ZFOX Zerofox Holdings, Inc. - 10-K

Risk Factors Related to our Business and Industry

ZeroFox has a history of losses and we may not be able to achieve or sustain profitability in the future.

The Predecessor incurred net losses in all periods since its inception, including net losses of $38.4 million, $22.7 million, and $22.7 million for fiscal 2022, 2021, and 2020, respectively. The Successor experienced a net loss of $720.6 million for the Successor Period and $356.3 million for the year ended January 31, 2024. As of January 31, 2024, ZeroFox had an accumulated deficit of $1.1 billion. Following the Business Combination, we cannot predict when or whether we will reach or maintain profitability. We also expect that our operating expenses will increase over our historical expenses in the future as we continue to invest for future growth, including expanding our research and development activities to enhance our Platform, expanding our sales and marketing activities and reaching customers in new geographic locations, which will negatively affect our operating results if our total revenue does not increase. We cannot assure you that these investments will result in substantial increases in our revenue or improvements in our operating results. In addition to the anticipated costs to grow our business, we also expect to incur significant additional legal, accounting, and other expenses as a newly public operating company. Any failure to increase our revenue as we invest in our business or to manage our costs could prevent us from achieving or maintaining profitability.

If we are not able to maintain and enhance our brand and our reputation as a provider of external cybersecurity products and solutions, our business and results of operations may be adversely affected.

We believe that maintaining and enhancing our brand and our reputation as a provider of external cybersecurity products and solutions is critical to our relationship with existing customers, channel partners, and technology alliance partners and our ability to attract new customers and partners. The successful promotion of our brand will depend on a number of factors, including our marketing efforts, our ability to continue to develop additional features for our Platform and our ability to successfully differentiate our Platform from competitive cloud-based or legacy security solutions. Although we believe it is important for our growth, our brand promotion activities may not be successful or yield increased revenue.

In addition, independent industry or financial analysts and research firms often test our products and solutions and provide reviews of our Platform, as well as the products of our competitors, and the perception of our Platform in the marketplace may be significantly influenced by these reviews. If these reviews are negative, or less positive as compared to those of our competitors’ products, our brand may be adversely affected. Our products and solutions may fail to detect or prevent threats in any particular test for a number of reasons that may or may not be related to the efficacy of our products and solutions in real world environments. To the extent potential customers, industry analysts or testing firms believe that the occurrence of a failure to detect or prevent any particular threat is a flaw or indicates that our products and solutions or services do not provide significant value, we may lose customers, and our reputation, financial condition, and business would be harmed. Additionally, the performance of our channel partners and technology alliance partners may affect our brand and reputation if customers do not have a positive experience with these partners. In addition, we have worked and continue to work with high-profile customers as well as assist in analyzing and remediating high profile cyberattacks. Our work with such customers has exposed us to publicity and media coverage. Negative publicity about us, including about our management, the efficacy and reliability of our Platform, our product offerings, our professional services, and the customers we work with, even if inaccurate, could adversely affect our reputation and brand.

If organizations do not adopt external cybersecurity solutions that may be based on new and untested security concepts, our ability to grow our business and results of operations may be adversely affected.

Our future success depends on the growth in the market for cloud and/or SaaS-delivered external cybersecurity products and solutions. The use of SaaS products and solutions to manage and automate security and IT operations is rapidly evolving. As such, it is difficult to predict our potential growth, customer adoption and retention rates, customer demand for our products and solutions, or the success of existing or future competitive products. Any expansion in our market depends on several factors, including the cost, performance and perceived value associated with our products and solutions and those of our competitors. If our solutions do not achieve widespread adoption or there is a reduction in demand for our products and solutions due to a lack of customer acceptance, technological challenges, competing products, privacy or other liability concerns, decreases in corporate spending, weakening economic conditions, or otherwise, it could adversely affect our business, results of operations and financial results, resulting in early terminations, reduced customer retention rates, or decreased sales. We do not know whether the trend in adoption of cloud-enabled and/or SaaS-delivered cybersecurity solutions that we have experienced in the past will continue in the future. Furthermore, if we or other SaaS security providers experience security incidents, loss or disclosure of customer data, disruptions in delivery, or other problems, the market for SaaS solutions as a whole, including our security solutions, could be negatively affected.

Historically, information sharing related to cybersecurity has been a very well accepted concept from a theoretical perspective but very difficult to implement in practice. Companies are generally reluctant to share their sensitive cyber information with other entities, despite knowing the advantages of doing so. Misperceptions may exist, however, about what information gets shared, with whom that information is shared, and the jurisdictions (including foreign countries) of the companies with which the information gets shared. Further, concerns of existing or potential customers may exist related to the ability to completely remove any indicia of the source company, general market rejection of information sharing, or specific market skepticism of our approach, which may further add to a lack of customer acceptance.

In addition to the potential concerns related to sharing sensitive information in a system consisting of commercial or potentially competitive entities, additional concerns can arise when governments become involved as participants in the collective defense ecosystem. From a commercial perspective, companies frequently view information sharing on platforms with governments that are also customers as risky, based on perceptions that the governments might use such shared information to take action against the companies or to otherwise utilize it in a way that will expose such companies to liability. Such perceptions could lead commercial entities to stop sharing, not procure our services in the first place, or terminate their relationship with us altogether. Similarly, governments (as customers) may be unable to properly process such data or utilize it in a meaningful way, or share useful information back into our solutions. Any of these concerns could lead to reduced sales or contribute to a lack of customer acceptance. In addition, the mere involvement of one or more government entities as customers may harm our reputation with certain companies.

We (including the Predecessor and the Successor) have experienced rapid growth in recent periods, and if we do not manage our future growth, our business and results of operations will be adversely affected.

ZeroFox experienced rapid revenue growth in recent periods, and we expect to continue to invest broadly across our organization to support our growth. For example, ZeroFox’s actual employee headcount grew from 158 employees as of January 31, 2019, to 914 employees as of January 31, 2024. Additionally, ZeroFox's revenue grew from $8.9 million in fiscal 2019 to $233.3 million in fiscal year 2024. Although ZeroFox experienced rapid growth historically, we may not sustain these growth rates, nor can we assure you that our investments to support our growth will be successful. The growth and expansion of our business will require us to invest significant financial and operational resources and the continuous dedication of our management team. We have encountered and will continue to encounter risks and difficulties frequently experienced by rapidly growing companies in evolving industries, including market acceptance of our Platform, adding new customers, intense competition, and our ability to manage our costs and operating expenses. Our future success will depend in part on our ability to manage our growth effectively, which will require us to, among other things:

effectively attract, integrate, and retain a large number of new employees, particularly members of our sales and marketing and research and development teams;

further improve our Platform and cloud infrastructure to support our business needs;

enhance our information and communication systems to ensure that our employees and offices around the world are well-coordinated and can effectively communicate with each other and our growing base of channel partners and customers; and

improve our financial, management, and compliance systems and controls.

If we fail to achieve these objectives effectively, our ability to manage our expected growth, ensure uninterrupted operation of our Platform and key business systems, and comply with the rules and regulations applicable to our business could be impaired. Additionally, the quality of our Platform and services could suffer and we may not be able to adequately address competitive challenges. Any of the foregoing could adversely affect our business, results of operations, and financial condition.

We face intense competition and could lose market share to our competitors, which could adversely affect our business, financial condition, and results of operations.

The market for security solutions is intensely competitive, fragmented, and characterized by rapid changes in technology, customer requirements and industry standards, increasingly sophisticated attackers, and by frequent introductions of new or improved products to combat security threats. We expect to continue to face intense competition from current competitors, as well as from new entrants into the market given the relatively low barriers to entry in the industry. If we are unable to anticipate or react to these challenges, our competitive position could weaken, and we could experience a decline in revenue or reduced revenue growth, and loss of market share that would adversely affect our business, financial condition, and results of operations. Our ability to compete effectively depends upon numerous factors, many of which are beyond our control, including, but not limited to:

product capabilities, including the performance and reliability of our Platform; including our services and features, compared to those of our competitors;

our ability versus the ability of our competitors, to improve existing products, services, and features, or to develop new ones to address evolving customer needs;

our ability to attract, retain, and motivate talented employees;

our ability to establish and maintain relationships with channel partners;

our ability to acquire services from third parties at competitive prices;

the strength of our sales and marketing efforts; and

acquisitions or consolidation within our industry, which may result in more formidable competitors.

Our competitors include the following, by general category:

digital risk protection, such as Proofpoint, Rapid7 and Forta;

threat intelligence providers, such as Mandiant and Recorded Future; and

breach response providers, such as Experian, Transunion, and Kroll.

Many of these competitors have greater financial, technical, marketing, sales, and other resources, greater name recognition, longer operating histories, and a larger base of customers than we do. They may be able to devote greater resources to the development, promotion, and sale of services than we can, and they may offer lower pricing than we do. Further, they may have greater resources for research and development of new technologies, the provision of customer support, and the pursuit of acquisitions, or they may have other financial, technical, or other resource advantages. Our larger competitors have substantially broader and more diverse product and service offerings as well as routes to market, which allows them to leverage their relationships based on other products and to incorporate functionality into existing products to gain business in a manner that discourages users from purchasing our Platform. Conditions in our market could change rapidly and significantly because of technological advancements, partnering or acquisitions by our competitors or continuing market consolidation. Some of our competitors have recently made acquisitions of businesses or have established cooperative relationships that may allow them to offer more directly competitive and comprehensive solutions than were previously offered and adapt more quickly to new technologies and customer needs. As a result of such acquisitions or arrangements, our current or potential competitors may be able to devote greater resources to bring these solutions and services to market, initiate or withstand substantial price competition or develop and expand their product and service offerings more quickly than we do. These competitive pressures in our market or our failure to compete effectively may result in price reductions, fewer orders, reduced revenue and gross margins, increased net losses and loss of market share. Further, many competitors that specialize in providing protection from a single type of security threat may be able to deliver these targeted security products to the market quicker than we can or convince organizations that these limited products meet their needs. Even if there is significant demand for cloud-based security solutions like ours, if our competitors include functionality that is, or is perceived to be, equivalent to or better than ours in legacy products that are already generally accepted as necessary components of an organization’s security architecture, we may have difficulty increasing the market penetration of our Platform. Furthermore, even if the functionality offered by other security providers is different and more limited than the functionality of our Platform, organizations may elect to accept such limited functionality in lieu of adding products from additional vendors like us.

For all of these reasons, competition may negatively impact our ability to maintain and grow consumption of our Platform and solutions or put downward pressure on our prices and gross margins, any of which could materially harm our reputation, business, financial condition, and results of operations.

Competitive pricing pressure may reduce revenue, gross profits, and adversely affect our financial results.

If we are unable to maintain our pricing due to competitive pressures or other factors, our revenue and margins may be reduced and our revenue and gross profits, business, results of operations and financial condition may be adversely affected. The prices for our Platform, products and solutions, and professional services may decline for a variety of reasons, including competitive pricing pressures, discounts, anticipation of the introduction of new solutions by competitors, or promotional programs offered by us or our competitors. Competition continues to increase in the market segments in which we operate, and we expect competition to further increase in the future. Larger competitors with more diverse product and service offerings may reduce the price of products or subscriptions that compete with ours or may bundle them with other products and subscriptions in an effort to leverage their existing market share to make it harder for newer companies, like us, to effectively compete.

Adverse general and industry-specific economic and market conditions and reductions in customer spending, in either the private or public sector, including as a result of geopolitical uncertainty such as the ongoing conflict between Russia and Ukraine, may reduce demand for our Platform or products and solutions, which could harm our business, financial condition and results of operations.

Our business, financial condition, and results of operations depend on the overall demand for our Platform and products and solutions. Negative conditions in the general economy both in the United States and abroad, including conditions resulting from the COVID-19 pandemic, changes in gross domestic product growth, financial and credit market fluctuations, energy costs, international trade relations, geopolitical issues, such as the conflict between Russia and Ukraine, or the availability and cost of credit could lead to increased market volatility, decreased consumer confidence, and diminished growth expectations in the U.S. economy and abroad, which in turn could result in reductions in information technology, software, and security spending by our existing and prospective customers. Negative economic conditions in both the public and private sectors, including macroeconomic, political and market conditions, government shutdowns or reduction in government spending, the availability of short-term and long-term funding and capital, the level and volatility of interest rates, currency exchange rates, and inflation, may cause customers to reduce their spending. Prolonged economic slowdowns may result in customers delaying or canceling projects, choosing to focus on in-house development efforts or seeking to lower their costs by requesting us to renegotiate existing contracts on less advantageous terms or defaulting on payments due on existing contracts or not renewing at the end of the contract term.

We employ multiple and evolving pricing models, which subject us to various pricing challenges that could make it difficult for us to derive value from our customers and may adversely affect our business, financial condition, and results of operations.

We employ multiple and evolving pricing models for our offerings. Our pricing models may ultimately result in a higher total cost to our customers generally as data volumes increase over time, or may cause our customers to limit or decrease usage in order to stay within the limits of their existing licenses or lower their costs, making it more difficult for us to compete in our markets or negatively impacting our business, financial condition, and results of operations. As the amount of data within our customers’ organizations grows, we face downward pressure from our customers regarding our pricing, which could adversely affect our revenue and operating margins. In addition, our pricing models may allow competitors with different pricing models to attract customers unfamiliar or uncomfortable with our pricing models, which would cause us to lose business or modify our pricing models, both of which could adversely affect our revenue and operating margins. We have introduced and expect to continue to introduce variations to our pricing models, including but not limited to usage-based, tiered pricing based on number of users, flat upfront fee, fixed price, level of effort, cost plus fee, utility-based pricing and other pricing programs. We also must determine the appropriate price to enable us to compete effectively internationally. Although we believe that these pricing models and variations to these models will drive net new customers, and increase customer adoption, it is possible that they will not and may potentially cause customers to decline to purchase or renew contracts with us or confuse customers and reduce their lifetime value, which could negatively impact our business, financial condition, and results of operations.

If we fail to adapt to rapid technological change, evolving industry standards and changing customer needs, requirements or preferences, our ability to remain competitive could be impaired.

The market for our Platform and solutions is characterized by rapid technological change, evolving industry standards and changing regulations, as well as changing customer needs, requirements, and preferences. The success of our business will depend, in part, on our ability to anticipate, adapt and respond effectively to these changes on a timely and cost-effective basis. In addition, as our customers’ data infrastructure needs grow more complex, we expect them to face new and increasing challenges. Our customers require that our Platform and products and solutions effectively identify and respond to these challenges without disrupting the performance of our customers’ information technology and data systems or interrupting their operations. As a result, we must continually modify and improve our offerings in response to changes in our customers’ data infrastructures and operational needs or end-user preferences. The success of any enhancement to our existing offerings or the deployment of new offerings depends on several factors, including the timely completion and market acceptance of our enhancements or new offerings. Any enhancement to our existing offerings or new offerings that we develop and introduce involves significant commitment of time and resources and is subject to a number of risks and challenges, including, but not limited to:

ensuring the timely release of new solutions (including products and professional services) and enhancements to our existing solutions;

adapting to emerging and evolving industry standards, technological developments by our competitors and customers and changing regulatory requirements;

interoperating effectively with existing or newly-introduced technologies, systems or applications of our existing and prospective customers;

resolving defects, errors or failures in our Platform or solutions;

extending our solutions to new and evolving operating systems and hardware products; and

managing new solutions, product suites, and service strategies for the markets in which we operate.

If we are not successful in managing these risks and challenges, or if our Platform or products and solutions (including any upgrades thereto) are not technologically competitive or do not achieve market acceptance, our business, financial condition, and results of operations could be adversely affected.

If we are unable to maintain successful relationships with our channel partners, or if our channel partners fail to perform, our ability to market, sell, and distribute our Platform will be limited, and our business, financial position, and results of operations will be harmed.

In addition to our direct sales force, we rely on our channel partners to sell our Platform. A substantial amount of sales of our Platform flows through our channel partners and we expect this to continue for the foreseeable future. ZeroFox derived approximately 21% of its revenue for the fiscal year 2024 from subscriptions through channel partners. The loss of a substantial number of our channel partners or the failure to recruit additional channel partners, could adversely affect our operating results. Our ability to increase revenue will depend in part on our success in maintaining successful relationships with our channel partners and in training our channel partners to independently sell and deploy our Platform. If we fail to effectively manage our existing sales channels, or if our channel partners are unsuccessful in fulfilling the orders for our solutions, or if we are unable to enter into arrangements with, and retain a sufficient number of, high quality channel partners in each of the regions in which we sell products and solutions and keep them motivated to sell our products and solutions, our ability to sell our products and solutions and results of operations will be harmed.

We target enterprise customers and government organizations, and sales to these customers involve risks that may not be present or that are present to a lesser extent with sales to smaller entities.

We have a sales team that targets enterprise customers and government organizations. These sales involve risks that may not be present or that are present to a lesser extent with sales to smaller entities, such as longer sales cycles, more complex customer requirements, substantial upfront sales costs, and less predictability in completing sales. For example, enterprise customers may require considerable time to evaluate and test our products and solutions and those of our competitors prior to making a purchase decision and placing an order. A number of factors influence the length and variability of our sales cycle, including the need to educate potential customers about the uses and benefits of our products and solutions, the discretionary nature of purchasing and budget cycles, and the competitive nature of evaluation and purchasing approval and/or competitive bidding processes. As a result, the length of our sales cycle, from identification of the opportunity to deal closure, may vary significantly from customer to customer, with sales to enterprise customers and government organizations typically taking longer to complete. Moreover, enterprise customers often begin to deploy our products and solutions on a limited basis, but nevertheless demand configuration, integration services and pricing negotiations, which increase our upfront investment in the sales effort with no guarantee that these customers will deploy our products and solutions widely enough across their organization to justify our substantial upfront investment. Further, a significant percentage of our enterprise sales are to customers in the financial services sector. An economic slowdown in that sector could adversely impact our sales.

Our success and ability to grow our business depend on retaining and expanding our customer base. If we fail to add new customers or retain existing customers, our business, financial condition, and results of operations could be harmed.

We may enter into subscription agreements for our Platform and solutions where customers have discretion to renew or terminate services at the end of the term, or stand-alone agreements for the provision of specified software or services. For us to improve our operating results, it is important that we add new customers and that our existing customers renew their subscriptions and upgrade and expand their subscribed services. Our customers have no obligation to renew their subscriptions, to upgrade or expand their subscribed services, or to continue their relationship with us once a stand-alone engagement ends. Our customers’ renewal, upgrade, and expansion rates may decline or fluctuate as a result of a number of factors, including their satisfaction or dissatisfaction with our offerings, our pricing, the effects of general economic conditions, competitive offerings, or alterations or reductions in our customers’ spending levels. If we are unable to add new customers or if our existing customers do not renew their subscriptions when the term expires or do not upgrade and expand the subscribed services or if customers renew on terms less favorable to us, or do not otherwise continue to use our Platform and solutions for subsequent engagements, our revenue may decline and our business, financial condition, and results of operations could be harmed.

Our customers may merge with other entities who purchase solutions and services from our competitors, and, during weak economic times, there is an increased risk that one or more of our customers will file for bankruptcy protection, either of which may harm our business, financial condition, and results of operations. We also face risks from international customers that file for bankruptcy protection in foreign jurisdictions, particularly given that the application of foreign bankruptcy laws may be more difficult to predict. In addition, we may determine that the cost of pursuing any claim may outweigh the recovery potential of such claim. As a result, broadening or protracted extension of an economic downturn could harm our business, financial condition, and results of operations.

We provide service level commitments under some of our customer contracts. If we fail to meet these contractual commitments, we could be obligated to provide credits for future service and our business could suffer.

Certain of our customer agreements contain service level commitments, which contain specifications regarding the availability and performance of our Platform. Any failure of or disruption to our infrastructure could impact the performance of our Platform and the availability of products and services to customers. If we are unable to meet our stated service level commitments or if we suffer extended periods of poor performance or unavailability of our Platform, we may be contractually obligated to provide affected customers with service credits for future subscriptions, refunds, and in certain cases, the right to cancel their subscription. Our revenue, other results of operations and financial condition could be harmed if we suffer performance issues or downtime that exceeds the service level commitments under our agreements with our customers.

Our business will be subject to the risks of natural catastrophic events and to interruption by man-made problems such as power disruptions or terrorism.

A significant natural disaster, such as an earthquake, a fire, a flood, or significant power outage could have a material adverse impact on our business, results of operations and financial condition. Natural disasters could affect our personnel, supply chain, or logistics providers’ ability to provide materials and perform services. In addition, climate change could result in an increase in the frequency or severity of natural disasters. In the event that our infrastructure, or the information technology systems, supply chain or logistics of our service providers, is hindered by any of the events discussed above, the results could be missed financial targets, such as revenue, for a particular quarter. Likewise, we could be subject to other man-made problems, including but not limited to power disruptions and terrorist acts.

We rely heavily on the services of our senior management team, and if we are not successful in attracting or retaining senior management personnel, we may not be able to successfully implement our business strategy.

Our future success is substantially dependent on our ability to attract, retain, and motivate our key employees and the members of our management team. In particular, we are highly dependent on the services of James C. Foster, our chief executive officer, who is critical to our future vision and strategic direction. We also rely on our leadership team in the areas of operations, security, analytics, engineering, product management, research and development, marketing, sales, partnerships, mergers and acquisitions, support, and general and administrative functions. Although we entered into employment agreements with our key personnel, our senior management is employed on an “at-will” basis, which means they may terminate their employment with us at any time. If one or more of our key employees resigns or otherwise ceases to provide us with their service, our business could be harmed.

We rely on the performance of highly skilled personnel, including senior engineering, professional services, sales and technology professionals, and our ability to increase our customer base depends to a significant extent on our ability to expand our sales and marketing operations.

We believe our success has depended, and continues to depend, on the efforts and talents of our highly skilled team members, including our sales personnel, professional services personnel, and software engineers. We do not maintain key person insurance on any of our employees. Our key employees are employed on an “at-will” basis, which means that they could terminate their employment with us at any time. The loss of any of our key employees could adversely affect our ability to execute our business plan, and we may not be able to find adequate replacements. We cannot ensure that we will be able to retain the services of our key employees.

If we do not effectively expand and train our sales force, we may be unable to add new customers or increase sales to our existing customers, and our business will be adversely affected.

We depend on our sales force to obtain new customers and increase sales with existing customers. Our ability to achieve significant revenue growth will depend, in large part, on our success in recruiting, training and retaining sufficient numbers of sales personnel, and our third-party channel partner network of resellers, both domestically and internationally. We have expanded our sales organization in recent periods and expect to continue to add additional sales capabilities in the near term. Significant competition exists for sales personnel with the skills and technical knowledge that we require. New hires require significant training and may take significant time before they achieve full productivity, and this delay may be accentuated by our long sales cycles. Our recent hires and planned hires may not become productive as quickly as we expect, and we may be unable to hire or retain sufficient numbers of qualified individuals in the markets where we do business or plan to do business. In addition, a significant percentage of our sales force is new to our Company and selling our solutions, and therefore this team may be less effective than our more seasoned sales personnel. Furthermore, hiring sales personnel in new countries, or expanding our existing presence, requires upfront and ongoing expenditures that we may not recover if the sales personnel fail to achieve full productivity. We cannot predict whether, or to what extent, our sales will increase as we expand our sales force or how long it will take for sales personnel to become productive. If we are unable to hire and train a sufficient number of effective sales personnel, or the sales personnel we hire are not successful in obtaining new customers or increasing sales to our existing customer base, our business and results of operations will be adversely affected. All of these efforts will require us to invest significant financial and other resources and our business will be harmed if our efforts do not generate a correspondingly significant increase in revenue.

Our ability to maintain customer satisfaction depends in part on the quality of our customer support.

Once our Platform and solutions are purchased, our customers depend on our maintenance and support teams to resolve technical and operational issues relating to our Platform and solutions. Our ability to provide effective customer maintenance and support is largely dependent on our ability to attract, train, and retain qualified personnel with experience in supporting customers with our Platform and products and solutions such as ours and maintaining the same. The number of our customers has grown significantly and that has and will continue to put additional pressure on our support teams. We may be unable to respond quickly enough to accommodate short-term increases in customer demand for technical support. We may be subject to disruptions in customer support as well as failures to provide adequate support for reasons that are outside of our direct control.

We also may be unable to modify the future, scope, and delivery of our maintenance services and technical support to compete with changes in the technical services provided by our competitors. Increased customer demand for maintenance and support services, without corresponding revenue, could increase costs and negatively affect our operating results. In addition, if we experience increased customer demand for support and maintenance, we may face increased costs that may harm our business, financial condition, or results of operations. Further, as we continue to grow our operations and support our global customer base, we need to be able to continue to provide efficient support and effective maintenance that meet our customers’ needs globally at scale. Customers receive additional maintenance and support features, and the number of our customers has grown significantly, which will put additional pressure on our organization. If we are unable to provide efficient customer maintenance and support globally at scale or if we need to hire additional maintenance and support personnel, our business may be harmed. Our ability to attract new customers is highly dependent on our business reputation and on positive recommendations from our existing customers. Any failure to maintain high-quality maintenance and support services or a market perception that we do not maintain high-quality maintenance and support services for our customers would harm our business.

If we cannot maintain our company culture as we grow, we could lose the innovation, teamwork, passion, and focus on execution that we believe contribute to our success and our business may be harmed.

We believe that our corporate culture has been a contributor to our success, which we believe promotes innovation, teamwork, passion and focus on building and marketing our products and solutions. Any integration challenges or any failure to preserve our culture could harm our future success, including our ability to retain and recruit personnel, innovate and operate effectively and execute on our business strategy. As we grow, we may find it difficult to maintain our corporate culture. Additionally, our productivity and the quality of our products and solutions may be adversely affected if we do not integrate and train our new employees quickly and effectively. If we experience any of these effects in connection with future growth, it could impair our ability to attract new customers, retain existing customers and expand their use of our products and solutions, all of which would adversely affect our business, financial condition and results of operations.

We recognize revenue from subscription to our Platform over the term of the subscription. Consequently, increases or decreases in new sales may not be immediately reflected in our results of operations.

We generally recognize revenue from customers ratably over the terms of their subscriptions, which are generally one to three years. As a result, a substantial portion of the revenue we report in each period is attributable to the recognition of deferred revenue relating to agreements that we entered into during previous periods. Consequently, any increase or decline in new sales or renewals in any one period will not be immediately reflected in our revenue for that period. Any such change, however, would affect our revenue in future periods. Accordingly, the effect of downturns or upturns in new sales and potential changes in our rate of renewals may not be fully reflected in our results of operations until future periods. We may also be unable to timely reduce our cost structure in line with a significant deterioration in sales or renewals that would adversely affect our results of operations and financial condition.

Our operating results may fluctuate significantly which could make our future results difficult to predict and could cause our operating results to fall below expectations.

Our operating results may vary significantly in the future, particularly considering the number of enterprise customer contracts and the cyclical nature of our government sales generation, and period-to-period comparisons of our operating results may not be meaningful. Accordingly, the results of any one quarter should not be relied upon as an indication of future performance. Our operating results may fluctuate as a result of a variety of factors, many of which are outside of our control, and as a result, may not fully reflect the underlying performance of our business. Fluctuations in operating results may negatively impact the value of our securities. Factors that may cause fluctuations in our quarterly operating results include, without limitation:

our ability to generate significant revenue from new offerings and cross-selling current offerings;

our ability to expand our number of customers and sales;

our ability to hire and retain employees, in particular those responsible for our sales and marketing;

changes in the way we organize and compensate our sales teams;

the timing of expenses and recognition of revenue;

the timing and length of our sales cycles;

increased sales to large organizations;

the amount and timing of operating expenses related to the maintenance and expansion of our business and operations, as well as international expansion;

the timing and effectiveness of new sales and marketing initiatives;

changes in our pricing policies or those of our competitors;

the timing and success of new platforms, applications, features, and functionality by us or our competitors;

changes in the competitive dynamics of our industry, including consolidation among competitors;

changes in laws and regulations that impact our business;

the timing of expenses related to any future acquisitions, including our ability to successfully integrate, and fully realize the expected benefits of, completed acquisitions;

health epidemics or pandemics, such as the COVID-19 pandemic;

civil unrest and geopolitical instability, including as a result of the ongoing conflict between Russia and Ukraine; and

general political, economic, and market conditions.

Our long-term success depends, in part, on our ability to expand the sale of our Platform to customers located outside of the U.S., and our current, and any further, expansion of our international operations exposes us to risks that could have a material adverse effect on our business, operating results, and financial condition.

We are generating a portion of our revenue outside of the U.S., and conduct our business activities in various foreign countries, including some emerging markets, where the challenges of conducting our business can be significantly different from those we have faced in more developed markets and where business practices may create internal control risks. There are certain risks inherent in conducting international business, including:

fluctuations in foreign currency exchange rates, which could add volatility to our operating results;

new, or changes in, regulatory requirements;

uncertainty regarding regulation, currency, tax, and operations resulting from the United Kingdom’s, or the U.K., exit from the European Union, or the E.U., and possible disruptions in trade, the sale of our services and commerce, and movement of our people between the U.K., E.U., and other locations;

tariffs, export and import restrictions, restrictions on foreign investments, sanctions, and other trade barriers or protection measures;

costs and liabilities related to compliance with foreign privacy, data protection and information security laws and regulations, including the General Data Protection Regulation of the European Union, or the GDPR, and the risks and costs of noncompliance;

costs of localizing products and services;

the lack of acceptance of localized products and services;

the need to make significant investments in people, solutions and infrastructure, typically well in advance of revenue generation;

challenges inherent in efficiently managing an increased number of employees over large geographic distances, including the need to implement appropriate systems, policies, benefits and compliance programs;

difficulties in maintaining our corporate culture with a dispersed and distant workforce;

treatment of revenue from international sources, evolving domestic and international tax environments, and other potential tax issues, including with respect to our corporate operating structure and intercompany arrangements;

different standards for or weaker protection of our intellectual property, including increased risk of theft of our proprietary technology and other intellectual property;

economic weakness or currency-related crises;

compliance with multiple, conflicting, ambiguous or evolving governmental laws and regulations, including employment, tax, privacy, anti-corruption, import/export, antitrust, data transfer, storage and protection, and industry-specific laws and regulations, including rules related to compliance by our third-party resellers and our ability to identify and respond timely to compliance issues when they occur, and regulations applicable to us and our third-party data providers from whom we purchase and resell data;

vetting and monitoring our third-party resellers in new and evolving markets to confirm they maintain standards consistent with our brand and reputation;

generally longer payment cycles and greater difficulty in collecting accounts receivable;

our ability to adapt to sales practices and customer requirements in different cultures;

the lack of reference customers and other marketing assets in regional markets that are new or developing for us, as well as other adaptations in our market generation efforts that we may be slow to identify and implement;

dependence on certain third parties, including resellers with whom we do not have extensive experience;

natural disasters, acts of war, terrorism, or pandemics, including the ongoing COVID-19 pandemic;

corporate espionage; and

political instability and security risks in the countries where we are doing business and changes in the public perception of governments in the countries where we operate or plan to operate.

We might undertake corporate operating restructurings that involve our group of foreign country subsidiaries through which we do business abroad. We consider various factors in evaluating these restructurings, including the alignment of our corporate legal entity structure with our organizational structure and our objectives, the operational and tax efficiency of our group structure, and the long-term cash flows and cash needs of our business. Such restructurings could increase our operating costs, and if ineffectual, could increase our income tax liabilities and our global effective tax rate.

Risks Related to Government Contracting

One U.S. government customer accounts for a substantial portion of our revenue. If our relationship with our largest customer is impaired or terminated, our revenue would decline, and our business, financial condition, and results of operations would be adversely affected.

We have derived a substantial portion of our revenue from one U.S. government customer, the Office of Personnel Management (OPM). Our current contract with OPM has been extended to an optional period ending on June 30, 2024. On December 28, 2023, we were awarded a new contract by OPM (the "new OPM Contract"). The New OPM Contract is structured as a Base Period from July 1, 2024 to June 30, 2025, followed by a series of options as follows: Option Period I from July 1, 2025 to June 30, 2026, Option Period II from July 1, 2026 to September 30, 2026, Option Period, Option Period III from October 1, 2026 to March 31, 2027, Option Period IV from April 1, 2027 to September 30, 2027, Option Period V from October 1, 2027 to March 31, 2028, and Option Period VI from April 1, 2028 to September 30, 2028. OPM has an option to add a six-month transition out period to run concurrently with any option period. OPM accounted for approximately 35% of revenue for the year ended January 31, 2024.

As a result, our revenue could fluctuate materially, and could be materially and disproportionately affected by purchasing decisions by this customer or any other significant future customer. This customer may decide to purchase less than it has in the past, may alter its purchasing patterns at any time with limited notice, or may decide not to continue to license our products at all, any of which could cause our revenue to decline and adversely affect our financial condition and results of operations. If we do not further diversify our customer base, we will continue to be susceptible to risks associated with customer concentration.

Our business depends, in part, on sales to government organizations, and significant changes in the contracting or fiscal policies of such government organizations could have an adverse effect on our business and results of operations.

Our future growth depends, in part, on increasing sales to government organizations. Demand from government organizations is often unpredictable, subject to budgetary uncertainty and typically involves long sales cycles. We have made significant investment to address the government sector, but we cannot assure you that these investments will be successful, or that we will be able to maintain or grow our revenue from the government sector. U.S. federal, state, and local government sales are subject to a number of challenges and risks that may adversely impact our business. Sales to such government entities include the following risks:

selling to governmental agencies can be highly competitive, expensive, and time consuming, often requiring significant upfront time and expense without any assurance that such efforts will generate a sale;

government certification requirements applicable to our products may change and, in doing so, restrict our ability to sell into the U.S. Federal Government sector until we have attained the revised certification.

government demand and payment for our Platform may be impacted by public sector budgetary cycles and funding priorities and authorizations, with funding reductions or delays adversely affecting public sector demand for our Platform;

governments routinely investigate and audit government contractors’ administrative processes, and any unfavorable audit could result in the government refusing to continue buying our Platform, which would adversely impact our revenue and results of operations, or institute fines or civil or criminal liability if the audit were to uncover improper or illegal activities; and

governments may add new or change existing contractual and/or data security infrastructure requirements that could restrict our ability to sell to government customers.

The occurrence of any of the foregoing could cause governments and governmental agencies to delay or refrain from purchasing our solutions in the future or otherwise have an adverse effect on our business and results of operations.

A decline in the U.S. Government budget, changes in spending or budgetary priorities or delays in contract awards may adversely affect our business, financial condition, and results of operations and limit our growth prospects.

Revenue under contracts with U.S. government agencies represents a substantial amount of our total revenue. Levels of U.S. government spending are difficult to predict and subject to significant risk. Laws and plans adopted by the U.S. Government relating to, along with pressures on and uncertainty surrounding the U.S. federal budget, potential changes in budgetary priorities, sequestration, the appropriations process, and the permissible federal debt limit, could adversely affect the funding for individual programs and delay purchasing or payment decisions by our customers. Considerable uncertainty exists regarding how future budget and program decisions will unfold and what challenges budget reductions will present for us and the industry for our solutions and products.

Current U.S. government spending levels may not be sustained and future spending and program authorizations may not increase or may decrease or shift to programs in areas in which we do not provide services or are less likely to be awarded contracts. Such changes in spending authorizations and budgetary priorities may occur as a result of uncertainty surrounding the federal budget, increasing political pressure and legislation, shifts in spending priorities as a result of competing demands for federal funds, or other factors. In the event government funding relating to our contracts with the U.S. Government becomes unavailable, or is reduced or delayed, or planned orders are reduced, our contract or subcontract under such programs may be terminated or adjusted by the U.S. Government or the prime contractor, if applicable. Our operating results could also be adversely affected by spending caps or changes in the budgetary priorities of the U.S. Government, as well as delays in program starts or the award of contracts or task orders under contracts.

In addition, changes to the federal acquisition system and contracting models could affect whether and how we pursue certain opportunities and the terms under which we are able to do so. A significant decline in overall U.S. government spending, a significant shift in its spending priorities, significant delays in contract or task order awards for large programs could adversely affect our business, financial condition, and results of operations and limit our growth prospects.

A delay in the completion of the U.S. Government’s budget and appropriation process could delay procurement of solutions we provide and have an adverse effect on our future revenue.

The funding of U.S. government programs is subject to an annual congressional budget authorization and appropriations process. In years when the U.S. Government does not complete its appropriations before the beginning of the new fiscal year on October 1, government operations are typically funded pursuant to a “continuing resolution,” which allows federal government agencies to operate at spending levels approved in the previous appropriations cycle but does not authorize new spending initiatives. When the U.S. Government operates under a continuing resolution, delays can occur in the procurement of our products and solutions and may result in new initiatives being canceled. Revenue from government customers is often cyclical and based upon delays or change in the appropriation cycle or government shutdowns and thus can impact future performance. When the U.S. Government fails to complete its appropriations process or to provide for a continuing resolution, a full or partial federal government shutdown may result. A federal government shutdown could, in turn, result in our incurrence of substantial labor or other costs without reimbursement under customer contracts, the delay or cancellation of key programs or the delay of contract payments, which could have a negative effect on our cash flows and adversely affect our business, financial condition, and results of operations. For many programs, Congress appropriates funds on an annual fiscal year basis even though the program performance period may extend over several years. Consequently, programs are often partially funded initially, and additional funds are committed only as Congress makes further appropriations. If we incur costs in excess of funds obligated on a contract, we may be at risk for reimbursement of those costs unless or until additional funds are earmarked to the contract. In addition, when supplemental appropriations are required to operate the U.S. Government or fund specific programs and passage of legislation needed to approve any supplemental appropriations bill is delayed, the overall funding environment for our business could be adversely affected.

Due to the competitive process to obtain contracts and the likelihood of bid protests, we may be unable to achieve or sustain revenue growth and our business, financial condition, and results of operations may be adversely affected.

A substantial portion of the business that we seek with respect to our solutions is subject to competitive bidding processes with U.S. government customers. The U.S. Government has increasingly relied on contracts that are subject to a continuing competitive bidding process which has resulted in greater competition and increased pricing pressure. The competitive bidding process involves substantial costs and several risks, including significant cost and managerial time to prepare bids and proposals for contracts that may not be awarded to us, may be split among competitors or that may be awarded but for which we do not receive meaningful task orders, and to the risk of inaccurately estimating the resources and costs that will be required to fulfill any contract we win.

Following contract award, we may encounter significant expense, delay, contract modifications or even contract loss because of our competitors challenging (or protesting) the award of contracts to us in competitive bidding. Any resulting loss or delay of start-up and funding of work under protested contract awards may adversely affect our revenue and/or profitability. In addition, multi-award contracts require that we make sustained post-award efforts to obtain task orders under the contract. As a result, we may not be able to obtain these task orders or recognize revenue under these multi-award contracts. We are also experiencing increased competition generally which impacts our ability to obtain contracts. Our failure to compete effectively in this procurement environment would adversely affect our revenue and our business, financial condition, and results of operations may be adversely affected.

The U.S. Government may terminate, cancel, stop, modify or curtail our contracts at any time prior to their completion and, if we do not replace them, this may adversely affect our future revenue and profitability.

Many of the U.S. government programs in which we may participate as a prime contractor or subcontractor extend for several years and include one or more base years and one or more option years. These programs are normally funded on an annual basis. Under our contracts, the U.S. Government generally has the right to not exercise options to extend or expand our contracts and may otherwise terminate, cancel, stop, modify, or curtail our contracts at its convenience. Any decisions by the U.S. Government to not exercise contract options or to terminate, cancel, stop, modify or curtail our major programs or contracts would adversely affect our revenue, revenue growth, and profitability.

We may also experience technological or other performance difficulties under our contracts, which may result in delays, cost overruns, and failures in our performance of these contracts. If a government customer terminates a contract for default, we may be exposed to liability, including for excess costs incurred by the customer in procuring undelivered services and solutions from another source. Depending on the nature and value of the contract, a performance issue or termination for default could cause our actual results to differ from those anticipated and could harm our reputation, and even lead to a suspension or debarment action.

Our failure to comply with a variety of complex procurement rules and regulations could result in our being liable for civil or criminal penalties, termination of our U.S. government contracts, disqualification from bidding on future U.S. government contracts, and suspension or debarment from U.S. government contracting.

As a U.S. government contractor, we must comply with laws and regulations relating to the formation, administration, and performance of U.S. government contracts, which affect how we do business with our customers. Such laws and regulations may potentially impose added costs on our business and our failure to comply with them may lead to civil or criminal penalties, termination of our U.S. government contracts, or suspension or debarment from contracting with federal agencies. Some significant laws and regulations that affect us include, but are not limited to the following:

the Federal Acquisition Regulations (FAR) and FAR supplements, which regulate the formation, administration, and performance of U.S. government contracts;

Truthful Cost or Pricing Data, formerly known as the Truth in Negotiations Act, which requires certification and disclosure of cost and pricing data in connection with certain contract negotiations;

the Procurement Integrity Act, which regulates access to competitor bid and proposal information and government source selection information and our ability to provide compensation to certain former government officials;

the Civil False Claims Act, which provides for substantial civil penalties for violations, including for the knowing submission of a false or fraudulent claim to the U.S. Government for payment or approval;

the False Statements Act, which imposes civil and criminal liability for making false statements to the U.S. Government; and

the U.S. government Cost Accounting Standards, which imposes accounting requirements that govern our right to reimbursement under certain cost-based U.S. government contracts.

The FAR and many of our U.S. government contracts contain organizational conflict of interest clauses that may limit our ability to compete for or perform certain other contracts or other types of services for particular customers. Organizational conflicts of interest (OCI) arise when we engage in activities that may make us unable to render impartial assistance or advice to the U.S. Government, impair our objectivity in performing contract work or provide us with an unfair competitive advantage in winning or performing on a contract. An OCI that precludes our competition for or performance on a significant program or contract could harm our prospects. Conversely, our failure to identify and disclose an OCI can result in civil and/or criminal penalties.

The U.S. Government may adopt new contract rules and regulations or revise its procurement practices in a manner adverse to us at any time without notice and/or compensation, which could adversely affect our profitability, cash position or growth prospects.

Our industry has experienced, and we expect it will continue to experience, significant changes to business practices because of an increased focus on affordability, efficiencies and recovery of costs, among other items. U.S. government agencies may face restrictions or pressure regarding the type and number of services that they may obtain from private contractors. Legislation, regulations, and initiatives dealing with enhanced governance, oversight, and/or security (physical or cyber), procurement reform, mitigation of potential conflicts of interest, and environmental responsibility or sustainability, as well as any resulting shifts in the buying practices of U.S. government agencies, such as increased usage of fixed-price contracts, multiple-award contracts and small business set-aside contracts, could have adverse effects on government contractors. Any of these changes could impair our ability to obtain new contracts or renew our existing contracts when customers recompete those contracts. Any new contracting requirements or procurement methods could be costly or administratively difficult for us to implement and could adversely affect our business, financial condition, and results of operations.

As a U.S. government contractor, we are subject to reviews, audits, and cost adjustments by the U.S. Government, which, if resolved unfavorably to us, could adversely affect our profitability, cash position or growth prospects.

U.S. government contractors (including their subcontractors and others with whom they do business) operate in a highly regulated environment and are routinely audited and reviewed by the U.S. Government and its agencies. These agencies review a contractor’s performance on government contracts, cost structure, indirect rates, and pricing practices and compliance with applicable contracting and procurement laws, regulations, terms and standards, as well as the adequacy of our systems and processes in meeting government requirements. They also review the adequacy of the contractor’s compliance with government standards for its business systems, including a contractor’s accounting system, earned value management system, estimating system, materials management and accounting system, property management system, and purchasing system.

Both contractors and the U.S. government agencies conducting these audits and reviews have come under increased scrutiny. As a result, the current audits and reviews have become more rigorous and the standards to which we are held are being more strictly interpreted, increasing the likelihood of an audit or review resulting in an adverse outcome.

A finding of significant control deficiencies in our system audits or other reviews can result in decremented billing rates to our U.S. government customers until the control deficiencies are corrected and our remediations are accepted. Government audits and reviews may conclude that our practices are not consistent with applicable laws and regulations and result in adjustments to contract costs and mandatory customer refunds. Such adjustments can be applied retroactively, which could result in significant customer refunds. Our receipt of adverse audit findings or the failure to obtain an “approved” determination of our various business systems from the responsible U.S. government agency could significantly and adversely affect our business, including our ability to bid on new contracts and our competitive position in the bidding process. A determination of non-compliance with applicable contracting and procurement laws, regulations and standards could also result in the U.S. Government imposing penalties and sanctions against us, including reductions of the value of contracts, contract modifications or termination, withholding of payments, the loss of export/import privileges, administrative or civil judgments and liabilities, criminal judgments or convictions, liabilities and consent or other voluntary decrees or agreements, other sanctions, the assessment of penalties, fines or compensatory, treble or other damages or non-monetary relief or actions, suspension or debarment, suspension of payments, and increased government scrutiny that could negatively impact our reputation, delay or adversely affect our ability to invoice and receive timely payment on contracts, perform contracts or compete for contracts with the U.S. Government and may adversely affect our revenue and profitability.

Risks Relating to Financial, Tax, and Accounting Issues

Our issued and outstanding convertible notes may impact our financial results, result in the dilution of our stockholders, create downward pressure on the price of our Common Stock, and restrict our ability to raise additional capital or take advantage of future opportunities.

In connection with the Business Combination, we issued the Convertible Notes (see Note 10) in an aggregate principal amount of $150,000,000. The Convertible Notes are convertible into shares of our Common Stock at an initial conversion rate of 86.9565 shares of our Common Stock (subject to adjustment as provided in the Indenture) per $1,000 of principal amount of Notes and 86.9565 shares of our Common Stock (subject to adjustment as provided in the Indenture) per $1,000 of accrued and unpaid interest on any Convertible Notes. To the extent we exercise our option to pay interest in kind with respect to the Convertible Notes rather than in cash, the number of shares of our Common Stock into which the Convertible Notes may be converted would increase. The sale of the Convertible Notes may affect our earnings per share, as accounting procedures may require that we include in our calculation of earnings per share the number of shares of our Common Stock into which the Convertible Notes are convertible.

Upon a conversion of the Convertible Notes, we will have the ability to settle by payment of cash, by issuance of our Common Stock, or a combination of both. If shares of our Common Stock are issued to the holders of the Convertible Notes upon conversion, there will be dilution to our stockholders and the market price of our Common Stock may decrease due to the additional selling pressure in the market. Any downward pressure on the price of our Common Stock caused by the sale, or potential sale, of shares issuable upon conversion of the Convertible Notes could also encourage short sales by third parties, creating additional selling pressure on our share price.

We may not have the ability to raise the funds necessary to settle conversions of the Convertible Notes in cash, repurchase the Convertible Notes upon a fundamental change or repay the Convertible Notes in cash at their maturity, and our future debt may contain limitations on our ability to pay cash upon conversion, redemption or repurchase of the Convertible Notes.

Holders of the Convertible Notes will have the right under the Indenture to require us to repurchase all or a portion of their Notes upon the occurrence of a fundamental change before the applicable maturity date at a repurchase price equal to 100% of the principal amount of such notes to be repurchased plus accrued and unpaid interest to, but not including, the repurchase date. Moreover, we will be required to repay the Convertible Notes in cash at their maturity, unless earlier converted, redeemed or repurchased. We may not have enough available cash or be able to obtain financing at the time we are required to make repurchases of such notes surrendered or pay cash with respect to such notes being converted (which we otherwise may elect to do upon the conversion of notes in lieu of issuing shares).

Upon a conversion of the Convertible Notes, we will have the ability to settle by payment of cash, by issuance of our Common Stock, or a combination of both. Our ability to repurchase, redeem or to pay cash upon conversion of Notes may be limited by law, regulatory authority, or agreements governing our future indebtedness. Our failure to repurchase the Convertible Notes at a time when the repurchase is required by the Indenture would constitute a default under such indenture (provided that upon a conversion, we could settle by issuance of our Common Stock). A default under the Indenture or the fundamental change itself could also lead to a default under agreements governing our future indebtedness. If the payment of the related indebtedness were to be accelerated after any applicable notice or grace periods, we may not have sufficient funds to repay the interest on such indebtedness and repurchase the Convertible Notes or to pay cash upon conversion of the Convertible Notes.

We may still incur substantially more debt or take other actions that would diminish our ability to make payments on the Convertible Notes when due.

We and our subsidiaries may be able to incur substantial additional debt in the future, subject to the restrictions contained in our debt instruments, including, pursuant to the Indenture governing the Convertible Notes. Pursuant to the Indenture, we and our subsidiaries are not permitted to issue any Senior Indebtedness, Disqualified Capital Stock and Preferred Stock (each such term as defined in the Indenture) in an aggregate principal amount in excess of $50,000,000. However, we are not restricted from recapitalizing our debt or taking a number of other actions that are not limited by the terms of the Indenture that could have the effect of diminishing our ability to make payments on the Convertible Notes when due.

We have secured debt outstanding, which may adversely affect our financial condition and future financial results. Our existing debt agreements contain restrictive covenants that may limit our ability to operate our business.

We have outstanding secured indebtedness with Stifel Bank of $22.5 million as of January 31, 2024. Our secured indebtedness contains a number of restrictive covenants that impose significant operating and financial restrictions on us. As a result of these covenants, our ability to respond to changes in business and economic conditions and engage in beneficial transactions, including to obtain additional financing as needed, may be restricted. Furthermore, our failure to comply with our debt covenants could result in a default under our debt agreements, which would cause our indebtedness under such debt agreements to become immediately due and payable. If any of our debt is accelerated, we may not have sufficient funds available to repay it.

Our ability to make scheduled payments of principal and interest and other required repayments depends on our future performance, which is subject to economic, financial, competitive and other factors beyond our control. Our business may not generate cash flows from operations in the future sufficient to service our debt and make necessary capital expenditures. If we are unable to generate such cash flows, we may be required to adopt one or more alternatives, such as selling assets, restructuring operations, restructuring debt or obtaining additional equity capital on terms that may be onerous or dilutive.

We may incur additional indebtedness in the future in the ordinary course of business subject to the restrictions in the Indenture and our secured debt, which could include restrictive covenants. If new debt is added to current debt levels, the risks described above could intensify.

We may need to raise additional capital to maintain and expand our operations and invest in new solutions, which capital may not be available on terms acceptable to us, or at all, and which could reduce our ability to compete and could harm our business.

Retaining or expanding our current levels of personnel and products offerings may require additional funds to respond to business challenges, including the need to develop new products and enhancements to our Platform, improve our operating infrastructure, or acquire complementary businesses and technologies. The failure to raise additional capital or generate the significant capital necessary to expand our operations and invest in new products and solutions could reduce our ability to compete and could harm our business. Accordingly, we may need to engage in additional equity or debt financing to secure additional funds. If we raise additional equity financing, stockholders may experience significant dilution of their ownership interests and the market price of our Common Stock could decline. If we engage in debt financing, the holders of debt would have priority over the holders of our Common Stock, and we may be required to accept terms that restrict our operations or our ability to incur additional indebtedness or to take other actions that would otherwise be in the interests of the debt holders. Any of the above could harm our business, results of operations, and financial condition.

Future acquisitions, strategic investments, partnerships, or alliances could be difficult to identify and integrate, divert the attention of key management personnel, disrupt our business, dilute stockholder value, and adversely affect our results of operations, and financial condition.

As part of our business strategy, we have in the past and expect to continue to make investments in and/or acquire complementary businesses and assets. Our ability as an organization to acquire and integrate other companies, services, or technologies in a successful manner in the future is not guaranteed. We may not be able to find suitable acquisition candidates, and we may not be able to complete such acquisitions on favorable terms, if at all. If we do complete acquisitions or strategic investments, we may not ultimately strengthen our competitive position or ability to achieve our business objectives, and any acquisitions or investments we complete could be viewed negatively by our end-customers or investors. In addition, our due diligence may fail to identify all the problems, liabilities or other shortcomings or challenges of an acquired business, product, or technology, including issues related to intellectual property, product quality or product architecture, regulatory compliance practices, revenue recognition or other accounting practices or issues with employees or customers. If we are unsuccessful at integrating such acquisitions, or the technologies associated with such acquisitions, into our Company, our revenue and results of operations could be adversely affected. Any integration process may require significant time and resources, and we may not be able to manage the process successfully. We may not successfully evaluate or utilize the acquired technology or personnel, or accurately forecast the financial impact of an acquisition transaction, including accounting charges. We may have to pay cash, incur debt or issue equity securities to pay for any such acquisition, each of which could adversely affect our financial condition and the market price of our Common Stock. The sale of equity or issuance of debt to finance any such acquisitions could result in dilution to our stockholders. The incurrence of indebtedness would result in increased fixed obligations and could also include covenants or other restrictions that would impede our ability to manage our operations.

Additional risks we may face in connection with acquisitions include:

diversion of management time and focus from operating our business to addressing acquisition integration challenges;

coordination of research and development and sales and marketing functions;

integration of product and service offerings;

retention of key employees from the acquired company;

changes in relationships with strategic partners as a result of product acquisitions or strategic positioning resulting from the acquisition;

cultural challenges associated with integrating employees from the acquired company into our organization;

integration of the acquired company’s accounting, management information, human resources, and other administrative systems;

the need to implement or improve controls, procedures, and policies at a business that prior to the acquisition may have lacked sufficiently effective controls, procedures, and policies;

additional legal, regulatory or compliance requirements;

financial reporting, revenue recognition or other financial or control deficiencies of the acquired company that we do not adequately address and that cause our reported results to be incorrect;

liability for activities of the acquired company before the acquisition, including intellectual property infringement claims, violations of laws, commercial disputes, tax liabilities, and other known and unknown liabilities;

unanticipated write-offs or charges; and

litigation or other claims in connection with the acquired company, including claims from terminated employees, customers, former stockholders or other third parties.

Our failure to address these risks or other problems encountered in connection with acquisitions and investments could cause us to fail to realize the anticipated benefits of these acquisitions or investments, cause us to incur unanticipated liabilities, and harm our business generally.

We have previously reported material weaknesses in our internal control over financial reporting that have been remediated, but if we fail to properly manage our internal control over financial reporting on a go forward basis, future material weaknesses could be identified that could result in a material misstatement in our financial statements.

A material weakness is a deficiency, or a combination of deficiencies, in internal control over financial reporting such that there is a reasonable possibility that a material misstatement of our annual or interim financial statements will not be prevented or detected on a timely basis. We rely upon internal processes and information systems to support key business functions, including our assessment of internal controls over financial reporting as required by Section 404 of the Sarbanes-Oxley Act.

We cannot be certain that the measures we have taken, and expect to take, to improve our internal controls will be sufficient to ensure that our internal controls will remain effective and eliminate the possibility that other material weakness or deficiencies may develop or be identified in the future. If we identify future material weaknesses in our internal controls, even if quickly remediated once disclosed, investors may lose confidence in our financial statements and our stock price may decline. Implementing changes to our internal controls in connection with the remediation of any material weakness may distract our management and could require us to incur significant expenses. If we fail to remediate any material weakness, our financial statements may be inaccurate, we may be required to restate our financial statements, our ability to report our financial results in a timely and accurate basis may be adversely affected, our access to the capital markets may be restricted, our stock price may decline, and we may be subject to sanctions or investigation by regulatory authorities, which could materially and adversely affect our business and results of operations.

Our ability to use our net operating loss carryforwards and certain other tax attributes may be limited.

As of January 31, 2024, ZeroFox had U.S. federal and state net operating loss carryforwards, or NOLs, available to offset future federal and state taxable income of approximately $226.4 million and $105.7 million, respectively, and portions of which expire in various years. A lack of future taxable income would adversely affect our ability to utilize these NOLs before they expire. Under the Tax Cuts and Jobs Act of 2017 (the Tax Act), as modified by the Coronavirus Aid, Relief, and Economic Security Act (the CARES Act), federal NOLs incurred in tax years beginning after December 31, 2017 may be carried forward indefinitely, but the deductibility of such federal NOLs in tax years beginning after December 31, 2020 is limited to 80% of taxable income. It is uncertain if and to what extent various states will conform to the Tax Act or the CARES Act.

In addition, under Section 382 of the Code, a corporation that undergoes an “ownership change” (as defined under Sections 382 and 383 of the Code and applicable Treasury Regulations) is subject to limitations on its ability to utilize its pre-change NOLs and certain other tax attributes to offset post-change taxable income or taxes. In connection with the Business Combination, we conducted a Section 382 review which determined the Business Combination constituted an ownership change. However, this will not affect our ability to realize the NOL carryforwards on a going forward basis provided we have sufficient taxable income, subject to the annual limitation. In addition, we may experience future ownership changes under Section 382 of the Code that could further affect our ability to utilize our NOLs to offset our income. Furthermore, our ability to utilize NOLs of companies that we have acquired or may acquire in the future may be subject to limitations. In addition, at the state level, there may be periods during which the use of NOLs is suspended or otherwise limited, which could accelerate or permanently increase state taxes owed. For these reasons, we may not be able to utilize a material portion of the NOLs reflected on our balance sheet, even if we attain profitability, which could potentially result in increased future tax liability to us and could adversely affect our operating results and financial condition.

Finally, beginning in 2022 Tax Act eliminated the option to deduct research and development expenditures immediately in the year incurred pursuant to Section 174 of the Code. The Tax Act requires taxpayers to capitalize and amortize such expenditures over five years. The actual impact on cash from operations will depend on whether and when these provisions are deferred, modified, or repealed by Congress, including any retroactive application to 2022, among other factors

IDX failed to collect sales and use tax prior to January 1, 2022, and we have been working to mitigate such failure.

Prior to January 1, 2022, IDX did not collect U.S. sales and use tax from its customers for its services. During 2020, IDX engaged an external tax consultant to perform a full U.S. sales tax nexus study and analysis. IDX accrued and reflected historical liabilities in its financial statements and was filing Voluntary Disclosure Agreements (VDA) in relevant U.S. jurisdictions, and we will be remitting liabilities accordingly. Beginning January 1, 2022, IDX began collecting, reporting, and remitting appropriate U.S. sales tax from its customers in all applicable jurisdictions. As of January 31, 2024, the Company recorded an accrual $1.3 million for IDX sales and use taxes that were not remitted prior to January 1, 2022.

Our goodwill and identifiable intangible assets have been impaired and could become further impaired, which could reduce the value of our assets and reduce our net income in the year in which the write-off occurs.

Goodwill represents the excess of the cost of an acquisition over the fair value of the net assets acquired. We also ascribe value to certain identifiable intangible assets, which consist primarily of customer relationships, developed technology, and trade names, among others, as a result of acquisitions. We may incur impairment charges on goodwill or identifiable intangible assets if we determine that the fair values of goodwill or identifiable intangible assets are less than their current carrying values. We evaluate, on a regular basis, whether events or circumstances have occurred that indicate all, or a portion, of the carrying amount of goodwill may no longer be recoverable, in which case an impairment charge to earnings would become necessary.

A decline in general economic conditions or global equity valuations could impact the judgments and assumptions about the fair value of our business and we could be required to record impairment charges on our goodwill or other identifiable intangible assets in the future, which could impact our consolidated balance sheet, as well as our consolidated statement of comprehensive loss.

The Company recorded goodwill impairment charges of $284.2 million during the year ended January 31, 2024. The Company recorded a $72.1 million impairment charge as result of its annual test of goodwill as of October 31, 2023, and a $212.1 million impairment charge as result of the interim test of goodwill as of January 31, 2024.

If our estimates or judgments relating to our critical accounting policies prove to be incorrect or financial reporting standards or interpretations change, our results of operations could be adversely affected.

The preparation of financial statements in conformity with GAAP requires management to make estimates and assumptions that affect the amounts reported in our consolidated financial statements and accompanying notes. We have historically based our estimates on historical experience and on various other assumptions that we believe to be reasonable under the circumstances as discussed in the sections titled “ Management’s Discussion and Analysis of Financial Condition and Results of Operations of ZeroFox ” and “ Management’s Discussion and Analysis of Financial Condition and Results of Operations of IDX .” The results of these estimates form the basis for making judgments about the carrying values of assets, liabilities, and equity, and the amount of revenue and expenses that are not readily apparent from other sources. Significant assumptions and estimates used in our consolidated financial statements include, and may include in the future, those related to revenue recognition; valuation of intangibles in purchase accounting; allowance for doubtful accounts; costs to obtain or fulfill a contract; valuation of common stock; carrying value and useful lives of long-lived assets; loss contingencies; and the provision for income taxes and related deferred taxes. Our operating results may be adversely affected if our assumptions change or if actual circumstances differ from those in our assumptions, which could cause our operating results to fall below the expectations of industry or financial analysts and investors, resulting in a decline in the market price of our Common Stock.

Additionally, we will regularly monitor our compliance with applicable financial reporting standards and review new pronouncements and drafts thereof that are relevant to us. As a result of new standards, changes to existing standards and changes in their interpretation, we might be required to change our accounting policies, alter our operational policies and implement new or enhance existing systems so that they reflect new or amended financial reporting standards, or we may be required to restate our published financial statements. Such changes to existing standards or changes in their interpretation may have an adverse effect on our reputation, business, financial position, and profit, or cause an adverse deviation from our revenue and operating profit targets, which may negatively impact our financial results.

Risks Related to the Business Combination, Being a Public Company, and Integration of the Predecessor and IDX

The integration of two companies with different organization and compensation structures presents significant management challenges. There can be no assurance that this integration, and the synergies expected to result from that integration, will be achieved as rapidly or to the extent currently anticipated.

The Business Combination involves the integration of two businesses that currently operate as independent businesses. We are devoting significant management attention and resources to integrating business practices and operations following the Closing. We may encounter potential difficulties in the integration process including the following:

the inability to successfully integrate our businesses, including operations, technologies, products and services, in a manner that permits us to achieve the cost savings and operating synergies anticipated to result from the Business Combination, which could result in the anticipated benefits of the Business Combination not being realized partly or wholly in the time frame currently anticipated or at all;

the loss of customers as a result of certain customers of either or both of the two businesses deciding not to continue to do business with us, or deciding to decrease their amount of business in order to reduce their reliance on a single company;

the necessity of coordinating geographically separated organizations, systems, and facilities;

the integration of personnel, including sales teams, with diverse business backgrounds and business cultures, while maintaining focus on providing consistent, high-quality products and services;

the consolidation and rationalization of information technology platforms and administrative infrastructures as well as accounting systems and related financial reporting activities; and

the challenge of preserving important relationships of both companies and resolving potential conflicts that may arise.

Furthermore, it is possible that the integration process could result in the loss of talented employees or skilled workers of the companies. The loss of talented employees and skilled workers could adversely affect our ability to successfully conduct our business because of such employees’ experience and knowledge of the respective business. In addition, we could be adversely affected by the diversion of management’s attention and any delays or difficulties encountered in connection with the integration of the companies. The process of integrating operations could cause an interruption of, or loss of momentum in, the activities of the businesses. If we experience difficulties with the integration process, the anticipated benefits of the Business Combination may not be realized fully or at all, or may take longer to realize than expected. These integration matters could have an adverse effect on our business, results of operations, financial condition or prospects during this transition period and for an undetermined period after completion of the Business Combination.

We will incur significant increased expenses and administrative burdens as a public company, which could negatively impact our business, financial condition, and results of operations.

We face increased legal, accounting, administrative, and other costs and expenses as a public company that we have not historically incurred. The Sarbanes-Oxley Act, including the requirements of Section 404(a) relating to disclosing (i) management’s responsibility for establishing and maintaining internal control over financial reporting and (ii) annually assessing the effectiveness of the internal control over financial reporting, as well as rules and regulations subsequently implemented by the SEC, the Dodd-Frank Wall Street Reform and Consumer Protection Act of 2010 and the rules and regulations promulgated and to be promulgated thereunder, the Public Company Accounting Oversight Board (PCAOB) and the securities exchanges, impose additional reporting and other obligations on public companies. Compliance with public company requirements will increase costs and make certain activities more time-consuming. Our management and other personnel are required to devote a substantial amount of time to compliance with these requirements.

We have made, and will continue to make, changes to our internal control over financial reporting, including IT controls, procedures for financial reporting, and accounting systems to meet our reporting obligations as a public company. However, the measures we take may not be sufficient to satisfy our obligations as a public company. If we do not continue to develop and implement the right processes and tools to manage our changing enterprise and maintain our culture, our ability to compete successfully and achieve our business objectives could be impaired, which could negatively impact our business, financial condition, and results of operations. In addition, we cannot predict or estimate the amount of additional costs we may incur to comply with these requirements. We anticipate that these costs will materially increase our general and administrative expenses.

These rules and regulations result in our incurring legal and financial compliance costs and will make some activities more time-consuming and costly. For example, we expect these rules and regulations to make it more difficult and more expensive for us to obtain director and officer liability insurance, and we may be required to accept reduced policy limits and coverage or incur substantially higher costs to obtain the same or similar coverage. As a result, it may be more difficult for us to attract and retain qualified people to serve on our Board, on our Board committees or as executive officers.

Our management has limited experience in operating a public company.

Our executive officers have limited experience in the management of a publicly traded company. Our management team may not successfully or effectively manage our transition to a public company that is subject to significant regulatory oversight and reporting obligations under federal securities laws. Their limited experience in dealing with the increasingly complex laws pertaining to public companies could be a significant disadvantage in that it is likely that an increasing amount of their time may be devoted to these activities, which results in less time being devoted to our management and growth. We may not have adequate personnel with the appropriate level of knowledge, experience, and training in the accounting policies, practices or internal control over financial reporting required of public companies in the United States. The development and implementation of the standards and controls necessary for us to achieve the level of accounting standards required of a public company in the United States may require costs greater than expected. It is possible that we will be required to expand our employee base and hire additional employees to support our operations as a public company, which will increase our operating costs in future periods.

We qualify as an “emerging growth company.” The reduced public company reporting requirements applicable to emerging growth companies may make our Common Stock less attractive to investors.

We qualify as an “emerging growth company” under SEC rules. As an emerging growth company, we are permitted and plan to rely on exemptions from certain disclosure requirements that are applicable to other public companies that are not emerging growth companies. These provisions include, but are not limited to: (1) an exemption from compliance with the auditor attestation requirement in the assessment of internal control over financial reporting pursuant to Section 404 of the Sarbanes-Oxley Act of 2002, (2) not being required to comply with any requirement that may be adopted by the PCAOB regarding mandatory audit firm rotation or a supplement to the auditor’s report providing additional information about the audit and the financial statements, (3) reduced disclosure obligations regarding executive compensation arrangements in periodic reports, registration statements, and proxy statements, and (4) exemptions from the requirements of holding a nonbinding advisory vote on executive compensation and stockholder approval of any golden parachute payments not previously approved. Further, Section 102(b)(1) of the JOBS Act exempts emerging growth companies from being required to comply with new or revised financial accounting standards until private companies (that is, those that have not had a Securities Act registration statement declared effective or do not have a class of securities registered under the Exchange Act) are required to comply with the new or revised financial accounting standards. The JOBS Act provides that a company can elect to opt out of the extended transition period and comply with the requirements that apply to non-emerging growth companies but any such election to opt out is irrevocable. As a result, the information we provide is different than the information that is available with respect to other public companies that are not emerging growth companies. If some investors find our Common Stock less attractive as a result, there may be a less active trading market for our Common Stock, and the market price of our Common Stock may be more volatile.

Uncertainty about the effects of the Business Combination may affect our ability to retain key employees and integrate management structures and may materially impact the management, strategy, and results of our operation as a combined company.

Uncertainty about the effects of the Business Combination on our business, employees, customers, third parties with whom we have relationships, and other third parties may adversely affect us. These uncertainties may impair our ability to attract, retain, and motivate key personnel for a period of time after the Business Combination. If key employees depart because of issues related to the uncertainty and difficulty of integration or a desire not to remain with our Company, our business could be harmed.

Some of our existing agreements contain change in control or early termination rights that may have been implicated by the Business Combination.

Parties with which we have been doing business, including customers and suppliers, may experience uncertainty associated with the Business Combination, including with respect to current or future business relationships with us. As a result, our business relationships may be subject to disruptions if customers, suppliers or others attempt to negotiate or renegotiate changes in existing business relationships or consider entering into business relationships with parties other than us. For example, certain customers, suppliers, and third-party providers may assert contractual consent rights or termination rights that may have been triggered by a change of control. These disruptions could harm our relationships with existing third parties with whom we have relationships, all of which could have a material adverse effect on our business, financial condition, and results of operations, cash flows, and/or share price of our Common Stock.

Risks Related to Legal and Regulatory Matters

Failure to adequately obtain, maintain, protect, and enforce our intellectual property and other proprietary rights could adversely affect our business.

Our success and ability to compete depends in part on our ability to protect the proprietary information, methods, software, and technologies that we develop, hold, or claim under a combination of intellectual property and proprietary rights in and outside the U.S. Despite our efforts, third parties may still attempt to disclose, obtain, copy, use or otherwise exploit our intellectual property or other proprietary information, methods or technologies without our authorization, and our efforts to protect our intellectual property and other proprietary rights may not prevent such unauthorized disclosure, use, exploitation, misappropriation, infringement, reverse engineering or other violation of our intellectual property or other proprietary rights. Further, effective protection of our rights may not be available to us in every country in which our Platform or products and solutions are available. The laws of some countries also may not be as protective of intellectual property and other proprietary rights as those in the U.S., and mechanisms for enforcement of intellectual property and other proprietary rights may be inadequate. In addition, we may need to license our intellectual property in order to participate in patent pools or industry standard setting activities or to receive third-party grants as a part of stand-alone licensing arrangements. Accordingly, despite our efforts, we may be unable to prevent third parties from using our intellectual property or other proprietary information or technology.

While we hold a number of issued patents and have a number of pending patent applications, we may be unable to obtain patent protection for the technology covered in our patent applications or such patent protection may not be obtained quickly enough to meet our business needs. Furthermore, the patent prosecution process is expensive, time-consuming, and complex, and we may not be able to prepare, file, prosecute, maintain, and enforce all necessary or desirable patent applications at a reasonable cost or in a timely manner. The scope of patent protection also can be reinterpreted after issuance and issued patents may be invalidated. Even if our patent applications do issue as patents, they may not issue in a form that is sufficiently broad to protect our technology, prevent competitors or other third parties from competing with us, or otherwise provide us with any competitive advantage. In addition, any of our patents, copyrights, trademarks, or other proprietary rights may be challenged, narrowed, invalidated, held unenforceable, or circumvented in litigation or other proceedings, including, where applicable, opposition, re-examination, inter partes review, post-grant review, interference, nullification and derivation proceedings, and equivalent proceedings in foreign jurisdictions, and such intellectual property or other proprietary rights may be lost or no longer provide us meaningful competitive advantages. Such proceedings may result in substantial cost and require significant time from our management, even if the eventual outcome is favorable to us. Third parties also may legitimately and independently develop solutions, services, and technology similar or duplicative of our Platform.

Besides protection under intellectual property laws, we enforce and protect our rights through confidentiality or license agreements that we generally enter into with our corporate partners, employees, consultants, advisors, vendors, and customers. We generally limit access to our intellectual property and control access to our proprietary information. However, we cannot guarantee protection of our intellectual property or proprietary information with all of the parties who may have or have had access, and we cannot guarantee that such agreements we have entered into will not be breached or challenged, or that such breaches will be detected. Furthermore, non-disclosure provisions within such agreements can be difficult to enforce, and even if successfully enforced, may not be entirely effective.

Despite our efforts, we cannot guarantee that any of the measures we have taken will limit the unauthorized use of our proprietary information or prevent infringement, misappropriation, or other violation of our technology or other intellectual property or proprietary rights. We may be an attractive target for cyberattacks or other unauthorized intrusion or access, and we may also have a heightened risk of unauthorized access to, and misappropriation of, our proprietary and competitively sensitive information. We therefore may be required to spend significant resources to monitor and protect our intellectual property and other proprietary rights, and we may conclude that in at least some instances the benefits of protecting our intellectual property or other proprietary rights may be outweighed by the expense or distraction to our management. We may initiate claims or litigation against third parties for infringement, misappropriation, or other violation of our intellectual property or other proprietary rights or to establish the validity of our intellectual property or other proprietary rights. Any such claims or litigation, whether or not it is resolved in our favor, could be time-consuming, result in significant expense to us and divert the efforts of our technical and management personnel. Furthermore, attempts to enforce our intellectual property rights against third parties could also provoke these third parties to assert their own intellectual property or other rights against us, or result in a holding that invalidates or narrows the scope of our intellectual property rights, in whole or in part.

Claims by others that we infringe their proprietary technology or other intellectual property rights could result in significant costs and substantially harm our business, financial condition, results of operations, and prospects.

Claims by others that we infringe their intellectual property rights or violate other rights in their proprietary technology could harm our business. Companies in our industry hold a large number of patents and also protect their copyright, trade secret, and other intellectual property rights, and companies in the security industry frequently enter into litigation based on allegations of patent infringement or other violations of intellectual property rights. As we face increasing competition and grow, the possibility of intellectual property rights claims against us also grows. In addition, to the extent we hire personnel from competitors, we may be subject to allegations that such personnel have divulged proprietary or other confidential information to us.

Third parties may in the future also assert claims against our customers or channel partners, whom our standard license and other agreements obligate us to indemnify against third-party claims that our products and solutions infringe the intellectual property rights of third parties. As the number of products and competitors in the security and IT operations market increases and overlaps occur, third-party claims of infringement, misappropriation, and other violations of intellectual property rights may also increase. While we intend to increase the size of our patent portfolio, many of our competitors and others may now and in the future have significantly larger and more mature patent portfolios than we have. In addition, future litigation may involve non-practicing entities, companies or other patent owners who have no relevant product offerings or revenue and against whom our own patents may therefore provide little or no deterrence or protection. Any claim of intellectual property infringement by a third party, even a claim without merit, could cause us to incur substantial costs defending against such claim, could distract our management from our business and could require us to cease use of such intellectual property.

Additionally, our insurance policies may not cover intellectual property infringement claims. In the event that we fail to successfully defend ourselves against an infringement claim, a successful claimant could secure a judgment or otherwise require payment of legal fees, settlement payments, ongoing royalties or other costs or damages; we may agree to a settlement that prevents us from offering certain services or features; or we may be required to obtain a license, which may not be available on reasonable terms, or at all, to use the relevant technology. If we are prevented from using certain technology or intellectual property, we may be required to develop alternative, non-infringing technology, which could require significant time and costs, during which we could be unable to continue to offer our affected products and services or features, and may ultimately not be successful. Any of these events could harm our business, financial condition, and results of operations.

Although third parties may alternatively offer a license to their technology or other intellectual property, the terms of any such license may not be acceptable, and the failure to obtain a license or the costs associated with any license could cause our business, financial condition, and results of operations to be adversely affected. In addition, some licenses may be nonexclusive, and therefore our competitors may have access to the same technology licensed to us.

Some of our technologies incorporate “open-source” software, which could negatively affect our ability to sell our Platform and subject us to possible litigation.

Our platform and subscriptions contain third-party open-source software components, and failure to comply with the terms of the underlying open-source software licenses could restrict our ability to sell our Platform and services. The use and distribution of open-source software may also entail greater risks than the use of third-party commercial software, as open-source licensors generally do not provide warranties or other contractual protections regarding infringement claims or the quality of the code. Many of the risks associated with use of open-source software cannot be eliminated and could negatively affect our business. In addition, the wide availability of open code used in our solutions could expose us to security vulnerabilities.

Certain open-source licenses may contain requirements that we make available source code for the modifications or derivative works we create based upon the type of open-source software used. If we combine our proprietary software with such open-source software, under such open-source licenses, we may be required to release the source code of our proprietary software to the public, including authorizing further modification and redistribution, or otherwise be limited in the licensing of our services, each of which could provide an advantage to our competitors or other entrants to the market, create security vulnerabilities in our solutions, require us to re-engineer all or a portion of our Platform, and could reduce or eliminate the value of our services. This would allow our competitors to create similar products with lower development effort and time and ultimately could result in a loss of sales for us.

The terms of many open-source licenses have not been interpreted by U.S. courts, and there is a risk that these licenses could be construed in ways that could impose unanticipated conditions or restrictions on our ability to commercialize products, solutions, and subscriptions incorporating such software. Moreover, we cannot assure you that our processes for controlling our use of open-source software in our products, solutions, and subscriptions have been or will be effective. From time to time, we may face claims from third parties asserting ownership of, or demanding release of, the open-source software or derivative works that we developed using such software (which could include our proprietary source code), or otherwise seeking to enforce the terms of the applicable open-source license. These claims could result in litigation that could be costly to defend, have a negative effect on our operating results and financial condition or require us to devote additional research and development resources to change our solutions. Responding to any infringement or noncompliance claim by an open-source vendor, regardless of its validity, discovering certain open-source software code in our Platform, or a finding that we have breached the terms of an open-source software license, could harm our business, results of operations and financial condition, by, among other things:

resulting in time-consuming and costly litigation;

diverting management’s time and attention from developing our business;

requiring us to pay monetary damages or enter into royalty and licensing agreements that we would not normally find acceptable;

causing delays in the deployment of our Platform or service offerings to our customers;

requiring us to stop offering certain services or features of our Platform;

requiring us to redesign certain components of our Platform using alternative non-infringing or non-open-source technology, which could require significant effort and expense;

requiring us to disclose our proprietary software source code and the detailed program commands for our software;

prohibiting us from charging license fees for the proprietary software that uses certain open source; and

requiring us to satisfy indemnification obligations to our customers.

We may become involved in litigation that may adversely affect us.

We may become subject to claims, suits, and government investigations and other proceedings including patent, product liability, class action, whistleblower, personal injury, property damage, labor and employment (including all allegations of wage and hour violations), commercial disputes, compliance with laws and regulatory requirements and other matters, and we may become subject to additional types of claims, suits, investigations, and proceedings as our business develops. Such claims, suits, and government investigations and proceedings are inherently uncertain, and their results cannot be predicted. Regardless of the outcome, any of these types of legal proceedings can have an adverse impact on us because of legal costs and diversion of management attention and resources and could cause us to incur significant expenses or liability, adversely affect our brand recognition, and/or require us to change our business practices. The expense of litigation and the timing of this expense from period to period are difficult to estimate, subject to change and could adversely affect our results of operations. It is possible that a resolution of one or more such proceedings could result in substantial damages, settlement costs, fines and penalties that could adversely affect our business, consolidated financial position, results of operations, or cash flows in a particular period. These proceedings could also result in reputational harm, sanctions, consent decrees, or orders requiring a change in our business practices. Because of the potential risks, expenses, and uncertainties of litigation, we may, from time to time, settle disputes, even where we have meritorious claims or defenses, by agreeing to settlement agreements. Because litigation is inherently unpredictable, we cannot assure you that the results of any of these actions will not have a material adverse effect on our business, financial condition, results of operations, and prospects. Any of these consequences could adversely affect our business and results of operations.

If we are not able to satisfy data protection, security, privacy, and other government- and industry-specific requirements or regulations, our business, results of operations, and financial condition could be harmed.

Personal privacy, data protection, information security regulations, and other laws applicable to specific categories of information raise significant issues in the U.S., Europe and in other jurisdictions where we offer our products and solutions. The data that we collect, analyze, and store is subject to a variety of laws and regulations, including regulation by various government agencies. The U.S. federal government, and various state and foreign governments, have adopted or proposed limitations on the collection, distribution, use, retention, protection, transfer, processing, and storage of certain categories of information, such as the personal information of individuals. These laws and regulations include, but are not limited to, the Federal Trade Commission Act, the Computer Fraud and Abuse Act, the Health Insurance Portability and Accountability Act and the Gramm-Leach-Bliley Act.

The nature of cybersecurity product and service offerings requires the collection of various types of data. In the operation of our business we may collect the types of data covered by these laws and regulations including personally identifiable information, such as information about an individual’s health and financial information about individuals. To the extent we are in possession of such data and these various laws and regulations are determined to apply to us, this could require us to adopt additional operational, technological, and security measures to protect and manage such information which could increase our costs of operations. Our failure to comply with such laws and regulations could also result in monetary fines and reputational damage which would have a negative impact on our business. Laws and regulations outside the U.S., and particularly in Europe, often are more restrictive than those in the U.S. Applicable laws and regulations may require us to implement privacy and security policies, permit customers to access, correct, and delete personal information stored or maintained by us, inform individuals of security breaches that affect their personal information, and, in some cases, obtain individuals’ consents to use personal information for certain purposes. In addition, some foreign governments require that personal information collected in a country not be disseminated outside of that country without consent or other implemented safeguards.

We may find it necessary or desirable to join industry or other self-regulatory bodies or other information security or data protection-related organizations that require compliance with their rules pertaining to information security and data protection. We also may be bound by additional, more stringent contractual obligations with our customers and partners relating to our collection, use and disclosure of personal, financial, and other data. We expect that there will continue to be new proposed laws, regulations, and industry standards concerning privacy, data protection, information security, specific categories of data, and electronic services in the U.S., the E.U. and other jurisdictions in which we operate or may operate, and we cannot yet determine the impact such future laws, regulations, standards, or perception of their requirements may have on our business.

For example, the GDPR applies to the processing (which includes the collection and use) of certain personal data of data subjects in the European Economic Area (EEA). As compared to previously effective data protection law in the European Union, the GDPR imposes additional obligations and resulting risk upon our business and increases substantially the penalties to which we could be subject in the event of any non-compliance. Administrative fines under the GDPR can amount to 20,000,000 Euros or four percent of our worldwide annual revenue for the prior fiscal year, whichever is higher. We may be required to incur, in the future, substantial expense in complying with the obligations imposed by the GDPR, potentially making significant changes in our business operations, which may adversely affect our revenue and our business overall. Additionally, because there have been very few GDPR actions enforced against companies similar to ours, we are unable to predict how they will be applied to us or our customers. Despite our efforts to comply with the GDPR, a regulator may determine that we have not done so and subject us to fines and public censure, which could harm our Company financially and negatively affect our reputation. Among other requirements, the GDPR regulates transfers of personal data subject to the GDPR to third countries that have been found to not provide adequate protection to such personal data, including the U.S. We have undertaken certain efforts to conform transfers of personal data from the EEA to the U.S. and other jurisdictions based on our understanding of current regulatory obligations and the guidance of data protection authorities. Despite this, we may be unsuccessful in establishing or maintaining conforming means of transferring such data from the EEA, in particular because of continued legal and legislative activity within the European Union that has challenged or called into question the legal basis for existing means of data transfers to countries (including the U.S.) that have been found to not provide adequate protection for personal data.

The implementation of the GDPR has led other jurisdictions to either amend existing laws or propose new data privacy and cybersecurity laws to resemble all or a portion of the requirements of the GDPR (e.g., for purposes of having an adequate level of data protection to facilitate data transfers from the E.U.). Accordingly, the challenges we face in the E.U. will likely also apply to other jurisdictions outside the E.U. that adopt laws similar to the GDPR or regulatory frameworks of equivalent complexity. For example, the California Consumer Privacy Act of 2018, or CCPA, became enforceable on July 1, 2020. The CCPA has been characterized as the first “GDPR-like” privacy statute to be enacted in the U.S. because it contains several provisions similar to certain provisions of the GDPR. In addition, the California Privacy Rights Act of 2020, or the CPRA, was passed by California voters in November 2020. The CPRA amends the CCPA by creating additional privacy rights for California consumers and additional obligations on businesses, which could subject us to additional compliance costs as well as potential fines, individual claims, and commercial liabilities. The majority of the CPRA provisions took effect on January 1, 2023. The CCPA and CPRA could mark the beginning of a trend toward more stringent privacy legislation in the U.S., as other states or the federal government may follow California’s lead and increase protections for U.S. residents. For example, the Virginia Consumer Data Protection Act and the CCPA have already prompted several proposals for new federal and state privacy legislation that, if passed, could increase our potential liability, add layers of complexity to compliance in the U.S. market, increase our compliance costs and adversely affect our business.

Evolving and changing definitions of personal data and personal information within the E.U., the U.S. and elsewhere, especially relating to classification of IP addresses, machine identification, location data and other information, may limit or inhibit our ability to operate or expand our business, including limiting technology alliance partnerships with other security vendors that may involve the sharing of data. Even the perception of privacy concerns, whether or not valid, may harm our reputation, inhibit adoption of our products by current and future customers, or adversely impact our ability to attract and retain workforce talent. In addition, changes in laws or regulations that adversely affect the use of the internet, including laws impacting net neutrality, could impact our business. We expect that existing laws, regulations and standards may be interpreted in new manners in the future. Future laws, regulations, standards, and other obligations, and changes in the interpretation of existing laws, regulations, standards, and other obligations could require us to modify our products and solutions, restrict our business operations, increase our costs and impair our ability to maintain and grow our customer base and increase our revenue.

Beyond broader data processing regulations affecting our business, the overall cybersecurity industry may face direct regulation. For example, in 2018, Singapore introduced what is believed to be the world’s first cybersecurity licensing requirement, mandating that providers of specific types of incident response services receive a government license before providing such services. License requirements such as these may impose upon us significant organizational costs and high barriers of entry into new markets.

Although we have worked and will continue to work to comply with applicable laws and regulations, applicable industry standards with which we represent compliance, and our contractual obligations, such laws, regulations, standards, and obligations are evolving and may be modified, interpreted and applied in an inconsistent manner from one jurisdiction to another, and may conflict with one another. In addition, they may conflict with other requirements or legal obligations that apply to our business or the security features and services that our customers expect from our solutions. As such, we cannot assure ongoing compliance with all such laws, regulations, standards, and obligations which may change in the future. Any failure or perceived failure by us or our employees, representatives, contractors, channel partners, agents, intermediaries, or other third parties to comply with applicable laws and regulations, or applicable industry standards that we represent compliance with or that may be asserted to apply to us, or to comply with employee, customer, partner, and other data privacy and data security requirements pursuant to contract and our stated notices or policies, could result in enforcement actions against us, including fines, imprisonment of company officials and public censure, claims for damages by customers and other affected individuals, damage to our reputation and loss of goodwill (both in relation to existing customers and prospective customers), any of which could have a material adverse effect on our operations, financial performance and business. Any inability of us or our employees, representatives, contractors, channel partners, agents, intermediaries, or other third parties to adequately address privacy and security concerns, even if unfounded, or comply with applicable laws, regulations, standards, and obligations, could result in additional cost and liability to us, damage our reputation, inhibit sales, and adversely affect our business and results of operations.

We are subject to laws and regulations, including governmental export and import controls, sanctions, foreign investment screening, and anti-corruption laws, that could impair our ability to compete in our markets and subject us to liability if we are not in full compliance with applicable laws.

We are subject to laws and regulations, including governmental export controls, that could subject us to liability or impair our ability to compete in our markets. Our products and solutions are subject to U.S. export controls, including the U.S. Department of Commerce’s Export Administration Regulations, and we and our employees, representatives, contractors, agents, intermediaries, and other third parties are also subject to various economic and trade sanctions regulations administered by the U.S. Treasury Department’s Office of Foreign Assets Control. We incorporate standard encryption algorithms into our products, which, along with the underlying technology, may be exported outside of the U.S. only with the required export authorizations, including by license, license exception or other appropriate government authorizations, which may require the filing of an encryption registration and classification request. Furthermore, U.S. export control laws and economic sanctions prohibit the shipment of certain cloud-based solutions to countries, governments, and persons targeted by U.S. sanctions. We also collect information about cyber threats from internet-accessible, and non-internet routable sources, intermediaries, and third parties that we make available to our customers in our threat industry publications. While we have implemented certain procedures to facilitate compliance with applicable laws and regulations in connection with the collection of this information, we cannot assure you that these procedures have been effective or that we, or third parties, many of whom we do not control, have complied with all laws or regulations in this regard. Failure by our employees, representatives, contractors, channel partners, agents, intermediaries, or other third parties to comply with applicable laws and regulations in the collection of this information also could have negative consequences to us, including reputational harm, government investigations and penalties.

Although we take precautions to prevent our information collection practices and services from being provided in violation of such laws, our information collection practices and services may have been in the past, and could in the future be, provided in violation of such laws. If we or our employees, representatives, contractors, channel partners, agents, intermediaries, or other third parties fail to comply with these laws and regulations, we could be subject to civil or criminal penalties, including the possible loss of export privileges and fines. We may also be adversely affected through reputational harm, loss of access to certain markets, or otherwise. Obtaining the necessary authorizations, including any required license, for a particular transaction may be time-consuming, is not guaranteed and may result in the delay or loss of sales opportunities.

Various countries regulate the import of certain encryption technology, including through import permit and license requirements, and have enacted laws that could limit our ability to distribute our products or could limit our customers’ ability to implement our products in those countries. Changes in our products and solutions or changes in export and import regulations may create delays in the introduction of our products and solutions into international markets, prevent our customers with international operations from deploying our products and solutions globally or, in some cases, prevent the export or import of our products and solutions to certain countries, governments or persons altogether. Any change in export or import regulations, economic sanctions or related legislation, shift in the enforcement or scope of existing regulations, or change in the countries, governments, persons or technologies targeted by such regulations, could result in decreased use of our products and solutions by, or in our decreased ability to export or sell our products and solutions to, existing or potential customers with international operations. Any decreased use of our products and solutions or limitation on our ability to export or sell our products and solutions would likely adversely affect our business, results of operations, and financial condition.

We may be subject to review and enforcement under domestic and foreign laws that screen investment and to other national-security-related laws and regulations. In certain jurisdictions, these regulatory requirements may be more stringent than in the United States and may impact cybersecurity providers more specifically. As a result of these laws, investments by certain investors may impose added costs on our business, impact our operations, and/or limit our ability to engage in strategic transactions that might otherwise be beneficial to us and our investors.

We are also subject to the Foreign Corrupt Practices Act (FCPA), the U.K. Anti-Bribery Act, and other anti-corruption, sanctions, anti-bribery, anti-money laundering, and similar laws in the U.S. and other countries in which we conduct activities. Anti-corruption and anti-bribery laws, which have been enforced aggressively and are interpreted broadly, prohibit companies and their employees, agents, intermediaries, and other third parties from promising, authorizing, making or offering improper payments or other benefits to government officials and others in the private sector. We leverage third parties, including intermediaries, agents, and channel partners, to conduct our business in the U.S. and abroad, to sell subscriptions to our Platform and to collect information about cyber threats. We and these third parties may have direct or indirect interactions with officials and employees of government agencies, or state-owned or affiliated entities and we may be held liable for the corrupt or other illegal activities of these third-party business partners and intermediaries, our employees, representatives, contractors, channel partners, agents, intermediaries, and other third parties, even if we do not explicitly authorize such activities. While we have policies and procedures to address compliance with the FCPA, the U.K. Anti-Bribery Act and other anti-corruption, sanctions, anti-bribery, anti-money laundering and similar laws, we cannot assure you that they will be effective, or that all of our employees, representatives, contractors, channel partners, agents, intermediaries, or other third parties have not taken, or will not take actions, in violation of our policies and applicable law, for which we may be ultimately held responsible. As we increase our international sales and business, our risks under these laws may increase. Noncompliance with these laws could subject us to investigations, severe criminal or civil sanctions, settlements, prosecution, loss of export privileges, suspension or debarment from U.S. government contracts, other enforcement actions, disgorgement of profits, significant fines, damages, other civil and criminal penalties or injunctions, whistleblower complaints, adverse media coverage, and other consequences. Any investigations, actions or sanctions could harm our reputation, business, results of operations, and financial condition.

Risks Related to Ownership of our Common Stock and Public Warrants

There can be no assurance that we will be able to comply with the continued listing standards of Nasdaq.

If we fail to satisfy the continued listing requirements of Nasdaq such as the corporate governance requirements or the minimum share price requirement, Nasdaq may take steps to delist our securities. Such a delisting would likely have a negative effect on the price of the securities and would impair your ability to sell or purchase the securities when you wish to do so. In the event of a delisting, we can provide no assurance that any action taken by us to restore compliance with listing requirements would allow our securities to become listed again, stabilize the market price or improve the liquidity of our securities, prevent our securities from dropping below the Nasdaq minimum share price requirement or prevent future non-compliance with Nasdaq’s listing requirements. Additionally, if our securities are not listed on, or become delisted from, Nasdaq for any reason, and are quoted on the OTC Bulletin Board, an inter-dealer automated quotation system for equity securities that is not a national securities exchange, the liquidity and price of our securities may be more limited than if we were quoted or listed on Nasdaq or another national securities exchange. You may be unable to sell your securities unless a market can be established or sustained.

Our business and operations could be negatively affected if we become subject to any securities litigation or shareholder activism, which could cause us to incur significant expense, hinder execution of our business and growth strategy, and impact our stock price.

In the past, following periods of volatility in the market price of a company’s securities, securities class action litigation has often been brought against that company. Shareholder activism, which could take many forms or arise in a variety of situations, has been increasing recently. Volatility in the stock price of our Common Stock or other reasons may in the future cause it to become the target of securities litigation or shareholder activism. Securities litigation and shareholder activism, including potential proxy contests, could result in substantial costs and divert management’s and our Board’s attention and resources from our business. Additionally, such securities litigation and shareholder activism could give rise to perceived uncertainties as to our future, adversely affect our relationships with service providers and make it more difficult to attract and retain qualified personnel. Also, we may be required to incur significant legal fees and other expenses related to any securities litigation and activist shareholder matters. Further, our stock price could be subject to significant fluctuation or otherwise be adversely affected by the events, risks and uncertainties of any securities litigation and shareholder activism.

The market price of shares of our Common Stock may be volatile, which could cause the value of stockholder investments to decline.

The market price of our Common Stock may be highly volatile and could be subject to wide fluctuations. Securities markets worldwide experience significant price and volume fluctuations. Market volatility, as well as general economic, market or political conditions, could reduce the market price of shares of our Common Stock regardless of our operating performance.

In addition, our operating results could be below the expectations of public market analysts and investors due to a number of potential factors, including:

variations in operating results or dividends, if any, to stockholders;

additions or departures of key management personnel;

publication of research reports about our industry;

litigation and government investigations;

changes or proposed changes in laws or regulations or differing interpretations or enforcement of laws or regulations affecting our business;

adverse market reaction to any indebtedness incurred or securities issued in the future;

changes in market valuations of similar companies;

adverse publicity or speculation in the press or investment community;

the development and sustainability of an active trading market for our Common Stock;

announcements by competitors of significant contracts, acquisitions, dispositions, strategic partnerships, joint ventures, or capital commitments; and

the impact of the COVID-19 pandemic (or future pandemics) on our management, employees, partners, customers, and operating results.

In response to any of the foregoing developments, the market price of shares of our Common Stock could decrease significantly. You may be unable to resell your shares at or above your purchase price.

If our operating and financial performance in any given period does not meet the guidance provided to the public or the expectations of investment analysts, the market price of our Common Stock may decline.

We may, but are not obligated to, provide public guidance on our expected operating and financial results for future periods. Any such guidance will consist of forward-looking statements, subject to the risks and uncertainties described in this Annual Report and in our other public filings and public statements. Our actual results may not always be in line with or exceed any guidance we have provided, especially in times of economic uncertainty. If, in the future, our operating or financial results for a particular period do not meet any guidance provided or the expectations of investment analysts, or if we reduce our guidance for future periods, the market price of our Common Stock may decline as well. Even if we do issue public guidance, there can be no assurance that we will continue to do so in the future.

If securities or industry analysts do not publish research or reports about our business or publish negative reports, the market price of our Common Stock could decline.

The trading market for our Common Stock is influenced by the research and reports that industry or securities analysts publish about us and our business. If regular publication of research reports ceases, we could lose visibility in the financial markets, which in turn could cause the market price or trading volume of our Common Stock to decline. Moreover, if one or more of the analysts who cover us downgrade our Common Stock or if reporting results do not meet their expectations, the market price of our Common Stock could decline.

We may issue additional shares of our Common Stock (including upon the exercise of warrants), which would increase the number of shares eligible for future resale in the public market and result in dilution to Company stockholders.

The Warrants became exercisable on September 2, 2022, provided in each case that we have an effective registration statement under the Securities Act covering the shares of our Common Stock issuable upon exercise of our Warrants and a current prospectus relating to them is available and such shares are registered, qualified or exempt from registration under the securities, or blue sky, laws of the state of residence of the holder (or holders exercise their warrants on a cashless basis under the circumstances specified in the Warrant Agreement). Each Warrant entitles the holder thereof to purchase one share of our Common Stock at a price of $11.50 per whole share, subject to adjustment. In addition, the Convertible Notes initially will be convertible into approximately 13,043,473 shares of our Common Stock, subject to increase to the extent that we exercise our option to pay interest in kind with respect to the Convertible Notes rather than in cash (please see “ Risk Factors—Risks Related to Ownership of our Common Stock—Our issued and outstanding notes may impact our financial results, result in the dilution of our stockholders, create downward pressure on the price of our Common Stock, and restrict our ability to raise additional capital or take advantage of future opportunities .”) The issuance of additional shares of our Common Stock as a result of any of the aforementioned transactions may result in dilution to the then-existing holders of our Common Stock and increase the number of shares eligible for resale in the public market. Sales of substantial numbers of such shares in the public market could adversely affect the market price of our Common Stock.

We may issue additional shares of our Common Stock or other equity securities without stockholder approval, which would dilute stockholder ownership interests and may depress the market price of our Common Stock.

Pursuant to the Incentive Equity Plan, we may issue an aggregate of up to 23,887,536 shares of Common Stock as of January 1, 2024, which amount will be subject to increase from time to time. We may also issue additional shares of our Common Stock or other equity securities of equal or senior rank in the future in connection with, among other things, future acquisitions or repayment of outstanding indebtedness, without stockholder approval, in a number of circumstances.

The issuance of additional shares or other equity securities of equal or senior rank would have the following effects:

existing stockholders’ proportionate ownership interest in us will decrease;

the amount of cash available per share, including for payment of dividends in the future, may decrease;

the relative voting strength of each share of previously outstanding common stock may be diminished; and

the market price of our Common Stock may decline.

There is no guarantee that our Warrants will ever be in the money, and they may expire worthless.

The exercise price for our Warrants is $11.50 per-share (subject to adjustment as described herein). We do not expect warrant holders to exercise their Warrants and, therefore, we do not expect to receive cash proceeds from any such exercise, for so long as Warrants are out-of-the money. There can be no assurance that Warrants will ever be in-the-money prior to their expiration and, as such, the Warrants may expire worthless. The last reported sales price for our Common Stock on March 13, 2024 was $1.11 per share.

We may amend the terms of our Public Warrants in a manner that may be adverse to holders of such warrants with the approval by the holders of at least 50% of the then outstanding our Public Warrants. As a result, the exercise price of our Public Warrants could be increased, the exercise period could be shortened and the number of shares of our Common Stock purchasable upon exercise of our Public Warrants could be decreased, all without any particular public warrant holder’s approval.

Our Public Warrants were issued in registered form under the Warrant Agreement. The Warrant Agreement provides that the terms of the Public Warrants may be amended without the consent of any holder to cure any ambiguity, mistake or correct any defective provision, but requires the approval by the holders of at least 50% of the then outstanding Public Warrants to make any change that adversely affects the interests of the registered holders of such Public Warrants. Accordingly, we may amend the terms of our Public Warrants in a manner adverse to a holder if holders of at least 50% of the then outstanding Public Warrants approve of such amendment and, solely with respect to any amendment to the terms of our Private Placement Warrants or any provision of the Warrant Agreement with respect to our Private Placement Warrants, 50% of the number of the then outstanding Private Placement Warrants. Although our ability to amend the terms of our Public Warrants with the consent of at least 50% of the then outstanding Public Warrants is unlimited, examples of such amendments could be amendments to, among other things, increase the exercise price of the Public Warrants, convert the Public Warrants into cash, shorten the exercise period or decrease the number of shares of our Common Stock purchasable upon exercise of a Public Warrant.

We may redeem unexpired Public Warrants prior to their exercise at a time that is disadvantageous to holders of Public Warrants, thereby making such warrants worthless.

We have the ability to redeem all, but not less than all, of the outstanding Public Warrants at any time after they become exercisable and prior to their expiration, at a price of $0.01 per warrant, provided that the closing price of our Common Stock equals or exceeds $18.00 per share (as adjusted for share sub-divisions, share capitalizations, reorganizations, recapitalizations and the like) for any 20 trading days within a 30 trading-day period ending on the third trading day prior to the date on which we give proper notice of such redemption to the warrants holders and provided certain other conditions are met. We may not redeem the warrants unless an effective registration statement under the Securities Act covering the shares of our Common Stock issuable upon exercise of the warrants is effective and a current prospectus relating to those shares is available throughout the minimum 30-day notice period discussed below. If and when our Public Warrants become redeemable by us, we may exercise our redemption right even if we are unable to register or qualify the underlying securities for sale under all applicable state securities laws. Redemption of the outstanding warrants could force warrant holders to (i) exercise their warrants and pay the exercise price therefor at a time when it may be disadvantageous for them to do so, (ii) sell their warrants at the then-current market price when they might otherwise wish to hold their warrants or (iii) accept the nominal redemption price which, at the time the outstanding warrants are called for redemption, is likely to be substantially less than the market value of their warrants. None of our Private Warrants will be redeemable by us in accordance with these provisions so long as they are held by the Sponsor, Jefferies LLC or their permitted transferees.

In addition, we have the ability to redeem all, but not less than all, of the outstanding Public Warrants at any time after they become exercisable and prior to their expiration, at a price of $0.10 per warrant, provided that the closing price of our Common Stock equals or exceeds $10.00 per share (as adjusted for share sub-divisions, share capitalizations, reorganizations, recapitalizations and the like) for any 20 trading days within a 30 trading-day period ending on the third trading day prior to the date on which we give proper notice of such redemption to the warrants holders and provided certain other conditions are met, including that holders will be able to exercise their warrants on a “cashless basis” prior to redemption for a number of shares of our Common Stock determined based on the period of time to expiration of the warrants and the redemption fair market value of our Common Stock, both as set forth in a table in the Warrant Agreement. If and when our Public Warrants become redeemable by us, we may exercise our redemption right even if we are unable to register or qualify the underlying securities for sale under all applicable state securities laws. The value received upon exercise of the warrants (1) may be less than the value the holders would have received if they had been able to exercise their warrants at a later time at which the underlying share price is higher and (2) may not compensate the holders for the value of the warrants, including because the number of shares received on a cashless exercise basis is capped at 0.361 of a share of our Common Stock per warrant (subject to adjustment) irrespective of the remaining life of our Public Warrants. If the closing price of our Common Stock is less than $18.00 per share (as adjusted for share sub-divisions, share capitalizations, reorganizations, recapitalizations and the like) for any 20 trading days within a 30 trading-day period ending on the third trading day prior to the date on which we give proper notice of such redemption to the warrants holders, we may only redeem our Public Warrants in accordance with these provisions if we concurrently redeem the outstanding Private Warrants (other than Private Warrants held by the Sponsor, Jefferies LLC and their permitted transferees) on the same terms.

In the event that we elect to redeem our Public Warrants in either of the scenarios described above we would only be required to have the notice of redemption mailed by first class mail, postage prepaid, by us not less than thirty (30) days prior to the redemption date to the registered holders of the outstanding warrants to be redeemed at their last addresses as they shall appear on the registration books. Any notice mailed in the manner provided above will be conclusively presumed to have been duly given whether or not the registered holder of the warrants received such notice. We are not contractually obligated to notify investors when our Public Warrants become eligible for redemption, and we do not intend to so notify investors upon eligibility of the warrants for redemption.

The Warrant Agreement designates the courts of the State of New York or the United States District Court for the Southern District of New York as the sole and exclusive forum for certain types of actions and proceedings that may be initiated by holders of our Warrants, which could limit the ability of warrant holders to obtain a favorable judicial forum for disputes with us.

The Warrant Agreement provides that, subject to applicable law, (i) any action, proceeding or claim against us arising out of or relating in any way to the Warrant Agreement, including under the Securities Act, will be brought and enforced in the courts of the State of New York or the United States District Court for the Southern District of New York, and (ii) that we irrevocably submit to such jurisdiction, which jurisdiction shall be the exclusive forum for any such action, proceeding or claim. We will waive any objection to such exclusive jurisdiction and that such courts represent an inconvenient forum. However, Section 22 of the Securities Act provides that federal and state courts have concurrent jurisdiction over lawsuits brought under the Securities Act or the rules and regulations thereunder. To the extent the exclusive forum provision restricts the courts in which claims arising under the Securities Act may be brought, there is uncertainty as to whether a court would enforce such a provision. We note that investors cannot waive compliance with the federal securities laws and the rules and regulations thereunder.

Notwithstanding the foregoing, these provisions of the Warrant Agreement do not apply to suits brought to enforce any liability or duty created by the Exchange Act or any other claim for which the federal district courts of the United States of America are the sole and exclusive forum. Any person or entity purchasing or otherwise acquiring any interest in any our Warrants shall be deemed to have notice of and to have consented to the forum provisions in the Warrant Agreement. If any action, the subject matter of which is within the scope the forum provisions of the Warrant Agreement, is filed in a court other than a court of the State of New York or the United States District Court for the Southern District of New York (a foreign action) in the name of any holder of our Warrants, such holder shall be deemed to have consented to: (x) the personal jurisdiction of the state and federal courts located in the State of New York in connection with any action brought in any such court to enforce the forum provisions (an enforcement action), and (y) having service of process made upon such warrant holder in any such enforcement action by service upon such warrant holder’s counsel in the foreign action as agent for such warrant holder.

This choice-of-forum provision may limit a warrant holder’s ability to bring a claim in a judicial forum that it finds favorable for disputes with us, which may discourage such lawsuits. Alternatively, if a court were to find this provision of the Warrant Agreement inapplicable or unenforceable with respect to one or more of the specified types of actions or proceedings, we may incur additional costs associated with resolving such matters in other jurisdictions, which could materially and adversely affect our business, financial condition and results of operations and result in a diversion of the time and resources of our management and Board.

Provisions in our organizational documents and provisions of Delaware General Corporation Law (DGCL) may delay or prevent an acquisition by a third party that could otherwise be in the interests of stockholders.

Our organizational documents contain several provisions that may make it more difficult or expensive for a third party to acquire control of us without the approval of our Board. These provisions, which may delay, prevent or deter a merger, acquisition, tender offer, proxy contest, or other transaction that stockholders may consider favorable, include the following:

the division of our Board into three classes and the election of each class for three-year terms;

advance notice requirements for stockholder proposals and director nominations;

provisions limiting stockholders’ ability to call special meetings of stockholders and to take action by written consent;

restrictions on business combinations with interested stockholders;

in certain cases, the approval of holders representing at least two-thirds of the total voting power of the shares entitled to vote will be required for stockholders to adopt, amend or repeal certain provisions of the Bylaws, or amend or repeal certain provisions of the Certificate of Incorporation;

no cumulative voting; and

the ability of the Board to designate the terms of and issue new series of preferred stock without stockholder approval, which could be used, among other things, to institute a rights plan that would have the effect of significantly diluting the stock ownership of a potential hostile acquirer, likely preventing acquisitions by such acquirer.

These provisions of our organizational documents could discourage potential takeover attempts and reduce the price that investors might be willing to pay for the shares of our Common Stock in the future, which could reduce the market price of the common stock. For more information, see the “Description of Securities” included as an exhibit to this Annual Report.

The provision of our Certificate of Incorporation requiring exclusive venue in the Court of Chancery in the State of Delaware and the federal district courts of the United States for certain types of lawsuits may have the effect of discouraging lawsuits against directors and officers.

Our Certificate of Incorporation provides that, unless otherwise consented to by us in writing, the Court of Chancery of the State of Delaware (or, if the Court of Chancery does not have jurisdiction, another State court in Delaware or the federal district court for the District of Delaware) will, to the fullest extent permitted by law, be the sole and exclusive forum for the following types of actions or proceedings: (i) any derivative action or proceeding brought on behalf of us; (ii) any action asserting a claim of breach of a duty (including any fiduciary duty) owed by any of our current or former director, officer, stockholder, employee or agent to us or our stockholders; (iii) any action asserting a claim against us or any of our current or former director, officer, stockholder, employee or agent relating to any provision of the DGCL or the Certificate of Incorporation or the Bylaws or as to which the DGCL confers jurisdiction on the Court of Chancery of the State of Delaware; and (iv) any action asserting a claim against us or any of our current or former director, officer, stockholder, employee or agent governed by the internal affairs doctrine of the State of Delaware, in each such case unless the Court of Chancery (or such other state or federal court located within the State of Delaware, as applicable) has dismissed a prior action by the same plaintiff asserting the same claims because such court lacked personal jurisdiction over an indispensable party named as a defendant therein. Our Certificate of Incorporation further provides that, unless otherwise consented to by us in writing to the selection of an alternative forum, the federal district courts of the United States will, to the fullest extent permitted by law, be the sole and exclusive forum for the resolution of any complaint against any person in connection with any offering of our securities, asserting a cause of action arising under the Securities Act. Any person or entity purchasing or otherwise acquiring any interest in our securities will be deemed to have notice of and consented to this provision.

Although our Certificate of Incorporation contains the choice of forum provisions described above, it is possible that a court could rule that such provisions are inapplicable for a particular claim or action or that such provisions are unenforceable. For example, under the Securities Act, federal courts have concurrent jurisdiction over all suits brought to enforce any duty or liability created by the Securities Act, and investors cannot waive compliance with the federal securities laws and the rules and regulations thereunder. In addition, Section 27 of the Exchange Act creates exclusive federal jurisdiction over all suits brought to enforce any duty or liability created by the Exchange Act or the rules and regulations thereunder, and, therefore, the exclusive forum provisions described above do not apply to any actions brought under the Exchange Act.

Although we believe these provisions will benefit us by limiting costly and time-consuming litigation in multiple forums and by providing increased consistency in the application of applicable law, these exclusive forum provisions may limit the ability of our stockholders to bring a claim in a judicial forum that such stockholders find favorable for disputes with us or our directors, officers or employees, which may discourage such lawsuits against us and our directors, officers, and other employees.

We have no current plans to pay cash dividends on our Common Stock. As a result, stockholders may not receive any return on investment unless they sell their Common Stock for a price greater than the purchase price.

We have no current plans to pay dividends on our Common Stock. Any future determination to pay dividends will be made at the discretion of our Board, subject to applicable laws. It will depend on a number of factors, including our financial condition, results of operations, capital requirements, contractual, legal, tax, and regulatory restrictions, general business conditions, and other factors that our Board may deem relevant. In addition, the ability to pay cash dividends may be restricted by the terms of debt financing arrangements, as any future debt financing arrangement likely will contain terms restricting or limiting the amount of dividends that may be declared or paid on our Common Stock. As a result, stockholders may not receive any return on an investment in our Common Stock unless they sell their shares for a price greater than that which they paid for them.

I TEM 1B. UNRESOLVED STAFF COMMENTS

None

ITEM 1C. CYBERSECURITY

We are committed to protecting information and the underlying information systems involved in the operation of our business. We face a multitude of cybersecurity threats that range from attacks common to most industries such as phishing and denial-of-service attempts, to more-sophisticated malware and ransomware attacks, in addition to threats designed to penetrate our Platform. Our customers, suppliers, subcontractors, and third-party business partners also face similar cybersecurity threats. A cybersecurity incident impacting us or any of these entities could have a materially adverse impact on our operations, performance, our brand, and our competitive position. We rely on technical safeguards that are designed to protect our information systems from cybersecurity threats, including firewalls, intrusion prevention and detection systems, anti-malware functionality, and access controls. We must maintain a robust cybersecurity stance in the rapidly evolving security environment to uphold our market leadership position.

The Board of Directors assesses the Company’s overall risk assessment and risk management policies. The Board discharges this responsibility through its committees, each of which examines various components of enterprise risk. The Audit Committee reviews the Company's management of cybersecurity risk, including our policies and processes to monitor and mitigate potential exposure.

Our Chief Information Security Officer (“CISO”) leads a Security & Compliance team that is responsible for information security, including cyber threat detection and response. Our CISO has extensive information technology and program management experience, including a background in corporate information security across a wide range of industries. The Security & Compliance team oversees and works to improve our enterprise security framework through its identification, assessment, and response to potential threats in order to mitigate risk and reduce the impact of a cyber incident. These efforts include daily internal and external vulnerability scans, web application scans, and vendor risk assessments. The assessment of a cyber incident includes both quantitative and qualitative factors to determine if there is a material impact. Quantitative factors include the potential or actual financial loss and cost of remediation efforts. Qualitative factors include damages to our brand and/or competitive standing, disruptions to our operations, and the potential for litigation. Regardless of whether we consider an incident to be material, the Security & Compliance team will monitor the situation. This ongoing monitoring aims to contain, mitigate, and remediate the circumstances that contributed to the incident and any potential losses arising from the incident. The Security & Compliance team also monitors evolving factors that might later elevate an incident above a materiality threshold which would require us to make public disclosure of the incident.

We engage third parties to conduct evaluations of our information security controls and compliance such as penetration testing and HIPAA (“Health Insurance Portability and Accountability Act”) risk assessment. Since we provide services to certain government agencies, we are subject to various compliance assessments including the Cybersecurity Maturity Model Certification developed by the United States Department of Defense. We also receive an annual System & Organizational Control (SOC 2) audit which assesses our key compliance controls and objectives which helps us identify gaps that may require enhancements to our enterprise security framework.

We also consider our risks from cybersecurity threats as part of a broader overall enterprise risk management (ERM) program. The ERM program is managed by a cross-functional team that is comprised of our CTO, CFO, COO, and General Counsel. Our risk assessment approach is to evaluate the likelihood and potential negative impact of each threat or risk using a quantitative scoring methodology. To the extent our ERM program identifies a severe cybersecurity related risk, we will develop a response plan, assign owners to each planned action, and track progress of solution implementation. The Board of Directors reviews our ERM program on an annual basis.

Despite the extensive approach we take to cybersecurity, we may not be successful in preventing or mitigating a cybersecurity incident that could have a material adverse effect on us. While we maintain cybersecurity insurance policies, the costs related to a cybersecurity incident may not be fully insured. See Item 1A. “Risk Factors” for a discussion of cybersecurity risks.DDD

I TEM 2. PROPERTIES

Our corporate headquarters in Baltimore, Maryland consist of office space that is currently leased until February 2026. We lease and maintain additional offices in the United States, including Portland, Oregon, and internationally in the United Kingdom, Chile, and India. We believe that our current facilities are adequate to meet our ongoing needs and that suitable additional alternative spaces will be available in the future on commercially reasonable terms.

I TEM 3. LEGAL PROCEEDINGS

From time to time, we may be subject to legal proceedings and claims in the ordinary course of business. We are not presently a party to any legal proceedings that, if determined adversely to us, would individually or taken together have a material adverse effect on our business, results of operations, financial condition or cash flows. We have received, and may in the future continue to receive, claims from third parties asserting, among other things, infringement of their intellectual property rights. Future litigation may be necessary to defend ourselves, our partners and our customers by determining the scope, enforceability, and validity of third-party proprietary rights, or to establish our proprietary rights. The results of any current or future litigation cannot be predicted with certainty, and regardless of the outcome, litigation can have an adverse impact on us because of defense and settlement costs, diversion of management resources, and other factors.

MANAGEMENT'S DISCUSSION AND ANALYSIS OF FINANCIAL CONDITION AND RESULTS OF OPERATIONS

The following discussion and analysis of our financial condition and results of operations should be read in conjunction with our consolidated financial statements and related notes included elsewhere in this Annual Report on Form 10-K. Some of the information contained in this discussion and analysis or set forth elsewhere in this Annual Report, including information with respect to our plans and strategy for our business and related financing, includes forward-looking statements that involve risks and uncertainties. See “Forward-Looking Statements” and “Risk Factors” for a discussion of forward-looking statements and important factors that could cause actual results to differ materially from the results described in or implied by these forward-looking statements. Unless otherwise indicated or the context otherwise requires, references in this Management’s Discussion and Analysis of Financial Condition and Results of Operations of ZeroFox Holdings, Inc. section to ‘‘ZeroFox,’’ ‘‘we,’’ ‘‘us,’’ ‘‘our,’’ and other similar terms refer to ZeroFox Holdings, Inc. and its consolidated subsidiaries after the Business Combination.

Overview

ZeroFox was formed through the merger of ZeroFox, Inc., ID Experts Holdings, Inc., and L&F Acquisition Corp. ("L&F") on August 3, 2022. ZeroFox, Inc. was founded in 2013 with the vision that the emergence and adoption of social media, mobile applications, and cloud computing by enterprises would fundamentally change the cybersecurity paradigm. Social media represents much more than a platform where individuals connect online. The adoption of social media revolutionized the way people communicate with each other and, subsequently, how enterprises and organizations enable communication among employees, customers, partners, and prospects. Mobile applications accelerated the digital transformation in which earlier versions of the web would need to become interactive and persist across multiple modern mediums. Furthermore, cloud computing’s continued evolution and adoption demonstrate how organizations are more comfortable with data residing beyond their traditional security perimeter outside of the historical boundaries of IT governance and control.

We provide customers with an innovative and comprehensive platform for external cybersecurity that protects organizations from threats outside the traditional corporate perimeter (our Platform). Our Platform protects our customers from threats to their organizations, brands, digital assets, and people. These threats include targeted phishing attacks, account takeovers, credential theft, data leakage, domain spoofing, and impersonations.

Our cloud-native platform combines protection, intelligence, adversary disruption, and response services into an integrated solution.

Our protection capabilities continuously monitor social, mobile, surface web, deep and dark web, email, and collaboration platforms and use artificial intelligence-powered analytics to identify threats. Our Platform processes millions of pieces of content, rich media, posts, messages, global intelligence, and threat actor activity across the digital landscape, including mobile app stores, social media sites, dark web forums, and discrete content sources. With the data we collect and process, we identify targeted phishing attacks, credential compromise, data exfiltration, brand hijacking, and executive and location threats across the public-facing surface web as well as the deep and dark web.

Our intelligence capabilities provide access to threat intelligence data as well as analysis and investigations provided by our threat intelligence experts.

Our adversary disruption capabilities enable the remediation of threats through automated takedowns of domains, impersonations, and malicious content, and facilitate the blocking of adversary infrastructure across various networks.

Our response services include breach response (notification, call center support, and identity protection) and incident response.

We sell subscriptions to our Platform to organizations of all sizes across multiple industries. We primarily sell subscriptions through our direct sales teams that leverage our global network of channel partners. A majority of our customers purchase subscription agreements with a term of one year. Our subscription agreements are generally priced on the number of assets protected and the desired levels of services. We generally recognize our subscription agreements ratably over the term of the agreement.

We also generate revenue from breach response services, incident response, investigative services, and training. Our breach response services can be priced on either a fixed price or variable price arrangement. A typical breach response arrangement includes breach notification services and a period of identity protection services. We recognize revenue for the breach notification services on completion of the notification and the identity protection on a ratable basis over the contract term, typically 15 months. Our incident response, investigative, and training services are generally priced on a fixed-fee basis and revenue is recognized as the services are performed.

Russian Invasion of Ukraine and Israel-Hamas War

We continue to monitor and respond to the war in Ukraine and the associated sanctions and other restrictions. We are also monitoring and responding to the Israel-Hamas war. The full impact of the conflicts on our business operations and financial performance remains uncertain and will depend on future developments, including the severity and duration of the conflicts and their impact on regional and global economic conditions. We will continue to monitor these conflicts and assess the related restrictions and other effects and pursue prudent decisions for our team members, customers, and business. As of the date of this report, these conflicts have not resulted in a material impact to our business operations and financial performance.

Recent Acquisitions

On April 21, 2023, we completed the acquisition of Lookingglass Cyber Solutions, Inc. (LookingGlass). The successful completion of the acquisition combined the innovative platforms of ZeroFox and LookingGlass, enabling our customers to build a robust security posture by providing world-class visibility into external attack surface assets and vulnerabilities.

Proposed Merger

On February 6, 2024, the Company entered into the Haveli Merger Agreement with Parent and Merger Sub. Parent and Merger Sub are each affiliates of the Haveli Funds, managed by Haveli.

The Haveli Merger Agreement provides that, among other things and on the terms and subject to the conditions of the Haveli Merger Agreement, (a) Merger Sub will merge with and into the Company, with the Company surviving the Merger as a wholly-owned subsidiary of Parent (the “Merger”), and (b) at the effective time of the Merger (the “Effective Time”), each issued and outstanding share (immediately prior to the Effective Date) of Company Common Stock (except as otherwise provided in the Haveli Merger Agreement) will be cancelled and converted into the right to receive an amount in cash equal to $1.14 per share, without interest and subject to any applicable withholding taxes.

The completion of the Merger is subject to the satisfaction or, if permitted, waiver of certain customary mutual closing conditions set forth in the Haveli Merger Agreement, including (a) obtaining Company Stockholder Approval and (b) the expiration or termination of the applicable waiting period under the HSR Act, and the receipt of approval, clearance or expiration of the applicable review periods under the NSI Act. The obligation of each party to consummate the Merger is also conditioned on the other party’s representations and warranties being true and correct (subject to certain customary materiality exceptions) and the other party having performed in all material respects its obligations under the Merger Agreement, and the obligation of Parent to consummate the Merger is additionally conditioned on no material adverse effect on the Company having occurred since the execution of the Merger Agreement. The consummation of the Merger is not subject to any financing condition.

The Merger is expected to close in the first half of 2024. Upon consummation of the Merger, the Company will cease to be a publicly traded company (see Note 18 to the consolidated financial statement included in Part II, Item 8 of this Annual Report).

Key Factors Affecting Performance

New Customer Acquisition

Our future growth depends in large part on our ability to acquire new customers. To attract new customers, we have invested, and will continue to invest, in our sales and marketing efforts. Many organizations have not yet adopted external cybersecurity solutions and our business and operating results will be affected by the rate at which organizations adopt our solutions. We believe our Platform addresses the evolving needs of organizations of all sizes and industries and coupled with our go-to-market strategy, presents significant opportunities for growth.

Investing in Growth

We intend to continue to invest in our business so that we can capitalize on our market opportunity. We intend to continue to invest in sales and marketing to grow our sales team, expand our brand recognition and optimize our channel partner network. We also intend to continue to invest in our research and development team to build additional functionality and enhance existing functionality in our Platform to extend our capabilities as our success is dependent on our ability to further our technological leadership. Additionally, we plan to evaluate strategic acquisitions of businesses and technologies to expand and enhance the functionality of our Platform.

Our investments in growth may adversely affect our operating results in the near term. However, we expect that these investments will contribute to our long-term growth and success.

If these investments do not lead to expected revenue growth, our operating losses may increase, we may not achieve profitability, and our growth rates may slow.

Retention and Expansion of Customers

Our ability to increase revenue depends in large part on our ability to retain our existing customers and grow the value of their subscriptions. We focus on increasing sales to our existing customers by increasing the number of protected assets and corresponding intelligence services delivered on and through our External Cybersecurity Platform. We intend to expand existing capabilities and launch new features which we believe will contribute to increased adoption by our growing base of customers. Our ability to expand within our customer base, particularly large enterprise and government customers, will depend on a number of factors, including platform performance, competitive offerings, pricing, overall changes in our customers’ spending levels, and the effectiveness of our efforts to help our customers realize the benefits of our Platform.

Key Business Metrics

We monitor the following key metrics to help us evaluate our business, identify trends affecting our business, formulate business plans, and make strategic directions.

Subscription Customers

We believe that the size of our customer base is an indicator of our market adoption and that our net new customer additions are an indicator of the growth of our business. We focus our sales and marketing efforts on large enterprises and medium-sized businesses. We define a subscription customer as any entity that has entered into a distinct agreement for access to our Platform for which the term has not ended or with which we are continuing to provide service and negotiating a renewal contract that expired within 90 days of the applicable measurement date. We do not consider our channel partners as subscription customers, and we treat managed service security providers, who may purchase our products on behalf of multiple companies, as a single subscription customer. As of January 31, 2024, the Company had over 1,300 subscription customers.

Annual Recurring Revenue ("ARR")

We believe that ARR is a key operating metric to measure our business as changes in ARR reflect our ability to acquire net new customers and to maintain, retain, and expand our relationships with our existing customers. We define ARR as the annualized contract value of all recurring revenue related to contracts in place at the end of the reporting date assuming any contract is renewed on its existing terms. We continue to include ARR from customers whose term has expired within 90 days of the applicable measurement date for which we are actively negotiating renewal. As of January 31, 2024, the Company had an ARR of $188.4 million.

Components of Our Results of Operations

Revenue

We generate revenue from subscription agreements and from services, which includes breach response services.

Subscription revenue includes access to our hosted platform for protection, intelligence, disruption, and response capabilities along with credit and identity protection services. The majority of our customers are invoiced annually in advance of their subscription term. Our subscription agreements are “stand ready” to permit platform access and provide our protection services over the contractual term. We recognize subscription revenue ratably over the term of the agreement.

Services revenue includes breach response, training, and investigative services. Our breach response services can be priced on either a fixed price or variable price arrangement. A typical breach response arrangement includes breach notification services and a period of identity protection services. We recognize revenue for the breach notification services on completion of the notification and the identity protection services on a ratable basis over the contract term, which is typically 15 months. Our training and investigative services are generally priced on a fixed-fee basis and revenue is recognized as the services are performed.

Cost of Revenue

Costs of subscription revenue consist primarily of third-party cloud infrastructure expenses; fees paid to data providers; personnel-related costs such as salaries, bonuses, benefits, and stock-based compensation associated with customer support; software and subscription services used to support our customers; amortization of our capitalized internal-use software; travel and related expenses; amortization of acquired technology; and allocated overhead costs. Our allocated overhead costs include depreciation and information technology expenses.

Cost of services revenue consist primarily of fees to outsourced service providers for credit monitoring; call center operation; notification mailing; insurance; personnel-related costs such as salaries, bonuses, benefits, and stock-based compensation associated with breach project management and delivery, intelligence services, and other services; travel and related expenses; amortization of acquired technology; and allocated overhead costs. Our allocated overhead costs include depreciation and information technology expenses.

Operating Expenses

Our operating expenses consist of research and development, sales and marketing, and general and administrative expenses. Personnel-related expenses, including salaries, bonuses, commissions, benefits, and stock-based compensation are the most significant components of each of these categories. Operating expenses also include allocated overhead costs.

Research and Development

Research and development expenses consist primarily of personnel costs for our research, product and engineering teams, including salaries, bonuses, benefits, and stock-based compensation. Research and development expenses also include software, subscription services, and third-party cloud infrastructure incurred in the design and development of our hosted platform as well as allocated overhead costs.

We expect research and development expenses to increase in absolute dollars as we continue to invest in our Platform and services. However, we anticipate research and development expenses to decrease as a percentage of our revenue over time. Our research and development expenses may fluctuate as a percentage of our revenue from period-to-period depending on the timing of these expenses and the capitalization of expenses that qualify as internal-use software.

Sales and Marketing

Sales and marketing expenses consist primarily of personnel costs for our sales and marketing teams, including salaries, commissions, bonuses, benefits, and stock-based compensation. Sales and marketing expenses also include conferences, branding and other marketing events, software services, subscription services, travel and related expenses, amortization of acquired customer relationships, and allocated overhead costs. We capitalize and amortize sales commissions from the initial acquisition of a customer subscription agreement to sales and marketing expense over the estimated customer life. We capitalize and amortize sales commissions from breach service arrangements to sales and marketing expense over the service period. We capitalize and amortize commissions paid for the renewal of a customer’s subscription over the term of the renewal.

We expect sales and marketing expenses to increase in absolute dollars as we continue to invest in our sales and marketing organization to drive additional revenue, further penetrate our market, and expand our global customer base. However, we anticipate sales and marketing expenses to decrease as a percentage of our revenue over time. Our sales and marketing expenses may fluctuate as a percentage of our revenue from period to period depending on the timing of these expenses.

General and Administrative

General and administrative expenses consist primarily of personnel costs for our executive, finance, legal, human resources, and information technology teams, including salaries, bonuses, benefits, and stock-based compensation. General and administrative expenses also include professional fees for external accounting, legal, and other advisory services, insurance, software and subscription services, travel and related expenses, facilities-related expenses, amortization of acquired trade names, and allocated overhead costs.

We expect to incur additional expenses as the result of operating as a public company, including costs related to additional reporting and compliance requirements applicable to a listed company and increased expenses for insurance, accounting, legal, and other services. We expect general and administrative expenses to increase in absolute dollars; however, we anticipate general and administrative expenses to decrease as a percentage of our revenue over time.

Goodwill Impairment

We record a goodwill impairment loss when, as a result of our annual test or interim test (if factors are present that require an interim test), the fair value of the Company's single reporting unit is below the carrying value of the Company's single reporting unit.

Interest Expense

Interest expense consists primarily of contractual interest expense, as well as amortization of debt discount and issuance costs related to our term loans and our Convertible Notes issued on August 3, 2022.

Change in Fair Value of Purchase Consideration Liability

The Purchase consideration liability consists of the fair value of the purchase consideration not yet finalized in the acquisition of LookingGlass. The change in the fair value of the purchase consideration liability is primarily driven by changes in the price of the Company's Common Stock.

Change in Fair Value of Warrant Liabilities

Warrant liabilities consists of the fair value of the Company's outstanding warrants issued to various holders. The change in the fair value of the warrant liabilities is primarily driven by changes in the price of the Company's warrants traded on Nasdaq.

Change in Fair Value of Sponsor Earnout Shares Liability

Sponsor earnout shares liability consists of the fair value of the potentially issuable sponsor earnout shares. The change in the fair value of the sponsor earnout shares liability is primarily driven by changes in the price of the Company's Common Stock.

Other Income (Expense), Net

Other income (expense), net consists primarily of unrealized and realized gains and losses related to changes in foreign currency exchange rates.

(Benefit from) Provision for Income Taxes

(Benefit from) provision for income taxes consists primarily of pre-tax losses and the reduction of deferred tax liabilities associated with the amortization of intangible assets with no tax basis acquired through the Business Combination. The provision also includes income taxes in foreign jurisdictions in which the Company operates.

Results of Operations

Results for the Year ended January 31, 2024, Compared to the Period August 4, 2022, to January 31, 2023 (Successor) and February 1, 2022 to August 3, 2022 (Predecessor)

This section describes the results of the Company for the year ended January 31, 2024, and the period August 4, 2022, to January 31, 2023 (the "Successor Period") and the results of the Predecessor for the period February 1, 2022, to August 3, 2022 (the "Predecessor Period"). There are no comparative analysis between the year ended January 31, 2024, versus the Successor Period and the Predecessor Period, as there is a lack of comparability between the periods presented.

The following table sets forth our results of operations:

Successor

Predecessor

(dollars in thousands)

Year Ended January 31, 2024

August 4, 2022 to January 31, 2023

February 1, 2022 to

August 3, 2022

Revenue

Subscription

Services

Total revenue

Cost of revenue

Subscription (1)

Services (1)

Total cost of revenue

Gross profit

Operating expenses

Research and development (1)

Sales and marketing (1)

General and administrative (1)

Goodwill impairment

Total operating expenses

Loss from operations

Interest expense, net

Change in purchase consideration liability

Change in fair value of warrant liability

Change in fair value of sponsor earnout shares

Loss before income taxes

(Benefit from) provision for income taxes

Net loss after tax

(1) includes stock-based compensation expense as follows:

(dollars in thousands)

Year Ended January 31, 2024

August 4, 2022 to January 31, 2023

February 1, 2022 to

August 3, 2022

Cost of revenue - subscription

Cost of revenue - services

Research and development

Sales and marketing

General and administrative

Total stock-based compensation expense

The following tables disclose the components of the Consolidated Statements of Comprehensive Loss as a percentage of revenue:

(as a percentage of total revenue)

Year Ended January 31, 2024

August 4, 2022 to January 31, 2023

February 1, 2022 to

August 3, 2022

Revenue

Subscription

Services

Total revenue

Cost of revenue

Subscription (1)

Services (1)

Total cost of revenue

Gross profit

Operating expenses

Research and development (1)

Sales and marketing (1)

General and administrative (1)

Goodwill impairment

Total operating expenses

Loss from operations

Interest expense, net

Change in purchase consideration liability

Change in fair value of warrant liability

Change in fair value of sponsor earnout shares

Loss before income taxes

(Benefit from) provision for income taxes

Net loss after tax

(1) includes stock-based compensation expense as follows:

(as a percentage of total revenue)

Year Ended January 31, 2024

August 4, 2022 to January 31, 2023

February 1, 2022 to

August 3, 2022

Cost of revenue - subscription

Cost of revenue - services

Research and development

Sales and marketing

General and administrative

Total stock-based compensation expense

Revenue

Successor

Predecessor

(dollars in thousands)

Year Ended January 31, 2024

August 4, 2022 to January 31, 2023

February 1, 2022 to

August 3, 2022

Subscription revenue

Services revenue

Breach

Other services

Total services revenue

Total

Revenue was $233.3 million for the year ended January 31, 2024, consisting of:

$89.3 million for subscription; and

$144.0 million for services, primarily made up of breach response services of $138.8 million.

Revenue was $88.4 million for the Successor Period, consisting of:

$31.7 million for subscription; and

$56.7 million for services, primarily made up of breach response services of $54.8 million.

Revenue was $29.2 million for the period February 1, 2022, to August 3, 2022, consisting of:

$27.9 million for subscription; and

$1.3 million for services.

Cost of Revenue, Gross Profit, and Gross Margin

Successor

Predecessor

(dollars in thousands)

Year Ended January 31, 2024

August 4, 2022

through January 31, 2023

February 1, 2022

through

August 3, 2022

Subscription cost of revenue

Services cost of revenue

Total cost of revenue

Subscription gross profit

Services gross profit

Total gross profit

Subscription gross margin

Services gross margin

Total gross margin

Cost of revenue was $158.3 million for the year ended January 31, 2024, consisting of:

$44.1 million for subscription, primarily consisting of:

$19.6 million for amortization of acquired technology intangible assets;

$15.6 million for salaries, benefits, and other compensation related costs for employees that support the subscription platform, including $0.2 million of stock-based compensation;

$4.3 million for cloud infrastructure costs; and

$2.5 million for acquired data.

$114.2 million for services, primarily consisting of:

$67.4 million for acquired data;

$39.4 million for postage and notifications related expenses for breach response services;

$6.1 million for salaries, benefits and other compensation related costs for employees that deliver the Company's professional service offerings, including $0.1 million of stock-based compensation; and

Gross profit and gross profit margin for the year ended January 31, 2024, were $75.0 million and 32%, respectively. Gross profit and gross profit margin for subscription for the year ended January 31, 2024, were $45.2 million and 51%, respectively. Gross profit and gross profit margin for services for the year ended January 31, 2024, were $29.8 million and 21%, respectively.

Cost of revenue was $61.8 million for the Successor Period, consisting of:

$18.2 million for subscription, primarily consisting of:

$5.8 million for salaries, benefits, and other compensation related costs for employees that support the subscription platforms, including $0.1 million of stock based compensation;

$9.4 million for amortization of acquired technology intangible assets; and

$2.0 million for acquired data and software.

$43.6 million for services, primarily consisting of:

$32.7 million for acquired data;

$5.4 million for postage and notifications related expenses for breach response services; and

$2.1 million for salaries, benefits and other compensation related costs for employees that deliver the Company's professional service offerings.

Gross profit and gross profit margin for the Successor Period were $26.6 million and 30%, respectively. Gross profit and gross profit margin for subscription for the Successor Period were $13.5 million and 42%, respectively. Gross profit and gross profit margin for services for the Successor Period were $13.1 million and 23%, respectively.

Cost of revenue was $8.8 million for the Predecessor Period, consisting of:

$8.3 million for subscription, primarily consisting of:

$5.5 million for salaries, benefits, and other compensation related costs for employees that support the subscription platforms; and

$1.7 million for acquired data and software.

$0.5 million for services, primarily consisting of:

$0.5 million for salaries, benefits and other compensation related costs for employees that deliver the Company's service offerings.

Gross profit and gross profit margin for the period February 1, 2022, to August 3, 2022, were $20.4 million and 69%, respectively. Gross profit and gross profit margin for subscription for the period February 1, 2022, to August 3, 2022, were $19.6 million and 70%, respectively. Gross profit and gross profit margin for services for the period February 1, 2022, to August 3, 2022, were $0.8 million and 65%, respectively.

Research and Development

Successor

Predecessor

(dollars in thousands)

Year Ended January 31, 2024

August 4, 2022 to January 31, 2023

February 1, 2022 to

August 3, 2022

Research and development

Research and Development cost was $31.2 million for the year ended January 31, 2024, primarily consisting of:

$26.4 million for salaries, benefits, and other compensation related costs for employees in software engineering and product development functions, including $1.6 million of stock-based compensation; and

$1.9 million for contractors to provide supplemental research and development efforts;

$1.7 million for acquired software and productivity tools; and

$0.8 million for cloud infrastructure costs.

Research and Development cost was $12.1 million for the Successor Period, primarily consisting of:

$10.0 million for salaries, benefits, and other compensation related costs for employees in software engineering and product development functions, including $0.5 million of stock-based compensation;

$0.9 million for contractors to provide supplemental research and development efforts;

$0.5 million for acquired software; and

$0.5 million for cloud infrastructure costs.

Research and Development cost was $8.1 million for the Predecessor Period, primarily consisting of:

$7.4 million for salaries, benefits, and other compensation related costs for employees in software engineering and product development functions, including $0.1 million of stock-based compensation;

$0.4 million for acquired software and productivity tools; and

$0.2 million for cloud infrastructure costs.

Sales and Marketing

Successor

Predecessor

(dollars in thousands)

Year Ended January 31, 2024

August 4, 2022 to

January 31, 2023

February 1, 2022 to

August 3, 2022

Sales and marketing

Sales and marketing costs was $73.8 million for the year ended January 31, 2024, primarily consisting of:

$45.2 million for salaries, benefits, and other compensation related costs for employees in sales and marketing functions, including $1.6 million of stock-based compensation;

$23.3 million for amortization of acquired customer relationships intangibles assets;

$4.8 million for marketing programs including field events and online advertising;

$1.6 million for acquired software and productivity tools;

$1.4 million for travel expenses; and

$1.3 million for fees paid to third-party sellers;

partially offset by $(6.8) million in net capitalized deferred contract acquisition costs.

Sales and Marketing cost was $35.9 million for the Successor Period, primarily consisting of:

$19.1 million for salaries, benefits, and other compensation related costs for employees in sales and marketing functions, including $0.5 million of stock-based compensation;

$11.9 million for amortization of acquired customer relationships intangible assets;

$2.2 million for marketing programs including field events and online advertising;

$0.9 million for contractors to provide supplemental sales and marketing efforts; and

$0.8 million for fees paid to third party sellers

Sales and Marketing cost was $18.5 million for the Predecessor Period, primarily consisting of:

$13.2 million for salaries, benefits, and other compensation related costs for employees in sales and marketing functions, including $0.2 million of stock-based compensation;

$1.9 million for marketing programs including field events and online advertising;

$1.3 million for amortization of acquired customer relationships intangible assets;

$0.6 million for travel expenses; and

$0.6 million for acquired software and productivity tools.

General and Administrative

Successor

Predecessor

(dollars in thousands)

Year Ended January 31, 2024

August 4, 2022 to

January 31, 2023

February 1, 2022 to

August 3, 2022

General and administrative

General and administrative costs was $38.8 million for the year ended January 31, 2024, primarily consisting of:

$16.2 million for salaries, benefits, and other compensation related costs for employees primarily in executive leadership, finance, accounting human resources, legal, and corporate IT, including $3.9 million of stock-based compensation;

$7.4 million for professional service fees, primarily legal, merger and acquisition, accounting, and audit services;

$3.6 million for amortization of acquired trade names intangible assets;

$3.6 million for insurance;

$2.9 million for rent and utilities costs primarily related to the Company's office leases; and

$1.7 million for depreciation of the Company's property and equipment.

General and Administrative cost was $18.2 million for the Successor Period, primarily consisting of:

$6.9 million for salaries, benefits, and other compensation related costs for employees primarily in executive leadership, finance, accounting human resources, legal, and corporate IT, including $1.4 million of stock-based compensation;

$5.0 million for professional service fees, primarily legal and audit services;

$1.9 million for amortization of acquired trade names intangible assets;

$1.7 million for insurance; and

$1.0 million for rent and utilities costs primarily related to the Company's office leases.

General and Administrative cost was $10.1 million for the period Predecessor Period, primarily consisting of:

$4.1 million for salaries, benefits, and other compensation related costs for employees primarily in executive leadership, finance, accounting human resources, legal, and corporate IT, including $0.5 million of stock-based compensation;

$3.4 million for professional service fees, primarily legal and audit services;

$0.8 million for rent and utilities costs primarily related to the Company's office leases; and

$0.4 million for amortization of acquired trade names intangible assets.

Goodwill Impairment

Successor

Predecessor

(dollars in thousands)

Year Ended January 31, 2024

August 4, 2022 to

January 31, 2023

February 1, 2022 to

August 3, 2022

Goodwill impairment

The Company recorded an impairment charges totaling $284.2 million for the year ended January 31, 2024. The Company recorded $72.1 million as part of its annual test of goodwill as of October 31, 2023. The Company's estimate of the fair value of its single reporting unit of $572.7 million was below the carrying value of the reporting unit of $644.8 million as of October 31, 2023. The remaining $212.1 million was recorded as part of an interim test of goodwill. The Company's estimate of the fair value of its single reporting unit of $348.1 million was below the carrying value of the reporting unit of $560.2 million as of January 31, 2024.

The goodwill impairment charge was $698.7 million for the Successor Period. The Company completed an interim goodwill impairment assessment, which resulted in an estimated fair value of the Company's single reporting unit of $675.0 million. The estimated fair value of the reporting unit was below its carrying value of $1,373.7 million.

The Predecessor recognized no goodwill impairment charges for the period Predecessor Period.

Interest Expense, Net

Successor

Predecessor

(dollars in thousands)

Year Ended January 31, 2024

August 4, 2022 to

January 31, 2023

February 1, 2022 to

August 3, 2022

Interest expense, net

Interest expense was $15.2 million for the year ended January 31, 2024. Interest expense was primarily consisted of $14.2 million for payment-in-kind interest at an annual rate of 8.75% on the Company's Convertible Notes, $2.1 million for variable and fixed rate interest on the Company's term loans, partially offset by $(1.2) million of interest income earned on the Company's cash balances.

Interest expense was $7.9 million for the Successor Period. Interest expense was primarily consisted of $6.6 million for payment-in-kind interest at an annual rate of 8.75% on the Company's Convertible Notes and $1.1 million for a prepayment penalty associated with the repayment of the Predecessor's notes payable to Orix Growth Capital, LLC.

Interest expense was $3.0 million for the period February 1, 2022, to August 3, 2022. Interest expense was primarily consisted of interest payments for the Predecessor's credit agreements with Stifel Bank and Orix Growth Capital, LLC.

Change in the Fair Market Value of Purchase Consideration Liability

Successor

Predecessor

(dollars in thousands)

Year Ended January 31, 2024

August 4, 2022 to January 31, 2023

February 1, 2022 to

August 3, 2022

Change in fair value of purchase consideration liability

The change in the fair market value of the Purchase Consideration Liability was a gain of $2.5 million for the year ended January 31, 2024. The decrease in the fair market value of the Purchase Consideration liability was primarily driven by the decrease in the public trading price of the Company's Common Stock from April 21, 2023, to January 31, 2024.

There was no gain or loss recognized for change in fair market value of the Purchase Consideration liability for the Successor period or the Predecessor Period, as the liability was initially recognized as part of the completion of the LookingGlass Acquisition on April 21, 2023.

Change in the Fair Market Value of Sponsor Earnout Shares

Successor

Predecessor

(dollars in thousands)

Year Ended January 31, 2024

August 4, 2022 to January 31, 2023

February 1, 2022 to

August 3, 2022

Change in fair value of sponsor earnout shares

The change in the fair market value of the Sponsor Earnout Shares was a gain of $2.1 million. The reduction in the fair market value of the Sponsor Earnout Shares liability was primarily driven by the reduction in the public trading price of the Company's Common Stock from February 1, 2023, to January 31, 2024.

The change in the fair market value of the Sponsor Earnout Shares was a gain of $9.6 million. The gain was due to the recognition of the initial Sponsor Earnout Shares liability of $12.1 million as part of the Business Combination and thus, no recognition of loss in the Company's Successor Period and the mark-to-market adjustment of $(9.6) million, reducing the liability to its January 31, 2023, fair value of $2.5 million. The reduction in the fair market value of the Sponsor Earnout Shares liability was primarily driven by the reduction in the public trading price of the Company's Common Stock from August 3, 2022, to January 31, 2023.

There was no gain or loss recognized for change in fair market value of the Sponsor Earnout Shares for the Predecessor Period, as the liability for the Sponsor Earnout Shares was only recognized as part of the completion of the Business Combination on August 3, 2022.

Change in the Fair Market Value of Warrants

Successor

Predecessor

(dollars in thousands)

Year Ended January 31, 2024

August 4, 2022 to January 31, 2023

February 1, 2022 to

August 3, 2022

Change in fair value of warrant liability

The change in fair market value of warrants was a loss of $(0.3) million for the year ended January 31, 2024. The loss was due to a $(2.8) million loss on fair value of warrants that was recorded to adjust the settlement of warrants, partially offset by the change in fair value of the Company's Public Warrants and Private Warrants. The warrant liabilities were recorded at a fair value of $2.6 million as of January 31, 2023. The Company recorded a mark to market gain of $2.5 million reducing the liability to a fair value of $0.2 million as of January 31, 2024. The reduction in the fair value of the Company's warrant liabilities was driven by the reduction in the price of the Company's Public Warrants from February 1, 2023, to January 31, 2024. The Company's Private Warrants are economically similar to the Public Warrants and as such, use the price of the Company's Public Warrants as an indicator of fair value.

The change in fair market value of warrants was a gain of $5.4 million for the Successor Period. The gain was due to the change in fair value of the Company's Public Warrants and Private Warrants. The liability for the Company's Public Warrants and Private Warrants was recorded at fair value as of August 3, 2022, a balance of $7.9 million. The Company recorded a mark to market adjustment of $(5.4) million reducing the liability to its January 31, 2023, fair value of $2.6 million. The reduction in the fair value of the Company's warrant liability was driven by the reduction in the public trading price for the Company's Publicly Warrants from August 3, 2022, to January 31, 2023. The Company's Private Warrants are economically similar to the Public Warrants and as such, use the price of the Company's Publicly Warrants price as an indicator of fair value.

The change in fair market value of warrants was a loss of $(2.1) million for the Predecessor Period. The loss recognized during the Predecessor Period, reflected the increase in the estimated fair value of the Predecessor's common stock.

Provision for Income Taxes

Successor

Predecessor

(dollars in thousands)

Year Ended January 31, 2024

August 4, 2022 to January 31, 2023

February 1, 2022 to

August 3, 2022

(Benefit from) provision for income taxes

The benefit from income taxes was $7.7 million for the year ended January 31, 2024. The benefit was primarily due to the impact of pre-tax losses and the reduction of deferred tax liabilities associated with the amortization of intangible assets with no tax basis acquired through the Business Combination, partially offset by the impairment of non-deductible goodwill.

The benefit from income taxes was $10.5 million for the Successor Period. The benefit was primarily due to the impact of pre-tax losses and the reduction of deferred tax liabilities associated with the amortization of intangible assets with no tax basis acquired through the Business Combination, partially offset by the impairment of non-deductible goodwill.

Due to the sustained net losses, the Predecessor had recorded a full valuation allowance against all its deferred tax assets during the Predecessor Period. The provision for income taxes during the period Predecessor Period was related to income taxes of our foreign subsidiaries.

Critical Accounting Estimates

Our management’s discussion and analysis of financial condition and results of operations is based upon our financial statements and notes to our financial statements, which were prepared in accordance with US GAAP. The preparation of the financial statements requires management to make estimates and assumptions that affect the amounts reported in the financial statements and accompanying notes. Our management evaluates our estimates on an ongoing basis, including those related to the allowance for doubtful accounts, the carrying value and useful lives of long-lived assets, the fair value of financial instruments, the recognition and disclosure of contingent liabilities, income taxes, and stock-based compensation. We base our estimates and judgments on our historical experience, knowledge of factors affecting our business and our belief as to what could occur in the future considering available information and assumptions that are believed to be reasonable under the circumstances.

The accounting estimates we use in the preparation of our financial statements will change as new events occur, more experience is acquired, additional information is obtained, and our operating environment changes. Changes in estimates are made when circumstances warrant. Such changes in estimates and refinements in estimation methodologies are reflected in our reported results of operations and, if material, the effects of changes in estimates are disclosed in the notes to our financial statements. By their nature, these estimates and judgments are subject to an inherent degree of uncertainty and actual results could differ materially from the amounts reported based on these estimates.

The critical accounting estimates, assumptions, and judgments that we believe have the most significant impact on our consolidated financial statements are described below.

Revenue Recognition

Description

We recognize revenue in accordance with ASC 606, Revenue from Contracts with Customers . Revenue is recognized when a customer obtains control of promised services in an amount that reflects the consideration we expect to be entitled to receive in exchange for those services. In recognizing revenue, we apply the following five steps:

Identify contracts with customers,

Identify the performance obligations in the contract,

Determine the transaction price,

Allocate the transaction price to performance obligations in the contract, and

Recognize revenue when or as performance obligations are satisfied.

Judgments and Uncertainties

We apply judgment in determining the customer’s ability and intent to pay, including the customer’s historical payment experience or credit and financial information pertaining to the customer.

Our contracts may contain multiple performance obligations which are accounted for separately if they are capable of being distinct or are distinct in the context of the contract. Contracts with multiple performance obligations require an allocation of the transaction price to each performance obligation based on the stand-alone selling price (SSP) of each performance obligation, using the relative selling price method of allocation. We apply judgment in determining SSP for our performance obligations utilizing our observable standalone sales, sales of bundled items when standalone sales are not available, and our overall pricing methodology. Relative changes in SSP estimates between performance obligations which have different patterns of recognition, point-in-time versus over time, can impact the amount of revenue we recognize in a period.

Subscription revenue: Subscription revenue consists of revenue from subscriptions to access our Platform together with related data and support service offerings. Revenue is recognized over time on a ratable basis over the contract term beginning on the date that our service is made available to the customer. Customers have the option to purchase additional subscription and support services at a stated price. These options do not represent an additional performance obligation that would require an allocation of the transaction price.

Services revenue, breach services: The typical breach services arrangement includes two performance obligations: notification and combined call center and identity protection services. The notification and combined call center and identity protection services are considered distinct performance obligations. Revenue is allocated to each performance obligation based on the SSP of each, using the relative selling price method of allocation. We apply judgment in determining SSP for our performance obligations utilizing our observable standalone sales, sales of bundled items when standalone sales are not available, and our overall pricing methodology. Revenue for the notification performance obligation is recognized when the notifications are sent and the identity protection service is recognized over the service period, which is typically 15 months. At inception of the contract, there is an element of variable consideration related to our estimate of the enrollment in the identify protection services call center as the actual amount is unknown until completion of the call center term.

Services revenue, all other: All of our services are considered distinct performance obligations when sold on a stand-alone basis. Revenue is generally recognized at the point in time when the professional service is delivered.

Sensitivity of Estimate to Change

We do not expect relative SSP estimates to change materially period to period.

Services revenue accounted for 62% of total revenue for the year ended January 31, 2024. Most breach services arrangements include performance obligations satisfied at both a point-in-time and over time. An assumed 10% relative shift in SSP estimates to point-in-time performance obligations versus over time would not cause a material increase in revenue for the year ended January 31, 2024.

Subscription revenue accounted for 38% of total revenue for the year ended January 31, 2024. Some customer arrangements include both subscription performance obligations that are satisfied over time and service-related performance obligations that are satisfied at a point-in-time. An assumed 10% relative shift in SSP estimates to point-in-time performance obligations versus over time would cause revenue to increase by less than $5.0 million for the year ended January 31, 2024.

Deferred Contract Acquisition Costs

Description

Contract acquisition costs are related to sales commissions earned, which represent incremental costs to obtain a contract. We amortize the initial commissions over the longer of the customer relationship or over the same period as the initial revenue arrangement to which these costs relate.

Judgments and Uncertainties

The critical accounting estimate for deferred contract acquisition costs is the amortizable life of the asset. We have estimated the period of benefit for new customer relationships to be 3 years. Management monitors trends in customer attrition and the typical term of service arrangements to determine if the estimated amortizable life estimate should be updated.

Sensitivity of Estimate to Change

We do not expect the useful life estimate to deviate materially period to period. The decrease to amortization expense for the change of one year to the estimated life of our customer relationships would be approximately $3.8 million year ended January 31, 2024.

Stock-Based Compensation

Description

We account for stock-based compensation in accordance with ASC 718, Compensation—Stock Compensation . ASC 718 requires that the cost of awards of equity instruments offered in exchange for employee services, including employee stock options and restricted stock unit awards (RSUs), be measured based on the grant-date fair value of the award. We determine the fair value of options granted using the Black-Scholes model, which requires the input of subjective assumptions. We recognize the fair value of stock option awards, net of estimated forfeitures, over the period which an employee is required to provide service in exchange for the award, generally the vesting period. The fair value of restricted stock unit awards is based on the closing price of our Common Stock on the date of grant. We recognize the fair value of restricted stock unit awards, net of estimated forfeitures, as expense over the requisite service period of the awards.

Judgments and Uncertainties

The critical accounting estimates related to stock-based compensation are the assumptions utilized in the Black-Scholes valuation model and our estimate of award forfeitures.

The assumptions used by management in the Black-Scholes model are as follows:

Fair value of common stock. Our Common Stock is publicly traded under the ticker "ZFOX". We use the closing price of our Common Stock on the date of grant.

Expected term. The expected term represents the period of time that options granted are expected to remain unexercised. We calculate the expected term using the simplified method, which equals the midpoint of the options’ vesting term and contractual period.

Expected Volatility. As our Common Stock has been publicly traded only for a short time, we estimate the expected volatility based on historical volatilities of comparable public traded companies. The Company expects to continue to use this methodology until such time as the Company’s Common Stock has a sufficient amount of historical data to reasonably calculate the volatility of the Company’s Stock.

Risk-free interest rate. We use the U.S. Treasury yield for a period that corresponds to the expected term of the award.

Dividend yield. We do not currently issue dividends and do not expect to issue dividends in the foreseeable future. Accordingly, our dividend yield is zero.

The Company estimates the rate of option forfeiture by monitoring the rate of employee turnover and average tenure at separation of employment.

Sensitivity of Estimate to Change

These estimates involve inherent uncertainties and the application of management’s judgment. If the Company had made different assumptions, the Company’s stock-based compensation expense and its net loss could have been materially different.

An increase in risk-free interest rate will reduce the estimated fair value of a stock option grant, while a decrease in these factors will have an opposite effect.

A decrease in volatility and expected term will decrease the estimated fair value of a stock option grant, while an increase in these factors will have an opposite effect. The Company utilizes a consistent group of peer companies unless one or more of those companies cease to be publicly traded or are no longer similar to the Company’s business. In cases where a peer group company is no longer able to be used, the Company identifies a replacement peer company for its volatility calculation. Once the Company's Common Stock has a sufficient, representative trading history on which to base a volatility factor estimate, we will change to an estimate based on the Company's Common Stock. We do not expect to change the volatility estimation methodology in the next twelve months. When we do change the method, it will apply to new stock-based awards on a prospective basis.

The Company does not expect to change the dividend yield assumption in the near future.

A decrease in the Company’s estimate of option forfeiture will increase the amount of stock option expense recognized in a period while an increase will have the opposite effect.

Business Combinations

Description

We account for the acquisition of a business using the acquisition method of accounting, which requires us to estimate the fair values of the tangible and intangible assets acquired and liabilities assumed. When determining the fair value of assets acquired and liabilities assumed, we make estimates and assumptions, especially with respect to intangible assets such as identified acquired technology and customer relationships. We generally determine the fair value of acquired technology using the relief from royalty method. We determine the fair value of customer relationships using the multi-period excess earnings method, a form of the income approach.

Significant changes in assumptions and estimates subsequent to completing the allocation of the purchase price to the assets and liabilities acquired, as well as differences in actual and estimated results, could result in material impacts to our financial results. Additional information related to the acquisition date fair value of acquired assets and liabilities obtained during the allocation period, not to exceed one year, may result in changes to the recorded values of acquired assets and liabilities, resulting in an offsetting adjustment to the goodwill associated with the business acquired.

Judgments and Uncertainties

Estimates in valuing identifiable intangible assets include, but are not limited to, the selection of valuation methodologies, future expected cash flows, discount rates, and useful lives. Our estimate of fair value is based on assumptions we believe to be reasonable, but which are inherently uncertain and, as a result, actual results may differ from estimates.

Sensitivity of Estimate to Change

Additional information related to the acquisition date fair value of acquired assets and liabilities obtained during the measurement period, not to exceed one year, may result in changes to the recorded values of acquired assets and liabilities. Offsetting adjustments are recorded to goodwill. Any adjustments made after the measurement period will be reflected in the Consolidated Statements of Operations.

The impact to our financial statements for a change of one year to the estimated lives our acquired intangible assets would be approximately $8.1 million for the year ended January 31, 2024.

Goodwill

The excess of the fair value of purchase consideration over the values of the identifiable assets acquired and liabilities assumed is recorded as goodwill. We perform our annual goodwill impairment assessment on November 1, or when an assessment of qualitative factors indicates an impairment may have occurred. The qualitative assessment includes an evaluation of events and circumstances including long-term growth projections, profitability, industry, market and macroeconomic conditions. The quantitative assessment includes an analysis that compares the fair value of a reporting unit to its carrying value including goodwill recorded by the reporting unit.

Judgments and Uncertainties

Management applies judgment to determine the number of reporting units and if circumstances or events indicate if an impairment may exist. We have determined that the Company operates as a single reporting unit. As such, we perform the impairment assessment for goodwill at the enterprise level.

We determine the fair value of our reporting unit using a combination of the income and market approaches. The results from each of these approaches are weighted appropriately taking into account the relevance and availability of data at the time we perform the valuation. The estimate of the fair value of the related reporting unit includes several judgments, each with inherent uncertainties such as projections of revenue growth rates, gross margin, and projected future cash flows of the reporting unit and the discount rate applied to those projected future cash flows.

The discount rate used in the income approach is based on our weighted-average cost of capital and may be adjusted for the relevant risks associated with business-specific characteristics and any uncertainty related to the reporting unit's ability to execute on the projected future cash flows. Under the market approach, the fair value is determined using certain financial metrics of publicly traded companies and historically completed transactions of comparable businesses. The selection of comparable businesses requires judgment and is based on the markets in which we operate giving consideration to, among other things, risk profiles, size, and geography. The market approach may also be limited in instances where there is a lack of recently executed transactions of comparable businesses.

Determining the fair value of our reporting unit requires judgment and the use of significant estimates and assumptions. Given the current competitive and macroeconomic environment and the uncertainties regarding the related impact on the business, there can be no assurance that the estimates and assumptions made for purposes of the Company’s interim and annual goodwill impairment tests will prove to be accurate predictions of the future. If the Company’s assumptions are not realized, the Company may record additional goodwill impairment charges in the future. It is not possible at this time to determine if any such future impairment charge would result or whether such charge would be material.

Sensitivity of Estimate to Change

As of October 31, 2023, the Company concluded that it was more likely than not that the estimated fair value of its reporting unit was less than its carrying value. Accordingly, in connection with its annual test as of November 1, 2023, the Company completed an annual goodwill impairment assessment. Based on our quantitative assessment the Company determined the fair value of the Company's single reporting unit as of October 31, 2023, was $572.7 million. As this amount was less than the reporting unit's carrying value of $644.8 million, we recorded a goodwill impairment charge of $72.1 million. The Company performed an interim goodwill impairment assessment as of January 31, 2024. The Company's estimate of the fair value of its single reporting unit of $348.1 million that was based on the enterprise value implied by Haveli Merger Agreement (see Note 18), was below the carrying value of the reporting unit of $560.2 million as of January 31, 2024. Accordingly, we recorded a goodwill impairment charge of $212.1 million.

Liquidity and Capital Resources

We have financed operations primarily through the sale of equity securities, borrowings under various security and loan agreements, and payments from customers. Our operating losses have been significant, as reflected in our accumulated deficit of $1,111.0 million as of January 31, 2024.

We believe that our cash on hand and the expected future cash flows from operations will be sufficient to meet our cash requirements for at least the twelve months following the date of this annual report. We began generating positive cash flows from operations during the second quarter of fiscal year 2024 and we expect this momentum to continue through fiscal year 2025.

Additional future sources of liquidity may come from the issuance of additional debt, exercise of warrants, and/or the issuance of new shares of Common Stock. In the case of additional debt, we are permitted by the indenture governing the Convertible Notes to issue no more than $50.0 million of senior debt. If we raise funds by issuing debt securities, such debt securities would have rights, preferences and privileges senior to those of holders of our Common Stock. The terms of debt securities or borrowings could impose significant restrictions on our operations. For warrants, the Company will receive the proceeds from the cash exercise of any warrants. The aggregate proceeds of the exercise of all outstanding warrants, assuming cash exercise, would be $186.6 million. We believe the likelihood that warrant holders will exercise their warrants, and therefore the amount of cash proceeds that we would receive, is dependent upon the market price of our Common Stock. On March 13, 2024, the last reported sales price of our Common Stock on the Nasdaq Global Market was $1.11 per share. If the market price for our Common Stock is less than $11.50 per share, we believe the warrant holders will be unlikely to exercise their warrants. We may issue additional shares of our Common Stock or other equity securities of equal or senior rank in the future for investment or operational purposes. If we issue additional shares of Common Stock, dilution to our public shareholders may occur and the market price for our Common Stock may decrease and/or become more volatile. The amount, timing, and mix (be it debt or equity) of future amounts of liquidity will depend upon the judgment of management, the market price of our Common Stock, and prevailing interest rates, among other factors.

Future capital requirements will depend on many factors including, but not limited to, cash collected from customers, additional borrowing, acceleration of sales and marketing costs to facilitate revenue expansion, and the continued adoption of our subscription products. We may be required to seek additional equity or debt financing. In the event that additional financing is required from outside sources, we may not be able to raise it on terms acceptable to us or at all. If we are unable to raise additional capital when desired, our business, financial condition and results of operations would be harmed. To support the growth of our business, we may need to incur additional indebtedness under our existing loan agreement or seek capital through new equity or debt financing, which sources of additional capital may not be available to us on acceptable terms or at all.

Cash Flows

The following table presents a summary of our cash flows for the year ended January 31, 2024:

(dollars in thousands)

Year Ended January 31, 2024

Cash, cash equivalents, and restricted cash at beginning of period

Net cash used in operating activities

Net cash used in investing activities

Net cash used in financing activities

Foreign exchange translation adjustments

Cash, cash equivalents, and restricted cash at end of period

Operating Activities

Our largest source of cash is payments from customers. Our primary uses of cash stem from personnel-related expense, third-party hosting expense, data source expense, and overhead expense, which is primarily comprised of IT support, facilities, and insurance expense. Cash used in operating activities primarily consists of our net losses from operations adjusted for non-cash expenses, including stock-based compensation expense, depreciation and amortization expense, goodwill impairment charges, and changes in period operating assets and liabilities.

Cash used in operating activities was $(12.0) million for the year ended January 31, 2024. The cash used in operating activities consisted of our net loss of $(356.3) million adjusted by non-cash reconciling items of $343.2 million and net cash outflows from changes in operating assets and liabilities of $0.5 million, primarily due to an increase in deferred revenue of $22.0 million, partially offset by an increase in deferred contract acquisition costs of $(6.9) million, an increase in accounts receivable of $(6.2) million, a decrease in accounts payable, accrued compensation, accrued expenses and other current liabilities of $(3.9) million, an increase in prepaid expense and other assets of $(2.0) million, and a decrease in operating lease liabilities of $(1.9) million.

Investing Activities

Cash used in investing activities was $(8.7) million for the year ended January 31, 2024. The cash used in investing activities primarily consisted of the net purchase price paid to complete the acquisition of LookingGlass of $(7.9) million, purchases of property and equipment of $(0.6) million, and $(0.2) million of capitalized software development costs.

Financing Activities

Cash provided by financing activities was $6.8 million for the year ended January 31, 2024. The cash provided by financing activities primarily consisted of the net proceeds from the amendment of the Stifel Note of $7.4 million, proceeds from the exercises of stock options of $0.3 million, partially offset by payments on the InfoArmor notes of $(0.9) million.

Debt Obligations

The following table presents a summary of our debt obligations as of January 31, 2024:

As of January 31, 2024

(dollars in thousands)

Stated

Interest Rate

Gross

Balance

Unamortized

Debt Discount

Unamortized

Deferred

Debt Issuance

Costs

Net

Carrying

Value

Stifel Bank

InfoArmor

Convertible notes

7.00% Cash / 8.75% PIK

Alsop Louie Convertible Note

Current portion of long-term debt

Long-term debt

Material Cash Requirements

Our material cash requirements are associated with repayment of debt and obligations associated with non-cancelable contracts for the purchase of goods and third-party services and operating leases. We expect to satisfy these cash requirements through the cash available on our balance sheet.

The following table summarizes current and long-term material cash requirements as of January 31, 2024:

As of January 31, 2024

(dollars in thousands)

Thereafter

Less than 1 year

1-3 years

3-5 years

Total

Operating leases (1)

Purchase commitments (2)

Debt repayments

Total

(1) Relates to our office facilities.

(2) Relates to our non-cancelable purchase commitments to purchase products and services entered into in the normal course of business.

Non-GAAP Financial Measures

In addition to our results determined in accordance with US GAAP, we believe the following non-GAAP measures are useful in evaluating our operating performance. We use the following non-GAAP financial information to evaluate our ongoing operations and for internal planning and forecasting purposes. We believe that non-GAAP financial information, when taken collectively, may be helpful to investors because it provides consistency and comparability with past financial performance by excluding certain items that may not be indicative of our business, results of operations, or outlook. However, non-GAAP financial information is presented for supplemental informational purposes only, has limitations as an analytical tool, and should not be considered in isolation or as a substitute for financial information presented in accordance with US GAAP.

Other companies, including companies in our industry, may calculate similarly titled non-GAAP measures differently or may use other measures to evaluate their performance, all of which could reduce the usefulness of our non-GAAP financial measures as tools for comparison. In particular, free cash flow is not a substitute for cash used in operating activities. Additionally, the utility of free cash flow as a measure of our liquidity is limited as it does not represent the total increase or decrease in our cash balance for a given period.

Below, we have provided a reconciliation for each non-GAAP financial measure to the most directly comparable financial measure stated in accordance with GAAP. Investors are encouraged to review the related GAAP financial measures and the reconciliation of these non-GAAP financial measures to their most directly comparable GAAP financial measures and not rely on any single financial measure to evaluate our business.

Non-GAAP Gross Profit and Non-GAAP Gross Margin

We believe non-GAAP gross profit and non-GAAP gross margin provide our management and investors consistency and comparability with our past financial performance and facilitate period-to-period comparisons of operations, as these measures eliminate the effects of certain variables unrelated to our overall operating performance.

Non-GAAP Gross Profit and Non-GAAP Gross Margin

We define non-GAAP gross profit and non-GAAP gross margin as US GAAP gross profit and US GAAP gross margin, respectively, excluding stock-based compensation expense and amortization of acquired intangible assets.

The following table provides a reconciliation of our US GAAP gross profit to our non-GAAP gross profit and of our US GAAP gross margin to our non-GAAP gross margin, for the year ended January 31, 2024:

(dollars in thousands)

Year ended January 31, 2024

Revenue

Gross profit

Add: Stock-based compensation expense

Add: Amortization of acquired intangible assets

Non-GAAP gross profit

Gross margin

Non-GAAP gross margin

Subscription Non-GAAP Gross Profit and Non-GAAP Gross Margin

We define subscription non-GAAP gross profit and subscription non-GAAP gross margin as US GAAP subscription gross profit and US GAAP subscription gross margin, respectively, excluding stock-based compensation expense and amortization of acquired intangible assets.

The following table provides a reconciliation of our US GAAP subscription gross profit to our non-GAAP subscription gross profit and of our US GAAP subscription gross margin to our non-GAAP subscription gross margin, for the year ended January 31, 2024:

(dollars in thousands)

Year ended January 31, 2024

Subscription revenue

Subscription gross profit

Add: Stock-based compensation expense

Add: Amortization of acquired intangible assets

Non-GAAP subscription gross profit

Subscription gross margin

Non-GAAP subscription gross margin

Services Non-GAAP Gross Profit and Non-GAAP Gross Margin

We define services non-GAAP gross profit and services non-GAAP gross margin as US GAAP services gross profit and US GAAP services gross margin, respectively, excluding stock-based compensation expense. There is no amortization of intangible assets expenses recorded in services US GAAP gross profit and therefore, no exclusion is necessary.

The following table provides a reconciliation of our US GAAP services gross profit to our non-GAAP services gross profit and of our US GAAP services gross margin to our non-GAAP services gross margin, for the year ended January 31, 2024:

(dollars in thousands)

Year ended January 31, 2024

Services revenue

Services gross profit

Add: Stock-based compensation expense

Non-GAAP services gross profit

Services gross margin

Non-GAAP services gross margin

Non-GAAP Loss from Operations

We define non-GAAP loss from operations as US GAAP net loss from operations, excluding stock-based compensation expense, amortization of acquired intangible assets, costs incurred for the Business Combination, purchase accounting adjustments from the Business Combination, and goodwill impairment charges. We believe non-GAAP loss from operations provides our management and investors consistency and comparability with our past financial performance and facilitates period-to-period comparisons of operations as these measures eliminate the effects of certain variables unrelated to our overall operating performance.

The following table provides a reconciliation of our US GAAP net loss from operations to our non-GAAP loss from operations, for the year ended January 31, 2024:

(dollars in thousands)

Year ended January 31, 2024

Loss from operations

Add: Stock-based compensation expense

Add: Amortization of acquired intangible assets

Add: De-Spac adjustment

Add: Goodwill impairment

Non-GAAP loss from operations

Free Cash Flow

We define free cash flow as net cash used in operating activities less purchases of property and equipment and capitalized internal-use software. We believe that free cash flow is a useful indicator of liquidity that provides meaningful information to management and investors about the amount of cash provided by our operating activities that is available to be used for other strategic initiatives or consumed by our operating activities. Free cash flow does not represent the total increase or decrease in our cash balance for a given period and does not reflect our future contractual commitments. In addition, other companies may calculate free cash flow differently or not at all, which reduces the usefulness of free cash flow as a tool for comparison.

The following table presents a reconciliation of net cash used in operating activities to free cash flow for the year ended January 31, 2024:

(dollars in thousands)

Year ended January 31, 2024

Net cash used in operating activities

Less: Purchases of property and equipment

Less: Capitalized software

Free cash flow

MANAGEMENT'S DISCUSSION AND ANALYSIS OF FINANCIAL CONDITION AND RESULTS OF OPERATIONS OF ID EXPERTS HOLDINGS, INC.

The following discussion and analysis of ID Experts Holdings, Inc. (IDX) financial condition and results of operations should be read in conjunction with its Consolidated Financial Statements and related notes included elsewhere in this Annual Report on Form 10-K.

Overview

IDX was founded in 2003 with a mission to address the growing threat from data breaches and resulting identity theft and fraud. IDX created a software and services platform to help protect individuals from data breaches and resulting identity crime and to remediate the negative effects of such breaches.

As organizations began to experience cybersecurity breaches of growing frequency and severity, IDX expanded its offerings by providing organizations with data breach response services that leveraged IDX’s identity protection offerings for individuals. As new laws and regulations were passed that required breach notification and protections for affected individuals, the IDX business grew to serve both governmental and commercial entities of varied sizes.

The Business

IDX believes it has a leading position in the United States by revenue as a provider of data breach response services, and associated identity and privacy protection services, to both government and commercial entities. IDX acquires new customers for its data breach services through cyber insurers and their approved privacy attorneys. IDX services are often pre-approved through direct relationships with organizations that have entered into master services agreements (MSA) for current and future services, as well as through government channels as a result of approved listings with the General Services Administration (GSA) for federal agencies and the National Association of State Procurement Officials (NASPO) for state and local agencies.

IDX provides identity and privacy protection services through its proprietary, cloud-native platform for the protection of individuals impacted by data breaches, as well as through other channels, for proactively addressing the risks associated with privacy and identity risks to the affected individuals and the breached organization. The IDX platform was designed to improve scalability and usability, while concurrently supporting rapid development of new capabilities, and compliance with increasingly rigorous security standards based on the National Institute of Standards and Technology (NIST) Special Publication 800-53 Rev 4. Typically, IDX evaluates its own security controls, and in some cases contracts testing to third parties as part of yearly FISMA security risk assessments, HIPAA security risk analysis for business associates, and SOC 2 type 2 certifications.

IDX has a substantial customer base for data breach services in the public sector. The largest component of revenue from the public sector results from a multiyear contract with the U.S. Office of Personnel Management (OPM), described below.

In 2015, OPM and the Department of Defense (DoD) awarded IDX a three-year, $330 million contract to provide identity protection and breach response services covering approximately 21.5 million current and former federal employees and contractors that were affected by the OPM data breach of background investigation records (OPM Contract). IDX believes winning this award resulted in further market validation, increased visibility, and enhanced reputation for IDX as a leading data breach response provider in the United States by revenue. Earning this award required IDX to comply with rigorous government security standards. IDX’s compliance performance combined with receiving “very good” and “excellent” Contractor Performance Assessment Reports (CPAR) ratings leave the IDX data breach response business well positioned to address large-scale data breaches.

IDX won a rebid of the contract with OPM and the DoD in 2018. The new contract is worth at least $460 million, assuming all option periods and the extension period are exercised, for the period ending June 30, 2024. The scope of the new contract is for IDX to provide identity protection services for certain employees and prospective employees of the U.S. Government affected by a breach of OPM systems. IDX believes the OPM Contract was and remains as of August 3, 2022, the largest data breach response arrangement in the history of such contracts in the United States. The award of this contract to IDX cemented it as a leading provider in the United States by revenue of data breach response services to both governmental and commercial entities. In addition, IDX is listed on the General Services Administration (GSA) SIN 520.20 for Data Breach Response and Identity Protection Services facilitating data breach response contracts with numerous other government agencies. A SIN is a Special Item Number that identifies products and services that GSA contract holders offer to government buyers. IDX benefits from having a SIN with GSA as it allows IDX to participate in more bid opportunities for providing Data Breach Response and Identity Protection Services.

The OPM Contract is structured as a Base Period from July 1, 2019, to June 30, 2020, followed by a series of options as follows: Option Period I from July 1, 2020, to June 30, 2021; Option Period II from July 1, 2021, to June 30, 2022; Option Period III from July 1, 2022, to June 30, 2023; and Option Period IV from July 1, 2023, to December 31, 2023. OPM has an option to extend the OPM Contract from January 1, 2024, to June 30, 2024, as well as an option to add a transition-out period beyond June 30, 2024. OPM has exercised Option Period I, Option Period II, and Option Period III. IDX plans to pursue the rebid of the OPM Contract in 2024 for an extension through 2027.

IDX generates the largest component of its commercial revenue from organizations that require response services for data breach incidents. The response services typically include notifications to individuals impacted by the breach; call center support; a customized webpage for providing information, privacy and identity protection software, and additional services to the affected population. In addition to revenue from data breach incident response services, IDX also provides identity and privacy services on a subscription basis to organizations, which they can offer as a benefit for their employees or customers.

Impact of COVID-19 On the Business

IDX operates in geographic locations that have been impacted by COVID-19. The pandemic has affected, and could further affect, IDX’s operations and the operations of its customers as a result of various factors, including but not limited to quarantines, local, state, and federal government public health orders, facility and business closures, and travel and logistics restrictions. IDX anticipates governments and businesses will likely take additional actions or extend existing actions to respond to the risks of the COVID-19 pandemic. IDX continues to actively monitor the impacts and potential impacts of the COVID-19 pandemic on IDX’s customers, supply chain, and operations. For further information, please see “Risk Factors—The COVID-19 pandemic could adversely affect our business, operating results, and financial condition” in this Annual Report.

IDX instituted a global work-from-home policy in March 2020 and to-date have not experienced significant disruptions as a result. IDX has not requested relief under the Coronavirus Aid, Relief, and Economic Security Act, and it therefore had no effect on its financial statements.

Key Factors Affecting Performance

New customer acquisition

IDX believes that its future growth depends in part on its ability to acquire new customers for its data breach services and identity protection membership services to its strategic partners’ members, employer groups’ employees, and individual customers. IDX has sourced a significant proportion of new data breach services customers as a result of relationships with cyber insurers. IDX makes on-going investments in developing and maintaining these relationships, as well as relationships with privacy attorneys that represent many of their cyber insurers. Additionally, IDX invests in direct marketing to prospective customers for data breach services, as well as IDX’s identity and privacy membership services for employee benefits and strategic partner customer protection.

Customer Retention

IDX’s revenue growth is fostered by its ability to retain customers that have an ongoing need for data breach response services. IDX maintains its relationship with its customers after the conclusion of the data breach response by cross-selling membership services to its customers affected stakeholders, which are typically our customers’ employees or their own customers. IDX has multi-year contracts with some government entities, including the OPM Contract. The possible retention and renewal of the OPM Contract may also be a factor in maintaining revenue growth.

Investing in Business Growth

IDX also invests in initiatives to support the growth of its business. IDX’s research and development organization, composed of employees and contractors, uses an agile development philosophy in an effort to enhance its existing identity and privacy platform while adding new features and products, usability enhancements, customer integrations and APIs, and security certifications. IDX’s sales and marketing teams invest in business growth through channel expansion with dedicated sales teams and associated marketing demand generation programs.

IDX also invests in the growth of its business with government entities by building relationships with consultants experienced in the government procurement process and maintenance of its listings on relevant GSA schedules, as well as by investing in relationships with key government agency stakeholders and congressional representatives. IDX from time to time will work with consultants who specialize in government contract bidding strategies, provide advice on optimal maintenance and use of the U.S. Government GSA schedule, and provide strategic, relationship-building, and legislative affairs services with members of Congress and their staffs.

Key Business Metrics

IDX monitors the following key metrics to measure performance, identify trends, formulate business plans, and make strategic decisions.

Breach Revenue, Membership Services, and Total Revenue

The tables below present IDX’s key performance indicators for the periods indicated (in thousands):

January 1, 2022, to August 3, 2022

Breach revenue (1)

Membership services (1)

Total revenue

Breach customers (2)

Membership customers (2)

(1)  IDX defines breach revenue as revenue related to breach contracts, which typically have a term of 15 months (three-month call center period followed by 12 months of identity protection services) and are non-recurring. IDX defines membership services as recurring monthly and yearly ongoing identity and privacy services provided to strategic partners’ members and employer groups’ employees and retail customers.

(2)  IDX defines a breach customer as an agency or organization from which it has recognized breach revenue in a reporting period. IDX defines membership customers, in this instance, as strategic partners and employer groups receiving membership services (non-breach and non-retail customers).

Components of Results from Operations

Revenue

IDX recognizes revenue when control of the promised goods or services is transferred to the customer, in an amount that reflects the consideration IDX expects to be entitled to in exchange for its goods or services. For arrangements with multiple performance obligations, IDX allocates revenue to each performance obligation on a relative fair value basis based on management’s estimate of Stand-Alone Selling Price (SSP).

IDX’s breach services revenue consists of contracts with various combinations of notification, project management, communication services, and ongoing identity protection services. Performance periods generally range from one to three years. Payment terms are generally either thirty or sixty days throughout the term. Contracts do not contain significant financing components. IDX’s breach services contracts are structured as either fixed price or variable price. In fixed price contracts, IDX charges customers a fixed total price or fixed per-impacted individual price for the total package of services. For variable price breach services contracts, IDX charges the breach communications component, which includes notifications and call center support, at a fixed total fee and charges for ongoing identity protection services as incurred using a fixed price per enrollment. Refunds and related reserves have been insignificant historically.

IDX provides identity and privacy protection services memberships through its employer groups and strategic partners as well as directly to individual end-users through its website. Membership services consist of multiple bundled identity and privacy product offerings which provide members with ongoing identity protection services. For membership services, IDX recognizes revenue ratably over the service period, which is typically one year. Payments from employer groups and strategic partners are generally collected monthly and payments from end-users are collected up front.

IDX evaluates arrangements with governmental entities containing “fiscal funding” or “termination for convenience” provisions, when such provisions are required by law, to determine the probability of possible cancellation. IDX considers multiple factors including its history with the government entity in similar transactions and the budgeting and approval processes undertaken by the governmental entity. If IDX determines upon execution of these arrangements that the likelihood of cancellation is remote, it recognizes revenue for such arrangements once all relevant criteria have been met. If IDX cannot make such a determination, it recognizes revenue upon the earlier of cash receipt or approval of the applicable funding provision by the governmental entity for such arrangements.

Cost of Revenue

Cost of revenue consists of fees to outsourced service providers for credit monitoring, call center operation, notification mailing, insurance, other miscellaneous services, and internal labor costs. IDX expenses notification costs as fulfillment costs and recognizes those notification costs at a point in time. IDX capitalizes call center costs and amortizes the call center costs over time. IDX generally recognizes sales commissions, which are incremental costs to obtain contracts, ratably over the contractual period of the applicable agreement. IDX presents notification and call center costs within capitalized contract costs and recognizes the costs over the combined service and membership terms. IDX expenses the remainder of cost of services as incurred.

Gross Profit

Gross profit, calculated as total revenue less total cost of services, is affected by several factors including the timing of breach incidents; renewals from existing customers; costs associated with fulfilling contracts such as notification, call center, and monitoring costs; the extent to which IDX expands its customer support organization; and the extent to which IDX can negotiate any preferential pricing from its vendors. IDX’s services revenue and gross profit may fluctuate over time because of these factors.

Operating Expenses

Sales and Marketing

Sales and marketing expenses consist primarily of employee compensation and related expenses, including salaries, bonuses, and benefits for IDX’s sales and marketing employees; sales commissions that are recognized as expenses over the period of benefit; marketing programs; travel and entertainment expenses; and allocated overhead costs. IDX capitalizes its sales commissions and recognizes them as expenses over the estimated period of benefit.

General and Administrative

General and administrative costs consist primarily of salaries, stock-based compensation expenses, and benefits for personnel involved in IDX’s executive, finance, legal, human resources, and administrative functions; third-party services and fees; and overhead expenses. IDX expects that general and administrative expenses will increase in absolute dollars as IDX hires additional personnel and enhances its systems, processes, and controls to support the growth in IDX’s business as well as increased compliance and reporting requirements as a public company.

Research and Development

Research and development expenses consist primarily of personnel costs and contractor fees related to the bundling of other third-party software products that are offered as one combined package within IDX’s product offerings. Personnel costs include salaries, bonuses, stock-based compensation, and related employer-paid payroll taxes, as well as an allocation of facilities, benefits, and information technology costs. IDX expenses research and development costs as incurred.

Interest and Other Expense

Interest and other expense consist primarily of term loan interest expense and the amortization of warrant and loan fees, which are recorded as a reduction to debt.

Income Tax Expense (Benefit)

Income tax expense (benefit) consists of federal and state income taxes in the United States. IDX maintains a partial valuation allowance on its state net operating losses.

Results of Operations

Results for the Period January 1, 2022, to August 3, 2022

This section describes the results of IDX for the period January 1, 2022, to August 3, 2022.

The following table sets forth the Consolidated Statements of Income in dollar amounts and as a percentage of total revenue (dollars in thousands):

January 1, 2022, to August 3, 2022

Percentage of Revenue

Revenue

Cost of revenue

Gross profit

Operating expenses:

Research and development

Sales and marketing

General and administrative

Total operating expenses

Income from operations

Total other expense

Loss before income taxes

Income tax expense

Net loss after tax

Revenue

Revenue was $66.8 million for the six months ended period January 1, 2022, to August 3, 2022.

Cost of Revenue

Cost of revenue was $52.3 million for the period January 1, 2022, to August 3, 2022.

Gross Profit

Gross profit and gross profit margin for the period January 1, 2022, to August 3, 2022, were $14.5 million and 22%, respectively.

Operating Expenses

(in thousands)

July 1, 2022, to

August 3, 2022

Research and development

Sales and marketing

General and administrative

Total operating expenses

Research and Development

Research and development expense was $3.3 million for the period January 1, 2022, to August 3, 2022.

Sales and Marketing

Sales and marketing expense was $4.6 million for the period January 1, 2022, to August 3, 2022.

General and Administrative

General and administrative expense was $5.8 million for the period January 1, 2022, to August 3, 2022.

Total Other Expense

Total other expense was $1.0 million for the period January 1, 2022, to August 3, 2022.

Provision for Income Taxes

Income tax benefit was $0.7 million for the period January 1, 2022, to August 3, 2022.

Cash Flows

The following table summarizes IDX’s cash flows:

(in thousands)

January 1, 2022, to

August 3, 2022

Net cash used in operating activities

Net cash used in investing activities

Net cash used in financing activities

Operating Activities

Net cash used in operating activities during the period January 1, 2022, to August 3, 2022, was $(1.3) million. IDX’s net loss of $0.9 million for the period January 1, 2022, to August 3, 2022, was adjusted for net non-cash charges of $(0.7) million and net cash inflows of $0.3 million from changes in operating assets and liabilities. Changes in working capital amounts resulted primarily from an increase in accounts receivable of $1.8 million an increase in capitalized contract costs of $(0.9) million, partially offset by an increase in accrued expenses and other liabilities of $1.8 million and an increase in deferred revenue of $1.2 million.

Investing Activities

Net cash used in investing activities for the period January 1, 2022, to August 3, 2022, was insignificant. These cash outflows were for purchases of property and equipment.

Financing Activities

Net cash used in financing activities for the period January 1, 2022, to August 3, 2022, was $(0.4) million. Net cash used in financing activities was comprised of principal payments in the amount of $(0.6) million, partially offset by cash provided by warrant and option exercises of $0.2 million.

Contractual Obligations

IDX has entered into a non-cancelable purchase commitment of $59.0 million related to twelve months of outsourced credit and other monitoring services provided to IDX’s largest customer as of August 3, 2022.

The following table summarizes IDX’s contractual obligations and commitments as of August 3, 2022, (in thousands):

Total

Less than 1 year

1-3 years

Operating leases

Purchase commitments

Total

Off-Balance Sheet Arrangements

Leases

Rental payments under operating leases are recognized on a straight-line basis over the term of the lease, which includes any periods of free rent. Rental expense for operating leases was $0.2 million for the period January 1, 2022, to August 3, 2022.

IDX executed the Fifth Amendment to its office lease on October 9, 2020. This amendment was for two years and two months commencing on January 1, 2021, and ending February 28, 2023. IDX’s landlord provided an abatement for January 1, 2021, through February 28, 2021, as part of its lease renewal.

Future minimum lease payments under non-cancelable operating leases (with initial or remaining lease terms in excess of one year) as of August 3, 2022, are (in thousands):

Operating Leases

Fiscal Year:

2022 (remaining quarters)

Total minimum lease payments

Critical Accounting Policies and Estimates

IDX’s financial statements are prepared in accordance with U.S. GAAP. The preparation of these financial statements requires IDX to make estimates and assumptions that affect the reported amounts of assets, liabilities, revenue, and expenses, as well as related disclosures. IDX evaluates its estimates and assumptions on an ongoing basis. Estimates are based on historical experience and various other assumptions that IDX believes to be reasonable under the circumstances. Actual results could differ from these estimates. The critical accounting policies, assumptions, and judgments that IDX believes have the most significant impact on the IDX Consolidated Financial Statements are described below.

Revenue Recognition

Revenue is derived from sales of breach response services and identity and privacy protection services. IDX satisfies performance obligations to recognize revenue for two performance obligations, one at a point in time and the other ratably over the expected term with the customer.

Revenue is recognized when all of the following criteria are met:

Identification of the contract, or contracts, with a customer —A contract with a customer to account for exists when (i) IDX enters into an enforceable contract with a customer that defines each party’s rights regarding the goods or services to be transferred and identifies the payment terms related to these goods or services, (ii) the contract has commercial substance and the parties are committed to perform, and (iii) IDX determines that collection of substantially all consideration to which it will be entitled in exchange for goods or services that will be transferred is probable based on the customer’s intent and ability to pay the promised consideration.

Identification of the performance obligations in the contract —Performance obligations promised in a contract are identified based on the services that will be transferred to the customer that are both capable of being distinct, whereby the customer can benefit from the service either on its own or together with other resources that are readily available from third parties or from us, and are distinct in the context of the contract, whereby the transfer of the goods or services is separately identifiable from other promises in the contract. To the extent a contract includes multiple promised goods or services, IDX applies judgment to determine whether promised goods or services are capable of being distinct and distinct in the context of the contract. If these criteria are not met the promised goods or services are accounted for as a combined performance obligation.

Determination of the transaction price —The transaction price is determined based on the consideration to which IDX will be entitled in exchange for transferring goods or services to the customer.

Allocation of the transaction price to the performance obligations in the contract —IDX allocates the transaction price to each performance obligation based on the amount of consideration expected to be received in exchange for transferring goods and services to the customer. IDX allocates the transaction price by using an estimated selling price for services provided to determine which portion of its contracts’ total transaction price should be recognized at a point-in-time and which portion should be recognized over-time. If the contract contains a single performance obligation, the entire transaction price is allocated to the single performance obligation on a relative standalone selling price based on the observable selling price of products and services.

Recognition of revenue when, or as, IDX satisfies performance obligations —IDX satisfies performance obligations either over time or at a point in time as discussed in further detail below. Revenue is recognized at or over the time the related performance obligation is satisfied by transferring a promised good or service to a customer.

Significant Judgments

Significant judgments and estimates are required under ASC 606. Due to the complexity of certain contracts, the actual revenue recognition treatment required under ASC 606 for IDX’s arrangements may be dependent on contract-specific terms and may vary in some instances. IDX’s contracts with customers often include promises to transfer multiple services, including project management services, notification services, call center services, and identity protection services. Determining whether services are distinct performance obligations that should be accounted for separately requires significant judgment.

IDX is required to estimate the total consideration expected to be received from contracts with customers, including any variable consideration. Once the estimated transaction price is established, amounts are allocated to performance obligations on a relative SSP basis. IDX’s breach business derives revenue from two main performance obligations: (i) notification and (ii) combined call center and identity protection services, as described further in Note 2 to the IDX Consolidated Financial Statements included in this Annual Report.

At contract inception, IDX assesses the products and services promised in the contract to identify each performance obligation and evaluate whether the performance obligations are capable of being distinct and are distinct within the context of the contract. Performance obligations that are not both capable of being distinct and distinct within the context of the contract are combined and treated as a single performance obligation in determining the allocation and recognition of revenue. Determining whether products and services are considered distinct performance obligations requires significant judgment. In determining whether products and services are considered distinct performance obligations, IDX assesses whether the customer can benefit from the products and services on their own or together with other readily available resources and whether our promise to transfer the product or service to the customer is separately identifiable from other promises in the contract.

Judgment is required to determine the SSP for each distinct performance obligation. IDX rarely sells its individual breach services on a standalone basis, and accordingly, IDX is required to estimate the range of SSPs for each performance obligation. In instances where the SSP is not directly observable because IDX does not sell the service separately, IDX reviews information that includes historical discounting practices, market conditions, cost-plus analyses, and other observable inputs to determine an appropriate SSP. IDX typically has more than one SSP for individual performance obligations due to the stratification of those items by classes of customers, size of breach, and other circumstances. In these instances, IDX may use other available information such as service inclusions or exclusions, customizations to notifications, or varying lengths of call center or identity protection services in determining the SSP.

If a group of agreements are so closely related to each other that they are, in effect, part of a single arrangement, such agreements are deemed to be one arrangement for revenue recognition purposes. IDX exercises judgment to evaluate the relevant facts and circumstances in determining whether the separate agreements should be accounted for separately or as, in substance, a single arrangement. IDX’s judgments about whether a group of contracts comprises a single arrangement can affect the allocation of consideration to the distinct performance obligations, which could have an effect on results of IDX’s operations.

Generally, IDX has not experienced significant returns or refunds to customers. IDX’s estimates related to revenue recognition may require significant judgment and the change in these estimates could have an effect on IDX’s results of operations during the periods involved.

Contract Balances

The timing of revenue recognition may differ from the timing of invoicing to customers and these timing differences result in receivables, contract assets, or contract liabilities (deferred revenue) on the Consolidated Balance Sheets. IDX records a contract asset when revenue is recognized prior to invoicing and records a deferred revenue liability when revenue is expected to be recognized subsequent to invoicing. For IDX’s breach services agreements, customers are typically invoiced at the beginning of the arrangement for the entire contract amount. When the breach agreement includes variable components related to as-incurred identity protection services, customers are invoiced monthly for the duration of the enrollment or call center period. Large contracts are typically billed 50% upfront and due upon receipt with the remaining 50% invoiced subsequently with net 30 terms.

Contract assets are presented as other receivables within the Consolidated Balance Sheets and primarily relate to IDX’s rights to consideration for work completed but not billed on service contracts. Contract assets are transferred to receivables when IDX invoices the customer. Contract liabilities are presented as deferred revenue and relate to payments received for services that are yet to be recognized in revenue.

During the one month three day period ended August 3, 2022, IDX recognized $0.6 million of revenue that was included in deferred revenue at the end of the preceding year. All other deferred revenue activity is due to the timing of invoices in relation to the timing of revenue, as described above. IDX expects to recognize as revenue approximately 56% of its August 3, 2022, deferred revenue balance in the remaining quarters of 2022, 29% for the period January 1, 2023, to August 3, 2023, and the remainder thereafter.

In instances where the timing of revenue recognition differs from the timing of invoicing, IDX has determined that its contracts do not include a significant financing component. The primary purpose of invoicing terms is to provide customers with simplified and predictable ways of purchasing IDX’s services, not to facilitate financing arrangements.

Government Contracts

IDX evaluates arrangements with governmental entities containing “fiscal funding” or “termination for convenience” provisions, when such provisions are required by law, to determine the probability of possible cancellation. IDX considers multiple factors, including the history with the customer in similar transactions and budgeting and approval processes undertaken by the governmental entity. If IDX determines upon execution of these arrangements that the likelihood of cancellation is remote, it then recognizes revenue for such arrangements once all relevant criteria have been met. If such a determination cannot be made, revenue is recognized upon the earlier of cash receipt or approval of the applicable funding provision by the governmental entity for such arrangements.

Contract Costs

IDX capitalizes costs to obtain a contract or fulfill a contract. These costs are recorded as capitalized contract costs on the Consolidated Balance Sheets. Costs to obtain a contract for a new customer are amortized on a straight-line basis over the estimated period of benefit. IDX determines the estimated period of benefit by taking into consideration the contractual term. IDX periodically reviews the carrying amount of the capitalized contract costs to determine whether events or changes in circumstances have occurred that could affect the period of benefit. Amortization expense associated with costs to fulfill a contract is recorded to cost of services on the Consolidated Statements of Income, and amortization expense associated with costs to obtain a contract (sales commissions) is recorded to sales and marketing expense.

All notification costs are expensed as fulfillment costs and recognized at a point in time. Call center costs are capitalized and amortized over time. Sales commissions, which are incremental costs to obtain contracts, are recognized ratably over the contractual period of the applicable agreement.

Income Taxes

IDX provides for income taxes using the asset and liability method. Deferred tax assets and liabilities are recognized for the future tax effect of differences between recorded assets and liabilities and their respective tax basis along with operating loss and tax credit carryforwards. Deferred tax assets and liabilities are measured using enacted tax rates expected to apply to taxable income in the years in which those temporary differences are expected to reverse. The effect on deferred tax assets and liabilities of a change in tax rates is recognized in income in the period the rate change becomes effective.

IDX recognizes the effect of income tax positions only if those positions are more likely than not of being sustained in the event of a tax audit. Recognized income tax positions are measured at the largest amount that is greater than 50% likely of being realized. Changes in recognition or measurement are reflected in the period in which the change in judgment occurs. The Company records interest related to unrecognized tax benefits in interest expense. Penalties and interest of $0.1 million have been accrued to expense as of August 3, 2022, and are discussed further in Note 6 in the notes to the consolidated financial statements.

Deferred tax assets are reduced by a valuation allowance when, in management’s opinion, it is more likely than not that some portion or all the deferred tax assets will not be realized. IDX considers the future reversal of existing taxable temporary differences, taxable income in prior carryback years, projected future taxable income, and tax planning strategies in making this assessment. IDX’s valuation allowance is based on all available positive and negative evidence, including its recent financial operations, evaluation of positive and negative evidence with respect to certain specific deferred tax assets (including evaluating sources of future taxable income) to support the realization of the deferred tax assets.

The Company’s income tax returns are generally subject to examination by taxing authorities for a period of three years from the date they are filed. Tax authorities may have the ability to review and adjust net operating loss or tax credit carryforwards that were generated prior to these periods if utilized in an open tax year. As of August 3, 2022, the Company’s income tax returns for the years ended December 31, 2016, through 2021 are subject to examination by the Internal Revenue Service and applicable state and local taxing authorities.

Quantitative and Qualitative Disclosures about Market Risk

IDX’s operations are in the United States, and it is exposed to market risk in the ordinary course of its business.

Interest Rate Risk

As of August 3, 2022, IDX had no short or long-term investments.

Foreign Currency Exchange Risk

To date, all of IDX’s sales contracts have been denominated in U.S. Dollars, and therefore its revenue is not subject to foreign currency risk. Operating expenses are incurred within the United States and denominated in U.S. Dollars.

Emerging Growth Company Status

IDX is an "emerging growth company" (EGC), as defined in the Jumpstart Our Business Startups Act (the "JOBS Act"). Under the JOBS Act, EGCs can delay adopting new or revised accounting standards applicable to public companies issued after the enactment of the JOBS Act until those standards apply to private companies. IDX has elected to use this extended transition period for complying with certain new or revised accounting standards that have different effective dates for public and private companies until the earlier of the date IDX (i) is no longer an EGC or (ii) affirmatively and irrevocably opts out of the extended transition period provided in the JOBS Act. As a result, the IDX Consolidated Financial Statements may or may not be comparable to the financial statements of issuers who comply with public company standards' effective dates.

Recent Accounting Pronouncements

See Notes 2r. Standards Issued and Adopted and 2s. Standards Issued but Not Yet Effective to the consolidated financial statements for recently adopted accounting pronouncements and recently issued accounting pronouncements not yet adopted as of August 3, 2022.

Liquidity and Capital Resources

Sources and Uses of Funds

As of August 3, 2022, IDX had $16.3 million of cash and cash equivalents. IDX believes that existing cash and cash equivalents will be sufficient to support working capital and capital expenditure requirements for at least the next twelve months. Since inception, IDX has financed operations primarily through credit facilities and positive cash flow related to its OPM Contract. Principal uses of cash are cost of services provided to its customers such as notification printing and monitoring and personnel related expenses. In August 2016, IDX and ITGS, Inc., as co-borrowers, entered into a credit facility with Comerica Bank (“Lender”) (the “Comerica Credit Facility”), which was amended and restated in December 2020 and further amended in July 2021. The current Comerica Credit Facility provides for a secured term loan facility in an aggregate principal amount of $10.0 million. IDX’s obligations under the Comerica Credit Facility are secured by substantially all its assets. As of August 3, 2022, there was $9.4 million in principal amount outstanding under the Comerica Credit Facility.

Interest is payable monthly and accrues at the prime referenced rate plus 1.5% per year, which was 6.25% as of August 3, 2022. The outstanding principal amount of the term loan is payable in thirty-six equal monthly installments beginning on July 1, 2022, and continuing through the maturity date in June 2025. IDX may prepay the term loan, in whole or in part, at any time, without penalty or premium. Any amounts, once repaid, may not be reborrowed.

The Comerica Credit Facility contains customary affirmative and negative covenants for this type of facility, including, among others, restrictions on dispositions, any change in control, mergers or consolidations, acquisitions, investments, incurrence of debt, granting of liens, payments of dividends or distributions and certain transactions with affiliates, in each case subject to certain exceptions. The Comerica Credit Facility also contains a minimum EBITDA financial covenant requiring that IDX generate minimum EBITDA of not less than $3.0 million during any trailing twelve-month period.

The events of default under the Comerica Credit Facility include, among others, subject to grace periods in certain instances, payment defaults, covenant defaults, bankruptcy and insolvency defaults, cross-defaults to other indebtedness, judgment defaults, a material adverse change default and a default in the event that the contract with the OPM Contract is canceled or terminated. Upon the occurrence and during the continuance of an event of default, the lender may declare all outstanding principal and accrued and unpaid interest under the credit facility immediately due and payable, increase the applicable interest rate by 5%, and may exercise other rights and remedies provided under the Comerica Credit Facility. IDX intends to repay and terminate the credit facility at the Closing.

IDX is a party to that certain Convertible Promissory Note Purchase Agreement, dated as of December 18, 2018, by and among ID Experts Holdings, Inc. and certain ID Experts Holdings, Inc. shareholders, pursuant to which it has issued certain convertible promissory notes.

From time to time, IDX may explore additional financing sources and means to lower its cost of capital, which could include equity, equity-linked and debt financing. IDX cannot assure you that any additional financing will be available to it on acceptable terms, or at all. If IDX raises additional funds by issuing equity or equity-linked securities, the ownership of the existing shareholders will be diluted. If IDX raises additional financing by the incurrence of indebtedness, IDX may be subject to increased fixed payment obligations and could be subject to additional restrictive covenants, such as limitations on its ability to incur additional debt, and other operating restrictions that could adversely impact IDX’s ability to conduct business. Any future indebtedness IDX incurs may result in terms that could be unfavorable to equity investors. There can be no assurances that IDX will be able to raise additional capital. The inability to raise capital would adversely affect IDX’s ability to achieve its business objectives.