inadequate. To the extent that any of the above results in delays or cancellations of customer orders, or the delay in the manufacture, deployment or shipment of our products, our business, financial condition and results of operations would be adversely affected.
Risks Related to Ownership of our Common Stock
If we fail to maintain an effective system of disclosure controls and procedures and internal controls over financial reporting, our ability to produce accurate financial statements or comply with applicable regulations could be impaired.
As a public company, we are subject to the reporting requirements of the Exchange Act, the Sarbanes-Oxley Act of 2002 (the “Sarbanes-Oxley Act”), and the rules and regulations of the NASDAQ Stock Market LLC. We expect that the requirements of these rules and regulations will continue to increase our legal, accounting and financial compliance costs, make some activities more difficult, time-consuming and costly and place strains on our personnel, systems and resources.
The Sarbanes-Oxley Act requires, among other things, that we maintain effective disclosure controls and procedures and internal control over financial reporting. We are continuing to develop and refine our disclosure controls and other procedures that are designed to ensure that information required to be disclosed by us in the reports that we file with the SEC is recorded, processed, summarized and reported within the time periods specified in the SEC’s rules and forms. Our current controls and any new controls that we develop may become inadequate because of changes in conditions, and the degree of compliance with the policies or procedures may deteriorate. In addition, weaknesses in our internal controls over financial reporting may be discovered in the future. Our filings with the SEC are subject to periodic review by the SEC, and our auditors are subject to periodic inspection by the Public Company Accounting Oversight Board. Any failure to maintain effective controls over financial reporting, any difficulties encountered in the implementation of additional controls or the improvement of existing controls, or any issues that emerge as a result of regulatory review, could harm our operating results or cause us to fail to meet our reporting obligations and may result in a revision or restatement of our prior period financial statements. Any failure to maintain effective internal controls also could adversely affect the results of periodic management evaluations and annual independent registered public accounting firm attestation reports regarding the effectiveness of our internal control over financial reporting that we are required to include in our annual reports filed with the SEC under Section 404 of the Sarbanes-Oxley Act. Ineffective disclosure controls and procedures and internal control over financial
60
reporting could also cause investors to lose confidence in our reported financial and other information, which would likely have a negative effect on the
trading price of our common stock.
For example, in connection with the review of our interim condensed consolidated financial statements in our Form 10-Q filed with the SEC on November 7, 2014, management, including our then-current chief executive officer and chief financial officer, assessed the effectiveness of our disclosure controls and procedures as of September 30, 2014. Based on that assessment, management concluded that our disclosure controls and procedures were not effective as of September 30, 2014, because of a material weakness in internal control over financial reporting related to insufficient oversight and review controls to ensure the proper determination of stock-based compensation expense for certain complex equity awards that were not issued in the ordinary course. While these control deficiencies were remediated, we continue to identify risks and make improvements to our internal controls and we cannot assure you that additional material weaknesses in our internal control over financial reporting will not be identified in the future.
In order to maintain and improve the effectiveness of our disclosure controls and procedures and internal control over financial reporting, we have expended significant resources, and anticipate that we will continue to add personnel and provide significant management oversight, which involve substantial accounting-related costs. Any failure to maintain the adequacy of our internal controls, or consequent inability to produce accurate financial statements on a timely basis, could increase our operating costs and could materially impair our ability to operate our business. In the event that we are not able to continue to demonstrate compliance with Section 404 of the Sarbanes-Oxley Act in a timely manner, that our internal controls are perceived as inadequate or that we are unable to produce timely or accurate financial statements, investors may lose confidence in our operating results and our stock price could decline. In addition, if we are unable to continue to meet these requirements, we may not be able to remain listed on the NASDAQ Global Select Market.
We also have implemented elements of a disaster recovery/business continuity plan for our accounting and related information technology systems but we have not yet implemented a complete disaster recovery/business continuity plan that covers all of our operations. If the elements that we have developed and plan to develop in the future prove inadequate in the circumstances of a particular disaster or other business continuity event, our ability to maintain timely accounting and reporting may be materially impaired.
Market volatility may affect our stock price and the value of your investment
The trading prices of the securities of technology companies generally, and of our stock in particular, have been highly volatile. The market price of our common stock may fluctuate significantly in response to a number of factors, most of which we cannot predict or control, including:
|
•
|
announcements of new products, services or technologies, commercial relationships, acquisitions, dispositions, strategic partnerships, joint ventures, capital commitments or other events by us or our competitors;
|
|
•
|
fluctuations in operating performance and in stock market prices and trading volumes of securities of other technology companies generally, or those in our industry in particular;
|
|
•
|
general market conditions and overall price and volume fluctuations in U.S. equity markets;
|
|
•
|
actual or anticipated variations in our operating results, or the operating results of our competitors;
|
|
•
|
the financial and other projections we may provide to the public, any changes in these projections or our failure to meet these projections or changes in our financial guidance or securities analysts’ estimates of our financial performance;
|
|
•
|
failure of securities analysts to maintain coverage of us, changes in financial or other estimates by any securities analysts who follow us, or our failure to meet these estimates or the expectations of our investors;
|
|
•
|
ratings or other changes by any securities analysts who follow our company or our industry;
|
|
•
|
announcements of restructurings, reductions in force, departure of senior management or key employees and/or consolidation of operations;
|
|
•
|
sales or purchases of large blocks of our common stock, including by our executive officers, directors, significant stockholders and activist stockholders;
|
|
•
|
rumors and market speculation involving Imperva or other companies in our industry, particularly with respect to strategic transactions; and
|
|
•
|
lawsuits threatened or filed against us and changing legal or regulatory developments in the United States and other countries.
|
In addition, the stock market in general, and the NASDAQ Stock Market in particular, have experienced substantial price and volume volatility that is often seemingly unrelated to the operating performance of particular companies. These broad market
61
fluctuations or factors affecting us more specifically may cause the trading price of our common stock to decline. In the past, securities class action litigation h
as often been brought against a company after a period of volatility in the market price of its common stock.
We face risks related to securities litigation that could result in significant legal expenses and settlement or damage awards.
We have been and may in the future become subject to claims and litigation alleging violations of the securities laws or similar claims, which could harm our business and require us to incur significant costs. For example, on April 11, 2014, a purported stockholder class action lawsuit was filed in the United States District Court for the Northern District of California against us and certain of our officers alleging that we made false and misleading statements and purporting to assert claims for violations of the federal securities laws, and seeking unspecified compensatory damages and other relief. As described further in Part II, Item 1 (Legal Proceedings), in January 2018 the court gave its final approval for the settlement of this matter, but future litigation of this type may require significant attention from management and could result in significant legal expenses, settlement costs or damage awards that could have a material impact on our financial position, results of operations and cash flows.
If securities or industry analysts do not publish research or publish inaccurate or unfavorable research about our business, our stock price and trading volume could decline.
The trading market for our common stock will depend in part on the research and reports that securities or industry analysts publish about us or our industry. If we do not establish and maintain adequate research coverage or if one or more of the analysts who covers us downgrades our stock or publishes inaccurate or unfavorable research about our business, our stock price would likely decline. If one or more of these analysts ceases coverage of our company or fails to publish reports on us regularly, demand for our stock could decrease, which could cause our stock price and trading volume to decline.
We do not intend to pay dividends on our common stock so any returns will be limited to the value of our stock.
We have never declared or paid any cash dividend on our common stock. We currently anticipate that we will retain future earnings for the development, operation and expansion of our business and do not anticipate declaring or paying any cash dividends for the foreseeable future. Any return to stockholders will therefore be limited to the value of their stock.
Anti-takeover provisions in our charter documents and under Delaware law could make an acquisition of us, which may be beneficial to our stockholders, more difficult and may prevent attempts by our stockholders to replace or remove our current management.
Provisions in our restated certificate of incorporation and amended and restated bylaws may delay or prevent an acquisition of us or a change in our management. These provisions include:
|
•
|
authorizing “blank check” preferred stock, which could be issued by the board without stockholder approval and may contain voting, liquidation, dividend and other rights superior to our common stock, which would increase the number of outstanding shares and could thwart a takeover attempt;
|
|
•
|
a classified board of directors whose members can be dismissed only for cause;
|
|
•
|
the prohibition on actions by written consent of our stockholders;
|
|
•
|
the limitation on who may call a special meeting of stockholders;
|
|
•
|
the establishment of stock ownership and advance notice requirements for stockholders who intend to submit proposals to be acted upon at stockholder meetings, including nominations of persons for election to our board of directors; and
|
|
•
|
the requirement that we must obtain the affirmative vote of at least 75% of all outstanding shares of capital stock to approve amendments to certain provisions of our certificate of incorporation.
|
In addition, because we are incorporated in Delaware, we are governed by the provisions of the anti-takeover provisions of the Delaware General Corporation Law, which may discourage, delay or prevent a change in control by prohibiting us from engaging in a business combination with an interested stockholder for a period of three years after the person becomes an interested stockholder, even if a change of control would be beneficial to our existing stockholders. Although we believe these provisions collectively provide for an opportunity to obtain greater value for stockholders by requiring potential acquirers to negotiate with our board of directors, they would apply even if an offer rejected by our board were considered beneficial by some stockholders. In addition, these provisions may frustrate or prevent any attempts by our stockholders to replace or remove our current management by making it more difficult for stockholders to replace members of our board of directors, which is responsible for appointing the members of our management.
62
We previously announced a review of strategic alternatives and our subsequent decision to remain a standalone company, which may result in lingering uncertainty about ou
r prospects.
On August 4, 2016, we announced that we retained advisors to assist us in a comprehensive review of strategic alternatives and on November 3, 2016, we announced that we had concluded the review process. The process did not result in a transaction or any other specific strategic action, but did result in a restructuring plan that was also announced. These announcements may result in a perception from time to time that there is uncertainty about our prospects as a standalone entity, and may lead to rumors of instability, irrespective of the actual circumstances, which may be exploited by our competitors, cause concern to our current or potential customers and partners, and make it more difficult to attract and retain qualified personnel. Such issues or perceptions may negatively impact our business, disrupt our operations and divert the attention of management and our employees, all of which could materially and adversely affect our operations and operating results. In addition, our stock price may experience periods of increased volatility as a result of prolonged rumors and speculation about our business. Further, while we have concluded the review of strategic alternatives, it is possible that a strategic transaction or other type of strategic action may arise in the future.
Our business could be negatively affected by stockholder activism, which could impact the trading price and volatility of our common stock.
An activist investor, Elliott Associates, L.P., and its affiliates (“Elliott”), took an ownership position in our common stock in June 2016. In February 2018, Elliott disclosed in its Schedule 13D/A that it economically owns approximately 6.0% of our common stock (with additional economic exposure through derivatives of less than 1.0% of our common stock). From time to time Elliott has communicated its opinions to us regarding strategic and operational opportunities that it believes would meaningfully increase value to our stockholders. In the future, Elliott may take actions that could be costly and time-consuming to us, disrupt our operations and divert the attention of management and our employees, such as public proposals and requests for special meetings, potential nominations of candidates for election to our board of directors, requests to pursue a strategic combination or other transaction, or other special requests. Additionally, perceived uncertainties as to our future direction or changes to the composition of our board may be exploited by our competitors, cause concern to our current or potential customers and partners, and make it more difficult to attract and retain qualified personnel. Such uncertainties may adversely impact our business and future financial results. In addition, our stock price may experience periods of increased volatility as a result of stockholder activism, including in reaction to any future acquisition or disposition of our common stock by Elliott or other activists.
63