Item 1A. Risk Factors
In addition to the other information provided in our reports, you should consider the following factors carefully in evaluating our business and us. Additional risks and uncertainties not presently known to us, which we currently deem immaterial or that are similar to those faced by other companies in our industry or business in general, such as competitive conditions, may also impair our business operations. If any of the following risks occur, our business, financial condition, or results of operations could be materially adversely affected.
Risks Related to our Business and Financial Condition
In the past, we have identified conditions and events that raise substantial doubt about our ability to continue as a going concern and it is possible that conditions and events in the future may negatively impact our ability to continue as a going concern.
As of December 31, 2023, we had a working capital deficit of approximately $8.5 million. We reported a net loss of approximately $1,855,000 for the twelve months ended December 31, 2023. We reported a stockholders’ deficiency of $8,551,861 as of December 31, 2023. We had net loss of approximately $3,562,000 in 2022. At December 31, 2022, we had a stockholders’ deficiency of $6,864,214. These factors raise substantial doubt about our ability to continue as a going concern.
During the year ended December 31, 2023, we engaged in multiple short term funding arrangements, which netted the Company approximately $2,205,000. We are exploring additional sources of financing, including debt and equity, and anticipate significant growth of business. As part of this amount, in March 2023, we, as seller, received approximately $1,413,294 as a purchase price for the sale of the Company’s rights, title and interest to an Employee Retention Credit claim made with the United States Internal Revenue Service. In the future, if we are unable to obtain sufficient funding to support our operations, we could be forced to delay, reduce or eliminate all our research and development programs, product portfolio expansion or commercialization efforts, and our financial condition and results of operations will be materially and adversely affected, and we may be unable to continue as a going concern. Our report from our independent registered public accounting firm contains statements expressing substantial doubt about our ability to continue as a going concern. Future reports could also contain this wording. If we seek additional financing to fund our business activities in the future and there remains substantial about our ability to continue as a going , investors or other financing sources may be to provide additional funding to us on commercially reasonable terms or at all.
If we are unable to raise sufficient capital, we will be unable to fully fund our operations and to otherwise execute our business plan .
Until such time, if ever, that we can generate substantial revenues, we expect to finance our cash needs primarily through equity offerings and debt financings. Our ability to raise capital, whether through equity or through debt, is based, in part, on market events and conditions out of our control. We do not have any future committed source of external funds.
If we are unable to raise additional capital when needed, we may be required to delay, limit, reduce, or terminate our future product and service development or commercialization efforts.
Our efforts to commercialize our Nodeware solution may not be successful.
We have two patents granted and one patent pending relating to our Nodeware solution. The efforts we have taken to protect our intellectual property may not be sufficient or effective. Additionally, there is no guarantee that our Nodeware solution will perform as expected or as needed.
In order to protect our interest in Nodeware, we sell licenses permitting customers’ access. Licenses are protected through our EULA (end user licensing agreement), reseller/partner contracts, and through the cloud platform it resides in, enabling us to manage subscriptions, use and distribution of the platform. We face a risk of reputational harm and potential intellectual property theft if a licensee mistakenly or intentionally misuses our products. Licensing may also add an expense to our overall cost structure that is not supported by the market for like products.
Table of Contents
If we do not successfully develop enhancements or new software, or scale our platform effectively, our operating results and our business may be harmed.
The cybersecurity market is characterized by rapid technological advances, customer price sensitivity, short product and service life cycles, intense competition, changes in customer requirements, frequent new product introductions and enhancements and evolving industry standards and regulatory mandates. Any of these factors could create downward pressure on pricing and gross margins, and could adversely affect our renewal rates, as well as our ability to attract new customers. Our future success will depend on our ability to enhance existing software, introduce new software on a timely and cost-effective basis, meet changing customer needs, integrate, and extend our core technology into new applications, and anticipate and respond to emerging cybersecurity threats. We must also continually change and improve our software and services in response to changes in operating systems, application software, computer and communications hardware, networking software, data center architectures, programming tools and computer language technology. In addition, our future growth depends upon our ability to continue to meet the expanding needs of our customers and to scale our software and services to meet these expanding needs and expanding customer base. As a result, we must continue to dedicate significant financial and other resources to our research and development efforts.
We may not be able to anticipate future market needs and opportunities, develop enhancements or new software to meet such needs or opportunities, or scale our platforms to maintain the performance of our software and services, in a timely manner or at all. To the extent that we do not successfully develop enhancements or new software, or scale our platform effectively, our operating results and our business may be harmed.
If we are unable to protect our intellectual property rights, our business could be harmed, or we could be required to incur significant expenses to enforce our rights.
We believe that our intellectual property is an asset that may contribute to the growth and profitability of our business. We rely on a combination of patented, patent-pending and confidentiality procedures, trademarks, and contractual provisions to establish and protect our intellectual property rights in the United States and abroad. We intend to rely on both registration and common law protection for our trademarks. Despite our efforts, the steps we have taken to protect our intellectual property rights may not be adequate to preclude misappropriation of our proprietary information or infringement of our intellectual property rights, and our ability to police such misappropriation or infringement is uncertain. Enforcing our intellectual property rights, if necessary, is difficult, time-consuming, resource-intensive, expensive, and uncertain. Litigation may become necessary and, if so, it may come at a substantial cost and cause diversion of management’s resources, which could harm our business.
We may need to defend against intellectual property infringement claims or misappropriation claims, which may be time-consuming, resource-intensive, and expensive.
Although we have not in the past been subject to claims that any of our products or services infringe intellectual property rights of a third-party, we could be subject to such claims in the future. It’s possible that litigation could result. We do not know whether we will prevail in such proceedings given the highly complex, technical issues and inherent uncertainties in intellectual property litigation. Enforcing our intellectual property rights, if necessary, is difficult, time-consuming, resource-intensive, expensive, and uncertain.
If a challenge to our intellectual property rights results in an adverse outcome, then we could be required to stop the use of our products, services, or technology, pay damages for infringement, and expend resources developing products, services, or technology that are non-infringing.
We experience fluctuations in quarterly and annual operating results.
Our quarterly and annual operating results have fluctuated in the past and likely will fluctuate in the future. The demand for our products is driven largely by the demand for cybersecurity solutions. Accordingly, the cybersecurity industry is affected by market conditions that are often outside our control. Our results of operations may fluctuate significantly from period to period due to a number of factors, including general economic, industry and market conditions, the introduction or adoption of new technologies that compete with our software and services, the length and expense of our sales cycle for our software and services, the loss of a key customer and publicity regarding security breaches generally and the level of perceived threats to IT security. As a result of these factors and other risks discussed in this section, or the cumulative effect of some of these factors, may result in fluctuations in our operating results.
In addition, we recognize revenues from subscriptions over the term of the relevant service period, which is typically one year. As a result, a significant amount of our reported revenues in each quarter are derived from the recognition of deferred revenues relating to subscriptions entered into during previous quarters. Consequently, a shortfall in demand for our solutions in any period may not significantly reduce our revenues for that period but could negatively affect revenues in future periods. Accordingly, the effect of significant downturns in bookings may not be fully reflected in our results of operations until future periods.
This variability and unpredictability could result in our failure to meet expectations with respect to operating results, or those of securities analysts or investors, for a particular period. If we fail to meet or exceed expectations for our operating results for these or any other reasons, the trading price of our common stock could fall and we could face costly lawsuits, including securities class action suits.
Table of Contents
We do not maintain directors’ and officers’ liability insurance, which may subject us to significant exposure if one of our directors or officers is sued.
As of the date of this filing, we do not maintain directors’ and officers’ liability insurance. In addition to protecting the individual director or officer against personal losses, it can also cover the legal fees and costs an organization may incur as a result of the lawsuit.
If a legal action is commenced against one of our directors or officers, including, but not limited to, an action alleging a violation of securities law, we may incur the legal fees and costs associated with defending against the action, which may harm our business. In addition, a potential action could be time-consuming, resource-intensive, expensive, and uncertain.
We currently accrue a liability for a discontinued Simple IRA plan.
Through December 31, 2012, we offered a Simple (Savings Incentive Match Plan for Employees) IRA plan as a retirement plan for eligible employees and offered a voluntary match. We did not make all required voluntary matches prior to terminating the Simple IRA plan and we have accrued liability for the voluntary match portion of the Simple IRA plan, including interest, which was $298,243 as of December 31, 2023. There can be no assurance that the accrued liability amount will be sufficient to satisfy the Company’s potential liability.
We have used and may use our existing credit facility to finance our growth.
We have an accounts receivable credit facility with a financial institution, which enables us to sell accounts receivable to the financial institution with full recourse against us. The fee charged is prime plus 3.6% (effective rate of 12.1% at December 31, 2023) against the average daily outstanding balance of funds advanced. We also granted the financial institution a first priority interest in accounts receivable and a blanket lien. The fee charged is based, in part, on market events and conditions out of our control. The terms of the credit facility are subject to change.
During the years ended December 31, 2023 and 2022, we sold approximately $4,104,000 and $3,973,000, respectively, of our accounts receivable to the financial institution.
Because of the high relative cost, use of the credit facility, in the aggregate, may harm our business.
We rely on one customer for a large portion of our revenues.
We depend on one customer for a large portion of our revenue. Through the 12 months ending December 31, 2023, sales to this customer, including sales under subcontracts, accounted for 64% of total sales and 16% of accounts receivable. During 2022, sales to this customer, including sales under subcontracts, accounted for 63% of total sales and 27% of accounts receivable. The loss of this customer could have a significant impact on our revenues and harm our business and results of operations.
We rely on our channel partners to generate a substantial amount of our revenues, and if we fail to expand and manage our distribution channels, our revenues could decline and our growth prospects could suffer.
Our success significantly depends upon establishing and maintaining relationships with a variety of channel partners and we anticipate that we will continue to depend on these partners in order to grow our business.
For the twelve months ended December 31, 2023, approximately 90% of our business comes from our channel sales and approximately 10% from direct sales to end customers, and the percentage of revenues derived from channel partners may increase in future periods. Our agreements with our channel partners are generally non-exclusive and do not prohibit them from working with our competitors or offering competing solutions, and many of our channel partners have more established relationships with our competitors. If our channel partners choose to place greater emphasis on products of their own or those offered by our competitors, do not effectively market and sell our software and services, or fail to meet the needs of our customers, then our ability to grow our business and sell our software and services may be adversely affected. In addition, the loss of one or more of our larger channel partners, who may cease marketing our software and services with limited or no notice, and our possible inability to replace them, could adversely affect our sales. Moreover, our ability to expand our distribution channels depends in part on our ability to educate our channel partners about our software and services, which can be complex. Our to recruit additional channel partners, or any reduction or in their sales of our software and services or between channel sales and our direct sales and marketing activities may our results of operations. Even if we are , these relationships may not result in customer usage of our software and services or increased revenues.
In addition, the financial health of our channel partners and our continuing relationships with them are important to our success. Some of these channel partners may be unable to withstand adverse changes in economic conditions, which could result in insolvency and/or the inability of such distributors to obtain credit to finance purchases of our software and services. In addition, weakness in the end-user market could negatively affect the cash flows of our channel partners who could, in turn, delay paying their obligations to us, which would increase our credit risk exposure. Our business could be harmed if the financial condition of some of these channel partners substantially weakened and we were unable to timely secure replacement channel partners.
Table of Contents
We are highly leveraged, which increases our operating deficit and makes it difficult for us to grow.
At December 31, 2023, we had current liabilities of approximately $8.9 million and long-term liabilities of $1.0 million and stockholders’ deficiency of $8,551,861. At December 31, 2023, we had a working capital deficit of approximately $8.5 million and a current ratio of 0.04. At December 31, 2022, we had current liabilities of approximately $6.6 million and long-term liabilities of approximately $1.9 million and stockholders’ deficiency of $6,864,214. At December 31, 2022, we had a working capital deficit of approximately $6.0 million and a current ratio of 0.09.
Working capital shortages may impair our business operations and growth strategy, and accordingly, our business operations.
If we acquire businesses or business assets and do not successfully integrate the acquisitions, our results of operations could be adversely affected.
We may grow our business by acquiring or investing in other companies and businesses and assets that we feel have synergy and will complement our business plan. As such, we periodically evaluate potential business combinations and investments in other companies and assets. We may be unable to profitably manage the businesses and assets that we may acquire or invest in. We may fail to integrate these businesses and assets successfully without incurring substantial expenses, delays or other problems that could negatively impact our results of operations.
Our investments in cybersecurity and other business initiatives may not be successful.
We have invested in and continue to invest in cybersecurity capabilities to add new software and services to address the needs of our clients, including our newly introduced product, Nodeware. Our investments may not be successful or increase our revenues. If we are not successful in creating value from our investments by increasing sales, our financial condition and prospects could be harmed.
If we fail to adequately manage the size of our business, it could have a severe negative impact on our financial results or stock price.
Our management believes that to be successful we must appropriately manage the size of our business. This may mean reducing costs and overhead in certain economic periods, and selectively growing in periods of economic expansion. In addition, we will be required to implement operational, financial and management information procedures and controls that are efficient and appropriate for the size and scope of our operations. The management skills and systems currently in place may not be adequate and we may not be able to manage any significant reductions or growth effectively.
We may have difficulties in managing our growth.
Our future growth depends, in part, on our ability to expand, train and manage our employee base and provide support to an expanded client base. We must also enhance and implement new operating and software systems to accommodate our growth and expansion of IT product and service offerings. If we cannot manage growth effectively, it could have a material adverse effect on our results of operations, business and financial condition. In addition, acquisitions, investments and expansion involve substantial infrastructure costs and working capital. We cannot provide assurance that we will be able to integrate acquisitions, if any, and expansions efficiently. Similarly, we cannot provide assurance that any investments or expansion will enhance our profitability. If we do not achieve sufficient sales growth to offset the increased expenses associated with our expansion, our results will be adversely affected.
We depend on the continued services of our key personnel.
Our future success depends, in part, on the continuing efforts of our senior executive officers. The loss of any of these key employees may materially adversely affect our business. We do not maintain key-person insurance for any member of our senior management team. From time to time, there may be changes in our senior management team resulting from the termination or departure of executives. Our senior management and key employees are generally employed on an at-will basis, which means that they could terminate their employment with us at any time. The loss of the services of our senior management or other key employees for any reason could significantly delay or prevent the achievement of our development and strategic objectives and harm our business, financial condition and results of operations.
Table of Contents
Our future success depends on our ability to continue to retain and attract qualified employees.
We believe that our future success depends upon our ability to continue to train, retain, effectively manage and attract highly skilled technical, managerial, sales and marketing personnel. This includes skills for our new initiatives in cybersecurity. Employee turnover is generally high in the IT services industry. If our efforts in these areas are not successful, our costs may increase, our sales efforts may be hindered, and the quality of our client service may suffer. Although we invest significant resources in recruiting and retaining employees, there is often significant competition for certain personnel in the IT services industry. From time to time, we experience difficulties in locating enough highly qualified candidates in desired geographic locations, or with required specific expertise.
We believe that our growth will depend, to a significant extent, on our success in recruiting and retaining a sufficient number of qualified sales personnel and their ability to obtain new customers, manage our existing customer base and expand the sales of our software and services. We plan to continue to expand our sales force and make a significant investment in our sales and marketing activities. Our recent hires and planned hires may not become as productive as quickly as we would like, and we may be unable to hire or retain sufficient numbers of qualified individuals in the future in the competitive markets where we do business. Competition for highly skilled personnel is frequently intense and we may not be able to compete for these employees. If we are unable to recruit and retain a sufficient number of productive sales personnel, sales of our software and services and the growth of our business may be harmed. Additionally, if our efforts do not result in increased revenues, our operating results could be negatively impacted due to the upfront operating expenses associated with expanding our sales force.
If we are required to collect higher sales and use or other taxes on the software and services we sell, we may be subject to liability for past sales and our future sales may decrease.
Taxing jurisdictions, including state and local entities, have differing rules and regulations governing sales and use or other taxes, and these rules and regulations are subject to varying interpretations that may change over time. In particular, the applicability of sales taxes to our SaaS solutions in various jurisdictions is unclear. It is possible that we could face sales tax audits and that our liability for these taxes could exceed our estimates as tax authorities could still assert that we are obligated to collect additional amounts as taxes from our customers and remit those taxes to those authorities. We could also be subject to audits with respect to state and international jurisdictions for which we may not accrued tax liabilities. A successful assertion that we should be collecting additional sales or other taxes on our services in jurisdictions where we have not historically done so and do not accrue for sales taxes could result in substantial tax liabilities for past sales, discourage customers from purchasing our software and services or otherwise harm our business and operating results.
Climate change may have a long-term negative impact on our business.
The long-term effects of climate change on the global economy and the technology industry in particular are unclear, however there are inherent climate-related risks everywhere business is conducted. Climate-related events, including the increasing frequency of extreme weather events such as drought, water scarcity, heat waves, cold waves, flooding and wildfires, and their impact on regional short-term systemic failures in the U.S. and elsewhere, have the potential to disrupt our business, our third-party vendors, and/or the business of our customers and their end users, and may cause us to experience higher attrition, losses and additional costs to maintain and resume operations. While we employ the use of cloud technologies, we also store some data in physical data centers which depend on predictable and reliable energy and networking capabilities, which could be affected by a variety of factors, including climate change. In addition, if new laws are enacted, or current laws are modified in countries in which we or our suppliers operate, we could face increased costs to comply with these laws. These costs may be incurred across various levels of our supply chain to comply with new environmental regulations, taxes and penalties, which could cause us to incur increased costs to service obligations to customers. In addition, we may be subject to increased regulations, reporting requirements and standards, or expectations regarding the environmental impacts of our business, which may result in increased compliance costs, and any or disclosure could affect our reputation, business or financial performance.
Table of Contents
Risks Related to our Industry
As a provider of cybersecurity software and services, we are subject to a heightened threat of cyberattacks intended to disrupt our internal operations or IT services provided to customers, and any such disruption could reduce our revenue, increase our expenses, damage our reputation.
We sell cybersecurity software and services, including third-party software as well as our internally developed software, Nodeware. As a result, we have been and will be a target of cyber-attacks designed to impede the performance of our products, penetrate our network security or the security of our cloud platform or our internal systems, or that of our customers, misappropriate proprietary information and/or cause interruptions to our services. Because of the significant military action against Ukraine launched by Russia, the risk of such cyber-attacks is increased.
For example, because Nodeware is a network vulnerability management solution, a successful cyber-attack on us may be perceived as a victory for the cyber attacker, thereby increasing the likelihood that we may be a target of more cyber-attacks, even absent financial motives. Further, if our systems are breached as a result of third-party action, employee error or misconduct, attackers could learn critical information about how our primary product operates to help protect our customers’ IT infrastructures from cyber risk, thereby making our customers more vulnerable to cyber-attacks. In addition, if actual or perceived breaches of our network security occur, they could adversely affect the market perception of our Nodeware solution, negatively affecting our reputation, and may expose us to the loss of our proprietary information or information belonging to our customers, or and possible liability, including injunctive relief and monetary . Such security could also the efforts of our technical and management personnel. In addition, such security could our ability to operate our business and provide products to our customers. If this happens, our reputation could be , our revenue could , and our business could .
Our information technology systems may be subject to intentional disruption or other security incidents that could result in liability and adversely impact our reputation and future sales.
We and our service providers face threats from a variety of sources, including attacks on our networks and systems from numerous sources, including traditional “hackers,” sophisticated nation-state and nation-state supported actors, other sources of malicious code (such as viruses and worms), and phishing attempts. We and our service providers could be a target of cyber-attacks or other malfeasance designed to impede the performance of our software and services, penetrate our network security or the security of our cloud platform or our internal systems, misappropriate proprietary information and/or cause interruptions to our services. Our software, platforms, and system, and those of our service providers, may also suffer security incidents as a result of non-technical issues, including intentional or inadvertent acts or omissions by our employees or service providers. With the increase in personnel continuing to work remotely during the COVID-19 pandemic, we and our service providers are at increased risk for security . Because of the significant military action Ukraine launched by Russia, the risk of such cyber-attacks, , security , and security is increased. The conditions caused by the Russian invasion of Ukraine could also result in or other security for our service providers.
We are taking steps to monitor and enhance the security of our software and services, cloud platform, and other relevant systems, IT infrastructure, networks, and data; however, the unprecedented scale of remote work may require additional personnel and resources, which nevertheless cannot be guaranteed to fully safeguard our software and services, our cloud platform, or any systems, IT infrastructure networks, or data upon which we rely. Further, because our operations involve providing cybersecurity software and services to our customers, we may be targeted for cyber-attacks and other security incidents. A breach in our data security or an attack against our service availability, or that of our third-party service providers, could impact our networks or networks secured by our software and services, creating system disruptions or slowdowns and exploiting security vulnerabilities of our software and services, and the information stored on our networks or those of our third-party service providers could be accessed, publicly disclosed, altered, lost, or , which could subject us to liability and cause us financial . If an actual or perceived in the availability of our software and services or the of our security measures or those of our service providers occurs, it could affect the market perception of our software and services, result in a of competitive , have a impact on our reputation, or result in the of customers, channel partners and sales, and it may us to the or alteration of information, , regulatory actions and and possible liability. Any such actual or perceived security or could also the efforts of our technical and management personnel. We also may incur significant costs and operational consequences of , remediating, eliminating and putting in place additional tools and devices designed to prevent actual or perceived security , as well as the costs to comply with any notification obligations resulting from any security . In addition, any such actual or perceived security could our ability to operate our business and provide software and services to our customers. If this happens, our reputation could be , our revenues could and our business could .
Table of Contents
Although we maintain insurance coverage that may be applicable to certain liabilities in the event of a security breach or other security incident, we cannot be certain that our insurance coverage will be adequate for liabilities that actually are incurred, that insurance will continue to be available to us on economically reasonable terms, or at all, or that any insurer will not deny coverage as to any future claim. The successful assertion of one or more large claims against us that exceed available insurance coverage or the occurrence of changes in our insurance policies, including premium increases or the imposition of large deductible or co-insurance requirements, could have a material and adverse effect on our business, including our financial condition, operating results and reputation.
If our software and services fail to detect vulnerabilities or incorrectly detect vulnerabilities, our brand and reputation could be harmed, which could have an adverse effect on our business and results of operations.
If our software and services fail to detect vulnerabilities in our customers’ IT infrastructures, or if our software and services fail to identify and respond to new and increasingly complex methods of attacks, our business and reputation may suffer. There is no guarantee that our software and services will detect all vulnerabilities. Additionally, our cybersecurity software and services may falsely detect vulnerabilities or threats that do not actually exist. For example, some of our software and services rely on information on attack sources aggregated from third-party data providers who monitor global malicious activity originating from a variety of sources, including anonymous proxies, specific IP addresses, botnets and phishing sites. If the information from these data providers is inaccurate, the potential for false indications of security vulnerabilities increases. These positives, while typical in the industry, may the perceived reliability or usability of our software and services and may therefore impact market acceptance of our software and services and could result in publicity, of customers and sales, increased costs to remedy any information or , or by aggrieved parties. Similar issues may be generated by the of our tools to identify and .
Further, our software and services sometimes are tested against other security products, and may fail to perform as effectively, or to be perceived as performing as effectively, as competitive products for any number of reasons, including misconfiguration. To the extent current or potential customers, channel partners, or others believe there has been an occurrence of an actual or perceived failure of our software and services to detect a vulnerability or otherwise to function as effectively as competitive products in any particular test or indicates our software and services do not provide significant value, our business, competitive position, and reputation could be harmed.
In addition, our software and services do not currently extend to cover mobile devices or personal devices that employees may bring into an organization. As such, our software and services would not identify or address vulnerabilities in mobile devices, such as mobile phones or tablets, or personal devices, and our customers’ IT infrastructures may be compromised by attacks that infiltrate their networks through such devices.
An actual or perceived security breach or theft of the sensitive data of one of our customers, regardless of whether the breach is attributable to the failure of our software and services, could adversely affect the market’s perception of our cybersecurity software and services.
If our solutions fail to help our customers achieve and maintain compliance with regulations and industry standards, our revenues and operating results could be harmed.
We generate a portion of our revenues from software and services that help organizations achieve and maintain compliance with regulations and industry standards. For example, some of our customers subscribe to our software and services to help them comply with the security standards developed and maintained by the Payment Card Industry Security Standards Council, or the PCI Council, which apply to companies that store cardholder data. Industry organizations like the PCI Council may significantly change their security standards with little or no notice, including changes that could make their standards more or less onerous for businesses. Governments may also adopt new laws or regulations, or make changes to existing laws or regulations, that could impact the demand for or value of our solutions.
If we are unable to adapt our software and services to changing regulatory standards in a timely manner, or if our solutions fail to assist with or expedite our customers’ compliance initiatives, our customers may lose confidence in our solutions and could switch to products offered by our competitors. In addition, if regulations and standards related to data security, vulnerability management and other IT, security and compliance requirements are relaxed or the penalties for non-compliance are changed in a manner that makes them less onerous, our customers may view government and industry regulatory compliance as less critical to their businesses, and our customers may be less willing to purchase our solutions. In any of these cases, our revenues and operating results could be harmed.
Table of Contents
Our cybersecurity software and services are delivered from a third-party vendor, and any disruption of service at their facilities would interrupt or delay our ability to deliver our software and services to our customers which could reduce our revenues and harm our operating results.
Our existing data center facilities providers have no obligation to renew their agreements with us on commercially reasonable terms, or at all. If we are unable to renew our agreements with the facilities providers on commercially reasonable terms or if in the future we add additional data center facility providers, we may experience costs or downtime in connection with the loss of an existing facility or the transfer to, or addition of, new data center facilities.
Any disruptions or other performance problems with our software and services could harm our reputation and business and may damage our customers’ businesses. Interruptions in our service delivery might reduce our revenues, cause us to issue credits to customers, subject us to potential liability and cause customers to terminate their subscriptions or not renew their subscriptions.
If the market for cloud solutions for IT, security and compliance does not evolve as we anticipate, our revenues may not grow and our operating results would be harmed.
Our success depends to a significant extent on the willingness of organizations to increase their use of cloud solutions for their IT, security, and compliance. To date, some organizations have been reluctant to use cloud solutions because they have concerns regarding the risks associated with the reliability or security of the technology delivery model associated with these solutions. If other cloud service providers experience security incidents, loss of customer data, disruptions in service delivery or other problems, the market for cloud solutions as a whole, including our solutions, may be negatively impacted. Moreover, many organizations have invested substantial personnel and financial resources to integrate on-premise software into their businesses, and as a result may be reluctant or unwilling to migrate to a cloud solution, such as Nodeware. Organizations that use on-premise security products, such as network firewalls, security information and event management products or data loss solutions, may also believe that these products sufficiently protect their IT infrastructure and deliver adequate security. Therefore, they may continue spending their IT security budgets on these products and may not adopt our software and services in addition to or as a replacement for such products.
If customers do not recognize the benefits of our cloud software and our services over traditional on-premise enterprise software products, and as a result we are unable to increase sales of subscriptions to our software and services, then our revenues may not grow or may decline, and our operating results would be harmed.
We use third-party software and data that may be difficult to replace or cause errors or failures of our software and services that could lead to lost customers or harm to our reputation and our operating results.
We license third-party software as well as security and compliance data from various third parties to deliver our software and services. In the future, this software or data may not be available to us on commercially reasonable terms, or at all. Any loss of the right to use any of this software or data could result in delays in the provisioning of our software and services until equivalent technology or data is either developed by us, or, if available, is identified, obtained and integrated, which could harm our business. In addition, any errors or defects in or failures of this third-party software or data could result in errors or defects in our software and services or cause our software and services to fail, which could harm our business and be costly to correct. Many of these providers attempt to impose limitations on their liability for such , or , and if enforceable, we may have additional liability to our customers or third-party providers that could our reputation and increase our operating costs.
We will need to maintain our relationships with third-party software and data providers, and to obtain software and data from such providers that do not contain any errors or defects. Any failure to do so could adversely impact our ability to deliver effective solutions to our customers and could harm our operating results.
Table of Contents
Our software contains third-party open source software components, and our failure to comply with the terms of the underlying open source software licenses could restrict our ability to sell our software and services.
Our software contains software licensed to us by third-parties under so-called “open source” licenses, including the GNU General Public License, the GNU Lesser General Public License, the BSD License, the Apache License and others. From time to time, there have been claims against companies that distribute or use open source software in their products and services, asserting that such open source software infringes the claimants’ intellectual property rights. We could be subject to suits by parties claiming that what we believe to be licensed open source software infringes their intellectual property rights. Use and distribution of open source software may entail greater risks than use of third-party commercial software, as open source licensors generally do not provide warranties or other contractual protections regarding infringement claims or the quality of the code. In addition, certain open source licenses require that source code for software programs that are subject to the license be made available to the public and that any modifications or derivative works to such open source software continue to be licensed under the same terms. If we combine our proprietary software with open source software in certain ways, we could, in some circumstances, be required to release the source code of our proprietary software to the public. the source code of our proprietary software could make it for cyber attackers and other third parties to discover in or to the protections of our solutions, which could result in our solutions to provide our customers with the security they expect from our services. This could our business and reputation. our proprietary source code also could allow our competitors to create similar products with lower development effort and time and ultimately could result in a of sales for us. Any of these events could have a material effect on our business, operating results and financial condition.
Our software and services could be used to collect and store personal information of our customers’ employees or customers, and therefore privacy and other data handling concerns could result in additional cost and liability to us or inhibit sales of our software and services.
We may collect, store, process and use our customers’ employees or customers’ personally identifiable information and other data in our transactions with them, and we may rely on third parties that are not directly under our control to do so as well. While we take reasonable measures intended to protect the security, integrity and confidentiality of the personal information and other sensitive information we collect, store or transmit, we cannot guarantee that inadvertent or unauthorized use or disclosure will not occur, or that third parties will not gain unauthorized access to this information. If we or our third-party service providers were to experience a breach, disruption or failure of systems compromising our customers’ data, or if one of our third-party service providers or partners were to access our customers’ personal data without our authorization, our brand and reputation could be adversely affected, use of our software and services could decrease and we could be exposed to a risk of , and regulatory proceedings.
Despite our compliance efforts, we may fail to achieve compliance with applicable privacy or data protection laws and regulations as they evolve, or adhere to contractual obligations regarding the collection, processing, storage and transfer of data (including data from our customers, prospective customers, partners and employees), either due to internal or external factors such as resource limitations or a lack of vendor cooperation. Any actual or perceived failure to comply with these laws or obligations could result in enforcement action against us, including fines, claims for damages by customers and other affected individuals, damage to our reputation and loss of goodwill (both in relation to any existing customers and prospective customers), any of which could harm our business, results of operations, and financial condition. Further, privacy may inhibit market adoption of our software and services, particularly in certain industries and foreign countries.
We depend on prime contracts or subcontracts with the federal, state, and local governments for a substantial portion of our sales, and our business would be seriously harmed if the government ceased doing business with us or our prime contractors or significantly decreased the amount of business it does with us or our prime contractors.
We derived approximately 64% of our sales in 2023 and 63% of our sales in 2022 from contracts as either a prime contractor or a subcontractor from government contracts. We expect that we will continue to derive a substantial portion of our sales for the foreseeable future from work performed under government contracts, as we have in the past, and from marketing efforts focused on commercial enterprises. If we or our prime contractors were suspended or prohibited from contracting with federal, state or local governments, or if our reputation or relationship with the federal, state or local governments and commercial enterprises were impaired, or if any of the foregoing otherwise ceased doing business with us or our prime contractors or significantly decreased the amount of business it does with us or our prime contractors, our business, prospects, financial condition and operating results would be materially adversely affected.
We operate in a highly competitive environment and, as a result, we may not be able to compete effectively or maintain or increase our sales.
We operate in a highly competitive environment with numerous competitors, some of which have greater resources or better brand recognition than we do. This competitive environment subjects us to various risks, including the ability to provide our software and services at competitive prices that allow us to maintain our profitability. Because of this competitive environment, we may have limited ability to increase prices in response to increased costs without losing competitive position which may adversely affect our margins and financial performance. In addition, price reductions by our competitors may result in the reduction of our prices and a corresponding reduction in our profitability. As a result, we may face periods of intense competition in the future, which could have a material adverse effect on our profitability and results of operations.
Table of Contents
Our sales cycle can be long and unpredictable, and our sales efforts require considerable time and expense. As a result, revenues may vary from period to period, which may cause our operating results to fluctuate and could harm our business.
The timing of sales of our software and services can be difficult to forecast because of the length and unpredictability of our sales cycle, particularly with large transactions. We sell our cybersecurity software and services primarily to IT departments that are managing a growing set of user and compliance demands, which has increased the complexity of customer requirements to be met and confirmed during the sales cycle and prolonged our sales cycle. Further, the length of time that potential customers devote to their testing and evaluation, contract negotiation and budgeting processes varies significantly, which has also made our sales cycle long and unpredictable. The length of the sales cycle for our software and services typically ranges from six to twelve months but can be more than eighteen months. In addition, we might devote substantial time and effort to a particular unsuccessful sales effort, and as a result we could lose other sales opportunities or incur expenses that are not offset by an increase in revenues, which could harm our business.
Our business could be adversely affected by changes in budgetary priorities of the federal, state and local governments.
Because we derive a significant portion of our sales from contracts with federal, state and local governments, we believe that the success and development of our business will continue to depend on our successful participation in their contract programs. Changes in federal, state and local government budgetary priorities could directly affect our financial performance. A significant decline in government expenditures, a shift of expenditures away from programs which call for the types of services that we provide or a change in government contracting policies, could cause U.S. Governmental agencies as well as state and local governments to reduce their expenditures under contracts, to exercise their right to terminate contracts at any time without penalty, not to exercise options to renew contracts or to delay or not originate new contracts. Any of those actions could seriously harm our business, prospects, financial condition or operating results. Moreover, although our contracts with governmental entities may contemplate that our services will be performed over a period of several years, government entities usually must approve funds for a given program each government fiscal year and may significantly reduce or eliminate funding for a program. Significant reductions in these appropriations could have a material effect on our business. Additional factors that could have a effect on our government contracting business include, but may not be limited to:
changes in government programs or requirements;
budgetary priorities limiting or delaying government spending generally, or by specific departments or agencies and changes in fiscal policies or available funding, including potential governmental shutdowns;
reductions in the government's use of technology solutions firms;
a decrease in the number of contracts reserved for small businesses, or small business set asides, which could result in our inability to compete directly for these prime contracts; and
curtailment of the government uses of IT or related professional services.
We rely on software-as-a-service vendors to operate certain functions of our business and any failure of such vendors to provide services to us could adversely impact our business and operations.
We rely on third-party software-as-a-service vendors to operate certain critical functions of our business, including financial management and human resource management. If these services become unavailable due to extended outages or interruptions or because they are no longer available on commercially reasonable terms or prices, our expenses could increase, our ability to manage our finances could be interrupted and our processes for managing sales of our solutions and supporting our customers could be impaired until equivalent services, if available, are identified, obtained and integrated, all of which could harm our business.
Risks Related to our Common Stock
Upon exercise of our outstanding options or warrants and conversion of our convertible notes we will be obligated to issue a substantial number of additional shares of common stock which will dilute our present stockholders.
We are obligated to issue additional shares of our common stock in connection with our outstanding options, warrants, and convertible notes. As of December 31, 2023, there were options, warrants, convertible notes outstanding, convertible into 147,631, 161,472 and 143,564 shares of common stock, respectively, at prices ranging from $1.00 to $18.75 per share. The exercise, conversion or exchange of warrants or convertible securities, including for other securities, will cause us to issue additional shares of our common stock and will dilute the percentage ownership of our stockholders. In addition, we have in the past, and may in the future, exchange outstanding securities for other securities on terms that are dilutive to the securities held by other stockholders not participating in such exchange.
Table of Contents
Our stock price is volatile and could be further affected by events not within our control.
The trading price of our common stock has been volatile and will continue to be subject to volatility in the trading markets and other factors.
The closing market price for our common stock varied between a low of $0.40 and a high of $2.75 in 2023. This volatility may affect the price at which a stockholder could sell its shares of common stock, and the sale of substantial amounts of our common stock could adversely affect the price of our common stock. Our stock price is likely to continue to be volatile and subject to significant price and volume fluctuations in response to market and other factors, including variations in our quarterly operating results and announcement by us or our competitors of significant acquisitions, strategic partnerships, joint ventures, or capital commitments.
Our common stock is currently quoted on the expert market. Because there is a limited public market for our common stock, a stockholder may not be able to buy or sell shares when he or she wants. We cannot assure you that an active trading market for our common stock will ever develop.
There is limited trading in our common stock, and we cannot assure you that an active public market for our common stock will ever develop. The lack of an active public trading market means that a stockholder may not be able to sell shares of common stock when wanted, thereby increasing market risk. Until our common stock is listed on an exchange, we expect that the shares will continue to be quoted on the expert market. However, an investor may find it difficult to obtain accurate quotations regarding the common stock’s market value. In addition, if we failed to meet the criteria set forth in SEC regulations, various requirements would be imposed by law on broker-dealers who sell our securities to persons other than established customers and accredited investors. Consequently, such regulations may deter broker-dealers from recommending or selling our common stock, which may further affect the shares’ liquidity. Moreover, our ability to obtain future financing may be adversely affected by the consequences of our common stock trading on the expert market.
Our common stock may be considered a “penny stock” and may be difficult to buy or sell.
The SEC has adopted regulations which generally define “penny stock” to be an equity security that has a market or exercise price of less than $5.00 per share, subject to specific exemptions. The market price of our common stock is currently below $5.00 per share and therefore may be designated as a “penny stock” according to SEC rules. This designation requires any broker or dealer selling these securities to disclose certain information concerning the transaction, obtain a written agreement from the purchaser and determine that the purchaser is reasonably suitable to purchase the securities. These rules may restrict the ability of brokers or dealers to accept our share certificates into a customer account and may affect the ability of our stockholders to sell their shares.
Concentration of ownership among our existing executive officers, directors and holders of 5% or more of our outstanding common stock may prevent new investors from influencing significant corporate decisions.
As of December 31, 2023, our executive officers and directors owned, in the aggregate, approximately 16.8% of our outstanding common stock. In addition, there are a few holders of 5% or more of our outstanding common who are not our officers and directors. As a result, such persons, acting together, have significant ability to control our management and affairs and substantially all matters submitted to our stockholders for approval, including the election and removal of directors and approval of any significant transaction. This concentration of ownership may have the effect of delaying, deferring or preventing a change in control, impeding a merger, consolidation, takeover or other business combination involving us, or discouraging a potential acquirer from making a tender offer or otherwise attempting to obtain control of our business, even if such a transaction would benefit other stockholders.
Offers or availability for sale of a substantial number of shares of our common stock may cause the price of our common stock to decline.
Sales of large blocks of our common stock over a short time last fall could have a significant adverse effect on our common stock price. If our existing stockholders and investors seek to sell a substantial number of shares of our common stock, such selling efforts may cause significant declines in the market price of our common stock. The existence of an overhang, which is the potential dilution in the value of our common stock due to outstanding convertible notes, warrants and stock options, whether or not sales have occurred or are occurring, also could make our ability to raise additional financing through the sale of equity or equity-linked securities more difficult in the future at a time and price that we deem reasonable or appropriate. If our existing stockholders and investors seek to sell a substantial number of shares of our common stock, such selling efforts may cause significant declines in the market price of our common stock.
O ur common stock may be affected by limited trading volume and price fluctuations, which could adversely impact the value of our common stock.
Our common stock has experienced, and is likely to experience in the future, significant price and volume fluctuations, which could adversely affect the market price of our common stock without regard to our operating performance. In addition, we believe that factors such as quarterly fluctuations in our financial results and changes in the overall economy or the condition of the financial markets could cause the price of our common stock to fluctuate substantially. These fluctuations may also cause short sellers to periodically enter the market in the belief that we will have poor results in the future. We cannot predict the actions of market participants and, therefore, can offer no assurances that the market for our common stock will be stable or appreciate over time.
Table of Contents
Because we do not intend to pay cash dividends on our shares of common stock, any returns will be limited to the value of our shares.
We currently anticipate that we will retain future earnings for the development, operation and expansion of our business and do not anticipate declaring or paying any cash dividends for the foreseeable future. Any return to stockholders will therefore be limited to the increase, if any, of our share price.
If securities analysts do not publish or cease publishing research or reports or publish misleading, inaccurate or unfavorable research about our business or if they publish negative evaluations of our stock, the price and trading volume of our stock could decline.
The trading market for our common stock will rely, in part, on the research and reports that industry or financial analysts publish about us or our business. We do not currently have, and may never obtain, research coverage by industry or financial analysts. If no, or few, analysts commence coverage of us, the trading price of our stock would likely decrease. Even if we do obtain analyst coverage, if one or more of the analysts covering our business downgrade their evaluations of our stock or publish inaccurate or unfavorable research about our business, or provide more favorable relative recommendations about our competitors, the price of our stock could decline. If one or more of these analysts cease to cover our stock, we could lose visibility in the market for our stock, which in turn could cause our stock price and trading volume to decline.
