Item 1A. Risk Factors
Risks Related to Our Business and Industry
We have a history of losses, may not be able to achieve or sustain profitability in the future and expect to incur significant losses for the foreseeable future.
We have incurred net losses in all periods since our inception, and we expect we will continue to incur net losses for the foreseeable future. We had an accumulated deficit of $546.1 million as of December 31, 2022 and experienced losses from continuing operations of $80.1 million and $54.2 million for the years ended December 31, 2022 and 2021, respectively. Because the market for our products and services is rapidly evolving, it is difficult for us to predict the future results of our operations. Our growth efforts may prove more expensive than we currently anticipate, and we may not succeed in increasing our revenues sufficiently, or at all, to offset expenses. In addition to the expected costs to grow our business, we also expect to continue to incur significant legal, accounting and other expenses as a public company. Revenue growth may slow or revenue may decline for a number of possible reasons, including slowing demand for our products or services,
increasing competition, a decrease in the growth of, or a demand shift in, our overall market, or a failure to capitalize on growth opportunities. Any failure to increase our revenue as we grow our business could prevent us from achieving or maintaining profitability or maintaining or increasing cash flow on a consistent basis. If we fail to increase our revenue to offset our operating expenses, we may not achieve or sustain profitability in the future.
Our failure to become and remain profitable may depress the market price of our common stock and could impair our ability to raise capital, expand our business, diversify our product offerings or continue our operations. If we continue to suffer losses as we have in the past, investors may not receive any return on their investment and may lose their entire investment.
We believe our long-term value as a company will be greater if we focus on growth, which may negatively impact our losses in the near term.
Part of our business strategy is to primarily focus on our long-term growth. As a result, our losses may be greater in the near term than it would be if our strategy were to maximize short-term profitability. Significant expenditures on sales and marketing efforts, and expenditures on growing our Zero Trust solutions and expanding our research and development, each of which we intend to continue to invest in, may not ultimately grow our business or cause long-term profitability. If we are ultimately unable to achieve profitability at the level anticipated by industry or financial analysts and our stockholders, our stock price may decline.
We face significant competition and could lose market share to our competitors, which could adversely affect our business, financial condition and results of operations.
The market for cybersecurity solutions is competitive and characterized by rapid changes in technology, customer requirements, industry standards and frequent introductions of new and improvements of existing products and services. Our business model of delivering security products through the Zero Trust model has not yet gained widespread market traction as the Zero Trust model is still an emerging solution. Moreover, we compete with many established network and cybersecurity vendors, as well as new entrants. As customer requirements evolve, and as new products, services and technologies are introduced, if we are unable to anticipate or effectively react to these competitive challenges, our competitive position could weaken, and we could experience a decline in revenue or our growth rate that could materially and adversely affect our business and results of operations.
Our competitors and potential competitors include:
• independent security vendors and providers, such as Zscaler, Inc. and Netskope, Inc.;
• large networking and security vendors, such as Cisco Systems, Inc. and Palo Alto Networks, Inc.;
• cloud providers who include similar security offerings within their platforms, such as Microsoft Corporation and Google LLC;
• anti-fraud and risk-based authentication providers, such as Outseer (RSA Security LLC), Broadcom Inc. (which acquired CA Technologies), Guardian Analytics, Inc. and BioCatch Ltd.;
• digital threat protection providers such as Outseer (RSA Security LLC), PhishLabs, Inc. and ZeroFox, Inc.; and
• other providers of cybersecurity services that offer, or may leverage related technologies to introduce, products that compete with or are alternatives to our Zero Trust solutions.
Many of our existing competitors have, and some of our potential competitors could have, substantial competitive advantages such as:
• greater name recognition, longer operating histories and larger customer bases;
• larger sales and marketing budgets and resources;
• broader distribution and established relationships with channel partners and customers;
• greater customer support resources;
• greater resources to make acquisitions and enter into strategic partnerships;
• lower labor and research and development costs;
• larger and more mature intellectual property rights portfolios; and
• substantially greater financial, technical and other resources.
In addition, our competitors may develop technology solutions with architectures similar to our products. Our larger competitors have substantially broader and more diverse product and services offerings, which may allow them to leverage
their relationships based on other products or incorporate functionality into existing products to gain business in a manner that discourages users from purchasing our products or services, including through selling at zero or negative margins, offering concessions, bundling products or maintaining closed technology platforms. Many competitors that specialize in providing protection from a single type of security threat may be able to deliver these targeted security products to the market more quickly than we can or to convince organizations that these limited products meet their needs.
Conditions in our market could change rapidly and significantly as a result of technological advancements, partnering or acquisitions by our competitors or continuing market consolidation. Start-up companies that innovate and large competitors that are making significant investments in research and development may invent similar or superior products, services and technologies that compete with our Zero Trust and other solutions. Some of our current or potential competitors have made or could make acquisitions of businesses or establish cooperative relationships that may allow them to offer more directly competitive and comprehensive solutions than were previously offered and adapt more quickly to new technologies and customer needs. These competitive pressures in our market or our failure to compete effectively may result in price reductions, fewer orders, reduced revenue and gross margins, increased net losses and loss of market share. Any failure to meet and address these factors could materially harm our business and operating results.
Our operating results may fluctuate significantly, which could make our future results difficult to predict and could cause our operating results to fall below expectations.
Our operating results may fluctuate from quarter to quarter as a result of a number of factors, many of which are outside of our control and may be difficult to predict. Some of the factors that may cause our results of operations to fluctuate from quarter to quarter include:
• broad market acceptance and the level of demand for our products and services;
• our ability to attract new customers, particularly large enterprises;
• our ability to retain customers and expand their usage of our Zero Trust solutions, particularly our largest customers;
• our ability to successfully expand internationally and penetrate key markets;
• the effectiveness of our sales and marketing programs;
• the length of our sales cycle, including the timing of renewals;
• technological changes and the timing and success of new service introductions by us or our competitors or any other change in the competitive landscape of our market;
• increases in and timing of operating expenses that we may incur to grow and expand our operations and to remain competitive;
• pricing pressure as a result of competition or otherwise;
• the quality and level of our execution of our business strategy and operating plan;
• adverse litigation judgments, settlements or other litigation-related costs;
• a possible downturn in cybersecurity spending due to a macroeconomic downturn;
• changes in the legislative or regulatory environment; and
• general economic conditions in either domestic or international markets, including geopolitical uncertainty and instability and global health crises and pandemics, such as COVID-19, and governmental responses thereto.
In addition, we generally experience seasonality in terms of when we enter into agreements with customers. We typically enter into a higher percentage of agreements with new customers, as well as renewal agreements with existing customers, in the first and fourth quarters of our fiscal year. This seasonality is reflected to a much lesser extent, and sometimes is not immediately apparent, in revenue, due to the fact that we generally recognize subscription revenue with respect to term-based and perpetual licenses up-front, which is generally one to three years. We expect that seasonality will continue to affect our operating results in the future and may reduce our ability to predict cash flow and optimize the timing of our operating expenses.
Any one or more of the factors above may result in significant fluctuations in our results of operations. As a result, our historical operating results are not a reliable indicator of future performance.
Additionally, the variability and unpredictability of our quarterly results of operations or other operating metrics could result in our failure to meet our expectations or those of industry or financial analysts. If we fail to meet or exceed such expectations for these or any other reasons, the market price of our common stock could fall substantially.
Future acquisitions, strategic investments, partnerships or alliances could be difficult to identify and integrate, divert the attention of key management personnel, disrupt our business, dilute stockholder value and adversely affect our operating results, financial condition and prospects.
Our business strategy may, from time to time, include acquiring other complementary solutions, technologies or businesses. We have in the past acquired, and may in the future acquire, businesses that we believe will complement or augment our existing business. In order to expand our security offerings and features, we also may enter into relationships with other businesses, which could involve preferred or exclusive licenses, additional channels of distribution or investments in other companies. Negotiating these transactions can be time-consuming, difficult and costly, and our ability to close these transactions may be subject to third-party approvals, such as government regulatory approvals, which are beyond our control. Consequently, we cannot assure you that these transactions, once undertaken and announced, will close.
These kinds of acquisitions or investments may result in unforeseen operating difficulties and expenditures. In particular, we may encounter difficulties assimilating or integrating the businesses, technologies, products and services, personnel or operations of companies that we may acquire, particularly if the key personnel of an acquired business choose not to work for us. We may have difficulty retaining the customers of any acquired business or using or continuing the development of the acquired technologies. Acquisitions may also disrupt our ongoing business, divert our resources and require significant management attention that would otherwise be available for development of our business. We may not successfully evaluate or utilize the acquired technology or personnel, or accurately forecast the financial impact of an acquisition transaction, including accounting charges. Any acquisition or investment could expose us to unknown liabilities. Moreover, we cannot assure you that the anticipated benefits of any acquisition or investment would be realized or that we would not be to unknown liabilities. In connection with these types of transactions, we may:
• issue additional equity securities that would dilute our stockholders;
• use cash that we may need in the future to operate our business;
• incur debt on terms unfavorable to us or that we are unable to repay;
• incur large charges or substantial liabilities;
• encounter difficulties integrating diverse business cultures;
• incur impairments; and
• become subject to adverse tax consequences, substantial depreciation or deferred compensation charges.
These challenges related to acquisitions or investments could adversely affect our business, operating results, financial condition and prospects.
False positive or false negative detection of risk, application tampering, viruses, spyware, vulnerability exploits, data patterns, or URL categories could adversely affect our business.
Our risk level determinations of application integrity, web-injections, potential vulnerability exploits, data leaks, or phishing and pharming URL categories may falsely report and alert on fraud risk threats that do not actually exist or fail to detect legitimate threats. Appgate determines risk threats using classifiers, analyzers, and machine learning model features in our products, which attempt to identify indicators of fraud risk and other threats both based on known indicators and characteristics or unknown anomalies which indicate that a particular item may be a threat. Due to customer configurable risk and threat tolerance thresholds, our customers may perceive false detections or detections as system unreliability, thereby impacting market acceptance of our products. If our products are used by customers to restrict consumer access to applications based on determining risk, this could affect end-customers’ user experience and result in to our reputation, publicity and decreased sales.
If our software does not interoperate with our customers’ network and security infrastructure or with third-party products, websites or services, our products may become less competitive and our results of operations may be harmed.
Our products and services must interoperate with our customers’ existing network and security infrastructure. These complex systems are developed, delivered and maintained by the customer and a myriad of vendors and service providers. As a result, the components of our customers’ infrastructure have different specifications, rapidly evolve, utilize multiple protocol standards, include multiple versions and generations of products and may be highly customized. We must be able to interoperate and provide our security products and services to customers with highly complex and customized networks, which requires careful planning and execution between our customers, our customer support teams and our channel partners. Further, when new or updated elements of our customers’ infrastructure or new industry standards or protocols
are introduced, we may have to update or enhance our software to allow us to continue to provide service to customers. Any changes in such technologies that degrade the functionality of our products or give preferential treatment to competitive services could adversely affect adoption and usage of our products and services. Our competitors or other vendors may refuse to work with us to allow their products to interoperate with our solutions, which could make it difficult for our software to function properly in customer networks that include these third-party products.
We may not deliver or maintain interoperability quickly or cost-effectively, or at all. These efforts require capital investment and engineering resources. If we fail to maintain compatibility of our products and services with our customers’ network and security infrastructures, our customers may not be able to fully utilize our solutions, and we may, among other consequences, lose or fail to increase our market share and experience reduced demand for our services, which would materially harm our business, operating results and financial condition.
If we fail to develop or introduce new enhancements to our products on a timely basis, our ability to attract and retain customers, remain competitive and grow our business could be impaired. Our current research and development efforts may not produce successful products that result in significant revenue, cost savings or other benefits in the near future, if at all.
The industry in which we compete is characterized by rapid technological change, frequent introductions of new products and services, evolving industry standards and changing regulations, as well as changing customer security needs, technology requirements and preferences. Our ability to attract new customers and increase revenue from existing customers will depend in significant part on our ability to anticipate and respond effectively to these changes on a timely basis and continue to introduce enhancements to our products and services.
The success of our products depends on our continued investment in our research and development organization to increase the functionality, reliability, availability and scalability of our existing solutions. Our investments in research and development may not result in significant design improvements, marketable products, subscriptions, or features, or may result in products or services that are more expensive than anticipated. Additionally, we may not achieve the cost savings or the anticipated performance improvements we expect, and we may take longer to generate revenue, or generate less revenue, than we anticipate. Our future plans include significant investments in research and development and related product and service opportunities. We believe that we must continue to dedicate a significant amount of resources to our research and development efforts to maintain our competitive position. However, we may not receive significant revenue from these investments in the near future, if at all, or these investments may not yield the expected benefits, either of which could adversely affect our business and operating results.
The success of any enhancement depends on several factors, including the timely completion and market acceptance of the enhancement. Any new product or service that we develop might not be introduced in a timely or cost-effective manner and might not achieve the broad market acceptance necessary to generate significant revenue. If new technologies emerge that deliver competitive products and services at lower prices, more efficiently, more conveniently or more securely, these technologies could adversely impact our ability to compete effectively. Any delay or failure in the introduction of enhancements could materially harm our business, results of operations and financial condition.
We rely on third-party hosting and cloud computing providers, like Amazon Web Services (AWS) and Microsoft Azure, to operate certain aspects of our business. A significant portion of our product traffic is hosted by a limited number of vendors, and any failure, disruption or significant interruption in our network or hosting and cloud services could adversely impact our operations and harm our business.
Our technology infrastructure is critical to the performance of our products and to user satisfaction, as well as our corporate functions. Our products and company systems run on a complex distributed system, or what is commonly known as cloud computing. We own, operate and maintain elements of this system, but significant elements of this system are operated by third-parties that we do not control and which would require significant time and expense to replace. We expect this dependence on third-parties to continue. We have suffered interruptions in service in the past, including when releasing new software versions or bug fixes, and if any such interruption were significant and/or prolonged it could adversely affect our business, financial condition, results of operations or reputation.
In particular, a significant portion, if not almost all, of our product traffic, data storage, data processing and other computing services and systems is hosted by AWS and Microsoft Azure. AWS and Azure provide us with computing and storage capacity pursuant to agreements that continue until terminated by either party. The agreements require AWS and
Azure to provide us their standard computing and storage capacity and related support in exchange for timely payment by us. We have experienced, and may in the future experience, disruptions, outages and other performance problems due to a variety of factors, including infrastructure changes, human or software errors and capacity constraints. If a particular application is unavailable when users attempt to access it or navigation through a product is slower than they expect, users may stop using the application and may be less likely to return to the application as often, if at all.
Any failure, disruption or interference with our use of hosted cloud computing services and systems provided by third-parties, like AWS or Azure, could adversely impact our business, financial condition or results of operations. In addition, since many of the technical specialists responsible for managing disruptions to our technology infrastructure are working from home, the time required to remedy any interruption may increase. To the extent we do not effectively respond to any such interruptions, upgrade our systems as needed and continually develop our technology and network architecture to accommodate traffic, our business, financial condition or results of operations could be adversely affected. Furthermore, our disaster recovery systems and those of third-parties with which we do business may not function as intended or may fail to adequately protect our critical business information in the event of a significant business , which may cause in service of our products, security or the of data or functionality, to a effect on our business, financial condition or results of operations.
In addition, we depend on the ability of our users to access the internet. Currently, this access is provided by companies that have significant market power in the broadband and internet access marketplace, including incumbent telephone companies, cable companies, mobile communications companies, government-owned service providers, device manufacturers and operating system providers, any of whom could take actions that degrade, disrupt or increase the cost of user access to our products or services, which would, in turn, negatively impact our business. The adoption or repeal of any laws or regulations that adversely affect the growth, popularity or use of the internet, including laws or practices limiting internet neutrality, could decrease the demand for, or the usage of, our products and services, increase our cost of doing business and adversely affect our results of operations.
If we are not able to maintain and enhance our brand, our business and results of operations may be adversely affected.
We believe that maintaining and enhancing our reputation as a provider of high-quality cybersecurity solutions is critical to our relationship with our existing customers and channel partners and our ability to attract new customers and channel partners. Furthermore, we believe that the importance of brand recognition will increase as competition in our market increases. The successful promotion of our brand will depend on several factors, including our marketing efforts, our ability to continue to develop high-quality features and enhancements for our technology solutions and our ability to successfully differentiate our solutions from competitive products and services. Our brand promotion activities may not be successful or yield increased revenue. In addition, independent industry or financial analysts often provide reviews of our products and services, as well as products and services of our competitors, and perception of our Zero Trust solutions in the marketplace may be significantly influenced by these reviews. If these reviews are negative, or less positive as compared to those of our competitors’ products and services, our brand may be affected. In addition, we have been named as a “Leader” in the Forrester New Wave™ for Zero Trust Network Access (Q3 2021) report. Our to maintain our “Leader” status in the future may also affect our brand. Additionally, the performance of our channel partners may affect our brand and reputation if customers do not have a experience with our channel partners’ services. The promotion of our brand requires us to make substantial expenditures, and we anticipate that the expenditures will increase as our market becomes more competitive, we expand into new markets and more sales are generated through our channel partners. To the extent that these activities yield increased revenue, this revenue may not offset the expenses we incur. If we do not maintain and our brand, our business may not grow, we may have reduced pricing power relative to competitors and we could customers or to attract potential customers, all of which would materially and affect our business, results of operations and financial condition.
Our business and growth partially depend on the success of our relationships with our existing channel partners and adding new channel partners over time.
We currently derive a portion of our revenue from sales through our channel partner network, and we expect future revenue growth will also be driven through this network. Not only does our joint sales approach require additional investment to grow and train our sales force, but we believe that continued growth in our business is dependent upon identifying, developing and maintaining strategic relationships with our existing and potential channel partners, including global systems integrators and managed service providers that will in turn drive substantial revenue and provide additional value-added services to our customers. Our agreements with our channel partners are generally non-exclusive, meaning our channel partners may offer customers the products of several different companies, including products that compete with
our technology solutions. In general, our channel partners may also cease marketing or reselling our products and services with limited or no notice and without penalty. If our channel partners do not effectively market and sell subscriptions to our products and services, choose to promote our competitors’ products or fail to meet the needs of our customers, our ability to grow our business and sell subscriptions to our products and services may be adversely affected. In addition, our channel partner structure could subject us to lawsuits or reputational harm if, for example, a channel partner misrepresents the functionality of our products and services to customers or violates applicable laws or our corporate policies. Further, in circumstances where we do not enter into a direct agreement with end customers, we cannot be sure that on every occasion each channel partner has required end customers to agree to our standard terms which are protective of our solutions and technology, nor that the channel partners will enforce each failure by an end customer to comply with such terms. Our ability to revenue growth in the future will depend in large part on our in maintaining relationships with our channel partners, identifying additional channel partners and training our channel partners to independently sell and deploy our products and services. If we are to maintain our relationships with our existing channel partners or develop relationships with new channel partners or if our channel partners to perform, our business, financial position and results of operations could be materially and affected.
Our business depends, in part, on sales to government organizations, and significant changes in the contracting or fiscal policies of such government organizations could have an adverse effect on our business and operating results.
Our future growth depends, in part, on increasing sales to government organizations. Demand from government organizations is often unpredictable, subject to budgetary uncertainty and typically involves long sales cycles. We have made significant investments to address the government sector, but we cannot assure you that these investments will be successful, or that we will be able to maintain or grow our revenue from the government sector. Although we anticipate that they may increase in the future, sales to governmental organizations have not accounted for, and may never account for, a significant portion of our revenue. Sales to governmental organizations are subject to a number of challenges and risks that may adversely impact our business. Sales to such government entities include the following risks:
• selling to governmental agencies can be highly competitive, expensive and time consuming, often requiring significant upfront time and expense without any assurance that such efforts will generate a sale;
• government certification requirements applicable to our solutions may change and, in doing so, restrict our ability to sell into the governmental sector until we have attained the revised certification;
• government demand and payment for our solutions may be impacted by public sector budgetary cycles and funding authorizations, with funding reductions or delays adversely affecting public sector demand for our solutions;
• governments routinely investigate and audit government contractors’ administrative processes and compliance with contractual obligations, and any unfavorable audit or investigation, or adverse finding following a claim from a whistleblower, could result in the government refusing to continue buying our solutions, which would adversely impact our revenue and operating results, and/or fines or civil or criminal liability if the audit or investigation were to uncover improper or illegal activities; and
• governments may require certain products to be manufactured, produced, hosted or accessed solely in their country or in other relatively high-cost locations, and we may not produce or host all products in locations that meet these requirements, affecting our ability to sell these products to governmental agencies.
The occurrence of any of the foregoing could cause governmental organizations to delay or refrain from purchasing our solutions in the future or otherwise have an adverse effect on our business, operating results and financial condition.
Our international operations expose us to risks, and failure to manage those risks could materially and adversely impact our business.
Historically, we have derived a significant portion of our revenue from outside the United States. For the years ended December 31, 2022 and 2021, we derived approximately 49% and 52%, respectively, of our revenue from our international customers. As of December 31, 2022, approximately 71% of our full-time employees were located outside of the United States. We are continuing to adapt to and develop strategies to address international markets and our growth strategy includes expansion into target geographies, such as the Middle East, Africa, Japan and the Asia-Pacific regions, but there is no guarantee that such efforts will be successful. We expect that our international activities will continue to grow in the future, as we continue to pursue opportunities in international markets. These international operations will require significant management attention and financial resources and are subject to substantial risks, including:
• political, economic and social uncertainty;
• unexpected costs for the localization of our services, including translation into foreign languages and adaptation for local practices and regulatory requirements;
• greater difficulty in enforcing contracts and accounts receivable collection, and longer collection periods;
• reduced or uncertain protection for intellectual property rights in some countries;
• greater risk of unexpected changes in regulatory practices, tariffs and tax laws and treaties;
• greater risk of a failure of foreign employees, partners, distributors and resellers to comply with both U.S. and foreign laws, including antitrust regulations, anti-bribery laws, export and import control laws, and any applicable trade regulations ensuring fair trade practices;
• requirements to comply with foreign privacy, data protection and information security laws and regulations and the risks and costs of noncompliance;
• increased expenses incurred in establishing and maintaining office space and equipment for our international operations;
• greater difficulty in identifying, attracting and retaining local qualified personnel, and the costs and expenses associated with such activities;
• differing employment practices and labor relations issues;
• difficulties in managing and staffing international offices and increased travel, infrastructure and legal compliance costs associated with multiple international locations; and
• fluctuations in exchange rates between the U.S. dollar and foreign currencies in markets where we do business, including but not limited to, the British Pound and Euro, and related impact on sales cycles.
As we continue to develop and grow our business globally, our success will depend, in part, on our ability to anticipate and effectively manage these risks. The expansion of our existing international operations and entry into additional international markets will require management attention and financial resources. Our failure to successfully manage our international operations and the associated risks could limit the future growth of our business.
We have grown rapidly in recent periods. If we fail to effectively manage our growth, our business, financial condition and results of operations would be harmed.
Our growth may place a significant strain on our management and our administrative, operational and financial infrastructure. Our organizational structure is becoming more complex as we improve our administrative, operational and financial infrastructure as well as our reporting systems and procedures. Our success will depend in part on our ability to manage this growth effectively, which will require that we continue to improve our administrative, operational, financial and management systems and controls by, among other things:
• effectively attracting, training and integrating, including collaborating with, employees;
• further improving our key business applications, processes and security and IT infrastructure to support our business needs;
• enhancing our information and communication systems to ensure that our employees and offices around the world are well coordinated and can effectively communicate with each other and our growing base of channel partners, customers and users; and
• appropriately documenting and testing our security and IT systems and business processes.
These and other improvements in our systems and controls may require significant capital expenditures and the allocation of management and employee resources. If we fail to implement these improvements effectively, our ability to manage our expected growth, ensure uninterrupted operation of our software and key business systems and comply with the rules and regulations applicable to public companies could be impaired, the quality of our products and services could suffer and we may not be able to adequately address competitive challenges. Failure to manage any future growth effectively could result in increased costs, disrupt our existing customer relationships, reduce demand for or limit us to smaller deployments of our products and services, or harm our business performance and operating results.
In addition, as we expand our business, it is important that we continue to maintain a high level of customer service and satisfaction. As our customer base continues to grow, we will need to expand our account management, customer service and other personnel to provide personalized account management and customer service. If we are not able to continue to provide high levels of customer service, our reputation, as well as our business, results of operations and financial condition, could be harmed.
In addition, we believe that our corporate culture has been a contributor to our success, which we believe fosters innovation, teamwork and an emphasis on customer-focused results. We also believe that our culture creates an
environment that drives and perpetuates our strategy and cost-effective distribution approach. As we grow and develop the infrastructure of a public company, we may find it difficult to maintain our corporate culture. Any failure to preserve our culture could harm our future success, including our ability to retain and recruit personnel, innovate and operate effectively and execute on our business strategy. If we experience any of these effects in connection with future growth, it could materially impair our ability to attract new customers, retain existing customers and expand their use of our Zero Trust solutions, all of which would materially and adversely affect our business, financial condition and results of operations.
Our sales cycles can be long and unpredictable, and our sales efforts can require considerable time and expense.
The timing of our sales and related revenue recognition is difficult to predict because of the length and unpredictability of the sales cycle for our products and services, particularly with respect to large organizations. Our sales efforts typically involve educating our prospective customers about the uses, benefits and the value proposition of our products and services, and often include a detailed Proof of Concept (POC) deployment in the prospect’s environment. Customers often view the subscription to our products as a significant decision as part of a strategic transformation initiative and, as a result, frequently require considerable time to evaluate, test and qualify our Zero Trust solutions prior to entering into or expanding a relationship with us. Large enterprises and government entities in particular often undertake a significant evaluation process that further lengthens the sales cycle.
Our sales force develops relationships directly with our customers, and together with our channel account teams, works with our channel partners on account penetration, account coordination, sales and overall market development. We spend substantial time and resources on our sales efforts, especially with larger customers, without any assurance that our efforts will produce a sale. Product purchases are frequently subject to budget constraints, multiple approvals and unanticipated administrative, processing and other delays. As a result, it is difficult to predict whether and when a sale will be completed and when revenue from a sale will be recognized.
The failure of our efforts to secure sales after investing resources in a lengthy sales process could materially and adversely affect our business and operating results.
The sales prices of our solutions may decrease, or the mix of our sales may change, which may increase our losses and adversely impact our financial results.
We have limited experience with respect to determining the optimal prices for our solutions. As the market for our solutions matures, or as new competitors introduce new products or services that are similar to or compete with ours, we may be unable to attract new customers at the same price or based on the same pricing model as we have used historically. Further, competition continues to increase in the market segments in which we participate, and we expect competition to further increase in the future, thereby leading to increased pricing pressures. Larger competitors with more diverse product and service offerings may reduce the price of products or services that compete with ours or may bundle them with other products and services. This could lead customers to demand greater price concessions or additional functionality at the same price levels. As a result, in the future we may be required to reduce our prices or provide more features without corresponding increases in price, which would adversely affect our business, operating results, and financial condition.
We provide service level commitments under some of our customer contracts. If we fail to meet these contractual commitments, we could be obligated to provide credits for future service and our business could suffer.
Certain of our customer agreements contain service level commitments, which contain specifications regarding the availability and performance of our products and services. Any failure of or disruption to our infrastructure could impact the performance of our products and the availability of services to customers. If we are unable to meet our stated service level commitments or if we suffer extended periods of poor performance or unavailability of our products, we may be contractually obligated to provide affected customers with service credits for future subscriptions, and, in certain cases, refunds. To date, there has not been a material failure to meet our service level commitments, and we do not currently have any material liabilities accrued on our balance sheet for such commitments. Our revenue, other results of operations and financial condition could be harmed if we suffer performance issues or downtime that exceeds the service level commitments under our agreements with our customers.
Our business is subject to the risks of warranty claims, product returns and product defects from real or perceived defects in our solutions or their misuse by our customers or third parties and indemnity provisions in various agreements potentially expose us to substantial liability for intellectual property infringement and other losses.
We may be subject to liability claims for damages related to errors or defects in our solutions. A material liability claim or other occurrence that harms our reputation or decreases market acceptance of our solutions will harm our business and operating results. Although we generally have limitation of liability provisions in our terms and conditions of sale, they may not fully or effectively protect us from claims as a result of federal, state or local laws or ordinances, or unfavorable judicial decisions in the United States or other countries. The sale and support of our solutions also entails the risk of product liability claims.
Additionally, we typically provide indemnification to customers for certain losses suffered or expenses incurred as a result of third-party claims arising from our infringement of a third party’s intellectual property. We also provide unlimited liability for certain breaches of confidentiality, as defined in our terms of service. We also provide limited liability in the event of certain breaches of our terms of service. Certain of these contractual provisions survive termination or expiration of the applicable agreement.
If our customers or other third parties we do business with make intellectual property rights or other indemnification claims against us, we will incur significant legal expenses and may have to pay damages, license fees and/or stop using technology found to be in violation of the third party’s rights. We may also have to seek a license for the technology. Such license may not be available on reasonable terms, if at all, and may significantly increase our operating expenses or may require us to restrict our business activities and limit our ability to deliver certain solutions or features. We may also be required to develop alternative non-infringing technology, which could require significant effort and expense and/or cause us to alter our solutions, which could harm our business. Large indemnity obligations, whether for intellectual property or in certain limited circumstances, other claims, would harm our business, operating results and financial condition.
Additionally, our solutions may be used by our customers and other third parties who obtain access to our solutions for purposes other than for which our solutions were intended.
Under certain circumstances our employees may have access to our customers’ solutions. An employee may take advantage of such access to conduct malicious activities. Any such misuse of our solutions could result in negative press coverage and negatively affect our reputation, which could result in harm to our business, reputation and operating results.
We maintain insurance to protect against certain claims associated with the use of our solutions, but our insurance coverage may not adequately cover any claim asserted against us. In addition, even claims that ultimately are unsuccessful could result in our expenditure of funds in litigation, divert management’s time and other resources, and harm our business and reputation.
If organizations do not adopt a Zero Trust model for cybersecurity, our ability to grow our business and operating results may be adversely affected.
Cybersecurity technologies are still evolving, and it is difficult to precisely predict customer demand and adoption rates for our services generally. We believe that our Zero Trust model for cybersecurity offers superior protection to our customers, who are becoming increasingly aware of the importance of implementing cybersecurity measures beyond a perimeter-centric model to secure access to their network. Following the 2020 SolarWinds attack, guidance was released by the National Institute of Standards and Technology, the National Security Agency, and the Cybersecurity and Infrastructure Security Agency recommending a Zero Trust framework. Subsequently, in May 2021, President Joe Biden issued an Executive Order explicitly calling for the adoption of a Zero Trust Architecture by the federal government to improve the nation’s response to “persistent and increasingly sophisticated malicious cyber campaigns that threaten the public sector, the private sector, and ultimately the American people’s security and privacy.” The federal government continues to lead the industry in setting standards with the September 2021 release of a Zero Trust maturity model and Zero Trust strategy documents. We also believe that our products and services represent a major shift from perimeter-centric cybersecurity models.
However, traditional perimeter-centric cybersecurity models are entrenched in the infrastructure of many of our potential customers, particularly large enterprises, because of their prior investment in and the familiarity of their IT personnel with such cybersecurity solutions. As a result, our sales process often involves extensive efforts to educate our customers on the benefits and capabilities of Zero Trust solutions, particularly as we continue to pursue customer relationships with large
organizations. Even with these efforts, we cannot predict market acceptance of our products and services, or the development of competing products or services based on other technologies. If we fail to achieve market acceptance of our products and services or are unable to keep pace with industry changes, our ability to grow our business and our operating results will be materially and adversely affected.
If we are unable to attract new customers or if our existing customers do not renew their subscriptions for our services or add additional users and services to their subscriptions the future results of our operations could be harmed.
Our growth is substantially dependent on adding new customers and expanding our relationships with existing customers. Potential clients that use legacy products and services may believe that these products and services are sufficient to meet their security needs or that our offerings only serve the needs of a portion of the enterprise security market. Accordingly, these organizations may continue allocating their information technology budgets for legacy products and services and may not adopt our security offerings. Further, many organizations have invested substantial personnel and financial resources to design and operate their networks and have established deep relationships with other providers of networking and security products. As a result, these organizations may prefer to purchase from their existing suppliers rather than add or switch to a new supplier such as us regardless of product performance, features, or greater services offerings. They may also be more willing to incrementally add solutions to their existing security infrastructure from existing suppliers rather than to replace some or all of their existing security infrastructure with our solutions. In addition, numerous other factors, many of which are out of our control, may now or in the future impact our ability to add new customers, including our failure to expand, retain and motivate our sales and marketing personnel, our failure to develop or expand relationships with our channel partners or to attract new channel partners, by us to help our customers to deploy our software and expertise, media or industry or financial analyst commentary regarding us or our solutions, and general economic conditions. Our in attracting new customers also depends on our ability to develop , high-quality, and appealing new products, including alternatives to products introduced by our competitors, and to effectively communicate and market the benefits of such new products. Our ability to attract new customers also depends on the effectiveness of our sales and marketing efforts. We plan to dedicate significant resources to sales and marketing programs and to expand our sales and marketing capabilities to target additional potential customers, but there is no guarantee that we will be in attracting and maintaining additional customers. Furthermore, our ability to growth will partially depend on our in hiring, integrating, training and retaining a sufficient number of sales personnel to support our growth. If we are to find ways to deploy our sales and marketing programs, are to hire and train a sufficient number of sales personnel, or our efforts to attract new customers are not , our revenue and rate of revenue growth may , we may not and the future results of our operations could be materially .
Our growth is also partially dependent on our customers renewing their subscriptions for our products when existing contract terms expire and expanding our commercial relationships with our existing customers. Our customers have no obligation to renew their subscriptions for our services after the expiration of their contractual subscription period, which is typically one to three years, and in the normal course of business, some customers have elected not to renew. In addition, in certain cases, customers may cancel their subscriptions without cause either at any time or upon advance written notice (typically ranging from 30 days to 60 days), typically subject to an early termination penalty for unused services. In addition, our customers may renew for fewer users, renew for shorter contract lengths or switch to a lower-cost suite. If our customers do not renew their subscription services, if our revenues decline or if we fail to grow our business, we could incur impairment losses on our assets. Our customer retention and expansion may decline or fluctuate as a result of a number of factors, including our customers’ with our services, our customers’ ability to adopt our solutions correctly, our prices and pricing plans, our customers’ spending levels, decreases in the number of users to which our customers deploy our solutions, mergers and acquisitions involving our customers, competition and general economic conditions.
Our future success also depends in part on the rate at which our current customers add additional users to their subscriptions or expand to utilize additional products, which is driven by a number of factors, including customer satisfaction with our services, customer security and networking issues and requirements, including demand for our products and services, general economic conditions and customer reaction to the price per additional user or of additional services. If our efforts to expand our relationship with our existing customers are not successful, our business may materially suffer.
Our business is subject to the risks of hurricanes, earthquakes, fire, floods and other natural catastrophic events, and to interruption by man-made problems such as power disruptions, computer viruses, data security breaches or terrorism affecting our operations or the operations of our third-party cloud service providers.
Our success depends, in part, on our ability to maintain the integrity of our systems and infrastructure, including website, information and related systems. We also currently host some of our products and serve our customers from third-party cloud service providers. While we have electronic access to the components and infrastructure of our software that are hosted by these third parties, we do not control the operation of these environments. Consequently, we may be subject to service disruptions as well as failures to provide adequate support for reasons that are outside of our direct control. Our corporate headquarters are located in Coral Gables, FL, a region known for hurricane activity. A significant natural disaster, such as a hurricane, fire, flood or public health emergency, such as COVID-19, or a significant man-made problem, such as acts of terrorism and other geopolitical unrest, occurring at our headquarters, at one of our other facilities or where a key channel partner, data center or third-party cloud service provider, component supplier or other third-party provider is located, could adversely affect our business, results of operations and financial condition. Although we maintain management and response plans, recovery planning by its nature cannot be sufficient for all eventualities. Though it is to determine what, if any, may directly result from any specific or attack, any to maintain performance, reliability, security and availability of our products and services to the of our users may materially our reputation and our ability to retain existing customers and attract new customers.
If the delivery of our services to our customers is interrupted or delayed for any reason, our business could suffer.
Any interruption or delay in the delivery of our services may negatively impact our customers. Certain of our products are deployed via the internet, and our customers’ access to network resources is dependent on the continuous availability of the internet and our services to utilize such products. If an interruption in our services were to occur, our customers’ users could lose access to network resources (including private on-premises resources, public cloud IaaS-deployed resources, or public cloud SaaS resources, depending on customer configuration) until such disruption is resolved or customers deploy disaster recovery options that allow them to remediate the problem. The adverse effects of any service interruptions on our reputation and financial condition may be disproportionately heightened due to the nature of our business and the fact that our customers expect continuous and uninterrupted access to resources and may have a low tolerance for of any duration. While we do not consider them to have been material, we have experienced, and may in the future experience, service and other performance due to a variety of factors.
The following factors, many of which are beyond our control, can affect the delivery and availability of our services and the performance of our products:
• the development and maintenance of the infrastructure of the internet;
• the performance and availability of cloud service providers or third-party telecommunications services with the necessary speed, data capacity and security for providing reliable internet access and services;
• decisions by the owners and operators of the cloud infrastructures or data centers where our infrastructure is deployed to terminate our contracts, discontinue services to us, shut down operations or facilities, increase prices, change service levels, limit bandwidth, declare bankruptcy or prioritize the traffic of other parties;
• the occurrence of earthquakes, floods, fires, pandemics, power loss, system failures, physical or electronic break-ins, acts of war or terrorism, human error or interference (including by disgruntled employees, former employees or contractors) and other catastrophic events;
• cyberattacks, including ransomware, denial of service attacks, targeted at us, our cloud service providers, data centers or the infrastructure of the internet;
• failure by us to maintain and update our infrastructure to meet customer requirements;
• errors, defects or performance problems in our software, including third-party software incorporated in our software, which we use to operate our products;
• improper classification of websites or known-bad phishing domains by our vendors who provide us with lists of malicious sites;
• improper deployment or configuration of our services;
• the failure of our redundancy systems, in the event of a service disruption at one of our cloud service providers, to provide failover to other regions in our cloud service provider environment network; and
• the failure of our disaster recovery and business continuity arrangements.
The occurrence of any of these factors, or if we are unable to efficiently and cost-effectively fix such errors or other problems that may be identified, could damage our reputation, negatively impact our relationship with our customers or otherwise materially harm our business, results of operations and financial condition.
A network or data security incident against us, whether actual, alleged, or perceived, could harm our reputation, create liability, and regulatory exposure, and adversely impact our business, operating results, and financial condition.
Increasingly, companies are subject to a wide variety of attacks on their networks on an ongoing basis, including traditional computer hackers, malicious code (such as viruses and worms), distributed denial-of-service attacks, sophisticated attacks conducted or sponsored by nation-states, advanced persistent threat intrusions, ransomware, software supply chain attacks, and theft or misuse of intellectual property or business or personal data, including by disgruntled employees, former employees or contractors. Cybersecurity companies face particularly intense attack efforts, and we have faced and will continue to face cyber threats and attacks from a variety of sources. Although we have implemented security measures to prevent such attacks, our networks and systems may be breached due to the actions of outside parties, employee error, malfeasance, a combination of these, or otherwise, and as a result, an unauthorized party may obtain access to our systems, networks, or data. We may face difficulties or in identifying or otherwise responding to any attacks or actual or potential security or . A in our data security or an attack our platform could impact our networks or the networks of our customers that are secured by our platform, creating system or and providing access to parties to information stored on our networks or the networks of our customers, resulting in data being publicly , altered, , or , which could subject us to liability and impact our financial condition.
In addition, any actual, alleged or perceived security breach in our systems or networks, or any other actual, alleged or perceived data security incident we suffer, could result in damage to our reputation, negative publicity, loss of customers and sales, loss of competitive advantages over our competitors, increased costs to remedy any problems and otherwise respond to any incident, regulatory investigations and enforcement actions, costly litigation, and other liability. We would also be exposed to a risk of loss or and potential liability under laws, regulations and contracts that protect the privacy and security of personal information.
In addition, we may incur significant financial and operational costs to investigate, remediate, eliminate and put in place additional tools and devices designed to prevent actual or perceived security breaches and other security incidents, as well as costs to comply with any notification obligations resulting from any security incidents. Any of these negative outcomes could adversely impact the market perception of our platform and customer and investor confidence in our company, and would adversely impact our business, operating results, and financial condition.
The actual or perceived failure of our technology solutions to prevent a security breach or address targeted security threats could harm our reputation and adversely impact our business, financial condition and results of operations.
Our Zero Trust solutions may fail to prevent security breaches for any number of reasons. Our products are complex and may be misconfigured by customers or contain performance or functional issues that are not detected until after deployment. We also provide frequent solution updates and enhancements, which increase the possibility of errors, and our reporting, tracking, monitoring and quality assurance procedures may not be sufficient to ensure we detect any such defects in a timely manner. The performance of our products can be negatively impacted by our failure to enhance, expand or update our products, errors or defects in our software, improper deployment or configuration of our services and many other factors.
In addition, because the techniques used by computer hackers to access or sabotage networks change frequently and generally are not recognized until launched against a target, there is a risk that a cyber threat could emerge that our services are unable to detect or prevent until after some of our customers are impacted. Moreover, as our services are adopted by an increasing number of enterprises, it is possible that the individuals and organizations behind cyber threats will focus on finding ways to defeat our services. If this happens, our products could be targeted by attacks specifically designed to disrupt our Zero Trust model and create the perception that our technology is not capable of providing superior cybersecurity, which, in turn, could have a serious impact on our reputation as a provider of cybersecurity solutions. Further, if a high-profile security breach occurs with respect to another similar cybersecurity services provider, our customers and potential customers may trust in cybersecurity solutions generally, and with respect to Zero Trust security in particular, which could materially and impact our ability to retain existing customers or attract new customers.
No security solution, including our Zero Trust solutions, can address all possible security threats or block all methods of penetrating a network or otherwise perpetrating a security incident. Our customers must rely on complex network and security infrastructures, which include products and services from multiple vendors, to secure their networks. If any of our customers becomes infected with malware or experiences a security breach, they could be disappointed with our services or products, regardless of whether our services or products are intended to block the attack or would have blocked the attack if the customer had properly configured our product or engaged our services in time. Additionally, if any enterprises that are publicly known to use our services or products are the subject of a cyberattack that becomes publicized, our current or potential customers may look to our competitors for alternatives to our services.
From time to time, industry or financial analysts and research firms evaluate our solutions against other security products. Our services may fail to prevent threats in any particular test for a number of reasons, including misconfiguration. To the extent potential customers, industry or financial analysts or testing firms believe that the occurrence of a failure to prevent any particular threat is a flaw or indicates that our services do not provide significant value, our reputation and business could be materially harmed.
Any real or perceived flaws in our products or services, any real or perceived security breaches or other security incidents of our customers or loss of compliance attestations required by customer contracts, could result in:
• a loss of existing or potential customers or channel partners;
• delayed or lost sales and harm to our financial condition and results of operations;
• a delay in attaining, or the failure to attain, market acceptance;
• the expenditure of significant financial resources in efforts to analyze, correct, eliminate, remediate or work around errors or defects, to address and eliminate vulnerabilities and to address any applicable legal or contractual obligations relating to any actual or perceived security breach;
• negative publicity and damage to our reputation and brand; and
• legal claims and demands (including for stolen assets or information, repair of system damages, and compensation to customers and business partners), litigation, regulatory inquiries or investigations and other liability.
Any of the above results could materially and adversely affect our business, financial condition and results of operations.
Additionally, with product effectiveness a critical competitive factor in our industry, we make public statements, including on our website, in marketing materials and elsewhere, describing the effectiveness of our products and the performance of our solutions. As a result, we may face claims, including claims of unfair or deceptive trade practices, brought by the U.S. Federal Trade Commission, state, local, or foreign regulators, and private litigants.
Risks Related to Our People
We rely on our key technical, sales and management personnel to grow our business, and the loss of one or more key employees or the inability to attract and retain qualified personnel could harm our business.
Our future success is substantially dependent on our ability to attract, retain and motivate the members of our management team and other key employees throughout our organization. We rely on our leadership team in the areas of operations, security, marketing, sales, support, research and development and general and administrative functions. Although we have entered into employment agreements and other arrangements with certain of our key personnel, our employees, including our executive officers, may terminate their employment with us at any time. We do not maintain key person life insurance policies on any of our employees. The loss of one or more of our executive officers or key employees could seriously harm our business.
To execute our growth plan, we must attract and retain highly qualified personnel. Competition for these personnel is intense, especially for experienced sales professionals and for engineers experienced in designing and developing cybersecurity applications and security software. We have from time to time experienced, and we expect to continue to experience, difficulty in hiring and retaining employees with appropriate qualifications. For example, in recent years, recruiting, hiring and retaining employees with expertise in the cybersecurity industry has become increasingly difficult as the demand for cybersecurity professionals has increased as a result of the recent cybersecurity attacks on global corporations and governments. Many of the companies with which we compete for experienced personnel have greater resources than we have, which provides those companies an advantage in, among other things, recruiting and retaining foreign employees on Visas for work in the U.S. In addition, job candidates and existing employees often consider the value of the equity awards they receive in connection with their employment. Volatility or lack of performance in our stock
price may also affect our ability to attract and retain our key employees. Any failure to successfully attract, integrate or retain qualified personnel to fulfill our current or future needs could materially and adversely affect our business, operating results and financial condition.
Our ability to maintain customer satisfaction depends in part on the quality of our customer support, including the quality of the support provided on our behalf by certain channel partners. Failure to maintain high-quality customer support could have an adverse effect on our business, financial condition and results of operations.
If we do not provide adequate support to our customers, our ability to renew subscriptions, increase the number of users and sell additional services to customers will be adversely affected. We believe that successfully delivering our Zero Trust solutions often require a high level of customer support and engagement. We or our channel partners must successfully assist our customers in deploying our Zero Trust solutions, resolving performance issues, and addressing interoperability challenges with a customer’s existing network and security infrastructure. Many enterprises, particularly large organizations, have very complex networks and require high levels of focused support, including premium support offerings, to fully realize the benefits of our products and services. We believe our service is of high quality and a key competitive advantage. Any failure by us to maintain the expected level of support could reduce customer satisfaction and hurt our customer retention, particularly with respect to our large enterprise customers. Additionally, if our channel partners do not provide support to the satisfaction of our customers, we may be required to provide this level of support to those customers, which would require us to hire additional personnel and to invest in additional resources. We may not be to hire such resources fast enough to keep up with demand, particularly if the sales of our products and services exceed our internal forecasts. To the extent that we or our channel partners are in hiring, training and retaining adequate support resources, our ability and the ability of our channel partners to provide adequate and timely support to our customers will be impacted, and our customers’ with our products or services could be affected. Furthermore, as we sell our solutions internationally, our support organization faces additional , including those associated with delivering support, training and documentation in languages other than English. Any to maintain high-quality customer support, or a market perception that we do not maintain high-quality support, could materially our reputation, affect our ability to sell our solutions to existing and prospective customers and could our business, financial condition and results of operations.
Risks Related to Our Intellectual Property
It may be difficult to enforce our intellectual property rights, which could enable others to copy or use aspects of our solutions without compensating us.
We believe our intellectual property is a key competitive advantage. We rely on a combination of patent, copyright, trademark and trade secret laws, as well as confidentiality procedures and contractual provisions, to establish and protect our intellectual property rights, all of which provide only limited protection. The efforts we have taken to protect our intellectual property rights may not be sufficient or effective, and our patents, trademarks and copyrights may be held invalid or unenforceable. Moreover, we cannot assure you that any patents will be issued with respect to our currently pending patent applications in a manner that gives us adequate defensive protection or competitive advantages, or that any patents issued to us will not be challenged, invalidated or circumvented. We have filed for patents in the United States and in certain non-U.S. jurisdictions, but such protections may not be available in all countries in which we operate or in which we seek to enforce our intellectual property rights or may be difficult to enforce in practice. For example, many foreign countries have compulsory licensing laws under which a patent owner must grant licenses to third parties. In addition, many countries limit the enforceability of patents certain third parties, including government agencies or government contractors. In these countries, patents may provide limited or no . Moreover, we may need to expend additional resources to our intellectual property rights in these countries, and our to do so could our business or affect our international expansion. Our currently issued patents and any patents that may be issued in the future with respect to pending or future patent applications may not provide sufficiently broad protection, or they may not prove to be enforceable in actions infringers. Additionally, the U.S. Patent and Trademark Office and various foreign governmental patent agencies require compliance with a number of procedural, documentary, fee payment and other similar provisions during the patent application process and to maintain issued patents. There are situations in which can result in or of the patent or patent application, resulting in partial or complete of patent rights in the relevant jurisdiction. If this occurs, it could materially our business, operating results, financial condition and prospects. Likewise, we have applied for trademark registrations in the U.S. and certain non-U.S. jurisdictions, but have not applied to register our trademarks in every country in which we currently conduct business or may expand in the future. Third parties may register our marks in those countries and prevent us from doing so.
We may not be effective in policing unauthorized use of our intellectual property rights, as we do not take active measures to monitor for infringement of our patents or trademarks, and even if we do detect violations, litigation may be necessary to enforce our intellectual property rights. In addition, our intellectual property may be stolen, including by cybercrimes, and we may not be able to identify the perpetrators or prevent the exploitation of our intellectual property by our competitors or others. Protecting against the unauthorized use of our intellectual property rights, technology and other proprietary rights is expensive and difficult, particularly outside of the United States. Any enforcement efforts we undertake, including litigation, could be time-consuming and expensive and could management’s attention, either of which could our business, operating results and financial condition. Further, attempts to enforce our rights third parties could also these third parties to assert their own intellectual property or other rights us, or result in a holding that or narrows the scope of our rights, in whole or in part. The to protect and enforce our intellectual property and other proprietary rights could our business, operating results, financial condition and prospects. Even if we are to secure our intellectual property rights, we cannot you that such rights will provide us with competitive or distinguish our services from those of our competitors or that our competitors will not independently develop similar technology, duplicate any of our technology, or design around our patents.
We incorporate technology from third parties into our products, and our inability to obtain or maintain rights to the technology could harm our business.
We license software and other technology from third parties that we incorporate into or integrate with, our products. We cannot be certain that our licensors are not infringing the intellectual property rights of third parties or that our licensors have sufficient rights to the licensed intellectual property in all jurisdictions in which we may sell our services. In addition, many licenses are non-exclusive, and therefore our competitors may have access to the same technology licensed to us. Some of our agreements with our licensors may be terminated for convenience by them, or otherwise provide for a limited term. If we are unable to continue to license any of this technology for any reason, our ability to develop and sell our services containing such technology could be harmed. Similarly, if we are unable to license necessary technology from third parties now or in the future, we may be forced to acquire or develop alternative technology, which we may be unable to do in a commercially feasible manner or at all, and we may be required to use alternative technology of lower quality or performance standards. This could limit and our ability to offer new or competitive products and services. As a result, our business and results of operations could be significantly .
Some of our technology incorporates “open source” software, and we license some of our software through open source projects, which could negatively affect our ability to sell our products and subject us to possible litigation.
Some of our solutions incorporate software licensed by third parties under open source licenses, including open source software embedded in software we receive from third-party commercial software vendors. Use of open source software may entail greater risks than use of third-party commercial software, as open source licensors generally do not provide support, updates or warranties or other contractual protections regarding infringement claims or the quality of the code. In addition, the wide availability of open source software used in our solutions could expose us to security vulnerabilities. Furthermore, the terms of many open source licenses have not been interpreted by U.S. courts, and there is a risk that such licenses could be construed in a manner that imposes unanticipated conditions or restrictions on our ability to market or commercialize our solutions. As a result, we could be subject to lawsuits by parties claiming ownership of what we believe to be open source software. Litigation could be costly for us to defend, have a effect on our results of operations and financial condition or require us to devote additional research and development resources to change our solutions. In addition, by the terms of some open source licenses, under certain conditions we could be required to release the source code of our proprietary software, and to make our proprietary software available under open source licenses, including authorizing further modification and redistribution. In the event that portions of our proprietary software are determined to be subject to such requirements by an open source license, we could be required to publicly release the affected portions of our source code, re-engineer all or a portion of our products or services or otherwise be limited in the licensing of our services, each of which provide an to our competitors or other entrants to the market, create security in our solutions and could reduce or eliminate the value of our services. Further, if we are held to have or otherwise to comply with the terms of an open source software license, we could be required to release certain of our proprietary source code under open source licenses, pay monetary , seek licenses from third parties to continue offering our services on terms that are not economically feasible or be subject to that could require us to the sale of our services if re-engineering could not be on a timely basis. Many of the risks associated with use of open source software cannot be eliminated and could affect our business. Moreover, we cannot you that our processes for controlling our use of open source software in our products will be . Responding to any or claim by an open source vendor, regardless of its validity, or
discovering open source software code in our software could harm our business, operating results and financial condition by, among other things:
• resulting in time-consuming and costly litigation;
• diverting management’s time and attention from developing our business;
• requiring us to pay monetary damages or enter into royalty and licensing agreements that we would not normally find acceptable;
• causing delays in the deployment of our products or service offerings to our customers;
• requiring us to stop offering certain services on or features of our products;
• requiring us to redesign certain components of our software using alternative non-infringing or non-open source technology, which could require significant effort and expense;
• requiring us to disclose our software source code and the detailed program commands for our software; and
• requiring us to satisfy indemnification obligations to our customers.
Claims by others that we infringe their proprietary technology or other rights, or other lawsuits asserted against us, could result in significant costs and substantially harm our business, financial condition, results of operations and prospects.
A number of companies in our industry hold a large number of patents and also protect their copyright, trade secret and other intellectual property rights, and companies in the networking and security industry frequently enter into litigation based on allegations of patent infringement or other violations of intellectual property rights. In addition, patent holding companies seek to monetize patents they previously developed, have purchased or otherwise obtained. Many companies, including our competitors, may now, and in the future, have significantly larger and more mature patent, copyright, trademark and trade secret portfolios than we have, which they may use to assert claims of infringement, misappropriation and other violations of intellectual property rights against us. In addition, future litigation may involve non-practicing entities or other patent owners who have no relevant product offerings or revenue and against whom our own patents may therefore provide little or no or protection. As we face increasing competition and an increasingly higher profile, including as a result of becoming a public company, the possibility of intellectual property rights us grows. Third parties have asserted in the past and may in the future assert of of intellectual property rights us and these , even without merit, could our business, including by increasing our costs, reducing our revenue, creating customer that result in or reduced sales, our management from the running of our business and requiring us to use of important intellectual property. In addition, because patent applications can take years to issue and are often afforded confidentiality for some period of time, there may currently be pending applications, unknown to us, that later result in issued patents that could cover one or more of our services. Moreover, in a patent claim us, we may assert, as a defense, that we do not the relevant patent , that the patent is or both. The of our defenses will depend on the patents asserted, the interpretation of these patents, and our ability to the asserted patents. However, we could be in non- and/or in our defense. In the United States, issued patents a presumption of validity, and the party the validity of a patent claim must present clear and convincing evidence of , which is a high of proof. Conversely, the patent owner need only prove by a preponderance of the evidence, which is a lower of proof. Furthermore, because of the substantial amount of discovery required in connection with patent and other intellectual property rights , there is a risk that some of our confidential information could be compromised by the discovery process.
As the number of products and competitors in our market increases and overlaps occur, claims of infringement, misappropriation and other violations of intellectual property rights may increase. Our insurance may not cover intellectual property rights infringement claims. Third parties may in the future also assert infringement claims against our customers or channel partners, with whom our agreements may obligate us to indemnify against these claims. In addition, to the extent we hire personnel from competitors, we may be subject to allegations that such employees have divulged proprietary or other confidential information to us.
From time to time, the U.S. Supreme Court, other U.S. federal courts and the U.S. Patent and Trademark Appeals Board, and their foreign counterparts, have made and may continue to make changes to the interpretation of patent laws in their respective jurisdictions. We cannot predict future changes to the interpretation of existing patent laws or whether U.S. or foreign legislative bodies will amend such laws in the future. Any changes may lead to uncertainties or increased costs and risks surrounding the outcome of third-party infringement claims brought against us and the actual or enhanced damages, including treble damages, that may be awarded in connection with any such current or future claims and could have a material adverse effect on our business and financial condition.
We are unable to predict the likelihood of success in defending against future infringement claims. In the event that we fail to successfully defend ourselves against an infringement claim, a successful claimant could secure a judgment or otherwise require payment of legal fees, settlement payments, ongoing royalties or other costs or damages; or we may agree to a settlement that prevents us from offering certain services or features; or we may be required to obtain a license, which may not be available on reasonable terms, or at all, to use the relevant technology. If we are prevented from using certain technology or intellectual property, we may be required to develop alternative, non- technology, which could require significant time, during which we could be to continue to offer our affected services or features, effort and expense and may ultimately not be . Any of these outcomes could result in a material effect on our business. Even if we were to prevail, third-party lawsuits could be and time-consuming, the attention of our management and key personnel from our business operations, channel partners from selling or licensing our services and dissuade potential customers from purchasing our services, which would also materially our business. In addition, any public announcements of the results of any proceedings in third-party lawsuits could be perceived by industry or financial analysts and investors and could cause our stock price to experience or . Further, the expense of and the timing of this expense from period to period are to estimate, subject to change and could affect our results of operations. Any of these events could materially and our business, financial condition and results of operations.
Risks Related to Legal and Regulatory Matters
Failure to comply with laws and regulations applicable to our business could subject us to fines and penalties and could also cause us to lose customers in the public sector or negatively impact our ability to contract with the public sector.
Our business is subject to regulation by various federal, state, local and foreign governmental agencies, including agencies responsible for monitoring and enforcing privacy and data protection laws and regulations, government contract laws, employment and labor laws, workplace safety, anti-bribery laws, import and export controls, federal securities laws and tax laws and regulations. In certain jurisdictions, these regulatory requirements may be more stringent than in the United States. These laws and regulations impose added costs on our business. Noncompliance with applicable regulations or requirements could subject us to:
• investigations, enforcement actions and sanctions;
• mandatory changes to our Zero Trust solutions;
• disgorgement of profits, fines and damages;
• civil and criminal penalties or injunctions;
• claims for damages by our customers or channel partners;
• termination of contracts;
• loss of intellectual property rights; and
• temporary or permanent debarment from sales to government organizations.
If any governmental sanctions are imposed, or if we do not prevail in any possible civil or criminal litigation, our business, operating results and financial condition could be adversely affected. In addition, responding to any action will likely result in a significant diversion of management’s attention and resources and an increase in professional fees. Enforcement actions and sanctions could materially harm our business, operating results and financial condition.
We endeavor to properly classify employees as exempt versus non-exempt, as well as employee versus independent contractor, under applicable law. Although there are no pending or threatened material claims or investigations against us asserting that some employees or independent contractors are improperly classified, the possibility exists that some of our current or former employees or independent contractors could have been incorrectly classified.
In addition, we must comply with laws and regulations relating to the formation, administration and performance of contracts with the public sector, including U.S. federal, state and local governmental organizations, which affect how we
and our channel partners do business with governmental agencies. Selling our solutions to the U.S. government, whether directly or through channel partners, also subjects us to certain regulatory and contractual requirements. Failure to comply with these requirements by either us or our channel partners could subject us to investigations, fines and other penalties, which could have an adverse effect on our business, operating results, financial condition and prospects. As an example, the U.S. Department of Justice, or DOJ, and the General Services Administration, or GSA, have in the past pursued claims against and financial settlements with IT vendors under the False Claims Act and other statutes related to pricing and discount practices and compliance with certain provisions of GSA contracts for sales to the federal government. The DOJ and GSA continue to actively pursue such claims. Violations of certain regulatory and contractual requirements could also result in us being or from future government contracting. Any of these outcomes could have a material effect on our revenue, operating results, financial condition and prospects.
We are also subject to the U.S. Foreign Corrupt Practices Act of 1977, the U.K. Bribery Act 2010 and other anti-corruption, anti-bribery, anti-money laundering and similar laws in the United States and other countries in which we conduct activities. Anti-corruption and anti-bribery laws, which have been enforced aggressively and are interpreted broadly, prohibit companies and their employees and agents from promising, authorizing, making or offering improper payments or other benefits to government officials and others in the private sector. We leverage third parties, including channel partners, to sell subscriptions to our products and conduct our business abroad. We and these third-party intermediaries may have direct or indirect interactions with officials and employees of government agencies or state-owned or affiliated entities and we may be held liable for the corrupt or other illegal activities of these third-party business partners and intermediaries, our employees, representatives, contractors, channel partners and agents, even if we do not explicitly authorize such activities. While we have policies and procedures to address compliance with such laws, we cannot you that all of our employees and agents will not take actions in of our policies and applicable law, for which we may be ultimately held responsible. As we increase our international sales and business, our risks under these laws may increase. with these laws could subject us to , or civil sanctions, settlements, , of export privileges, or from U.S. government contracts, other enforcement actions, of profits, significant , , other civil and or , whistleblower , media coverage and other consequences. Any , actions or sanctions could materially our reputation, business, results of operations and financial condition.
These laws and regulations impose added costs on our business, and failure to comply with these or other applicable regulations and requirements could lead to claims for damages from our channel partners or customers, penalties, termination of contracts, loss of exclusive rights in our intellectual property and temporary suspension or permanent debarment from government contracting. Any such damages, penalties, disruptions or limitations in our ability to do business with the public sector could have a material adverse effect on our business and operating results.
We and our directors, officers and affiliates have in the past and may in the future become involved in litigation and other proceedings that may adversely affect us.
From time to time, we and our directors, officers and affiliates have been subject to claims, suits and other proceedings. Regardless of the outcome, legal proceedings can have an adverse impact on us because of legal costs and diversion of management attention and resources, and could cause us to incur significant expenses or liability, adversely affect our brand recognition or require us to change our business practices. The expense of litigation and the timing of this expense from period to period are difficult to estimate, subject to change and could adversely affect our business, operating results and financial condition. It is possible that a resolution of one or more such proceedings could result in substantial damages, settlement costs, fines and penalties that would adversely affect our business, financial condition, operating results or cash flows in a particular period. These proceedings could also result in reputational , sanctions, consent decrees or orders requiring a change in our business practices. Additionally, our directors, officers and affiliates, or their respective affiliated entities, are currently and may in the future be the subject of , suits, and government in their individual capacities or in connection with other business ventures, which could impact our reputation or public perception of our company, irrespective of the merits of any such proceeding. Because of the potential risks, expenses and uncertainties of , we may, from time to time, settle , even where we have or defenses, by agreeing to settlement agreements. Because is inherently , we cannot you that the results of any of these actions will not have a material effect on our business, financial condition, operating results and prospects. Any of these consequences could affect our business, operating results and financial condition.
We could be subject to securities class action litigation. In the past, securities class action litigation has often been instituted against companies following periods of volatility in the market price of a company’s securities.
This type of litigation, if instituted, could result in substantial costs and a diversion of management’s attention and resources, which could adversely affect our business, operating results, or financial condition. Additionally, the dramatic increase in the cost of directors’ and officers’ liability insurance may cause us to opt for lower overall policy limits or to forgo insurance that we may otherwise rely on to cover significant defense costs, settlements, and damages awarded to plaintiffs.
If we were not able to satisfy data protection, security, privacy and other government- and industry-specific requirements or regulations, our business, results of operations and financial condition could be harmed.
Personal privacy, data protection and information security are significant issues in the United States, Europe and in other jurisdictions where we offer our cybersecurity solutions. The regulatory framework for privacy, data protection, and cybersecurity matters is rapidly evolving and is likely to remain uncertain for the foreseeable future. Our handling of data is subject to a variety of laws and regulations, including regulation by various government agencies. Evolving and changing definitions of personal data and personal information, within the E.U., the United States, and elsewhere, may limit or inhibit our ability to operate or expand our business, including limiting strategic partnerships that may involve the sharing or uses of personal data and personal information, and may require significant expenditures and efforts in order to comply.
The U.S. federal government, and various state and foreign governments, have adopted or proposed limitations on the collection, distribution, use and storage of information relating to individuals. Such laws and regulations may require companies to implement privacy and security policies, permit customers to access, correct and delete information stored or maintained by such companies, inform individuals of security breaches that affect their information, and, in some cases, obtain individuals’ consent to use information for certain purposes. Laws and regulations outside the United States, and particularly in Europe, often are more restrictive than those in the United States. In addition, some foreign governments require that certain information collected in a country be retained within that country. We also may find it necessary or desirable to join industry or other self-regulatory bodies or other information security or data protection-related organizations that require compliance with their rules pertaining to information security and data protection. We also may be bound by additional, more stringent contractual obligations relating to our collection, use and disclosure of personal, financial and other data.
We also expect that there will continue to be new proposed laws, regulations and industry standards concerning privacy, data protection and information security in the United States, the European Union and other jurisdictions in which we operate or may operate, and we cannot yet determine the impact such future laws, regulations and standards may have on our business. For example, the European Union implemented the General Data Protection Regulation in May 2018, which imposes stringent data protection requirements and provides for significant penalties for noncompliance. In addition, data protection laws in Europe impose requirements with respect to the cross-border transfer of certain personal data. We historically relied upon data transfer mechanisms such as the EU-U.S. Privacy Shield and the Swiss-U.S. Privacy Shield frameworks, and the use of certain standard contractual clauses approved by the European Commission, to address these requirements. In July 2020, the CJEU, Europe’s highest court, held that the EU-U.S. Privacy Shield was invalid, and imposed additional obligations in connection with the use of contractual clauses governing cross-border transfers of personal data. As a result, we may need to implement different or additional measures to establish or maintain legitimate means for the transfer and receipt of personal data from the European Union to the U.S. In addition, due to the UK’s departure from the European Union, we are subject to requirements for personal data transfers to and from the UK, which continue to evolve following Brexit. If the measures we implement are later determined to be , we may face enforcement actions by data protection authorities.
In addition, California adopted the California Consumer Privacy Act in 2018, which took effect in January 2020 and seeks to provide California consumers with increased privacy rights and protections for their personal information. The 2018 Act was further modified by the California Privacy Rights Act, which became effective January 1, 2023. Similar laws in Virginia took effect on January 1, 2023, in Colorado and Connecticut take effect on July 1, 2023 and in Utah take effect on December 31, 2023. We expect that existing laws, regulations and standards may be interpreted in new manners in the future. Future laws, regulations, standards and other obligations, and changes in the interpretation of existing laws, regulations, standards and other obligations could require us to modify our solutions, restrict our business operations, increase our costs and impair our ability to maintain and grow our customer base and increase our revenue.
Although we work to comply with applicable laws and regulations, industry standards, contractual obligations and other legal obligations, those laws, regulations, standards and obligations are evolving and may be modified, interpreted and applied in an inconsistent manner from one jurisdiction to another, and may conflict with one another. In addition, they may conflict with other requirements or legal obligations that apply to our business or the security features and services
that our customers expect from our solutions and may require us to make changes to our solutions or other practices in an effort to comply with them. As such, we cannot assure ongoing compliance with all such laws, regulations, standards and obligations. Any failure or perceived failure by us to comply with applicable laws, regulations, standards or obligations, or any actual or suspected security breach or other security incident, whether or not resulting in unauthorized access to, or acquisition, release or transfer of information relating to individuals or other data, may result in governmental investigations, enforcement actions and other proceedings, private litigation, fines and penalties or adverse publicity, and could cause our customers to lose trust in us, which could have an effect on our reputation and business. Any to address privacy and security , even if , or comply with applicable laws, regulations, standards and obligations, could result in additional cost and liability to us, our reputation, inhibit sales, and materially and affect our business and operating results.
Claims for indemnification by our directors and officers may reduce our available funds to satisfy successful third-party claims against us and may reduce the amount of money available to us.
Our A&R Charter and A&R Bylaws provide that we will indemnify our directors and officers, in each case, to the fullest extent permitted by Delaware law. Our A&R Charter also allows our Board to indemnify other employees. This indemnification will extend to the payment of judgments in actions against officers and directors and to reimbursement of amounts paid in settlement of such claims or actions and may apply to judgments in favor of the Company or amounts paid in settlement to the Company. This indemnification will also extend to the payment of attorneys’ fees and expenses of officers and directors in suits against them where the officer or director acted in good faith and in a manner he or she reasonably believed to be in, or not opposed to, the best interests of the Company, and, with respect to any criminal action or proceeding, he or she had no reasonable cause to believe his or her conduct was unlawful. This right of indemnification is not exclusive of any right to which the officer or director may be entitled as a matter of law and shall extend and apply to the estates of officers and directors.
Risks Related to Financial, Tax and Accounting Matters
Management has performed an analysis of our ability to continue as a going concern, and has determined that, based on our current financial position, there is a substantial doubt about our ability to continue as a going concern. In addition, our independent registered public accounting firm has raised substantial doubt as to our ability to continue as a going concern.
Based on its assessment, management has raised substantial doubt about our ability to continue as a going concern. The Company had cash and cash equivalents and remaining borrowing capacity under the Revolving Credit Facility of $11.5 million and $3.5 million, respectively, at December 31, 2022, a loss from continuing operations of $80.1 million for the year ended December 31, 2022, and an accumulated deficit of $546.1 million at December 31, 2022. Current economic and market conditions have put pressure on our growth plans. The Company’s ability to continue as a going concern is dependent on its ability to obtain additional capital. The Company believes that its current level of cash and cash equivalents and remaining borrowing capacity under the Revolving Credit Facility are not sufficient to continue investing in growth, while at the same time meeting its obligations as they become due. These conditions raise substantial doubt regarding our ability to continue as a going concern. In an effort to alleviate these conditions, management is currently evaluating various cost reduction and other alternatives and may seek to raise additional funds through the issuance of equity, mezzanine or debt securities, through arrangements with strategic partners, through obtaining credit from financial institutions or otherwise.
Our independent registered public accounting firm has included in its audit report for the year ended December 31, 2022, an explanatory paragraph expressing substantial doubt as to our ability to continue as a going concern. A going concern opinion in the report of our independent registered public accounting firm could impair our ability to finance our operations through public or private equity offerings or debt financings, or a combination of one or more of these funding sources. Any additional equity or equity-linked debt financing could be extremely dilutive to our current stockholders. Additional capital may not be available on reasonable terms, or at all, and we may be required to terminate or significantly curtail our operations, or enter into arrangements with collaborative partners or others that may require us to relinquish rights to certain aspects of our product candidates, or potential markets that we would not otherwise relinquish. If we are unable to obtain capital, our business would be , and we may not be to continue operations.
If we fail to maintain effective disclosure controls and internal control over financial reporting, our ability to produce timely and accurate financial statements or comply with applicable regulations could be impaired.
As a public company, we are subject to the reporting requirements of the Exchange Act and the Sarbanes-Oxley Act of 2002 (the “Sarbanes-Oxley Act”). We expect that the requirements of these rules and regulations will continue to increase our legal, accounting, and financial compliance costs, make some activities more difficult, time-consuming, and costly, and place significant strain on our personnel, systems, and resources.
The Sarbanes-Oxley Act requires, among other things, that we maintain effective disclosure controls and procedures and internal control over financial reporting. We are continuing to develop and refine our disclosure controls and other procedures that are designed to ensure that information required to be disclosed by us in the reports that we will file with the SEC is recorded, processed, summarized, and reported within the time periods specified in SEC rules and forms and that information required to be disclosed in reports under the Exchange Act is accumulated and communicated to our principal executive and financial officers and Board of Directors.
We are required to comply with Section 404 of the Sarbanes-Oxley Act, which requires annual management assessments of the effectiveness of our internal control over financial reporting as of year-end. In particular, we are required to perform system and process evaluation and testing of our internal controls over financial reporting to allow management to report on the effectiveness of our internal controls over financial reporting, as required by Section 404(a) of the Sarbanes-Oxley Act (the “404 Assessment”). We cannot assure you that we will at all times in the future be able to report that our internal controls are effective.
Our current controls and any new controls that we develop may become ineffective because of changes in conditions in our business. Further, weaknesses in our disclosure controls and internal control over financial reporting may be identified in the future. Any failure to develop or maintain effective controls or any challenges encountered in their implementation or improvement could harm our results of operations or cause us to not meet our reporting obligations and may result in a restatement of our financial statements for prior periods. Any failure to implement and maintain effective internal control over financial reporting also could adversely affect the results of periodic management evaluations and annual independent registered public accounting firm attestation reports regarding the effectiveness of our internal control over financial reporting that we may be required to include in our future periodic reports filed with the SEC. disclosure controls and procedures and internal control over financial reporting could also cause investors to confidence in our reported financials and other information, which may have a effect on the trading price of our common stock. In addition, if we are to continue to meet these requirements, we may not be to remain listed on any national securities exchange on which our common stock may be listed in the future.
Our independent registered public accounting firm is not required to attest to the effectiveness of our internal control over financial reporting until after we are no longer a smaller reporting company as defined under Regulation S-K promulgated by the SEC. At such time, our independent registered public accounting firm may issue a report that is adverse in the event it is not satisfied with the level at which our internal control over financial reporting is documented, designed, or operating. Any failure to maintain effective disclosure controls and internal control over financial reporting could have an adverse effect on our business and results of operations and could cause an adverse effect on the trading price of our securities.
We have previously identified material weaknesses in our internal control over financial reporting. These material weaknesses could continue to adversely affect our ability to report our results of operations and financial condition accurately and in a timely manner.
On November 8, 2022, our Board of Directors, after meeting with management to consider the relevant facts and circumstances, determined that the Company’s financial statements as of and for the years ended December 31, 2021 and 2020, the interim periods within those years, and the Company’s financial statements for the interim periods ended March 31, 2022 and June 30, 2022 should no longer be relied upon because of errors in such financial statements.
Although our management had not yet conducted a 404 Assessment as of December 31, 2021, as part of the restatement process in connection with our financials as of and for the year ended December 31, 2021, we identified material weaknesses in our internal control over financial reporting. Our management identified (i) errors in our accounting relating to our controls over the estimation of the relationship between the term license and the support and maintenance for establishing their respective stand-alone sales prices in multi-year contracts related to revenue for our sales of software through multi-year term-based license agreements, (ii) errors in our accounting relating to our controls related to recognition of commission expense and (iii) inadequate management review controls over our financial statement
disclosures with respect certain calculations (collectively, the “10-K Material Weaknesses”). Furthermore, in connection with the preparation of the restatement of our quarterly financials for the three months ended March 31, 2022, our management identified an additional material weakness in internal control over financial reporting, as we did not design and maintain effective controls related to the evaluation of awards under our 2021 Plan (the “10-Q Material Weakness”).
In addition, in connection with the preparation of Legacy Appgate’s consolidated financial statements as of and for the year ended December 31, 2020, Legacy Appgate’s management and its independent registered public accounting firm identified material weaknesses in internal control over financial reporting with respect to the design of our information technology general controls related to user access and change management as well as certain financial reporting transaction level controls including account reconciliations, related party transactions and journal entries (the “Legacy Appgate Material Weaknesses”).
A material weakness is a deficiency, or a combination of control deficiencies, in internal control over financial reporting such that there is a reasonable possibility that a material misstatement of the company’s annual or interim financial statements will not be prevented or detected on a timely basis. For further detail of the 10-K Material Weaknesses, the 10-Q Material Weakness and the Legacy Appgate Material Weaknesses and the Company’s plans for their remediation, see Part II, Item 9A of this Annual Report.
There can be no assurance that other material weaknesses will not arise in the future. Any material weaknesses in our internal control over financial reporting could cause us to fail to meet our future reporting obligations or could result in material misstatements in our financial statements, which in turn could have an adverse effect on our reputation, financial condition and our ability to timely and properly comply with our reporting obligations under the Exchange Act. Any material weakness could also adversely affect the results of the periodic management evaluations and, to the extent we are no longer a smaller reporting company, the annual auditor attestation reports regarding the effectiveness of our internal control over financial reporting that will be required under Section 404 of the Sarbanes-Oxley Act. Internal control deficiencies could also cause investors to lose confidence in our reported financial information which could have an adverse effect on the trading price of our securities.
Being a public company requires that we incur significant costs, diverts our resources and management’s attention and may affect our ability to attract and retain executive management and qualified Board members.
As a public company, we are subject to the reporting and corporate governance requirements of the Exchange Act, and other applicable securities rules and regulations, including the Sarbanes-Oxley Act and the Dodd-Frank Wall Street Reform and Consumer Protection Act. Compliance with these rules and regulations requires us to incur significant legal and financial compliance costs, makes some activities more difficult, time-consuming or costly and increases demand on our systems and resources. Among other things, the Exchange Act requires that we file annual, quarterly and current reports with respect to our business and results of operations and maintain effective disclosure controls and procedures and internal control over financial reporting. In order to improve our disclosure controls and procedures and internal control over financial reporting to meet this standard, additional resources and management oversight are required. As a result, management’s attention is at times diverted from other business concerns, which could harm our business, financial condition, results of operations and prospects. Although we have hired additional personnel to help comply with these requirements, we may need to further expand our legal and finance departments in the future, which will increase our costs and expenses. In addition, changing laws, regulations and standards relating to corporate governance and public disclosure are creating uncertainty for public companies, increasing legal and financial compliance costs and making some activities more time-consuming. These laws, regulations and standards are subject to varying interpretations, in many cases due to their of specificity, and, as a result, their application in practice may evolve over time as new guidance is provided by regulatory and governing bodies. This could result in continuing uncertainty regarding compliance matters and higher costs necessitated by ongoing revisions to disclosure and governance practices. We intend to invest resources to comply with evolving laws, regulations and standards, and this investment may result in increased general and administrative expense and a of management’s time and attention from revenue-generating activities to compliance activities. If our efforts to comply with new laws, regulations and standards differ from the activities intended by regulatory or governing bodies, regulatory authorities may initiate legal proceedings us and our business and prospects may be .
As a result of disclosure of information in the filings required of a public company, our business and financial condition have become more visible, which could result in threatened or actual litigation, including by competitors and other third parties. If such claims are successful, our business, financial condition, results of operations and prospects could be harmed, and even if the claims do not result in litigation or are resolved in our favor, these claims, and the time and resources necessary to resolve them, could divert the resources of our management and harm our business, financial
condition, results of operations and prospects. These factors could also make it more difficult for us to attract and retain qualified employees, executive officers and members of our Board.
Our ability to use our net operating loss carryforwards and certain other tax attributes may be limited.
As of December 31, 2022, we had aggregate U.S. federal and state net operating loss carryforwards of $233.2 million and $107.3 million, respectively, which may be available to offset future taxable income for U.S. income tax purposes. If not utilized, $72.9 million of the federal net operating loss carryforwards will begin to expire in 2035 with the remainder carried forward indefinitely, and $72.7 million of the state net operating loss carryforwards will begin to expire in 2023 with the remainder carried forward indefinitely. We also had foreign net operating loss carryforwards of $6.0 million, which do not expire. Realization of these net operating loss carryforwards depends on future income, and there is a risk that certain of our existing carryforwards could expire unused and be unavailable to offset future income tax liabilities, which could adversely affect our operating results and financial condition. In addition, under Sections 382 and 383 of the Code, if a corporation undergoes an “ownership change,” generally defined as a greater than 50% change (by value) in ownership by “5 percent shareholders” over a rolling three-year period, the corporation’s ability to use its pre-change net operating carryovers and other pre-change tax attributes to offset its post-change income or taxes may be limited. Similar rules apply under U.S. state tax laws. We have experienced ownership changes in the past and we may experience an ownership change in the future as a result of shifts in our stock ownership. As a result, if we earn net taxable income, our ability to use our pre-change U.S. net operating carryforwards to offset U.S. federal taxable income may be subject to , which could potentially result in increased future tax liability to us. In addition to the net operating carryforwards discussed above, as a result of past acquisitions and the Merger, we have an additional $12.9 million of federal net operating carryforwards. Management has not concluded on the realizability of these NOLs or whether they may be limited by Code Section 382 or 383. Any determination that all or a portion of any such NOLs is not realizable or may be limited by Code Section 382 or 383, would lessen the amount available to us.
We could be subject to additional tax liabilities and United States federal income tax reform could adversely affect us.
We are subject to U.S. federal, state, local and sales taxes in the United States and foreign income taxes, withholding taxes and transaction taxes in numerous foreign jurisdictions. Significant judgment is required in evaluating our tax positions and our worldwide provision for income taxes. During the ordinary course of business, there are many activities and transactions for which the ultimate tax determination is uncertain. In addition, our future income tax obligations could be adversely affected by changes in, or interpretations of, tax laws in the United States or in other jurisdictions in which we operate. For example, in December 2017, the United States adopted new tax law legislation commonly referred to as the U.S. Tax Cuts and Jobs Act of 2017 (the “Tax Act”) (as modified by the Coronavirus Aid, Relief, and Economic Security Act), which significantly reforms the Code. The Tax Act, among other things, includes changes to U.S. federal tax rates, imposes significant additional limitations on the deductibility of interest and the use of net operating losses generated in tax years beginning after December 31, 2017, allows for the expensing of certain capital expenditures, and puts into effect the migration from a “worldwide” system of taxation to a largely territorial system. Further changes to U.S. tax laws, including limitations on the ability of taxpayers to claim and utilize foreign tax credits, as well as changes to U.S. tax laws that may be enacted in the future, could impact the tax treatment of our foreign earnings. Due to expansion of our international business activities, any changes in the U.S. taxation of such activities may increase our worldwide tax rate and affect our operating results and financial condition. The enactment of legislation implementing changes in the U.S. taxation of international business activities or the adoption of other tax reform policies could impact our operating results and financial condition.
We could be required to collect additional sales, use, value added, digital services, or other similar taxes or be subject to other liabilities that may increase the costs our customers would have to pay for our solutions and adversely affect our business, operating results, and financial condition.
We collect sales, use, value added, digital services, and other similar taxes in a number of jurisdictions. One or more U.S. states or countries may seek to impose incremental or new sales, use, value added, digital services, or other tax collection obligations on us. Further, an increasing number of U.S. states have considered or adopted laws that attempt to impose tax collection obligations on out-of-state companies. Additionally, the Supreme Court of the United States ruled in South Dakota v. Wayfair, Inc. et al, or Wayfair, that online sellers can be required to collect sales and use tax despite not having a physical presence in the state of the customer. In response to Wayfair, or otherwise, U.S. states or local governments may adopt, or begin to enforce, laws requiring us to calculate, collect, and remit taxes on sales in their jurisdictions. A successful assertion by one or more U.S. states requiring us to collect taxes where we presently do not do so, or to collect more taxes in a jurisdiction in which we currently do collect some taxes, could result in substantial liabilities, including taxes on past sales, as well as interest and penalties. Furthermore, certain jurisdictions, such as the U.K. and France, have introduced a digital services tax, which is generally a tax on gross revenue generated from users or customers located in
those jurisdictions, and other jurisdictions have enacted or are considering enacting similar laws. A successful assertion by a U.S. state or local government, or other country or jurisdiction that we should have been or should be collecting additional sales, use, value added, digital services or other similar taxes could, among other things, result in substantial tax payments, create significant administrative burdens for us, discourage potential customers from subscribing to our solutions due to the incremental cost of any such sales or other related taxes, or otherwise harm our business.
Our corporate structure and intercompany arrangements are subject to the tax laws of various jurisdictions, and we could be obligated to pay additional taxes, which would harm our results of operations.
Our corporate structure and associated transfer pricing policies contemplate the business flows and future growth into the international markets, and consider the functions, risks and assets of the various entities involved in the intercompany transactions. The amount of taxes we pay in different jurisdictions may depend on the application of the tax laws of the various jurisdictions, including the United States, to our international business activities, changes in tax rates, new or revised tax laws or interpretations of existing tax laws and policies, and our ability to operate our business in a manner consistent with our corporate structure and intercompany arrangements. For example, certain jurisdictions have introduced a digital services tax, which is generally a tax on gross revenue generated from users or customers located in those jurisdictions, and other jurisdictions are considering enacting similar laws. The taxing authorities of the jurisdictions in which we operate may challenge our methodologies for pricing intercompany transactions pursuant to the intercompany arrangements or disagree with our determinations as to the income and expenses attributable to specific jurisdictions. If such a challenge or disagreement were to occur, and our position was not sustained, or if there are changes in tax laws or the way existing tax laws are interpreted or applied, we could be required to pay additional taxes, interest and , which could result in one-time tax charges, higher tax rates, reduced cash flows and lower overall of our operations. Our financial statements could to reflect adequate reserves to cover such a contingency.
Our revenue recognition policy and other factors may distort our financial results in any given period and make them difficult to predict.
Under accounting standards update No. 2014-09 (Topic 606), Revenue from Contracts with Customers (“ASC 606”), we recognize revenue when our customer obtains control of goods or services in an amount that reflects the consideration that we expect to receive in exchange for those goods or services. We sell and deliver our solutions as term-based license subscriptions, perpetual licenses and software-as-a-service (“SaaS”), together with related support services. For those term-based and perpetual license arrangements, we generally recognize both revenue upfront when the distinct license is made available to the customer, as well as revenue recognized ratably over the contract period for support and maintenance based on the stand-ready nature of these elements. For SaaS arrangements that do not contain variable consideration, and for support and maintenance, we recognize revenue ratably over the contract period as the Company satisfies its performance obligation, beginning on the date the Company makes its service available to the customer. Because of this revenue recognition methodology, a single, large term-based or perpetual license in a given period may distort our operating results for that period. In contrast, the impact of agreements that are recognized ratably may take years to be fully reflected in our financial statements. Consequently, a significant increase or decline in our subscription SaaS and support and maintenance contracts in any one quarter will not be fully reflected in the results for that quarter, but will affect our revenue in future quarters. This also makes it to forecast our revenue for future periods, as both the mix of solutions, solution packages and services we will sell in a given period, as well as the size of contracts, is to predict.
Furthermore, the presentation of our financial results requires us to make estimates and assumptions that may affect revenue recognition. In some instances, we could reasonably use different estimates and assumptions, and changes in estimates are likely to occur from period to period. See “Item 8. Financial Statements and Supplementary Data — Note 1. Business and Summary of Significant Accounting Policies — Revenue Recognition .” Given the foregoing factors, our actual results could differ significantly from our estimates, comparing our revenue and operating results on a period-to-period basis may not be meaningful, and our past results may not be indicative of our future performance.
If our estimates or judgments relating to our critical accounting policies prove to be incorrect or financial reporting standards or interpretations change, our results of operations could be adversely affected.
The preparation of financial statements in conformity with GAAP requires management to make estimates and assumptions that affect the amounts reported in our consolidated financial statements and accompanying notes. We base our estimates on historical experience and on various other assumptions that we believe to be reasonable under the circumstances, as provided in the section titled “Management’s Discussion and Analysis of Financial Condition and Results of Operations” and in our consolidated financial statements and related notes included elsewhere in this Annual Report. The results of
these estimates form the basis for making judgments about the carrying values of assets, liabilities and equity, and the amount of revenue and expenses that are not readily apparent from other sources. Significant assumptions and estimates used in preparing our consolidated financial statements include those related to the determination of revenue recognition, and more specifically, the estimation and allocation of the transaction price to each performance obligation based on a relative standalone selling price, allowance for doubtful accounts, valuation and impairment of intangible assets and goodwill, impairment of other long-lived assets, useful lives of property and equipment and definite-lived intangible assets and the period of benefit generated from our deferred contract acquisition costs. Our results of operations may be adversely affected if our assumptions change or if actual circumstances differ from those in our assumptions, which could cause our results of operations to fall below the expectations of industry or financial analysts and investors, resulting in a decline in the trading price of our common stock.
Additionally, we regularly monitor our compliance with applicable financial reporting standards and review new pronouncements and drafts thereof that are relevant to us. As a result of new standards, changes to existing standards and changes in their interpretation, we might be required to change our accounting policies, alter our operational policies and implement new or enhance existing systems so that they reflect new or amended financial reporting standards, or we may be required to restate our published financial statements. Such changes to existing standards or changes in their interpretation may have an adverse effect on our reputation, business, financial position and profit/loss, or cause an adverse deviation from our revenue and operating profit target, which may negatively impact our financial results.
We are exposed to fluctuations in currency exchange rates, which could negatively affect our business, operating results and financial condition.
Our sales contracts are primarily denominated in U.S. dollars, and therefore our revenue is not subject to significant foreign currency risk. However, strengthening of the U.S. dollar increases the real cost of our solutions to our customers outside of the United States, which could lead to delays in the purchase of our solutions and the lengthening of our sales cycle. If the U.S. dollar continues to strengthen, this could adversely affect our financial condition and operating results. In addition, increased international sales in the future, including through our channel partners and other partnerships, may result in greater foreign currency denominated sales, increasing our foreign currency risk. Our operating expenses incurred outside the U.S. are primarily denominated in the currency of the country in which such expenses are incurred. As our business continues to grow globally, our exposure to currency exchange rates may increase, which could negatively affect our business, operating results and financial condition. We do not currently hedge against the risks associated with currency fluctuations but may do so in the future.
We may require additional capital to expand our operations and invest in new solutions, and failure to do so could reduce our ability to compete and could harm our business and financial condition.
We may need to raise additional funds in the future to fund our operating expenses, make capital purchases and acquire or invest in business or technology, and we may not be able to obtain those funds on favorable terms, or at all. If we raise additional equity financing, our stockholders may experience significant dilution of their ownership interests and the per share value of our common stock could decline. Furthermore, if we engage in additional debt financing, the holders of our debt would have priority over the holders of our common stock, and we may be required to accept terms that restrict our ability to incur additional indebtedness or our ability to pay any dividends on our common stock, though we do not intend to pay dividends in the foreseeable future. We may also be required to take other actions, any of which could harm our business and operating results. If we need to access the capital markets, there can be no assurance that financing may be available on attractive terms, if at all. If we are unable to obtain adequate financing, or financing on terms satisfactory to us, when we require it, our ability to continue to support our business growth and to respond to business could be significantly limited, and our business, operating results, financial condition and prospects could be materially and affected. See also “We have indebtedness, which may increase risk to our business and your investment in us.”
Our Company may have undisclosed liabilities and any such liabilities could negatively impact our revenues, business, prospects, financial condition and results of operations.
Before the Closing, Legacy Appgate conducted due diligence on the Company customary and appropriate for a transaction similar to the Merger. However, the due diligence process may not reveal all material liabilities of our Company currently existing or which may be asserted in the future against our Company relating to its activities before the Closing. In addition, the Merger Agreement contains representations with respect to the absence of any liabilities. However, there can be no assurance that our Company will not have any liabilities upon Closing that we are unaware of or that we will be successful in enforcing any indemnification provisions or that such indemnification provisions will be adequate to
reimburse us. Any such liabilities of our Company that survived the Closing could negatively impact our revenues, business, prospects, financial condition and results of operations.
Risks Related to the Ownership of Our Common Stock
The market price of our common stock has been volatile and may continue to be volatile, and you could lose all or part of your investment.
Prior to the closing of the Merger, there was no public trading market for shares of Legacy Appgate’s common stock, and shares of Newtown Lane were thinly traded. Following the Merger through March 24, 2023, our common stock has been volatile, with our opening/closing price ranging from a high of $21.25 to a low of $1.21. It is possible that neither an active nor liquid trading market for our common stock will develop, and, if such a market does develop, it is possible that such market will not be sustained, which could make it difficult for you to sell your shares of common stock at an attractive price or at all.
Many factors, many of which are outside our control, may cause the market price for shares of our common stock to fluctuate significantly, including those described elsewhere in this “Risk Factors” section, as well as the following:
• actual or anticipated changes or fluctuations in our operating results;
• the financial projections we may provide to the public, any changes in these projections or our failure to meet these projections;
• announcements by us or our competitors of new products or new or terminated significant contracts, commercial relationships or capital commitments;
• industry or financial analyst or investor reaction to our press releases, other public announcements and filings with the SEC;
• rumors and market speculation involving us or other companies in our industry;
• price and volume fluctuations in the overall stock market from time to time;
• volume fluctuations in the trading of our common stock from time to time;
• changes in operating performance and stock market valuations of other technology companies generally, or those in our industry in particular;
• the sales of shares of our common stock by us or our stockholders;
• failure of industry or financial analysts to maintain coverage of us, changes in financial estimates by any analysts who follow our company, or our failure to meet these estimates or the expectations of investors;
• actual or anticipated developments in our business or our competitors’ businesses or the competitive landscape generally;
• litigation involving us, our industry or both, or investigations by regulators into our operations or those of our competitors;
• developments or disputes concerning our intellectual property rights or our solutions, or third-party proprietary rights;
• announced or completed acquisitions of businesses or technologies by us or our competitors;
• actual or perceived privacy, data protection, or information security incidents or breaches;
• new laws or regulations or new interpretations of existing laws or regulations applicable to our business;
• any major changes in our management or our Board;
• general economic conditions and slow or negative growth of our markets; and
• other events or factors, including those resulting from war, incidents of terrorism, global pandemics or responses to these events.
In addition, the stock market in general, and the market for technology companies in particular, has experienced price and volume fluctuations that have often been unrelated or disproportionate to the operating performance of those companies. Broad market and industry factors may affect the market price of our common stock, regardless of our actual operating performance.
Our common stock is currently thinly traded, liquidity is limited, and we may be unable to obtain listing of our common stock on a more liquid market.
Our common stock is currently thinly traded and quoted on the OTC Markets, which provide significantly less liquidity than a national securities exchange such as the NYSE or Nasdaq. In addition, approximately 95.9% of our common stock is held by affiliates who are subject to certain trading restrictions with respect to their common stock. Without a large public float, our common stock is less liquid than the stock of companies with broader public ownership, and, as a result, the trading prices of our common stock may be more volatile.
For the foregoing reasons, purchasers of our common stock may be subject to price volatility risk given the price of our common stock may change dramatically from a relatively small trading volume, which may also make our common stock more vulnerable to price manipulation attempts. We cannot predict the prices at which our common stock will trade in the future, if at all.
As a former shell company, resales of shares of our restricted common stock in reliance on Rule 144 of the Securities Act are subject to the requirements of Rule 144(i).
We previously were a “shell company” and, as such, sales of our securities pursuant to Rule 144 under the Securities Act of 1933, as amended, cannot be made unless, among other things, at the time of a proposed sale, we are subject to the reporting requirements of Section 13 or 15(d) of the Securities Exchange Act of 1934, as amended, and have filed all reports and other materials required to be filed by Section 13 or 15(d) of the Securities Exchange Act of 1934 as amended, as applicable, during the preceding 12 months, other than Form 8-K reports. Because, as a former shell company, the reporting requirements of Rule 144(i) will apply regardless of holding period, restrictive legends on certificates for shares of our common stock cannot be removed except in connection with an actual sale that is subject to an effective registration statement under, or an applicable exemption from the registration requirements of, the Securities Act. Because our unregistered securities cannot be sold pursuant to Rule 144 unless we continue to meet such requirements, any unregistered securities we issue will have limited liquidity unless we continue to comply with such requirements.
SIS Holdings can control our business and affairs and may have conflicts of interest with us in the future.
As of the date of this Annual Report, SIS Holdings, through which, among others, BC Partners and Medina Capital (the “Investors”) hold an indirect interest in our common stock, collectively own approximately 89% of our common stock. As a result, so long as the Investors and/or their affiliates remain our controlling stockholders they will be able to control, directly or indirectly, and subject to applicable law, all matters affecting us, including:
• any determination with respect to our business direction and policies, including the appointment and removal of officers and directors;
• any determinations with respect to mergers, business combinations or disposition of assets;
• compensation and benefit programs and other human resources policy decisions;
• the payment of dividends on our common stock; and
• determinations with respect to tax matters.
In addition, the Investors are in the business of making investments in companies and may from time to time acquire and hold interests in businesses that compete directly or indirectly with us. One or more of the Investors may also pursue acquisition opportunities that may be complementary to our business and, as a result, those acquisition opportunities may not be available to us. So long as the Investors, or their respective affiliates, continue to own a significant amount of the outstanding shares of our common stock, even if such amount is less than 50%, the Investors will continue to be able to strongly influence us. Certain of our directors are affiliates of the Investors, and our A&R Charter provides that, subject to certain limitations, none of our directors or officers, or any of their affiliates, will have any duty to refrain from (i) engaging in a corporate opportunity in the same or similar lines of business in which we or our affiliates now engage or propose to engage or (ii) otherwise competing with us or our affiliates.
If we list our common stock on the NYSE or Nasdaq, we will be considered a “controlled company” within the meaning of the rules of the NYSE or Nasdaq stock market, as applicable, and, as a result, will qualify for exemptions from certain corporate governance requirements.
The OTC Markets do not prescribe corporate governance requirements for companies that trade on those markets. We intend to apply to list our common stock on either the NYSE or Nasdaq stock market. As of the date of this Annual Report, SIS Holdings, through which the other Investors hold an indirect interest in our common stock, owns approximately 89% of our common stock. As a result, we are considered as a “controlled company” within the meaning of the corporate governance standards of the NYSE and Nasdaq. Under these rules, a listed company of which more than 50% of the voting power is held by an individual, group or another company is a “controlled company” and may elect not to comply with certain corporate governance requirements, including:
• the requirement that a majority of the board of directors consist of independent directors;
• the requirement that our nominating and corporate governance committee be composed entirely of independent directors with a written charter addressing the committee’s purpose and responsibilities;
• the requirement that our compensation committee be composed entirely of independent directors with a written charter addressing the committee’s purpose and responsibilities; and
• the requirement for an annual performance evaluation of our corporate governance and compensation committees.
While SIS Holdings controls a majority of the voting power of our outstanding common stock, we may elect to rely on these exemptions and, as a result, may not have a majority of independent directors on our Board. When established, our nominating and corporate governance and compensation committees may also not consist entirely of independent directors. Accordingly, holders of our common stock do not have the same protections afforded to stockholders of companies that are subject to all of the corporate governance requirements of the NYSE or Nasdaq.
Future sales, or the perception of future sales, by us or our existing stockholders in the public market following the Merger could cause the market price for our common stock to decline.
The sale of substantial amounts of shares of our common stock in the public market, or the perception that such sales could occur, could harm the prevailing market price of shares of our common stock. These sales, or the possibility that these sales may occur, also might make it more difficult for us to sell equity securities in the future at a time and at a price that we deem appropriate or to raise additional funds through future offerings of other securities.
In addition, certain holders of our common stock and the Convertible Senior Notes are entitled to rights with respect to registration of their shares under the Securities Act pursuant to certain registration rights agreements. If these holders of our common stock and/or the Convertible Senior Notes, by exercising their registration rights, sell a large number of shares, they could adversely affect the market price for our common stock.
We may also issue our shares of common stock or securities convertible into shares of our common stock from time to time in connection with a financing, acquisition, investments or otherwise. Any such issuance could result in substantial dilution to our existing stockholders and cause the market price of our common stock to decline.
We do not intend to pay dividends in the foreseeable future. As a result, your ability to achieve a return on your investment will depend on appreciation in the price of our common stock.
We have never declared or paid any cash dividends on our common stock. We currently intend to retain all available funds and any future earnings for use in the operation of our business and do not anticipate paying any dividends on our common stock in the foreseeable future. Any determination to pay dividends in the future will be at the discretion of our Board. Accordingly, investors must rely on sales of their common stock after price appreciation, which may never occur, as the only way to realize any future gains on their investments.
If industry or financial analysts do not publish research about our business, or if they issue inaccurate or unfavorable research regarding our common stock, our stock price and trading volume could decline.
The trading market for our common stock is influenced by, among other things, the research and reports that industry or financial analysts publish about us or our business. We do not control these analysts, or the content and opinions included in their reports. We may be slow to attract research coverage and the analysts who publish information about our common stock will have had relatively little experience with our company, which could affect their ability to accurately forecast our results and make it more likely that we fail to meet their estimates. If we are unable to attract research coverage, this could limit investor interest in our securities and result in decreased trading liquidity. Further, if any of the analysts who cover us issues an inaccurate or unfavorable opinion regarding our stock price, our stock price would likely decline and it could cause our trading liquidity to decline. In addition, the stock prices of many companies in the technology industry have declined significantly after those companies have failed to meet, or significantly exceed, the expectations of analysts. If our financial results to meet, or significantly exceed, the expectations of analysts or public investors, analysts could our common stock or publish research about us. If one or more of these analysts coverage of our company or to publish reports on us regularly, our visibility in the financial markets could decrease, which in turn could cause our stock price or trading liquidity to .
If our operating and financial performance in any given period do not meet or exceed the guidance that we provide to the public, the market price of our common stock may decline.
We may, but are not obligated to, provide public guidance on our expected operating and financial results for future periods. If we elect to issue such guidance, it will be composed of forward-looking statements subject to the risks and uncertainties described in this Annual Report. Our actual results may not always be in line with or exceed any guidance we have provided, especially in times of economic uncertainty. If, in the future, our operating or financial results for a particular period do not meet any guidance we provide or the expectations of investment analysts, or if we reduce our guidance for future periods, the market price of our common stock may decline.
Our A&R Charter designates specific courts as the exclusive forum for certain litigation that may be initiated by our stockholders, which could limit our stockholders’ abilities to obtain a favorable judicial forum for disputes with us or our directors, officers or employees.
Our A&R Charter provides that, unless we consent in writing to the selection of an alternative forum, the sole and exclusive forum, to the fullest extent permitted by law, for (1) any derivative action or proceeding brought on our behalf, (2) any action asserting a claim of breach of a fiduciary duty owed by any of our current or former directors, officers or other employees or stockholders to us or our stockholders, creditors or other constituents, or a claim of aiding and abetting any such breach of fiduciary duty, (3) any action asserting a claim against us or any of our directors or officers or other employees or stockholders arising pursuant to, or any action to interpret, apply, enforce any right, obligation or remedy under or determine the validity of, any provision of the DGCL or our A&R Charter or A&R Bylaws or as to which the DGCL confers jurisdiction on the Court of Chancery of the State of Delaware, (4) any action asserting a claim that is governed by the internal affairs doctrine, or (5) any other action asserting an “internal corporate claim” under the DGCL shall be the Court of Chancery of the State of Delaware (or, if and only if the Court of Chancery does not have subject matter jurisdiction, another state court sitting in the State of Delaware or, if and only if neither the Court of Chancery nor any state court sitting in the State of Delaware has subject matter jurisdiction, then the federal district court for the District of Delaware) (the “Delaware Forum Provision”). Notwithstanding the foregoing, our A&R Charter provides that the Delaware Forum Provision will not apply to any actions arising under the Securities Act or the Exchange Act. Section 27 of the Exchange Act creates federal jurisdiction over all suits brought to enforce any duty or liability created by the Exchange Act or the rules and regulations thereunder. Our A&R Charter further provides that unless we consent in writing to the selection of an alternative forum, the federal district court for the District of Delaware shall, to the fullest extent permitted by law, be the sole and forum for resolving any asserting a cause of action arising
under the Securities Act (the “Federal Forum Provision”). We note, however, that there is uncertainty as to whether a court would enforce this provision and that investors cannot waive compliance with the federal securities laws and the rules and regulations thereunder. Section 22 of the Securities Act creates concurrent jurisdiction for state and federal courts over all suits brought to enforce any duty or liability created by the Securities Act or the rules and regulations thereunder.
The Delaware Forum Provision and the Federal Forum Provision may limit a stockholder’s ability to bring a claim in a judicial forum that it finds favorable for disputes with us or our directors, officers or other employees, which may discourage lawsuits against us and our directors, officers and other employees. Alternatively, if a court were to find the Delaware Forum Provision or the Federal Forum Provision to be inapplicable or unenforceable in an action, we may incur additional costs associated with resolving such action in other jurisdictions, which could harm our business, financial condition or results of operations. Any person or entity purchasing or otherwise acquiring any interest in our shares of capital stock shall be deemed to have notice of and consented to the Delaware Forum Provision and the Federal Forum Provision, but will not be deemed to have waived our compliance with the federal securities laws and the rules and regulations thereunder.
We may issue preferred stock whose terms could adversely affect the voting power or value of our common stock.
Our A&R Charter authorizes us to issue, without the approval of our stockholders, one or more classes or series of preferred stock having such designations, preferences, limitations and relative rights, including preferences over our common stock with respect to dividends and distributions, as our Board may determine. The terms of one or more classes or series of preferred stock could adversely impact the voting power or value of our common stock. For example, we might grant holders of preferred stock the right to elect some number of our directors in all events or on the happening of specified events or the right to veto specified transactions. Similarly, the repurchase or redemption rights or liquidation preferences we might assign to holders of preferred stock could affect the residual value of the common stock.
Anti-takeover provisions in our governing documents and under Delaware law could make an acquisition of our company more difficult, limit attempts by our stockholders to replace or remove our current management or directors and limit the market price of our common stock.
Our A&R Charter, A&R Bylaws and Delaware law contain provisions that could have the effect of rendering more difficult, delaying or preventing an acquisition deemed undesirable by our Board. Among other things, our A&R Charter and/or A&R Bylaws include the following provisions:
• a staggered board, which means that our Board is classified into three classes of directors with staggered three-year terms and, from and after a Trigger Event (as defined in the A&R Charter), directors are only able to be removed from office for cause and only upon the affirmative vote of the holders of at least 66 2/3% in voting power of all of the then outstanding shares of our common stock entitled to vote thereon;
• limitations on convening special stockholder meetings, which could make it difficult for our stockholders to adopt desired governance changes;
• a prohibition on stockholder action by written consent from and after the Trigger Event;
• a forum selection clause, which means certain litigation against us can only be brought in Delaware;
• from and after the Trigger Event, require the affirmative vote of holders of at least 75% of the voting power of all of the then outstanding shares of common stock to amend provisions of the A&R Charter relating to the management of our business, the Board, stockholder action by written consent, competition and corporate opportunities, Section 203 of the DGCL, forum selection and the liability of our directors, or to amend, alter, rescind or repeal our A&R Bylaws;
• the authorization of undesignated preferred stock, the terms of which may be established and shares of which may be issued without further action by our stockholders; and
• advance notice procedures, which apply for stockholders to nominate candidates for election as directors or to bring matters before an annual meeting of stockholders.
These provisions, alone or together, could delay or prevent hostile takeovers and changes in control or changes in our management. We have opted out of Section 203 of the DGCL. However, our A&R Charter contains similar provisions providing that we many not engage in certain “business combinations” with any “interested stockholder” for a three-year period following the time that the stockholder became an interested stockholder, unless (i) prior to the time such stockholder became an interested stockholder, the Board approved the transaction that resulted in such stockholder becoming an interested stockholder, (ii) upon consummation of the transaction that resulted in such stockholder becoming an interested stockholder, the interested stockholder owned at least 85% of the common stock or (iii) following Board approval, the business combination receives the approval of the holders of at least two-thirds of our outstanding common stock not held by such interested stockholder at an annual or special meeting of stockholders. Our A&R Charter provides that the Investors and their respective affiliates, and any of their respective direct or indirect transferees and any group as to which such persons are a party, do not constitute “interested stockholders” for purposes of this provision.
In addition, our A&R Charter provides that the federal district courts of the United States will be the exclusive forum for resolving any complaint asserting a cause of action arising under the Securities Act but that the forum selection provision will not apply to claims brought to enforce a duty or liability created by the Exchange Act.
Any provision of our A&R Charter, A&R Bylaws or Delaware law that has the effect of delaying, preventing or deterring a change in control could limit the opportunity for our stockholders to receive a premium for their shares of our common stock and could also affect the price that some investors are willing to pay for our common stock.
Risks Related to Our Outstanding Indebtedness
We have indebtedness, which may increase risk to our business and your investment in us.
Concurrently with the execution of the Merger Agreement, Legacy Appgate entered into the Note Purchase Agreement with the Noteholders and the Note Issuance Agreement with Legacy Appgate’s wholly owned domestic subsidiaries and Magnetar (the Note Purchase Agreement and the Note Issuance Agreement, as amended, collectively, the “Note Agreements”). Pursuant to the Note Agreements, Legacy Appgate issued and sold to the Noteholders $50.0 million aggregate principal amount of Initial Convertible Senior Notes on February 9, 2021 and agreed to issue and sell to the Noteholders $25.0 million aggregate principal amount of Additional Convertible Senior Notes on the date of the consummation of the Merger. Interest on the Convertible Senior Notes is payable either entirely in cash or entirely in kind (“PIK Interest”), or a combination of cash and PIK Interest at our option. The Convertible Senior Notes bear interest at the annual rate of 5.0% with respect to interest payments made in cash and 5.5% with respect to PIK Interest. In connection with the consummation of the Merger, Legacy Appgate issued the Additional Convertible Senior Notes and Newtown Lane entered into a Supplemental Agreement, providing for the assumption or guarantee by Newtown Lane of all of Legacy Appgate’s obligations under the Note Agreements and the substitution of the Company’s common stock for Legacy Appgate’s capital stock thereunder in all respects. In addition, on February 1, 2023, Legacy Appgate issued approximately $2.1 million in PIK Notes with respect to a single interest payment date. For additional details on the Convertible Senior Notes see “Item 7—Management’s Discussion and Analysis of Financial Condition and Results of Operations—Liquidity and Capital Resources.”
In addition, on April 26, 2022, Legacy Appgate, the Company, certain subsidiaries of Legacy Appgate and SIS Holdings entered into the Revolving Credit Agreement. The Revolving Credit Agreement provides for a $50.0 million unsecured, revolving credit facility and will mature, on the earlier to occur of (a) June 30, 2023, (b) the closing of a registered offering of Capital Stock (as defined in the Revolving Credit Agreement) of Appgate in an aggregate amount equal to $50.0 million or more or (c) the date of which the Loans (as defined in the Revolving Credit Agreement) are accelerated upon an Event of Default (as defined in the Revolving Credit Agreement). Interest will accrue on amounts drawn under the Revolving Credit Agreement at a rate of 10.0% per annum, payable in cash on the Final Maturity Date (as defined in the Revolving Credit Agreement). The Revolving Credit Agreement is subordinated to the Convertible Senior Notes. All obligations under the Revolving Credit Agreement are guaranteed by Appgate and Legacy Appgate’s domestic subsidiaries.
Our ability to make scheduled payments of the principal of, to pay cash interest on, the Convertible Senior Notes and the Revolving Credit Facility, or to refinance the Convertible Senior Notes or the Revolving Credit Facility, or any other indebtedness we may incur, depends on our future performance, which is subject to economic, financial, competitive and other factors beyond our control. Our business may not generate cash flow from operations in the future sufficient to service our debt and make necessary capital expenditures. The Note Agreements and the Revolving Credit Agreement contain customary restrictive covenants that limit our ability to engage in activities that may be in our long-term best interest. Those covenants include restrictions on our ability to, among other things, incur additional debt and issue
disqualified stock; create liens; pay dividends, acquire shares of capital stock, or make certain investments; issue guarantees; sell certain assets and enter into transactions with affiliates. The Note Issuance Agreement and Revolving Credit Agreement also each contain a financial covenant that requires that we maintain liquidity of not less than $10.0 million as of the last day of any calendar month. Our failure to comply with any of those covenants could result in an event of default which, if not cured or waived, could result in the acceleration of our debt issued under the Note Agreements or Revolving Credit Facility. Any such event of default or acceleration could have an adverse effect on the trading price of our common stock. Furthermore, the terms of any future debt we may incur could have further additional restrictive covenants. We may not be able to maintain compliance with these covenants in the future, and in the event that we are not able to maintain compliance, we cannot assure you that we will be able to obtain waivers from the lenders or amend the covenants.
If we are unable to generate such cash flow, we may be required to adopt one or more alternatives, such as selling assets, restructuring debt or obtaining additional debt financing or equity capital on terms that may be onerous or highly dilutive. Pursuant to the Note Purchase Agreement, Magnetar has certain rights of first offer to purchase no less than 25% of the amount issued by us in certain debt financings, subject to certain exceptions and certain preemptive rights in connection with equity issuances by us, subject to certain exceptions, which may make obtaining additional debt financing or raising equity capital more difficult. Our ability to refinance any future indebtedness will depend on the capital markets, contractual restrictions and our financial condition at such time. We may not be able to engage in any of these activities or engage in these activities on desirable terms, which could result in a default on our debt obligations. In addition, any of our future debt agreements may contain restrictive covenants that may prohibit us from adopting any of these alternatives. Our failure to comply with these covenants could result in an event of which, if not cured or waived, could result in the acceleration of our debt.
We may not have the ability to raise the funds necessary to repurchase the Convertible Senior Notes for cash upon occurrence of certain events, and conversion of the Convertible Senior Notes may affect the value of our common stock by causing dilution to our existing stockholders.
Holders of the Convertible Senior Notes have the right to require us to repurchase their Convertible Senior Notes upon the occurrence of (i) a fundamental change (as defined in the Note Issuance Agreement) at a repurchase price equal to 100% of the principal amount of the Convertible Senior Notes to be repurchased, plus accrued and unpaid interest, if any, or (ii) upon a change of control (as defined in the Note Issuance Agreement) at a repurchase price equal to 102% of the principal amount of the Convertible Senior Notes to be repurchased, plus accrued and unpaid interest, if any. We may not have enough available cash or be able to obtain financing at the time we are required to make such repurchases of Convertible Senior Notes. In addition, our ability to repurchase the Convertible Senior Notes or to pay cash upon conversions of the Convertible Senior Notes may be limited by law, by regulatory authority or by agreements governing our future indebtedness. Our failure to repurchase Convertible Senior Notes at a time when the repurchase is required by the Note Issuance Agreement would constitute a default under the Note Issuance Agreement. A default under the Note Issuance Agreement or the fundamental change itself could also lead to a under the Revolving Credit Agreement and/or agreements governing our future indebtedness. If the repayment of the related indebtedness were to be accelerated after any applicable notice or grace periods, we may not have sufficient funds to repay the indebtedness and repurchase the Convertible Senior Notes or make cash interest or principal payments.
In addition, our indebtedness, combined with our other financial obligations and contractual commitments, could have other important consequences. For example, it could:
• make us more vulnerable to adverse changes in general U.S. and worldwide economic, industry and competitive conditions and adverse changes in government regulation;
• limit our flexibility in planning for, or reacting to, changes in our business and our industry;
• place us at a disadvantage compared to our competitors who have less debt;
• limit our ability to borrow additional amounts to fund acquisitions, for working capital and for other general corporate purposes; and
• make an acquisition of our company less attractive or more difficult.
Any of these factors could harm our business, results of operations and financial condition. In addition, if we incur additional indebtedness, the risks related to our business and our ability to service or repay our indebtedness would increase.
Subject to certain exceptions, prior to maturity, each holder of Convertible Senior Notes shall have the option to convert all or any portion of such Convertible Senior Notes into our common stock in accordance with the terms of the Note Issuance Agreement. If holders of our Convertible Senior Notes elect to convert their notes, we may be obligated to deliver them a significant number of shares of our common stock, which would cause dilution to our existing stockholders.
