UNITED STATES SECURITIES AND EXCHANGE COMMISSION
Washington, D.C. 20549
ANNUAL REPORT PURSUANT TO SECTION 13 OR 15(d) OF THE SECURITIES EXCHANGE ACT OF 1934
For the Fiscal Year Ended April 1, 2022
TRANSITION REPORT PURSUANT TO SECTION 13 OR 15(d) OF THE SECURITIES EXCHANGE ACT OF 1934
For the Transition Period from to
Commission File Number 000-17781
(Exact name of registrant as specified in its charter)
(State or other jurisdiction of incorporation or organization)
(I.R.S. Employer Identification No.)
60 E. Rio Salado Parkway,
(Address of principal executive offices)
Registrant’s telephone number, including area code:
Securities registered pursuant to Section 12(b) of the Act:
Title of each class
Name of each exchange on which registered
par value $0.01 per share
The Nasdaq Stock Market LLC
Securities registered pursuant to Section 12(g) of the Act:
(Title of class)
Indicate by check mark if the registrant is a well-known seasoned issuer, as defined in Rule 405 of the Securities Act. Yes ☐ No ☑
Indicate by check mark if the registrant is not required to file reports pursuant to Section 13 or 15(d) of the Exchange Act. Yes ☐ No ☑
Indicate by check mark whether the registrant (1) has filed all reports required to be filed by Section 13 or 15(d) of the Securities Exchange Act of 1934 during the preceding 12 months (or for such shorter period that the registrant was required to file such reports), and (2) has been subject to such filing requirements for the past 90 days. Yes ☑ No ☐
Indicate by check mark whether the registrant has submitted electronically every Interactive Data File required to be submitted pursuant to Rule 405 of Regulation S-T (§ 232.405 of this chapter) during the preceding 12 months (or for such shorter period that the registrant was required to submit such files). Yes ☑ No ☐
Indicate by check mark whether the registrant is a large accelerated filer, an accelerated filer, a non-accelerated filer, a smaller reporting company, or an emerging growth company. See the definitions of “large accelerated filer,” “accelerated filer,” “smaller reporting company,” and “emerging growth company” in Rule 12b-2 of the Exchange Act.
Large accelerated filer
Smaller reporting company
Emerging growth company
If an emerging growth company, indicate by check mark if the registrant has elected not to use the extended transition period for complying with any new or revised financial accounting standards provided pursuant to Section 13(a) of the Exchange Act. ☐
Indicate by check mark whether the registrant has filed a report on and attestation to its management’s assessment of the effectiveness of its internal control over financial reporting under Section 404(b) of the Sarbanes-Oxley Act (15 U.S.C. 7262(b)) by the registered public accounting firm that prepared or issued its audit report. ☑
Indicate by check mark whether the registrant is a shell company (as defined in Rule 12b-2 of the Act). Yes ☐ No ☑
Aggregate market value of the voting stock held by non-affiliates of the registrant, based upon the closing sale price of NortonLifeLock common stock on October 1, 2021 as reported on the Nasdaq Global Select Market: $9,832,405,362. Solely for purposes of this disclosure, shares of common stock held by each executive officer, director, and holder of 5% or more of the outstanding common stock have been excluded as of such date because such persons may be deemed to be affiliates. This determination of possible affiliate status is not a conclusive determination for any other purposes.
The number of shares of NortonLifeLock common stock, $0.01 par value per share, outstanding as of May 19, 2022 was 580,064,068 shares.
DOCUMENTS INCORPORATED BY REFERENCE
Portions of the registrant’s definitive proxy statement for the 2022 annual meeting of stockholders are incorporated herein by reference into Part III of this Annual Report on Form 10-K where indicated. Such Proxy Statement will be filed with the Securities and Exchange Commission within 120 days of the registrant’s fiscal year ended April 1, 2022.
For the Fiscal Year Ended April 1, 2022
TABLE OF CONTENTS
“NortonLifeLock,” “we,” “us,” “our,” and “the Company” refer to NortonLifeLock Inc. and all of its subsidiaries. NortonLifeLock, the NortonLifeLock Logo, the Checkmark Logo, Norton, LifeLock, and the LockMan Logo are trademarks or registered trademarks of NortonLifeLock Inc. or its affiliates in the United States (U.S.) and other countries. Other names may be trademarks of their respective owners.
FORWARD-LOOKING STATEMENTS AND FACTORS THAT MAY AFFECT FUTURE RESULTS
The discussion below contains forward-looking statements, which are subject to safe harbors under the Securities Act of 1933, as amended (the Securities Act) and the Exchange Act of 1934, as amended (the Exchange Act). Forward-looking statements include references to our ability to utilize our deferred tax assets, as well as statements including words such as “expects,” “plans,” “anticipates,” “believes,” “estimates,” “predicts,” “goal,” “intent,” “momentum,” “projects,” and similar expressions. In addition, projections of our future financial performance; anticipated growth and trends in our businesses and in our industries; the anticipated impacts of acquisitions, restructurings, stock repurchases, and investment activities; the outcome or impact of pending litigation, claims or disputes; our intent to pay quarterly cash dividends in the future; plans for and anticipated benefits of our solutions; matters arising out of the ongoing U.S. Securities and Exchange Commission (the SEC) investigation; the impact of the COVID-19 pandemic on our operations and financial performance; and other characterizations of future events or circumstances are forward-looking statements. These statements are only predictions, based on our current expectations about future events and may not prove to be accurate. We do not undertake any obligation to update these forward-looking statements to reflect events occurring or circumstances arising after the date of this report. These forward-looking statements involve risks and uncertainties, and our actual results, performance, or achievements could differ materially from those expressed or implied by the forward-looking statements on the basis of several factors.
These and other risks are described under Item 1A. Risk Factors. We encourage you to read that section carefully.
ITEM 1. Business
Vision & Mission
Our vision is to protect and empower people to live their digital lives safely.
Our mission is to build a comprehensive and easy-to-use integrated portfolio that prevents, detects and responds to cyber threats and cybercrimes in today’s digital world.
Protecting people is what inspires us, and our people are at the core of what we do. We seek to attract talent that embraces the following values:
•Advocate: Think Consumer First – ensure the customer’s voice is heard and consider how our actions benefit our customers’ digital lives.
•Be Empowered: Own It – take the initiative to lead and speak up when we see an opportunity to delight our customers or improve the business, regardless of job title.
•Communicate: Be Open and Authentic – being true to ourselves and our mission; we build cross-functional and inclusive connections to stay aligned and move faster, and we operate with integrity.
•Execute: Smart and Scrappy - be a leader, quick to adapt, willing to take risks and put yourself out there; be agile in adapting to meet new challenges and continue a constant learning journey.
•Win Together: Innovate and Grow – welcome diverse perspectives and seek and act on feedback; champion the unique value of every individual; diversity fuels innovation.
NortonLifeLock has the largest consumer Cyber Safety platform in the world, empowering nearly 80 million users in more than 150 countries.
Our business is built around consumers, we are a trusted brand for customers, and we are number one top of mind company in consumer Cyber Safety, according to the 2021 NortonLifeLock brand tracking study.
Today’s world is increasingly digital, and this digital world has changed the way we live our lives every day. Between the massive shift to working and learning from home, and the ever-growing utility and opportunities to play and transact online, people’s digital lives have become the norm. With each new digital interaction comes increased risk for consumers, as cybercriminals look to take advantage of these accelerating trends. This is why we view ourselves as a trusted ally for our customers in a complex digital world and are committed to advancing our vision of protecting and empowering each element of their digital lives.
We are uniquely positioned for driving the awareness of Cyber Safety for individuals, fueled by an increasingly connected world. We maintain a global, multi-channel direct acquisition and brand marketing program. This program is designed to grow our customer base by increasing brand awareness and understanding of our products and services and maximizing our global reach to prospective customers.
We help prevent, detect and restore potential damages caused by many cyber criminals. We also make it easy for consumers to find, buy and use our products and services. To this end, we sell subscription-based Cyber Safety solutions primarily direct-to-consumer through our portfolio of websites and indirectly through partner relationships with retailers, telecom service providers, hardware original equipment manufacturers (OEMs), strategic partners and employee benefit providers. Most of our subscriptions are sold on annual terms, but we also offer monthly subscriptions. As of April 1, 2022, we have nearly 80 million total users, which come from direct, indirect and freemium channels. Of the total users, we have over 23 million direct customers with whom we have a direct billing relationship.
•Direct-to-consumer channel: We use advertising and direct response marketing to elevate our brand, attract new customers and generate significant demand for our services. We have a direct billing relationship with these customers.
•Indirect partner distribution channels: We use strategic and affiliate partner distribution channels to refer prospective customers to us and expand our reach to our partners’ and affiliates’ customer bases. We developed and implemented a global partner sales organization that targets new, as well as existing, partners to enhance our partner distribution channels. These channels include retailers, telecom service providers, hardware OEMs, employee benefit providers, mobile app stores and strategic partners. Physical retail and OEM partners represent a small portion of our distribution, which minimizes the impact of supply chain disruptions.
•Freemium channel: With the acquisition of Avira, we have expanded our go-to-market with a freemium channel. We use free versions of our products to reach the broadest set of customers globally and bring Cyber Safety to a larger audience, especially in international markets. The free solution offers a baseline of protection and presents premium functionalities based on the risk profile and device-type of the user. The user can become a member of our paid customer base if they choose to add specific premium solutions or upgrade to Avira Prime, a suite of security and privacy solutions across multiple platforms and devices.
As is typical for many consumer technology companies, portions of our business are impacted by seasonality. However, we believe the net impact on our business is limited. Seasonal behavior in orders primarily reflects consumer spending patterns where our fiscal third and fourth quarters are higher due to the holidays in our third quarter, as well as follow-on holiday purchases and the U.S. tax filing season which typically is in our fourth quarter. Revenue generally reflects similar seasonal patterns but to a lesser extent than orders because of our subscription business model, as a large portion of our in-period revenues are recognized ratably from our deferred revenue balance.
Our strategy is focused on profitable growth, allowing consumers to experience Cyber Safety. To fuel our growth, our consumer-centric strategy is to provide a comprehensive and easy-to-use integrated platform, which we have built in-house. By combining and leveraging our entire brand portfolio, including offerings from Norton, LifeLock, Avira and others, we are able to deliver an industry-leading set of Cyber Safety solutions.
The key elements of our strategy include the following:
•Extend our leadership position through continued enhancement of our solutions and services: The Cyber Safety industry is large and expanding, which we believe provides a significant growth opportunity. Our strategy is to grow our business by investing in research and development and pursuing acquisitions, where appropriate, to expand the solutions and services we offer into new cohorts, territories and sectors. We believe there are many additional areas where we can both offer new solutions, as well as use our core capabilities and our integrated platform to reach new customers and markets globally.
•Grow our customer base through multiple channels: We have multiple go-to-market channels to reach new customers globally, including direct-to-customer, indirect partnerships and freemium. We intend to leverage our expertise in digital marketing, as well as existing and new strategic partnerships, to grow our customer base. We believe that continued investments in these areas, as well as our product offerings and infrastructure, will allow us to further enhance our leading brands and superior products, increase awareness of our consumer services and enhance our ability to efficiently acquire new customers.
•Continue our focus on customer retention: We plan to invest in increasing customer retention by optimizing and expanding the value we provide to customers. We aim to continue to increase customer engagements through actionable alerts, education on timely topics and introducing new product capabilities. We plan to also continue investing in enhancing both desktop and mobile customer experiences throughout a customer’s journey with NortonLifeLock, from purchase, to onboarding and beyond. We aim to build long-term relationships with our customers and to provide our customers with the peace of mind and confidence they need to protect their digital lives.
•Increase value to existing customers: We believe strong customer satisfaction will provide us with the opportunity to engage customers in new services offerings. We maintain the Norton 360 platform, with multiple tiers of membership, and we are actively engaging with customers of standalone products to offer a Norton 360 membership. We also believe a substantial opportunity exists to increase the penetration of our premium-level consumer solutions. Over time, we plan to drive further growth as we add additional offerings and services for our customers.
•Draw strength from our world-class customer service support: We have the largest consumer Cyber Safety customer support organization in the world. Our global support team seeks to ensure the voice of the consumer is heard and that we put our customers first. We leverage frequent communication and feedback from our customers to continually improve our solutions and services. We embrace end-to-end customer experience and aim to continue to improve our Net Promoter Scores and overall customer satisfaction.
•Leverage our global brands to drive growth: We will work to keep building our trusted brands in markets globally as we strive to bring protection and empowerment to all consumers when it comes to their digital lives. According to our most recent research, Norton has 87% global brand awareness and 82% for device security. We are best positioned and number one top of mind in consumer Cyber Safety, according to the 2021 NortonLifeLock Brand Impact study.
Our Cyber Safety Solutions and Services
Our vast portfolio of products and services are developed from consumer insights to help us bring to market real solutions to real problems and to raise the overall awareness of consumer Cyber Safety across all audiences. We continuously target to release new products and features at an accelerated pace and find synergies to integrate current and future technology acquisitions.
Our full portfolio provides protection across three Cyber Safety categories in multiple channels and geographies, including security, identity protection, and online privacy. We have built a technology platform that brings together software and service capabilities into a comprehensive and easy-to-use integrated platform – it is called Norton 360. The Norton 360 integrated platform provides extensive Cyber Safety coverage to our members, delivering Cyber Safety subscription solutions with industry leading features, coupled with an integrated user experience. Through our platform, we aim for simplicity and peace of mind for the consumers. We also complement this Cyber Safety platform by offering adjacent trust-based solutions, which enables people to live their digital lives without compromising their security, identity or privacy.
We protect and empower consumers by providing solutions and services in two main ways:
•Comprehensive membership plans: Providing a complete Cyber Safety portfolio of solutions for a membership fee. Plans are offered through Norton 360 subscriptions, which include multiple levels of membership tiers that incorporate solutions from each of our key Cyber Safety categories: Security, Identity Protection and Online Privacy. We also offer solutions that target specific needs of consumers such as Norton Family and Norton 360 for Gamers. Norton Family brings the protection and security of our products to every member of the family across multiple devices and platforms. Norton 360 for Gamers is designed by gamers to help protect gamers; we aim to provide the protection and features gamers need the most, while minimizing interruptions to gaming.
•Point solutions: Providing individual, stand-alone products and services in security, identity and privacy, which offers flexibility for consumers to choose between free or paid solutions.
We are positioned across three key Cyber Safety categories:
•Security (Norton and Avira offerings): Our Norton 360 and Avira offerings provide real-time protection for PCs, Macs and mobile devices against malware, viruses, adware, ransomware and other online threats. These offerings monitor and block unauthorized traffic from the internet to the device to help protect private and sensitive information when customers are online. For mobile devices, Norton 360 for Mobile alerts customers of risky apps, safeguards against fraudulent and malicious websites, identifies Wi-Fi networks that are under attack, enables stolen device recovery and blocks unwanted spam and potential fraud calls. Norton 360 includes 24x7 support by trained support agents. We provide on-call support and offer a money-back guarantee if we cannot remove viruses from infected devices through our Virus Protection Promise. We also have Norton Utilities Ultimate, a performance offering that optimizes Windows PC capabilities for faster, smoother and more secure internet browsing, gaming or content streaming. This offering helps boost PC performance while also recovering lost files and protecting sensitive information.
•Identity Protection (Norton and LifeLock Identity Theft Protection, Dark Web Monitoring, Home Title Protect, Social Media Monitoring): Our Norton and LifeLock identity theft protection solution includes monitoring, alerts and restoration services to help safeguard our customers’ personal information. We monitor events that may present a risk of identity theft, such as new account openings and applications. If we detect that a customer’s personally identifiable information is being used, we deliver notifications and alerts to our customers about potentially suspicious activity. In the event of identity theft, we assign an Identity Restoration Specialist to work directly with customers to help restore their identities. Customers are further protected by our Million Dollar Protection Package, which provides reimbursement for stolen funds and coverage for personal expenses. Our Dark Web Monitoring product looks for personal information of our Norton 360 members on the Dark Web. We currently offer this product in many countries internationally and continue to add new countries each year. Our Home Title Protect product detects fraud and notifies members if we find changes made to their Home Title. Our Social Media Monitoring features help keep customers’ social media accounts safer by monitoring them for account takeovers, risky activity and inappropriate content. Social Media Monitoring keeps a pulse on customers’ social media accounts, notifying them of suspected account compromise or potentially risky links in their account feed.
•Online Privacy (VPN, Privacy Monitor Assistant, AntiTrack, Online Reputation Management): As people are exchanging more sensitive information through digital channels, such as personal healthcare information to enable tele-health or financial information for personal accounting, having a VPN has become even more crucial. Our VPN solution enhances security and online privacy by providing an encrypted data tunnel. This allows customers to securely transmit and access private information, such as passwords, bank details and credit card numbers, when using public Wi-Fi on PCs, Macs and mobile iOS and Android devices. Our VPN service allows customers to browse the Web anonymously to protect their online privacy and prevent tracking by online advertisers and other companies. Customers can also change their virtual location when they are traveling internationally to allow them to connect to their favorite apps, websites and online streaming services as if they are in their home country. Our Privacy Monitor Assistant is an on-demand, white glove service where our agents help our members delete personal information from Data brokers online. Our AntiTrack product helps keep personal information and browsing activity private by blocking trackers and disguising digital fingerprints online. This allows customers to browse anonymously and go beyond clearing cookies to obscure digital fingerprints. Our Online Reputation Management solutions help extend and strengthen NortonLifeLock’s privacy capabilities and functionalities, such as the ability to manage online search results, personal branding and digital privacy. These solutions can help our customers control their search results by promoting positive search results or suppressing incorrect search results, or help our customers protect their family’s privacy by hiding or removing sensitive personal information.
Innovation and Research & Development
NortonLifeLock has a long history of innovation, and we plan to continue to invest in research and development to drive our long-term success.
As cyber threats evolve, we are focused on delivering a portfolio that protects each element of our customers’ digital lives. To do this, we engage and listen to our customers, and we embrace innovation by deploying a global research and development strategy across our Cyber Safety platform. Our engineering and product management teams are focused on delivering new versions of existing offerings, as well as developing entirely new offerings to drive the company’s global leadership in Cyber Safety.
We are committed to our innovation and research & development efforts. Norton Labs, a global team of experts, is leading the company’s future technology and helping guide the consumer cybersecurity industry. Within Norton Labs, our global technology research organization is focused on applied research projects, with the goal of rapidly creating new products to address consumer trends and grow the business, including defending consumer digital privacy and identity. We also have a global threat response and security technology organization that is comprised of leading threat and security researchers, supported by advanced systems to innovate security technology and threat intelligence.
Industry Overview & Market Opportunity
Cyber Safety is a growing market, fueled by the increase in activities online over the years as well as the years ahead. The core markets that we participate in are security, identity and privacy. We believe the Cyber Safety market will continue to expand beyond these core markets and grow significantly, driven by the growing number of people connected to the Internet who have a digital life.
The cyber threat landscape is larger and more complicated than ever before, exposing consumers to an increased risk to their digital lives. The digitization of the world and the overlap between the physical and digital world is growing at a fast pace. New technologies, smart devices, digital identities and an increasingly more connected world means consumers will encounter a range of new Cyber Safety challenges. Consumer demands and behaviors are rapidly changing and driving more activities online, from shopping, socializing, working, banking, to other activities in healthcare, entertainment and so much more. Almost every aspect of a person’s life has a digital component. Unfortunately, many of those activities are left unprotected, and attackers are exploiting this larger opportunity and the inherent security and privacy vulnerabilities. Cybercriminals have not only expanded their reach, but the sophistication of digital threats and attacks are becoming increasingly more consumer-related.
Cybercrime, and the ways in which cybercriminals target consumers, continue to evolve along with behaviors and technology. Cybercrime encompasses any crime committed with devices over the internet and includes crimes where (i) malicious software or unauthorized access is detected on a device, network or online account (such as email, social media, online banking, crypto currency, online retail, gaming, online entertainment, etc.), and unauthorized access or connection to cloud service accounts; (ii) an individual is digitally victimized through a data breach, cyber theft, cyber extortion, or fraud (stolen personally identifiable information, identity theft, etc.); (iii) online stalking, bullying, or harassment is inflicted; or (iv) attacks related to privacy or disinformation (such as online tracking protection, identity impersonation, disinformation on social media, DeepFakes, non-trustworthy WiFi network, EvilTwin attacks, etc.).
As cybercrime becomes an intensifying threat to our world, consumers are increasingly concerned. Our annual Norton Cyber Safety Insights Report examines the impact of cybercrime and consumers’ online behaviors and concerns related to their online security, privacy and identity. According to the 2022 report, which is based on research conducted online by The Harris Poll on behalf of us, more than 415 million people across 10 countries were victims of cybercrime and more than 81 million people were victims of identity theft over the past year. Cybercrime victims collectively spent nearly 4.4 billion hours trying to resolve their issues and half of these victims were impacted financially. For more insights or information related to our Norton Cyber Safety Insights Report, please visit https://www.nortonlifelock.com/us/en/norton-cyber-safety-center.
We operate in a highly competitive and dynamic environment. We face global competition from a broad range of companies, including software vendors focusing on Cyber Safety solutions, operating system providers such as Apple, Google and Microsoft, and ‘pure play’ companies that currently specialize in one or a few particular segments of the market and many of which are expanding their product portfolios into different segments. We believe the competitive factors in our market include innovation, access to a breadth of identity and consumer transaction data, broad and effective service offerings, brand recognition, technology, effective and cost-efficient customer acquisition, having a strong retention rate, customer satisfaction, price, convenience of purchase, ease of use, frequency of upgrades and updates and quality and reliable customer service. Our competitors may vary by offering, geography, business model and channel.
Our principal competitors are set forth below:
•Security: Our principal competitors in this segment include Apple, Avast, Bitdefender, Google, Kaspersky, McAfee, Microsoft and Trend Micro.
•Identity Protection: Our principal competitors in this segment include credit bureaus such as Equifax, Experian and TransUnion, as well as certain credit monitoring and identity theft protection solutions from others such as Allstate, Aura and Credit Karma.
•Online Privacy: Our principal competitors in this segment include Aura (which recently acquired Pango), Avast, Kape (which recently purchased ExpressVPN), NordVPN (now NordSecurity), Life360 and Bark.
•Other Competitors: In addition to competition from independent software vendors such as Avast, Bitdefender, Kaspersky, McAfee and Trend Micro, and from OS providers such as Apple, Google and Microsoft, we also face competition from other companies that currently focus on one or a few Cyber Safety or adjacent segments but are developing additional competing products and expanding their portfolios into new segments, such as ‘pure play’ companies, ISPs, big tech platform providers, insurance companies and financial service organizations.
We believe we compete favorably with our competitors on the strength of our technology, people, product offerings and presence in all of the current key Cyber Safety categories. However, some of our competitors have greater financial, technical, marketing, distribution or other resources than we do, including in new Cyber Safety and digital life segments we may enter, which consequently affords them competitive advantages. As a result, they may be able to devote greater resources to develop, promote and sell their offerings; deliver competitive offerings at lower prices or for free; and introduce new solutions and respond to market developments and customer requirements and preferences more quickly or cost effectively than we can. In addition, for individual solutions or features, smaller, well-funded competitors may be able to innovate and adapt more nimbly to the dynamic nature of the market and shift consumer needs.
For more information on the risks associated with our competitors, please see “Risk Factors” – Risks Related to Our Business Strategy and Industry – “We operate in a highly competitive and dynamic environment, and if we are unable to compete effectively, we could experience a loss in market share and a reduction in revenue” and “We may need to change our pricing models to compete successfully,” in Item 1A included in this Annual Report on Form 10-K.
Environmental, Social and Governance (ESG)
Building a brand centered on trust is critically important, and our focus on corporate responsibility helps us earn trust from our users, employees, investors and shareholders. As such, environmental, social and governance topics are core to our business strategy:
•Environment: Protecting our planet is fundamental to ensuring a safe and sustainable future. We work to reduce greenhouse gas emissions from our operations through operational efficiencies, reduce the environmental footprint of our products across their lifecycle through innovative approaches to product development and packaging, promote high standards for environmental stewardship in our supply chain and engage with employees and environmental partners to amplify our work. We believe we can contribute to a future where the natural world is thriving and call these efforts Environmental Stewardship.
•Social: We are proud to support the communities where our team members live and work. Our community impact programs include employee volunteering and giving, product donations, signature programs that leverage our unique expertise in increasing digital safety literacy, and corporate philanthropic giving focused on digital safety education; diversity, equity, and inclusion; environmental action; and disaster response. We also support diversity, equity, and inclusion and employee engagement, discussed in more detail in the Human Capital Management subsection.
•Governance: Governance covers many core operating principles overseen by the Nominating and Governance Committee of our Board of Directors. This committee has oversight of Corporate Responsibility issues and receives quarterly updates on topics such as diversity, ethics, environmental stewardship and community investment. Our global culture of responsibility, and the positive contributions we make to the customers, employees, communities, and other stakeholders that we serve drives value for our business.
Setting strategic, achievable, and business-aligned corporate responsibility objectives helps to guide our work and improves our company performance. We align our objectives with the company’s financial goals and focus on the unique positive social and environmental impacts that our business model can have on the world.
Our objectives include:
•Data Privacy and Protection: We safeguard our customer, partner and employee data and offer products, including Norton Privacy Monitor Assistant that help consumers protect their personal data wherever it is found.
•Cyber Safety: We leverage our leading expertise and technology in Cyber Safety to protect communities. Malicious phone and computer applications, known as stalkerware, are used to harass, control and harm people. We are a founding member of the Coalition Against Stalkerware and donate products to victims to help keep their personal data protected. We also provide Cyber Safety training to help empower victims and survivors to reduce their vulnerability. Additional examples of our efforts include our partnership with the World Association of Girl Guides and Girl Scouts on the Surf Smart program to empower girls to keep themselves and others safe online and The Smart Talk, a free tool co-created in partnership with National PTA.
•Diversity, Equity & Inclusion in Technology: We are focused on bringing more women and under-represented groups into cybersecurity and tech. We do this by investing in high-impact, nonprofit organizations. We have made a three-year commitment to the Reboot Representation tech coalition, which is dedicated to doubling the number of Black, Latina and Native American women graduating with computing degrees by 2025. We also support Women4Cyber in Europe and the NASSCOM Foundation’s Cyber Security Skills Development Initiative for Women in India. In fiscal 2022, approximately 62% of NortonLifeLock Foundation grants across all objectives had a focus on Diversity, Equity and Inclusion.
•Employee Volunteering & Giving: We have created a variety of opportunities for employee volunteering and giving and work to increase employee participation rates. In fiscal 2021, we launched a virtual volunteer program with team building opportunities and joint events with our Diversity and Inclusion Communities. We offer employees paid time off to volunteer, have an employee matching gift program and provide dollars-for-doers grants to encourage volunteer service. Our employee participation rate in our volunteering and giving program was 41% in fiscal 2022.
•Environmental Stewardship: We finalized and launched our new environmental strategy, which focuses on climate and energy, sustainable products, our supply chain, engagement with employees and nonprofit partners and being transparent about our progress and commitments.
Our annual ESG and Corporate Responsibility Report can be found via the NortonLifeLock website at https://www.nortonlifelock.com/about/corporate-responsibility.
Human Capital Management
Our human capital management strategy reflects our unique values and growth mindset. Working in close partnership with our Board of Directors on our talent management strategy, we work hard to lead, develop and grow our diverse team. We strive to be a diverse, vibrant community with strong values and a shared commitment to each other, the work we do and the world we all share.
At NortonLifeLock, our mission is to build a comprehensive and easy-to-use integrated portfolio that prevents, detects and responds to cyber threats and cybercrimes in today’s digital world. Our success in helping achieve this mission depends, in large part, on the success of our employees.
•General Employee Demographics: As of April 1, 2022, we employed nearly 2,700 employees in 24 countries worldwide, with approximately 1,200 located in the U.S. None of our U.S. employees are represented by a labor union or covered by a collective bargaining agreement. We are focused on attracting, developing, rewarding and retaining a diverse and truly global team. The Compensation and Leadership Development Committee of our Board of Directors oversees senior management compensation and development, and our Board is invested in our talent management strategies, including DEI, culture and engagement.
•Diversity, Equity and Inclusion (DEI): Our mission is to increase our global representation of underrepresented groups at all levels (diversity), where everyone has an opportunity for development and advancement (equity) and is able to bring their whole selves to work and feel valued every day (inclusion). This mission is built upon four foundational pillars: (1) measurement and accountability; (2) fostering an inclusive environment; (3) diversifying our workforce; and (4) employee development and retention, which are designed to support, attract, retain and develop the best talent.
Clear and actionable multi-year representation goals are set at the leadership level, and tracking the data regularly to assess our progress and drive accountability go hand in hand. We ask applicants, new hires and employees to self-identify not only their demographics, but also important characteristics to help us better measure the diversity of our applicant pool and of our team to derive insights and actionable people strategies. In fiscal 2022, we publicly disclosed our most recent US Equal Employment Opportunity Commission EEO-1 Component 1 Data Collection Report on our investor relations website located at https://investor.nortonlifelock.com/governance/governance-documents/.
Inclusion is something we strive for and invest in every day. Raising awareness and appreciation of various diversity topics via our learning curriculum, global all employee conversations, published Blogs and active employee engagement. We measure belonging as a key metric in our quarterly NGage employee surveys. We are proud to support our several employee resource groups communities for people to come together as allies, to learn, support, mentor, and celebrate with one another and to provide an environment where everyone feels seen, heard, respected and valued.
Diversity is a key pillar of our talent management strategy. As of April 1, 2022, women represented 33% of our workforce and held positions in 33% of our leadership. In addition, as of April 1, 2022, women represented 44% of our Board of Directors and half of our independent board membership. We partner with Work180, a women-focused recruitment site that only lists career opportunities from employers that support diversity, inclusion and flexibility. We post positions on several diverse recruiting sites, including Black Tech Jobs, Jobs for Her and Women Who Code.
As part of our ongoing focus on employee development, we extended our participation in McKinsey & Company’s Connected Leaders Academy for our Asian, Black and Hispanic-Latino leaders. Additionally, we had women globally attend the Women in Tech conference and several employees attended the Out & Equal Global Workplace Summit.
•Employee Development, Engagement and Training: We increased our investment in learning and development in fiscal 2022, launching Nvest Learning programs for all employees leveraging an extensive breadth of content and learning opportunities. This umbrella of offerings includes Nvest Mentorship, Nvest eLearning and Nvest NLOK University.
Our homegrown Nvest Mentorship program and platform continued to grow and now boasts over 200 active mentors and mentees. Nvest eLearning, a collection of digital, on-demand modules categorized around leadership, health and wellness, business skills, and technical skills, launched in the second quarter of fiscal 2022 with a steady increase in participation during the year with over 600 individual learners. We also provide group learning designed around TED Talks on topics including leadership, change management and further diversity, equity and inclusion efforts.
Nvest NLOK University (Nvest NU) launched in the third quarter of fiscal 2022 and is a leadership program that offers best-in-class content from Harvard ManageMentor that inspires, engages and invests in current and emerging leaders by leveraging 42 course options and group learning opportunities. Hundreds of recognition badges and certificates have been awarded to recognize various levels of achievement.
Feedback from our employees is critical, and we have developed an ongoing dialogue with our teams via our quarterly Ngage pulse survey on a targeted topic that drives actions and improvements.
•Human Capital Governance: We partner closely with our Board of Directors and the Compensation and Leadership Development Committee on our strategies and objectives related to talent management, talent acquisition, leadership development, retention and succession, DEI and employee engagement.
We are a leader amongst Cyber Safety solutions for consumers in pursuing patents and currently have a portfolio of over 1,000 U.S. and international patents issued with many pending. We protect our intellectual property rights and investments in a variety of ways to safeguard our technologies and our long-term success. We work actively in the U.S. and internationally to ensure the enforcement of copyright, trademark, trade secret and other protections that apply to our software products and services. The term of the patents we hold is, on average, twelve years. From time to time, we enter into cross-license agreements with other technology companies covering broad groups of patents; we have an additional portfolio of over 2,100 U.S. and international patents cross-licensed to us as part of our arrangement with Broadcom as a result of the asset sale of our former Enterprise Security business.
Circumstances outside our control could pose a threat to our intellectual property rights. Effective intellectual property protection may not be available, and the efforts we have taken to protect our proprietary rights may not be sufficient or effective. Any significant impairment of our intellectual property rights could harm our business or our ability to compete. In addition, protecting our intellectual property rights is costly and time consuming. Any unauthorized disclosure or use of our intellectual property could make it more expensive to do business and harm our operating results.
In addition, companies in the technology industry may own a large number of patents, copyrights and trademarks and may frequently request license agreements, threaten litigation, or file suit against us based on allegations of infringement or other violations of intellectual property rights.
For more information on the risks associated with our intellectual property, please see “Risk Factors” in Item 1A included in this Annual Report on Form 10-K.
Information Security and Risk Oversight
We maintain a comprehensive technology and cybersecurity program to ensure our systems are effective and prepared for information security risks, including regular oversight of our programs for security monitoring for internal and external threats to ensure the confidentiality and integrity of our information assets. We regularly perform evaluations of our security program and continue to invest in our capabilities to keep customers, employees and critical assets safe. Our Head of Cyber Security is ultimately responsible for our cybersecurity program, which includes the implementation of controls aligned with industry guidelines and applicable statutes and regulations to identify threats, detect attacks and protect these information assets. We have implemented security monitoring capabilities designed to alert us to suspicious activity and developed an incident response program that includes periodic testing and is designed to restore business operations as quickly and as orderly as possible in the event of a breach. In addition, employees participate in an ongoing program of mandatory annual training and receive communications regarding the cybersecurity environment to increase awareness throughout the company. We also implemented an enhanced annual training program for specific specialized employee populations, including secure coding training.
Recently, our Board of Directors established a Technology and Cybersecurity Committee of the Board with direct oversight to the Company’s (1) technology strategy, initiatives and investments and (2) key cybersecurity information technology risks against
both internal and external threats. The Technology and Cybersecurity Committee is comprised entirely of independent directors, two of whom have significant work experience related to information security issues or oversight. Management will report security instances to the committee as they occur, if material, and will provide a summary multiple times per year to the Committee. Additionally, our Head of Cyber Security meets regularly with the Board of Directors or the Audit Committee of the Board of Directors to brief them on technology and information security matters. We carry insurance that provides protection against the potential losses arising from a cybersecurity incident. In the last three years, the expenses we have incurred from information security breach incidences were immaterial. This includes penalties and settlements, of which there were none.
We collect, use, store or disclose an increasingly high volume, variety and velocity of personal information, including from employees and customers, in connection with the operation of our business, particularly, in relation to our identity and information protection offerings, which rely on large data repositories of personal information and consumer transactions. The personal information we process is subject to an increasing number of federal, state, local and foreign laws regarding privacy and data security.
For information on the risks associated with complying with privacy and data security laws, please see “Risk Factors” in Item 1A included in this Annual Report on Form 10-K.
Our Internet home page is located at https://www.nortonlifelock.com. We make available free of charge our annual reports on Form 10-K, quarterly reports on Form 10-Q, current reports on Form 8-K, and amendments to those reports as soon as reasonably practicable after we electronically file such material with the Securities and Exchange Commission (SEC) on our investor relations website located at https://investor.nortonlifelock.com. The information contained, or referred to, on our website, including in any reports that are posted on our website, is not part of this annual report unless expressly noted. The SEC maintains a website that contains reports, proxy and information statements, and other information regarding our filings at http://www.sec.gov.
Item 1A. Risk Factors
RISKS RELATED TO THE PROPOSED MERGER
We may fail to consummate the Proposed Merger with Avast plc, may not consummate the Proposed Merger on the expected terms, or may not achieve the anticipated benefits.
It is currently anticipated that the Proposed Merger will be consummated in mid-to-late calendar 2022. Completion of the Proposed Merger is subject to, among other things, approval from the U.K. Competition and Markets Authority (the “CMA”) and other customary closing conditions for the acquisition of a UK public company, including the sanction of the UK’s High Court. All necessary regulatory approvals have been satisfied, with the exception of approval required from the CMA, which has referred the Proposed Merger to a Phase 2 investigation. As a result, the possible timing and likelihood of completion are uncertain, and, accordingly, there can be no assurance that the Proposed Merger will be completed on the expected terms, on the anticipated schedule or at all. In addition, the CMA may require, in connection with granting its approval of the transaction, divestitures or ongoing restrictions on the operation of the combined business, each of which could have a material impact on the anticipated strategic benefits and synergies from the combination. Any delay in consummation of the Proposed Merger will result in greater transaction costs and professional fees and continue to expose us to market risk. If we fail to receive approval from the CMA and cannot consummate the Proposed Merger, we may be required to pay Avast a break fee of up to $200 million under the Co-operation Agreement. If consummated, the success of the Proposed Merger will depend, in significant part, on our ability to successfully integrate Avast and its subsidiaries, grow the revenue of the combined company and realize the anticipated strategic benefits and synergies from the combination. We believe that the addition of Avast and its subsidiaries represents an attractive opportunity to create a new, industry leading consumer Cyber Safety business, leveraging the established brands, technical expertise and innovation of both groups to deliver substantial benefits to consumers, shareholders and other stakeholders. Achieving these goals requires growth of the revenue of the combined company and realization of the targeted synergies expected from the Proposed Merger. This growth and the anticipated benefits of the Proposed Merger may not be realized fully or at all, or may take longer to realize than we expect. Actual operating, technological, strategic and revenue opportunities, if achieved at all, may be less significant than we expect or may take longer to achieve than anticipated. If we are not able to achieve these objectives and realize the anticipated benefits and synergies expected from the Proposed Merger within a reasonable time, our business, financial condition and operating results may be adversely affected.
Litigation filed against us could prevent or delay the completion of the Proposed Merger or result in the payment of damages following completion of the Proposed Merger.
As previously reported in our Form 8-K dated October 29, 2021, we received letters on behalf of our purported stockholders, in each case stating the stockholder’s belief that the proxy statement filed by us on October 4, 2021 omitted material information with respect to the Merger and demanding that we make additional and supplemental disclosures regarding the Merger. Additionally, six complaints have been filed by our purported stockholders in connection with the Merger (collectively, the Merger Complaints). The Merger Complaints were brought by the plaintiffs individually and also allege that the proxy statement omitted material information with respect to the Merger. After the Company issued its October 29, 2021 Form 8-K, the plaintiffs in the Merger Complaints dismissed their actions as moot while reserving the right to seek a fee in connection with their respective litigations.
RISKS RELATED TO COVID-19
The COVID-19 pandemic has affected how we are operating our business, and the duration and extent to which this will impact our future results of operations and overall financial performance remains uncertain.
The COVID-19 pandemic has had widespread, rapidly evolving, and unpredictable impacts on global society, economies, financial markets, and business practices. At the onset of the pandemic, to protect the health and well-being of our employees, partners and third-party service providers, we facilitated a work-from-home requirement for most employees and established site-specific COVID-19 prevention protocols. We continue to monitor the situation and over the past several months have adjusted our policies and protocols to reflect changes to public health regulations and guidance. A majority of our offices are now open to employees on a voluntary return basis, and we anticipate opening the remaining offices on a voluntary return basis within the first quarter of fiscal 2023. To date, we have not seen any meaningful negative impact on our customer success efforts, sales and marketing efforts, or employee productivity. Nevertheless, as more employees, partners or third-party services providers return to work during the COVID-19 pandemic, the risk of inadvertent transmission of COVID-19 through human contact could still occur and result in litigation.
While the COVID-19 pandemic has negatively impacted many sectors of the U.S. and global economies, the consumer Cyber Safety market experienced increased demand as the pandemic greatly accelerated the digital lives of people around the world. However, with the extended duration of the pandemic and the easing of prevention protocols and restrictions, we are seeing decreasing demand and increased competition. In addition, should the negative macroeconomic impacts of the COVID-19 pandemic persist or worsen, we may experience continued slowdowns in our business activity and an increase in cancellations by customers or a material reduction in our retention rate in the future, especially in the event of a prolonged recession. A prolonged recession could adversely affect demand for our offerings, retention rates and harm our business and results of operations, particularly in light of the fact that our solutions are discretionary purchases and thus may be more susceptible to macroeconomic pressures, as well impact the value of our common stock, ability to refinance our debt and our access to capital.
The duration and extent of the impact from the COVID-19 pandemic depends on future developments that cannot be accurately forecasted at this time, such as the severity and transmission rate of new variants of the disease, the extent, effectiveness and acceptance of containment actions, such as vaccination programs, and the impact of these and other factors on our employees, customers and the overall demand for our products, partners and third-party service providers. If we are not able to respond to and manage the impact of such events effectively and if the macroeconomic conditions of the general economy or the industries in which we operate do not improve, or deteriorate further, our business, operating results, financial condition and cash flows could be adversely affected.
RISKS RELATED TO OUR BUSINESS STRATEGY AND INDUSTRY
If we are unable to develop new and enhanced solutions, or if we are unable to continually improve the performance, features, and reliability of our existing solutions, our business and operating results could be adversely affected.
Our future success depends on our ability to effectively respond to evolving threats to consumers, as well as competitive technological developments and industry changes, by developing or introducing new and enhanced solutions on a timely basis. We have in the past incurred, and will continue to incur, significant research and development expenses as we focus on organic growth through internal innovation. We believe that we also must continue to dedicate a significant amount of resources to our research and development efforts to decrease our reliance on third parties. If we do not achieve the benefits anticipated from these investments, or if the achievement of these benefits is delayed, our operating results may be adversely affected. Additionally, we must continually address the challenges of dynamic and accelerating market trends and competitive developments. Customers may require features and capabilities that our current solutions do not have. Our failure to develop new solutions and improve our existing solutions to satisfy customer preferences and effectively compete with other market offerings in a timely and cost-effective manner may harm our ability to retain our customers and attract new customers. A loss of customers would adversely impact our business and operating results.
The development and introduction of new solutions involve a significant commitment of time and resources and are subject to a number of risks and challenges including but not limited to:
•Lengthy development cycles;
•Evolving industry and regulatory standards and technological developments by our competitors and customers;
•Rapidly changing customer preferences;
•Evolving platforms, operating systems, and hardware products, such as mobile devices;
•Product and service interoperability challenges with customer’s technology and third-party vendors;
•The integration of products and solutions from acquired companies;
•Entering into new or unproven market segments; and
•Executing new product and service strategies.
In addition, third parties, including operating systems and internet browser companies, may take steps to further limit the interoperability of our solutions with their own products and services, in some cases to promote their own offerings. This could delay the development of our solutions or our solutions may be unable to operate effectively. This could also result in decreased demand for our solutions, decreased revenue, and harm to our reputation, and adversely affect our business, financial condition, results of operations, and cash flows.
If we are not successful in managing these risks and challenges, or if our new or improved solutions are not technologically competitive or do not achieve market acceptance, our business and operating results could be adversely affected.
We operate in a highly competitive and dynamic environment, and if we are unable to compete effectively, we could experience a loss in market share and a reduction in revenue.
We operate in intensely competitive and dynamic markets that experience frequent and rapid technological developments, changes in industry and regulatory standards, changes in customer requirements and preferences, and frequent new product introductions and improvements. If we are unable to anticipate or react to these continually evolving conditions, we could experience a loss of market share and a reduction in our revenues, which could materially and adversely affect our business and financial results. To compete successfully, we must maintain an innovative research and development effort to develop new solutions and enhance our existing solutions, effectively adapt to changes in the technology or product rights held by our competitors as well as the ways our information is accessed, used and stored by our customers, and appropriately respond to competitive strategies.
We face competition from a broad range of companies, including software vendors focusing on Cyber Safety solutions, operating system providers such as Apple, Google and Microsoft, and ‘pure play’ companies that currently specialize in one or a few particular segments of the market and many of which are expanding their product portfolios into different segments. Many of these competitors offer solutions or are currently developing solutions that directly compete with our offerings. We also face growing competition from other technology companies, as well as from companies in the identity threat protection space such as credit bureaus. Further, many of our competitors are increasingly developing and incorporating into their products data protection software and other competing Cyber Safety products such as antivirus protection or VPN, often free of charge, that compete with our offerings. Our competitive position could be adversely affected by the functionality incorporated into these products rendering our existing solutions obsolete. In addition, the introduction of new products or services by competitors, and/or market acceptance of products or services based on emerging or alternative technologies, could make it easier for other products or services to compete with our solutions.
We anticipate facing additional competition as new participants continue to enter the Cyber Safety market and as our current competitors seek to increase their market share and expand their existing offerings. Some of our competitors have greater financial, technical, marketing, or other resources than we do, including in new Cyber Safety and digital life segments, and consequently, may have the ability to influence customers to purchase their products instead of ours, including through investing more in internal innovation than we can and through benefiting from unique access to customer engagement points. Further consolidation among our competitors and within our industry or, in addition to other changes in the competitive environment, such as greater vertical integration from key computing and operating system suppliers could result in larger competitors that compete more frequently with us.
In addition to competing with these vendors directly for sales to end-users of our solutions, we compete with them for the opportunity to have our solutions bundled with the offerings of our strategic partners, such as computer hardware original equipment manufacturers (OEMs) and internet service providers (ISPs) and operating systems. Our competitors could gain market share from us if any of these strategic partners replace our solutions with those of our competitors or with their own solutions; similarly, they could gain market share from us if these partners more actively promote our competitors’ solutions or their own solutions than our solutions. In addition, software vendors who have bundled our solutions with theirs may choose to bundle their solutions with their own or other vendors’ solutions or may limit our access to standard interfaces and inhibit our ability to develop solutions for their platform. In the future, further product development by these vendors could cause our solutions to become redundant, which could significantly impact our sales and operating results.
We may need to change our pricing models to compete successfully.
The intense competition we face, in addition to general and economic business conditions, can put pressure on us to change our pricing practices. If our competitors offer deep discounts on certain solutions or provide offerings, or offer free introductory products that compete with ours, we may need to lower prices or offer similar free introductory products in order to compete successfully. Similarly, if external factors, such as economic conditions or market trends, require us to raise our prices, our ability to acquire new customers and retain existing customers may be diminished. Any such changes may reduce revenue and margins and could adversely affect our financial results.
Additionally, our business may be affected by changes in the macroeconomic environment. Our solutions are discretionary purchases, and customers may reduce or eliminate their discretionary spending on our solutions during a difficult macroeconomic environment. Although we did not experience a material increase in cancellations by customers or a material reduction in our retention rate in fiscal 2021 or fiscal 2022, we may experience such an increase or reduction in the future, especially in the event of a prolonged recession or a worsening of current conditions as a result of the COVID-19 pandemic. In addition, during a recession, consumers may experience a decline in their credit or disposable income, which may result in less demand for our solutions. As a result, we may have to lower our prices or make other changes to our pricing model to address these dynamics, any of which could adversely affect our business and financial results.
In addition, in January 2021, we acquired Germany-based Avira. Many of Avira’s users are freemium subscribers, meaning they do not pay for its basic services. Much of our anticipated growth in connection with the Avira acquisition is attributable to attracting and converting Avira’s freemium users to a paid subscription option. Numerous factors, however, may impede our ability to attract, retain and convert these users into paying customers.
If we fail to manage our sales and distribution channels effectively, or if our partners choose not to market and sell our solutions to their customers, our operating results could be adversely affected.
A portion of our revenues is derived from sales through indirect channels, including, but not limited to, distributors that sell our products to end-users and other resellers, and OEM partners that incorporate our products into, or bundle our products with, their products. These channels involve a number of risks, including:
•Our resellers, distributors and OEMs are generally not subject to minimum sales requirements or any obligation to market our solutions to their customers;
•Our reseller and distributor agreements are generally nonexclusive and may be terminated at any time without cause and our OEM partners may terminate or renegotiate their arrangements with us and new terms may be less favorable due to competitive conditions in our markets and other factors;
•Our resellers, distributors and OEMs may encounter issues or have violations of applicable law or regulatory requirements or otherwise cause damage to our reputation through their actions;
•Our resellers and distributors frequently market and distribute competing solutions and may, from time to time, place greater emphasis on the sale of these competing solutions due to pricing, promotions, and other terms offered by our competitors;
•Any consolidation of electronics retailers can increase their negotiating power with respect to software providers such as us and any decline in the number of physical retailers could decrease the channels of distribution for us;
•The continued consolidation of online sales through a small number of larger channels has been increasing, which could reduce the channels available for online distribution of our solutions; and
•Sales through our partners are subject to changes in general economic conditions, strategic direction, competitive risks, and other issues that could result in a reduction of sales, or cause our partners to suffer financial difficulty which could delay payments to us, affecting our operating results.
If we fail to manage our sales and distribution channels successfully, these channels may conflict with one another or otherwise fail to perform as we anticipate, which could reduce our sales and increase our expenses as well as weaken our competitive position.
Our revenue and operating results depend significantly on our ability to retain our existing customers, convert existing non-paying customers to paying customers, and add new customers.
We generally sell our solutions to our customers on a monthly or annual subscription basis. Customers may choose not to renew their membership with us at any time. Renewing customers may require additional incentives to renew, may not renew for the same contract period, or may change their subscriptions. We therefore may be unable to retain our existing customers on the same or on more profitable terms, if at all. In addition, we may not be able to accurately predict or anticipate future trends in customer retention or effectively respond to such trends.
Our customer retention rates may decline or fluctuate due to a variety of factors, including the following:
•Our customers’ levels of satisfaction or dissatisfaction with our solutions and the value they place on our solutions;
•The quality, breadth, and prices of our solutions;
•Our general reputation and events impacting that reputation;
•The services and related pricing offered by our competitors; including increasing availability and efficacy of free solutions;
•Disruption by new services or changes in law or regulations that impact the need for efficacy of our products and services;
•Changes in auto-renewal regulations;
•Our customers’ dissatisfaction with our efforts to market additional products and services;
•Our customer service and responsiveness to the needs of our customers; and
•Changes in our target customers’ spending levels as a result of general economic conditions, inflationary pressures or other factors.
Declining customer retention rates could cause our revenue to grow more slowly than expected or decline; and our operating results, gross margins and business will be harmed.
Our acquisitions and divestitures create special risks and challenges that could adversely affect our financial results.
As part of our business strategy, we may acquire or divest businesses or assets. For example, in 2019 we completed the sale of certain of our enterprise security assets to Broadcom Inc. (the Broadcom sale) and in January 2021, we completed the acquisition of Avira. These activities can involve a number of risks and challenges, including:
•Complexity, time, and costs associated with managing these transactions, including the integration of acquired and the winding down of divested business operations, workforce, products, IT systems, and technologies;
•Challenges in retaining customers of acquired businesses, or providing the same level of service to existing customers with reduced resources;
•Diversion of management time and attention;
•Loss or termination of employees, including costs associated with the termination or replacement of those employees;
•Assumption of liabilities of the acquired and divested business or assets, including pending or future litigation, investigations or claims related to the acquired business or assets;
•The addition of acquisition-related debt;
•Difficulty in entering into or expanding in new markets or geographies;
•Increased or unexpected costs and working capital requirements;
•Dilution of stock ownership of existing stockholders;
•Unanticipated delays or failure to meet contractual obligations;
•Substantial accounting charges for acquisition-related costs, asset impairments, amortization of intangible assets, and higher levels of stock-based compensation expense; and
•Difficulty in realizing potential benefits, including cost savings and operational efficiencies, synergies and growth prospects from integrating acquired businesses.
Moreover, to be successful, large complex acquisitions depend on large-scale product, technology, and sales force integrations that are difficult to complete on a timely basis or at all and may be more susceptible to the special risks and challenges described above. Any of the foregoing, and other factors, could harm our ability to achieve anticipated levels of profitability or other financial benefits from our acquired or divested businesses, product lines or assets or to realize other anticipated benefits of divestitures or acquisitions.
Changes in industry structure and market conditions could lead to charges related to discontinuance of certain of our products or businesses and asset impairments.
In response to changes in industry structure and market conditions, we may be required to strategically reallocate our resources and consider restructuring, disposing of, or otherwise exiting certain businesses. Any decision to limit investment in or dispose of or otherwise exit businesses may result in the recording of special charges, such as technology-related write-offs, workforce reduction costs, charges relating to consolidation of excess facilities, or claims from third parties who were resellers or users of discontinued products. Our estimates with respect to the useful life or ultimate recoverability of our carrying basis of assets, including purchased intangible assets, could change as a result of such assessments and decisions. Although in certain instances our vendor agreements allow us the option to cancel, reschedule, and adjust our requirements based on our business needs, our loss contingencies may include liabilities for contracts that we cannot cancel, reschedule or adjust with suppliers.
Further, our estimates relating to the liabilities for excess facilities are affected by changes in real estate market conditions. Additionally, we are required to evaluate goodwill impairment on an annual basis and between annual evaluations in certain circumstances, and future goodwill impairment evaluations may result in a charge to earnings.
RISKS RELATED TO OUR OPERATIONS
We are dependent upon Broadcom for certain engineering and threat response services, which are critical to our products and business.
Our endpoint security solution has historically relied upon certain threat analytics software engines and other software (the Engine-Related Services) that have been developed and provided by engineering teams that have transferred to Broadcom as part of the Broadcom sale. The technology, including source code, at issue is shared, and pursuant to the terms of the Broadcom sale, we retain rights to use, modify, enhance and create derivative works from such technology. Broadcom has committed to provide these Engine-Related Services substantially to the same extent and in substantially the same manner, as has been historically provided under a license agreement with a limited term.
As a result, we are dependent on Broadcom for services and technology that are critical to our Norton business, and if Broadcom fails to deliver these Engine-Related Services it would result in significant business disruption, and our business and operating results and financial condition could be materially and adversely affected. Furthermore, if our current sources become unavailable, and if we are unable to develop or obtain alternatives to integrate or deploy them in time, our ability to compete effectively could be impacted and have a material adverse effect on our business. Additionally, in connection with the Broadcom sale, we lost other capabilities, including certain threat intelligence data which were historically provided by our former Enterprise Security business, the lack of which could have a negative impact on our business and products.
Our future success depends on our ability to attract and retain personnel in a competitive marketplace.
Our future success depends upon our ability to recruit and retain key management, technical (including cyber security experts), sales, marketing, e-commerce, finance, and other personnel. Our officers and other key personnel are “at will” employees and we generally do not have employment or non-compete agreements with our employees. Competition for people with the specific skills that we require is significant. While we continue to monitor the competitive environment, it is possible that the COVID-19 pandemic may affect the productivity of our employees and our ability to attract and retain key talent. As a result of the pandemic, in March 2020, we transitioned to a remote working environment for the substantial majority of our employees. While our employees have transitioned effectively to working from home, over time such remote operations may decrease the cohesiveness of our employees and our ability to maintain our culture, both of which are integral to our success. Additionally, a remote working environment may impede our ability to undertake new business projects, to foster a creative environment, to hire new employees and to retain existing employees.
In order to attract and retain personnel in a competitive marketplace, we must provide competitive pay packages, including cash and equity-based compensation. Additionally, changes in immigration laws could impair our ability to attract and retain highly qualified employees. If we fail to attract, retain and motivate new or existing personnel, our business, results of operations and future growth prospects could suffer. The volatility in our stock price may from time to time adversely affect our ability to recruit or retain employees. In addition, we may not have an adequate number of shares reserved under our equity compensation plans, forcing us to reduce awards of equity-based compensation, which could impair our efforts to attract, retain and motivate necessary personnel. If we are unable to hire and retain qualified employees, or conversely, if we fail to manage employee performance or reduce staffing levels when required by market conditions, our business and operating results could be adversely affected.
Effective succession planning is also important to our long-term success. Failure to ensure effective transfer of knowledge and smooth transitions involving key employees could hinder our strategic planning and execution. From time to time, key personnel leave our company and the frequency and number of such departures have widely varied and have, in the past, resulted in significant changes to our executive leadership team. The loss of any key employee could result in significant disruptions to our operations, including adversely affecting the timeliness of product releases, the successful implementation and completion of company initiatives, our internal control over financial reporting, and our results of operations. In addition, hiring, training, and successfully integrating replacement personnel can be time consuming and expensive, may cause additional disruptions to our operations, and may be unsuccessful, which could negatively impact future financial results.
Our inability to successfully recover from a disaster or other business continuity event could impair our ability to deliver our products and services and harm our business.
We are heavily reliant on our technology and infrastructure to provide our products and services to our customers. For example, we host many of our products using third-party data center facilities, and while we require them to maintain formal service level agreements around availability, we do not control the operation of these facilities. These facilities are vulnerable to damage, interruption, or performance problems from earthquakes, hurricanes, floods, fires, power loss, telecommunications failures, pandemics and similar events. They are also subject to break-ins, computer viruses, sabotage, intentional acts of vandalism, and other misconduct. The occurrence of a natural disaster, an act of terrorism, a pandemic, and similar events could result in a decision to close the facilities without adequate notice or other unanticipated problems, which in turn, could result in lengthy interruptions in the delivery of our products and services, which could negatively impact our sales and operating results.
Furthermore, our business administration, human resources, compliance efforts, and finance services depend on the proper functioning of our computer, telecommunication, and other related systems and operations. A disruption or failure of these systems or operations because of a disaster, cyber-attack or other business continuity event, such as the COVID-19 pandemic, could cause data to be lost or otherwise delay our ability to complete sales and provide the highest level of service to our customers. In addition, we could have difficulty producing accurate financial statements on a timely basis, and deficiencies may arise in our internal control over financial reporting, which may impact our ability to certify our financial results, all of which could adversely affect the trading value of our stock. Although we endeavor to ensure there is redundancy in these systems and that they are regularly backed-up, there are no assurances that data recovery in the event of a disaster would be effective or occur in an efficient manner. If these systems or their functionality do not operate as we expect them to, we may be required to expend significant resources to make corrections or find alternative sources for performing these functions.
If we fail to offer high-quality customer support, our customer satisfaction may suffer and have a negative impact on our business and reputation.
Many of our customers rely on our customer support services to resolve issues, including technical support, billing and subscription issues, that may arise. If demand increases, or our resources decrease, we may be unable to offer the level of support our customers expect. Any failure by us to maintain the expected level of support could reduce customer satisfaction and negatively impact our customer retention and our business.
Our international operations involve risks that could increase our expenses, adversely affect our operating results and require increased time and attention of our management.
We derive a portion of our revenues from customers located outside of the U.S., and we have significant operations outside of the U.S., including engineering, finance, sales and customer support. Our international operations are subject to risks in addition to those faced by our domestic operations, including:
•Potential loss of proprietary information due to misappropriation or laws that may be less protective of our intellectual property rights than U.S. laws or that may not be adequately enforced;
•Requirements of foreign laws and other governmental controls, including tariffs, trade barriers and labor restrictions, and related laws that reduce the flexibility of our business operations;
•Potential changes in trade relations arising from policy initiatives or other political factors;
•Regulations or restrictions on the use, import, or export of encryption technologies that could delay or prevent the acceptance and use of encryption products and public networks for secure communications;
•Local business and cultural factors that differ from our normal standards and practices, including business practices that we are prohibited from engaging in by the Foreign Corrupt Practices Act and other anti-corruption laws and regulations;
•Central bank and other restrictions on our ability to repatriate cash from our international subsidiaries or to exchange cash in international subsidiaries into cash available for use in the U.S.;
•Fluctuations in currency exchange rates, economic instability, and inflationary conditions could make our solutions more expensive or could increase our costs of doing business in certain countries;
•Limitations on future growth or inability to maintain current levels of revenues from international sales if we do not invest sufficiently in our international operations;
•Difficulties in staffing, managing, and operating our international operations;
•Difficulties in coordinating the activities of our geographically dispersed and culturally diverse operations;
•Costs and delays associated with developing software and providing support in multiple languages; and
•Political unrest, war, or terrorism, or regional natural disasters, particularly in areas in which we have facilities.
RISKS RELATED TO OUR SOLUTIONS
Our solutions, systems, websites and the data on these sources may be subject to intentional disruption that could materially harm to our reputation and future sales.
Despite our precautions and significant ongoing investments to protect against security risks, data protection breaches, cyber-attacks, and other intentional disruptions of our solutions, we expect to be an ongoing target of attacks specifically designed to impede the performance and availability of our offerings and harm our reputation as a leading cyber security company. Similarly, experienced computer programmers or other sophisticated individuals or entities, including malicious hackers, state-sponsored organizations, and insider threats including actions by employees and third-party service providers, may attempt to penetrate our network security or the security of our systems and websites and misappropriate proprietary information or cause interruptions of our products and services. Such attempts are increasing in number and in technical sophistication, and if successful could expose us and the affected parties, to risk of loss or misuse of proprietary or confidential information or disruptions of our business operations.
While we engage in a number of measures aimed to protect against security breaches and to minimize the impact if a data breach were to occur, our information technology systems and infrastructure may be vulnerable to damage, compromise, disruption, and shutdown due to attacks or breaches by hackers or other circumstances, such as error or malfeasance by employees or third party service providers or technology malfunction. The occurrence of any of these events, as well as a failure to promptly remedy these events should they occur, could compromise our systems, and the information stored in our systems could be accessed, publicly disclosed, lost, stolen, or damaged. Any such circumstance could adversely affect our ability to attract and maintain customers as well as strategic partners, cause us to suffer negative publicity or damage to our brand, and subject us to legal claims and liabilities or regulatory penalties. In addition, unauthorized parties might alter information in our databases, which would adversely affect both the reliability of that information and our ability to market and perform our services as well as undermine our ability to remain compliant with relevant laws and regulations. Techniques used to obtain unauthorized access or to sabotage systems change frequently, are constantly evolving and generally are difficult to recognize and react to effectively. We may be unable to anticipate these techniques or to implement adequate preventive or reactive measures. Several recent, highly publicized data security breaches, including a large-scale attack on SolarWinds customers by a foreign nation state actor and a significant uptick in ransomware/extortion attacks at other companies have heightened consumer awareness of this issue and may embolden individuals or groups to target our systems or those of our strategic partners or enterprise customers. In December 2021, a critical remote code execution (RCE) vulnerability was identified in the Apache Software Foundation’s Log4j software library (Log4j), which if exploited could result in unauthorized access to Company systems and data, and acquisition of the same. We are taking, and have taken, steps to remediate all known Log4j vulnerabilities within our environment, deployed compensating controls, and implemented additional changes to protect against an exploit of those vulnerabilities. A threat actor could exploit a Log4j vulnerability or newly discovered vulnerabilities before we complete our remediation work or identify a vulnerability that we did not effectively remediate. If that happens, there could be unauthorized
access to, or acquisition of, data we maintain, and damage to Company systems. We could also face legal action from individuals, business partners, and regulators in connection with exploitation of those vulnerabilities, which would result in increased costs and fees incurred in our defense against those proceedings.
Our solutions are complex and operate in a wide variety of environments, systems and configurations, which could result in failures of our solutions to function as designed.
Because we offer very complex solutions, errors, defects, disruptions, or other performance problems with our solutions may and have occurred. For example, we may experience disruptions, outages, and other performance problems due to a variety of factors, including infrastructure changes, human or software errors, capacity constraints due to an overwhelming number of users accessing our websites simultaneously, fraud, or security attacks. In some instances, we may not be able to identify the cause or causes of these performance problems within an acceptable period of time. Interruptions in our solutions, could impact our revenues or cause customers to cease doing business with us. Our operations are dependent upon our ability to protect our technology infrastructure against damage from business continuity events that could have a significant disruptive effect on our operations. We could potentially lose customer data or experience material adverse interruptions to our operations or delivery of solutions to our clients in a disaster recovery scenario.
Negative publicity regarding our brand, solutions and business could harm our competitive position.
Our brand recognition and reputation as a trusted service provider are critical aspects of our business and key to retaining existing customers and attracting new customers. Our business could be harmed due to errors, defects, disruptions or other performance problems with our solutions causing our customers and potential customers to believe our solutions are unreliable. Furthermore, negative publicity, whether or not justified, including intentional brand misappropriation, relating to events or activities attributed to us, our employees, our strategic partners, our affiliates, or others associated with any of these parties, may tarnish our reputation and reduce the value of our brands. In addition, the rapid rise and use of social media has the potential to harm our brand and reputation. We may be unable to timely respond to and resolve negative and inaccurate social media posts regarding our company, solutions and business in an appropriate manner. Damage to our reputation and loss of brand equity may reduce demand for our solutions and have an adverse effect on our business, operating results, and financial condition. Moreover, any attempts to rebuild our reputation and restore the value of our brands may be costly and time consuming, and such efforts may not ultimately be successful.
We collect, use, disclose, store or otherwise process personal information, which subjects us to privacy and data security laws and contractual commitments.
We collect, use, process, store, transmit or disclose (collectively, process) an increasingly large amount of confidential information, including personally identifiable information, credit card information and other critical data from employees and customers, in connection with the operation of our business, particularly in relation to our identity and information protection offerings.
The personal information we process is subject to an increasing number of federal, state, local, and foreign laws regarding privacy and data security, as well as contractual commitments. Any failure or perceived failure by us to comply with such obligations may result in governmental enforcement actions, fines, litigation, or public statements against us by consumer advocacy groups or others and could cause our customers to lose trust in us, which could have an adverse effect on our reputation and business.
Additionally, changes to applicable privacy or data security laws could impact how we process personal information and therefore limit the effectiveness of our solutions or our ability to develop new solutions. For example, the European Union General Data Protection Regulation imposes more stringent data protection requirements and provides for greater penalties for noncompliance of up to the greater of €20 million or four percent of our worldwide annual revenues.
Data protection legislation is also becoming increasingly common in the U.S. at both the federal and state level. For example, the California Consumer Privacy Act of 2018 (the CCPA) requires, among other things, covered companies to provide new disclosures to California consumers regarding the use of personal information, gives California residents expanded rights to access their personal information that has been collected and allows such consumers new abilities to opt-out of certain sales of personal information. Further, the new California Privacy Rights Act (the CPRA) significantly modifies the CCPA. These modifications may result in additional uncertainty and require us to incur additional costs and expenses in our effort to comply. Additionally, the Federal Trade Commission (the FTC) and many state attorneys general are interpreting federal and state consumer protection laws to impose standards for the online collection, use, dissemination, and security of data. The burdens imposed by the CCPA, CPRA and other similar laws that may be enacted at the federal and state level may require us to modify our data processing practices and policies, adapt our goods and services and incur substantial expenditures in order to comply.
Global privacy and data protection legislation, enforcement, and policy activity are rapidly expanding and evolving, and may be inconsistent from jurisdiction to jurisdiction. We may be or become subject to data localization laws mandating that data collected in a foreign country be processed and stored only within that country. If any country in which we have customers were to adopt a data localization law, we could be required to expand our data storage facilities there or build new ones in order to comply. The expenditure this would require, as well as costs of compliance generally, could harm our financial condition.
Additionally, third parties with whom we work, such as vendors or developers, may violate applicable laws or our policies and such violations can place personal information of our customers at risk. In addition, our customers may also accidentally disclose their passwords or store them on a device that is lost or stolen, creating the perception that our systems are not secure against third-party access. This could have an adverse effect on our reputation and business. In addition, such third parties could expose us to compromised data or technology, or be the target of cyberattack and other data breaches which could impact our systems or our customers’ records. Further, we could be the target of a cyberattack or other action that impacts our systems and results in a data breach of our customers’ records. This could have an adverse effect on our reputation and business.
LEGAL AND COMPLIANCE RISKS
Matters relating to or arising from our completed Audit Committee Investigation, including litigation matters, and potential additional expenses, may adversely affect our business and results of operations.
As previously disclosed in our public filings, the Audit Committee completed its internal investigation in September 2018. In connection with the Audit Committee Investigation, we voluntarily self-reported to the SEC. The SEC commenced a formal investigation with which we cooperated. In April 2022, the SEC Staff informed the Company that it concluded its investigation and does not intend to recommend an enforcement action by the Commission against us.
We have incurred, and may continue to incur, significant expenses related to legal and other professional services in connection with or relating to the SEC investigation, which may continue to adversely affect our business and financial condition. In addition, securities class actions and other lawsuits have been filed against us, certain current and former directors, and former officers. The outcome of the securities class actions and other litigation is difficult to predict, and the cost to defend, settle, or otherwise resolve these matters may be significant. Plaintiffs in these matters may seek recovery of very large or indeterminate amounts. The monetary and other impact of these litigations, proceedings, or actions may remain unknown for substantial periods of time. Further, an unfavorable resolution of litigations, proceedings or actions could have a material adverse effect on our business, financial condition, and results of operations and cash flows. Any future investigations or additional lawsuits may also adversely affect our business, financial condition, results of operations, and cash flows.
Our solutions are highly regulated, which could impede our ability to market and provide our solutions or adversely affect our business, financial position, and results of operations.
Our solutions are subject to a high degree of regulation, including a wide variety of federal, state, and local laws and regulations, such as the Fair Credit Reporting Act, the Gramm-Leach-Bliley Act, the Federal Trade Commission Act (FTC Act), and comparable state laws that are patterned after the FTC Act. LifeLock has previously entered into consent decrees and similar arrangements with the FTC and the attorney generals of 35 states as well as a settlement with the FTC relating to allegations that certain of LifeLock’s advertising, marketing and security practices constituted deceptive acts or practices in violation of the FTC Act, which impose additional restrictions on our business, including prohibitions against making any misrepresentation of “the means, methods, procedures, effects, effectiveness, coverage, or scope of” our solutions. NortonLifeLock signed an Undertaking, effective June 14, 2021, with the United Kingdom’s Competition and Markets Authority (CMA) requiring NortonLifeLock to make certain changes to its policies and practices related to automatically renewing subscriptions in the United Kingdom as part of the CMA’s investigation into auto-renewal practices in the antivirus sector it launched in December 2018. Any of the laws and regulations that apply to our business are subject to revision or new or changed interpretations, and we cannot predict the impact of such changes on our business.
Additionally, the nature of our identity and information protection products subjects us to the broad regulatory, supervisory, and enforcement powers of the Consumer Financial Protection Bureau which may exercise authority with respect to our services, or the marketing and servicing of those services, through the oversight of our financial institution or credit reporting agency customers and suppliers, or by otherwise exercising its supervisory, regulatory, or enforcement authority over consumer financial products and services.
If we do not protect our proprietary information and prevent third parties from making unauthorized use of our products and technology, our financial results could be harmed.
Much of our software and underlying technology is proprietary. We seek to protect our proprietary rights through a combination of confidentiality agreements and procedures and through copyright, patent, trademark, and trade secret laws. However, these measures afford only limited protection and may be challenged, invalidated, or circumvented by third parties. Third parties may copy all or portions of our products or otherwise obtain, use, distribute, and sell our proprietary information without authorization.
Third parties may also develop similar or superior technology independently by designing around our patents. Our consumer agreements do not require a signature and therefore may be unenforceable under the laws of some jurisdictions. Furthermore, the laws of some foreign countries do not offer the same level of protection of our proprietary rights as the laws of the U.S., and we may be subject to the unauthorized use of our products in those countries. The unauthorized copying or use of our products or proprietary information could result in reduced sales of our products. Any legal action to protect proprietary information that we may bring or be engaged in with a strategic partner or vendor could adversely affect our ability to access software, operating system, and hardware platforms of such partner or vendor, or cause such partner or vendor to choose not to offer our products to their customers. In addition, any legal action to protect proprietary information that we may bring or be engaged in, could be costly, may distract management from day-to-day operations, and may lead to additional claims against us, which could adversely affect our operating results.
From time to time we are a party to lawsuits and investigations, which typically require significant management time and attention and result in significant legal expenses.
We are frequently involved in litigation and other proceedings, including, but not limited to, patent litigation, class actions, and governmental claims or investigations, some of which may be material initially or become material over time. The expense of initiating and defending, and in some cases settling, such matters may be costly and divert management’s attention from the day-to-day operations of our business, which could have a materially adverse effect on our business, results of operations, and cash flows. In addition, such matters may thru the course of litigation or other proceedings incur an unfavorable change which could alter the profile of the matter and create potential material risk to the company. Any unfavorable outcome in a matter could result in significant fines, settlements, monetary damages, or injunctive relief that could negatively and materially impact our ability to conduct our business, results of operations, and cash flows. Additionally, in the event we did not previously accrue for such litigation or proceeding in our financial statements, we may be required to record retrospective accruals that adversely affect our results of operations and financial condition.
Third parties claiming that we infringe their proprietary rights could cause us to incur significant legal expenses and prevent us from selling our products.
From time to time, third parties may claim that we have infringed their intellectual property rights, including claims regarding patents, copyrights, and trademarks. Because of constant technological change in the segments in which we compete, the extensive patent coverage of existing technologies, and the rapid rate of issuance of new patents, it is possible that the number of these claims may grow. In addition, former employers of our former, current, or future employees may assert claims that such employees have improperly disclosed to us confidential or proprietary information of these former employers. Any such claim, with or without merit, could result in costly litigation and distract management from day-to-day operations. If we are not successful in defending such claims, we could be required to stop selling, delay shipments of, or redesign our solutions, pay monetary amounts as damages, enter into royalty or licensing arrangements, or satisfy indemnification obligations that we have with some of our partners. We cannot assure you that any royalty or licensing arrangements that we may seek in such circumstances will be available to us on commercially reasonable terms or at all. We have made and expect to continue making significant expenditures to investigate, defend, and settle claims related to the use of technology and intellectual property rights as part of our strategy to manage this risk.
In addition, we license and use software from third parties in our business. These third-party software licenses may not continue to be available to us on acceptable terms or at all and may expose us to additional liability. This liability, or our inability to use any of this third-party software, could result in delivery delays or other disruptions in our business that could materially and adversely affect our operating results.
Some of our products contain “open source” software, and any failure to comply with the terms of one or more of these open source licenses could negatively affect our business.
Certain of our products are distributed with software licensed by its authors or other third parties under so-called “open source” licenses. Some of these licenses contain requirements that we make available source code for modifications or derivative works we create based upon the open source software and that we license such modifications or derivative works under the terms of a particular open source license or other license granting third parties certain rights of further use. By the terms of certain open source licenses, we could be required to release the source code of our proprietary software if we combine our proprietary software with open source software in a certain manner. In addition to risks related to license requirements, usage of open source software can lead to greater risks than use of third-party commercial software, as open source licensors generally do not provide warranties or controls on origin of the software. We have established processes to help alleviate these risks, including a review process for screening requests from our development organizations for the use of open source, but we cannot be sure that all open source is submitted for approval prior to use in our products. In addition, many of the risks associated with usage of open source may not or cannot be eliminated and could, if not properly addressed, negatively affect our business.
RISKS RELATED TO OUR LIQUIDITY AND INDEBTEDNESS
There are risks associated with our outstanding and future indebtedness that could adversely affect our financial condition.
As of April 1, 2022, we had an aggregate of $3,747 million of outstanding indebtedness that will mature in calendar years 2022 through 2030, and $1,000 million available for borrowing under our revolving credit facility. See Note 10 of the Notes to the Consolidated Financial Statements included in this Annual Report on Form 10-K for further information on our outstanding debt. Our ability to meet expenses, remain in compliance with the covenants under our debt instruments, pay interest and repay principal for our substantial level of indebtedness depends on, among other things, our operating performance, competitive developments, and financial market conditions, all of which are significantly affected by financial, business, economic, and other factors. We are not able to control many of these factors. Accordingly, our cash flow may not be sufficient to allow us to pay principal and interest on our debt, including the notes, and meet our other obligations. Our level of indebtedness could have other important consequences, including the following:
•We must use a substantial portion of our cash flow from operations to pay interest and principal on the term loans and revolving credit facility, our existing senior notes, and other indebtedness, which reduces funds available to us for other purposes such as working capital, capital expenditures, other general corporate purposes, and potential acquisitions;
•We may be unable to refinance our indebtedness or to obtain additional financing for working capital, capital expenditures, acquisitions, or general corporate purposes;
•We are exposed to fluctuations in interest rates because borrowings under our senior secured credit facilities bear interest at variable rates;
•Our leverage may be greater than that of some of our competitors, which may put us at a competitive disadvantage and reduce our flexibility in responding to current and changing industry and financial market conditions;
•We may be more vulnerable to an economic downturn or recession and adverse developments in our business;
•We may be unable to comply with financial and other covenants in our debt agreements, which could result in an event of default that, if not cured or waived, may result in acceleration of certain of our debt and would have an adverse effect on our business and prospects and could force us into bankruptcy or liquidation;
•Changes by any rating agency to our outlook or credit rating could negatively affect the value of our debt and/or our common stock, adversely affect our access to debt markets, and increase the interest we pay on outstanding or future debt; and
•Conversion of our convertible note could result in significant dilution of our common stock, which could result in significant dilution to our existing stockholders and cause the market price of our common stock to decline.
There can be no assurance that we will be able to manage any of these risks successfully. In addition, we conduct a significant portion of our operations through our subsidiaries. Accordingly, repayment of our indebtedness will be dependent in part on the generation of cash flow by our subsidiaries and their ability to make such cash available to us by dividend, debt repayment, or otherwise, which may not always be possible. In the event that we do not receive distributions from our subsidiaries, we may be unable to make the required principal and interest payments on our indebtedness.
The elimination of LIBOR after June 2023 may affect our financial results.
All LIBOR tenors relevant to us will cease to be published or will no longer be representative after June 30, 2023. This means that any of our LIBOR-based borrowings that extend beyond June 30, 2023 will need to be converted to a replacement rate. In the U.S., the Alternative Reference Rates Committee, a committee of private sector entities convened by the Federal Reserve Board and the Federal Reserve Bank of New York, has recommended the Secured Overnight Financing Rate (SOFR) plus a recommended spread adjustment as LIBOR's replacement. There are significant differences between LIBOR and SOFR, such as LIBOR being an unsecured lending rate while SOFR is a secured lending rate, and SOFR is an overnight rate while LIBOR reflects term rates at different maturities. If our LIBOR-based borrowings are converted to SOFR, the differences between LIBOR and SOFR, plus the recommended spread adjustment, could result in interest costs that are higher than if LIBOR remained available, which could have a material adverse effect on our operating results. Although SOFR is the ARRC's recommended replacement rate, it is also possible that lenders may instead choose alternative replacement rates that may differ from LIBOR in ways similar to SOFR or in other ways that would result in higher interest costs for us. It is not yet possible to predict the magnitude of LIBOR's end on our borrowing costs given the remaining uncertainty about which rates will replace LIBOR.
Our term loan and revolving credit facility agreement impose operating and financial restrictions on us.
Our term loan and revolving credit facility agreement contain covenants that limit our ability and the ability of our restricted subsidiaries to:
•Incur additional debt;
•Create liens on certain assets to secure debt;
•Enter into certain sale and leaseback transactions;
•Pay dividends on or make other distributions in respect of our capital stock or make other restricted payments; and
•Consolidate, merge, sell or otherwise dispose of all or substantially all of our assets.
All of these covenants may adversely affect our ability to finance our operations, meet or otherwise address our capital needs, pursue business opportunities, react to market conditions, or otherwise restrict activities or business plans. A breach of any of these covenants could result in a default in respect of the related indebtedness. If a default occurs, the relevant lenders could elect to declare the indebtedness, together with accrued interest and other fees, to be immediately due and payable and, to the extent such indebtedness is secured in the future, proceed against any collateral securing that indebtedness.
Fluctuations in our quarterly financial results have affected the trading price of our outstanding securities in the past and could affect the trading price of our outstanding securities in the future.
Our quarterly financial results have fluctuated in the past and are likely to vary in the future due to a number of factors, many of which are outside of our control. If our quarterly financial results or our predictions of future financial results fail to meet our expectations or the expectations of securities analysts and investors, the trading price of our outstanding securities could be negatively affected. Volatility in our quarterly financial results may make it more difficult for us to raise capital in the future or pursue acquisitions.
Factors associated with our industry, the operation of our business, and the markets for our solutions may cause our quarterly financial results to fluctuate, including but not limited to:
•Fluctuations in demand for our solutions;
•Disruptions in our business operations or target markets caused by, among other things, terrorism or other intentional acts, outbreaks of disease, such as the COVID-19 pandemic, or earthquakes, floods, or other natural disasters;
•Entry of new competition into our markets;
•Our ability to achieve targeted operating income and margins and revenues;
•Competitive pricing pressure or free offerings that compete with one or more of our solutions;
•Our ability to timely complete the release of new or enhanced versions of our solutions;
•The amount and timing of commencement and termination of major marketing campaigns;
•The number, severity, and timing of threat outbreaks and cyber security incidents;
•Loss of customers or strategic partners;
•Changes in the mix or type of solutions and subscriptions sold and changes in consumer retention rates;
•The rate of adoption of new technologies and new releases of operating systems, and new business processes;
•Consumer confidence and spending changes;
•The impact of litigation, regulatory inquiries, or investigations;
•The impact of acquisitions and divestitures and our ability to achieve expected synergies or attendant cost savings;
•Fluctuations in foreign currency exchange rates and interest rates;
•The publication of unfavorable or inaccurate research reports about our business by cybersecurity industry analysts;
•The success of our corporate responsibility initiatives;
•Changes in tax laws, rules, and regulations; and
•Changes in consumer protection laws and regulations.
Any of the foregoing factors could cause the trading price of our outstanding securities to fluctuate significantly.
Changes to our effective tax rate could increase our income tax expense and reduce (increase) our net income (loss), cash flows and working capital.
Our effective tax rate could be adversely affected by several factors, many of which are outside of our control, including:
•Changes to the U.S. federal income tax laws, including the potential for federal tax law changes put forward by Congress and the Biden administration including potentially increased corporate tax rates, new minimum taxes and other changes to the way that our US tax liability has been calculated following the 2017 Tax Cuts and Jobs Act. Certain of these proposals could have significant retroactive adjustments adding cash tax payments/liabilities if adopted;
•Changes to other tax laws, regulations, and interpretations in multiple jurisdictions in which we operate, including actions resulting from the Organisation for Economic Co-operation and Development's (OECD) base erosion and profit shifting project including recent proposals for a global minimum tax rate, proposed actions by international bodies such as digital services taxation, as well as the requirements of certain tax rulings. In October 2021, the OECD/G20 inclusive framework on Base Erosion and Profit Shifting (the Inclusive Framework) published a statement updating and finalizing the key components of a two-pillar plan on global tax reform which has now been agreed upon by the majority of OECD members. Pillar One allows countries to reallocate a portion of residual profits earned by multinational enterprises (MNE), with an annual global turnover exceeding €20 billion and a profit margin over 10%, to other market jurisdictions. Pillar Two requires MNEs with an annual global turnover exceeding €750 million to pay a global minimum tax of 15%. Additional guidance is expected to be published in 2022. We will continue to monitor the implementation of the Inclusive Framework agreement by the countries in which we operate. We are unable to predict if and how these legislative changes will be enacted into law, and it is possible that they could have a material effect on our corporate tax liability and our global effective tax rate;
•Changes in the relative proportions of revenues and income before taxes in the various jurisdictions in which we operate that have differing statutory tax rates;
•The tax effects of significant infrequently occurring events that may cause fluctuations between reporting periods;
•Tax assessments, or any related tax interest or penalties, that could significantly affect our income tax expense for the period in which the settlements take place; and
•Taxes arising in connection to changes in our workforce, corporate entity structure or operations as they relate to tax incentives and tax rates.
From time to time, we receive notices that a tax authority in a particular jurisdiction believes that we owe a greater amount of tax than we have reported to such authority. We are regularly engaged in discussions and sometimes disputes with these tax authorities. If the ultimate determination of our taxes owed in any of these jurisdictions is for an amount in excess of the tax provision we have recorded or reserved for, our operating results, cash flows, and financial condition could be adversely affected.
Item 1B. Unresolved Staff Comments
There are no unresolved issues with respect to any Commission staff’s written comments that were received at least 180 days before the end of our fiscal year to which this report relates and that relate to our periodic or current reports under the Exchange Act.
Item 2. Properties
Item 3. Legal Proceedings
Information with respect to this Item may be found under the heading “Litigation contingencies” in Note 18 of the Notes to the Consolidated Financial Statements in this Annual Report on Form 10-K which information is incorporated into this Item 3 by reference.
Item 4. Mine Safety Disclosures
Item 5. Market for Registrant’s Common Equity, Related Stockholder Matters and Issuer Purchases of Equity Securities
Stock symbol and stockholders of record
Our common stock is traded on the Nasdaq Global Select Market under the symbol “NLOK”. As of April 1, 2022, there were 1,484 stockholders of record. A substantially greater number of holders of our common stock are "street name" or beneficial holders, whose shares of record are held by banks, brokers and other financial institutions.
Stock performance graph
The graph below compares the cumulative total stockholder return on our common stock with the cumulative total return on the S&P 500 Composite Index and the S&P Information Technology Index for the five fiscal years ended April 1, 2022 (assuming the initial investment of $100 in our common stock and in each of the other indices on the last day of trading for fiscal 2017 and the reinvestment of all dividends). The comparisons in the graph below are based on historical data and are not indicative of, nor intended to forecast the possible future performance of our common stock.
COMPARISON OF FIVE-YEAR CUMULATIVE TOTAL RETURN
Among NortonLifeLock Inc., the S&P 500 Index
and the S&P Information Technology Index
This performance graph shall not be deemed “filed” for purposes of Section 18 of the Exchange Act or otherwise subject to the liabilities under that Section and shall not be deemed to be incorporated by reference into any filing of NortonLifeLock under the Securities Act or the Exchange Act.
Repurchases of our equity securities
Under our stock repurchase programs, shares may be repurchased on the open market and through accelerated stock repurchase transactions. On May 4, 2021, our Board of Directors approved an incremental share repurchase authorization of $1,500 million. As of April 1, 2022, we had $1,774 million remaining authorized to be completed in future periods with no expiration date. No shares were repurchased during the three months ended April 1, 2022.
Item 6. [Reserved]
Item 7. Management’s Discussion and Analysis of Financial Condition and Results of Operations
Please read the following discussion and analysis of our financial condition and results of operations together with our Consolidated Financial Statements and related Notes thereto included under Item 15 of this Annual Report on Form 10-K.
NortonLifeLock Inc. has the largest consumer Cyber Safety platform in the world, empowering nearly 80 million users in more than 150 countries. We are the trusted and number one top of mind brand in consumer Cyber Safety, according to the 2022 NortonLifeLock brand tracking study. We help prevent, detect and restore potential damages caused by many cybercriminals.
Fiscal Year Highlights
•In May 2021, we entered into the first amendment to our credit agreement (the First Amendment), which provided for an incremental increase under the Initial Term Loan, and extended the maturity date of the Initial Term Loan, the Delayed Draw Term Loan and revolving credit facility from November 2024 to May 2026. We borrowed $525 million under the First Amendment of our Initial Term Loan.
•In May 2021, we settled the $250 million principal and conversion rights of the New 2.5% Convertible Senior Notes in cash. The aggregate settlement amount of $364 million was based on $24.40 per underlying share into which the 2.5% Convertible Notes were convertible. The extinguishment resulted in an adjustment to stockholders’ equity of $112 million and a loss on extinguishment of $2 million.
•In July 2021, we completed the sale of certain land and buildings in Mountain View, California for cash consideration of $355 million, net of selling costs. We recognized a gain of $175 million on the sale. In conjunction with the sale, we signed a 7-year leaseback agreement for a portion of the property.
•In September 2021, we completed an acquisition of an online reputation management and digital privacy solutions company for total aggregate consideration of $39 million, net of $1 million cash acquired.
•In March 2022, we completed our restructuring plan (the December 2020 Plan) to consolidate facilities and reduce operating costs in connection with our acquisition of Avira during fiscal 2021. We incurred total costs of $24 million since the inception of the December 2020 Plan, primarily related to severance and termination costs.
Proposed Merger with Avast
On August 10, 2021, we announced a transaction under which we intend to acquire the entire issued and to be issued ordinary share capital of Avast plc, a public company incorporated in England and Wales and a global leader of digital security and privacy headquartered in Prague, Czech Republic (Avast and such transaction, the Proposed Merger). The Proposed Merger will be implemented by means of a court-sanctioned scheme of arrangement under the UK Companies Act 2006, as amended (the Scheme), and remains subject to a certain number of conditions. Under the terms of the Proposed Merger, Avast shareholders will be entitled to elect to receive, for each ordinary share of Avast held, in respect of their entire holding of Avast shares, either: (i) $7.61 in cash and 0.0302 of a new share of our common stock (such option, the Majority Cash Option); or (ii) $2.37 in cash and 0.1937 of a new share of our common stock (such option, the Majority Stock Option). Based on our undisturbed closing share price of $27.20 on July 13, 2021, and depending on the Avast shareholder elections, the estimated purchase price range for the Avast shares under the Proposed Merger is $8.1 billion to $8.6 billion. Each of the directors of Avast who holds shares has undertaken to elect for the Majority Stock Option in respect of their entire beneficial holdings of Avast shares. We plan to finance the Proposed Merger with existing cash, cash to be generated by operations and new debt financing.
In conjunction with the Proposed Merger, on August 10, 2021, we entered into an agreement (as amended, the Interim Facilities Agreement) with certain financial institutions, in which they agreed to provide us with (i) a $3,600 million term loan interim facility B (the Interim Facility B), (ii) $750 million term loan interim facility A1 (the Interim Facility A1) and $3,500 million term loan interim facility A2 (the Interim Facility A2), and (iii) a $1,500 million interim revolving facility (the Interim Revolving Facility) (collectively, the Interim Facilities) and a commitment letter (as amended, the Commitment Letter) with certain financial institutions, in which they agreed to provide us with financing no less than the financing available under the Interim Facilities (the Definitive Facilities and, together with the Interim Facilities, the Facilities) to finance the cash consideration payable in connection with the Proposed Merger. The Definitive Facilities will be financed by a syndicate of lenders led by Bank of America, N.A. and Wells Fargo Bank N.A. On January 28, 2022, Bank of America, N.A. and Wells Fargo Bank N.A. agreed to arrange, on a best efforts basis, additional term loans under the Definitive Facilities in an amount up to $500 million. The Interim Facilities Agreement contains, and any definitive financing documentation for the Definitive Facilities entered into in connection with the Commitment Letter (the Facilities Agreement) will contain, customary representations and warranties, events of default and covenants for transactions of this type. The Facilities Agreement will replace the existing credit facility agreement upon the close of the transaction.
In conjunction with the Proposed Merger, on August 10, 2021, we entered into a Co-operation Agreement (the Co-operation Agreement) with Nitro Bidco Limited, our wholly-owned subsidiary (Bidco), and Avast, pursuant to which we and Bidco agreed to, among other things, use all reasonable endeavors for the purposes of obtaining any regulatory authorizations which are required to implement the Proposed Merger, and we, Bidco and Avast agreed to cooperate with each other in preparing required transaction documents and certain other matters in connection with the Proposed Merger. The Co-operation Agreement also contains certain termination rights. The Co-operation Agreement also provides that, if we fail to receive approval from the U.K Competition and Markets Authority and cannot consummate the Proposed Merger, we may be required to pay Avast a break fee of up to $200 million.
The Proposed Merger was approved by our Board of Directors and by our shareholders, the Board of Directors and shareholders of Avast and regulators including the Federal Trade Commission under the U.S. Hart-Scott-Rodino Antitrust Improvements Act of 1976 (the “HSR” Act) and in Europe, the German Federal Cartel Office and the Spanish National Markets and Competition Commission. On March 25, 2022, the U.K Competition and Markets Authority referred the Proposed Merger to a Phase 2 review investigation. The Proposed Merger is currently expected to close mid-to-late calendar year 2022, subject to regulatory approvals and the satisfaction or waiver of other customary closing conditions.
Fiscal calendar and basis of presentation
We have a 52/53-week fiscal year ending on the Friday closest to March 31. Fiscal 2022, 2021 and 2020 in this report refers to fiscal years ended April 1, 2022, April 2, 2021 and April 3, 2020, respectively. Fiscal 2020 was a 53-week year, whereas fiscal 2022 and 2021 each consisted of 52 weeks.
Key financial metrics
The following table provides our key financial metrics for fiscal 2022 compared with fiscal 2021:
|(In millions, except for per share amounts)||2022||2021|
|Net revenues||$||2,796 ||$||2,551 |
|Operating income (loss)||$||1,005 ||$||896 |
|Income (loss) from continuing operations||$||836 ||$||696 |
|Income (loss) from discontinued operations||$||— ||$||(142)|
|Net income (loss)||$||836 ||$||554 |
|Net income (loss) per share from continuing operations - diluted||$||1.41 ||$||1.16 |
|Net income (loss) per share from discontinued operations - diluted||$||— ||$||(0.24)|
|Net income (loss) per share - diluted||$||1.41 ||$||0.92 |
|Net cash provided by (used in) operating activities||$||974 ||$||706 |
|(in millions)||April 1, 2022||April 2, 2021|
|Cash, cash equivalents and short-term investments||$||1,891 ||$||951 |
|Contract liabilities||$||1,306 ||$||1,265 |
•Net revenues increased $245 million, due to higher sales in both of our consumer security products and our identity and protection products. This was driven by an increase in our direct customer count year-over-year and revenue attributable to Avira, which was acquired during the fourth quarter of fiscal 2021.
•Operating income (loss) increased $109 million, primarily due to the increase in revenue and a decrease in restructuring costs for which the related activities were completed in fiscal 2021. This is partially offset by an increase in related cost of revenue, a legal accrual relating to an ongoing patent infringement lawsuit and our investment in advertising during fiscal 2022.
•Income (loss) from continuing operations increased $140 million, primarily due to the increase in operating income as well as other income (expense), net, which was driven by the gain on sale of certain land and buildings in Mountain View, California. This is partially offset by an increase in income tax expense.
•Income (loss) from discontinued operations, increased from a loss of $142 million, primarily due to the completion of the discontinued operations activities during fiscal 2021.
•Net income (loss) increased $282 million and net income per share increased $0.49, primarily due to the increase in income from continuing operations and the completion of discontinued operations activities during fiscal 2021 as discussed above.
•Cash, cash equivalents and short-term investments increased by $940 million compared to April 2, 2021, primarily due to cash generated by operations during fiscal 2022.
•Contract liabilities increased $41 million, primarily due to higher billings than recognized revenue, partially offset by unfavorable foreign currency fluctuations of the Euro and Japanese Yen.
The COVID-19 pandemic has had widespread, rapidly evolving, and unpredictable impacts on global society, economies, financial markets, and business practices. At the onset of the pandemic, to protect the health and well-being of our employees, partners and third-party service providers, we facilitated a work-from-home requirement for most employees and established site-specific COVID-19 prevention protocols. We continue to monitor the situation and over the past several months have adjusted our policies and protocols to reflect changes to public health regulations and guidance. A majority of our offices are now open to employees on a voluntary return basis, and we anticipate opening the remaining offices on a voluntary return basis within the first quarter of fiscal 2023. To date, we have not seen any meaningful negative impact on our employee productivity. Nevertheless, as more employees, partners or third-party services providers return to work during the COVID-19 pandemic, the risk of inadvertent transmission of COVID-19 through human contact could still occur and result in litigation.
While the COVID-19 pandemic has negatively impacted many sectors of the U.S. and global economies, the consumer Cyber Safety market experienced increased demand as the pandemic greatly accelerated the digital lives of people around the world. However, with the extended duration of the pandemic and the easing of prevention protocols and restrictions, we are seeing decreasing demand and increased competition. In addition, while we did not experience a material increase in cancellations by customers or a material reduction in retention rate in fiscal 2021 or fiscal 2022, should the negative macroeconomic impacts of the COVID-19 pandemic persist or worsen, we may experience continued slowdowns in our business activity and an increase in cancellations by customers or a material reduction in our retention rate in the future, especially in the event of a prolonged recession. A prolonged recession could adversely affect demand for our offerings, retention rates and harm our business and results of operations, particularly in light of the fact that our solutions are discretionary purchases and thus may be more susceptible to macroeconomic pressures, as well impact the value of our common stock, ability to refinance our debt and our access to capital.
The duration and extent of the impact from the COVID-19 pandemic depends on future developments that cannot be accurately forecasted at this time, such as the severity and transmission rate of new variants of the disease, the extent, effectiveness and acceptance of containment actions, such as vaccination programs, and the impact of these and other factors on our employees, customers, partners and third-party service providers. For more information on the risks associated with the COVID-19 pandemic, please see “Risk Factors” in Item 1A.
CRITICAL ACCOUNTING POLICIES AND ESTIMATES
The preparation of our Consolidated Financial Statements and related notes in accordance with generally accepted accounting principles in the U.S. (GAAP) requires us to make estimates, including judgments and assumptions that affect the reported amounts of assets, liabilities, revenue and expenses, and related disclosure of contingent assets and liabilities. We have based our estimates on historical experience and on various assumptions that we believe to be reasonable under the circumstances. We evaluate our estimates on a regular basis and make changes accordingly. Management believes that the accounting estimates employed, and the resulting amounts are reasonable; however, actual results may differ from these estimates. Making estimates and judgments about future events is inherently unpredictable and is subject to significant uncertainties, some of which are beyond our control. Should any of these estimates and assumptions change or prove to have been incorrect, it could have a material impact on our results of operations, financial position and cash flows.
A summary of our significant accounting policies is included in Note 1, and a description of recently adopted accounting pronouncements and the Company’s expectations of the impact on our Consolidated Financial Statements and disclosures is included in Note 2 of the Notes to Consolidated Financial Statements included in this Annual Report on Form 10-K. An accounting policy is deemed to be critical if it requires an accounting estimate to be made based on assumptions about matters that are highly uncertain at the time the estimate is made, if different estimates reasonably could have been used, or if changes in the estimate that are reasonably possible could materially impact the financial statements. Management believes the following critical accounting policies reflect the significant estimates and assumptions used in the preparation of our Consolidated Financial Statements.
We allocate the purchase price of acquired businesses to the tangible and identifiable intangible assets acquired and liabilities assumed based on their estimated fair values on the acquisition date. Any residual purchase price is recorded as goodwill. The allocation of purchase price requires management to make significant estimates and assumptions in determining the fair values of the assets acquired and liabilities assumed especially with respect to intangible assets.
Critical estimates in valuing intangible assets include, but are not limited to, future expected cash flows from customer relationships, developed technology, trade names, and acquired patents, and discount rates. Management estimates of fair value are based upon assumptions believed to be reasonable but which are inherently uncertain and unpredictable. Third-party valuation specialists are also utilized for certain estimates. Unanticipated events and circumstances may occur which may affect the accuracy or validity of such assumptions, estimates or actual results.
We are subject to tax in multiple U.S. and foreign tax jurisdictions. We are required to estimate the current tax exposure as well as assess the temporary differences between the accounting and tax treatment of assets and liabilities, including items such as accruals and allowances not currently deductible for tax purposes. We apply judgment in the recognition and measurement of current and deferred income taxes which includes the following critical accounting estimates.
We use a two-step process to recognize liabilities for uncertain tax positions. The first step is to evaluate the tax position for recognition by determining if the weight of available evidence indicates that it is more likely than not that the position will be sustained on audit, including resolution of related appeals or litigation processes, if any. If we determine that the tax position will more likely than not be sustained on audit, the second step requires us to estimate and measure the tax benefit as the largest amount that is more than 50% likely to be realized upon ultimate settlement. It is inherently difficult and subjective to estimate such amounts, as this requires us to determine the probability of various outcomes. We re-evaluate these uncertain tax positions on a quarterly basis. This evaluation is based on factors including, but not limited to, changes in facts or circumstances, changes in tax law, effectively settled issues under audit and new audit activity. Such a change in recognition or measurement would result in the recognition of a tax benefit or an additional charge to the tax provision in the period.
We are subject to contingencies that expose us to losses, including various legal and regulatory proceedings, asserted and potential claims that arise in the ordinary course of business. An estimated loss from such contingencies is recognized as a charge to income if it is probable that a liability has been incurred and the amount of the loss can be reasonably estimated. Judgment is required in both the determination of probability and the determination as to whether a loss is reasonably estimable. We review the status of each significant matter quarterly, and we may revise our estimates. Until the final resolution of such matters, there may be an exposure to loss in excess of the amount recorded, and such amounts could be material. Should any of our estimates and assumptions change or prove to have been incorrect, it could have a material impact on our Consolidated Financial Statements for that reporting period.
RESULTS OF OPERATIONS
We have elected to omit discussion on the earliest of the three years presented in the Consolidated Financial Statements of this Annual Report on Form 10-K. Refer to Part II, Item 7. Management’s Discussion and Analysis of Financial Condition and Results of Operations of our Annual Report on Form 10-K for the fiscal year ended April 2, 2021 for year-over-year comparisons of the results of operation between fiscal 2021 and fiscal 2020 as well as discussion of fiscal 2020 performance metrics and cash flow activity, all of which are incorporated herein by reference.
The following table sets forth our Consolidated Statements of Operations data as a percentage of net revenues for the periods indicated:
|Net revenues||100 ||%||100 ||%|
|Cost of revenues||15 ||%||14 ||%|
|Gross profit||85 ||%||86 ||%|
|Sales and marketing||22 ||%||23 ||%|
|Research and development||9 ||%||10 ||%|
|General and administrative||14 ||%||8 ||%|
|Amortization of intangible assets||3 ||%||3 ||%|
|Restructuring and other costs||1 ||%||6 ||%|
|Total operating expenses||49 ||%||51 ||%|
|Operating income (loss)||36 ||%||35 ||%|
|Other income (expense), net||6 ||%||5 ||%|
|Income (loss) from continuing operations before income taxes||37 ||%||34 ||%|
|Income tax expense (benefit)||7 ||%||7 ||%|
|Income (loss) from continuing operations||30 ||%||27 ||%|
|Income (loss) from discontinued operations||— ||%||(6)||%|
|Net income (loss)||30 ||%||22 ||%|
Note: The percentages may not add due to rounding.
|Fiscal Year||% Change|
|(In millions, except for percentages)||2022||2021||2022 vs. 2021|
|Net revenues||$||2,796 ||$||2,551 ||10 ||%|
Fiscal 2022 compared to fiscal 2021
Net revenues increased $245 million, primarily due to a $156 million increase in sales of our consumer security products and a $89 million increase in sales of our identity and protection products. This was driven by the increase in our direct customer count year-over-year and revenue attributable to Avira, which was acquired during the fourth quarter of fiscal 2021.
We regularly monitor a number of metrics in order to measure our current performance and estimate our future performance. Our metrics may be calculated in a manner different than similar metrics used by other companies.
The following table summarizes supplemental key performance metrics for our solutions:
|(In millions, except for per user amounts and percentages)||2022||2021|
Direct customer revenue (1)
|$||2,476 ||$||2,286 |
|Partner revenues||$||331 ||$||270 |
Average direct customer count (2)
|23.3 ||21.2 |
|Direct customer count (at quarter-end)||23.5 ||23.0 |
|Direct average revenue per user (ARPU)||$||8.87 ||$||9.01 |
|Annual retention rate||85 ||%||85 ||%|
(1) Direct customer revenues in fiscal 2022 and 2021 excludes a $11 million and $5 million, respectively, reduction of revenue from a contract liability purchase accounting adjustment, which was recognized in the fourth quarter of fiscal 2021. We believe that eliminating the impact of this adjustment improves the comparability of revenues between periods. In addition, although the adjustment amounts will never be recognized in our GAAP financial statements, we do not expect the acquisitions to affect the future renewal rates of revenues excluded by the adjustments.
(2) The average direct customer count for the fourth fiscal quarter of fiscal 2021 was pro-rated to include 1.6 million customers from the Avira acquisition.
We define direct customer revenues as revenues from sales of our consumer solutions to direct customers, which we define as active paid users who have a direct billing relationship with us at the end of the reported period. We exclude users on free trials and promotions and users who have indirectly purchased our product or services through partners unless such users convert or renew their subscriptions directly with us, or sign up for a paid membership through our web store.
From time to time, we update our methodology due to changes in the business. In fiscal 2021, the average direct customer count calculation was refined primarily to pro-rate for acquisitions that happen during a quarter, such as Avira, which was acquired in January 2021. The full year average direct customer count is calculated as an average across the quarters.
ARPU is calculated as estimated direct customer revenues for the period divided by the average direct customer count for the same period, expressed as a monthly figure. We monitor ARPU because it helps us understand the rate at which we are monetizing our consumer customer base.
Annual retention rate is defined as the number of direct customers who have more than a one-year tenure as of the end of the most recently completed fiscal period divided by the total number of direct customers as of the end of the period from one year ago. We monitor annual retention rate to evaluate the effectiveness of our strategies to improve renewals of subscriptions.
Net revenues by geographic region
Percentage of revenue by geographic region as presented below is based on the billing location of the customer.
|Americas||70 ||%||72 ||%|
|EMEA||18 ||%||16 ||%|
|APJ||12 ||%||12 ||%|
The Americas include U.S., Canada, and Latin America; EMEA includes Europe, Middle East, and Africa; APJ includes Asia Pacific and Japan.
Percentage of revenue by geographic region remained consistent in fiscal 2022 and 2021.
Cost of revenues
|Fiscal Year||% Change|
|(In millions, except for percentages)||2022||2021||2022 vs. 2021|
|Cost of revenues||$||408 ||$||362 ||13 ||%|
Fiscal 2022 compared to fiscal 2021
Our cost of revenues increased $46 million, primarily due to higher revenue share costs, payment processing fees and technical support costs associated with year-over-year business growth and costs attributable to Avira, which was acquired during the fourth quarter of fiscal 2021.
|Fiscal Year||% Change|
|(In millions, except for percentages)||2022||2021||2022 vs. 2021|
|Sales and marketing||$||622 ||$||576 ||8 ||%|
|Research and development||253 ||267 ||(5)||%|
|General and administrative||392 ||215 ||82 ||%|
|Amortization of intangible assets||85 ||74 ||15 ||%|
|Restructuring and other costs||31 ||161 ||(81)||%|
|Total||$||1,383 ||$||1,293 ||7 ||%|
Fiscal 2022 compared to fiscal 2021
Sales and marketing expense increased $46 million, primarily due to a $70 million increase in advertising and promotional expenses as a result of increased investment in advertising. This is partially offset by a $20 million decrease in IT and related support costs from corporate restructuring and cost reduction efforts in fiscal 2021.
Research and development expense decreased $14 million, primarily due to a $13 million decrease in shared facility and IT costs.
General and administrative expense increased $177 million, primarily due to a $185 million legal accrual relating to an ongoing patent infringement lawsuit, partially offset by a decrease in compensation and benefits.
Amortization of intangible assets increased $11 million as a result of the Avira acquisition.
Restructuring and other costs decreased $130 million, in connection with the November 2019 Plan, which was substantially completed in the second quarter of fiscal 2021. See Note 12 of the Notes to the Consolidated Financial Statements for details of the fiscal 2022 restructuring activities.
Non-operating income (expense), net
|Fiscal Year||$ Change|
|(In millions)||2022||2021||2022 vs. 2021|
|Interest expense||$||(126)||$||(144)||$||18 |
|Interest income||— ||4 ||(4)|
|Foreign exchange gain (loss)||(2)||1 ||(3)|
|(Loss) gain on early extinguishment of debt||(3)||20 ||(23)|
|Gain on sale of properties||175 ||98 ||77 |
|Transition service expense, net||— ||(9)||9 |
|Non-operating income (expense), net||$||37 ||$||(24)||$||61 |
Fiscal 2022 compared to fiscal 2021
Non-operating income (expense), net, increased $61 million, primarily due to a $175 million gain on the sale of certain land and buildings in Mountain View, California during fiscal 2022 compared to an aggregate $98 million gain on the sale of two properties during fiscal 2021. This is partially offset by the absence of a $20 million gain on early extinguishment of debt during the first quarter of fiscal 2021, as well as a $7 million impairment of long-term assets primarily associated with one of our equity investments, which is measured at cost minus impairment.
Provision for income taxes
We are a U.S.-based multinational company subject to tax in multiple U.S. and international tax jurisdictions. Our results of operations would be adversely affected to the extent that our geographical mix of income becomes more weighted toward jurisdictions with higher tax rates and would be favorably affected to the extent the relative geographic mix shifts to lower tax jurisdictions. Any change in our mix of earnings is dependent upon many factors and is therefore difficult to predict.
|(In millions, except for percentages)||2022||2021|
|Income (loss) from continuing operations before income taxes||$||1,042 ||$||872 |
|Provision for income taxes||$||206 ||$||176 |
|Effective tax rate on income (loss) from continuing operations||20 ||%||20 ||%|
Fiscal 2022 compared to fiscal 2021
Our effective tax rate is consistent with prior year.
|(In millions, except for percentages)||2021|
|Net revenues||$||1 |
|Gross profit||$||1 |
|Operating income (loss)||$||(177)|
|Income (loss) before income taxes||$||(176)|
|Income tax expense (benefit)||$||(34)|
|Income (loss) from discontinued operations, net of taxes||$||(142)|
Fiscal 2022 compared to fiscal 2021
Income (loss) from discontinued operations, net of tax, decreased primarily due to the completion of the discontinued operations activities in fiscal 2021. There was no discontinued operations activity during the year ended April 1, 2022.
LIQUIDITY, CAPITAL RESOURCES AND CASH REQUIREMENTS
Liquidity and Capital Resources
We have historically relied on cash generated from operations, borrowings under credit facilities, issuances of debt and proceeds from divestitures for our liquidity needs.
Our capital allocation strategy is to balance driving stockholder returns, managing financial risk and preserving our flexibility to pursue strategic options, including acquisitions and mergers. Historically, this has included a quarterly cash dividend, the repayment of debt and the repurchase of our common stock.
The following table summarizes our cash flow activities in fiscal 2022 and 2021:
|Net cash provided by (used in):|
|Operating activities||$||974 ||$||706 |
|Investing activities||$||326 ||$||(69)|
|Increase (decrease) in cash and cash equivalents||$||954 ||$||(1,244)|
Cash from operating activities
Our cash flows provided by operating activities in fiscal 2022 increased $268 million, primarily due to higher profit before taxes adjusted by non-cash items compared to fiscal 2021.
Cash from investing activities
Our cash flows provided by investing activities in fiscal 2022 increased $395 million, primarily due to higher proceeds from the sale of properties and fewer payments for business acquisitions, partially offset by a decrease in proceeds from the maturities and sales of short-term investments.
Cash from financing activities
Our cash flows used in financing activities in fiscal 2022 decreased $1,570 million, primarily due to a decrease in repayments of debt and no repurchases of common stock. Fiscal 2022 reflects the settlement of our New 2.5% Convertible Notes of $364 million and partial settlement of our New 2.0% Convertible Notes of $139 million, compared to the settlement of our 2.0% Convertible Notes and repayment of our 4.2% Senior Notes of $1,941 million as well as repurchases of common stock of 304 million during fiscal 2021.
Cash and cash equivalents
As of April 1, 2022, we had cash, cash equivalents and short-term investments of approximately $1,891 million, of which $671 million was held by our foreign subsidiaries. Our cash, cash equivalents and short-term investments are managed with the objective to preserve principal, maintain liquidity and generate investment returns. The participation exemption system under current U.S. federal tax regulations generally allows us to make distributions of non-U.S. earnings to the U.S. without incurring additional U.S. federal tax; however, these distributions may be subject to applicable state or non-U.S. taxes.
We have an undrawn revolving credit facility of $1 billion, which expires in May 2026.
On May 7, 2021, we entered into the first amendment to our credit agreement (the First Amendment), which provided for an incremental increase under the Initial Term Loan, and extended the maturity date of the Initial Term Loan, the Delayed Draw Term Loan, and revolving credit facility from November 2024 to May 2026. We borrowed $525 million under the First Amendment of our Initial Term Loan. For additional discussion on the amendment, see Note 10 of the Notes to the Consolidated Financial Statements included in this Annual Report on Form 10-K.
On May 20, 2021, we settled the $250 million principal and conversion rights of the New 2.5% Convertible Senior Notes in cash. The aggregate settlement amount of $364 million was based on $24.40 per underlying share into which the 2.5% Convertible Notes were convertible. In addition, we paid $1 million of accrued and unpaid interest through the date of settlement and $1 million of cash dividends that we declared on May 10, 2021.
On March 18, 2022, we settled $100 million of principal and conversion rights of the New 2.0% Convertible Senior Notes in cash. The aggregate settlement amount of $139 million was based on $28.32 per underlying shares into which the 2.0% Convertible Notes were convertible.
Sale of certain assets
On July 14, 2021, we completed the sale of certain land and buildings in Mountain View, California for cash consideration of $355 million, net of selling costs.
Our principal cash requirements are primarily to meet our working capital needs and support on-going business activities, including payment of taxes and cash dividends, payment of contractual obligations, funding capital expenditures, servicing existing debt, repurchasing our common stock and investing in business acquisitions and mergers.
Proposed Merger with Avast
On August 10, 2021, the Company announced a transaction under which we intend to acquire the entire issued and to be issued ordinary share capital of Avast plc, a public company incorporated in England and Wales and a global leader of digital security and privacy headquartered in Prague, Czech Republic (Avast and such transaction, the Proposed Merger). Based on our undisturbed closing share price of $27.20 on July 13, 2021, and depending on the Avast shareholder elections, the estimated purchase price range for the Avast shares under the Proposed Merger is $8.1 billion to $8.6 billion. In conjunction with the Proposed Merger, we and certain financial institution parties entered into an Interim Facilities Agreement, under which Bank of America, N.A. and Wells Fargo Bank N.A., as interim lenders, agreed to provide us with certain term loan and revolving facilities in order to finance the cash consideration payable and based on the terms and conditions set forth in a commitment letter. The Interim Facilities Agreement includes (i) the Interim Facility B, (ii) the Interim Facility A1 and the Interim Facility A2, and (iii) the Interim Revolving Facility which, on or before the final repayment date, are to be repaid/replaced in full by loans made under the definitive financing documentation for the Definitive Facilities (the Facilities Agreement). The obligations under the Facilities Agreement will be guaranteed, jointly and severally, by all of our present and future domestic subsidiaries, with certain exceptions, as applicable. The Facilities Agreement will replace the existing credit facility agreement upon the close of the transaction.
On May 5, 2022, we announced a cash dividend of $0.125 per share of common stock to be paid in June 2022. We currently expect to continue to pay quarterly cash dividends to stockholders in the future, but such payments will be subject to the approval of our Board of Directors and will depend on our financial condition, results of operations, capital requirements, general business and market conditions and other investment opportunities.
Share repurchase program
Under our stock repurchase program, we may purchase shares of our outstanding common stock through accelerated stock repurchase transactions, open market transactions (including through trading plans intended to qualify under Rule 10b5-1 under the Exchange Act) and privately-negotiated transactions. As of April 1, 2022, the remaining balance of our stock repurchase authorization is $1,774 million and does not have an expiration date. We currently expect to repurchase shares in the future, but the timing and actual number of shares repurchased will depend on a variety of factors, including price, general business and market conditions and other investment opportunities.
Subsequent to April 1, 2022, we executed repurchases of 4 million shares of our common stock for an aggregate amount of $107 million. As a result, we have $1,667 million remaining under our existing share repurchase program.
The following is a schedule of our significant contractual obligations and commitments as of April 1, 2022. The expected timing and amount of short-term and long-term payments of the obligations in the following table is estimated based on current information. Timing of payments and actual amounts paid may be different, depending on the time of receipt of goods or services, or changes to agreed-upon amounts for certain obligations.
|Short-Term Payments||Long-Term Payments||Total|
Debt (principal payments) (1)
|$||1,001 ||$||2,746 ||$||3,747 |
Interest payments on debt (2)
|106 ||250 ||356 |
Purchase obligations (3)
|353 ||73 ||426 |
Deemed repatriation taxes (4)
|68 ||437 ||505 |
Operating leases (5)
|22 ||80 ||102 |
|Total ||$||1,550 ||$||3,586 ||$||5,136 |
(1)As of April 1, 2022, our total outstanding principal amount of indebtedness is comprised of $1,713 million in Term Loans, $1,500 million in Senior Notes, $525 million in Convertible Senior Notes and $9 million in Mortgage Loans. See Note 10 of the Notes to the Consolidated Financial Statements included in this Annual Report on Form 10-K for further information about our debt and debt covenants.
The credit agreement we entered into in November 2019, which was amended and extended through May 2026 on May 7, 2021, contains customary representations and warranties, non-financial covenants for financial reporting, affirmative and negative covenants, including a covenant that we maintain a consolidated leverage ratio of not more than 5.25 to 1.0, or 5.75 to 1.0 if we acquire assets or business in an aggregate amount greater than $250 million, and restrictions on indebtedness, liens, investments, stock repurchases, and dividends (with exceptions permitting our regular quarterly dividend and other specific capital returns). As of April 1, 2022, we were in compliance with all debt covenants.
(2)Interest payments calculated based on the contractual terms of the related Senior Notes, Convertible Senior Notes and credit facility. Interest on variable rate debt was calculated using the interest rate in effect as of April 1, 2022. See Note 10 of the Notes to the Consolidated Financial Statements included in this Annual Report on Form 10-K for further information on the Senior Notes, Convertible Senior Notes and Term loans.
(3)Agreements for purchases of goods or services, with terms that are enforceable and legally binding and specify all significant terms, including fixed or minimum quantities to be purchased; fixed, minimum, or variable price provisions; and the approximate timing of the transaction. These amounts include agreements to purchase goods or services that have cancellation provisions requiring little or no payment. The amounts under such contracts are included because management believes that cancellation of these contracts is unlikely, and we expect to make future cash payments according to the contract terms or in similar amounts for similar materials.
(4)Transition tax payments on previously untaxed foreign earnings of foreign subsidiaries under the Tax Cuts and Jobs Act, which may be paid through July 2025.
(5)Payments for various non-cancelable operating lease agreements that expire on various dates through fiscal 2029. The amounts in the table above exclude expected sublease income. See Note 9 of the Notes to the Consolidated Financial Statements included in this Annual Report on Form 10-K for further information on leases.
Due to the uncertainty with respect to the timing of future cash flows associated with our unrecognized tax benefits and other long-term taxes as of April 1, 2022, we are unable to make reasonably reliable estimates of the period of cash settlement with the respective taxing authorities. Therefore, $556 million in long-term income taxes payable has been excluded from the contractual obligations table. See Note 13 of the Notes to the Consolidated Financial Statements included in this Annual Report on Form 10-K for further information.
Under the terms of the Proposed Merger, we expect to pay a purchase price for the Avast shares, ranging from $8.1 billion to $8.6 billion, upon the completion of the transaction in mid-to-late calendar year 2022. In conjunction with the Proposed Merger, we have secured debt under the Interim Facilities which will be available upon the close of the transaction. If the Proposed Merger is completed, our debt obligations will include principal and interest payments related to these credit facilities. See Note 4 of the Notes to the Consolidated Financial Statements included in this Annual Report on Form 10-K for further information regarding this business combination and the related debt instruments.
Based on past performance and current expectations, we believe that our existing cash and cash equivalents, together with cash generated from operations and amounts available under our credit facility, will be sufficient to meet our working capital needs and support on-going business activities through at least the next 12 months and to satisfy our known long-term contractual obligations. We plan to finance the cash consideration payable to Avast primarily with borrowings under our Definitive Facilities. We believe that our existing cash and cash to be generated by operations, along with amounts available under the new credit facility, will satisfy our long-term cash requirements for this transaction. However, our future liquidity and capital requirements may vary materially from those as of April 1, 2022 depending on several factors, including, but not limited to, economic conditions; political climate; the expansion of sales and marketing activities; the costs to acquire or invest in businesses; and the risks and uncertainties discussed in “Risk Factors” in Item 1A.
In the ordinary course of business, we may provide indemnifications of varying scope and terms to customers, vendors, lessors, business partners, subsidiaries, and other parties with respect to certain matters, including, but not limited to, losses arising out of our breach of agreements or representations and warranties made by us. In connection with the sale of Veritas and the sale of our Enterprise Security business to Broadcom, we assigned several leases to Veritas Technologies LLC or Broadcom and/or their related subsidiaries. In addition, our bylaws contain indemnification obligations to our directors, officers, employees and agents, and we have entered into indemnification agreements with our directors and certain of our officers to give such directors and officers additional contractual assurances regarding the scope of the indemnification set forth in our bylaws and to provide additional procedural protections. We maintain director and officer insurance, which may cover certain liabilities arising from our obligation to indemnify our directors and officers. Refer to Note 18 of the Notes to the Consolidated Financial Statements included in this Annual Report on Form 10-K for further information on our indemnifications.
Item 7A. Quantitative and Qualitative Disclosures about Market Risk
We are exposed to various market risks related to fluctuations in interest rates and foreign currency exchange rates. We may use derivative financial instruments to mitigate certain risks in accordance with our investment and foreign exchange policies. We do not use derivatives or other financial instruments for trading or speculative purposes.
Interest rate risk
Our short-term investments and cash equivalents primarily consist of corporate bonds and certificate of deposits, respectively. A change in interest could have an adverse impact on their market value. As of April 1, 2022, the carrying value and fair value of our short-term investments and cash equivalents was $4 million. A hypothetical change in the yield curve of 100 basis points would not result in a significant reduction in fair value.
As of April 1, 2022, we had $2.0 billion in aggregate principal amount of fixed-rate Senior Notes and convertible debt outstanding, with a carrying amount and a fair value of $2.0 billion, based on Level 2 inputs. The fair value of these notes fluctuates when interest rates change. Since these notes bear interest at fixed rates, financial statement risk associated with changes in interest rates is limited to future refinancing of current debt obligations. If these notes were refinanced at higher interest rates prior to maturity, our total interest payments could increase by a material amount; however, this risk is mitigated by our strong cash position and expected future cash generated from operations, which will be sufficient to satisfy this increase in obligation.
As of April 1, 2022, we also had $1.7 billion outstanding debt with variable interest rates based on the London InterBank Offered Rate (LIBOR). A reasonably possible hypothetical adverse change of 200 basis points in LIBOR would not result in a significant increase in interest expense on an annualized basis.
In addition, we have a $1 billion revolving credit facility that if drawn bears interest at a variable rate based on LIBOR and would be subject to the same risks associated with adverse changes in LIBOR.
Foreign currency exchange rate risk
We conduct business in numerous currencies through our worldwide operations, and our entities hold monetary assets or liabilities, earn revenues or incur costs in currencies other than the entity’s functional currency, primarily in Euro, Japanese Yen, Singapore Dollar, British Pound and Australian Dollar. In addition, we charge our international subsidiaries for their use of intellectual property and technology and for certain corporate services we provide. Our cash flow, results of operations and certain of our intercompany balances that are exposed to foreign exchange rate fluctuations may differ materially from expectations, and we may record significant gains or losses due to foreign currency fluctuations and related hedging activities. As a result, we are exposed to foreign exchange gains or losses which impacts our operating results.
We have a foreign exchange exposure management program designed to identify material foreign currency exposures, manage these exposures and reduce the potential effects of currency fluctuations on our results of operations, through which we enter into monthly foreign exchange forward contracts on our assets and liabilities denominated in currencies other than the functional currency of our subsidiaries. We do not use derivative financial instruments for speculative trading purposes, nor do we hedge our foreign currency exposure in a manner that entirely offsets the effects of the changes in foreign exchange rates. The gains and losses on these foreign exchange contracts are recorded in Other income (expense), net in the Consolidated Statements of Operations.
As of April 1, 2022 and April 2, 2021, we had open foreign currency forward contracts with notional amounts of $346 million and $338 million, respectively, to hedge foreign currency balance sheet exposure, with an insignificant fair value. A hypothetical ten percent depreciation of foreign currency would not result in a significant reduction in fair value of our forward contracts. This analysis disregards the possibilities that the rates can move in opposite directions and that losses from one geographic area may be offset by gains from another geographic area.
Additional information with respect to our derivative instruments is included in Note 11 of the Notes to the Consolidated Financial Statements in this Annual Report on Form 10-K.
Item 8. Financial Statements and Supplementary Data
The Consolidated Financial Statements and related disclosures included in Part IV, Item 15 of this Annual Report are incorporated by reference into this Item 8. In addition, there were no material retrospective changes to any quarters in the two most recent fiscal years that would require supplementary disclosure.
Item 9. Changes in and Disagreements with Accountants on Accounting and Financial Disclosure
Item 9A. Controls and Procedures
a) Evaluation of Disclosure Controls and Procedures
The SEC defines the term “disclosure controls and procedures” to mean a company’s controls and other procedures that are designed to ensure that information required to be disclosed in the reports that it files or submits under the Exchange Act is recorded, processed, summarized, and reported, within the time periods specified in the SEC’s rules and forms. “Disclosure controls and procedures” include, without limitation, controls and procedures designed to ensure that information required to be disclosed by an issuer in the reports that it files or submits under the Exchange Act is accumulated and communicated to the issuer’s management, including its principal executive and principal financial officers, or persons performing similar functions, as appropriate to allow timely decisions regarding required disclosure. Our disclosure controls and procedures are designed to provide reasonable assurance that such information is accumulated and communicated to our management. Our management (with the participation of our Chief Executive Officer and Chief Financial Officer) has conducted an evaluation of the effectiveness of our disclosure controls and procedures (as defined in Rules 13a-15(e) and 15d-15(e) of the Securities Exchange Act).
Based on such evaluation, our Chief Executive Officer and our Chief Financial Officer have concluded that our disclosure controls and procedures were effective at the reasonable assurance level as of the end of the period covered by this Annual Report on Form 10-K.
b) Management’s Report on Internal Control over Financial Reporting
Our management is responsible for establishing and maintaining adequate internal control over financial reporting (as defined in Rules 13a-15(f) and 15d-15(f) of the Exchange Act) for NortonLifeLock. Our management, with the participation of our Chief Executive Officer and our Chief Financial Officer, has conducted an evaluation of the effectiveness of our internal control over financial reporting as of April 1, 2022, based on criteria established in Internal Control - Integrated Framework (2013) issued by the Committee of Sponsoring Organizations of the Treadway Commission (COSO).
Our management has concluded that, as of April 1, 2022, our internal control over financial reporting was effective at the reasonable assurance level based on these criteria.
The effectiveness of our internal control over financial reporting, as of April 1, 2022, has been audited by KPMG LLP, an independent registered public accounting firm, as stated in their report, which is included in Part IV, Item 15 of this Annual Report on Form 10-K.
c) Changes in Internal Control over Financial Reporting
There was no change in our internal control over financial reporting that occurred during the quarter ended April 1, 2022, that has materially affected, or is reasonably likely to materially affect, our internal control over financial reporting.
d) Limitations on Effectiveness of Controls
Our management, including our Chief Executive Officer and Chief Financial Officer, does not expect that our disclosure controls and procedures or our internal controls will prevent all errors and all fraud. A control system, no matter how well conceived and operated, can provide only reasonable, not absolute, assurance that the objectives of the control system are met. Further, the design of a control system must reflect the fact that there are resource constraints, and the benefits of controls must be considered relative to their costs. Because of the inherent limitations in all control systems, no evaluation of controls can provide absolute assurance that all control issues and instances of fraud, if any, within our company have been detected.
Item 9B. Other Information
Item 9C. Disclosure Regarding Foreign Jurisdictions that Prevent Inspections
Item 10. Directors, Executive Officers and Corporate Governance
The information required by this item will be included under the caption “Directors, Executive Officers, and Corporate Governance” in our proxy statement for the 2022 Annual Meeting to be filed with the SEC within 120 days of the fiscal year ended April 1, 2022 (the 2022 Proxy Statement) and is incorporated herein by reference. With regard to the information required by this item regarding compliance with Section 16(a) of the Exchange Act, we will provide disclosure of delinquent Section 16(a) reports, if any, in the 2022 Proxy Statement, and such disclosure, if any, is incorporated herein by reference.
Item 11. Executive Compensation
The information required by this item will be included under the caption “Executive Compensation” in our 2022 Proxy Statement and is incorporated herein by reference.
Item 12. Security Ownership of Certain Beneficial Owners and Management and Related Stockholder Matters
The information required by this item will be included under the caption “Security Ownership of Certain Beneficial Owners and Management and Related Stockholder Matters” in our 2022 Proxy Statement and is incorporated herein by reference.
Item 13. Certain Relationships and Related Transactions, and Director Independence
The information required by this item will be included under the caption “Certain Relationships and Related Transactions, and Director Independence” in our 2022 Proxy Statement and is incorporated herein by reference.
Item 14. Principal Accountant Fees and Services
Our independent registered public accounting firm is KPMG, LLC, Santa Clara, CA, Auditor Firm ID: 185.
The information required by this item will be included under the caption “Principal Accountant Fees and Services” in our 2022 Proxy Statement and is incorporated herein by reference.
Item 15. Exhibits, Financial Statement Schedules
(1). Financial Statements
Upon written request, we will provide, without charge, a copy of this annual report, including the Consolidated Financial Statements and financial statement schedule. All requests should be sent to:
Attn: Investor Relations
60 E. Rio Salado, Suite 1000
Tempe, Arizona 85281
The following documents are filed as part of this report:
Report of Independent Registered Public Accounting Firm
To the Stockholders and Board of Directors
Opinions on the Consolidated Financial Statements and Internal Control Over Financial Reporting
We have audited the accompanying consolidated balance sheets of NortonLifeLock Inc. and subsidiaries (the Company) as of April 1, 2022 and April 2, 2021, the related consolidated statements of operations, comprehensive income (loss), stockholders’ equity (deficit), and cash flows for each of the years in the three-year period ended April 1, 2022, and the related notes (collectively, the consolidated financial statements). We also have audited the Company’s internal control over financial reporting as of April 1, 2022, based on criteria established in Internal Control – Integrated Framework (2013) issued by the Committee of Sponsoring Organizations of the Treadway Commission.
In our opinion, the consolidated financial statements referred to above present fairly, in all material respects, the financial position of the Company as of April 1, 2022 and April 2, 2021, and the results of its operations and its cash flows for each of the years in the three-year period ended April 1, 2022, in conformity with U.S. generally accepted accounting principles. Also in our opinion, the Company maintained, in all material respects, effective internal control over financial reporting as of April 1, 2022 based on criteria established in Internal Control – Integrated Framework (2013) issued by the Committee of Sponsoring Organizations of the Treadway Commission.
Basis for Opinions
The Company’s management is responsible for these consolidated financial statements, for maintaining effective internal control over financial reporting, and for its assessment of the effectiveness of internal control over financial reporting, included in the accompanying Management's Report on Internal Control over Financial Reporting. Our responsibility is to express an opinion on the Company’s consolidated financial statements and an opinion on the Company’s internal control over financial reporting based on our audits. We are a public accounting firm registered with the Public Company Accounting Oversight Board (United States) (PCAOB) and are required to be independent with respect to the Company in accordance with the U.S. federal securities laws and the applicable rules and regulations of the Securities and Exchange Commission and the PCAOB.
We conducted our audits in accordance with the standards of the PCAOB. Those standards require that we plan and perform the audits to obtain reasonable assurance about whether the consolidated financial statements are free of material misstatement, whether due to error or fraud, and whether effective internal control over financial reporting was maintained in all material respects.
Our audits of the consolidated financial statements included performing procedures to assess the risks of material misstatement of the consolidated financial statements, whether due to error or fraud, and performing procedures that respond to those risks. Such procedures included examining, on a test basis, evidence regarding the amounts and disclosures in the consolidated financial statements. Our audits also included evaluating the accounting principles used and significant estimates made by management, as well as evaluating the overall presentation of the consolidated financial statements. Our audit of internal control over financial reporting included obtaining an understanding of internal control over financial reporting, assessing the risk that a material weakness exists, and testing and evaluating the design and operating effectiveness of internal control based on the assessed risk. Our audits also included performing such other procedures as we considered necessary in the circumstances. We believe that our audits provide a reasonable basis for our opinions.
Definition and Limitations of Internal Control Over Financial Reporting
A company’s internal control over financial reporting is a process designed to provide reasonable assurance regarding the reliability of financial reporting and the preparation of financial statements for external purposes in accordance with generally accepted accounting principles. A company’s internal control over financial reporting includes those policies and procedures that (1) pertain to the maintenance of records that, in reasonable detail, accurately and fairly reflect the transactions and dispositions of the assets of the company; (2) provide reasonable assurance that transactions are recorded as necessary to permit preparation of financial statements in accordance with generally accepted accounting principles, and that receipts and expenditures of the company are being made only in accordance with authorizations of management and directors of the company; and (3) provide reasonable assurance regarding prevention or timely detection of unauthorized acquisition, use, or disposition of the company’s assets that could have a material effect on the financial statements.
Because of its inherent limitations, internal control over financial reporting may not prevent or detect misstatements. Also, projections of any evaluation of effectiveness to future periods are subject to the risk that controls may become inadequate because of changes in conditions, or that the degree of compliance with the policies or procedures may deteriorate.
Critical Audit Matters
The critical audit matter communicated below is a matter arising from the current period audit of the consolidated financial statements that was communicated or required to be communicated to the audit committee and that: (1) relate to accounts or disclosures that are material to the consolidated financial statements and (2) involved our especially challenging, subjective, or complex judgments. The communication of critical audit matter does not alter in any way our opinion on the consolidated
financial statements, taken as a whole, and we are not, by communicating the critical audit matter below, providing separate opinions on the critical audit matter or on the accounts or disclosures to which it relates.
Assessment of uncertain tax positions
As discussed in Notes 1 and 13 to the consolidated financial statements, as of April 1, 2022 the Company recognized uncertain tax positions. The Company recognizes tax benefits from uncertain tax positions when there is more than a 50% likelihood that the tax position will be sustained upon examination by the taxing authorities based on the technical merits of the position. As of April 1, 2022, the Company has recorded a liability for gross unrecognized tax benefits, of $527 million.
We identified the assessment of uncertain tax positions as a critical audit matter. Complex auditor judgment, including the involvement of tax professionals with specialized skills and knowledge, was required to evaluate the Company’s interpretation and application of tax law globally across its multiple subsidiaries.
The following are the primary procedures we performed to address this critical audit matter. We evaluated the design and tested the operating effectiveness of certain internal controls over the Company’s uncertain tax positions process, including controls related to the interpretation of tax law, its application in the liability estimation process, and determination of the final uncertain tax position. We involved tax professionals with specialized skills and knowledge, who assisted in:
● Obtaining an understanding of the Company’s overall tax structure across multiple subsidiaries and assessing the Company’s compliance with tax laws globally,
● Evaluating changes in tax law, and assessing the interpretation under the relevant jurisdictions’ tax law,
● Inspecting settlements with taxing authorities to assess the Company’s determination of its tax positions and having more than a 50% likelihood to be sustained upon examination, and
● Performing an assessment of the Company’s tax positions and comparing the results to the Company’s assessment.
In addition, we evaluated the Company’s ability to accurately estimate its gross unrecognized tax benefits by comparing historical gross unrecognized tax benefits to actual outcome upon conclusion of tax examinations.
/s/ KPMG LLP
We have served as the Company’s auditor since 2002.
Santa Clara, California
May 20, 2022
CONSOLIDATED BALANCE SHEETS
(In millions, except par value per share amounts)
|April 1, 2022||April 2, 2021|
|Cash and cash equivalents||$||1,887 ||$||933 |
|Short-term investments||4 ||18 |
|Accounts receivable, net||120 ||117 |
|Other current assets||193 ||237 |
|Assets held for sale||56 ||233 |
|Total current assets||2,260 ||1,538 |
|Property and equipment, net||60 ||78 |
|Operating lease assets||74 ||76 |
|Intangible assets, net||1,023 ||1,116 |
|Goodwill||2,873 ||2,867 |
|Other long-term assets||653 ||686 |
|Total assets||$||6,943 ||$||6,361 |
|LIABILITIES AND STOCKHOLDERS’ EQUITY (DEFICIT)|
|Accounts payable||$||63 ||$||52 |
|Accrued compensation and benefits||81 ||107 |
|Current portion of long-term debt||1,000 ||313 |
|Contract liabilities||1,264 ||1,210 |
|Current operating lease liabilities||18 ||26 |
|Other current liabilities||639 ||428 |
|Total current liabilities||3,065 ||2,136 |
|Long-term debt||2,736 ||3,288 |
|Long-term contract liabilities||42 ||55 |
|Deferred income tax liabilities||75 ||137 |
|Long-term income taxes payable||996 ||1,119 |
|Long-term operating lease liabilities||75 ||66 |
|Other long-term liabilities||47 ||60 |
|Total liabilities||7,036 ||6,861 |
Commitments and contingencies (Note 18)
|Stockholders’ equity (deficit):|
Common stock and additional paid-in capital, $0.01 par value: 3,000 shares authorized; 582 and 580 shares issued and outstanding as of April 1, 2022 and April 2, 2021, respectively
|1,851 ||2,229 |
|Accumulated other comprehensive income||(4)||47 |
|Retained earnings (accumulated deficit)||(1,940)||(2,776)|
|Total stockholders’ equity (deficit)||(93)||(500)|
|Total liabilities and stockholders’ equity (deficit)||$||6,943 ||$||6,361 |
The accompanying Notes to the Consolidated Financial Statements are an integral part of these statements.
CONSOLIDATED STATEMENTS OF OPERATIONS
(In millions, except per share amounts)
| ||Year Ended|
|April 1, 2022||April 2, 2021||April 3, 2020|
|Net revenues||$||2,796 ||$||2,551 ||$||2,490 |
|Cost of revenues||408 ||362 ||393 |
|Gross profit||2,388 ||2,189 ||2,097 |
|Sales and marketing||622 ||576 ||701 |
|Research and development||253 ||267 ||328 |
|General and administrative||392 ||215 ||368 |
|Amortization of intangible assets||85 ||74 ||79 |
|Restructuring and other costs||31 ||161 ||266 |
|Total operating expenses||1,383 ||1,293 ||1,742 |
|Operating income (loss)||1,005 ||896 ||355 |
|Other income (expense), net||163 ||120 ||660 |
|Income (loss) from continuing operations before income taxes||1,042 ||872 ||819 |
|Income tax expense (benefit)||206 ||176 ||241 |
|Income (loss) from continuing operations||836 ||696 ||578 |
|Income (loss) from discontinued operations||— ||(142)||3,309 |
|Net income (loss)||$||836 ||$||554 ||$||3,887 |
|Income (loss) per share - basic:|
|Continuing operations||$||1.44 ||$||1.18 ||$||0.94 |
|Discontinued operations||$||— ||$||(0.24)||$||5.38 |
|Net income per share - basic ||$||1.44 ||$||0.94 ||$||6.32 |
|Income (loss) per share - diluted:|
|Continuing operations||$||1.41 ||$||1.16 ||$||0.90 |
|Discontinued operations||$||— ||$||(0.24)||$||5.15 |
|Net income per share - diluted||$||1.41 ||$||0.92 ||$||6.05 |
|Weighted-average shares outstanding:|
|Basic||581 ||589 ||615 |
|Diluted||591 ||600 ||643 |
The accompanying Notes to the Consolidated Financial Statements are an integral part of these statements.
CONSOLIDATED STATEMENTS OF COMPREHENSIVE INCOME (LOSS)
| ||Year Ended|
|April 1, 2022||April 2, 2021||April 3, 2020|
|Net income||$||836 ||$||554 ||$||3,887 |
|Other comprehensive income (loss), net of taxes:|
|Foreign currency translation adjustments||(51)||63 ||(11)|
|Unrealized gain (loss) on available-for-sale securities||— ||— ||1 |
|Other comprehensive income (loss) from equity method investee||— ||— ||1 |
|Other comprehensive income (loss), net of taxes||(51)||63 ||(9)|
|Comprehensive income||$||785 ||$||617 ||$||3,878 |
The accompanying Notes to the Consolidated Financial Statements are an integral part of these statements.
CONSOLIDATED STATEMENTS OF STOCKHOLDERS’ EQUITY (DEFICIT)
(In millions, except share amounts)
|Common Stock and Additional Paid-In Capital||Accumulated Other Comprehensive Income (Loss)||Retained Earnings (Accumulated Deficit)||Total Stockholders’ Equity (Deficit)|
|Balance as of March 29, 2019||630 ||$||4,812 ||$||(7)||$||933 ||$||5,738 |
|Net income||— ||— ||— ||3,887 ||3,887 |
|Other comprehensive income (loss), net of taxes||— ||— ||(9)||— ||(|