Item 1A. Risk Factors
A description of the risks and uncertainties associated with our business is set forth below. You should carefully consider the risks described below, together with the financial and other information contained in this Annual Report on Form 10-K. If any of the following risks actually occurs, our business, financial condition, results of operations, cash flows and prospects could be materially and adversely affected. As a result, the trading price of our common stock could decline and you could lose all or part of your investment in our common stock.
Risk Factors Summary
Set forth below is a summary of the more significant risks related to our business and industry, our indebtedness and our common stock. This summary does not contain all the information that may be important to you, and you should read this summary together with the more detailed discussion of risks and uncertainties set forth following this summary.
Risks relating to our business and industry include, among others:
our ability to adapt to rapid technological change, evolving industry standards and changing customer needs, requirements or preferences;
our ability to enhance and deploy our cloud-based offerings while continuing to effectively offer our on-premise offerings;
our ability to maintain or improve our competitive position;
the impact of the COVID-19 pandemic;
the impact on our business of a network or data security incident or unauthorized access to our network or data or our customers’ data;
the effects on our business if we are unable to acquire new customers, if our customers do not renew their arrangements with us, or if we are unable to expand sales to our existing customers or develop new solutions or solution packages that achieve market acceptance;
our ability to manage our growth effectively, execute our business plan, maintain high levels of service and customer satisfaction or adequately address competitive challenges;
our dependence on our senior management team and other key employees;
our ability to enhance and expand our sales and marketing capabilities;
our ability to attract and retain highly qualified personnel to execute our growth plan;
the risks associated with interruptions or performance problems of our technology, infrastructure and service providers;
our dependence on third-party cloud infrastructure services, such as Amazon Web Services (“AWS”);
Table of Contents
the impact of data privacy and cybersecurity concerns, evolving regulations of cloud computing, cross-border data transfer restrictions and other domestic and foreign laws and regulations; and
the impact of volatility in quarterly operating results.
Risks relating to our indebtedness include, among others:
the impact of our existing indebtedness could adversely affect our business and growth prospects;
the fact that we may still be able to incur substantially more indebtedness or make certain restricted payments, which could further exacerbate the risks associated with our substantial indebtedness, despite our current indebtedness levels and restrictive covenants;
our ability to generate sufficient cash flow to service all of our indebtedness, and actions we may be forced to take to satisfy our obligations under such indebtedness, which may not be successful;
the risks associated with the financing documents governing our 2021 Credit Facilities, as defined below, which restrict our current and future operations, particularly our ability to respond to changes or to take certain actions; and
our ability to refinance our indebtedness.
Risks relating to our common stock include, among others:
the risks associated with the provisions of our corporate governance documents that could make an acquisition of us more difficult and may prevent attempts by our shareholders to replace or remove our current management, even if beneficial to our shareholders;
Vista Equity Partners’ (“Vista”) influence on certain of our corporate actions, which may conflict with our or your interests in the future;
the risks associated with the designation of the Court of Chancery of the State of Delaware as the exclusive forum for certain litigation that may be initiated by our shareholders in our certificate of incorporation, which could limit our shareholders’ ability to obtain a favorable judicial forum for disputes with us;
the potential that an active, liquid trading market for our common stock may not be sustained, which may limit your ability to sell your shares; and
the potential volatility of our operating results and stock price, and the potential that the market price of our common stock may drop below the price you paid.
Risks Relating to Our Business and Industry
If we fail to adapt to rapid technological change, evolving industry standards and changing customer needs, requirements or preferences, our ability to remain competitive could be impaired.
The IAM market is characterized by rapid technological change, evolving industry standards and changing regulations, as well as changing customer needs, requirements and preferences. The success of our business depends, in part, on our ability to anticipate, adapt and respond effectively to these changes on a timely and cost-effective basis. In addition, as our customers’ technologies and business plans grow more complex, we expect them to face new and increasing challenges. Our customers require that our platform effectively identify and respond to these challenges without disrupting the performance of our customers’ IT systems or
Table of Contents
interrupting their business operations. As a result, we must continually modify and improve our offerings in response to changes in our customers’ IT infrastructures and operational needs or end-user preferences. The success of any enhancement to our existing offerings or the deployment of new offerings depends on several factors, including the timely completion and market acceptance of our enhancements or new offerings. Any enhancement to our existing offerings or new offerings that we develop and introduce involves significant commitment of time and resources and is subject to a number of risks and challenges including:
ensuring the timely release of new solutions, solution packages and solution enhancements;
adapting to emerging and evolving industry standards, technological developments by our competitors and customers and changing regulatory requirements;
interoperating effectively with existing or newly-introduced technologies, systems or applications of our existing and prospective customers;
resolving defects, errors or failures in our platform, solutions or solution packages;
extending the operation of our offerings and services to new and evolving platforms, operating systems and hardware products, such as mobile and IoT devices; and
managing new solution, solution package and service strategies for the markets in which we operate.
If we are not successful in managing these risks and challenges, or if our new solutions, solution upgrades and services are not technologically competitive or do not achieve market acceptance, our business, results of operations and financial condition could be adversely affected.
If we are unable to enhance and deploy our cloud-based offerings while continuing to effectively offer our on-premise offerings, our business and operating results could be adversely affected.
Historically, our revenue has been driven predominately by our on premise offerings. For the year ended December 31, 2021, $172.5 million, or 58%, of our total revenue was from subscription term based licenses, whereas $57.6 million, or 19%, of our total revenue was from subscription SaaS and $49.2 million, or 16% was from maintenance and support. For the year ended December 31, 2020, $144.5 million, or 59%, of our total revenue was from subscription term based licenses, whereas $38.1 million, or 16%, of our total revenue was from subscription SaaS and $41.5 million, or 17%, was from maintenance and support. For the year ended December 31, 2019, $161.4 million, or 66%, of our total revenue was from subscription term based licenses whereas $26.6 million, or 11%, of our total revenue was from subscription SaaS and $37.3 million, or 15%, was from maintenance and support. The remainder of our revenue, or $20.2 million, $19.5 million, and $17.6 million for the years ended December 31, 2021, 2020 and 2019, respectively, was attributable to professional services and other. We have responded to the increasing market shift toward cloud based services by developing and introducing additional cloud based IAM offerings to our customers. While our customers are increasingly adopting our cloud based offerings, we expect our customers to continue to require substantial on premise and hybrid offerings. To support hybrid deployment of our offerings, our developers and support team must be trained on and learn multiple environments in which our platform is deployed, which is more expensive than supporting a cloud only or on-premise-only offering. Moreover, we must engineer our software for on premise, cloud and hybrid deployments, which we expect will result in additional research and development expense that may impact our operating results. Furthermore, we cannot you that the market for cloud based offerings will develop at a rate or in the manner we expect or that our cloud based offerings will be competitive with those of more established cloud based providers or other new market entrants. We are directing a significant portion of our financial and operating resources to implement a robust and secure cloud based offering for our customers, but even if we continue to make these investments, we may be in growing or implementing our cloud based offerings in a way that competes our current and future competitors and in such event our business, results of operations and financial condition could be
Table of Contents
harmed. In addition, the costs associated with greater adoption of our cloud-based offerings could harm our margins, making it difficult to continue to justify the continued allocation of resources. Customers may require features and capabilities that our current solutions or solution packages do not have and that we may be unable to develop. If we are unable to develop and deploy cloud based offerings alongside on premise offerings that satisfy customer preferences in a timely and cost effective manner, it may harm our ability to renew subscriptions with existing customers and to create or increase demand for our solutions or solution packages with new customers, and may adversely impact our financial condition and results of operations.
We face intense competition, especially from larger, well-established companies, and we may lack sufficient financial or other resources to maintain or improve our competitive position.
The IAM market is intensely competitive, and we expect competition to increase in the future from established competitors and new market entrants. We face competition from (1) legacy providers, (2) cloud-only providers and (3) homegrown solutions. Legacy providers include Broadcom, IBM and Oracle, among others. We also compete with cloud-only providers, such as Okta and One Identity that primarily focus on the workforce use case. Microsoft also competes in our market and has tied its identity services to both its Azure and Office365 offerings. With the recent increase in large merger and acquisition transactions in the technology industry, particularly transactions involving cloud-based technologies, there is a greater likelihood that we will compete with other large technology companies in the future. For example, Amazon or Google could acquire or develop an IAM or identity security platform that competes directly with our solutions. These companies have significant name recognition, considerable resources and existing IT infrastructures and powerful economies of scale and scope, which allow them to rapidly develop and deploy new solutions. Many of our existing competitors have, and some of our potential competitors could have, substantial competitive advantages such as greater name recognition and longer operating histories, larger sales and marketing budgets and resources, broader distribution and established relationships with channel partners and customers, greater customer support resources, resources to make acquisitions, lower labor and development costs, larger and more mature intellectual property portfolios and substantially financial, technical and other resources.
In addition, some of our larger competitors have substantially broader product offerings and leverage their relationships based on other products they offer or incorporate functionality into existing products to gain business in a manner that discourages users from purchasing our solutions or solution packages, including through selling at zero or negative margins, product bundling or closed technology platforms. Potential customers may also prefer to purchase from their existing suppliers rather than a new supplier regardless of product performance or features. Our larger competitors often have broader product lines and market focus and are less susceptible to downturns in a particular market. Our competitors may also seek to repurpose their existing offerings to provide identity solutions with subscription models. Additionally, start-up companies that innovate and large competitors that are making significant investments in research and development may invent similar or superior products and technologies that compete with our solutions or solution packages.
Consolidation in the markets in which we compete may affect our competitive position. This is particularly true in circumstances where customers are seeking to obtain a broader set of solutions and services than we are currently able to provide. In addition, some of our competitors may enter into new alliances with each other or may establish or strengthen cooperative relationships with system integrators, third-party consulting firms or other parties. Any such consolidation, acquisition, alliance or cooperative relationship could lead to pricing pressure and loss of market share and could result in a competitor with greater financial, technical, marketing, service and other resources, all of which could harm our ability to compete. Furthermore, organizations may be more willing to incrementally add solutions to their existing infrastructure from competitors than to replace their existing infrastructure with our solutions or solution packages. These competitive pressures in our market or our failure to compete effectively may result in fewer orders and reduced revenue and gross margins. Any failure to meet and address these factors could affect our business, results of operations and financial condition.
The COVID-19 pandemic continues to present uncertainty regarding our business operations, operating results, financial condition and prospects.
Table of Contents
The severity, magnitude and duration of the COVID-19 pandemic is still uncertain, rapidly changing, hard to predict and depends on events beyond our knowledge or control. The COVID-19 pandemic has resulted in authorities implementing numerous measures to contain the virus and its variants, such as travel bans and restrictions, quarantines, shelter in place orders, shutdowns and vaccine mandates. These measures have impacted and may further impact all or portions of our facilities, workforce and operations, the behavior of our customers and consumers and the operations of our respective vendors and suppliers. In 2020 and 2021, some of our customers delayed purchasing decisions and opted for shorter contract durations, and even though global economic recovery was observed in the latter part of 2021, the sustainability of such recovery remains unclear, particularly as new variants of COVID-19 arise, and there is still a risk that customers may experience financial hardship that may result in delayed or uncollectible payments.
As a result of the continuing spread and impact of COVID-19 and related governmental measures, we may decide to postpone or cancel planned investments, or we may have to reduce headcount in certain areas, which may impact our ability to respond to our customers’ needs and fulfill contractual obligations. In addition, we rely upon third parties for certain critical inputs to our business and solutions, such as data centers and technology infrastructure. Any disruptions to services provided to us by third parties due to the COVID-19 pandemic, including as a result of actions outside of our control, could significantly impact the continued performance of such solutions.
In addition, the COVID-19 pandemic has led to increased online transaction activity which has resulted in increased cyber and fraud risk. Additionally, the dispersed nature of our workforce may increase our cyber and fraud risk as our information technology and security teams must manage and secure equipment used by our employees remotely, and with our employees working more independently, there are increased opportunities for human error. We could experience direct financial loss, or be exposed to contractual or reputational liability, if we were affected by cyber security attacks or fraud. Further, significant management time and resources may be diverted from our ordinary business operations in order to develop, implement and manage workplace safety strategies and conditions as we attempt to return to office workplaces in the first half of 2022.
These and other impacts of the COVID-19 pandemic could have the effect of heightening many of the other risks described in the “Risk Factors” section, such as those relating to our reputation, product sales, results of operations or financial condition. We might not be able to predict or respond to all impacts on a timely basis to prevent near- or long-term adverse impacts to our results.
A network or data security incident or breach may allow unauthorized access to our network or data or our customers’ data, harm our reputation, create additional liability and adversely impact our financial results.
Increasingly, companies are subject to a wide variety of attacks on their networks and systems. In addition to threats from traditional computer hackers, malicious code (such as malware, viruses, worms and ransomware), employee theft or misuse, password spraying, phishing and distributed denial-of-service (“DDOS”) attacks, we now also face threats from sophisticated nation-state and nation-state supported actors who engage in attacks (including advanced persistent threat intrusions) that add to the risks to our internal networks, our platform, our third-party service providers and our customers’ systems and the information that they store and process. Despite significant efforts to create security barriers to safeguard against such threats, it is virtually impossible for us to entirely mitigate these risks. As a well-known provider of IAM solutions, we pose an target for such attacks. The security measures we have integrated into our internal networks and platform, which are designed to detect activity and prevent or minimize security and , may not function as expected or may not be sufficient to protect our internal networks and platform certain attacks. In addition, techniques used to or obtain access to networks in which data is stored or through which data is transmitted change frequently and generally are not recognized until launched a target. As a result, we may be to anticipate these techniques or implement adequate preventative measures to prevent an electronic into our networks.
Table of Contents
If a breach of customer data security or unauthorized access to customer systems through our platform were to occur, as a result of third-party action, employee error, malfeasance or otherwise, and the confidentiality, integrity or availability of our customers’ data or systems was disrupted, we could incur significant liability to our customers and to individuals or businesses whose information we process, and our platform may be perceived as less desirable, which could negatively affect our business and damage our reputation. In such event, the potential liability exposure to our customers under our contracts could significantly exceed the revenue associated with those contracts. Our ability to retain existing customers, expand use case and solution or solution package penetration with existing customers and acquire new customers is dependent upon our reputation as a trusted intelligent security provider. The importance of our reputation in retaining existing business and acquiring new business is heightened by our focus on enterprise customers. In addition, we have a number of customers that operate in highly-regulated industries where our customers’ data is particularly sensitive, such as financial services and healthcare. A network or security could our relationships with customers, result in the of customers across one or more use case, solution or solution package and make it more to acquire new customers and such would likely be heightened in the event a network or security occurred in the highly-regulated industries we serve. Because techniques used to obtain access to, or , systems change frequently and may not be recognized until launched a target, we and our customers may be to anticipate these techniques or implement adequate preventive measures.
In addition, security incidents impacting our platform or the systems of our third-party service providers could result in a risk of loss or unauthorized access to or disclosure of the information we process on behalf of our customers. This, in turn, could require notification under applicable data privacy regulations, and could lead to litigation, governmental audits and investigations and possible liability, damage our relationships with our existing customers, trigger indemnification and other contractual obligations, cause us to incur investigation, mitigation and remediation expenses, and have a negative impact on our ability to attract and retain new customers. Furthermore, any such incident, including a breach of our customers’ systems, could compromise our networks or networks secured by our solutions, creating system disruptions or slowdowns and exploiting security of our or our customers’ networks, and the information stored on our or our customers’ systems could be accessed or without authorization, altered, or , which could subject us to liability and cause us financial . An actual or perceived of our networks, our customers’ networks or other networks secured by our solutions, whether or not due to a in our platform, may also confidence in our platform or our industry and result in expenditure of significant resources in efforts to analyze, correct, eliminate or work around or , or revenue, in the development or release of new solutions, solution packages or services, an increase in collection cycles for accounts receivable, to our brand and reputation, publicity, of channel partners, customers and sales, increased costs to remedy any , increased insurance expense and . In addition, if a high-profile security occurs with respect to another IAM solution provider, our customers and potential customers may trust in the value of the IAM solution business model generally, including the security of our solutions, which could impact our ability to retain existing customers or attract new ones, potentially causing a impact on our business. Any of these outcomes could impact market acceptance of our solutions or solution packages and could affect our business, results of operations and financial condition.
Third parties may attempt to fraudulently induce employees or customers into disclosing sensitive information such as user names, passwords or other information or otherwise compromise the security of our internal networks, electronic systems and/or physical facilities or those of our third-party service providers, in order to gain access to our data or our customers’ data, which could result in significant legal and financial exposure, a loss of confidence in the security of our platform, interruptions or malfunctions in our operations, and, ultimately, harm to our future business prospects and revenue. We may be required to expend significant capital and financial resources to protect against such threats or to alleviate problems caused by breaches in security.
Table of Contents
Our future revenue and operating results will be harmed if we are unable to acquire new customers, if our customers do not renew their arrangements with us, or if we are unable to expand sales to our existing customers or develop new solutions and solution packages that achieve market acceptance.
To continue to grow our business, it is important that we continue to acquire new customers. Our success in adding new customers depends on numerous factors, including our ability to (1) offer a compelling Intelligent Identity Platform and effective solutions and solution packages, (2) execute our sales and marketing strategy, (3) attract, effectively train and retain new sales, marketing, professional services and support personnel in the markets we pursue, (4) develop or expand relationships with channel partners, system integrators and technology partners, (5) expand into new geographies and vertical markets, (6) deploy our platform, solutions and solution packages for new customers and (7) provide quality customer support once deployed.
It is important to our continued growth that our customers renew their arrangements when existing contract terms expire. Our customers have no obligation to renew their subscription agreements, and our customers may decide not to renew these agreements with a similar contract period, at the same prices and terms or with the same or a greater number of identities, or at all. Our customer retention and expansion rates may decline or fluctuate as a result of a number of factors, including our customers’ satisfaction with our solutions or solution packages, our customer support and professional services, our prices and pricing plans, the competitiveness of other IAM solutions and services, reductions in our customers’ spending levels, user adoption of our solutions or solution packages, deployment success, utilization rates by our customers, new releases and changes to our solutions and/or solution packages. Additionally, new consolidations, acquisitions, alliances or cooperative relationships involving one or more of our customers may lead such customers not to renew their existing subscriptions with us.
Our ability to increase revenue also depends in part on our ability to increase the number of identities managed by our platform and sell more use cases, solutions and solution packages to our existing and new customers. Our ability to increase sales to existing customers depends on several factors, including their experience with implementing our solutions and solution packages and using our platform and the existing solutions they have implemented, their ability to integrate our solutions and solution packages with existing technologies and our pricing model. As we expand our market reach, we may experience difficulties in gaining traction and raising awareness among potential customers regarding the critical role that our solutions play in securing their businesses and we may face more competitive pressure in such markets.
If our new solutions and/or solution packages do not achieve adequate acceptance in the market, if we fail to effectively incorporate features and capabilities that our customers expect, or if we are otherwise unable to effectively sell these new solutions and/or solution packages, our competitive position could be impaired, and our potential to generate new revenue or to retain existing revenue could be diminished. The adverse effect on our financial results may be particularly acute because of the significant research, development, marketing, sales and other expenses we will have incurred in connection with the new solutions and solution packages and our ability to introduce compelling new solutions and solution packages that address the requirements of our customers in light of the dynamic IAM market in which we operate.
If we are unable to successfully acquire new customers, retain our existing customers, expand sales to existing customers or introduce new solutions and solution packages, our business, financial condition and operating results could be adversely affected.
If we fail to manage our growth effectively, we may be unable to execute our business plan, maintain high levels of service and customer satisfaction or adequately address competitive challenges.
We have experienced, and may continue to experience, rapid growth and organizational change, which has placed, and may continue to place, significant demands on our management and our operational and financial resources. Additionally, our organizational structure may become more complex as we improve our operational, financial and management controls, as well as our reporting systems and procedures. We may require significant capital expenditures and the allocation of valuable management resources to grow and change in
Table of Contents
these areas. If we fail to effectively manage our anticipated growth and change, the quality of our platform may suffer, which could negatively affect our brand and reputation and harm our ability to retain and attract customers and employees.
We currently have international operations in the United Kingdom (“U.K.”), Canada, Australia, France, Germany, India, Israel, the Netherlands, New Zealand, and Italy, and we may continue to expand our international operations in these jurisdictions and/or other countries in the future. Our expansion has placed, and our expected future growth will continue to place, a significant strain on our managerial, customer operations, research and development, sales and marketing, administrative, financial and other resources. If we are unable to manage our continued growth successfully, our business and results of operations could suffer.
In addition, as we expand our business, it is important that we continue to maintain a high level of customer service and satisfaction. As our customer base continues to grow, we will need to expand our account management, customer service and other personnel, and our network of channel partners and system integrators, to provide personalized account management and customer service. If we are not able to continue to provide high levels of customer service, our reputation, as well as our business, results of operations and financial condition, could be adversely affected.
We depend on our senior management team and other key employees, and the loss of one or more of these employees or an inability to attract and retain other highly skilled employees could harm our business.
Our success depends largely upon the continued services of our senior management team and other key employees. We rely on our leadership team in the areas of research and development, operations, security, marketing, sales, customer support, general and administrative functions and on individual contributors in our research and development and operations functions. From time to time, there may be changes in our executive management team resulting from the hiring or departure of executives. For example, in 2021, our Chief Technology Officer, Chief Accounting Officer and Chief Legal Officer stepped down from their positions and their duties were assumed by new officers or other members of our senior management. While not seen in these instances, this type of turnover could distract our management team and disrupt our business. We do not have employment agreements with our executive officers or other key personnel that require them to continue to work for us for any specified period and, therefore, they could terminate their employment with us at any time. The loss of one or more the members of our senior management team, or other key employees could harm our business. In particular, the of services of our founder and Chief Executive Officer, Andre Durand, could significantly or prevent the of our strategic objectives. Changes in our executive management team or departure of other key employees may also cause in, and to, our business.
Failure to effectively develop and expand our sales and marketing capabilities could harm our ability to increase our customer base and achieve broader market acceptance of our solutions and solution packages.
Our ability to increase our customer base and achieve broader market acceptance of our solutions and solution packages will depend on our ability to expand our sales and marketing operations. Our business will be harmed if our business development efforts do not generate a corresponding increase in revenue. We may not achieve anticipated revenue growth from expanding our direct sales force if we are unable to hire and develop talented direct sales personnel, if our new direct sales personnel are unable to achieve desired productivity levels in a reasonable period of time, or if we are unable to retain our existing direct sales personnel. There is significant competition for sales personnel with the advanced sales skills and technical knowledge we need. Selling our solutions and solution packages to sophisticated enterprise customers requires particularly talented sales personnel with the ability to communicate the transformative potential of our platform.
Table of Contents
We must attract and retain highly qualified personnel in order to execute our growth plan.
Competition for highly qualified personnel is intense, especially for engineers experienced in designing and developing software and SaaS offerings and experienced sales professionals. In recent years, recruiting, hiring and retaining employees with expertise in our industry has become increasingly difficult as the demand for cybersecurity and identity professionals has increased as a result of the recent cybersecurity attacks on global corporations and governments. We have, from time to time experienced, and we expect to continue to experience, difficulty in hiring and retaining employees with appropriate qualifications. In addition, we may experience employee turnover as a result of the ongoing "great resignation" occurring throughout the U.S. economy. New hires require training and take time before they achieve full productivity. New employees may not become as productive as we expect, and we may be unable to hire or retain sufficient numbers of qualified individuals. Many of the companies with which we compete for experienced personnel have greater resources than we have. If we hire employees from competitors or other companies, their former employers may attempt to assert that these employees or we have certain legal obligations, resulting in a of our time and resources. If we to attract new personnel or to retain and motivate our current personnel, our business and future growth prospects could be .
If there are interruptions or performance problems associated with our technology or infrastructure, our existing customers may experience service outages, and our new customers may experience delays in the deployment of our platform.
Our continued growth depends on the ability of our existing and potential customers to access our platform 24 hours a day, seven days a week, without interruption or degradation of performance. We have in the past and may in the future experience disruptions, outages and other performance problems with our infrastructure due to a variety of factors, including infrastructure changes, introductions of new functionality, human or software errors, capacity constraints, DDOS attacks or other security-related incidents. In some instances, we may not be able to identify the cause or causes of these performance problems immediately or in short order. We may not be able to maintain the level of service uptime and performance required by our customers, especially during peak usage times and as our solutions and solution packages become more complex and our user traffic increases. If our platform is unavailable or if our customers are to access our solutions or deploy them within a reasonable amount of time, or at all, our business would be . The effects of any service on our reputation and financial condition may be heightened due to the nature of our business and the fact that our customers expect continuous and uninterrupted access to our solutions and have a low tolerance for of any duration. Since our customers rely on our solutions to provide and secure access to their IT infrastructures and to support customer-facing applications, any on our platform would the ability of our customers to operate their businesses, which would impact our brand, reputation and customer .
Moreover, we depend on services from various third parties to maintain our cloud infrastructure and deploy our solutions, such as AWS cloud infrastructure services, which hosts our platform. If a service provider fails to provide sufficient capacity to support our platform or otherwise experiences service outages, such failure could interrupt our customers’ access to our services, which could adversely affect their perception of our platform’s reliability and our revenue. Any disruptions in these services, including as a result of actions outside of our control, would significantly impact the continued performance of our solutions. In the future, these services may not be available to us on commercially reasonable terms, or at all. Any loss of the right to use any of these services could result in decreased functionality of our solutions until equivalent technology is either developed by us or, if available from another provider, is identified, obtained and integrated into our infrastructure. If we do not accurately predict our infrastructure capacity requirements, our customers could experience service shortfalls. We may also be to effectively address capacity constraints, upgrade our systems as needed and continually develop our technology and network architecture to accommodate actual and anticipated changes in technology.
Our platform is accessed by a large number of customers, often at the same time. As we continue to expand the number of our customers and solutions and solution packages available to our customers, we may not be
Table of Contents
able to scale our technology to accommodate the increased capacity requirements, which may result in interruptions or delays in service. In addition, the failure of third-party cloud infrastructure providers, third-party internet service providers or other third-party service providers whose services are integrated with our platform to meet our capacity requirements could result in interruptions or delays in access to our platform or impede our ability to scale our operations. In the event that our service agreements are terminated with our cloud infrastructure providers, or there is a lapse of service, interruption of internet service provider connectivity or damage to such providers’ facilities, we could experience interruptions in access to our platform as well as delays and additional expense in arranging new facilities and services.
Any of the above circumstances or events may harm our reputation, cause customers to terminate their agreements with us, impair our ability to obtain subscription renewals from existing customers, impair our ability to grow our customer base, result in the expenditure of significant financial, technical and engineering resources, subject us to financial penalties and liabilities under our service level agreements, and otherwise could adversely affect our business, results of operations and financial condition.
The delivery of our platform depends on AWS cloud infrastructure services.
Our SaaS offerings are hosted solely in AWS and our other offerings utilize the cloud infrastructure offered by AWS. Our operations depend on maintaining the configuration, architecture and interconnection specifications required by AWS. Although we have disaster recovery plans that utilize multiple AWS infrastructure locations, any incident affecting this infrastructure that may be caused by fire, flood, severe storm, earthquake, power loss, telecommunications failures, unauthorized intrusion, computer viruses and disabling devices, natural disasters, war, criminal act, military actions, terrorist attacks and other similar events beyond our control could negatively affect our platform. A prolonged AWS service disruption affecting our platform for any of the foregoing reasons could damage our reputation with current and potential customers, us to liability, cause us to customers or otherwise our business. In addition, since all of our cloud-based offerings utilize AWS cloud infrastructure services, in the event of a AWS services we may not be to find an alternative provider on commercially reasonable terms or in a timely manner, if at all. We may also incur significant costs for using alternative equipment or taking other actions in preparation for, or in reaction to, events that the AWS services we use.
AWS enables us to order and reserve server capacity in varying amounts and sizes distributed across multiple regions. AWS provides us with computing and storage capacity pursuant to an agreement that continues until terminated by either party. While we have agreed to terms with AWS that would prevent the termination of our agreement in virtually all circumstances, in the highly unlikely event that our AWS agreement was terminated, we may be unable to deploy certain of our solutions and our business, results of operations and financial condition may be adversely affected.
In addition, since all of our cloud-based offerings utilize AWS cloud infrastructure resources, our customers’ satisfaction with our cloud-based offerings is dependent in part upon their perceptions and satisfaction with AWS cloud infrastructure services. Dissatisfaction with AWS cloud infrastructure services could damage our relationships with customers and/or result in the loss of customers across one or more use case, solution or solution package.
Data privacy and security concerns, evolving regulations of cloud computing, cross border data transfer restrictions, data localization requirements and other domestic and foreign laws and regulations may limit the use and adoption of, or require modification of, our solutions, solution packages and services, which could adversely affect our business.
Laws and regulations related to the provision of services on the Internet are increasing, as federal, state and foreign governments continue to adopt new laws and regulations addressing data privacy and the collection, processing, storage and use of personal information. Internationally, many of the jurisdictions in which we operate have established their own data security and privacy legal frameworks with which we, or our customers, must comply. We have implemented various features and processes intended to enable our customers to better
Table of Contents
comply with applicable privacy and security requirements, but these features and processes do not guarantee compliance and may not guard against all potential privacy concerns.
International Data Protection Laws
In the European Economic Area (the “EEA”), the General Data Protection Regulation (“GDPR”) applies to any company established in the EEA as well as to those outside the EEA if they process personal data in relation to the offering of goods or services to individuals in the EEA and/or the monitoring of their behavior. Similar laws exist in Switzerland and the United Kingdom, and other countries (including Australia, Canada, India and Israel) are adopting laws based on GDPR or updating their existing laws to reflect GDPR concepts.
The GDPR enhances data protection obligations for both processors and controllers of personal data, including by extending the rights available to affected data subjects, materially expanding the definition of what is expressly noted to constitute personal data, requiring additional disclosures about how personal data is to be used, and imposing limitations on retention of personal data, creating mandatory data breach notification requirements in certain circumstances, and establishing onerous new obligations on services providers who process personal data simply on behalf of others. Under the GDPR, fines of up to €20 million or up to 4% of an undertaking’s total worldwide annual turnover of the preceding financial year, whichever is higher, may be imposed, and the EEA regulators are aggressively enforcing GDPR. In addition to administrative fines, a wide variety of other potential enforcement powers are available to competent authorities in respect of potential and suspected violations of the GDPR, including extensive audit and inspection rights, and powers to order temporary or permanent bans on all or some processing of personal data carried out by actors.
Recent developments in the regulation of cross-border data transfers from the EEA, including enforcement decisions and regulatory guidance issued by key supervisory authorities, creates uncertainty as to our and our customers’ ability to use platforms and processing services located in the US and other non-adequate jurisdictions. While existing data transfer mechanisms, such as Standard Contractual Clauses, remain valid, our use of these transfer mechanisms is subject to legal, regulatory and political pressure. We anticipate incurring significant cost to enable continued cross-border transfers as needed to operate our business, and we cannot assure you that our business will not be materially impacted by restrictions on cross-border transfers of personal data.
Interpretation and application of the GDPR and other data protection laws are evolving, including in the areas of cloud services, AI, and the roles of companies that provide data-intensive products and services. Given the breadth and depth of changes in data protection obligations, complying with its requirements has caused us to expend significant resources and such expenditures are likely to continue into the near future as we respond to new interpretations, additional guidance and potential enforcement actions and patterns, and as we continue to negotiate data processing agreements with our customers and business partners. While we have taken steps to comply with the GDPR, other applicable data protection laws, and the regulations and guidance published by applicable regulators, , including by seeking to establish appropriate lawful bases for the various processing activities we carry out as a controller, reviewing our security procedures, and entering into data processing agreements with relevant customers and business partners, we cannot assure you that our efforts to achieve and remain in compliance have been, and/or will continue to be, fully successful. In particular, we cannot assure you that our ability to monitor and address emerging requirements of international data protection laws will be successful, that our actual handling of personal data will comply with these requirements, or that we have not or will not experience an information security or data which could have material financial consequences. We may also face risk (including of substantial business) if our customers and other stakeholders are not that our products and service can be used in a manner that is compliant with applicable data protection laws.
Domestic Privacy Laws
In the United States, the California Consumer Privacy Act (“CCPA”) imposes GDPR-like obligations on companies doing business in California, and gives California residents GDPR-like rights to access and delete
Table of Contents
their personal information, opt out of certain personal information sharing and receive detailed information about how their personal information is used. The CCPA provides for civil penalties for violations, as well as a private right of action for data breaches that is expected to increase data breach litigation. In addition, a California ballot initiative, the California Privacy Rights Act (the “CPRA”) takes effect on January 1, 2023. THE CPRA significantly modifies the CCPA, including by expanding consumers’ rights with respect to certain sensitive personal information. The CPRA also creates a new state agency that will be vested with authority to implement and enforce the CCPA and the CPRA. The effects of the CCPA and the CPRA are potentially significant and may require us to modify our data collection or processing practices and policies and increase our compliance costs and potential liability. Since the CPRA passed, in March 2021, Virginia enacted the Virginia Consumer Data Protection Act and, in June 2021, Colorado enacted the Colorado Privacy Act, both of which are comprehensive privacy statutes that share similarities with the CCPA and CPRA as well as GDPR. This legislation could mark the beginning of a trend toward more stringent privacy legislation in the U.S., which could increase our potential liability and affect our business.
With respect to cybersecurity in the U.S., we are closely monitoring the development of rules and guidance pursuant to various executive orders that may apply to us, including, for example, Executive Order 14028 for “critical software.” While the rules and guidance coming from such executive orders are still being developed, we could be categorized as a provider of critical software, which may increase our compliance costs and delay or prevent our ability to execute contracts with customers, including in particular with government entities.
Data Localization and Other Risks
Privacy and data protections laws and regulations are subject to new and differing interpretations and there may be significant inconsistency in laws and regulations among the jurisdictions in which we operate or provide our SaaS offerings. Legal and other regulatory requirements could restrict our ability to store and process data as part of our SaaS offerings, or, in some cases, impact our ability to provide our SaaS offerings in certain jurisdictions. Our inability to provide our offerings in certain jurisdictions, particularly China and Russia, as a result of their local data privacy frameworks may result in the loss of business opportunities from customers operating in, or seeking to expand into, those jurisdictions. In addition, we may seek to engage third-party support providers in certain jurisdictions in order to comply with our customers’ data privacy concerns and such engagements may be costly.
Privacy and data protection laws and regulations may also impact our customers’ ability to deploy certain of our solutions and solution packages globally, to the extent they utilize our solutions and solution packages for storing personal information that they process. Additionally, if third parties that we work with violate applicable laws or our policies, such violations may also put our customers’ information at risk and could in turn have an adverse effect on our business. The costs of compliance with, and other burdens imposed by, data privacy laws, regulations and standards may require resources to create new solutions or solution packages or modify existing solutions or solution packages, could lead to us being subject to significant fines, penalties or liabilities for noncompliance, could lead to complex and protracted contract negotiations with respect to privacy and data protection terms, and may slow the pace at which we close sales transactions, any of which could harm our business.
The data protection landscape is rapidly evolving, and we expect that there will continue to be new proposed laws, regulations and industry standards concerning privacy, data protection and information security. We cannot yet determine the impact that such future laws, regulations and standards may have on our business. Such laws and regulations are often subject to differing interpretations and may be inconsistent among jurisdictions.
Any failure or perceived failure by us to comply with federal, state or foreign laws or regulations, industry standards, contractual obligations or other legal obligations, with respect to any security incident, whether or not resulting in unauthorized access to, or acquisition, release or transfer of personal data or other data, may result in governmental enforcement actions and prosecutions, private litigation, fines and penalties, friction in
Table of Contents
our customer relationships or adverse publicity, and could cause our customers to lose trust in us, which could have an adverse effect on our reputation and business.
Around the world, there are numerous lawsuits in process against various technology companies that process personal data. If those lawsuits are successful, it could increase the likelihood that we may be exposed to liability for our own policies and practices concerning the processing of personal data and could hurt our business. Furthermore, the costs of compliance with, and other burdens imposed by, laws, regulations and policies concerning privacy and data security that are applicable to the businesses of our customers may limit the use and adoption of our platform and reduce overall demand for it.
In addition, if our platform is perceived to cause, or is otherwise unfavorably associated with, violations of privacy or data security requirements, it may subject us or our customers to public criticism and potential legal liability. Existing and potential laws and regulations concerning privacy and data security and increasing sensitivity of consumers to unauthorized processing of personal data may create negative public reactions to technologies, solutions, solution packages and services such as ours. Public concerns regarding personal data processing, privacy and security may cause some of our customers’ end users to be less likely to visit their websites or otherwise interact with them. If enough end users choose not to visit our customers’ websites or otherwise interact with them, our customers could stop using our platform. This, in turn, may reduce the value of our service and slow or eliminate the growth of our business.
Our continued development of AI and ML is dependent, in part, on our customers’ willingness to allow us to use their data to develop the necessary algorithms. Concerns about data privacy may discourage customers from allowing us to use their data in this manner, which may limit our ability to continue to leverage AI and ML in the Ping Intelligent Identity Platform.
With respect to cybersecurity in the U.S., we are closely monitoring the development of rules and guidance pursuant to various executive orders that may apply to us, including, for example, Executive Order 14028 for “critical software.” While the rules and guidance coming from such executive orders are still being developed, we could be categorized as a provider of critical software, which may increase our compliance costs and delay or prevent our ability to execute contracts with customers, including in particular with government entities.
We function as a HIPAA “business associate” for certain of our customers and, as such, are subject to strict privacy and data security requirements. If we fail to comply with any of these requirements, we could be subject to significant liability, all of which can adversely affect our business as well as our ability to attract and retain new customers.
The Health Insurance Portability and Accountability Act of 1996, as amended by the Health Information Technology for Economic and Clinical Health Act (“HITECH”) and their respective implementing regulations, (“HIPAA”), imposes specified requirements relating to the privacy, security and transmission of individually identifiable health information. Among other things, HITECH makes HIPAA’s security standards directly applicable to “business associates.” We function as a business associate for certain of our customers that are HIPAA covered entities and service providers, and in that context we are regulated as a business associate for the purposes of HIPAA. If we are unable to comply with our obligations as a HIPAA business associate, we could face substantial civil and even criminal liability. HITECH imposes four tiers of civil monetary penalties and gives state attorneys general authority to file civil actions for damages or injunctions in federal courts to enforce the federal HIPAA laws and seek attorneys’ fees and costs associated with pursuing federal civil actions. In addition, many state laws govern the privacy and security of health information in certain circumstances, many of which differ from HIPAA and each other in significant ways and may not have the same effect.
As a business associate, we are required by HIPAA to maintain HIPAA-compliant business associate agreements with our customers that are HIPAA covered entities and service providers, as well as our subcontractors that access, maintain, create or transmit individually identifiable health information on our behalf for the rendering of services to our HIPAA covered entity and service provider customers. These agreements impose stringent data security and other obligations on us. If we or our subcontractors are unable to meet the
Table of Contents
requirements of any of these business associate agreements, we could face contractual liability under the applicable business associate agreement as well as possible civil and criminal liability under HIPAA, all of which can have an adverse impact on our business and generate negative publicity, which, in turn, can have an adverse impact on our ability to attract and retain customers.
In addition, the U.S. Department of Health & Human Services recently proposed modifications to the HIPAA privacy regulations (“Privacy Rule”). The proposed rulemaking has not yet been finalized. We will continue to monitor whether any final modifications to the Privacy Rule may require us to change our practices. Significant changes to HIPAA, including interpretation and application of HIPAA, could increase our compliance costs and negatively impact our business.
Our quarterly operating results and other metrics are likely to vary significantly and be unpredictable, which could cause the trading price of our stock to decline.
Our operating results and other metrics have historically varied from period to period, and we expect that they will continue to do so as a result of a number of factors, many of which are outside of our control and may be difficult to predict, including:
the level of demand for our solutions and solution packages, including our newly-introduced solutions and offering of solution packages, and the level of perceived urgency regarding security threats and compliance requirements;
the timing and use of new subscriptions and renewals of existing subscriptions;
the mix of cloud and on-premise offerings sold and the associated contract term;
the extent to which customers subscribe for additional solutions or solution packages, or increase the number of identities or use cases;
significant security breaches of, technical difficulties with, or interruptions to, the delivery and use of our offerings;
customer budgeting cycles and seasonal buying patterns where our customers often time their purchases and renewals of our solutions or solution packages to coincide with their fiscal year end, which is typically June 30 or December 31;
any changes in the competitive landscape of our industry, including consolidation among our competitors, customers, partners or resellers;
timing of costs and expenses during a quarter;
deferral of orders in anticipation of new solutions, solution packages or enhancements announced by us or our competitors;
price competition;
changes in renewal rates and terms in any quarter;
costs related to the acquisition of businesses, talent, technologies or intellectual property by us, including potentially significant amortization costs and possible write-downs;
litigation-related costs, settlements or adverse litigation judgments;
Table of Contents
any disruption in our sales channels or termination of our relationship with channel and other strategic partners;
general economic conditions, both domestically and in our foreign markets, and related changes to currency exchange rates;
insolvency or credit difficulties confronting our customers, affecting their ability to purchase or pay for our solutions and solution packages; and
future accounting pronouncements or changes in our accounting policies.
Any one of the factors above or the cumulative effect of some of the factors referred to above may result in significant fluctuations in our financial and other operating results, including fluctuations in our key metrics. This variability and unpredictability could result in our failing to meet the expectations of securities analysts or investors for any period. If we fail to meet or exceed such expectations for these or any other reasons, the market price of our shares could fall substantially and we could face costly lawsuits, including securities class action suits. In addition, a significant percentage of our operating expenses are fixed in nature and based on forecasted revenue and cash flow trends. Accordingly, in the event of revenue shortfalls, we are generally unable to mitigate the negative impact on margins or other operating results in the short term.
We may fail to meet or exceed the expectations of securities analysts and investors, and the market price for our common stock could decline. If one or more of the securities analysts who cover us change their recommendation regarding our stock adversely, the market price for our common stock could decline. Additionally, our stock price may be based on expectations, estimates or forecasts of our future performance that may be unrealistic or may not be achieved. Further, our stock price may be affected by financial media, including press reports and blogs.
Our revenue recognition policy and other factors may distort our financial results in any given period and make them difficult to predict.
Under accounting standards update No. 2014-09 (Topic 606), Revenue from Contracts with Customers (“ASC 606”), we recognize revenue when our customer obtains control of goods or services in an amount that reflects the consideration that we expect to receive in exchange for those goods or services. Our subscription revenue includes subscription term-based license revenue, which is recognized when we transfer control of the term-based license to the customer, and subscription SaaS and maintenance and support revenue, both of which are recognized ratably over the contract period. Because subscription term-based license revenue is recognized upfront, a single, large license in a given period may distort our operating results for that period. In contrast, the impact of agreements that are recognized ratably may take years to be fully reflected in our financial statements. Consequently, a significant increase or decline in our subscription SaaS and maintenance and support contracts in any one quarter will not be fully reflected in the results for that quarter, but will affect our revenue in future quarters. This also makes it challenging to forecast our revenue for future periods, as both the mix of solutions, solution packages and services we will sell in a given period, as well as the size of contracts, is difficult to predict. In addition, we make certain estimates related to the allocation of subscription revenue attributable to the term-based license as compared to maintenance and support or subscription SaaS as applicable. Changes in such estimates may further affect the timing of our revenue recognition and make revenue to predict.
As disclosed therein, our financial statements reflect various estimates and assumptions made by management that may affect revenue recognition and the presentation of other financial results. In some instances, we could reasonably use different estimates and assumptions, and changes in estimates are likely to occur from period to period. See “Item 8. Financial Statements — Note 2. Summary of Significant Accounting Policies.”
Table of Contents
Given the foregoing factors, our actual results could differ significantly from our estimates, comparing our revenue and operating results on a period-to-period basis may not be meaningful, and our past results may not be indicative of our future performance.
If we fail to enhance our brand cost-effectively, our ability to expand our customer base will be impaired and our business, results of operations and financial condition may be adversely affected.
We believe that developing and maintaining awareness of our brand in a cost-effective manner is critical to achieving widespread acceptance of our existing and future solutions and solution packages and is an important element in attracting new customers. We believe that the importance of brand recognition will increase as competition in our market increases. Successful promotion of our brand will depend largely on the effectiveness of our marketing efforts and on our ability to develop and deploy high-quality, reliable and differentiated solutions and solution packages to customers. In the past, our efforts to build our brand have involved significant expense. Brand promotion activities may not yield increased revenue, and even if they do, any increased revenue may not offset the expense we incur in building our brand. If we fail to successfully promote and maintain our brand, or incur substantial expense in an unsuccessful attempt to promote and maintain our brand, we may fail to attract new customers or retain our existing customers to the extent necessary to realize a sufficient return on our brand-building efforts, and our business, results of operations and financial condition could be affected.
Our sales cycle is frequently long and unpredictable, and our sales efforts require considerable time and expense.
Since we primarily focus on selling our solutions and solution packages to enterprises, the timing of our sales can be difficult to predict. We and our channel partners are often required to spend significant time and resources to better educate and familiarize potential customers with the value proposition of our platform, solutions and solution packages. Customers often view the purchase of our solutions and solution packages as a strategic decision and significant investment and, as a result, frequently require considerable time to evaluate, test and qualify our platform, solutions and solution packages prior to purchasing our solutions and/or solution packages. In particular, for customers in highly-regulated industries, the selection of a security solution provider is a critical business decision due to the sensitive nature of these customers’ data, which results in particularly extensive evaluation prior to the selection of information security vendors. During the sales cycle, we expend significant time and money on sales and marketing and contract negotiation activities, which may not result in a sale. Additional factors that may influence the length and variability of our sales cycle include:
the discretionary nature of purchasing and budget cycles and decisions;
lengthy purchasing approval processes;
the industries in which our customers operate;
the evaluation of competing solutions and solution packages during the purchasing process;
time, complexity and expense involved in replacing existing solutions;
announcements or planned introductions of new solutions and solution packages, features or functionality by our competitors or of new solutions, solution packages or offerings by us; and
evolving functionality demands.
If our efforts in pursuing sales and customers are unsuccessful, or if our sales cycles lengthen, our revenue could be lower than expected, which would adversely affect our business, results of operations or financial condition.
Table of Contents
Our growth strategy includes the acquisition of other businesses or technologies, and we may not be able to identify suitable acquisition targets or otherwise successfully implement our growth strategy.
In order to expand our business, we have made several acquisitions of businesses, products and technologies and expect to continue making similar acquisitions and possibly larger acquisitions as part of our growth strategy. The success of our future growth strategy will depend in part on our ability to identify, negotiate, complete and integrate the acquisition of businesses or technologies and, if necessary, to obtain satisfactory debt or equity financing to fund those acquisitions. We expect to continue evaluating potential strategic acquisitions of businesses, assets and technologies. However, we may not be able to identify suitable candidates, negotiate appropriate or favorable acquisition terms, obtain financing that may be needed to consummate such transactions or complete proposed acquisitions. Further, there is significant competition for acquisition and expansion opportunities in the IAM industry.
Acquisitions are inherently risky, and any acquisitions we complete may not be successful. Our past acquisitions and any acquisitions that we may undertake in the future involve numerous risks, including, but not limited to, the following:
difficulties in integrating and managing the operations, personnel, procedures, IT systems, technologies and the systems and solutions of the companies we acquire;
diversion of our management’s attention from normal daily operations of our business;
potential loss of key employees, management and engineers of the companies we acquire;
our inability to maintain the key business relationships and the reputations of the businesses we acquire;
the price we pay for any business, asset or technology acquired may overstate the value of that business, asset or technology or otherwise be too high;
uncertainty of entry into markets in which we have limited or no prior experience and in which competitors have stronger market positions;
our dependence on unfamiliar affiliates, resellers and partners of the companies we acquire;
our inability to increase sales from an acquisition for a number of reasons, including our failure to drive demand in our existing customer base for acquired businesses, assets or technologies;
increased costs related to acquired operations and continuing support and development of acquired systems;
our responsibility for the liabilities of the businesses we acquire and the potential failure to properly identify an acquisition target’s liabilities, potential liabilities or risks;
potential goodwill and intangible asset impairment charges and amortization associated with acquired businesses;
failure to achieve acquisition synergies or to properly evaluate a target company’s capabilities;
adverse tax consequences associated with acquisitions;
changes in how we are required to account for our acquisitions under GAAP, including arrangements that we assume from an acquisition;
Table of Contents
potential negative perceptions of our acquisitions by customers, financial markets or investors;
failure to obtain any applicable required approvals from governmental authorities under competition and antitrust laws on a timely basis, if at all, which could, among other things, delay or prevent us from completing a transaction, or otherwise restrict our ability to realize the expected financial or strategic goals of an acquisition;
potential increases in our interest expense, leverage and debt service requirements if we incur additional debt to pay for an acquisition, or dilution to our shareholders if we issue shares as consideration for an acquisition; and
our inability to apply and maintain our internal standards, controls, procedures and policies to acquired businesses.
We regularly evaluate potential acquisition candidates and engage in discussions and negotiations regarding potential acquisitions; however, even if we execute a definitive agreement for an acquisition, there can be no assurance that we will consummate the transaction within the anticipated closing timeframe, or at all. Further, acquisitions typically involve the payment of a premium over book- and market-values and, therefore, some dilution of our tangible book value and earnings per common share may occur in connection with any future transaction.
Inherent in any future acquisition is the risk of transitioning company cultures and facilities. The failure to efficiently and effectively achieve such transitions could increase our costs and decrease our profitability. Although we expect that the realization of efficiencies related to the integration of any acquired businesses will offset incremental transaction and acquisition-related costs over time, anticipated financial benefits may not be achieved in the near term, or at all.
Additionally, acquisitions or asset purchases made entirely or partially for cash may reduce our cash reserves or require us to incur additional debt under our credit agreements or otherwise. We may seek to obtain additional cash to fund an acquisition by selling equity or debt securities. We may be unable to secure the equity or debt funding necessary to finance future acquisitions on terms that are acceptable to us. If we finance acquisitions by issuing equity or convertible debt securities, our existing shareholders will experience ownership dilution.
The occurrence of any of these risks could have a material adverse effect on our business, results of operations or financial condition.
We may need to change our pricing models to compete successfully.
The intense competition we face in the sales of our solutions, solution packages and services and general economic and business conditions can put pressure on us to change our prices. If our competitors offer deep discounts on certain solutions, solution packages or services or develop solutions and/or solution packages that the marketplace considers more valuable than ours, we may need to lower prices or offer other favorable terms in order to compete successfully. Any such changes may reduce margins and could adversely affect operating results. Additionally, the increasing prevalence of cloud and SaaS delivery models offered by us and our competitors may unfavorably impact pricing for both our on-premise and cloud-based offerings, as well as overall demand for our on-premise software and service offerings, which could reduce our revenues and profitability. Our competitors may offer lower pricing on their support offerings, which could put pressure on us to further discount our offering or support pricing. We also must determine the appropriate price of our offerings and services to enable us to compete effectively internationally.
Any broad-based change to our prices and pricing policies could cause our revenue to decline or be delayed as our sales force implements and our customers adjust to new pricing policies. For example, we began providing solution packages that include combinations of our most commonly deployed solutions in March 2020.
Table of Contents
We or our competitors may bundle solutions in other ways for promotional purposes or as a long-term go-to-market or pricing strategy or provide guarantees of prices and solution and solution package implementations. These practices could, over time, significantly constrain the prices that we can charge for certain of our solutions and solution packages. If we do not adapt our pricing models to reflect changes in customer use of our solutions and solution packages or changes in customer demand, our revenue could decrease.
Our failure to meet certain of our service level commitments could harm our business, results of operations and financial condition.
Our customer agreements contain service level commitments, under which we guarantee specified availability and error resolution times with respect to our solutions. Any failure of or disruption to our infrastructure could make our solutions unavailable to our customers. If we are unable to meet the stated service level commitments to our customers or suffer extended periods of unavailability of our SaaS offerings, we may be contractually obligated to provide affected customers with service credits, or customers could elect to terminate and receive refunds for prepaid amounts related to unused subscriptions. Our revenue, other results of operations and financial condition could be harmed if we suffer unscheduled downtime that exceeds the service level commitments under our agreements with our customers, and any extended service outages could affect our business and reputation as customers may elect not to renew.
If we fail to offer high-quality customer support, our business and reputation will suffer.
Once our solutions and solution packages are deployed, our customers rely on our support services to resolve any issues that may arise. High-quality customer education and customer support is important for the successful marketing and sale of our solutions and solution packages and for the renewal of existing customers. We must successfully assist our customers in deploying our solutions and solution packages, resolving performance issues and addressing interoperability challenges with a customer’s existing network and security infrastructure. Many enterprises, particularly large enterprises, have complex networks and require high levels of focused support, including premium support offerings, to fully realize the benefits of our solutions. Any failure by us to maintain the expected level of support could reduce customer satisfaction and hurt our customer retention, particularly with respect to our large enterprise customers. To the extent that we are unsuccessful in hiring, training and retaining adequate support resources, our ability to provide adequate and timely support to our customers will be negatively impacted, and our customers’ with our solutions could be affected. Given our growth, we may in the future engage third parties to provide support services to our customers. Any to properly train or oversee such contractors could result in a customer experience, which could have an impact on our reputation and ability to renew subscriptions or engage new customers. In addition, most of our contracts with our larger customers require consent in the event we subcontract the services we provide thereunder. The process of obtaining consent to subcontract support services with these customers could be lengthy and there can be no assurance such consent would be provided.
Furthermore, as we sell our solutions and solution packages internationally, our support organization faces additional challenges, including those associated with delivering support, training and documentation in languages other than English. Any failure to maintain high-quality customer support, or a market perception that we do not maintain high-quality support, could materially harm our reputation, business, financial condition and results of operations, and adversely affect our ability to sell our solutions and solution packages to existing and prospective customers. The importance of high-quality customer support will increase as we expand our business and pursue new customers.
Table of Contents
Our growth is substantially dependent on the success of our strategic relationships with channel partners, technology partners and other third parties.
As part of our business development efforts, we anticipate that we will continue to depend on relationships with third parties, such as our channel partners and technology partners, to sell, market, build, operate and deploy our solutions and solution packages. Identifying these partners and maintaining these relationships requires significant time and resources. Our competitors may be effective in providing incentives to channel partners and other third parties to favor their solutions or services over subscriptions to our platform and a substantial number of our agreements with channel partners are non-exclusive such that those channel partners may offer customers the solutions of several different companies, including solutions that compete with ours. Our channel partners may cease marketing or reselling our platform with limited or no notice and without penalty. Our channel partners may also choose to promote our competitors’ solutions versus our own solutions and solution packages. If our technology partners fail to build, deploy or operate our solutions and/or solution packages in a manner that satisfies our customers, or if we fail to adequately negotiate and document the underlying agreement with such technology partners, our customers may seek direct recourse us. In the event that a relationship with a technology partner deploying and operating our solution is , we may be to allocate the proper engineering resources to support the solution internally, or the solution may become too to run ourselves. In addition, given the competitive landscape, acquisitions of our channel or technology partners by a competitor could affect our customers, as these partners may no longer be in a position to sell, market, build, operate and/or deploy our solutions and solution packages. Furthermore, some of these partners may themselves build competitive solutions that are or may become competitive with certain of our solutions and/or solution packages and then elect to no longer support or integrate with our platform. Lastly, it continues to be to predict the impact of the COVID-19 pandemic on the business operations of these third parties. Such third parties may financial and their relationship with us and thus we may not be to recoup any financial or strategic . If we are in establishing or maintaining our relationships with third parties, our ability to compete in the marketplace or to grow our revenue could be , and our results of operations may . Even if we are , we cannot you that these relationships will result in increased customer usage of our solutions or increased revenue.
Adverse general and industry-specific economic and market conditions and reductions in IT and identity spending may reduce demand for our solutions and solution packages, which could harm our results of operations.
Our revenue, results of operations and cash flows depend on the overall demand for our solutions and solution packages. Concerns about the systemic impact of a potential widespread recession (in the United States or internationally), geopolitical issues or the availability and cost of credit could lead to increased market volatility, decreased consumer confidence and diminished growth expectations in the U.S. economy and abroad, which in turn could result in reductions in IT, IAM and identity security spending by our existing and prospective customers. For the year ended December 31, 2021, 36% of our revenue was derived from the financial services industry, including banking. Negative economic conditions, including in the financial services industry, may cause customers to reduce their IT spending. Prolonged economic slowdowns may result in customers delaying or canceling IT projects, choosing to focus on in-house development efforts or seeking to lower their costs by requesting us to renegotiate existing contracts on less terms or on payments due on existing contracts or not renewing at the end of the contract term.
Our customers may merge with other entities who use alternative IAM solutions and, during weak economic times, there is an increased risk that one or more of our customers will file for bankruptcy protection, either of which may harm our revenue, profitability and results of operations. We also face risk from international customers that file for bankruptcy protection in foreign jurisdictions, particularly given that the application of foreign bankruptcy laws may be more difficult to predict. In addition, we may determine that the cost of pursuing any claim may outweigh the recovery potential of such claim. As a result, broadening or protracted extension of an economic downturn could harm our business, revenue, results of operations and cash flows.
Table of Contents
If our platform, solutions and solution packages do not effectively interoperate with our customers’ existing or future IT infrastructures, our business would be harmed.
Our success depends on the interoperability of our platform, solutions and solution packages with our customers’ IT infrastructures, including third-party operating systems, applications, data and devices that we have not developed and do not control. Any changes in such infrastructure, operating systems, applications, data or devices that degrade the functionality of our platform, solutions or solution packages or give preferential treatment to competitive solutions could adversely affect the adoption and usage of our platform. We may not be successful in quickly or cost effectively adapting our platform, solutions or solution packages to operate effectively with these operating systems, applications, data or devices. If it is difficult for our customers to access and use our platform, solutions or solution packages, or if our platform, solutions or solution packages cannot connect a broadening range of applications, data and devices, then our customer growth and retention may be harmed, and our business, results of operations and financial condition could be adversely affected. We rely on open standards for many integrations between our solutions and solution packages and third-party applications that our customers utilize, and in other instances on such third parties making available the necessary tools for us to create interoperability with their applications. If application providers were to move away from open standards, or if a , widely-utilized application provider were to adopt proprietary integration standards and not make them available for the purposes of facilitating interoperability with our platform, the utility of our solutions and solution packages for our customers would be decreased.
Our ability to introduce new solutions and features is dependent on adequate research and development resources and our ability to successfully complete acquisitions. If we do not adequately fund our research and development efforts or complete acquisitions successfully, we may not be able to compete effectively and our business and results of operations may be harmed.
To remain competitive, we must continue to offer new solutions and enhancements to our platform. This is particularly true as we further expand and diversify our capabilities. Maintaining adequate research and development resources, such as the appropriate personnel and development technology, to meet the demands of the market is essential. If we elect not to or are unable to develop solutions internally due to certain constraints, such as high employee turnover, lack of management ability or a lack of other research and development resources, we may choose to expand into a certain market or strategy via an acquisition for which we could potentially pay too much or fail to successfully integrate into our operations. Further, many of our competitors expend a considerably greater amount of funds on their respective research and development programs, and those that do not may be acquired by larger companies that would allocate greater resources to our competitors’ research and development programs. Our failure to maintain adequate research and development resources or to compete effectively with the research and development programs of our competitors would give an to such competitors and our business, results of operations and financial condition could be affected. Moreover, there is no assurance that our research and development or acquisition efforts will anticipate market needs and result in significant new marketable solutions or to our solutions, design , cost savings, revenues or other expected benefits. If we are to generate an adequate return on such investments, we may not be to compete effectively and our business and results of operations may be materially and affected.
Our success depends, in part, on the integrity and scalability of our systems and infrastructures. System interruption and the lack of integration, redundancy and scalability in these systems and infrastructures may result in our business, results of operations and financial condition being adversely affected.
Our success depends, in part, on our ability to maintain the integrity of our systems and infrastructure, including websites, information and related systems. System interruption and a lack of integration and redundancy in our information systems and infrastructure may adversely affect our ability to operate websites, process and fulfill transactions, respond to customer inquiries and generally maintain cost-efficient operations. We may experience occasional system interruptions that make some or all systems or data unavailable or prevent us from efficiently providing access to our platform. Fire, flood, power loss, telecommunications failure, hurricanes,
Table of Contents
tornadoes, earthquakes, other natural disasters, acts of war or terrorism and similar events or disruptions may damage or interrupt computer, broadband or other communications systems and infrastructure at any time. Any of these events could cause system interruption, delays and loss of critical data, and could prevent us from providing access to our platform.
While we have backup systems for certain aspects of our operations, disaster recovery planning by its nature cannot be sufficient for all eventualities. In addition, we may not have adequate insurance coverage to compensate for losses from a major interruption. If any of these events were to occur, our business, results of operations and financial condition could be adversely affected.
We rely on software and services from other parties. Defects in or the loss of access to software or services from third parties could increase our costs and adversely affect the quality of our solutions.
We rely on third-party computer systems, broadband and other communications systems and service providers in providing access to our platform. Any interruptions, outages or delays in our systems and infrastructure, our business and/or third parties, or deterioration in the performance of these systems and infrastructure, could impair our ability to provide access to our platform. Our business would be disrupted if any of the third-party software or services we utilize, particularly with respect to third-party software or services embedded in our solutions, or functional equivalents thereof, were unavailable due to extended outages or interruptions or because they are no longer available on commercially reasonable terms or prices or at all.
In each case, we would be required to either seek licenses to software or services from other parties and redesign our solutions to function with such software or services or develop these components ourselves, which would result in increased costs and could result in delays in our solution and solution package launches and the release of new solution and solution package offerings until equivalent technology can be identified, licensed or developed, and integrated into our solutions. Furthermore, we might be forced to limit the features available in our current or future solutions. If these delays and feature limitations occur, our business, results of operations and financial condition could be adversely affected.
Real or perceived errors, failures, vulnerabilities or bugs in our solutions, including deployment complexity, could harm our business and results of operations.
Errors, failures, vulnerabilities or bugs may occur in our solutions, especially when updates are deployed or new solutions are rolled out. Our platform is often used in connection with large-scale computing environments with different operating systems, system management software, equipment and networking configurations, which may cause errors or failures of solutions. In addition, deployment of our solutions into complicated, large-scale computing environments may expose errors, failures, vulnerabilities or bugs in our solutions. Any such errors, failures, vulnerabilities or bugs may not be found until after they are deployed to our customers. Real or perceived errors, failures, or bugs in our solutions could result in publicity, of customer data, of or in market acceptance of our solutions, of competitive position, or by customers for sustained by them, all of which could affect our business, results of operations and financial condition.
If we fail to adequately protect our proprietary rights, our competitive position could be impaired and we may lose valuable assets, generate less revenue and incur costly litigation to protect our rights.
Our success is dependent, in part, upon protecting our proprietary information and technology. We rely on a combination of patents, copyrights, trademarks, service marks, trade secret laws and contractual restrictions to establish and protect our proprietary rights. However, the steps we take to protect our intellectual property may be inadequate. We will not be able to protect our intellectual property if we are unable to enforce our rights or if we do not detect unauthorized use of our intellectual property. Despite our precautions, it may be possible for unauthorized third parties to copy our solutions and use information that we regard as proprietary to create solutions that compete with ours. Some license provisions protecting against unauthorized use, copying, transfer and disclosure of our solutions may be unenforceable under the laws of certain jurisdictions and foreign
Table of Contents
countries. Further, the laws of some countries do not protect proprietary rights to the same extent as the laws of the United States, and mechanisms for enforcement of intellectual property rights in some foreign countries may be inadequate. In addition, certain countries into which we may expand our business may require us to do business through an entity that is partially owned by a local investor, to make available our technologies to state regulators or to grant license rights to local partners in a manner not required by the jurisdictions in which we currently operate. To the extent we expand our international activities, our exposure to unauthorized reverse engineering of our technologies or copying and use of our solutions and proprietary information may increase. Accordingly, despite our efforts, we may be unable to prevent third parties from infringing upon or misappropriating our technology and intellectual property.
We rely in part on trade secrets, proprietary know-how and other confidential information to maintain our competitive position. Although we enter into confidentiality and invention assignment agreements with our employees and consultants and enter into confidentiality agreements with the parties with whom we have strategic relationships and business alliances, no assurance can be given that these agreements will be effective in controlling access to and distribution of our solutions and proprietary information. Further, these agreements do not prevent our competitors from independently developing technologies that are substantially equivalent or superior to our solutions and solution packages.
To protect our intellectual property rights, we may be required to spend significant resources to monitor and protect these rights. Litigation may be necessary in the future to enforce our intellectual property rights and to protect our trade secrets. Such litigation could be costly, time consuming and distracting to management and could result in the impairment or loss of portions of our intellectual property. Furthermore, our efforts to enforce our intellectual property rights may be met with defenses, counterclaims and countersuits attacking the validity and enforceability of our intellectual property rights. Our inability to protect our proprietary technology against unauthorized copying or use, as well as any costly litigation or diversion of our management’s attention and resources, could further sales or the implementation of our solutions and solution packages, the functionality of our solutions, introductions of new solutions and solution packages, result in our substituting or more technologies into our solutions, or our reputation. In addition, we may be required to license additional technology from third parties to develop and market new solutions and solution packages, and we cannot you that we could license that technology on commercially reasonable terms or at all, and our to license this technology could our ability to compete.
Our results of operations may be harmed if we are subject to an infringement claim or a claim that results in a significant damage award.
Other companies have claimed in the past, and may claim in the future, that we infringe upon their intellectual property rights. A claim may also be made relating to technology that we acquire or license from third parties. Because of constant technological change in the segments in which we compete, the extensive patent coverage of existing technologies, and the rapid rate of issuance of new patents, it is possible that the number of these claims may grow. If we were subject to a claim of infringement, regardless of the merit of the claim or our defenses, the claim could:
require costly litigation to resolve and/or the payment of substantial damages or other amounts to settle such disputes;
require significant management time;
cause us to enter into unfavorable royalty or license agreements, if such arrangements are available at all;
require us to discontinue the sale of some or all of our offerings, or to remove or reduce features or functionality of our solutions and solution packages;
require us to indemnify our customers or third-party service providers; and/or
Table of Contents
require us to expend additional development resources to redesign our solutions and/or solution packages.
Any one or more of the above could adversely affect our business, results of operations and financial condition.
Our use of open source software in our offerings could negatively affect our ability to sell our solutions and solution packages and subject us to possible litigation.
We use software modules licensed to us by third-party authors under “open source” licenses in our offerings. Some open source licenses require that users of the applicable software make available source code for modifications or derivative works created using that open source software. If we were to combine our proprietary software with open source software in a certain manner, we could, under certain open source licenses, be required to release or otherwise make available the source code of our proprietary software to the public. This would allow our competitors to create similar products with lower development effort and time and ultimately could result in a loss of sales for us.
Although we monitor our compliance with open source licenses and attempt to protect our proprietary source code from the effects stated above, we may inadvertently use open source software in a manner we do not intend and that could expose us to claims for breach of contract and intellectual property infringement. In addition, the terms of many open source licenses have not been interpreted by United States courts, and there is a risk that these licenses could be construed in a way that could impose unanticipated conditions or restrictions on our ability to commercialize our solutions and solution packages. If we are held to have breached the terms of an open source software license, we could be required to seek licenses from third parties to continue providing our offerings on terms that are not economically feasible, to re-engineer our offerings, to discontinue the sale of our offerings if re-engineering cannot be accomplished on a timely basis, or to make generally available, in source code form, a portion of our proprietary code, any of which could affect our business, results of operations and financial condition. In addition to the risks described above, usage of open source software typically us to risks than use of third-party commercial software, as open source licensors generally do not provide warranties or assurance of title or controls on the functionality or origin of the software. Many of the risks associated with usage of open source software, such as the of warranties or assurances of title, cannot be eliminated, and could, if not properly addressed, affect our business. We have established processes to help alleviate these risks, including a review process for screening requests from our development organizations for the use of open source software, but we cannot be sure that our processes for controlling our use of open source software in our offerings will be . Use of open source software may also present additional security risks because the public availability of such software may make it for hackers and other third parties to determine how to compromise our offerings.
We rely on SaaS vendors to operate certain functions of our business and any failure of such vendors to provide services to us could adversely impact our business and operations.
We rely on third-party SaaS vendors to operate certain critical functions of our business, including financial management, human resource management and customer relationship management. If these services become unavailable due to extended outages or interruptions or because they are no longer available on commercially reasonable terms or prices, our expenses could increase, our ability to manage our finances could be interrupted and our processes for managing sales of our solutions and solution packages and supporting our customers could be impaired until equivalent services, if available, are identified, obtained and integrated, all of which could harm our business. In addition, we rely on the security of our third-party SaaS vendors as part of the overall security of our solutions. While we review the security documentation and reports made available by these third parties, if one of these vendors were to experience a security incident or be susceptible to a vulnerability, it could have a impact on the security of our own solutions and in such an instance it may be more for us to detect activity and prevent or minimize security . If any such events were to occur, it could affect our business, us to financial liability to our customers and our reputation.
Table of Contents
Indemnity provisions in various agreements potentially expose us to substantial liability for intellectual property infringement and other losses.
Our agreements with customers and other third parties may include indemnification or other provisions under which we agree to indemnify them for losses suffered or incurred as a result of claims of intellectual property infringement, damage caused by us to property or persons, or other liabilities relating to or arising from the use of our platform or other acts or omissions. The term of these contractual provisions often survives termination or expiration of the applicable agreement. As we continue to grow, the possibility of infringement claims and other intellectual property rights claims against us may increase. For any intellectual property rights indemnification claim against us or our customers, we may incur significant legal expenses and may have to pay damages, settlement fees, license fees and/or stop using technology found to be in of the third-party’s rights. Large indemnity payments could our business, results of operations and financial condition. We may also have to seek a license for the or technology. Such license may not be available on reasonable terms, if at all, and may significantly increase our operating expenses or may require us to restrict our business activities and limit our ability to deploy certain offerings. As a result, we may also be required to develop alternative non- technology, which could require significant effort and expense and/or cause us to alter our platform, solutions or solution packages, which could affect our business. In addition, we may be subject to increased risk of as a result of our use of open source software given that our agreements with our customers generally do not exclude open source software from the intellectual property indemnity we contractually agree to provide for our offerings.
From time to time, customers require us to indemnify them for breach of confidentiality, violation of applicable law or failure to implement adequate security measures with respect to their data stored, transmitted, or accessed using our platform. Although we normally contractually limit our liability with respect to such obligations, the existence of such a dispute may have adverse effects on our customer relationship and reputation and we may still incur substantial liability related to them.
Any assertions by a third party, whether or not successful, with respect to such indemnification obligations could subject us to costly and time-consuming litigation, expensive remediation and licenses, divert management attention and financial resources, harm our relationship with that customer and other current and prospective customers, reduce demand for our platform and result in our brand, business, results of operations and financial condition being adversely affected.
We may be subject to liability claims if we breach our contracts and our insurance may be inadequate to cover our losses.
We are subject to numerous obligations in our contracts with our customers and strategic partners. Despite the procedures, systems and internal controls we have implemented to comply with our contracts, we may breach these commitments, whether through a weakness in these procedures, systems and internal controls, negligence or the willful act of an employee or contractor.
Our insurance policies, including our errors and omissions insurance, may be inadequate to compensate us for the potentially significant losses that may result from claims arising from breaches of our contracts, disruptions in our services, including those caused by cybersecurity incidents, failures or disruptions to our infrastructure, catastrophic events and disasters, including those resulting from the effects of climate change, or otherwise. In addition, such insurance may not be available to us in the future on economically reasonable terms, or at all. Further, our insurance may not cover all claims made against us and defending a suit, regardless of its merit, could be and management’s attention.
Our customers may fail to pay us in accordance with the terms of their agreements, necessitating action by us to compel payment.
If customers fail to pay us under the terms of our agreements, we may be adversely affected both from the inability to collect amounts due and the cost of enforcing the terms of our contracts, including related litigation.
Table of Contents
Furthermore, some of our customers may seek bankruptcy protection or other similar relief and fail to pay amounts due to us, or pay those amounts more slowly, either of which could adversely affect our business, results of operations and financial condition.
Because our long-term success depends, in part, on our ability to expand the sales of our solutions and solution packages to customers located outside of the United States, our business will be susceptible to risks associated with international operations.
We currently have international operations in the U.K., Canada, Australia, France, Germany, India, Israel, the Netherlands, New Zealand, and Italy. For the year ended December 31, 2021, our international revenue was 26% of our total revenue. Any efforts that we may undertake to increase our international revenue may not be successful. In addition, continuing to expand our international footprint with our solutions and solution packages subjects us to new risks, some of which we have not generally faced in the United States. These risks include, among other things:
unexpected costs and errors in the localization of our solutions and solution packages, including translation into foreign languages and adaptation for local practices and regulatory requirements;
difficulties in developing and executing an effective go-to-market strategy in various locations;
lack of familiarity and burdens of complying with foreign laws, legal standards, privacy standards, regulatory requirements, tariffs and other barriers;
laws and business practices favoring local competitors or commercial parties;
costs and liabilities related to compliance with foreign privacy, data protection, information security laws and regulations, including the GDPR and cybersecurity regimes, and the risks and costs of noncompliance, many of which involve disparate standards and enforcement approaches;
greater risk of a failure of foreign employees, partners, distributors and resellers to comply with both U.S. and foreign laws, including antitrust regulations, anti-bribery laws, export and import control laws, and any applicable trade regulations ensuring fair trade practices;
practical difficulties of enforcing intellectual property rights in countries with fluctuating laws and standards and reduced or varied protection for intellectual property rights in some countries , and specific legal requirements in certain countries that might place us at a greater risk of our technologies being subject to reverse engineering or copying ;
unexpected changes in global, economic and political landscapes;
unexpected changes in regulatory requirements, taxes, trade laws, tariffs, export quotas, custom duties or other trade restrictions;
difficulties in managing system integrators and technology partners;
differing technology standards;
longer accounts receivable payment cycles and difficulties in collecting accounts receivable;
difficulties in managing and staffing international operations and differing employer/employee relationships and local employment laws;
Table of Contents
political unrest, war, or terrorism, or regional natural disasters, particularly in areas in which we have facilities;
fluctuations in exchange rates that may increase the volatility of our foreign-based revenue;
potentially adverse tax consequences, including the complexities of foreign value added tax (or other tax) systems and restrictions on the repatriation of earnings; and
the economic and legal uncertainty in Europe as a result of Brexit.
Additionally, operating in international markets also requires significant management attention and financial resources. We cannot be certain that the investment and additional resources required in establishing operations in other countries will produce desired levels of revenue or profitability.
In addition, some of our business functions, such as research and development, may be siloed geographically, which may adversely affect the integration of our operations on a global scale.
We have limited experience in marketing, selling and supporting our platform abroad. Our limited experience in operating our business internationally increases the risk that any potential future expansion efforts that we may undertake will not be successful. If we invest substantial time and resources to increase our international revenue and are unable to do so successfully and in a timely manner, our business and results of operations will suffer.
We may face exposure to foreign currency exchange rate fluctuations.
Today, our international contracts are usually denominated in local currencies and the majority of our international costs are denominated in local currencies. Over time, an increasing portion of our international contracts may be denominated in local currencies. Therefore, fluctuations in the value of the U.S. dollar and foreign currencies may affect our results of operations when translated into U.S. dollars. We do not currently engage in currency hedging activities to limit the risk of exchange rate fluctuations. However, in the future, we may use derivative instruments, such as foreign currency forward and option contracts, to hedge certain exposures to fluctuations in foreign currency exchange rates. The use of such hedging activities may not offset any or more than a portion of the adverse financial effects of unfavorable movements in foreign exchange rates over the limited time the hedges are in place. Moreover, the use of hedging instruments may introduce additional risks if we are unable to structure effective hedges with such instruments.
Our international operations may give rise to potentially adverse tax consequences.
Our corporate structure and associated transfer pricing policies anticipate future growth into the international markets. The amount of taxes we pay in different jurisdictions may depend on the application of the tax laws of the various jurisdictions, including the United States, to our international business activities, changes in tax rates, new or revised tax laws or interpretations of existing tax laws and policies and our ability to operate our business in a manner consistent with our corporate structure and intercompany arrangements. The taxing authorities of the jurisdictions in which we operate may challenge our methodologies for pricing intercompany transactions, which are generally required to be computed on an arm’s-length basis pursuant to intercompany arrangements or disagree with our determinations as to the income and expenses attributable to specific jurisdictions. If such a challenge or disagreement were to occur, and our position was not sustained, we could be required to pay additional taxes, interest and penalties, which could result in one-time tax charges, higher effective tax rates, reduced cash flows and lower overall profitability of our operations. Our financial statements could to reflect adequate reserves to cover such a contingency.
Table of Contents
Changes in tax laws or regulations in the various tax jurisdictions we are subject to that are applied adversely to us or our customers could increase the costs of our solutions and solution packages and harm our business.
New income, sales, use or other tax laws, statutes, rules, regulations or ordinances could be enacted at any time. Those enactments could harm our domestic and international business operations, and our business and financial performance. Further, existing tax laws, statutes, rules, regulations or ordinances could be interpreted, changed, modified or applied adversely to us. These events could require us or our customers to pay additional tax amounts on a prospective or retroactive basis, as well as require us or our customers to pay fines and/or penalties and interest for past amounts deemed to be due. If we raise our prices to offset the costs of these changes, existing and potential future customers may elect not to purchase our solutions and/or solution packages in the future. Additionally, new, changed, modified or newly interpreted or applied tax laws could increase our customers’ and our compliance, operating and other costs, as well as the costs of our solutions and solution packages. Further, these events could decrease the capital we have available to operate our business. Any or all of these events could harm our business and financial performance.
A change in tax laws in key jurisdictions could materially increase our tax expense.
We are subject to income taxes in the United States and many foreign jurisdictions. Changes to income tax laws and regulations, or the interpretation of such laws, in any of the jurisdictions in which we operate could significantly increase our effective tax rate and ultimately reduce our cash flows from operating activities and otherwise have a material adverse effect on our financial condition. Various levels of government are increasingly focused on tax reform and other legislative actions to increase tax revenue. On November 19, 2021, the U.S. Congress passed the Build Back Better Act reconciliation bill, which includes a 15% minimum corporate tax applicable to corporations that generate over $1 billion of income, limitations on interest deductions and the adoption of a country-by-country minimum tax on the foreign income of U.S. corporations. The bill is currently under discussion by the U.S. Senate, and even though there is uncertainty regarding its adoption, if adopted, our results of operations could be impacted. In addition, further changes in the tax laws of foreign jurisdictions could arise as a result of the base erosion and profit shifting project undertaken by the Organisation for Economic Co-operation and Development, which represents a coalition of member countries and recommended changes to numerous long-standing tax principles. If implemented by taxing authorities, such changes, as well as changes in U.S. federal and state tax laws or in taxing jurisdictions’ administrative interpretations, decisions, policies, and positions, could have a material effect on our business, results of operations, or financial condition.
If we cannot maintain our corporate culture as we grow, our business may be harmed.
We believe that our corporate culture has been a critical component to our success and that our culture creates an environment that drives and perpetuates our overall business strategy. We have invested substantial time and resources in building our team and we expect to continue to hire aggressively as we expand, including with respect to our international operations. As we grow and mature as a public company and grow internationally, we may find it difficult to maintain our corporate culture. In addition, we may need to adapt our corporate culture and work environments to changing circumstances, such as during times of a natural disaster or pandemic, including the ongoing COVID-19 pandemic. Any failure to preserve our culture could negatively affect our future success, including our ability to recruit and retain personnel and effectively focus on and pursue our business strategy.
We face risks associated with having operations and employees located in Israel.
We have an office and employees located in Israel. As a result, political, economic, and military conditions in Israel directly affect our operations. The future of peace efforts between Israel and its Arab neighbors remains uncertain. There has been a significant increase in hostilities and political unrest between Hamas and Israel in the past few years. The effects of these hostilities and violence on the Israeli economy and our operations in Israel are unclear, and we cannot predict the effect on us of further increases in these hostilities or future armed
Table of Contents
conflict, political instability or violence in the region. Current or future tensions and conflicts in the Middle East could adversely affect our business, operating results, financial condition and cash flows.
In addition, many of our employees in Israel are obligated to perform annual reserve duty in the Israeli military and are subject to being called for active duty under emergency circumstances. We cannot predict the full impact of these conditions on us in the future, particularly if emergency circumstances or an escalation in the political situation occurs. If many of our employees in Israel are called for active duty for a significant period of time, our operations and our business could be disrupted and may not be able to function at full capacity. Any disruption in our operations in Israel could adversely affect our business.
A portion of our revenue is generated by sales to government entities, which are subject to a number of challenges and risks, such as increased competitive pressures, administrative delays and additional approval requirements.
A portion of our revenue is generated by sales to U.S. and foreign federal, state and local governmental agency customers, and we may in the future increase sales to government entities. Selling to government entities can be highly competitive, expensive and time consuming, often requiring significant upfront time and expense without any assurance that we will complete a sale or imposing terms of sale which are less favorable than the prevailing market terms. Government demand and payment for our solutions, solution packages and services may be impacted by public sector budgetary cycles and funding authorizations, with funding reductions or delays adversely affecting public sector demand for our solutions and solution packages. Changes in government procurement policy, priorities, regulations, technology initiatives or requirements may negatively impact our potential for growth in the government sector. For example, the U.S. government imposes evolving cybersecurity requirements, including under the Federal Risk and Authorization Management Program (FedRAMP), which seeks to standardize security assessment and authorization for cloud products and services used by U.S. federal agencies. Compliance with these requirements is complex and costly, and failure to meet the required security controls could limit our ability to sell products and services, directly or indirectly, to state government entities in the U.S. and other jurisdictions, and to the federal government through our reseller and distribution partners. Although we have “in process” designation for FedRAMP for our PingOne for Government solution, we are still subject to agency authorization and monitoring, and this may impact certain of our obligations under customer contracts, including contracts with non-government entities. Further, governments routinely and audit government contractors’ administrative processes and any audit could result in , civil or liability, further , to our reputation and from further government business.
Risks Relating to Our Indebtedness
Our existing indebtedness could adversely affect our business and growth prospects.
On November 23, 2021, we entered into a new credit agreement (the “2021 Credit Agreement”) for a new term loan B facility consisting of an aggregate principal amount of $300 million (the “2021 Term Loan Facility”) maturing on November 23, 2028 and for a new revolving credit facility in an aggregate principal amount of $150 million (the “2021 Revolving Facility”, together with the 2021 Term Loan Facility, the “2021 Credit Facilities”) maturing on November 23, 2026. We used a portion of the proceeds from the 2021 Term Loan Facility to repay in full the indebtedness outstanding under our previous credit agreement. We expect to use the remaining proceeds for working capital and general corporate purposes. All obligations under the 2021 Credit Agreement are secured by a first priority lien on substantially all of our assets and the assets of our subsidiaries, subject to certain customary exceptions. We repaid all of the outstanding borrowings under our then-existing revolving credit facility. Our indebtedness, or any additional indebtedness we may incur, could require us to divert funds identified for other purposes for debt service and impair our liquidity position. If we cannot generate sufficient cash flow from operations to service our debt, we may need to refinance our debt, dispose of assets or issue equity to obtain necessary funds. We do not know whether we will be able to take any of these actions on a timely basis, on terms to us or at all. As of December 31, 2021, we had total long term indebtedness outstanding of $300.3 million, including $300.0 million under our 2021 Term Loan Facility and $0.3 million of
Table of Contents
outstanding letters of credit. There were no amounts drawn under the 2021 Revolving Facility as of December 31, 2021.
Our indebtedness, the cash flow needed to satisfy our debt and the covenants contained in our 2021 Credit Agreement have important consequences, including:
limiting funds otherwise available for financing our capital expenditures by requiring us to dedicate a portion of our cash flows from operations to the repayment of debt and the interest on this debt;
limiting our ability to incur additional indebtedness;
limiting our ability to capitalize on significant business opportunities;
making us more vulnerable to rising interest rates; and
making us more vulnerable in the event of a downturn in our business.
Our level of indebtedness may place us at a competitive disadvantage to our competitors that are not as highly leveraged. Fluctuations in interest rates can increase borrowing costs. Increases in interest rates may directly impact the amount of interest we are required to pay and reduce earnings accordingly. In addition, developments in tax policy, such as the disallowance of tax deductions for interest paid on outstanding indebtedness, could have an adverse effect on our liquidity and our business, financial conditions and results of operations. Further, our 2021 Credit Agreement contains customary affirmative and negative covenants and certain restrictions on operations that could impose operating and financial limitations and restrictions on us, including restrictions on our ability to enter into particular transactions and to engage in other actions that we may believe are advisable or necessary for our business.
We expect to use cash flow from operations to meet current and future financial obligations, including funding our operations, debt service requirements and capital expenditures. The ability to make these payments depends on our financial and operating performance, which is subject to prevailing economic, industry and competitive conditions and to certain financial, business, economic and other factors beyond our control.
Despite current indebtedness levels and restrictive covenants, we may still be able to incur substantially more indebtedness or make certain restricted payments, which could further exacerbate the risks associated with our substantial indebtedness.
We may be able to incur significant additional indebtedness in the future. Although the financing documents governing our 2021 Credit Facilities contain restrictions on the incurrence of additional indebtedness and liens, these restrictions are subject to a number of important qualifications and exceptions, and the additional indebtedness and liens incurred in compliance with these restrictions could be substantial.
The financing documents governing our 2021 Credit Facilities permit us to incur certain additional indebtedness, including liabilities that do not constitute indebtedness as defined in the financing documents. We may also consider investments in joint ventures or acquisitions, which may increase our indebtedness. In addition, financing documents governing our 2021 Credit Facilities do not restrict Vista from creating new holding companies that may be able to incur indebtedness without regard to the restrictions set forth in the financing documents governing our 2021 Credit Facilities. If new debt is added to our currently anticipated indebtedness levels, the related risks that we face could intensify.
Table of Contents
We may not be able to generate sufficient cash flow to service all of our indebtedness, and may be forced to take other actions to satisfy our obligations under such indebtedness, which may not be successful.
Our ability to make scheduled payments or to refinance outstanding debt obligations depends on our financial and operating performance, which will be affected by prevailing economic, industry and competitive conditions and by financial, business and other factors beyond our control. We may not be able to maintain a sufficient level of cash flow from operating activities to permit us to pay the principal, fees, premium, if any, and interest on our indebtedness. Any failure to make payments of interest and principal on our outstanding indebtedness on a timely basis would likely result in a reduction of our credit rating, which would also harm our ability to incur additional indebtedness.
If our cash flows and capital resources are insufficient to fund our debt service obligations, we may be forced to reduce or delay capital expenditures, sell assets, seek additional capital or seek to restructure or refinance our indebtedness. Any refinancing of our indebtedness could be at higher interest rates and may require us to comply with more onerous covenants. These alternative measures may not be successful and may not permit us to meet our scheduled debt service obligations. In the absence of such cash flows and resources, we could face substantial liquidity problems and might be required to sell material assets or operations to attempt to meet our debt service obligations. The financing documents governing our 2021 Credit Facilities restrict our ability to conduct asset sales and/or use the proceeds from asset sales. We may not be able to consummate these asset sales to raise capital or sell assets at prices and on terms that we believe are fair and any proceeds that we do receive may not be adequate to meet any debt service obligations then due. If we cannot meet our debt service obligations, the holders of our indebtedness may accelerate such indebtedness and, to the extent such indebtedness is secured, on our assets. In such an event, we may not have sufficient assets to repay all of our indebtedness.
The terms of the financing documents governing our 2021 Credit Facilities restrict our current and future operations, particularly our ability to respond to changes or to take certain actions.
The financing documents governing our 2021 Credit Facilities contain a number of restrictive covenants that impose significant operating and financial restrictions on us and may limit our ability to engage in acts that may be in our long-term best interests, including restrictions on our ability to:
incur additional indebtedness;
pay dividends on or make distributions in respect of capital stock or repurchase or redeem capital stock;
prepay, redeem or repurchase certain indebtedness;
make loans and investments;
sell or otherwise dispose of assets, including capital stock of restricted subsidiaries;
incur liens;
enter into transactions with affiliates; and
consolidate, merge or sell all or substantially all of our assets.
The restrictive covenants in the financing documents governing our 2021 Credit Facilities require us to maintain specified financial ratios and satisfy other financial condition tests to the extent applicable. Our ability to meet those financial ratios and tests can be affected by events beyond our control.
Table of Contents
A breach of the covenants or restrictions under the financing documents governing our 2021 Credit Facilities could result in an event of default under such documents. Such a default may allow the creditors to accelerate the related debt, which may result in the acceleration of any other debt to which a cross-acceleration or cross-default provision applies. In the event the holders of our indebtedness accelerate the repayment, we may not have sufficient assets to repay that indebtedness or be able to borrow sufficient funds to refinance it. Even if we are able to obtain new financing, it may not be on commercially reasonable terms or on terms acceptable to us. As a result of these restrictions, we may be:
limited in how we conduct our business;
unable to raise additional debt or equity financing to operate during general economic or business downturns; or
unable to compete effectively or to take advantage of new business opportunities.
These restrictions, along with restrictions that may be contained in agreements evidencing or governing other future indebtedness, may affect our ability to grow in accordance with our growth strategy.
We may be unable to refinance our indebtedness.
We may need to refinance all or a portion of our indebtedness before maturity. We cannot assure you that we will be able to refinance any of our indebtedness on commercially reasonable terms or at all. There can be no assurance that we will be able to obtain sufficient funds to enable us to repay or refinance our debt obligations on commercially reasonable terms, or at all.
A lowering or withdrawal of the ratings assigned to our debt securities by rating agencies may increase our future borrowing costs and reduce our access to capital.
Our debt currently has a non-investment grade rating, and any rating assigned could be lowered or withdrawn entirely by a rating agency if, in that rating agency’s judgment, future circumstances relating to the basis of the rating, such as adverse changes, so warrant. Any future lowering of our ratings likely would make it more difficult or more expensive for us to obtain additional debt financing.
Our failure to raise additional capital or generate cash flows necessary to expand our operations and invest in new technologies in the future could reduce our ability to compete successfully and harm our results of operations.
We may need to raise additional funds, and we may not be able to obtain additional debt or equity financing on favorable terms or at all. If we raise additional equity financing, our security holders may experience significant dilution of their ownership interests. If we engage in additional debt financing, we may be required to accept terms that restrict our ability to incur additional indebtedness, force us to maintain specified liquidity or other ratios or restrict our ability to pay dividends or make acquisitions. If we need additional capital and cannot raise it on acceptable terms, or at all, we may not be able to, among other things:
develop and enhance our solutions and solution packages;
continue to expand our solution and solution package development, sales and marketing organizations;
hire, train and retain employees;
respond to competitive pressures or unanticipated working capital requirements; or
Table of Contents
pursue acquisition opportunities.
In addition, our 2021 Credit Facilities also limit our ability to incur additional debt and therefore we likely would have to amend our 2021 Credit Facilities or issue additional equity to raise capital. If we issue additional equity, your interest in us will be diluted.
Risks Relating to Our Common Stock
Vista continues to have governance rights and as a result can influence certain of our corporate actions. Vista’s interests may conflict with ours or yours in the future.
At December 31, 2021, Vista beneficially owned approximately 9.95% of our common stock.
Pursuant to the Director Nomination Agreement we entered into with Vista, Vista has the right to designate: (i) a number of directors (rounded up to the nearest whole number) equal to 20% of the total directors for so long as Vista beneficially owns at least 10% and less than 20% of the total number of shares of our common stock it owned on the date of our IPO and (ii) one director for so long as Vista beneficially owns at least 5% and less than 10% of the total number of shares of our common stock it owned on the date of our IPO. The Director Nomination Agreement prohibits us from increasing or decreasing the size of our Board without the prior written consent of Vista. For so long as Vista continues to own at least 5% of our stock, Vista will have influence on the composition of our Board and the approval of actions requiring shareholder approval. Accordingly, for such period of time, Vista will continue to have influence with respect to our management, business plans and policies, including the appointment and removal of our officers, decisions on whether to raise future capital and amending our charter and bylaws, which govern the rights attached to our common stock.
Vista and its affiliates engage in a broad spectrum of activities, including investments in the information and business services industry generally. In the ordinary course of their business activities, Vista and its affiliates may engage in activities where their interests conflict with our interests or those of our other shareholders, such as investing in or advising businesses that directly or indirectly compete with certain portions of our business or are suppliers or customers of ours. Our certificate of incorporation provides that none of Vista, any of its affiliates or any director who is not employed by us (including any non employee director who serves as one of our officers in both his director and officer capacities) or its affiliates has any duty to refrain from engaging, directly or indirectly, in the same business activities or similar business activities or lines of business in which we operate. Vista also may pursue acquisition opportunities that may be complementary to our business, and, as a result, those acquisition opportunities may not be available to us. In addition, Vista may have an interest in pursuing acquisitions, divestitures and other transactions that, in its judgment, could enhance its investment, even though such transactions might involve risks to you.
Provisions of our corporate governance documents could make an acquisition of us more difficult and may prevent attempts by our shareholders to replace or remove our current management, even if beneficial to our shareholders.
Our certificate of incorporation and bylaws and the Delaware General Corporation Law (the “DGCL”) contain provisions that could make it more difficult for a third party to acquire us, even if doing so might be beneficial to our shareholders. Among other things:
these provisions allow us to authorize the issuance of undesignated preferred stock, the terms of which may be established and the shares of which may be issued without shareholder approval, and which may include supermajority voting, special approval, dividend, or other rights or preferences superior to the rights of shareholders;
these provisions provide for a classified board of directors with staggered three-year terms;
Table of Contents
these provisions provide that, at any time when Vista beneficially owns, in the aggregate, less than 40% in voting power of our stock entitled to vote generally in the election of directors, directors may only be removed for cause, and only by the affirmative vote of holders of at least 66 2 / 3 % in voting power of all the then-outstanding shares of our stock entitled to vote thereon, voting together as a single class;
these provisions prohibit shareholder action by written consent from and after the date on which Vista beneficially owns, in the aggregate, less than 35% in voting power of our stock entitled to vote generally in the election of directors;
these provisions provide that at any time when Vista beneficially owns, in the aggregate, less than 50% in voting power of all outstanding shares of our stock entitled to vote generally in the election of directors, any amendment, alteration, rescission or repeal of our bylaws by our shareholders will require the affirmative vote of the holders of at least 66 2 / 3 % in voting power of all the then-outstanding shares of our stock entitled to vote thereon, voting together as a single class; and
these provisions establish advance notice requirements for nominations for elections to our board of directors (“Board”) or for proposing matters that can be acted upon by shareholders at shareholder meetings; provided, however, that as long as Vista beneficially owns, in the aggregate, at least 10% in voting power of our stock entitled to vote generally in the election of directors, such advance notice procedure does not apply to it.
Our certificate of incorporation contains a provision that provides us with protections similar to Section 203 of the DGCL, and prevents us from engaging in a business combination with a person (excluding Vista and any of its direct or indirect transferees and any group as to which such persons are a party) who acquires at least 15% of our common stock for a period of three years from the date such person acquired such common stock, unless Board or shareholder approval is obtained prior to the acquisition. These provisions could discourage, delay or prevent a transaction involving a change in control of our company. These provisions could also discourage proxy contests and make it more difficult for you and other shareholders to elect directors of your choosing and cause us to take other corporate actions you desire, including actions that you may deem advantageous, or negatively affect the trading price of our common stock. In addition, because our Board is responsible for appointing the members of our management team, these provisions could in turn affect any attempt by our shareholders to replace current members of our management team.
These and other provisions in our certificate of incorporation, bylaws and Delaware law could make it more difficult for shareholders or potential acquirers to obtain control of our Board or initiate actions that are opposed by our then-current Board, including delay or impede a merger, tender offer or proxy contest involving our company. The existence of these provisions could negatively affect the price of our common stock and limit opportunities for you to realize value in a corporate transaction.
Our certificate of incorporation designates the Court of Chancery of the State of Delaware as the exclusive forum for certain litigation that may be initiated by our shareholders, which could limit our shareholders’ ability to obtain a favorable judicial forum for disputes with us.
Pursuant to our certificate of incorporation, unless we consent in writing to the selection of an alternative forum, the Court of Chancery of the State of Delaware is the sole and exclusive forum for (1) any derivative action or proceeding brought on our behalf, (2) any action asserting a claim of breach of a fiduciary duty owed by any of our directors, officers or other employees to us or our shareholders, (3) any action asserting a claim against us arising pursuant to any provision of the DGCL, our certificate of incorporation or our bylaws or (4) any other action asserting a claim against us that is governed by the internal affairs doctrine; provided that for the avoidance of doubt, the forum selection provision that identifies the Court of Chancery of the State of Delaware as the exclusive forum for certain litigation, including any “derivative action,” will not apply to suits to enforce a duty or liability created by Securities Act, the Exchange Act or any other claim for which the federal courts have exclusive jurisdiction. Our certificate of incorporation further provides that any person or entity purchasing or otherwise acquiring any interest in shares of our capital stock is deemed to have notice of and consented to
Table of Contents
the provisions of our certificate of incorporation described above. The forum selection clause in our certificate of incorporation may have the effect of discouraging lawsuits against us or our directors and officers and may limit our shareholders’ ability to obtain a favorable judicial forum for disputes with us.
An active, liquid trading market for our common stock may not be sustained, which may limit your ability to sell your shares.
An active trading market for our common stock may not be sustained. A public trading market having the desirable characteristics of depth, liquidity and orderliness depends upon the existence of willing buyers and sellers at any given time, such existence being dependent upon the individual decisions of buyers and sellers over which neither we nor any market maker has control. The failure of an active and liquid trading market to continue would likely have a material adverse effect on the value of our common stock. The market price of our common stock may decline below the public offering price, and you may not be able to sell your shares of our common stock at or above the price you paid in this offering, or at all. An inactive market may also impair our ability to raise capital to continue to fund operations by issuing shares and may impair our ability to acquire other companies or technologies by using our shares as consideration.
Our operating results and stock price may be volatile, and the market price of our common stock may drop below the price you paid.
Our quarterly operating results are likely to fluctuate in the future. In addition, securities markets worldwide have experienced, and are likely to continue to experience, significant price and volume fluctuations. This market volatility, as well as general economic, market or political conditions, could subject the market price of our shares to wide price fluctuations regardless of our operating performance. Our operating results and the trading price of our shares may fluctuate in response to various factors, including:
market conditions in our industry or the broader stock market;
actual or anticipated fluctuations in our quarterly financial and operating results;
introduction of new solutions, solution packages or services by us or our competitors;
issuance of new or changed securities analysts’ reports or recommendations;
sales, or anticipated sales, of large blocks of our stock;
additions or departures of key personnel;
regulatory or political developments;
litigation and governmental investigations;
changing economic conditions;
investors’ perception of us;
events beyond our control such as weather and war; and
any default on our indebtedness.
These and other factors, many of which are beyond our control, may cause our operating results and the market price and demand for our shares to fluctuate substantially. Fluctuations in our quarterly operating results could limit or prevent investors from readily selling their shares and may otherwise negatively affect the market price
Table of Contents
and liquidity of our shares. In addition, in the past, when the market price of a stock has been volatile, holders of that stock have sometimes instituted securities class action litigation against the company that issued the stock. If any of our shareholders brought a lawsuit against us, we could incur substantial costs defending the lawsuit. Such a lawsuit could also divert the time and attention of our management from our business, which could significantly harm our profitability and reputation.
A significant portion of our total outstanding shares may be sold into the market in the near future. This could cause the market price of our common stock to drop significantly, even if our business is doing well.
Sales of a substantial number of shares of our common stock in the public market could occur at any time. These sales, or the perception in the market that the holders of a large number of shares intend to sell shares, could reduce the market price of our common stock. We have registered shares of common stock that we may issue under our equity compensation plans. Such shares can be freely sold in the public market upon issuance, subject to any applicable lock-up agreements. The market price of our stock could decline if the holders of a large portion of our shares of common stock sell them or are perceived by the market as intending to sell them.
Because we have no current plans to pay regular cash dividends on our common stock for the foreseeable future, you may not receive any return on investment unless you sell your common stock for a price greater than that which you paid for it.
We do not anticipate paying any regular cash dividends on our common stock for the foreseeable future. Any decision to declare and pay dividends in the future will be made at the discretion of our Board and will depend on, among other things, our results of operations, financial condition, cash requirements, contractual restrictions and other factors that our Board may deem relevant. In addition, our ability to pay dividends is, and may be, limited by covenants of existing and any future outstanding indebtedness we or our subsidiaries incur, including under our 2021 Credit Facilities. Therefore, any return on investment in our common stock is solely dependent upon the appreciation of the price of our common stock on the open market, which may not occur.
If securities or industry analysts do not publish research or reports about our business, if they adversely change their recommendations regarding our shares or if our results of operations do not meet their expectations, our stock price and trading volume could decline.
The trading market for our shares is influenced by the research and reports that industry or securities analysts publish about us or our business. We do not have any control over these analysts. If one or more of these analysts cease coverage of us or fail to publish reports on us regularly, we could lose visibility in the financial markets, which in turn could cause our stock price or trading volume to decline. Moreover, if one or more of the analysts who cover us downgrade our stock, or if our results of operations do not meet their expectations, our stock price could decline.
We may issue shares of preferred stock in the future, which could make it difficult for another company to acquire us or could otherwise adversely affect holders of our common stock, which could depress the price of our common stock.
Our certificate of incorporation authorizes us to issue one or more series of preferred stock. Our Board has the authority to determine the preferences, limitations and relative rights of the shares of preferred stock and to fix the number of shares constituting any series and the designation of such series, without any further vote or action by our shareholders. Our preferred stock could be issued with voting, liquidation, dividend and other rights superior to the rights of our common stock. The potential issuance of preferred stock may delay or prevent a change in control of us, discouraging bids for our common stock at a premium to the market price, and materially adversely affect the market price and the voting and other rights of the holders of our common stock.
Table of Contents
General Risk Factors
We are subject to anti corruption, anti bribery and similar laws, and non compliance with such laws can subject us to criminal penalties or significant fines and harm our business and reputation.
We are subject to anti corruption and anti bribery and similar laws, such as the U.S. Foreign Corrupt Practices Act of 1977, as amended, the U.S. domestic bribery statute contained in 18 U.S.C. § 201, the U.S. Travel Act, the USA PATRIOT Act, the U.K. Bribery Act 2010 and other anti corruption, anti bribery and anti money laundering laws in countries in which we conduct activities. Anti corruption and anti bribery laws have been enforced aggressively in recent years and are interpreted broadly and prohibit companies and their employees and agents from promising, authorizing, making, offering, soliciting, or accepting, directly or indirectly, improper payments or other improper benefits to or from any person whether in the public or private sector. As we increase our international sales and business, our risks under these laws may increase. with these laws could subject us to , sanctions, settlements, , other enforcement actions, of profits, significant , , other civil and or , media coverage and other consequences. Any , actions or sanctions could affect our business, results of operations and financial condition.
We are subject to governmental export and import controls and economic sanctions laws that could impair our ability to compete in international markets and subject us to liability if we are not in full compliance with applicable laws.
Our business activities are subject to various restrictions under U.S. export and import controls and trade and economic sanctions laws, including the U.S. Commerce Department’s Export Administration Regulations, U.S. Customs regulations and various economic and trade sanctions regulations maintained by the U.S. Treasury Department’s Office of Foreign Assets Control. U.S. export control laws and U.S. economic sanctions laws include prohibitions on the sale or supply of certain products and services to U.S. embargoed or sanctioned countries, governments, persons and entities. Changes in our solutions, solution packages or services or changes in applicable export or import regulations may create delays in the introduction and sale of our solutions and solution packages in international markets, prevent our customers with international operations from deploying our solutions or solution packages or, in some cases, prevent the export or import of our solutions or solution packages to certain countries, governments, or persons altogether. Any decreased use of our solutions and solution packages or limitation on our ability to export or sell our solutions and solution packages would likely adversely affect our business.
Furthermore, we incorporate encryption technology into certain of our solutions. U.S. export control laws require authorization for the export of encryption items. In addition, various countries regulate the import of certain encryption technology, including through import permitting and licensing requirements, and have enacted laws that could limit our ability to deploy our solutions, solution packages and services or could limit our customers’ ability to implement our offerings and services in those countries. Obtaining the necessary authorizations, including any required license, for a particular transaction may be time consuming, is not guaranteed, and may result in the delay or loss of sales opportunities.
Although we take precautions to prevent our solutions and solution packages from being provided in violation of U.S. export control and economic sanctions laws, our solutions and solution packages may have been in the past, and could in the future be, provided inadvertently in violation of such laws. If we fail to comply with U.S. export control and economic sanctions laws and regulations, we and certain of our employees could be subject to civil or criminal penalties, including the possible loss of export privileges and monetary penalties. In addition, violations of such laws could result in negative consequences to us, including government investigations, penalties and harm to our reputation.
We may be the subject of various legal proceedings which could have a material adverse effect on our business, financial condition or results of operations.
Table of Contents
In the ordinary course of business, we may be involved in various litigation matters, including but not limited to commercial disputes, employee claims and class actions, and from time to time may be involved in governmental or regulatory investigations or similar matters arising out of our current or future business. Any claims asserted against us, regardless of merit or eventual outcome, could harm our reputation and have an adverse impact on our relationship with our customers and other third parties and could lead to additional related claims. Certain claims may seek injunctive relief, which could disrupt the ordinary conduct of our business and operations or increase our cost of doing business. Our insurance or indemnities may not cover all claims that may be asserted against us, and any asserted us, regardless of merit or eventual outcome, may our reputation and cause us to expend resources in our defense. Furthermore, there is no guarantee that we will be in ourselves in future or similar matters under various laws. Should the ultimate judgments or settlements in any future or significantly exceed our insurance coverage, they could affect our business, results of operations and financial condition.
We are subject to SEC rules and regulations regarding our internal control over financial reporting. If we fail to maintain effective internal control over financial reporting and disclosure controls and procedures or identify material weaknesses in our internal control over financial reporting, we may not be able to accurately report our financial results, or report them in a timely manner.
As a public reporting company, we are subject to the rules and regulations established from time to time by the SEC and the NYSE. These rules and regulations require that, among other things, we establish and periodically evaluate procedures with respect to our internal control over financial reporting. Reporting obligations as a public company place a considerable strain on our financial and management systems, processes and controls, as well as on our personnel.
In addition, as a public company we are required to document and test our internal control over financial reporting pursuant to Section 404 of the Sarbanes–Oxley Act so that our independent registered public accounting firm can attest in this Annual Report on Form 10-K as to the effectiveness of our internal control over financial reporting, and in future annual reports. As part of our testing, we have been required and will continue to be required to document and, in certain cases, make changes to our internal control over financial reporting, which could result in increased costs to us.
If our senior management is unable to conclude that we have effective internal control over financial reporting or to certify the effectiveness of such controls; if our independent registered public accounting firm cannot render an unqualified opinion on management's assessment and the effectiveness of our internal control over financial reporting; or if material weaknesses in our internal control over financial reporting is identified, we could be subject to regulatory scrutiny, a loss of public and investor confidence, and to litigation from investors and stockholders, which could have a material adverse effect on our business and our stock price. In addition, if we do not maintain adequate financial and management personnel, processes and controls, we may not be able to manage our business effectively or accurately report our financial performance on a timely basis, which could cause a decline in our common stock price and adversely affect our results of operations and financial condition.
Catastrophic events may disrupt our business.
Natural disasters, pandemics or other catastrophic events, including those exacerbated by the effects of climate change, may cause damage or disruption to our operations, international commerce and the global economy, and thus could harm our business. In the event of a major earthquake, hurricane or catastrophic event such as fire, power loss, telecommunications failure, cyberattack, pandemic, war or terrorist attack, we may be unable to continue our operations and may endure system interruptions, reputational harm, delays in our application development, lengthy interruptions in our solutions, breaches of data security and of data, all of which could affect our business, results of operations and financial condition. In addition, the insurance we maintain may not be adequate to cover our resulting from or other business .
Table of Contents
