Risk Factors Related to our Business and Industry
ZeroFox has a history of losses and we may not be able to achieve or sustain profitability in the future.
The Predecessor incurred net losses in all periods since its inception, including net losses of $38.4 million, $22.7 million, and $22.7 million for fiscal 2022, 2021, and 2020, respectively. The Successor experienced a net loss of $720.6 million for the Successor Period and $356.3 million for the year ended January 31, 2024. As of January 31, 2024, ZeroFox had an accumulated deficit of $1.1 billion. Following the Business Combination, we cannot predict when or whether we will reach or maintain profitability. We also expect that our operating expenses will increase over our historical expenses in the future as we continue to invest for future growth, including expanding our research and development activities to enhance our Platform, expanding our sales and marketing activities and reaching customers in new geographic locations, which will negatively affect our operating results if our total revenue does not increase. We cannot assure you that these investments will result in substantial increases in our revenue or improvements in our operating results. In addition to the anticipated costs to grow our business, we also expect to incur significant additional legal, accounting, and other expenses as a newly public operating company. Any failure to increase our revenue as we invest in our business or to manage our costs could prevent us from achieving or maintaining profitability.
If we are not able to maintain and enhance our brand and our reputation as a provider of external cybersecurity products and solutions, our business and results of operations may be adversely affected.
We believe that maintaining and enhancing our brand and our reputation as a provider of external cybersecurity products and solutions is critical to our relationship with existing customers, channel partners, and technology alliance partners and our ability to attract new customers and partners. The successful promotion of our brand will depend on a number of factors, including our marketing efforts, our ability to continue to develop additional features for our Platform and our ability to successfully differentiate our Platform from competitive cloud-based or legacy security solutions. Although we believe it is important for our growth, our brand promotion activities may not be successful or yield increased revenue.
In addition, independent industry or financial analysts and research firms often test our products and solutions and provide reviews of our Platform, as well as the products of our competitors, and the perception of our Platform in the marketplace may be significantly influenced by these reviews. If these reviews are negative, or less positive as compared to those of our competitors’ products, our brand may be adversely affected. Our products and solutions may fail to detect or prevent threats in any particular test for a number of reasons that may or may not be related to the efficacy of our products and solutions in real world environments. To the extent potential customers, industry analysts or testing firms believe that the occurrence of a failure to detect or prevent any particular threat is a flaw or indicates that our products and solutions or services do not provide significant value, we may lose customers, and our reputation, financial condition, and business would be harmed. Additionally, the performance of our channel partners and technology partners may affect our brand and reputation if customers do not have a experience with these partners. In addition, we have worked and continue to work with high-profile customers as well as assist in analyzing and remediating high profile . Our work with such customers has us to publicity and media coverage. publicity about us, including about our management, the efficacy and reliability of our Platform, our product offerings, our professional services, and the customers we work with, even if , could affect our reputation and brand.
If organizations do not adopt external cybersecurity solutions that may be based on new and untested security concepts, our ability to grow our business and results of operations may be adversely affected.
Our future success depends on the growth in the market for cloud and/or SaaS-delivered external cybersecurity products and solutions. The use of SaaS products and solutions to manage and automate security and IT operations is rapidly evolving. As such, it is difficult to predict our potential growth, customer adoption and retention rates, customer demand for our products and solutions, or the success of existing or future competitive products. Any expansion in our market depends on several factors, including the cost, performance and perceived value associated with our products and solutions and those of our competitors. If our solutions do not achieve widespread adoption or there is a reduction in demand for our products and solutions due to a lack of customer acceptance, technological challenges, competing products, privacy or other liability concerns, decreases in corporate spending, weakening economic conditions, or otherwise, it could adversely affect our business, results of operations and financial results, resulting in early terminations, reduced customer retention rates, or decreased sales. We do not know whether the trend in adoption of cloud- and/or SaaS-delivered cybersecurity solutions that we have experienced in the past will continue in the future. Furthermore, if we or other SaaS security providers experience security , or disclosure of customer data, in delivery, or other , the market for SaaS solutions as a whole, including our security solutions, could be affected.
Historically, information sharing related to cybersecurity has been a very well accepted concept from a theoretical perspective but very difficult to implement in practice. Companies are generally reluctant to share their sensitive cyber information with other entities, despite knowing the advantages of doing so. Misperceptions may exist, however, about what information gets shared, with whom that information is shared, and the jurisdictions (including foreign countries) of the companies with which the information gets shared. Further, concerns of existing or potential customers may exist related to the ability to completely remove any indicia of the source company, general market rejection of information sharing, or specific market skepticism of our approach, which may further add to a lack of customer acceptance.
In addition to the potential concerns related to sharing sensitive information in a system consisting of commercial or potentially competitive entities, additional concerns can arise when governments become involved as participants in the collective defense ecosystem. From a commercial perspective, companies frequently view information sharing on platforms with governments that are also customers as risky, based on perceptions that the governments might use such shared information to take action against the companies or to otherwise utilize it in a way that will expose such companies to liability. Such perceptions could lead commercial entities to stop sharing, not procure our services in the first place, or terminate their relationship with us altogether. Similarly, governments (as customers) may be unable to properly process such data or utilize it in a meaningful way, or share useful information back into our solutions. Any of these concerns could lead to reduced sales or contribute to a lack of customer acceptance. In addition, the mere involvement of one or more government entities as customers may our reputation with certain companies.
We (including the Predecessor and the Successor) have experienced rapid growth in recent periods, and if we do not manage our future growth, our business and results of operations will be adversely affected.
ZeroFox experienced rapid revenue growth in recent periods, and we expect to continue to invest broadly across our organization to support our growth. For example, ZeroFox’s actual employee headcount grew from 158 employees as of January 31, 2019, to 914 employees as of January 31, 2024. Additionally, ZeroFox's revenue grew from $8.9 million in fiscal 2019 to $233.3 million in fiscal year 2024. Although ZeroFox experienced rapid growth historically, we may not sustain these growth rates, nor can we assure you that our investments to support our growth will be successful. The growth and expansion of our business will require us to invest significant financial and operational resources and the continuous dedication of our management team. We have encountered and will continue to encounter risks and difficulties frequently experienced by rapidly growing companies in evolving industries, including market acceptance of our Platform, adding new customers, intense competition, and our ability to manage our costs and operating expenses. Our future success will depend in part on our ability to manage our growth effectively, which will require us to, among other things:
effectively attract, integrate, and retain a large number of new employees, particularly members of our sales and marketing and research and development teams;
further improve our Platform and cloud infrastructure to support our business needs;
enhance our information and communication systems to ensure that our employees and offices around the world are well-coordinated and can effectively communicate with each other and our growing base of channel partners and customers; and
improve our financial, management, and compliance systems and controls.
If we fail to achieve these objectives effectively, our ability to manage our expected growth, ensure uninterrupted operation of our Platform and key business systems, and comply with the rules and regulations applicable to our business could be impaired. Additionally, the quality of our Platform and services could suffer and we may not be able to adequately address competitive challenges. Any of the foregoing could adversely affect our business, results of operations, and financial condition.
We face intense competition and could lose market share to our competitors, which could adversely affect our business, financial condition, and results of operations.
The market for security solutions is intensely competitive, fragmented, and characterized by rapid changes in technology, customer requirements and industry standards, increasingly sophisticated attackers, and by frequent introductions of new or improved products to combat security threats. We expect to continue to face intense competition from current competitors, as well as from new entrants into the market given the relatively low barriers to entry in the industry. If we are unable to anticipate or react to these challenges, our competitive position could weaken, and we could experience a decline in revenue or reduced revenue growth, and loss of market share that would adversely affect our business, financial condition, and results of operations. Our ability to compete effectively depends upon numerous factors, many of which are beyond our control, including, but not limited to:
product capabilities, including the performance and reliability of our Platform; including our services and features, compared to those of our competitors;
our ability versus the ability of our competitors, to improve existing products, services, and features, or to develop new ones to address evolving customer needs;
our ability to attract, retain, and motivate talented employees;
our ability to establish and maintain relationships with channel partners;
our ability to acquire services from third parties at competitive prices;
the strength of our sales and marketing efforts; and
acquisitions or consolidation within our industry, which may result in more formidable competitors.
Our competitors include the following, by general category:
digital risk protection, such as Proofpoint, Rapid7 and Forta;
threat intelligence providers, such as Mandiant and Recorded Future; and
breach response providers, such as Experian, Transunion, and Kroll.
Many of these competitors have greater financial, technical, marketing, sales, and other resources, greater name recognition, longer operating histories, and a larger base of customers than we do. They may be able to devote greater resources to the development, promotion, and sale of services than we can, and they may offer lower pricing than we do. Further, they may have greater resources for research and development of new technologies, the provision of customer support, and the pursuit of acquisitions, or they may have other financial, technical, or other resource advantages. Our larger competitors have substantially broader and more diverse product and service offerings as well as routes to market, which allows them to leverage their relationships based on other products and to incorporate functionality into existing products to gain business in a manner that discourages users from purchasing our Platform. Conditions in our market could change rapidly and significantly because of technological advancements, partnering or acquisitions by our competitors or continuing market consolidation. Some of our competitors have recently made acquisitions of businesses or have established cooperative relationships that may allow them to offer more directly competitive and comprehensive solutions than were previously offered and adapt more quickly to new technologies and customer needs. As a result of such acquisitions or arrangements, our current or potential competitors may be to devote resources to bring these solutions and services to market, initiate or withstand substantial price competition or develop and expand their product and service offerings more quickly than we do. These competitive pressures in our market or our to compete effectively may result in price reductions, fewer orders, reduced revenue and gross margins, increased net and of market share. Further, many competitors that specialize in providing protection from a single type of security may be to deliver these targeted security products to the market quicker than we can or convince organizations that these limited products meet their needs. Even if there is significant demand for cloud-based security solutions like ours, if our competitors include functionality that is, or is perceived to be, equivalent to or than ours in legacy products that are already generally accepted as necessary components of an organization’s security architecture, we may have increasing the market penetration of our Platform. Furthermore, even if the functionality offered by other security providers is different and more limited than the functionality of our Platform, organizations may elect to accept such limited functionality in lieu of adding products from additional vendors like us.
For all of these reasons, competition may negatively impact our ability to maintain and grow consumption of our Platform and solutions or put downward pressure on our prices and gross margins, any of which could materially harm our reputation, business, financial condition, and results of operations.
Competitive pricing pressure may reduce revenue, gross profits, and adversely affect our financial results.
If we are unable to maintain our pricing due to competitive pressures or other factors, our revenue and margins may be reduced and our revenue and gross profits, business, results of operations and financial condition may be adversely affected. The prices for our Platform, products and solutions, and professional services may decline for a variety of reasons, including competitive pricing pressures, discounts, anticipation of the introduction of new solutions by competitors, or promotional programs offered by us or our competitors. Competition continues to increase in the market segments in which we operate, and we expect competition to further increase in the future. Larger competitors with more diverse product and service offerings may reduce the price of products or subscriptions that compete with ours or may bundle them with other products and subscriptions in an effort to leverage their existing market share to make it harder for newer companies, like us, to effectively compete.
Adverse general and industry-specific economic and market conditions and reductions in customer spending, in either the private or public sector, including as a result of geopolitical uncertainty such as the ongoing conflict between Russia and Ukraine, may reduce demand for our Platform or products and solutions, which could harm our business, financial condition and results of operations.
Our business, financial condition, and results of operations depend on the overall demand for our Platform and products and solutions. Negative conditions in the general economy both in the United States and abroad, including conditions resulting from the COVID-19 pandemic, changes in gross domestic product growth, financial and credit market fluctuations, energy costs, international trade relations, geopolitical issues, such as the conflict between Russia and Ukraine, or the availability and cost of credit could lead to increased market volatility, decreased consumer confidence, and diminished growth expectations in the U.S. economy and abroad, which in turn could result in reductions in information technology, software, and security spending by our existing and prospective customers. Negative economic conditions in both the public and private sectors, including macroeconomic, political and market conditions, government shutdowns or reduction in government spending, the availability of short-term and long-term funding and capital, the level and volatility of interest rates, currency exchange rates, and inflation, may cause customers to reduce their spending. Prolonged economic may result in customers or projects, choosing to focus on in-house development efforts or seeking to lower their costs by requesting us to existing contracts on less terms or on payments due on existing contracts or not renewing at the end of the contract term.
We employ multiple and evolving pricing models, which subject us to various pricing challenges that could make it difficult for us to derive value from our customers and may adversely affect our business, financial condition, and results of operations.
We employ multiple and evolving pricing models for our offerings. Our pricing models may ultimately result in a higher total cost to our customers generally as data volumes increase over time, or may cause our customers to limit or decrease usage in order to stay within the limits of their existing licenses or lower their costs, making it more difficult for us to compete in our markets or negatively impacting our business, financial condition, and results of operations. As the amount of data within our customers’ organizations grows, we face downward pressure from our customers regarding our pricing, which could adversely affect our revenue and operating margins. In addition, our pricing models may allow competitors with different pricing models to attract customers unfamiliar or uncomfortable with our pricing models, which would cause us to lose business or modify our pricing models, both of which could adversely affect our revenue and operating margins. We have introduced and expect to continue to introduce variations to our pricing models, including but not limited to usage-based, tiered pricing based on number of users, flat upfront fee, fixed price, level of effort, cost plus fee, utility-based pricing and other pricing programs. We also must determine the appropriate price to us to compete effectively internationally. Although we believe that these pricing models and variations to these models will drive net new customers, and increase customer adoption, it is possible that they will not and may potentially cause customers to to purchase or renew contracts with us or customers and reduce their lifetime value, which could impact our business, financial condition, and results of operations.
If we fail to adapt to rapid technological change, evolving industry standards and changing customer needs, requirements or preferences, our ability to remain competitive could be impaired.
The market for our Platform and solutions is characterized by rapid technological change, evolving industry standards and changing regulations, as well as changing customer needs, requirements, and preferences. The success of our business will depend, in part, on our ability to anticipate, adapt and respond effectively to these changes on a timely and cost-effective basis. In addition, as our customers’ data infrastructure needs grow more complex, we expect them to face new and increasing challenges. Our customers require that our Platform and products and solutions effectively identify and respond to these challenges without disrupting the performance of our customers’ information technology and data systems or interrupting their operations. As a result, we must continually modify and improve our offerings in response to changes in our customers’ data infrastructures and operational needs or end-user preferences. The success of any enhancement to our existing offerings or the deployment of new offerings depends on several factors, including the timely completion and market acceptance of our or new offerings. Any to our existing offerings or new offerings that we develop and introduce involves significant commitment of time and resources and is subject to a number of risks and , including, but not limited to:
ensuring the timely release of new solutions (including products and professional services) and enhancements to our existing solutions;
adapting to emerging and evolving industry standards, technological developments by our competitors and customers and changing regulatory requirements;
interoperating effectively with existing or newly-introduced technologies, systems or applications of our existing and prospective customers;
resolving defects, errors or failures in our Platform or solutions;
extending our solutions to new and evolving operating systems and hardware products; and
managing new solutions, product suites, and service strategies for the markets in which we operate.
If we are not successful in managing these risks and challenges, or if our Platform or products and solutions (including any upgrades thereto) are not technologically competitive or do not achieve market acceptance, our business, financial condition, and results of operations could be adversely affected.
If we are unable to maintain successful relationships with our channel partners, or if our channel partners fail to perform, our ability to market, sell, and distribute our Platform will be limited, and our business, financial position, and results of operations will be harmed.
In addition to our direct sales force, we rely on our channel partners to sell our Platform. A substantial amount of sales of our Platform flows through our channel partners and we expect this to continue for the foreseeable future. ZeroFox derived approximately 21% of its revenue for the fiscal year 2024 from subscriptions through channel partners. The loss of a substantial number of our channel partners or the failure to recruit additional channel partners, could adversely affect our operating results. Our ability to increase revenue will depend in part on our success in maintaining successful relationships with our channel partners and in training our channel partners to independently sell and deploy our Platform. If we fail to effectively manage our existing sales channels, or if our channel partners are unsuccessful in fulfilling the orders for our solutions, or if we are unable to enter into arrangements with, and retain a sufficient number of, high quality channel partners in each of the regions in which we sell products and solutions and keep them motivated to sell our products and solutions, our ability to sell our products and solutions and results of operations will be .
We target enterprise customers and government organizations, and sales to these customers involve risks that may not be present or that are present to a lesser extent with sales to smaller entities.
We have a sales team that targets enterprise customers and government organizations. These sales involve risks that may not be present or that are present to a lesser extent with sales to smaller entities, such as longer sales cycles, more complex customer requirements, substantial upfront sales costs, and less predictability in completing sales. For example, enterprise customers may require considerable time to evaluate and test our products and solutions and those of our competitors prior to making a purchase decision and placing an order. A number of factors influence the length and variability of our sales cycle, including the need to educate potential customers about the uses and benefits of our products and solutions, the discretionary nature of purchasing and budget cycles, and the competitive nature of evaluation and purchasing approval and/or competitive bidding processes. As a result, the length of our sales cycle, from identification of the opportunity to deal closure, may vary significantly from customer to customer, with sales to enterprise customers and government organizations typically taking longer to complete. Moreover, enterprise customers often begin to deploy our products and solutions on a limited basis, but nevertheless demand configuration, integration services and pricing negotiations, which increase our upfront investment in the sales effort with no guarantee that these customers will deploy our products and solutions widely enough across their organization to justify our substantial upfront investment. Further, a significant percentage of our enterprise sales are to customers in the financial services sector. An economic in that sector could impact our sales.
Our success and ability to grow our business depend on retaining and expanding our customer base. If we fail to add new customers or retain existing customers, our business, financial condition, and results of operations could be harmed.
We may enter into subscription agreements for our Platform and solutions where customers have discretion to renew or terminate services at the end of the term, or stand-alone agreements for the provision of specified software or services. For us to improve our operating results, it is important that we add new customers and that our existing customers renew their subscriptions and upgrade and expand their subscribed services. Our customers have no obligation to renew their subscriptions, to upgrade or expand their subscribed services, or to continue their relationship with us once a stand-alone engagement ends. Our customers’ renewal, upgrade, and expansion rates may decline or fluctuate as a result of a number of factors, including their satisfaction or dissatisfaction with our offerings, our pricing, the effects of general economic conditions, competitive offerings, or alterations or reductions in our customers’ spending levels. If we are unable to add new customers or if our existing customers do not renew their subscriptions when the term expires or do not upgrade and expand the subscribed services or if customers renew on terms less favorable to us, or do not otherwise continue to use our Platform and solutions for subsequent engagements, our revenue may and our business, financial condition, and results of operations could be .
Our customers may merge with other entities who purchase solutions and services from our competitors, and, during weak economic times, there is an increased risk that one or more of our customers will file for bankruptcy protection, either of which may harm our business, financial condition, and results of operations. We also face risks from international customers that file for bankruptcy protection in foreign jurisdictions, particularly given that the application of foreign bankruptcy laws may be more difficult to predict. In addition, we may determine that the cost of pursuing any claim may outweigh the recovery potential of such claim. As a result, broadening or protracted extension of an economic downturn could harm our business, financial condition, and results of operations.
We provide service level commitments under some of our customer contracts. If we fail to meet these contractual commitments, we could be obligated to provide credits for future service and our business could suffer.
Certain of our customer agreements contain service level commitments, which contain specifications regarding the availability and performance of our Platform. Any failure of or disruption to our infrastructure could impact the performance of our Platform and the availability of products and services to customers. If we are unable to meet our stated service level commitments or if we suffer extended periods of poor performance or unavailability of our Platform, we may be contractually obligated to provide affected customers with service credits for future subscriptions, refunds, and in certain cases, the right to cancel their subscription. Our revenue, other results of operations and financial condition could be harmed if we suffer performance issues or downtime that exceeds the service level commitments under our agreements with our customers.
Our business will be subject to the risks of natural catastrophic events and to interruption by man-made problems such as power disruptions or terrorism.
A significant natural disaster, such as an earthquake, a fire, a flood, or significant power outage could have a material adverse impact on our business, results of operations and financial condition. Natural disasters could affect our personnel, supply chain, or logistics providers’ ability to provide materials and perform services. In addition, climate change could result in an increase in the frequency or severity of natural disasters. In the event that our infrastructure, or the information technology systems, supply chain or logistics of our service providers, is hindered by any of the events discussed above, the results could be missed financial targets, such as revenue, for a particular quarter. Likewise, we could be subject to other man-made problems, including but not limited to power disruptions and terrorist acts.
We rely heavily on the services of our senior management team, and if we are not successful in attracting or retaining senior management personnel, we may not be able to successfully implement our business strategy.
Our future success is substantially dependent on our ability to attract, retain, and motivate our key employees and the members of our management team. In particular, we are highly dependent on the services of James C. Foster, our chief executive officer, who is critical to our future vision and strategic direction. We also rely on our leadership team in the areas of operations, security, analytics, engineering, product management, research and development, marketing, sales, partnerships, mergers and acquisitions, support, and general and administrative functions. Although we entered into employment agreements with our key personnel, our senior management is employed on an “at-will” basis, which means they may terminate their employment with us at any time. If one or more of our key employees resigns or otherwise ceases to provide us with their service, our business could be harmed.
We rely on the performance of highly skilled personnel, including senior engineering, professional services, sales and technology professionals, and our ability to increase our customer base depends to a significant extent on our ability to expand our sales and marketing operations.
We believe our success has depended, and continues to depend, on the efforts and talents of our highly skilled team members, including our sales personnel, professional services personnel, and software engineers. We do not maintain key person insurance on any of our employees. Our key employees are employed on an “at-will” basis, which means that they could terminate their employment with us at any time. The loss of any of our key employees could adversely affect our ability to execute our business plan, and we may not be able to find adequate replacements. We cannot ensure that we will be able to retain the services of our key employees.
If we do not effectively expand and train our sales force, we may be unable to add new customers or increase sales to our existing customers, and our business will be adversely affected.
We depend on our sales force to obtain new customers and increase sales with existing customers. Our ability to achieve significant revenue growth will depend, in large part, on our success in recruiting, training and retaining sufficient numbers of sales personnel, and our third-party channel partner network of resellers, both domestically and internationally. We have expanded our sales organization in recent periods and expect to continue to add additional sales capabilities in the near term. Significant competition exists for sales personnel with the skills and technical knowledge that we require. New hires require significant training and may take significant time before they achieve full productivity, and this delay may be accentuated by our long sales cycles. Our recent hires and planned hires may not become productive as quickly as we expect, and we may be unable to hire or retain sufficient numbers of qualified individuals in the markets where we do business or plan to do business. In addition, a significant percentage of our sales force is new to our Company and selling our solutions, and therefore this team may be less effective than our more seasoned sales personnel. Furthermore, hiring sales personnel in new countries, or expanding our existing presence, requires upfront and ongoing expenditures that we may not recover if the sales personnel to full productivity. We cannot predict whether, or to what extent, our sales will increase as we expand our sales or how long it will take for sales personnel to become productive. If we are to hire and train a sufficient number of sales personnel, or the sales personnel we hire are not in obtaining new customers or increasing sales to our existing customer base, our business and results of operations will be affected. All of these efforts will require us to invest significant financial and other resources and our business will be if our efforts do not generate a correspondingly significant increase in revenue.
Our ability to maintain customer satisfaction depends in part on the quality of our customer support.
Once our Platform and solutions are purchased, our customers depend on our maintenance and support teams to resolve technical and operational issues relating to our Platform and solutions. Our ability to provide effective customer maintenance and support is largely dependent on our ability to attract, train, and retain qualified personnel with experience in supporting customers with our Platform and products and solutions such as ours and maintaining the same. The number of our customers has grown significantly and that has and will continue to put additional pressure on our support teams. We may be unable to respond quickly enough to accommodate short-term increases in customer demand for technical support. We may be subject to disruptions in customer support as well as failures to provide adequate support for reasons that are outside of our direct control.
We also may be unable to modify the future, scope, and delivery of our maintenance services and technical support to compete with changes in the technical services provided by our competitors. Increased customer demand for maintenance and support services, without corresponding revenue, could increase costs and negatively affect our operating results. In addition, if we experience increased customer demand for support and maintenance, we may face increased costs that may harm our business, financial condition, or results of operations. Further, as we continue to grow our operations and support our global customer base, we need to be able to continue to provide efficient support and effective maintenance that meet our customers’ needs globally at scale. Customers receive additional maintenance and support features, and the number of our customers has grown significantly, which will put additional pressure on our organization. If we are unable to provide efficient customer maintenance and support globally at scale or if we need to hire additional maintenance and support personnel, our business may be harmed. Our ability to attract new customers is highly dependent on our business reputation and on recommendations from our existing customers. Any to maintain high-quality maintenance and support services or a market perception that we do not maintain high-quality maintenance and support services for our customers would our business.
If we cannot maintain our company culture as we grow, we could lose the innovation, teamwork, passion, and focus on execution that we believe contribute to our success and our business may be harmed.
We believe that our corporate culture has been a contributor to our success, which we believe promotes innovation, teamwork, passion and focus on building and marketing our products and solutions. Any integration challenges or any failure to preserve our culture could harm our future success, including our ability to retain and recruit personnel, innovate and operate effectively and execute on our business strategy. As we grow, we may find it difficult to maintain our corporate culture. Additionally, our productivity and the quality of our products and solutions may be adversely affected if we do not integrate and train our new employees quickly and effectively. If we experience any of these effects in connection with future growth, it could impair our ability to attract new customers, retain existing customers and expand their use of our products and solutions, all of which would adversely affect our business, financial condition and results of operations.
We recognize revenue from subscription to our Platform over the term of the subscription. Consequently, increases or decreases in new sales may not be immediately reflected in our results of operations.
We generally recognize revenue from customers ratably over the terms of their subscriptions, which are generally one to three years. As a result, a substantial portion of the revenue we report in each period is attributable to the recognition of deferred revenue relating to agreements that we entered into during previous periods. Consequently, any increase or decline in new sales or renewals in any one period will not be immediately reflected in our revenue for that period. Any such change, however, would affect our revenue in future periods. Accordingly, the effect of downturns or upturns in new sales and potential changes in our rate of renewals may not be fully reflected in our results of operations until future periods. We may also be unable to timely reduce our cost structure in line with a significant deterioration in sales or renewals that would adversely affect our results of operations and financial condition.
Our operating results may fluctuate significantly which could make our future results difficult to predict and could cause our operating results to fall below expectations.
Our operating results may vary significantly in the future, particularly considering the number of enterprise customer contracts and the cyclical nature of our government sales generation, and period-to-period comparisons of our operating results may not be meaningful. Accordingly, the results of any one quarter should not be relied upon as an indication of future performance. Our operating results may fluctuate as a result of a variety of factors, many of which are outside of our control, and as a result, may not fully reflect the underlying performance of our business. Fluctuations in operating results may negatively impact the value of our securities. Factors that may cause fluctuations in our quarterly operating results include, without limitation:
our ability to generate significant revenue from new offerings and cross-selling current offerings;
our ability to expand our number of customers and sales;
our ability to hire and retain employees, in particular those responsible for our sales and marketing;
changes in the way we organize and compensate our sales teams;
the timing of expenses and recognition of revenue;
the timing and length of our sales cycles;
increased sales to large organizations;
the amount and timing of operating expenses related to the maintenance and expansion of our business and operations, as well as international expansion;
the timing and effectiveness of new sales and marketing initiatives;
changes in our pricing policies or those of our competitors;
the timing and success of new platforms, applications, features, and functionality by us or our competitors;
changes in the competitive dynamics of our industry, including consolidation among competitors;
changes in laws and regulations that impact our business;
the timing of expenses related to any future acquisitions, including our ability to successfully integrate, and fully realize the expected benefits of, completed acquisitions;
health epidemics or pandemics, such as the COVID-19 pandemic;
civil unrest and geopolitical instability, including as a result of the ongoing conflict between Russia and Ukraine; and
general political, economic, and market conditions.
Our long-term success depends, in part, on our ability to expand the sale of our Platform to customers located outside of the U.S., and our current, and any further, expansion of our international operations exposes us to risks that could have a material adverse effect on our business, operating results, and financial condition.
We are generating a portion of our revenue outside of the U.S., and conduct our business activities in various foreign countries, including some emerging markets, where the challenges of conducting our business can be significantly different from those we have faced in more developed markets and where business practices may create internal control risks. There are certain risks inherent in conducting international business, including:
fluctuations in foreign currency exchange rates, which could add volatility to our operating results;
new, or changes in, regulatory requirements;
uncertainty regarding regulation, currency, tax, and operations resulting from the United Kingdom’s, or the U.K., exit from the European Union, or the E.U., and possible disruptions in trade, the sale of our services and commerce, and movement of our people between the U.K., E.U., and other locations;
tariffs, export and import restrictions, restrictions on foreign investments, sanctions, and other trade barriers or protection measures;
costs and liabilities related to compliance with foreign privacy, data protection and information security laws and regulations, including the General Data Protection Regulation of the European Union, or the GDPR, and the risks and costs of noncompliance;
costs of localizing products and services;
the lack of acceptance of localized products and services;
the need to make significant investments in people, solutions and infrastructure, typically well in advance of revenue generation;
challenges inherent in efficiently managing an increased number of employees over large geographic distances, including the need to implement appropriate systems, policies, benefits and compliance programs;
difficulties in maintaining our corporate culture with a dispersed and distant workforce;
treatment of revenue from international sources, evolving domestic and international tax environments, and other potential tax issues, including with respect to our corporate operating structure and intercompany arrangements;
different standards for or weaker protection of our intellectual property, including increased risk of theft of our proprietary technology and other intellectual property;
economic weakness or currency-related crises;
compliance with multiple, conflicting, ambiguous or evolving governmental laws and regulations, including employment, tax, privacy, anti-corruption, import/export, antitrust, data transfer, storage and protection, and industry-specific laws and regulations, including rules related to compliance by our third-party resellers and our ability to identify and respond timely to compliance issues when they occur, and regulations applicable to us and our third-party data providers from whom we purchase and resell data;
vetting and monitoring our third-party resellers in new and evolving markets to confirm they maintain standards consistent with our brand and reputation;
generally longer payment cycles and greater difficulty in collecting accounts receivable;
our ability to adapt to sales practices and customer requirements in different cultures;
the lack of reference customers and other marketing assets in regional markets that are new or developing for us, as well as other adaptations in our market generation efforts that we may be slow to identify and implement;
dependence on certain third parties, including resellers with whom we do not have extensive experience;
natural disasters, acts of war, terrorism, or pandemics, including the ongoing COVID-19 pandemic;
corporate espionage; and
political instability and security risks in the countries where we are doing business and changes in the public perception of governments in the countries where we operate or plan to operate.
We might undertake corporate operating restructurings that involve our group of foreign country subsidiaries through which we do business abroad. We consider various factors in evaluating these restructurings, including the alignment of our corporate legal entity structure with our organizational structure and our objectives, the operational and tax efficiency of our group structure, and the long-term cash flows and cash needs of our business. Such restructurings could increase our operating costs, and if ineffectual, could increase our income tax liabilities and our global effective tax rate.
Risks Related to Government Contracting
One U.S. government customer accounts for a substantial portion of our revenue. If our relationship with our largest customer is impaired or terminated, our revenue would decline, and our business, financial condition, and results of operations would be adversely affected.
We have derived a substantial portion of our revenue from one U.S. government customer, the Office of Personnel Management (OPM). Our current contract with OPM has been extended to an optional period ending on June 30, 2024. On December 28, 2023, we were awarded a new contract by OPM (the "new OPM Contract"). The New OPM Contract is structured as a Base Period from July 1, 2024 to June 30, 2025, followed by a series of options as follows: Option Period I from July 1, 2025 to June 30, 2026, Option Period II from July 1, 2026 to September 30, 2026, Option Period, Option Period III from October 1, 2026 to March 31, 2027, Option Period IV from April 1, 2027 to September 30, 2027, Option Period V from October 1, 2027 to March 31, 2028, and Option Period VI from April 1, 2028 to September 30, 2028. OPM has an option to add a six-month transition out period to run concurrently with any option period. OPM accounted for approximately 35% of revenue for the year ended January 31, 2024.
As a result, our revenue could fluctuate materially, and could be materially and disproportionately affected by purchasing decisions by this customer or any other significant future customer. This customer may decide to purchase less than it has in the past, may alter its purchasing patterns at any time with limited notice, or may decide not to continue to license our products at all, any of which could cause our revenue to decline and adversely affect our financial condition and results of operations. If we do not further diversify our customer base, we will continue to be susceptible to risks associated with customer concentration.
Our business depends, in part, on sales to government organizations, and significant changes in the contracting or fiscal policies of such government organizations could have an adverse effect on our business and results of operations.
Our future growth depends, in part, on increasing sales to government organizations. Demand from government organizations is often unpredictable, subject to budgetary uncertainty and typically involves long sales cycles. We have made significant investment to address the government sector, but we cannot assure you that these investments will be successful, or that we will be able to maintain or grow our revenue from the government sector. U.S. federal, state, and local government sales are subject to a number of challenges and risks that may adversely impact our business. Sales to such government entities include the following risks:
selling to governmental agencies can be highly competitive, expensive, and time consuming, often requiring significant upfront time and expense without any assurance that such efforts will generate a sale;
government certification requirements applicable to our products may change and, in doing so, restrict our ability to sell into the U.S. Federal Government sector until we have attained the revised certification.
government demand and payment for our Platform may be impacted by public sector budgetary cycles and funding priorities and authorizations, with funding reductions or delays adversely affecting public sector demand for our Platform;
governments routinely investigate and audit government contractors’ administrative processes, and any unfavorable audit could result in the government refusing to continue buying our Platform, which would adversely impact our revenue and results of operations, or institute fines or civil or criminal liability if the audit were to uncover improper or illegal activities; and
governments may add new or change existing contractual and/or data security infrastructure requirements that could restrict our ability to sell to government customers.
The occurrence of any of the foregoing could cause governments and governmental agencies to delay or refrain from purchasing our solutions in the future or otherwise have an adverse effect on our business and results of operations.
A decline in the U.S. Government budget, changes in spending or budgetary priorities or delays in contract awards may adversely affect our business, financial condition, and results of operations and limit our growth prospects.
Revenue under contracts with U.S. government agencies represents a substantial amount of our total revenue. Levels of U.S. government spending are difficult to predict and subject to significant risk. Laws and plans adopted by the U.S. Government relating to, along with pressures on and uncertainty surrounding the U.S. federal budget, potential changes in budgetary priorities, sequestration, the appropriations process, and the permissible federal debt limit, could adversely affect the funding for individual programs and delay purchasing or payment decisions by our customers. Considerable uncertainty exists regarding how future budget and program decisions will unfold and what challenges budget reductions will present for us and the industry for our solutions and products.
Current U.S. government spending levels may not be sustained and future spending and program authorizations may not increase or may decrease or shift to programs in areas in which we do not provide services or are less likely to be awarded contracts. Such changes in spending authorizations and budgetary priorities may occur as a result of uncertainty surrounding the federal budget, increasing political pressure and legislation, shifts in spending priorities as a result of competing demands for federal funds, or other factors. In the event government funding relating to our contracts with the U.S. Government becomes unavailable, or is reduced or delayed, or planned orders are reduced, our contract or subcontract under such programs may be terminated or adjusted by the U.S. Government or the prime contractor, if applicable. Our operating results could also be adversely affected by spending caps or changes in the budgetary priorities of the U.S. Government, as well as delays in program starts or the award of contracts or task orders under contracts.
In addition, changes to the federal acquisition system and contracting models could affect whether and how we pursue certain opportunities and the terms under which we are able to do so. A significant decline in overall U.S. government spending, a significant shift in its spending priorities, significant delays in contract or task order awards for large programs could adversely affect our business, financial condition, and results of operations and limit our growth prospects.
A delay in the completion of the U.S. Government’s budget and appropriation process could delay procurement of solutions we provide and have an adverse effect on our future revenue.
The funding of U.S. government programs is subject to an annual congressional budget authorization and appropriations process. In years when the U.S. Government does not complete its appropriations before the beginning of the new fiscal year on October 1, government operations are typically funded pursuant to a “continuing resolution,” which allows federal government agencies to operate at spending levels approved in the previous appropriations cycle but does not authorize new spending initiatives. When the U.S. Government operates under a continuing resolution, delays can occur in the procurement of our products and solutions and may result in new initiatives being canceled. Revenue from government customers is often cyclical and based upon delays or change in the appropriation cycle or government shutdowns and thus can impact future performance. When the U.S. Government fails to complete its appropriations process or to provide for a continuing resolution, a full or partial federal government shutdown may result. A federal government shutdown could, in turn, result in our incurrence of substantial labor or other costs without reimbursement under customer contracts, the delay or of key programs or the of contract payments, which could have a effect on our cash flows and affect our business, financial condition, and results of operations. For many programs, Congress appropriates funds on an annual fiscal year basis even though the program performance period may extend over several years. Consequently, programs are often partially funded initially, and additional funds are committed only as Congress makes further appropriations. If we incur costs in excess of funds obligated on a contract, we may be at risk for reimbursement of those costs unless or until additional funds are earmarked to the contract. In addition, when supplemental appropriations are required to operate the U.S. Government or fund specific programs and passage of legislation needed to approve any supplemental appropriations bill is , the overall funding environment for our business could be affected.
Due to the competitive process to obtain contracts and the likelihood of bid protests, we may be unable to achieve or sustain revenue growth and our business, financial condition, and results of operations may be adversely affected.
A substantial portion of the business that we seek with respect to our solutions is subject to competitive bidding processes with U.S. government customers. The U.S. Government has increasingly relied on contracts that are subject to a continuing competitive bidding process which has resulted in greater competition and increased pricing pressure. The competitive bidding process involves substantial costs and several risks, including significant cost and managerial time to prepare bids and proposals for contracts that may not be awarded to us, may be split among competitors or that may be awarded but for which we do not receive meaningful task orders, and to the risk of inaccurately estimating the resources and costs that will be required to fulfill any contract we win.
Following contract award, we may encounter significant expense, delay, contract modifications or even contract loss because of our competitors challenging (or protesting) the award of contracts to us in competitive bidding. Any resulting loss or delay of start-up and funding of work under protested contract awards may adversely affect our revenue and/or profitability. In addition, multi-award contracts require that we make sustained post-award efforts to obtain task orders under the contract. As a result, we may not be able to obtain these task orders or recognize revenue under these multi-award contracts. We are also experiencing increased competition generally which impacts our ability to obtain contracts. Our failure to compete effectively in this procurement environment would adversely affect our revenue and our business, financial condition, and results of operations may be affected.
The U.S. Government may terminate, cancel, stop, modify or curtail our contracts at any time prior to their completion and, if we do not replace them, this may adversely affect our future revenue and profitability.
Many of the U.S. government programs in which we may participate as a prime contractor or subcontractor extend for several years and include one or more base years and one or more option years. These programs are normally funded on an annual basis. Under our contracts, the U.S. Government generally has the right to not exercise options to extend or expand our contracts and may otherwise terminate, cancel, stop, modify, or curtail our contracts at its convenience. Any decisions by the U.S. Government to not exercise contract options or to terminate, cancel, stop, modify or curtail our major programs or contracts would adversely affect our revenue, revenue growth, and profitability.
We may also experience technological or other performance difficulties under our contracts, which may result in delays, cost overruns, and failures in our performance of these contracts. If a government customer terminates a contract for default, we may be exposed to liability, including for excess costs incurred by the customer in procuring undelivered services and solutions from another source. Depending on the nature and value of the contract, a performance issue or termination for default could cause our actual results to differ from those anticipated and could harm our reputation, and even lead to a suspension or debarment action.
Our failure to comply with a variety of complex procurement rules and regulations could result in our being liable for civil or criminal penalties, termination of our U.S. government contracts, disqualification from bidding on future U.S. government contracts, and suspension or debarment from U.S. government contracting.
As a U.S. government contractor, we must comply with laws and regulations relating to the formation, administration, and performance of U.S. government contracts, which affect how we do business with our customers. Such laws and regulations may potentially impose added costs on our business and our failure to comply with them may lead to civil or criminal penalties, termination of our U.S. government contracts, or suspension or debarment from contracting with federal agencies. Some significant laws and regulations that affect us include, but are not limited to the following:
the Federal Acquisition Regulations (FAR) and FAR supplements, which regulate the formation, administration, and performance of U.S. government contracts;
Truthful Cost or Pricing Data, formerly known as the Truth in Negotiations Act, which requires certification and disclosure of cost and pricing data in connection with certain contract negotiations;
the Procurement Integrity Act, which regulates access to competitor bid and proposal information and government source selection information and our ability to provide compensation to certain former government officials;
the Civil False Claims Act, which provides for substantial civil penalties for violations, including for the knowing submission of a false or fraudulent claim to the U.S. Government for payment or approval;
the False Statements Act, which imposes civil and criminal liability for making false statements to the U.S. Government; and
the U.S. government Cost Accounting Standards, which imposes accounting requirements that govern our right to reimbursement under certain cost-based U.S. government contracts.
The FAR and many of our U.S. government contracts contain organizational conflict of interest clauses that may limit our ability to compete for or perform certain other contracts or other types of services for particular customers. Organizational conflicts of interest (OCI) arise when we engage in activities that may make us unable to render impartial assistance or advice to the U.S. Government, impair our objectivity in performing contract work or provide us with an unfair competitive advantage in winning or performing on a contract. An OCI that precludes our competition for or performance on a significant program or contract could harm our prospects. Conversely, our failure to identify and disclose an OCI can result in civil and/or criminal penalties.
The U.S. Government may adopt new contract rules and regulations or revise its procurement practices in a manner adverse to us at any time without notice and/or compensation, which could adversely affect our profitability, cash position or growth prospects.
Our industry has experienced, and we expect it will continue to experience, significant changes to business practices because of an increased focus on affordability, efficiencies and recovery of costs, among other items. U.S. government agencies may face restrictions or pressure regarding the type and number of services that they may obtain from private contractors. Legislation, regulations, and initiatives dealing with enhanced governance, oversight, and/or security (physical or cyber), procurement reform, mitigation of potential conflicts of interest, and environmental responsibility or sustainability, as well as any resulting shifts in the buying practices of U.S. government agencies, such as increased usage of fixed-price contracts, multiple-award contracts and small business set-aside contracts, could have adverse effects on government contractors. Any of these changes could impair our ability to obtain new contracts or renew our existing contracts when customers recompete those contracts. Any new contracting requirements or procurement methods could be costly or administratively difficult for us to implement and could adversely affect our business, financial condition, and results of operations.
As a U.S. government contractor, we are subject to reviews, audits, and cost adjustments by the U.S. Government, which, if resolved unfavorably to us, could adversely affect our profitability, cash position or growth prospects.
U.S. government contractors (including their subcontractors and others with whom they do business) operate in a highly regulated environment and are routinely audited and reviewed by the U.S. Government and its agencies. These agencies review a contractor’s performance on government contracts, cost structure, indirect rates, and pricing practices and compliance with applicable contracting and procurement laws, regulations, terms and standards, as well as the adequacy of our systems and processes in meeting government requirements. They also review the adequacy of the contractor’s compliance with government standards for its business systems, including a contractor’s accounting system, earned value management system, estimating system, materials management and accounting system, property management system, and purchasing system.
Both contractors and the U.S. government agencies conducting these audits and reviews have come under increased scrutiny. As a result, the current audits and reviews have become more rigorous and the standards to which we are held are being more strictly interpreted, increasing the likelihood of an audit or review resulting in an adverse outcome.
A finding of significant control deficiencies in our system audits or other reviews can result in decremented billing rates to our U.S. government customers until the control deficiencies are corrected and our remediations are accepted. Government audits and reviews may conclude that our practices are not consistent with applicable laws and regulations and result in adjustments to contract costs and mandatory customer refunds. Such adjustments can be applied retroactively, which could result in significant customer refunds. Our receipt of adverse audit findings or the failure to obtain an “approved” determination of our various business systems from the responsible U.S. government agency could significantly and adversely affect our business, including our ability to bid on new contracts and our competitive position in the bidding process. A determination of non-compliance with applicable contracting and procurement laws, regulations and standards could also result in the U.S. Government imposing penalties and sanctions against us, including reductions of the value of contracts, contract modifications or termination, withholding of payments, the of export/import privileges, administrative or civil judgments and liabilities, judgments or , liabilities and consent or other voluntary decrees or agreements, other sanctions, the assessment of , or compensatory, treble or other or non-monetary relief or actions, or , of payments, and increased government that could impact our reputation, or affect our ability to invoice and receive timely payment on contracts, perform contracts or compete for contracts with the U.S. Government and may affect our revenue and .
Risks Relating to Financial, Tax, and Accounting Issues
Our issued and outstanding convertible notes may impact our financial results, result in the dilution of our stockholders, create downward pressure on the price of our Common Stock, and restrict our ability to raise additional capital or take advantage of future opportunities.
In connection with the Business Combination, we issued the Convertible Notes (see Note 10) in an aggregate principal amount of $150,000,000. The Convertible Notes are convertible into shares of our Common Stock at an initial conversion rate of 86.9565 shares of our Common Stock (subject to adjustment as provided in the Indenture) per $1,000 of principal amount of Notes and 86.9565 shares of our Common Stock (subject to adjustment as provided in the Indenture) per $1,000 of accrued and unpaid interest on any Convertible Notes. To the extent we exercise our option to pay interest in kind with respect to the Convertible Notes rather than in cash, the number of shares of our Common Stock into which the Convertible Notes may be converted would increase. The sale of the Convertible Notes may affect our earnings per share, as accounting procedures may require that we include in our calculation of earnings per share the number of shares of our Common Stock into which the Convertible Notes are convertible.
Upon a conversion of the Convertible Notes, we will have the ability to settle by payment of cash, by issuance of our Common Stock, or a combination of both. If shares of our Common Stock are issued to the holders of the Convertible Notes upon conversion, there will be dilution to our stockholders and the market price of our Common Stock may decrease due to the additional selling pressure in the market. Any downward pressure on the price of our Common Stock caused by the sale, or potential sale, of shares issuable upon conversion of the Convertible Notes could also encourage short sales by third parties, creating additional selling pressure on our share price.
We may not have the ability to raise the funds necessary to settle conversions of the Convertible Notes in cash, repurchase the Convertible Notes upon a fundamental change or repay the Convertible Notes in cash at their maturity, and our future debt may contain limitations on our ability to pay cash upon conversion, redemption or repurchase of the Convertible Notes.
Holders of the Convertible Notes will have the right under the Indenture to require us to repurchase all or a portion of their Notes upon the occurrence of a fundamental change before the applicable maturity date at a repurchase price equal to 100% of the principal amount of such notes to be repurchased plus accrued and unpaid interest to, but not including, the repurchase date. Moreover, we will be required to repay the Convertible Notes in cash at their maturity, unless earlier converted, redeemed or repurchased. We may not have enough available cash or be able to obtain financing at the time we are required to make repurchases of such notes surrendered or pay cash with respect to such notes being converted (which we otherwise may elect to do upon the conversion of notes in lieu of issuing shares).
Upon a conversion of the Convertible Notes, we will have the ability to settle by payment of cash, by issuance of our Common Stock, or a combination of both. Our ability to repurchase, redeem or to pay cash upon conversion of Notes may be limited by law, regulatory authority, or agreements governing our future indebtedness. Our failure to repurchase the Convertible Notes at a time when the repurchase is required by the Indenture would constitute a default under such indenture (provided that upon a conversion, we could settle by issuance of our Common Stock). A default under the Indenture or the fundamental change itself could also lead to a default under agreements governing our future indebtedness. If the payment of the related indebtedness were to be accelerated after any applicable notice or grace periods, we may not have sufficient funds to repay the interest on such indebtedness and repurchase the Convertible Notes or to pay cash upon conversion of the Convertible Notes.
We may still incur substantially more debt or take other actions that would diminish our ability to make payments on the Convertible Notes when due.
We and our subsidiaries may be able to incur substantial additional debt in the future, subject to the restrictions contained in our debt instruments, including, pursuant to the Indenture governing the Convertible Notes. Pursuant to the Indenture, we and our subsidiaries are not permitted to issue any Senior Indebtedness, Disqualified Capital Stock and Preferred Stock (each such term as defined in the Indenture) in an aggregate principal amount in excess of $50,000,000. However, we are not restricted from recapitalizing our debt or taking a number of other actions that are not limited by the terms of the Indenture that could have the effect of diminishing our ability to make payments on the Convertible Notes when due.
We have secured debt outstanding, which may adversely affect our financial condition and future financial results. Our existing debt agreements contain restrictive covenants that may limit our ability to operate our business.
We have outstanding secured indebtedness with Stifel Bank of $22.5 million as of January 31, 2024. Our secured indebtedness contains a number of restrictive covenants that impose significant operating and financial restrictions on us. As a result of these covenants, our ability to respond to changes in business and economic conditions and engage in beneficial transactions, including to obtain additional financing as needed, may be restricted. Furthermore, our failure to comply with our debt covenants could result in a default under our debt agreements, which would cause our indebtedness under such debt agreements to become immediately due and payable. If any of our debt is accelerated, we may not have sufficient funds available to repay it.
Our ability to make scheduled payments of principal and interest and other required repayments depends on our future performance, which is subject to economic, financial, competitive and other factors beyond our control. Our business may not generate cash flows from operations in the future sufficient to service our debt and make necessary capital expenditures. If we are unable to generate such cash flows, we may be required to adopt one or more alternatives, such as selling assets, restructuring operations, restructuring debt or obtaining additional equity capital on terms that may be onerous or dilutive.
We may incur additional indebtedness in the future in the ordinary course of business subject to the restrictions in the Indenture and our secured debt, which could include restrictive covenants. If new debt is added to current debt levels, the risks described above could intensify.
We may need to raise additional capital to maintain and expand our operations and invest in new solutions, which capital may not be available on terms acceptable to us, or at all, and which could reduce our ability to compete and could harm our business.
Retaining or expanding our current levels of personnel and products offerings may require additional funds to respond to business challenges, including the need to develop new products and enhancements to our Platform, improve our operating infrastructure, or acquire complementary businesses and technologies. The failure to raise additional capital or generate the significant capital necessary to expand our operations and invest in new products and solutions could reduce our ability to compete and could harm our business. Accordingly, we may need to engage in additional equity or debt financing to secure additional funds. If we raise additional equity financing, stockholders may experience significant dilution of their ownership interests and the market price of our Common Stock could decline. If we engage in debt financing, the holders of debt would have priority over the holders of our Common Stock, and we may be required to accept terms that restrict our operations or our ability to incur additional indebtedness or to take other actions that would otherwise be in the interests of the debt holders. Any of the above could harm our business, results of operations, and financial condition.
Future acquisitions, strategic investments, partnerships, or alliances could be difficult to identify and integrate, divert the attention of key management personnel, disrupt our business, dilute stockholder value, and adversely affect our results of operations, and financial condition.
As part of our business strategy, we have in the past and expect to continue to make investments in and/or acquire complementary businesses and assets. Our ability as an organization to acquire and integrate other companies, services, or technologies in a successful manner in the future is not guaranteed. We may not be able to find suitable acquisition candidates, and we may not be able to complete such acquisitions on favorable terms, if at all. If we do complete acquisitions or strategic investments, we may not ultimately strengthen our competitive position or ability to achieve our business objectives, and any acquisitions or investments we complete could be viewed negatively by our end-customers or investors. In addition, our due diligence may fail to identify all the problems, liabilities or other shortcomings or challenges of an acquired business, product, or technology, including issues related to intellectual property, product quality or product architecture, regulatory compliance practices, revenue recognition or other accounting practices or issues with employees or customers. If we are at integrating such acquisitions, or the technologies associated with such acquisitions, into our Company, our revenue and results of operations could be affected. Any integration process may require significant time and resources, and we may not be to manage the process . We may not evaluate or utilize the acquired technology or personnel, or accurately forecast the financial impact of an acquisition transaction, including accounting charges. We may have to pay cash, incur debt or issue equity securities to pay for any such acquisition, each of which could affect our financial condition and the market price of our Common Stock. The sale of equity or issuance of debt to finance any such acquisitions could result in dilution to our stockholders. The incurrence of indebtedness would result in increased fixed obligations and could also include covenants or other restrictions that would our ability to manage our operations.
Additional risks we may face in connection with acquisitions include:
diversion of management time and focus from operating our business to addressing acquisition integration challenges;
coordination of research and development and sales and marketing functions;
integration of product and service offerings;
retention of key employees from the acquired company;
changes in relationships with strategic partners as a result of product acquisitions or strategic positioning resulting from the acquisition;
cultural challenges associated with integrating employees from the acquired company into our organization;
integration of the acquired company’s accounting, management information, human resources, and other administrative systems;
the need to implement or improve controls, procedures, and policies at a business that prior to the acquisition may have lacked sufficiently effective controls, procedures, and policies;
additional legal, regulatory or compliance requirements;
financial reporting, revenue recognition or other financial or control deficiencies of the acquired company that we do not adequately address and that cause our reported results to be incorrect;
liability for activities of the acquired company before the acquisition, including intellectual property infringement claims, violations of laws, commercial disputes, tax liabilities, and other known and unknown liabilities;
unanticipated write-offs or charges; and
litigation or other claims in connection with the acquired company, including claims from terminated employees, customers, former stockholders or other third parties.
Our failure to address these risks or other problems encountered in connection with acquisitions and investments could cause us to fail to realize the anticipated benefits of these acquisitions or investments, cause us to incur unanticipated liabilities, and harm our business generally.
We have previously reported material weaknesses in our internal control over financial reporting that have been remediated, but if we fail to properly manage our internal control over financial reporting on a go forward basis, future material weaknesses could be identified that could result in a material misstatement in our financial statements.
A material weakness is a deficiency, or a combination of deficiencies, in internal control over financial reporting such that there is a reasonable possibility that a material misstatement of our annual or interim financial statements will not be prevented or detected on a timely basis. We rely upon internal processes and information systems to support key business functions, including our assessment of internal controls over financial reporting as required by Section 404 of the Sarbanes-Oxley Act.
We cannot be certain that the measures we have taken, and expect to take, to improve our internal controls will be sufficient to ensure that our internal controls will remain effective and eliminate the possibility that other material weakness or deficiencies may develop or be identified in the future. If we identify future material weaknesses in our internal controls, even if quickly remediated once disclosed, investors may lose confidence in our financial statements and our stock price may decline. Implementing changes to our internal controls in connection with the remediation of any material weakness may distract our management and could require us to incur significant expenses. If we fail to remediate any material weakness, our financial statements may be inaccurate, we may be required to our financial statements, our ability to report our financial results in a timely and accurate basis may be affected, our access to the capital markets may be restricted, our stock price may , and we may be subject to sanctions or by regulatory authorities, which could materially and affect our business and results of operations.
Our ability to use our net operating loss carryforwards and certain other tax attributes may be limited.
As of January 31, 2024, ZeroFox had U.S. federal and state net operating loss carryforwards, or NOLs, available to offset future federal and state taxable income of approximately $226.4 million and $105.7 million, respectively, and portions of which expire in various years. A lack of future taxable income would adversely affect our ability to utilize these NOLs before they expire. Under the Tax Cuts and Jobs Act of 2017 (the Tax Act), as modified by the Coronavirus Aid, Relief, and Economic Security Act (the CARES Act), federal NOLs incurred in tax years beginning after December 31, 2017 may be carried forward indefinitely, but the deductibility of such federal NOLs in tax years beginning after December 31, 2020 is limited to 80% of taxable income. It is uncertain if and to what extent various states will conform to the Tax Act or the CARES Act.
In addition, under Section 382 of the Code, a corporation that undergoes an “ownership change” (as defined under Sections 382 and 383 of the Code and applicable Treasury Regulations) is subject to limitations on its ability to utilize its pre-change NOLs and certain other tax attributes to offset post-change taxable income or taxes. In connection with the Business Combination, we conducted a Section 382 review which determined the Business Combination constituted an ownership change. However, this will not affect our ability to realize the NOL carryforwards on a going forward basis provided we have sufficient taxable income, subject to the annual limitation. In addition, we may experience future ownership changes under Section 382 of the Code that could further affect our ability to utilize our NOLs to offset our income. Furthermore, our ability to utilize NOLs of companies that we have acquired or may acquire in the future may be subject to limitations. In addition, at the state level, there may be periods during which the use of NOLs is suspended or otherwise limited, which could accelerate or permanently increase state taxes owed. For these reasons, we may not be able to utilize a material portion of the NOLs reflected on our balance sheet, even if we attain , which could potentially result in increased future tax liability to us and could affect our operating results and financial condition.
Finally, beginning in 2022 Tax Act eliminated the option to deduct research and development expenditures immediately in the year incurred pursuant to Section 174 of the Code. The Tax Act requires taxpayers to capitalize and amortize such expenditures over five years. The actual impact on cash from operations will depend on whether and when these provisions are deferred, modified, or repealed by Congress, including any retroactive application to 2022, among other factors
IDX failed to collect sales and use tax prior to January 1, 2022, and we have been working to mitigate such failure.
Prior to January 1, 2022, IDX did not collect U.S. sales and use tax from its customers for its services. During 2020, IDX engaged an external tax consultant to perform a full U.S. sales tax nexus study and analysis. IDX accrued and reflected historical liabilities in its financial statements and was filing Voluntary Disclosure Agreements (VDA) in relevant U.S. jurisdictions, and we will be remitting liabilities accordingly. Beginning January 1, 2022, IDX began collecting, reporting, and remitting appropriate U.S. sales tax from its customers in all applicable jurisdictions. As of January 31, 2024, the Company recorded an accrual $1.3 million for IDX sales and use taxes that were not remitted prior to January 1, 2022.
Our goodwill and identifiable intangible assets have been impaired and could become further impaired, which could reduce the value of our assets and reduce our net income in the year in which the write-off occurs.
Goodwill represents the excess of the cost of an acquisition over the fair value of the net assets acquired. We also ascribe value to certain identifiable intangible assets, which consist primarily of customer relationships, developed technology, and trade names, among others, as a result of acquisitions. We may incur impairment charges on goodwill or identifiable intangible assets if we determine that the fair values of goodwill or identifiable intangible assets are less than their current carrying values. We evaluate, on a regular basis, whether events or circumstances have occurred that indicate all, or a portion, of the carrying amount of goodwill may no longer be recoverable, in which case an impairment charge to earnings would become necessary.
A decline in general economic conditions or global equity valuations could impact the judgments and assumptions about the fair value of our business and we could be required to record impairment charges on our goodwill or other identifiable intangible assets in the future, which could impact our consolidated balance sheet, as well as our consolidated statement of comprehensive loss.
The Company recorded goodwill impairment charges of $284.2 million during the year ended January 31, 2024. The Company recorded a $72.1 million impairment charge as result of its annual test of goodwill as of October 31, 2023, and a $212.1 million impairment charge as result of the interim test of goodwill as of January 31, 2024.
If our estimates or judgments relating to our critical accounting policies prove to be incorrect or financial reporting standards or interpretations change, our results of operations could be adversely affected.
The preparation of financial statements in conformity with GAAP requires management to make estimates and assumptions that affect the amounts reported in our consolidated financial statements and accompanying notes. We have historically based our estimates on historical experience and on various other assumptions that we believe to be reasonable under the circumstances as discussed in the sections titled “ Management’s Discussion and Analysis of Financial Condition and Results of Operations of ZeroFox ” and “ Management’s Discussion and Analysis of Financial Condition and Results of Operations of IDX .” The results of these estimates form the basis for making judgments about the carrying values of assets, liabilities, and equity, and the amount of revenue and expenses that are not readily apparent from other sources. Significant assumptions and estimates used in our consolidated financial statements include, and may include in the future, those related to revenue recognition; valuation of intangibles in purchase accounting; allowance for doubtful accounts; costs to obtain or fulfill a contract; valuation of common stock; carrying value and useful lives of long-lived assets; loss contingencies; and the provision for income taxes and related deferred taxes. Our operating results may be adversely affected if our assumptions change or if actual circumstances differ from those in our assumptions, which could cause our operating results to fall below the expectations of industry or financial analysts and investors, resulting in a in the market price of our Common Stock.
Additionally, we will regularly monitor our compliance with applicable financial reporting standards and review new pronouncements and drafts thereof that are relevant to us. As a result of new standards, changes to existing standards and changes in their interpretation, we might be required to change our accounting policies, alter our operational policies and implement new or enhance existing systems so that they reflect new or amended financial reporting standards, or we may be required to restate our published financial statements. Such changes to existing standards or changes in their interpretation may have an adverse effect on our reputation, business, financial position, and profit, or cause an adverse deviation from our revenue and operating profit targets, which may negatively impact our financial results.
Risks Related to the Business Combination, Being a Public Company, and Integration of the Predecessor and IDX
The integration of two companies with different organization and compensation structures presents significant management challenges. There can be no assurance that this integration, and the synergies expected to result from that integration, will be achieved as rapidly or to the extent currently anticipated.
The Business Combination involves the integration of two businesses that currently operate as independent businesses. We are devoting significant management attention and resources to integrating business practices and operations following the Closing. We may encounter potential difficulties in the integration process including the following:
the inability to successfully integrate our businesses, including operations, technologies, products and services, in a manner that permits us to achieve the cost savings and operating synergies anticipated to result from the Business Combination, which could result in the anticipated benefits of the Business Combination not being realized partly or wholly in the time frame currently anticipated or at all;
the loss of customers as a result of certain customers of either or both of the two businesses deciding not to continue to do business with us, or deciding to decrease their amount of business in order to reduce their reliance on a single company;
the necessity of coordinating geographically separated organizations, systems, and facilities;
the integration of personnel, including sales teams, with diverse business backgrounds and business cultures, while maintaining focus on providing consistent, high-quality products and services;
the consolidation and rationalization of information technology platforms and administrative infrastructures as well as accounting systems and related financial reporting activities; and
the challenge of preserving important relationships of both companies and resolving potential conflicts that may arise.
Furthermore, it is possible that the integration process could result in the loss of talented employees or skilled workers of the companies. The loss of talented employees and skilled workers could adversely affect our ability to successfully conduct our business because of such employees’ experience and knowledge of the respective business. In addition, we could be adversely affected by the diversion of management’s attention and any delays or difficulties encountered in connection with the integration of the companies. The process of integrating operations could cause an interruption of, or loss of momentum in, the activities of the businesses. If we experience difficulties with the integration process, the anticipated benefits of the Business Combination may not be realized fully or at all, or may take longer to realize than expected. These integration matters could have an adverse effect on our business, results of operations, financial condition or prospects during this transition period and for an period after completion of the Business Combination.
We will incur significant increased expenses and administrative burdens as a public company, which could negatively impact our business, financial condition, and results of operations.
We face increased legal, accounting, administrative, and other costs and expenses as a public company that we have not historically incurred. The Sarbanes-Oxley Act, including the requirements of Section 404(a) relating to disclosing (i) management’s responsibility for establishing and maintaining internal control over financial reporting and (ii) annually assessing the effectiveness of the internal control over financial reporting, as well as rules and regulations subsequently implemented by the SEC, the Dodd-Frank Wall Street Reform and Consumer Protection Act of 2010 and the rules and regulations promulgated and to be promulgated thereunder, the Public Company Accounting Oversight Board (PCAOB) and the securities exchanges, impose additional reporting and other obligations on public companies. Compliance with public company requirements will increase costs and make certain activities more time-consuming. Our management and other personnel are required to devote a substantial amount of time to compliance with these requirements.
We have made, and will continue to make, changes to our internal control over financial reporting, including IT controls, procedures for financial reporting, and accounting systems to meet our reporting obligations as a public company. However, the measures we take may not be sufficient to satisfy our obligations as a public company. If we do not continue to develop and implement the right processes and tools to manage our changing enterprise and maintain our culture, our ability to compete successfully and achieve our business objectives could be impaired, which could negatively impact our business, financial condition, and results of operations. In addition, we cannot predict or estimate the amount of additional costs we may incur to comply with these requirements. We anticipate that these costs will materially increase our general and administrative expenses.
These rules and regulations result in our incurring legal and financial compliance costs and will make some activities more time-consuming and costly. For example, we expect these rules and regulations to make it more difficult and more expensive for us to obtain director and officer liability insurance, and we may be required to accept reduced policy limits and coverage or incur substantially higher costs to obtain the same or similar coverage. As a result, it may be more difficult for us to attract and retain qualified people to serve on our Board, on our Board committees or as executive officers.
Our management has limited experience in operating a public company.
Our executive officers have limited experience in the management of a publicly traded company. Our management team may not successfully or effectively manage our transition to a public company that is subject to significant regulatory oversight and reporting obligations under federal securities laws. Their limited experience in dealing with the increasingly complex laws pertaining to public companies could be a significant disadvantage in that it is likely that an increasing amount of their time may be devoted to these activities, which results in less time being devoted to our management and growth. We may not have adequate personnel with the appropriate level of knowledge, experience, and training in the accounting policies, practices or internal control over financial reporting required of public companies in the United States. The development and implementation of the standards and controls necessary for us to achieve the level of accounting standards required of a public company in the United States may require costs greater than expected. It is possible that we will be required to expand our employee base and hire additional employees to support our operations as a public company, which will increase our operating costs in future periods.
We qualify as an “emerging growth company.” The reduced public company reporting requirements applicable to emerging growth companies may make our Common Stock less attractive to investors.
We qualify as an “emerging growth company” under SEC rules. As an emerging growth company, we are permitted and plan to rely on exemptions from certain disclosure requirements that are applicable to other public companies that are not emerging growth companies. These provisions include, but are not limited to: (1) an exemption from compliance with the auditor attestation requirement in the assessment of internal control over financial reporting pursuant to Section 404 of the Sarbanes-Oxley Act of 2002, (2) not being required to comply with any requirement that may be adopted by the PCAOB regarding mandatory audit firm rotation or a supplement to the auditor’s report providing additional information about the audit and the financial statements, (3) reduced disclosure obligations regarding executive compensation arrangements in periodic reports, registration statements, and proxy statements, and (4) exemptions from the requirements of holding a nonbinding advisory vote on executive compensation and stockholder approval of any golden parachute payments not previously approved. Further, Section 102(b)(1) of the JOBS Act exempts emerging growth companies from being required to comply with new or revised financial accounting standards until private companies (that is, those that have not had a Securities Act registration statement declared effective or do not have a class of securities registered under the Exchange Act) are required to comply with the new or revised financial accounting standards. The JOBS Act provides that a company can elect to opt out of the extended transition period and comply with the requirements that apply to non-emerging growth companies but any such election to opt out is irrevocable. As a result, the information we provide is different than the information that is available with respect to other public companies that are not emerging growth companies. If some investors find our Common Stock less as a result, there may be a less active trading market for our Common Stock, and the market price of our Common Stock may be more .
Uncertainty about the effects of the Business Combination may affect our ability to retain key employees and integrate management structures and may materially impact the management, strategy, and results of our operation as a combined company.
Uncertainty about the effects of the Business Combination on our business, employees, customers, third parties with whom we have relationships, and other third parties may adversely affect us. These uncertainties may impair our ability to attract, retain, and motivate key personnel for a period of time after the Business Combination. If key employees depart because of issues related to the uncertainty and difficulty of integration or a desire not to remain with our Company, our business could be harmed.
Some of our existing agreements contain change in control or early termination rights that may have been implicated by the Business Combination.
Parties with which we have been doing business, including customers and suppliers, may experience uncertainty associated with the Business Combination, including with respect to current or future business relationships with us. As a result, our business relationships may be subject to disruptions if customers, suppliers or others attempt to negotiate or renegotiate changes in existing business relationships or consider entering into business relationships with parties other than us. For example, certain customers, suppliers, and third-party providers may assert contractual consent rights or termination rights that may have been triggered by a change of control. These disruptions could harm our relationships with existing third parties with whom we have relationships, all of which could have a material adverse effect on our business, financial condition, and results of operations, cash flows, and/or share price of our Common Stock.
Risks Related to Legal and Regulatory Matters
Failure to adequately obtain, maintain, protect, and enforce our intellectual property and other proprietary rights could adversely affect our business.
Our success and ability to compete depends in part on our ability to protect the proprietary information, methods, software, and technologies that we develop, hold, or claim under a combination of intellectual property and proprietary rights in and outside the U.S. Despite our efforts, third parties may still attempt to disclose, obtain, copy, use or otherwise exploit our intellectual property or other proprietary information, methods or technologies without our authorization, and our efforts to protect our intellectual property and other proprietary rights may not prevent such unauthorized disclosure, use, exploitation, misappropriation, infringement, reverse engineering or other violation of our intellectual property or other proprietary rights. Further, effective protection of our rights may not be available to us in every country in which our Platform or products and solutions are available. The laws of some countries also may not be as protective of intellectual property and other proprietary rights as those in the U.S., and mechanisms for enforcement of intellectual property and other proprietary rights may be . In addition, we may need to license our intellectual property in order to participate in patent pools or industry standard setting activities or to receive third-party grants as a part of stand-alone licensing arrangements. Accordingly, our efforts, we may be to prevent third parties from using our intellectual property or other proprietary information or technology.
While we hold a number of issued patents and have a number of pending patent applications, we may be unable to obtain patent protection for the technology covered in our patent applications or such patent protection may not be obtained quickly enough to meet our business needs. Furthermore, the patent prosecution process is expensive, time-consuming, and complex, and we may not be able to prepare, file, prosecute, maintain, and enforce all necessary or desirable patent applications at a reasonable cost or in a timely manner. The scope of patent protection also can be reinterpreted after issuance and issued patents may be invalidated. Even if our patent applications do issue as patents, they may not issue in a form that is sufficiently broad to protect our technology, prevent competitors or other third parties from competing with us, or otherwise provide us with any competitive advantage. In addition, any of our patents, copyrights, trademarks, or other proprietary rights may be challenged, narrowed, invalidated, held unenforceable, or in or other proceedings, including, where applicable, , re-examination, inter partes review, post-grant review, , and derivation proceedings, and equivalent proceedings in foreign jurisdictions, and such intellectual property or other proprietary rights may be or no longer provide us meaningful competitive . Such proceedings may result in substantial cost and require significant time from our management, even if the eventual outcome is to us. Third parties also may legitimately and independently develop solutions, services, and technology similar or duplicative of our Platform.
Besides protection under intellectual property laws, we enforce and protect our rights through confidentiality or license agreements that we generally enter into with our corporate partners, employees, consultants, advisors, vendors, and customers. We generally limit access to our intellectual property and control access to our proprietary information. However, we cannot guarantee protection of our intellectual property or proprietary information with all of the parties who may have or have had access, and we cannot guarantee that such agreements we have entered into will not be breached or challenged, or that such breaches will be detected. Furthermore, non-disclosure provisions within such agreements can be difficult to enforce, and even if successfully enforced, may not be entirely effective.
Despite our efforts, we cannot guarantee that any of the measures we have taken will limit the unauthorized use of our proprietary information or prevent infringement, misappropriation, or other violation of our technology or other intellectual property or proprietary rights. We may be an attractive target for cyberattacks or other unauthorized intrusion or access, and we may also have a heightened risk of unauthorized access to, and misappropriation of, our proprietary and competitively sensitive information. We therefore may be required to spend significant resources to monitor and protect our intellectual property and other proprietary rights, and we may conclude that in at least some instances the benefits of protecting our intellectual property or other proprietary rights may be outweighed by the expense or distraction to our management. We may initiate or third parties for , , or other of our intellectual property or other proprietary rights or to establish the validity of our intellectual property or other proprietary rights. Any such or , whether or not it is resolved in our favor, could be time-consuming, result in significant expense to us and the efforts of our technical and management personnel. Furthermore, attempts to enforce our intellectual property rights third parties could also these third parties to assert their own intellectual property or other rights us, or result in a holding that or narrows the scope of our intellectual property rights, in whole or in part.
Claims by others that we infringe their proprietary technology or other intellectual property rights could result in significant costs and substantially harm our business, financial condition, results of operations, and prospects.
Claims by others that we infringe their intellectual property rights or violate other rights in their proprietary technology could harm our business. Companies in our industry hold a large number of patents and also protect their copyright, trade secret, and other intellectual property rights, and companies in the security industry frequently enter into litigation based on allegations of patent infringement or other violations of intellectual property rights. As we face increasing competition and grow, the possibility of intellectual property rights claims against us also grows. In addition, to the extent we hire personnel from competitors, we may be subject to allegations that such personnel have divulged proprietary or other confidential information to us.
Third parties may in the future also assert claims against our customers or channel partners, whom our standard license and other agreements obligate us to indemnify against third-party claims that our products and solutions infringe the intellectual property rights of third parties. As the number of products and competitors in the security and IT operations market increases and overlaps occur, third-party claims of infringement, misappropriation, and other violations of intellectual property rights may also increase. While we intend to increase the size of our patent portfolio, many of our competitors and others may now and in the future have significantly larger and more mature patent portfolios than we have. In addition, future litigation may involve non-practicing entities, companies or other patent owners who have no relevant product offerings or revenue and against whom our own patents may therefore provide little or no or protection. Any claim of intellectual property by a third party, even a claim without merit, could cause us to incur substantial costs such claim, could our management from our business and could require us to use of such intellectual property.
Additionally, our insurance policies may not cover intellectual property infringement claims. In the event that we fail to successfully defend ourselves against an infringement claim, a successful claimant could secure a judgment or otherwise require payment of legal fees, settlement payments, ongoing royalties or other costs or damages; we may agree to a settlement that prevents us from offering certain services or features; or we may be required to obtain a license, which may not be available on reasonable terms, or at all, to use the relevant technology. If we are prevented from using certain technology or intellectual property, we may be required to develop alternative, non-infringing technology, which could require significant time and costs, during which we could be unable to continue to offer our affected products and services or features, and may ultimately not be . Any of these events could our business, financial condition, and results of operations.
Although third parties may alternatively offer a license to their technology or other intellectual property, the terms of any such license may not be acceptable, and the failure to obtain a license or the costs associated with any license could cause our business, financial condition, and results of operations to be adversely affected. In addition, some licenses may be nonexclusive, and therefore our competitors may have access to the same technology licensed to us.
Some of our technologies incorporate “open-source” software, which could negatively affect our ability to sell our Platform and subject us to possible litigation.
Our platform and subscriptions contain third-party open-source software components, and failure to comply with the terms of the underlying open-source software licenses could restrict our ability to sell our Platform and services. The use and distribution of open-source software may also entail greater risks than the use of third-party commercial software, as open-source licensors generally do not provide warranties or other contractual protections regarding infringement claims or the quality of the code. Many of the risks associated with use of open-source software cannot be eliminated and could negatively affect our business. In addition, the wide availability of open code used in our solutions could expose us to security vulnerabilities.
Certain open-source licenses may contain requirements that we make available source code for the modifications or derivative works we create based upon the type of open-source software used. If we combine our proprietary software with such open-source software, under such open-source licenses, we may be required to release the source code of our proprietary software to the public, including authorizing further modification and redistribution, or otherwise be limited in the licensing of our services, each of which could provide an advantage to our competitors or other entrants to the market, create security vulnerabilities in our solutions, require us to re-engineer all or a portion of our Platform, and could reduce or eliminate the value of our services. This would allow our competitors to create similar products with lower development effort and time and ultimately could result in a loss of sales for us.
The terms of many open-source licenses have not been interpreted by U.S. courts, and there is a risk that these licenses could be construed in ways that could impose unanticipated conditions or restrictions on our ability to commercialize products, solutions, and subscriptions incorporating such software. Moreover, we cannot assure you that our processes for controlling our use of open-source software in our products, solutions, and subscriptions have been or will be effective. From time to time, we may face claims from third parties asserting ownership of, or demanding release of, the open-source software or derivative works that we developed using such software (which could include our proprietary source code), or otherwise seeking to enforce the terms of the applicable open-source license. These claims could result in litigation that could be costly to defend, have a negative effect on our operating results and financial condition or require us to devote additional research and development resources to change our solutions. Responding to any or claim by an open-source vendor, regardless of its validity, discovering certain open-source software code in our Platform, or a finding that we have the terms of an open-source software license, could our business, results of operations and financial condition, by, among other things:
resulting in time-consuming and costly litigation;
diverting management’s time and attention from developing our business;
requiring us to pay monetary damages or enter into royalty and licensing agreements that we would not normally find acceptable;
causing delays in the deployment of our Platform or service offerings to our customers;
requiring us to stop offering certain services or features of our Platform;
requiring us to redesign certain components of our Platform using alternative non-infringing or non-open-source technology, which could require significant effort and expense;
requiring us to disclose our proprietary software source code and the detailed program commands for our software;
prohibiting us from charging license fees for the proprietary software that uses certain open source; and
requiring us to satisfy indemnification obligations to our customers.
We may become involved in litigation that may adversely affect us.
We may become subject to claims, suits, and government investigations and other proceedings including patent, product liability, class action, whistleblower, personal injury, property damage, labor and employment (including all allegations of wage and hour violations), commercial disputes, compliance with laws and regulatory requirements and other matters, and we may become subject to additional types of claims, suits, investigations, and proceedings as our business develops. Such claims, suits, and government investigations and proceedings are inherently uncertain, and their results cannot be predicted. Regardless of the outcome, any of these types of legal proceedings can have an adverse impact on us because of legal costs and diversion of management attention and resources and could cause us to incur significant expenses or liability, affect our brand recognition, and/or require us to change our business practices. The expense of and the timing of this expense from period to period are to estimate, subject to change and could affect our results of operations. It is possible that a resolution of one or more such proceedings could result in substantial , settlement costs, and that could affect our business, consolidated financial position, results of operations, or cash flows in a particular period. These proceedings could also result in reputational , sanctions, consent decrees, or orders requiring a change in our business practices. Because of the potential risks, expenses, and uncertainties of , we may, from time to time, settle , even where we have or defenses, by agreeing to settlement agreements. Because is inherently , we cannot you that the results of any of these actions will not have a material effect on our business, financial condition, results of operations, and prospects. Any of these consequences could affect our business and results of operations.
If we are not able to satisfy data protection, security, privacy, and other government- and industry-specific requirements or regulations, our business, results of operations, and financial condition could be harmed.
Personal privacy, data protection, information security regulations, and other laws applicable to specific categories of information raise significant issues in the U.S., Europe and in other jurisdictions where we offer our products and solutions. The data that we collect, analyze, and store is subject to a variety of laws and regulations, including regulation by various government agencies. The U.S. federal government, and various state and foreign governments, have adopted or proposed limitations on the collection, distribution, use, retention, protection, transfer, processing, and storage of certain categories of information, such as the personal information of individuals. These laws and regulations include, but are not limited to, the Federal Trade Commission Act, the Computer Fraud and Abuse Act, the Health Insurance Portability and Accountability Act and the Gramm-Leach-Bliley Act.
The nature of cybersecurity product and service offerings requires the collection of various types of data. In the operation of our business we may collect the types of data covered by these laws and regulations including personally identifiable information, such as information about an individual’s health and financial information about individuals. To the extent we are in possession of such data and these various laws and regulations are determined to apply to us, this could require us to adopt additional operational, technological, and security measures to protect and manage such information which could increase our costs of operations. Our failure to comply with such laws and regulations could also result in monetary fines and reputational damage which would have a negative impact on our business. Laws and regulations outside the U.S., and particularly in Europe, often are more restrictive than those in the U.S. Applicable laws and regulations may require us to implement privacy and security policies, permit customers to access, correct, and delete personal information stored or maintained by us, inform individuals of security breaches that affect their personal information, and, in some cases, obtain individuals’ consents to use personal information for certain purposes. In addition, some foreign governments require that personal information collected in a country not be disseminated outside of that country without consent or other implemented safeguards.
We may find it necessary or desirable to join industry or other self-regulatory bodies or other information security or data protection-related organizations that require compliance with their rules pertaining to information security and data protection. We also may be bound by additional, more stringent contractual obligations with our customers and partners relating to our collection, use and disclosure of personal, financial, and other data. We expect that there will continue to be new proposed laws, regulations, and industry standards concerning privacy, data protection, information security, specific categories of data, and electronic services in the U.S., the E.U. and other jurisdictions in which we operate or may operate, and we cannot yet determine the impact such future laws, regulations, standards, or perception of their requirements may have on our business.
For example, the GDPR applies to the processing (which includes the collection and use) of certain personal data of data subjects in the European Economic Area (EEA). As compared to previously effective data protection law in the European Union, the GDPR imposes additional obligations and resulting risk upon our business and increases substantially the penalties to which we could be subject in the event of any non-compliance. Administrative fines under the GDPR can amount to 20,000,000 Euros or four percent of our worldwide annual revenue for the prior fiscal year, whichever is higher. We may be required to incur, in the future, substantial expense in complying with the obligations imposed by the GDPR, potentially making significant changes in our business operations, which may adversely affect our revenue and our business overall. Additionally, because there have been very few GDPR actions enforced against companies similar to ours, we are unable to predict how they will be applied to us or our customers. Despite our efforts to comply with the GDPR, a regulator may determine that we have not done so and subject us to fines and public , which could our Company financially and affect our reputation. Among other requirements, the GDPR regulates transfers of personal data subject to the GDPR to third countries that have been found to not provide adequate protection to such personal data, including the U.S. We have undertaken certain efforts to conform transfers of personal data from the EEA to the U.S. and other jurisdictions based on our understanding of current regulatory obligations and the guidance of data protection authorities. this, we may be in establishing or maintaining conforming means of transferring such data from the EEA, in particular because of continued legal and legislative activity within the European Union that has or called into the legal basis for existing means of data transfers to countries (including the U.S.) that have been found to not provide adequate protection for personal data.
The implementation of the GDPR has led other jurisdictions to either amend existing laws or propose new data privacy and cybersecurity laws to resemble all or a portion of the requirements of the GDPR (e.g., for purposes of having an adequate level of data protection to facilitate data transfers from the E.U.). Accordingly, the challenges we face in the E.U. will likely also apply to other jurisdictions outside the E.U. that adopt laws similar to the GDPR or regulatory frameworks of equivalent complexity. For example, the California Consumer Privacy Act of 2018, or CCPA, became enforceable on July 1, 2020. The CCPA has been characterized as the first “GDPR-like” privacy statute to be enacted in the U.S. because it contains several provisions similar to certain provisions of the GDPR. In addition, the California Privacy Rights Act of 2020, or the CPRA, was passed by California voters in November 2020. The CPRA amends the CCPA by creating additional privacy rights for California consumers and additional obligations on businesses, which could subject us to additional compliance costs as well as potential fines, individual claims, and commercial liabilities. The majority of the CPRA provisions took effect on January 1, 2023. The CCPA and CPRA could mark the beginning of a trend toward more stringent privacy legislation in the U.S., as other states or the federal government may follow California’s lead and increase protections for U.S. residents. For example, the Virginia Consumer Data Protection Act and the CCPA have already prompted several proposals for new federal and state privacy legislation that, if passed, could increase our potential liability, add layers of complexity to compliance in the U.S. market, increase our compliance costs and affect our business.
Evolving and changing definitions of personal data and personal information within the E.U., the U.S. and elsewhere, especially relating to classification of IP addresses, machine identification, location data and other information, may limit or inhibit our ability to operate or expand our business, including limiting technology alliance partnerships with other security vendors that may involve the sharing of data. Even the perception of privacy concerns, whether or not valid, may harm our reputation, inhibit adoption of our products by current and future customers, or adversely impact our ability to attract and retain workforce talent. In addition, changes in laws or regulations that adversely affect the use of the internet, including laws impacting net neutrality, could impact our business. We expect that existing laws, regulations and standards may be interpreted in new manners in the future. Future laws, regulations, standards, and other obligations, and changes in the interpretation of existing laws, regulations, standards, and other obligations could require us to modify our products and solutions, restrict our business operations, increase our costs and impair our ability to maintain and grow our customer base and increase our revenue.
Beyond broader data processing regulations affecting our business, the overall cybersecurity industry may face direct regulation. For example, in 2018, Singapore introduced what is believed to be the world’s first cybersecurity licensing requirement, mandating that providers of specific types of incident response services receive a government license before providing such services. License requirements such as these may impose upon us significant organizational costs and high barriers of entry into new markets.
Although we have worked and will continue to work to comply with applicable laws and regulations, applicable industry standards with which we represent compliance, and our contractual obligations, such laws, regulations, standards, and obligations are evolving and may be modified, interpreted and applied in an inconsistent manner from one jurisdiction to another, and may conflict with one another. In addition, they may conflict with other requirements or legal obligations that apply to our business or the security features and services that our customers expect from our solutions. As such, we cannot assure ongoing compliance with all such laws, regulations, standards, and obligations which may change in the future. Any failure or perceived failure by us or our employees, representatives, contractors, channel partners, agents, intermediaries, or other third parties to comply with applicable laws and regulations, or applicable industry standards that we represent compliance with or that may be asserted to apply to us, or to comply with employee, customer, partner, and other data privacy and data security requirements pursuant to contract and our stated notices or policies, could result in enforcement actions against us, including , of company officials and public , for by customers and other affected individuals, to our reputation and of goodwill (both in relation to existing customers and prospective customers), any of which could have a material effect on our operations, financial performance and business. Any of us or our employees, representatives, contractors, channel partners, agents, intermediaries, or other third parties to address privacy and security , even if , or comply with applicable laws, regulations, standards, and obligations, could result in additional cost and liability to us, our reputation, inhibit sales, and affect our business and results of operations.
We are subject to laws and regulations, including governmental export and import controls, sanctions, foreign investment screening, and anti-corruption laws, that could impair our ability to compete in our markets and subject us to liability if we are not in full compliance with applicable laws.
We are subject to laws and regulations, including governmental export controls, that could subject us to liability or impair our ability to compete in our markets. Our products and solutions are subject to U.S. export controls, including the U.S. Department of Commerce’s Export Administration Regulations, and we and our employees, representatives, contractors, agents, intermediaries, and other third parties are also subject to various economic and trade sanctions regulations administered by the U.S. Treasury Department’s Office of Foreign Assets Control. We incorporate standard encryption algorithms into our products, which, along with the underlying technology, may be exported outside of the U.S. only with the required export authorizations, including by license, license exception or other appropriate government authorizations, which may require the filing of an encryption registration and classification request. Furthermore, U.S. export control laws and economic sanctions prohibit the shipment of certain cloud-based solutions to countries, governments, and persons targeted by U.S. sanctions. We also collect information about cyber threats from internet-accessible, and non-internet routable sources, intermediaries, and third parties that we make available to our customers in our threat industry publications. While we have implemented certain procedures to facilitate compliance with applicable laws and regulations in connection with the collection of this information, we cannot assure you that these procedures have been or that we, or third parties, many of whom we do not control, have complied with all laws or regulations in this regard. by our employees, representatives, contractors, channel partners, agents, intermediaries, or other third parties to comply with applicable laws and regulations in the collection of this information also could have consequences to us, including reputational , government and .
Although we take precautions to prevent our information collection practices and services from being provided in violation of such laws, our information collection practices and services may have been in the past, and could in the future be, provided in violation of such laws. If we or our employees, representatives, contractors, channel partners, agents, intermediaries, or other third parties fail to comply with these laws and regulations, we could be subject to civil or criminal penalties, including the possible loss of export privileges and fines. We may also be adversely affected through reputational harm, loss of access to certain markets, or otherwise. Obtaining the necessary authorizations, including any required license, for a particular transaction may be time-consuming, is not guaranteed and may result in the delay or loss of sales .
Various countries regulate the import of certain encryption technology, including through import permit and license requirements, and have enacted laws that could limit our ability to distribute our products or could limit our customers’ ability to implement our products in those countries. Changes in our products and solutions or changes in export and import regulations may create delays in the introduction of our products and solutions into international markets, prevent our customers with international operations from deploying our products and solutions globally or, in some cases, prevent the export or import of our products and solutions to certain countries, governments or persons altogether. Any change in export or import regulations, economic sanctions or related legislation, shift in the enforcement or scope of existing regulations, or change in the countries, governments, persons or technologies targeted by such regulations, could result in decreased use of our products and solutions by, or in our decreased ability to export or sell our products and solutions to, existing or potential customers with international operations. Any decreased use of our products and solutions or limitation on our ability to export or sell our products and solutions would likely adversely affect our business, results of operations, and financial condition.
We may be subject to review and enforcement under domestic and foreign laws that screen investment and to other national-security-related laws and regulations. In certain jurisdictions, these regulatory requirements may be more stringent than in the United States and may impact cybersecurity providers more specifically. As a result of these laws, investments by certain investors may impose added costs on our business, impact our operations, and/or limit our ability to engage in strategic transactions that might otherwise be beneficial to us and our investors.
We are also subject to the Foreign Corrupt Practices Act (FCPA), the U.K. Anti-Bribery Act, and other anti-corruption, sanctions, anti-bribery, anti-money laundering, and similar laws in the U.S. and other countries in which we conduct activities. Anti-corruption and anti-bribery laws, which have been enforced aggressively and are interpreted broadly, prohibit companies and their employees, agents, intermediaries, and other third parties from promising, authorizing, making or offering improper payments or other benefits to government officials and others in the private sector. We leverage third parties, including intermediaries, agents, and channel partners, to conduct our business in the U.S. and abroad, to sell subscriptions to our Platform and to collect information about cyber threats. We and these third parties may have direct or indirect interactions with officials and employees of government agencies, or state-owned or affiliated entities and we may be held liable for the corrupt or other activities of these third-party business partners and intermediaries, our employees, representatives, contractors, channel partners, agents, intermediaries, and other third parties, even if we do not explicitly authorize such activities. While we have policies and procedures to address compliance with the FCPA, the U.K. Anti- Act and other anti-, sanctions, anti-, anti-money and similar laws, we cannot you that they will be , or that all of our employees, representatives, contractors, channel partners, agents, intermediaries, or other third parties have not taken, or will not take actions, in of our policies and applicable law, for which we may be ultimately held responsible. As we increase our international sales and business, our risks under these laws may increase. with these laws could subject us to , or civil sanctions, settlements, , of export privileges, or from U.S. government contracts, other enforcement actions, of profits, significant , , other civil and or , whistleblower , media coverage, and other consequences. Any , actions or sanctions could our reputation, business, results of operations, and financial condition.
Risks Related to Ownership of our Common Stock and Public Warrants
There can be no assurance that we will be able to comply with the continued listing standards of Nasdaq.
If we fail to satisfy the continued listing requirements of Nasdaq such as the corporate governance requirements or the minimum share price requirement, Nasdaq may take steps to delist our securities. Such a delisting would likely have a negative effect on the price of the securities and would impair your ability to sell or purchase the securities when you wish to do so. In the event of a delisting, we can provide no assurance that any action taken by us to restore compliance with listing requirements would allow our securities to become listed again, stabilize the market price or improve the liquidity of our securities, prevent our securities from dropping below the Nasdaq minimum share price requirement or prevent future non-compliance with Nasdaq’s listing requirements. Additionally, if our securities are not listed on, or become delisted from, Nasdaq for any reason, and are quoted on the OTC Bulletin Board, an inter-dealer automated quotation system for equity securities that is not a national securities exchange, the liquidity and price of our securities may be more limited than if we were quoted or listed on Nasdaq or another national securities exchange. You may be to sell your securities unless a market can be established or sustained.
Our business and operations could be negatively affected if we become subject to any securities litigation or shareholder activism, which could cause us to incur significant expense, hinder execution of our business and growth strategy, and impact our stock price.
In the past, following periods of volatility in the market price of a company’s securities, securities class action litigation has often been brought against that company. Shareholder activism, which could take many forms or arise in a variety of situations, has been increasing recently. Volatility in the stock price of our Common Stock or other reasons may in the future cause it to become the target of securities litigation or shareholder activism. Securities litigation and shareholder activism, including potential proxy contests, could result in substantial costs and divert management’s and our Board’s attention and resources from our business. Additionally, such securities litigation and shareholder activism could give rise to perceived uncertainties as to our future, adversely affect our relationships with service providers and make it more difficult to attract and retain qualified personnel. Also, we may be required to incur significant legal fees and other expenses related to any securities and activist shareholder matters. Further, our stock price could be subject to significant fluctuation or otherwise be affected by the events, risks and uncertainties of any securities and shareholder activism.
The market price of shares of our Common Stock may be volatile, which could cause the value of stockholder investments to decline.
The market price of our Common Stock may be highly volatile and could be subject to wide fluctuations. Securities markets worldwide experience significant price and volume fluctuations. Market volatility, as well as general economic, market or political conditions, could reduce the market price of shares of our Common Stock regardless of our operating performance.
In addition, our operating results could be below the expectations of public market analysts and investors due to a number of potential factors, including:
variations in operating results or dividends, if any, to stockholders;
additions or departures of key management personnel;
publication of research reports about our industry;
litigation and government investigations;
changes or proposed changes in laws or regulations or differing interpretations or enforcement of laws or regulations affecting our business;
adverse market reaction to any indebtedness incurred or securities issued in the future;
changes in market valuations of similar companies;
adverse publicity or speculation in the press or investment community;
the development and sustainability of an active trading market for our Common Stock;
announcements by competitors of significant contracts, acquisitions, dispositions, strategic partnerships, joint ventures, or capital commitments; and
the impact of the COVID-19 pandemic (or future pandemics) on our management, employees, partners, customers, and operating results.
In response to any of the foregoing developments, the market price of shares of our Common Stock could decrease significantly. You may be unable to resell your shares at or above your purchase price.
If our operating and financial performance in any given period does not meet the guidance provided to the public or the expectations of investment analysts, the market price of our Common Stock may decline.
We may, but are not obligated to, provide public guidance on our expected operating and financial results for future periods. Any such guidance will consist of forward-looking statements, subject to the risks and uncertainties described in this Annual Report and in our other public filings and public statements. Our actual results may not always be in line with or exceed any guidance we have provided, especially in times of economic uncertainty. If, in the future, our operating or financial results for a particular period do not meet any guidance provided or the expectations of investment analysts, or if we reduce our guidance for future periods, the market price of our Common Stock may decline as well. Even if we do issue public guidance, there can be no assurance that we will continue to do so in the future.
If securities or industry analysts do not publish research or reports about our business or publish negative reports, the market price of our Common Stock could decline.
The trading market for our Common Stock is influenced by the research and reports that industry or securities analysts publish about us and our business. If regular publication of research reports ceases, we could lose visibility in the financial markets, which in turn could cause the market price or trading volume of our Common Stock to decline. Moreover, if one or more of the analysts who cover us downgrade our Common Stock or if reporting results do not meet their expectations, the market price of our Common Stock could decline.
We may issue additional shares of our Common Stock (including upon the exercise of warrants), which would increase the number of shares eligible for future resale in the public market and result in dilution to Company stockholders.
The Warrants became exercisable on September 2, 2022, provided in each case that we have an effective registration statement under the Securities Act covering the shares of our Common Stock issuable upon exercise of our Warrants and a current prospectus relating to them is available and such shares are registered, qualified or exempt from registration under the securities, or blue sky, laws of the state of residence of the holder (or holders exercise their warrants on a cashless basis under the circumstances specified in the Warrant Agreement). Each Warrant entitles the holder thereof to purchase one share of our Common Stock at a price of $11.50 per whole share, subject to adjustment. In addition, the Convertible Notes initially will be convertible into approximately 13,043,473 shares of our Common Stock, subject to increase to the extent that we exercise our option to pay interest in kind with respect to the Convertible Notes rather than in cash (please see “ Risk Factors—Risks Related to Ownership of our Common Stock—Our issued and outstanding notes may impact our financial results, result in the dilution of our stockholders, create downward pressure on the price of our Common Stock, and restrict our ability to raise additional capital or take advantage of future opportunities .”) The issuance of additional shares of our Common Stock as a result of any of the aforementioned transactions may result in dilution to the then-existing holders of our Common Stock and increase the number of shares eligible for resale in the public market. Sales of substantial numbers of such shares in the public market could affect the market price of our Common Stock.
We may issue additional shares of our Common Stock or other equity securities without stockholder approval, which would dilute stockholder ownership interests and may depress the market price of our Common Stock.
Pursuant to the Incentive Equity Plan, we may issue an aggregate of up to 23,887,536 shares of Common Stock as of January 1, 2024, which amount will be subject to increase from time to time. We may also issue additional shares of our Common Stock or other equity securities of equal or senior rank in the future in connection with, among other things, future acquisitions or repayment of outstanding indebtedness, without stockholder approval, in a number of circumstances.
The issuance of additional shares or other equity securities of equal or senior rank would have the following effects:
existing stockholders’ proportionate ownership interest in us will decrease;
the amount of cash available per share, including for payment of dividends in the future, may decrease;
the relative voting strength of each share of previously outstanding common stock may be diminished; and
the market price of our Common Stock may decline.
There is no guarantee that our Warrants will ever be in the money, and they may expire worthless.
The exercise price for our Warrants is $11.50 per-share (subject to adjustment as described herein). We do not expect warrant holders to exercise their Warrants and, therefore, we do not expect to receive cash proceeds from any such exercise, for so long as Warrants are out-of-the money. There can be no assurance that Warrants will ever be in-the-money prior to their expiration and, as such, the Warrants may expire worthless. The last reported sales price for our Common Stock on March 13, 2024 was $1.11 per share.
We may amend the terms of our Public Warrants in a manner that may be adverse to holders of such warrants with the approval by the holders of at least 50% of the then outstanding our Public Warrants. As a result, the exercise price of our Public Warrants could be increased, the exercise period could be shortened and the number of shares of our Common Stock purchasable upon exercise of our Public Warrants could be decreased, all without any particular public warrant holder’s approval.
Our Public Warrants were issued in registered form under the Warrant Agreement. The Warrant Agreement provides that the terms of the Public Warrants may be amended without the consent of any holder to cure any ambiguity, mistake or correct any defective provision, but requires the approval by the holders of at least 50% of the then outstanding Public Warrants to make any change that adversely affects the interests of the registered holders of such Public Warrants. Accordingly, we may amend the terms of our Public Warrants in a manner adverse to a holder if holders of at least 50% of the then outstanding Public Warrants approve of such amendment and, solely with respect to any amendment to the terms of our Private Placement Warrants or any provision of the Warrant Agreement with respect to our Private Placement Warrants, 50% of the number of the then outstanding Private Placement Warrants. Although our ability to amend the terms of our Public Warrants with the consent of at least 50% of the then outstanding Public Warrants is unlimited, examples of such amendments could be amendments to, among other things, increase the exercise price of the Public Warrants, convert the Public Warrants into cash, shorten the exercise period or decrease the number of shares of our Common Stock purchasable upon exercise of a Public Warrant.
We may redeem unexpired Public Warrants prior to their exercise at a time that is disadvantageous to holders of Public Warrants, thereby making such warrants worthless.
We have the ability to redeem all, but not less than all, of the outstanding Public Warrants at any time after they become exercisable and prior to their expiration, at a price of $0.01 per warrant, provided that the closing price of our Common Stock equals or exceeds $18.00 per share (as adjusted for share sub-divisions, share capitalizations, reorganizations, recapitalizations and the like) for any 20 trading days within a 30 trading-day period ending on the third trading day prior to the date on which we give proper notice of such redemption to the warrants holders and provided certain other conditions are met. We may not redeem the warrants unless an effective registration statement under the Securities Act covering the shares of our Common Stock issuable upon exercise of the warrants is effective and a current prospectus relating to those shares is available throughout the minimum 30-day notice period discussed below. If and when our Public Warrants become redeemable by us, we may exercise our redemption right even if we are unable to register or qualify the underlying securities for sale under all applicable state securities laws. Redemption of the outstanding warrants could force warrant holders to (i) exercise their warrants and pay the exercise price therefor at a time when it may be for them to do so, (ii) sell their warrants at the then-current market price when they might otherwise wish to hold their warrants or (iii) accept the nominal redemption price which, at the time the outstanding warrants are called for redemption, is likely to be substantially less than the market value of their warrants. None of our Private Warrants will be redeemable by us in accordance with these provisions so long as they are held by the Sponsor, Jefferies LLC or their permitted transferees.
In addition, we have the ability to redeem all, but not less than all, of the outstanding Public Warrants at any time after they become exercisable and prior to their expiration, at a price of $0.10 per warrant, provided that the closing price of our Common Stock equals or exceeds $10.00 per share (as adjusted for share sub-divisions, share capitalizations, reorganizations, recapitalizations and the like) for any 20 trading days within a 30 trading-day period ending on the third trading day prior to the date on which we give proper notice of such redemption to the warrants holders and provided certain other conditions are met, including that holders will be able to exercise their warrants on a “cashless basis” prior to redemption for a number of shares of our Common Stock determined based on the period of time to expiration of the warrants and the redemption fair market value of our Common Stock, both as set forth in a table in the Warrant Agreement. If and when our Public Warrants become redeemable by us, we may exercise our redemption right even if we are unable to register or qualify the underlying securities for sale under all applicable state securities laws. The value received upon exercise of the warrants (1) may be less than the value the holders would have received if they had been able to exercise their warrants at a later time at which the underlying share price is higher and (2) may not compensate the holders for the value of the warrants, including because the number of shares received on a cashless exercise basis is capped at 0.361 of a share of our Common Stock per warrant (subject to adjustment) irrespective of the remaining life of our Public Warrants. If the price of our Common Stock is less than $18.00 per share (as adjusted for share sub-divisions, share capitalizations, reorganizations, recapitalizations and the like) for any 20 trading days within a 30 trading-day period ending on the third trading day prior to the date on which we give proper notice of such redemption to the warrants holders, we may only redeem our Public Warrants in accordance with these provisions if we concurrently redeem the outstanding Private Warrants (other than Private Warrants held by the Sponsor, Jefferies LLC and their permitted transferees) on the same terms.
In the event that we elect to redeem our Public Warrants in either of the scenarios described above we would only be required to have the notice of redemption mailed by first class mail, postage prepaid, by us not less than thirty (30) days prior to the redemption date to the registered holders of the outstanding warrants to be redeemed at their last addresses as they shall appear on the registration books. Any notice mailed in the manner provided above will be conclusively presumed to have been duly given whether or not the registered holder of the warrants received such notice. We are not contractually obligated to notify investors when our Public Warrants become eligible for redemption, and we do not intend to so notify investors upon eligibility of the warrants for redemption.
The Warrant Agreement designates the courts of the State of New York or the United States District Court for the Southern District of New York as the sole and exclusive forum for certain types of actions and proceedings that may be initiated by holders of our Warrants, which could limit the ability of warrant holders to obtain a favorable judicial forum for disputes with us.
The Warrant Agreement provides that, subject to applicable law, (i) any action, proceeding or claim against us arising out of or relating in any way to the Warrant Agreement, including under the Securities Act, will be brought and enforced in the courts of the State of New York or the United States District Court for the Southern District of New York, and (ii) that we irrevocably submit to such jurisdiction, which jurisdiction shall be the exclusive forum for any such action, proceeding or claim. We will waive any objection to such exclusive jurisdiction and that such courts represent an inconvenient forum. However, Section 22 of the Securities Act provides that federal and state courts have concurrent jurisdiction over lawsuits brought under the Securities Act or the rules and regulations thereunder. To the extent the exclusive forum provision restricts the courts in which claims arising under the Securities Act may be brought, there is uncertainty as to whether a court would enforce such a provision. We note that investors cannot waive compliance with the federal securities laws and the rules and regulations thereunder.
Notwithstanding the foregoing, these provisions of the Warrant Agreement do not apply to suits brought to enforce any liability or duty created by the Exchange Act or any other claim for which the federal district courts of the United States of America are the sole and exclusive forum. Any person or entity purchasing or otherwise acquiring any interest in any our Warrants shall be deemed to have notice of and to have consented to the forum provisions in the Warrant Agreement. If any action, the subject matter of which is within the scope the forum provisions of the Warrant Agreement, is filed in a court other than a court of the State of New York or the United States District Court for the Southern District of New York (a foreign action) in the name of any holder of our Warrants, such holder shall be deemed to have consented to: (x) the personal jurisdiction of the state and federal courts located in the State of New York in connection with any action brought in any such court to enforce the forum provisions (an enforcement action), and (y) having service of process made upon such warrant holder in any such enforcement action by service upon such warrant holder’s counsel in the foreign action as agent for such warrant holder.
This choice-of-forum provision may limit a warrant holder’s ability to bring a claim in a judicial forum that it finds favorable for disputes with us, which may discourage such lawsuits. Alternatively, if a court were to find this provision of the Warrant Agreement inapplicable or unenforceable with respect to one or more of the specified types of actions or proceedings, we may incur additional costs associated with resolving such matters in other jurisdictions, which could materially and adversely affect our business, financial condition and results of operations and result in a diversion of the time and resources of our management and Board.
Provisions in our organizational documents and provisions of Delaware General Corporation Law (DGCL) may delay or prevent an acquisition by a third party that could otherwise be in the interests of stockholders.
Our organizational documents contain several provisions that may make it more difficult or expensive for a third party to acquire control of us without the approval of our Board. These provisions, which may delay, prevent or deter a merger, acquisition, tender offer, proxy contest, or other transaction that stockholders may consider favorable, include the following:
the division of our Board into three classes and the election of each class for three-year terms;
advance notice requirements for stockholder proposals and director nominations;
provisions limiting stockholders’ ability to call special meetings of stockholders and to take action by written consent;
restrictions on business combinations with interested stockholders;
in certain cases, the approval of holders representing at least two-thirds of the total voting power of the shares entitled to vote will be required for stockholders to adopt, amend or repeal certain provisions of the Bylaws, or amend or repeal certain provisions of the Certificate of Incorporation;
no cumulative voting; and
the ability of the Board to designate the terms of and issue new series of preferred stock without stockholder approval, which could be used, among other things, to institute a rights plan that would have the effect of significantly diluting the stock ownership of a potential hostile acquirer, likely preventing acquisitions by such acquirer.
These provisions of our organizational documents could discourage potential takeover attempts and reduce the price that investors might be willing to pay for the shares of our Common Stock in the future, which could reduce the market price of the common stock. For more information, see the “Description of Securities” included as an exhibit to this Annual Report.
The provision of our Certificate of Incorporation requiring exclusive venue in the Court of Chancery in the State of Delaware and the federal district courts of the United States for certain types of lawsuits may have the effect of discouraging lawsuits against directors and officers.
Our Certificate of Incorporation provides that, unless otherwise consented to by us in writing, the Court of Chancery of the State of Delaware (or, if the Court of Chancery does not have jurisdiction, another State court in Delaware or the federal district court for the District of Delaware) will, to the fullest extent permitted by law, be the sole and exclusive forum for the following types of actions or proceedings: (i) any derivative action or proceeding brought on behalf of us; (ii) any action asserting a claim of breach of a duty (including any fiduciary duty) owed by any of our current or former director, officer, stockholder, employee or agent to us or our stockholders; (iii) any action asserting a claim against us or any of our current or former director, officer, stockholder, employee or agent relating to any provision of the DGCL or the Certificate of Incorporation or the Bylaws or as to which the DGCL confers jurisdiction on the Court of Chancery of the State of Delaware; and (iv) any action asserting a claim against us or any of our current or former director, officer, stockholder, employee or agent governed by the internal affairs doctrine of the State of Delaware, in each such case unless the Court of Chancery (or such other state or federal court located within the State of Delaware, as applicable) has a prior action by the same asserting the same because such court personal jurisdiction over an indispensable party named as a therein. Our Certificate of Incorporation further provides that, unless otherwise consented to by us in writing to the selection of an alternative forum, the federal district courts of the United States will, to the fullest extent permitted by law, be the sole and forum for the resolution of any any person in connection with any offering of our securities, asserting a cause of action arising under the Securities Act. Any person or entity purchasing or otherwise acquiring any interest in our securities will be deemed to have notice of and consented to this provision.
Although our Certificate of Incorporation contains the choice of forum provisions described above, it is possible that a court could rule that such provisions are inapplicable for a particular claim or action or that such provisions are unenforceable. For example, under the Securities Act, federal courts have concurrent jurisdiction over all suits brought to enforce any duty or liability created by the Securities Act, and investors cannot waive compliance with the federal securities laws and the rules and regulations thereunder. In addition, Section 27 of the Exchange Act creates exclusive federal jurisdiction over all suits brought to enforce any duty or liability created by the Exchange Act or the rules and regulations thereunder, and, therefore, the exclusive forum provisions described above do not apply to any actions brought under the Exchange Act.
Although we believe these provisions will benefit us by limiting costly and time-consuming litigation in multiple forums and by providing increased consistency in the application of applicable law, these exclusive forum provisions may limit the ability of our stockholders to bring a claim in a judicial forum that such stockholders find favorable for disputes with us or our directors, officers or employees, which may discourage such lawsuits against us and our directors, officers, and other employees.
We have no current plans to pay cash dividends on our Common Stock. As a result, stockholders may not receive any return on investment unless they sell their Common Stock for a price greater than the purchase price.
We have no current plans to pay dividends on our Common Stock. Any future determination to pay dividends will be made at the discretion of our Board, subject to applicable laws. It will depend on a number of factors, including our financial condition, results of operations, capital requirements, contractual, legal, tax, and regulatory restrictions, general business conditions, and other factors that our Board may deem relevant. In addition, the ability to pay cash dividends may be restricted by the terms of debt financing arrangements, as any future debt financing arrangement likely will contain terms restricting or limiting the amount of dividends that may be declared or paid on our Common Stock. As a result, stockholders may not receive any return on an investment in our Common Stock unless they sell their shares for a price greater than that which they paid for them.
I TEM 1B. UNRESOLVED STAFF COMMENTS
None
ITEM 1C. CYBERSECURITY
We are committed to protecting information and the underlying information systems involved in the operation of our business. We face a multitude of cybersecurity threats that range from attacks common to most industries such as phishing and denial-of-service attempts, to more-sophisticated malware and ransomware attacks, in addition to threats designed to penetrate our Platform. Our customers, suppliers, subcontractors, and third-party business partners also face similar cybersecurity threats. A cybersecurity incident impacting us or any of these entities could have a materially adverse impact on our operations, performance, our brand, and our competitive position. We rely on technical safeguards that are designed to protect our information systems from cybersecurity threats, including firewalls, intrusion prevention and detection systems, anti-malware functionality, and access controls. We must maintain a robust cybersecurity stance in the rapidly evolving security environment to uphold our market leadership position.
The Board of Directors assesses the Company’s overall risk assessment and risk management policies. The Board discharges this responsibility through its committees, each of which examines various components of enterprise risk. The Audit Committee reviews the Company's management of cybersecurity risk, including our policies and processes to monitor and mitigate potential exposure.
Our Chief Information Security Officer (“CISO”) leads a Security & Compliance team that is responsible for information security, including cyber threat detection and response. Our CISO has extensive information technology and program management experience, including a background in corporate information security across a wide range of industries. The Security & Compliance team oversees and works to improve our enterprise security framework through its identification, assessment, and response to potential threats in order to mitigate risk and reduce the impact of a cyber incident. These efforts include daily internal and external vulnerability scans, web application scans, and vendor risk assessments. The assessment of a cyber incident includes both quantitative and qualitative factors to determine if there is a material impact. Quantitative factors include the potential or actual financial loss and cost of remediation efforts. Qualitative factors include damages to our brand and/or competitive standing, disruptions to our operations, and the potential for litigation. Regardless of whether we consider an to be material, the Security & Compliance team will monitor the situation. This ongoing monitoring aims to contain, mitigate, and remediate the circumstances that contributed to the and any potential arising from the . The Security & Compliance team also monitors evolving factors that might later elevate an above a materiality threshold which would require us to make public disclosure of the .
We engage third parties to conduct evaluations of our information security controls and compliance such as penetration testing and HIPAA (“Health Insurance Portability and Accountability Act”) risk assessment. Since we provide services to certain government agencies, we are subject to various compliance assessments including the Cybersecurity Maturity Model Certification developed by the United States Department of Defense. We also receive an annual System & Organizational Control (SOC 2) audit which assesses our key compliance controls and objectives which helps us identify gaps that may require enhancements to our enterprise security framework.
We also consider our risks from cybersecurity threats as part of a broader overall enterprise risk management (ERM) program. The ERM program is managed by a cross-functional team that is comprised of our CTO, CFO, COO, and General Counsel. Our risk assessment approach is to evaluate the likelihood and potential negative impact of each threat or risk using a quantitative scoring methodology. To the extent our ERM program identifies a severe cybersecurity related risk, we will develop a response plan, assign owners to each planned action, and track progress of solution implementation. The Board of Directors reviews our ERM program on an annual basis.
Despite the extensive approach we take to cybersecurity, we may not be successful in preventing or mitigating a cybersecurity incident that could have a material adverse effect on us. While we maintain cybersecurity insurance policies, the costs related to a cybersecurity incident may not be fully insured. See Item 1A. “Risk Factors” for a discussion of cybersecurity risks.DDD
I TEM 2. PROPERTIES
Our corporate headquarters in Baltimore, Maryland consist of office space that is currently leased until February 2026. We lease and maintain additional offices in the United States, including Portland, Oregon, and internationally in the United Kingdom, Chile, and India. We believe that our current facilities are adequate to meet our ongoing needs and that suitable additional alternative spaces will be available in the future on commercially reasonable terms.
I TEM 3. LEGAL PROCEEDINGS
From time to time, we may be subject to legal proceedings and claims in the ordinary course of business. We are not presently a party to any legal proceedings that, if determined adversely to us, would individually or taken together have a material adverse effect on our business, results of operations, financial condition or cash flows. We have received, and may in the future continue to receive, claims from third parties asserting, among other things, infringement of their intellectual property rights. Future litigation may be necessary to defend ourselves, our partners and our customers by determining the scope, enforceability, and validity of third-party proprietary rights, or to establish our proprietary rights. The results of any current or future litigation cannot be predicted with certainty, and regardless of the outcome, litigation can have an adverse impact on us because of defense and settlement costs, diversion of management resources, and other factors.
