|Item 1. Business|
|Item 1A. Risk Factors|
|Item 1B. Unresolved Staff Comments|
|Item 2. Properties|
|Item 3. Legal Proceedings|
|Item 4. Mine Safety Disclosure|
|Item 5. Market for Registrant's Common Equity, Related Stockholder Matters and Issuer Purchases of Equity Securities|
|Item 6. Reserved|
|Item 7. Management's Discussion and Analysis of Financial Condition and Results of Operations|
|Item 7A. Quantitative and Qualitative Disclosures About Market Risk|
|Item 8. Financial Statements and Supplementary Data|
|Item 9. Changes in and Disagreements with Accountants on Accounting and Financial Disclosure|
|Item 9A. Controls and Procedures|
|Item 9B. Other Information|
|Item 10. Directors, Executive Officers and Corporate Governance|
|Item 11. Executive Compensation|
|Item 12. Security Ownership of Certain Beneficial Owners and Management and Related Stockholder Matters|
|Item 13. Certain Relationships and Related Transactions, and Director Independence|
|Item 14. Principal Accounting Fees and Services|
|Item 15. Exhibits and Financial Statement Schedules|
|Item 16. Form 10 - K Summary|
|Balance Sheet||Income Statement||Cash Flow|
SECURITIES AND EXCHANGE COMMISSION
WASHINGTON, D.C. 20549
For the fiscal year ended
For the transition period from _____ to _____
Commission File Number:
(Exact Name of Registrant as Specified in Its Charter)
(State or Other Jurisdiction of Incorporation or Organization)
(I.R.S. Employer Identification Number)
(Address of Principal executive offices, including zip code)
(Registrant’s telephone number, including area code)
Securities Registered Pursuant to Section 12(b) of the Act:
Title of each class:
Name of each exchange on which registered:
Securities Registered Pursuant to Section 12(g) of the Act:
Indicate by check mark if the registrant is a well-known seasoned issuer, as defined in Rule 405 of the Securities Act.
Indicate by check mark if the registrant is not required to file reports pursuant to Section 13 or Section 15(d) of the Act. Yes ☐
Indicate by check mark whether the registrant (1) has filed all reports required to be filed by Section 13 or 15(d) of the Securities Exchange Act of 1934 during the preceding 12 months (or for such shorter period that the registrant was required to file such reports), and (2) has been subject to such filing requirements for the past 90 days. Yes ⌧
Indicate by check mark whether the registrant has submitted electronically every Interactive Data File required to be submitted pursuant to Rule 405 of Regulation S-T (§232.405 of this chapter) during the preceding 12 months (or for such shorter period that the registrant was required to submit such files).
Indicate by check mark whether the registrant is a large accelerated filer, an accelerated filer, a non-accelerated filer, a smaller reporting company, or an emerging growth company. See the definitions of “large accelerated filer,” “accelerated filer”, “smaller reporting company” and “emerging growth company” in Rule 12b-2 of the Exchange Act.
Smaller reporting company
Emerging growth company
If an emerging growth company, indicate by check mark if the registrant has elected not to use the extended transition period for complying with any new or revised financial accounting standards provided pursuant to Section 13(a) of the Exchange Act. ☐
Indicate by check mark whether the registrant has filed a report on and attestation to its management’s assessment of the effectiveness of its internal control over financial reporting under Section 404(b) of the Sarbanes-Oxley Act (15 U.S.C. 7262(b)) by the registered public accounting firm that prepared or issued its audit report.
Indicate by check mark whether the registrant is a shell company (as defined in Rule 12b-2 of the Exchange Act). Yes
The aggregate market value of voting stock held by non-affiliates of the Registrant was $
On February 17, 2021, the Registrant had
DOCUMENTS INCORPORATED BY REFERENCE
Portions of the information called for by Part III of this Annual Report on Form 10-K are hereby incorporated by reference from the definitive proxy statement for the Registrant’s annual meeting of stockholders, which will be filed with the Securities and Exchange Commission not later than 120 days after the Registrant’s fiscal year ended December 31, 2020.
PING IDENTITY HOLDING CORP.
For the Fiscal Year Ended December 31, 2020
TABLE OF CONTENTS
In addition to historical consolidated financial information, this Annual Report on Form 10-K contains “forward-looking statements” within the meaning of the Private Securities Litigation Reform Act of 1995 that involve substantial risks and uncertainties. All statements other than statements of historical fact included in this Annual Report on Form 10-K are forward-looking statements. These statements may include words such as “anticipate,” “estimate,” “expect,” “project,” “plan,” “intend,” “believe,” “may,” “will,” “should,” “can have,” “likely” and other words and terms of similar meaning in connection with any discussion of the timing or nature of future operating or financial performance or other events. For example, all statements we make relating to our estimated and projected costs, expenditures, cash flows, growth rates and financial results or our plans and objectives for future operations, growth initiatives, or strategies are forward-looking statements. All forward-looking statements are subject to risks and uncertainties that may cause actual results to differ materially from those that we expected. Specific factors that could cause such a difference include, but are not limited to, those set forth under Item 1A. “Risk Factors” and other important factors disclosed previously in our other filings with the Securities and Exchange Commission (“SEC”) which include, but are not limited to, the risks detailed in “Risk Factors—Risk Factor Summary.”
Given these factors, as well as other variables that may affect our operating results, you should not rely on forward-looking statements, assume that past financial performance will be a reliable indicator of future performance, or use historical trends to anticipate results or trends in future periods. The forward-looking statements included in this Annual Report on Form 10-K relate only to events as of the date hereof. We undertake no obligation to update or revise any forward-looking statement as a result of new information, future events or otherwise, except as otherwise required by law.
Item 1. Business
Our mission is to secure the digital world through Intelligent Identity.
Ping Identity is the Intelligent Identity solution for the enterprise. We enable companies to achieve Zero Trust identity-defined security and more personalized, streamlined user experiences. The Ping Intelligent Identity Platform provides customers, workforce and partners with secure, convenient access to their applications whether they are software-as-a-service (“SaaS”), mobile, in the cloud or on-premise. We leverage artificial intelligence (“AI”) and machine learning (“ML”) to analyze device, network, application and user behavior data to make real-time authentication and security control decisions, enhancing the user experience. Our platform is designed to detect anomalies and automatically insert additional security measures, such as multi-factor authentication, only when necessary. We built our platform to meet the requirements of the most demanding enterprises, including over 60% of the Fortune 100. Our cloud-based platform has differentiated deployment flexibility to support multi-cloud and on-premise infrastructures to meet the diverse and demanding requirements of large enterprise customers. Our platform offers a comprehensive suite of turnkey integrations and is able to scale to millions of identities and thousands of cloud and on-premise applications in a single deployment.
Enterprises are undergoing an acceleration of their digital transformation initiatives as they seek to adapt to work-from-home realities, create new revenue streams, transition to new digital business models and increase customer engagement. Concurrently, enterprises are becoming more distributed as the adoption of cloud, mobile, global and remote workforces and the Internet of Things (“IoT”) move data, applications and access requirements beyond the traditional network perimeter. These enterprises must contend with an evolving cyber-threat landscape, new privacy directives and stringent regulatory requirements. As a result, enterprises require Intelligent Identity solutions that proactively ensure the right user has authorized access to resources at the appropriate time.
The Ping Intelligent Identity Platform can secure all primary identity use cases, including customer, workforce, partner and IoT. For example, enterprises can use our platform to enhance their customers’ user experience by creating a single ID and login across web and mobile properties. For the year ended December 31, 2020, 45% of our subscription revenue was derived from the customer use case. Enterprises can also use our platform to provide their workforce and commercial partners with secure, seamless access from any device to the applications, data and APIs they need to be productive.
The Ping Intelligent Identity Platform is comprised of multiple solutions that can be purchased individually or integrated as a more complete set of solutions for the customer, workforce, partner or IoT use case:
|●||secure single sign-on (“SSO”);|
|●||adaptive multi-factor authentication (“MFA”);|
|●||security control for applications and APIs (“Access Security”);|
|●||personalized and unified profile directories (“Directory”);|
|●||centralized, fine-grained control over access to sensitive identity and device data (“Dynamic Authorization”);|
|●||risk signal capture and analysis to make more intelligent authentication and authorization decisions (“Risk Management”);|
|●||identity verification services to prove an individual’s identity with facial biometrics and government issued IDs; (“Identity Verification”); and|
|●||AI and ML powered API security (“API Intelligence”).|
We have spent over a decade building a comprehensive suite of turnkey integrations designed to ensure that enterprises can use our platform to secure their entire application portfolio no matter where it is deployed, facilitating rapid time-to-value and easier management.
We sell our solutions via a subscription model through a direct sales force, with increasing influence from our channel partners. We also utilize channel partners and system integrators to assist our customers in the implementation process. Our SSO, Access Security and Directory solutions typically replace legacy and homegrown systems. We also have significant greenfield opportunities with our MFA, Dynamic Authorization, Risk Management, Identity Verification and API Intelligence solutions and the IoT use case.
Our land and expand strategy targets enterprises with a specific use case and solution or solution package, and then seeks to grow our footprint with additional use cases, identities, solutions and solution packages. The success of our strategy is validated by our strong dollar-based net retention rates, which were 108% and 115% at December 31, 2020 and 2019, respectively, and our growing number of large customers. At December 31, 2020, we had 51 customers with greater than $1,000,000 in Annual Recurring Revenue (“ARR”), an increase of 34% from 38 customers at December 31, 2019. Additionally, our customers with ARR over $250,000 increased from 232 at December 31, 2019 to 260 at December 31, 2020, representing a year-over-year growth rate of 12%. The increase of 28 net customers with ARR greater than $250,000 for the 2020 fiscal year is comprised of 16 new customers and 12 existing customers that had ARR grow to exceed $250,000 in 2020. Our total customer count increased from 1,361 at December 31, 2019 to 1,411 at December 31, 2020. We have seen strong market demand for our cloud-based offerings and from enterprises deploying our solutions across the customer use case. A number of our customers deploy a combination of our solutions across multiple business units, functions and use cases. For definitions of ARR and dollar-based net retention rate and descriptions of how we calculate these metrics, see “Management’s Discussion and Analysis of Financial Condition and Results of Operations.”
Our customers include many of the world’s largest enterprises, including over 60% of the Fortune 100. These customers are security-focused, and typically operate in regulated industries, have hybrid IT infrastructures, require turnkey integrations and have demanding scalability requirements. Our solutions secure 13 of the 15 largest U.S. banks (measured by assets), 7 of the 9 largest healthcare companies (measured by revenue), 5 of the 7 largest North American retailers (measured by revenue), the 5 largest global aerospace companies (measured by revenue) and the 5 largest European auto manufacturers (measured by revenue). Our customer base is diversified, with no one customer or reseller accounting for more than 3% or 7% of our total revenue, respectively, for the year ended December 31, 2020.
We have consistently been recognized as a leader in the Identity and Access Management (“IAM”) industry by Gartner and other analysts. For example, Gartner’s Magic Quadrant research on access management has named Ping Identity a leader for the last four years. Other analysts that have named Ping Identity a leader in 2020 include KuppingerCole, ISG and SPARK Matrix for reports covering identity solutions for Customers, Workforce, and IoT.
Since our inception, we have been an innovator in identity. We pioneered the concept of Intelligent Identity, which leverages AI and ML to analyze device, network, application and user behavior data to secure access and enhance the user experience. We founded Ping Identity with the vision of enabling enterprise security in a highly-connected world, replacing legacy security controls such as web gateways, virtual private networks (“VPNs”) and firewalls. We contributed to or co-authored many of the open identity standards such as SAML, OAuth, SCIM and OpenID Connect, which form the foundation of our industry.
Our Growth Strategy
The key elements of our growth strategy include:
|●||Accelerated Adoption of our Solutions in the Cloud. Companies are increasingly adopting identity and access management solutions in the cloud to support their hybrid application portfolios. These solutions often utilize our SaaS-based solutions in combination with deployments of our platform in their public or private clouds of choice to address a broad range of hybrid requirements. We have been investing in research and development (“R&D”) to continue to drive adoption of our cloud solutions.|
|●||Increase Sales to Existing Customers. We believe there are significant upsell and cross-sell opportunities within our existing customer base by adding identities and use cases and selling new solutions and solution packages. We have a strong track record of growing sales to our existing customers, as evidenced by our dollar-based net retention rates.|
|●||Innovate and Enhance our Offerings. We intend to continue investing in R&D to enhance our existing solutions, add new solution packages and deployment options and expand use cases, such as IoT. We believe these emerging devices present a significant opportunity for us as the number of IoT identities and human-to-machine and machine-to-machine connections continue to increase. Additionally, we may from time to time assess acquisition opportunities to supplement our organic development of new solutions or capabilities.|
|●||Expand our Customer Base by Investing in Sales and our Partner Network. We continue to make investments in sales and marketing to grow our customer base and drive broader awareness of the Ping Intelligent Identity Platform. We plan to deepen and expand our joint go-to-market efforts with our channel partners, system integrators and technology partners.|
|●||Expand our Customer Base by Targeting New Buyers. We focus our selling efforts on executives such as Chief Information Officers (“CIOs”), Chief Information Security Officers (“CISOs”), Chief Digital Officers (“CDOs”) and Chief Marketing Officers (“CMOs”), who are often making strategic top-down decisions to purchase our platform. We also extend our cloud-based offering to target developers who represent a new addressable customer base for us. The ability for developers to directly integrate identity into their applications accelerates the adoption of identity within the enterprise.|
|●||Continue to Expand our Global Presence. We have a large and growing international presence and intend to grow our customer base in various international regions by making investments in our sales team globally. For the year ended December 31, 2020, our international revenue was 26% of our total revenue. We expect international sales to be a meaningful revenue contributor in future periods.|
The Ping Intelligent Identity Platform
We enable secure access to any service, application or API from any device. The Ping Intelligent Identity Platform can leverage AI and ML to analyze device, network and user behavior data to make real-time authentication and security control decisions, enhancing the user experience. Our platform is designed to detect anomalies and automatically insert additional security measures, such as MFA, only when necessary. The Ping Intelligent Identity Platform provides the following key benefits:
|●||intelligent authentication of users based on contextual signals and risk attributes;|
|●||one platform for all primary use cases;|
|●||flexible SaaS and hybrid deployment options;|
|●||turnkey integrations across cloud and on-premise applications;|
|●||high standards for critical security and resiliency; and|
|●||scalable to billions of identities.|
The Ping Intelligent Identity Platform Supports All Primary Use Cases
|●||Customer. Our platform helps enterprises better engage with their customers by providing a consistent, modern, omni-channel user experience through personalized access to all digital services. This enhanced digital experience improves brand loyalty and drives additional revenue, while also strengthening security.|
|●||Workforce. Our platform allows enterprises to provide their workforce with seamless and secure access to all of their cloud and on-premise applications and APIs to enable better employee productivity.|
|●||Partner. Our platform helps enterprises rapidly connect with partners and manage their access privileges when onboarding and offboarding users.|
|●||IoT. Our platform is used to manage IoT identities, such as connected vehicles and consumer devices, and authenticate machine-to-machine and human-to-machine interactions.|
We have designed our solutions and solution packages for flexible deployment because every enterprise has different customization, control, security and privacy needs. Our deployment options include:
|●||Cloud. Enterprises can consume the Ping Intelligent Identity Platform as SaaS.|
|●||Hybrid. Enterprises have the flexibility to deploy the Ping Intelligent Identity Platform in a hybrid model, which can consist of deployments in Ping Identity’s cloud or the customer’s preferred cloud, combined with software deployed in the customer’s on-premise environment or data center.|
|●||On-Premise. Enterprises seeking the highest degree of control over security and privacy can deploy the Ping Intelligent Identity Platform in the customer’s on-premise environment or data center.|
Our Solutions and Solution Packages
The Ping Intelligent Identity Platform is comprised of multiple solutions (SSO, MFA, Access Security, Directory, Dynamic Authorization, Risk Management, Identity Verification and API Intelligence) that can be purchased individually or as a set of integrated solutions for the customer, workforce, partner or IoT use case. Our modular design allows customers to easily integrate with existing applications and infrastructures and does not require an all-or-nothing rip and replace. All of our solutions use open standards for maximum interoperability and extensibility.
We also provide solution packages that include combinations of our most commonly deployed solutions along with Ping Identity professional services. These solution packages enhance our land strategy by accelerating the deployment of large initial purchases in the customer and workforce use cases. We have designed our solution packages based on market demand and the most popular combination of Ping Identity solution deployments.
Single Sign-On. Our SSO solution allows users to sign on using one set of secure credentials, giving them one-click access to their applications and resources regardless of location. Our SSO solution provides turnkey
integrations for a wide range of applications, cloud services, IT infrastructures and directory solutions, including third party directories, as well as our Directory solution. Within our SSO solution, our adaptive authentication policies enable organizations to predictively authenticate users in real-time based on device, network, application and user behavior data. Our advanced SSO features include:
|●||utilization of open-standards such as SAML, OAuth, OIDC, WS-*, SCIM, FIDO2;|
|●||support for identity, OpenID Connect Token, and service providers;|
|●||advanced protocol translation to maximize interoperability with partners;|
|●||flexible authentication mechanisms (Adapters, Policy Tree and SDK);|
|●||advanced user identity attribute aggregation (LDAP, JDBC and SDK);|
|●||inbound and outbound SaaS user provisioning; and|
|●||advanced enterprise SIEM and audit logging.|
Multi-Factor Authentication. Our adaptive MFA solution helps optimize the balance between security and user experience by enforcing additional authentication factors as necessary when accessing sensitive resources, conducting high-value transactions and engaging in other elevated risk scenarios. Adaptive MFA allows users to conduct low-value transactions from trusted devices without interruption, while prompting MFA during high-value transactions, activity from untrusted devices and networks or in response to anomalous behavior. Our MFA solution works across use cases with personal or corporate-owned mobile devices and integrates with enterprise mobility management and mobile device management solutions. Our advanced MFA features include:
|●||multiple authentication factors: one-time passwords that are sent via SMS, email or voice call; secure key; smartwatch; mobile applications for iOS/Android (including biometrics or swipe); and desktop applications;|
|●||advanced adaptive authentication policies;|
|●||off-line use cases;|
|●||FIDO2 compatible devices;|
|●||mobile SDK to embed MFA functionality directly within an enterprise’s mobile application; and|
|●||support for SSH applications, Windows login/RDP or any RADIUS-compliant VPN server or remote access system.|
Access Security. Our Access Security solution allows enterprises to apply a greater depth of security control over their web applications and APIs in any domain for users on any device. We offer a comprehensive policy engine down to the URL level that is designed to ensure only an authorized user can access resources. Our solution evaluates access decisions in real-time based on network, browser and authentication attributes, while continuously validating the risk profile of the user or device. Our advanced Access Security features include:
|●||security for web and API-based resources, either in gateway or agent mode;|
|●||integrations with any OpenID Connect identity provider;|
|●||Attribute-Based Access Control or Role-Based Access Control;|
|●||advanced HTTP header or JSON Web Token identity mappings;|
|●||open-standards web session management;|
|●||flexible step-up authentication rules;|
|●||site authenticators, load-balancing and failover;|
|●||access rules (i.e., network range, time range), processing rules (i.e., URL rewriting) or custom rules (Groovy or Java SDK); and|
|●||enterprise SIEM and audit logging.|
Directory. Our Directory solution securely stores and manages sensitive identity and device data at scale. It includes real-time, bidirectional synchronization capabilities to migrate or sync data from multiple sources into a secure, scalable and unified profile. This single source of data is designed to provide a consistent experience across digital business interactions, no matter where the applications and services are deployed. Our advanced Directory features include:
|●||scalability to millions of identities;|
|●||millisecond response times;|
|●||advanced data modeling and access features for structured and unstructured data;|
|●||real-time data synchronization for easy migration from legacy LDAP directories;|
|●||developer-friendly REST APIs;|
|●||encryption for maximum security of all data “at rest” (database files, database indexes, log files, backups and exports) and “in transit” (network connections from clients and peer servers);|
|●||encryption keys that can be stored independent of encrypted data using enterprise password vaults and hardware security modules;|
|●||flexible plugin architecture; and|
|●||advanced multi-region and multi-master replication for low latency data access.|
Dynamic Authorization. Our Dynamic Authorization solution provides centralized, fine-grained control over access to sensitive identity and device data across use cases. This gives organizations a centralized, drag-and-drop administration portal to restrict internal and external applications from accessing specific identity attributes such as social security numbers, credit card numbers, billing addresses or the entire user profile. Data access policies can evaluate attributes and preferences of the profile being requested, data from other repositories and information about the application and user making the request. Our Dynamic Authorization solution enables enterprises to comply with a broad range of regulatory requirements, such as the General Data Protection Regulation (the “GDPR”), the California Consumer Privacy Act (the “CCPA”) and others by restricting data that a user has not consented to share and denying access to personal information that applications and users do not need to perform their tasks. Our advanced Dynamic Authorization features include:
|●||policies that can be updated in a centralized, drag-and-drop graphical user interface;|
|●||centrally enforce authorization so application teams do not have to modify their application code; and|
|●||policies that can evaluate numerous data sources including LDAP v3, MDM or other internal systems.|
Risk Management. Our Risk Management solution enables organizations to make smarter authentication decisions by using machine learning and analytics to detect malicious activity. Our solution continuously analyzes multiple risk signals to give organizations in-depth user behavior insights to understand the risk in giving a user access to a resource or application. This provides enterprises with the ability to make real-time authentication decisions in determining if a user can access a resource, require additional assurances through step-up authentication or is denied access. Our Risk Management solution enables organizations to create intelligence-based policies to apply the appropriate strong authentication for resources or provide trusted users with a passwordless experience. Our Risk Management features include:
|●||user and entity behavior analytics (“UEBA”) to detect abnormalities in authentication behavior;|
|●||anonymous network detection to determine if a user is accessing resources from unknown VPNs, TOR and proxies;|
|●||IP reputation to check if an IP address is connected to previous suspicious activity;|
|●||impossible travel to calculate if time between user log-ons from different locations is logistically possible;|
|●||configure risk policies that aggregate multiple risk predictors to calculate a single risk score; and|
|●||risk dashboards to view reports on detected malicious activity in an organization.|
Identity Verification. Our Identity Verification solution enables enterprises to allow their customers to securely and conveniently verify their identity during enrollment and registration. This provides organizations with an increased level of assurance in the identity of their customers during the onboarding process to prevent fraudulent account creation and activity. Our solution can be integrated into an organization’s mobile application to prompt customers to provide a live face capture and to scan a government-issued ID using their mobile device. The customer’s identity is verified using our solution by matching the live face capture to the image on the government ID and validating the identification document for authenticity. Our Identity Verification solution enables enterprises in regulated industries, such as financial services and insurance, to meet Know Your Customer (“KYC”) requirements by providing customers a method to prove their identity. Our advanced Identity Verification features include:
|●||liveness detection to ensure the end-user is a real, live person;|
|●||government ID validation for authenticity;|
|●||support for a variety of identification documents, included passports and driver’s licenses from around the world;|
|●||the capturing and maintaining of customer personally identifiable information (“PII”) only on user’s mobile device in encrypted form; and|
|●||leveraging the customer’s trusted mobile device to bypass scanning ID on future verification requests.|
API Intelligence. Our API Intelligence solution can apply AI and ML to continuously inspect, report and act on all API activity. Our solution is purpose-built to recognize and respond to attacks that are designed to exploit the unique vulnerabilities of individual APIs. These attacks often go undetected by traditional security tools, such as application firewalls and API gateways. Our advanced API Intelligence features include:
|●||API traffic monitoring, visibility and security using AI and ML;|
|●||automated API discovery;|
|●||API deception and honeypot;|
|●||API threat detection and blocking; and|
|●||deployment in-line or to the side of API gateways.|
Our technology has been developed to the highest standards for security, performance, scale and interoperability. Our platform is built on the following core tenets:
|●||Open Standards. We pioneered open identity standards that reduce the cost and complexity of interoperability and integration between IT vendors and partners. We also participated in the creation of many of the Internet Engineering Task Force standards in the identity space and continue to support the evolution and creation of new standards.|
|●||Turnkey Integrations. We provide a broad range of out-of-the-box adapters for “first-mile” and “last-mile” integration to cloud and on-premise applications and other systems. For example, we integrate with major enterprise identity systems, such as Broadcom, IBM, Oracle and Microsoft, as well as environments and application platforms such as Apache, Java, IIS, NGINX and WebSphere. In addition, we provide an extensive set of SaaS and social identity connectors that provide full integration with API functions. For example, our ServiceNow integration leverages over 20 user attributes. We also have out-of-the-box integrations with a variety of cloud-based and on-premise data sources, adaptive authentication providers and security and intelligence service providers.|
|●||Artificial Intelligence and Machine Learning. Our API Intelligence solution utilizes our proprietary AI/ML capabilities to continuously inspect, report and act on all API activity. We are in the process of leveraging and expanding these AI/ML capabilities across our broader platform to deliver Intelligent Identity security based on device, network, application and user behavior data instead of manual rules and policies. Our core identity and access management solutions provide the flexibility to be deployed with AI, ML and risk management capabilities that Ping Identity has developed, as well as to integrate with AI, ML and risk management capabilities licensed from third parties. Our platform’s goal is to deliver password-less, zero-login capabilities to secure access and enhance user experience. See “Risk Factors — Risks Related to our Business — We rely on software and services from other parties. Defects in or the loss of access to software or services from third parties could increase our costs and adversely affect the quality of our solutions.”|
|●||Uptime and Availability. We provide critical uptime and offer advanced redundancy features such as off-line modes to ensure services are available even when internet connectivity is lost. Our multi-tenant cloud-based offering is hosted in multiple regions around the world for redundancy and continuity. Our maintenance windows do not require any downtime, and our platform offered 99.99% uptime across our customer base over the past 12 months.|
|●||Scalability and Performance. Our platform can scale to millions of identities and thousands of cloud and on-premise applications in a single deployment.|
|●||Self-service. Self-service is becoming increasingly important as IT and IAM teams with limited resources seek to provide centralized IAM to the entire enterprise. The ability for developers to directly integrate identity into their applications accelerates the adoption of identity within the enterprise.|
|●||Security by Design. We integrate security into all of our solutions. Our security analysts maintain the security of our solutions by monitoring core services, both corporate and customer-facing, for indications of attack or compromise. We partner with trusted third party security firms to perform full-scope assessments and additional architectural reviews of our solutions. We also engage with third-party audit firms to perform SOC2 Type II audits, and ISO 27001-2013 certification of our security program.|
Sales and Marketing
We sell our solutions primarily through direct sales. We have a stratified direct sales organization that is organized by customer size and the type of solution and deployment. Within our sales organization, our strategic account executives focus on the largest and most complex enterprises primarily in the Fortune 1000, that typically purchase multiple products or deployment options. In the last two years, we have also built a sales team focused more intensely on the Global 3000, with account executives that target less complex enterprise customers that typically purchase a single capability or use case initially and then expand as the complexity of their requirements expand.
Our direct sales are enhanced by collaboration with our channel partners in sourcing new leads, aiding in pre-sale processes such as proof of concepts, demos or requests for proposals and reselling our solutions to customers, as well as collaboration with our system integrators and technology partners. We also leverage a number of our channel partners and system integrators to provide the implementation services for some of our larger and more complex deployments, significantly increasing the time-to-value for our customers and maximizing the efficiency of our go-to-market efforts.
We focus our marketing strategy on building brand recognition through thought leadership and differentiated messaging that communicates the business value of our platform. Our efforts include content marketing, social media, SEO, events and public and analyst relations. We convert this brand awareness into our pipeline through campaigns that integrate digital, social, web and field marketing tactics aimed at adding new customers and cross-marketing our solutions into our existing customer base. We host user conferences, which in 2020 were conducted virtually around the globe, to tap into the power of our passionate customer base and our broader ecosystem. We also founded and host the leading identity industry conference called Identiverse. Identiverse is held annually and attendees include architects, IAM professionals, IT administrators, developers, security professionals and CISOs, as well as technology vendors, system integrators, industry analysts and thought leaders.
At December 31, 2020, we had 1,411 customers. We have a highly satisfied customer base, as evidenced by our Net Promoter Score of 65 in 2020. We define a customer as a separate legal entity with an individual subscription agreement and include in our customer count entities which we have sold directly and entities that have purchased one or more solutions from a reseller. Our customer base is comprised of over 60% of the Fortune 100. As of December 31, 2020, our customer base included 13 of the 15 largest U.S. banks (measured by assets), 7 of the 9 largest healthcare companies (measured by revenue), 5 of the 7 largest North American retailers (measured by revenue), the 5 largest global aerospace companies (measured by revenue) and the 5 largest European auto manufacturers (measured by revenue). Our customer base is diversified, with no one customer or reseller accounting for more than 3% or 7% of our total revenue, respectively, for the year ended December 31, 2020.
Partnerships and Strategic Relationships
The PingPartner Network is comprised of key partnerships across our solution provider and technology alliance programs. This global network delivers expertise, value-added services and technology that are critical to the success of our customers.
Solution Provider Program
We have built strong relationships with channel partners, system integrators and technology partners that have allowed us to generate new business opportunities and enhance existing practices such as strategic planning, program management, architecture, design, implementation, ongoing change management and support.
We have built a broad ecosystem of over 100 technology partners. Our Technology Alliance Partner ecosystem spans the landscape of IAM and related technologies, giving our customers access to comprehensive, cross-application, integrated solutions. Our technology partners expand and extend the value of their solutions, and our solutions, by integrating their technology with the Ping Intelligent Identity Platform. Additionally, our partners provide us with complementary technology and sales and marketing collateral that help us to more effectively sell together.
We partner with Microsoft, and this partnership has led to key product integrations. Through our collaboration, customers can leverage our platform to connect to the Microsoft Azure or Office365 services and enjoy rapid deployments via our integrations. We also enable non-Microsoft applications and environments to be easily integrated into the Microsoft ecosystem. Lastly, our MFA solution works directly with Microsoft ADFS and AzureAD to provide enterprise-grade adaptive authentication to Microsoft’s cloud-based offerings.
We also partner with AWS to provide provisioning and deployment of our solutions to our customers through this collaboration. We offer AWS single sign-on integration for a leading enterprise cloud experience. We also offer a hybrid deployment that can scale across AWS for enterprise applications.
Professional Services and Customer Support
Our professional services organization helps customers architect, deploy, configure, extend and integrate our platform into their IT environments. We offer a variety of packaged and configured offerings and expert guidance that leverage our best practices and experience, all of which are available for our robust partner community to use or resell. We complement our professional services with formal instructor-led and web-based on-demand training courses.
We offer three tiers of support, each building on the previous tier to most closely align with a customer’s requirements. Support is included for our cloud and on-premise offerings during the term of a customer’s subscription. All support tiers offer maintenance releases, patches and access to our support services and portal. Our support portal offers customers documentation, how-to guides, videos and a community where our customers can ask questions and find answers. Our customer support organization includes experienced, trained personnel and engineering resources located around the world to provide 24x7x365 support for critical issues.
Research and Development
Innovation is at the core of what we do. Approximately one-third of our employees are devoted to research and development. Our research and development efforts are focused on building industry leading solutions, addressing all primary use cases, enhancing deployment flexibility and providing seamless integration across cloud and on-premise applications. We believe that the ongoing and timely development of new solutions and features is imperative to maintaining our competitive position. We continue to invest in our solutions across our development centers in Denver, Colorado; Austin, Texas; Tel Aviv, Israel; Vancouver, Canada; and Bangalore, India.
Our success depends in part on our ability to protect our intellectual property. We rely on copyrights and trade secret laws, confidentiality procedures, employment agreements and proprietary information and invention assignment agreements, trademarks and patents to protect our intellectual property rights.
We control access to, and use of, our solutions and other confidential information through the use of internal and external controls, including contractual protections with employees, contractors, customers and partners, and our software is protected by U.S. and international copyright and trade secret laws. Despite our efforts to protect our trade secrets and proprietary rights through intellectual property rights, licenses and confidentiality agreements, unauthorized parties may still copy or otherwise obtain and use our software and technology, and such risks may increase as we attempt to expand into jurisdictions where such rights are less easily enforced, or are more subject to reverse engineering or misappropriation due to local legal requirements.
As of December 31, 2020, we had 34 issued United States patents and 16 patent applications pending in the United States relating to certain aspects of our technology. Our issued United States patents expire between December 14, 2031 and October 12, 2038. We cannot assure you whether any of our patent applications will result in the issuance of a patent or whether the examination process will require us to narrow our claims. Any of our existing patents and any that are issued in the future may be contested, circumvented, found unenforceable or invalidated, and we may not be able to prevent third parties from infringing them. In addition, we have international operations and intend to continue to expand these operations, and effective patent, copyright, trademark and trade secret protection may not be available or may be limited in foreign countries.
We face competition from (1) legacy providers, (2) cloud-only providers and (3) homegrown solutions.
Legacy providers include Broadcom, IBM and Oracle, among others. These providers generally designed their solutions when enterprise applications were monolithic and on-premise. Their solutions utilize proprietary architectures, which require customized features and integrations to scale. Today, these solutions have the reputation of being complex, costly and increasingly fragile. Thus, legacy providers often struggle to offer a single comprehensive solution that spans all IT environments, including cloud and on-premise.
We also compete with cloud-only providers, such as Okta and OneLogin, that primarily focus on the workforce use case. These providers have solutions that are historically geared towards small and medium-sized businesses that have IT infrastructures hosted entirely in the cloud. The vast majority of large enterprises do not have the ability to operate their businesses solely with cloud infrastructures, and thus require enterprise solutions that support complex hybrid IT environments and the wide variety of applications and workloads found in enterprise IT portfolios. Thus, a cloud-only IAM solution cannot deliver a single comprehensive solution that enterprises require to provide end-to-end coverage across their complex IT landscape.
Microsoft also competes in our market and has tied its identity services to both Azure and its Office365 offerings. However, we partner with Microsoft to provide SSO, security control and adaptive MFA where non-Microsoft environments require integration or independence is preferred. Microsoft’s integration and interoperability with our solutions benefits enterprises while providing optionality and choice.
We believe the principal competitive factors in the IAM market include: (1) the ability to address all primary use cases from one platform; (2) the ability to deploy in large, complex hybrid IT environments; (3) the ability to integrate easily with all applications (cloud and on-premise); (4) technology uptime, reliability, scalability and performance; (5) the ability to support open standards; and (6) customer, technology and platform support. We believe we compete favorably on these factors.
Human Capital Resources
As of December 31, 2020, we employed 1,022 employees across six global regions including Australia, Canada, Europe, India, Israel and the U.S.
We recognize that our ability to attract, develop and retain talent is key to our success. We have high employment engagement and consider our relationship with employees very strong, with 93% of employees recommending us as a great place to work. We are proud of the consistent work ethic our employees displayed during 2020; we pivoted quickly and efficiently to a remote working environment because of the flexibility and resiliency of our committed employee base.
At Ping Identity, trust is core to who we are and what we do. We know that how we work together is just as important as what we accomplish. We believe that our customers, partners and employees are on the same team striving for the same goals, and the best teams rely on a foundation of trust. We treat all who enter the Ping Identity ecosystem with respect and honesty, and always keep our commitments.
Our principal executive offices are located at 1001 17th Street, Suite 100, Denver, Colorado 80202. Our telephone number is (303) 468-2900. Our website address is www.pingidentity.com. The information contained on, or that can be accessed through, our website is not incorporated by reference into this annual report, and you should not consider any information contained on, or that can be accessed through, our website as part of this Annual Report on Form 10-K. We are a holding company and all of our business operations are conducted through our subsidiaries. We were incorporated in 2016 as Roaring Fork Holding, Inc. and changed our name to Ping Identity Holding Corp. in connection with our initial public offering (“IPO”).
This Annual Report on Form 10-K includes our trademarks and service marks such as “Ping Identity” and “Identiverse,” which are protected under applicable intellectual property laws and are the property of us or our subsidiaries. This report also contains trademarks, service marks, trade names and copyrights of other companies, such as “Amazon,” “Google” and “Microsoft,” which are the property of their respective owners. Solely for convenience, trademarks and trade names referred to in this report may appear without the ® or ™ symbols, but such references are not intended to indicate, in any way, that we will not assert, to the fullest extent under applicable law, our rights or the rights of the applicable licensor to these trademarks and trade names.
We make available, free of charge through our website, our annual reports on Form 10-K, quarterly reports on Form 10-Q and current reports on Form 8-K, and amendments to those reports, filed or furnished pursuant to Sections 13(a) or Section 15(d) of the Securities Exchange Act of 1934, as amended, as soon as reasonably practicable after they have been electronically filed with, or furnished to, the SEC.
The SEC also maintains a website (www.sec.gov) that contains reports, proxy and information statements, and other information regarding issuers that file electronically with the SEC.
Item 1A. Risk Factors
A description of the risks and uncertainties associated with our business is set forth below. You should carefully consider the risks described below, together with the financial and other information contained in this Annual Report on Form 10-K. If any of the following risks actually occurs, our business, financial condition, results of operations, cash flows and prospects could be materially and adversely affected. As a result, the trading price of our common stock could decline and you could lose all or part of your investment in our common stock.
Risk Factor Summary
There are a number of risks related to our business, our indebtedness, and our common stock. You should carefully consider all the information presented in this section entitled “Risk Factors” in this Annual Report on Form 10-K. Some of the principal risks include the following:
Risks relating to our business include, among others:
|●||our ability to adapt to rapid technological change, evolving industry standards and changing customer needs, requirements or preferences;|
|●||our ability to enhance and deploy our cloud-based offerings while continuing to effectively offer our on-premise offerings;|
|●||our ability to maintain or improve our competitive position;|
|●||the impact of the COVID-19 outbreak;|
|●||the impact on our business of a network or data security incident or unauthorized access to our network or data or our customers’ data;|
|●||the effects on our business if we are unable to acquire new customers, if our customers do not renew their arrangements with us, or if we are unable to expand sales to our existing customers or develop new solutions or solution packages that achieve market acceptance;|
|●||our ability to manage our growth effectively, execute our business plan, maintain high levels of service and customer satisfaction or adequately address competitive challenges;|
|●||our dependence on our senior management team and other key employees;|
|●||our ability to enhance and expand our sales and marketing capabilities;|
|●||our ability to attract and retain highly qualified personnel to execute our growth plan;|
|●||the risks associated with interruptions or performance problems of our technology, infrastructure and service providers;|
|●||our dependence on Amazon Web Services cloud infrastructure services;|
|●||the impact of data privacy concerns, evolving regulations of cloud computing, cross-border data transfer restrictions and other domestic and foreign laws and regulations; and|
|●||the impact of volatility in quarterly operating results.|
Risks relating to our indebtedness include, among others:
|●||how our existing indebtedness could adversely affect our business and growth prospects;|
|●||the fact that we may still be able to incur substantially more indebtedness or make certain restricted payments, which could further exacerbate the risks associated with our substantial indebtedness, despite our current indebtedness levels and restrictive covenants;|
|●||our ability to generate sufficient cash flow to service all of our indebtedness, and that we may be forced to take other actions to satisfy our obligations under such indebtedness, which may not be successful;|
|●||the risks associated with the financing documents governing our 2019 Credit Facilities, as defined in “Risk Factors,” which restrict our current and future operations, particularly our ability to respond to changes or to take certain actions; and|
|●||our ability to refinance our indebtedness.|
Risks relating to our common stock include, among others:
|●||the ownership of a large portion of our common stock by Vista Equity Partners (“Vista”), and Vista’s ability to influence certain of our corporate actions, which may conflict with our or your interests in the future;|
|●||the potential strain on our resources and management that the requirements of being a public company could cause, which could make it difficult to manage our business;|
|●||the risks associated with the provisions of our corporate governance documents that could make an acquisition of us more difficult and may prevent attempts by our shareholders to replace or remove our current management, even if beneficial to our shareholders;|
|●||the risks associated with the designation of the Court of Chancery of the State of Delaware as the exclusive forum for certain litigation that may be initiated by our shareholders in our certificate of incorporation, which could limit our shareholders’ ability to obtain a favorable judicial forum for disputes with us;|
|●||the potential that an active, liquid trading market for our common stock may not be sustained, which may limit your ability to sell your shares; and|
|●||the potential volatility of our operating results and stock price, and the potential that the market price of our common stock may drop below the price you paid.|
Risks Relating to Our Business
If we fail to adapt to rapid technological change, evolving industry standards and changing customer needs, requirements or preferences, our ability to remain competitive could be impaired.
The IAM market is characterized by rapid technological change, evolving industry standards and changing regulations, as well as changing customer needs, requirements and preferences. The success of our business will depend, in part, on our ability to anticipate, adapt and respond effectively to these changes on a timely and cost-effective basis. In addition, as our customers’ technologies and business plans grow more complex, we expect them to face new and increasing challenges. Our customers require that our platform effectively identify and respond to these challenges without disrupting the performance of our customers’ IT systems or interrupting their business operations. As a result, we must continually modify and improve our offerings in response to changes in our customers’ IT infrastructures and operational needs or end-user preferences. The success of any enhancement to our existing offerings or the deployment of new offerings depends on several
factors, including the timely completion and market acceptance of our enhancements or new offerings. Any enhancement to our existing offerings or new offerings that we develop and introduce involves significant commitment of time and resources and is subject to a number of risks and challenges including:
|●||ensuring the timely release of new solutions, solution packages and solution enhancements;|
|●||adapting to emerging and evolving industry standards, technological developments by our competitors and customers and changing regulatory requirements;|
|●||interoperating effectively with existing or newly-introduced technologies, systems or applications of our existing and prospective customers;|
|●||resolving defects, errors or failures in our platform, solutions or solution packages;|
|●||extending the operation of our offerings and services to new and evolving platforms, operating systems and hardware products, such as mobile and IoT devices; and|
|●||managing new solution, solution package and service strategies for the markets in which we operate.|
If we are not successful in managing these risks and challenges, or if our new solutions, solution upgrades and services are not technologically competitive or do not achieve market acceptance, our business, results of operations and financial condition could be adversely affected.
If we are unable to enhance and deploy our cloud-based offerings while continuing to effectively offer our on-premise offerings, our business and operating results could be adversely affected.
Historically, our revenue has been driven predominately by our on-premise offerings. For the year ended December 31, 2020, $144.5 million, or 59%, of our total revenue was from subscription term-based licenses, whereas $79.6 million, or 33%, of our total revenue was from subscription SaaS and support and maintenance. For the year ended December 31, 2019, $161.4 million, or 66%, of our total revenue was from subscription term-based licenses whereas $63.9 million, or 26%, of our total revenue was from subscription SaaS and support and maintenance. For the year ended December 31, 2018, $133.7 million, or 66%, of our total revenue was from subscription term-based licenses whereas $51.3 million, or 25%, of our total revenue was from subscription SaaS and support and maintenance. The remainder of our revenue, or $19.5 million, $17.6 million and $16.6 million for the years ended December 31, 2020, 2019 and 2018, respectively, was attributable to professional services and other. All of our revenue from support and maintenance and a portion of our revenue from professional services is associated with our on-premise offerings. As a result, for the periods presented, the percentage of our total revenue from all revenue sources associated with on-premise offerings was significantly higher than the percentage of our total revenue based solely on subscription term-based licenses and we expect this to remain true for the foreseeable future. We have responded to the increasing market shift toward cloud-based services by developing and introducing additional cloud-based IAM offerings to our customers. While our customers are increasingly adopting our cloud-based offerings, we expect our customers to continue to require substantial on-premise and hybrid offerings. To support hybrid deployment of our offerings, our developers and support team must be trained on and learn multiple environments in which our platform is deployed, which is more expensive than supporting a cloud-only offering. Moreover, we must engineer our software for on-premise, cloud and hybrid deployments, which we expect will cause us additional research and development expense that may impact our operating results. Furthermore, we cannot assure you that the market for cloud-based offerings will develop at a rate or in the manner we expect or that our cloud-based offerings will be competitive with those of more established cloud-based providers or other new market entrants. We are directing a significant portion of our financial and operating resources to implement a robust and secure cloud-based offering for our customers, but even if we continue to make these investments, we may be unsuccessful in growing or implementing our cloud-based offerings in a way that competes successfully against our current and future competitors and in such event our business, results of operations and financial condition could be harmed. In addition, the costs associated with greater adoption of our cloud-
based offerings could harm our margins, making it difficult to continue to justify the continued allocation of resources. Customers may require features and capabilities that our current solutions or solution packages do not have and that we may be unable to develop. If we are unable to develop and deploy cloud-based offerings alongside on-premise offerings that satisfy customer preferences in a timely and cost-effective manner, it may harm our ability to renew subscriptions with existing customers and to create or increase demand for our solutions or solution packages with new customers, and may adversely impact our financial condition and results of operations.
We face intense competition, especially from larger, well-established companies, and we may lack sufficient financial or other resources to maintain or improve our competitive position.
The IAM market is intensely competitive, and we expect competition to increase in the future from established competitors and new market entrants. We face competition from (1) legacy providers, (2) cloud-only providers and (3) homegrown solutions. Legacy providers include Broadcom, IBM and Oracle, among others. We also compete with cloud-only providers, such as Okta and OneLogin that primarily focus on the workforce use case. Microsoft also competes in our market and has tied its identity services to both its Azure and Office365 offerings. With the recent increase in large merger and acquisition transactions in the technology industry, particularly transactions involving cloud-based technologies, there is a greater likelihood that we will compete with other large technology companies in the future. For example, Amazon or Google could acquire or develop an IAM or identity security platform that competes directly with our solutions. These companies have significant name recognition, considerable resources and existing IT infrastructures and powerful economies of scale and scope, which allow them to rapidly develop and deploy new solutions. Many of our existing competitors have, and some of our potential competitors could have, substantial competitive advantages such as greater name recognition and longer operating histories, larger sales and marketing budgets and resources, broader distribution and established relationships with channel partners and customers, greater customer support resources, greater resources to make acquisitions, lower labor and development costs, larger and more mature intellectual property portfolios and substantially greater financial, technical and other resources.
In addition, some of our larger competitors have substantially broader product offerings and leverage their relationships based on other products they offer or incorporate functionality into existing products to gain business in a manner that discourages users from purchasing our solutions or solution packages, including through selling at zero or negative margins, product bundling or closed technology platforms. Potential customers may also prefer to purchase from their existing suppliers rather than a new supplier regardless of product performance or features. Our larger competitors often have broader product lines and market focus and are less susceptible to downturns in a particular market. Our competitors may also seek to repurpose their existing offerings to provide identity solutions with subscription models. Additionally, start-up companies that innovate and large competitors that are making significant investments in research and development may invent similar or superior products and technologies that compete with our solutions or solution packages.
Consolidation in the markets in which we compete may affect our competitive position. This is particularly true in circumstances where customers are seeking to obtain a broader set of solutions and services than we are currently able to provide. In addition, some of our competitors may enter into new alliances with each other or may establish or strengthen cooperative relationships with system integrators, third-party consulting firms or other parties. Any such consolidation, acquisition, alliance or cooperative relationship could lead to pricing pressure and loss of market share and could result in a competitor with greater financial, technical, marketing, service and other resources, all of which could harm our ability to compete. Furthermore, organizations may be more willing to incrementally add solutions to their existing infrastructure from competitors than to replace their existing infrastructure with our solutions or solution packages. These competitive pressures in our market or our failure to compete effectively may result in fewer orders and reduced revenue and gross margins. Any failure to meet and address these factors could adversely affect our business, results of operations and financial condition.
The novel COVID-19 pandemic could materially adversely affect our business, operating results, financial condition and prospects.
The severity, magnitude and duration of the current COVID-19 pandemic is uncertain and rapidly changing. The COVID-19 pandemic has resulted in authorities implementing numerous measures to try to contain the virus, such as travel bans and restrictions, quarantines, shelter in place orders and shutdowns. These measures have impacted and may further impact all or portions of our facilities, workforce and operations, the behavior of our customers and consumers and the operations of our respective vendors and suppliers. Concern over the impact of COVID-19 has delayed the purchasing decisions of prospective Ping Identity customers and caused certain customers to opt for shorter contract durations. While governmental authorities have taken measures to try to contain the COVID-19 pandemic, there is considerable uncertainty regarding such measures and potential future measures. There is no certainty that measures taken by governmental authorities will be sufficient to mitigate the risks posed by the COVID-19 pandemic, and our ability to perform critical functions could be harmed.
While most of our operations can be performed remotely, there is no guarantee that we will be as effective while working remotely because our team is dispersed, many employees may have additional personal needs to attend to (such as looking after children as a result of school closures or family who become sick), and employees may become sick themselves and be unable to work. Decreased effectiveness of our team could adversely affect our results due to our inability to meet in person with potential customers, cancellation and inability to participate in conferences and other industry events that lead to sales generation, longer time periods to review and approve work product and a corresponding reduction in innovation, longer time to respond to platform performance issues, or other decreases in productivity that could seriously harm our business. Significant management time and resources may be diverted from our ordinary business operations in order to develop, implement and manage workplace safety strategies and conditions as we attempt to return to office workplaces. Further, we may decide to postpone or cancel planned investments in our business in response to changes in our business as a result of the spread of COVID-19, or we may have to reduce headcount in certain areas of our business as a result of the economic impact of COVID-19, which may impact our ability to respond to our customers’ needs and fulfill contractual obligations. In addition, as a result of financial or operational difficulties, our suppliers, system integrators and channel partners may experience delays or interruptions in their ability to provide services to us or our customers, if they are able to do so at all, which could interrupt our customers’ access to our services which could adversely affect their perception of our platform’s reliability and result in increased liability exposure. We rely upon third parties for certain critical inputs to our business and solutions, such as data centers and technology infrastructure. Any disruptions to services provided to us by third parties that we rely upon to provide our solutions, including as a result of actions outside of our control, could significantly impact the continued performance of such solutions. This uncertain environment may also lead to increased cyber and fraud risk related to COVID-19, as cybercriminals attempt to profit from the disruption, given the increase in online transaction activity. The dispersed nature of our workforce may also increase our cyber and fraud risk as our information technology and security teams must manage and secure equipment used by our employees remotely, and with our employees working more independently, there are increased opportunities for humor error. We could experience direct financial loss, or be exposed to contractual or reputational liability, if we were affected by cyber security attacks.
The COVID-19 pandemic has also significantly increased economic and demand uncertainty, and has led to disruption and volatility in the global capital markets, which can increase the cost of capital and adversely impact access to capital. The COVID-19 pandemic has caused an economic slowdown, and it is possible that it could cause a global recession. The COVID-19 pandemic has caused a general decrease in consumer spending and decrease in consumer confidence. Our revenue, results of operations and cash flows depend on the overall demand for our solutions and solution packages. Concerns about the systemic impact of a potential widespread recession (in the United States or internationally), geopolitical issues or the availability and cost of credit have led to increased market volatility, decreased consumer confidence and diminished growth expectations in the U.S. economy and abroad, which in turn could result in reductions in IT, IAM and identity security spending by our existing and prospective customers, while also disrupting sales channels, marketing activities and supply chains for an unknown period of time until the outbreak is contained. Some of our customers have experienced and may continue to experience financial hardship that may result in delayed or uncollectible payments. To add to the uncertainty, it is unclear when an economic recovery could start and what
a recovery will look like after this unprecedented shutdown of the economy. All of these factors are expected to have a negative impact on our revenue, cash flows and results of operations.
The severity, magnitude and duration of the current COVID-19 pandemic is uncertain, rapidly changing and hard to predict and depends on events beyond our knowledge or control. These and other impacts of the COVID-19 pandemic could have the effect of heightening many of the other risks described in the “Risk Factors” section, such as those relating to our reputation, product sales, results of operations or financial condition. We might not be able to predict or respond to all impacts on a timely basis to prevent near- or long-term adverse impacts to our results. As a result, we cannot at this time predict the impact of the COVID-19 pandemic, but it could have a material adverse effect on our business, results of operations, financial condition and cash flows.
A network or data security incident may allow unauthorized access to our network or data or our customers’ data, harm our reputation, create additional liability and adversely impact our financial results.
Increasingly, companies are subject to a wide variety of attacks on their networks and systems. In addition to threats from traditional computer hackers, malicious code (such as malware, viruses, worms and ransomware), employee theft or misuse, password spraying, phishing and distributed denial-of-service (“DDOS”) attacks, we now also face threats from sophisticated nation-state and nation-state supported actors who engage in attacks (including advanced persistent threat intrusions) that add to the risks to our internal networks, our platform, our third-party service providers and our customers’ systems and the information that they store and process. Despite significant efforts to create security barriers to safeguard against such threats, it is virtually impossible for us to entirely mitigate these risks. As a well-known provider of IAM solutions, we pose an attractive target for such attacks. The security measures we have integrated into our internal networks and platform, which are designed to detect unauthorized activity and prevent or minimize security breaches, may not function as expected or may not be sufficient to protect our internal networks and platform against certain attacks. In addition, techniques used to sabotage or obtain unauthorized access to networks in which data is stored or through which data is transmitted change frequently and generally are not recognized until launched against a target. As a result, we may be unable to anticipate these techniques or implement adequate preventative measures to prevent an electronic intrusion into our networks.
If a breach of customer data security or unauthorized access to customer systems through our platform were to occur, as a result of third-party action, employee error, malfeasance or otherwise, and the confidentiality, integrity or availability of our customers’ data or systems was disrupted, we could incur significant liability to our customers and to individuals or businesses whose information we process, and our platform may be perceived as less desirable, which could negatively affect our business and damage our reputation. In such event, the potential liability exposure to our customers under our contracts could significantly exceed the revenue associated with those contracts. Our ability to retain existing customers, expand use case and solution or solution package penetration with existing customers and acquire new customers is dependent upon our reputation as a trusted intelligent security provider. The importance of our reputation in retaining existing business and acquiring new business is heightened by our focus on enterprise customers. In addition, we have a number of customers that operate in highly-regulated industries where our customers’ data is particularly sensitive, such as financial services and healthcare. A network or security breach could damage our relationships with customers, result in the loss of customers across one or more use case, solution or solution package and make it more challenging to acquire new customers and such damage would likely be heightened in the event a network or security breach occurred in the highly-regulated industries we serve. Because techniques used to obtain unauthorized access to, or sabotage, systems change frequently and may not be recognized until launched against a target, we and our customers may be unable to anticipate these techniques or implement adequate preventive measures.
In addition, security incidents impacting our platform or the systems of our third-party service providers could result in a risk of loss or unauthorized access to or disclosure of the information we process on behalf of our customers. This, in turn, could require notification under applicable data privacy regulations, and could lead to litigation, governmental audits and investigations and possible liability, damage our relationships with our existing customers, trigger indemnification and other contractual obligations, cause us to incur investigation,
mitigation and remediation expenses, and have a negative impact on our ability to attract and retain new customers. Furthermore, any such incident, including a breach of our customers’ systems, could compromise our networks or networks secured by our solutions, creating system disruptions or slowdowns and exploiting security vulnerabilities of our or our customers’ networks, and the information stored on our or our customers’ systems could be accessed or disclosed without authorization, altered, lost or stolen, which could subject us to liability and cause us financial harm. An actual or perceived breach of our networks, our customers’ networks or other networks secured by our solutions, whether or not due to a vulnerability in our platform, may also undermine confidence in our platform or our industry and result in expenditure of significant resources in efforts to analyze, correct, eliminate or work around errors or defects, delayed or lost revenue, delay in the development or release of new solutions, solution packages or services, an increase in collection cycles for accounts receivable, damage to our brand and reputation, negative publicity, loss of channel partners, customers and sales, increased costs to remedy any problem, increased insurance expense and costly litigation. In addition, if a high-profile security incident occurs with respect to another IAM solution provider, our customers and potential customers may lose trust in the value of the IAM solution business model generally, including the security of our solutions, which could adversely impact our ability to retain existing customers or attract new ones, potentially causing a negative impact on our business. Any of these negative outcomes could adversely impact market acceptance of our solutions or solution packages and could adversely affect our business, results of operations and financial condition.
Third parties may attempt to fraudulently induce employees or customers into disclosing sensitive information such as user names, passwords or other information or otherwise compromise the security of our internal networks, electronic systems and/or physical facilities or those of our third-party service providers, in order to gain access to our data or our customers’ data, which could result in significant legal and financial exposure, a loss of confidence in the security of our platform, interruptions or malfunctions in our operations, and, ultimately, harm to our future business prospects and revenue. We may be required to expend significant capital and financial resources to protect against such threats or to alleviate problems caused by breaches in security.
Our future revenue and operating results will be harmed if we are unable to acquire new customers, if our customers do not renew their arrangements with us, or if we are unable to expand sales to our existing customers or develop new solutions and solution packages that achieve market acceptance.
To continue to grow our business, it is important that we continue to acquire new customers. Our success in adding new customers depends on numerous factors, including our ability to (1) offer a compelling Intelligent Identity Platform and effective solutions and solution packages, (2) execute our sales and marketing strategy, (3) attract, effectively train and retain new sales, marketing, professional services and support personnel in the markets we pursue, (4) develop or expand relationships with channel partners, system integrators and technology partners, (5) expand into new geographies and vertical markets, (6) deploy our platform, solutions and solution packages for new customers and (7) provide quality customer support once deployed.
It is important to our continued growth that our customers renew their arrangements when existing contract terms expire. Our customers have no obligation to renew their subscription agreements, and our customers may decide not to renew these agreements with a similar contract period, at the same prices and terms or with the same or a greater number of identities, or at all. Our customer retention and expansion rates may decline or fluctuate as a result of a number of factors, including our customers’ satisfaction with our solutions or solution packages, our customer support and professional services, our prices and pricing plans, the competitiveness of other IAM solutions and services, reductions in our customers’ spending levels, user adoption of our solutions or solution packages, deployment success, utilization rates by our customers, new releases and changes to our solutions and/or solution packages. Additionally, new consolidations, acquisitions, alliances or cooperative relationships involving one or more of our customers may lead such customers not to renew their existing subscriptions with us.
Our ability to increase revenue also depends in part on our ability to increase the number of identities managed by our platform and sell more use cases, solutions and solution packages to our existing and new customers. Our ability to increase sales to existing customers depends on several factors, including their experience with implementing our solutions and solution packages and using our platform and the existing solutions they have
implemented, their ability to integrate our solutions and solution packages with existing technologies and our pricing model. As we expand our market reach, we may experience difficulties in gaining traction and raising awareness among potential customers regarding the critical role that our solutions play in securing their businesses and we may face more competitive pressure in such markets.
If our new solutions and/or solution packages do not achieve adequate acceptance in the market or if we fail to effectively incorporate features and capabilities that our customers expect, our competitive position could be impaired, and our potential to generate new revenue or to retain existing revenue could be diminished. The adverse effect on our financial results may be particularly acute because of the significant research, development, marketing, sales and other expenses we will have incurred in connection with the new solutions and solution packages and our ability to introduce compelling new solutions and solution packages that address the requirements of our customers in light of the dynamic IAM market in which we operate.
If we are unable to successfully acquire new customers, retain our existing customers, expand sales to existing customers or introduce new solutions and solution packages, our business, financial condition and operating results could be adversely affected.
If we fail to manage our growth effectively, we may be unable to execute our business plan, maintain high levels of service and customer satisfaction or adequately address competitive challenges.
We have experienced, and may continue to experience, rapid growth and organizational change, which has placed, and may continue to place, significant demands on our management and our operational and financial resources. Additionally, our organizational structure may become more complex as we improve our operational, financial and management controls, as well as our reporting systems and procedures. We may require significant capital expenditures and the allocation of valuable management resources to grow and change in these areas. If we fail to effectively manage our anticipated growth and change, the quality of our platform may suffer, which could negatively affect our brand and reputation and harm our ability to retain and attract customers and employees.
We currently have international operations in the United Kingdom, Canada, Australia, France, Germany, India, Israel, the Netherlands and Switzerland, and we may continue to expand our international operations in these jurisdictions and/or other countries in the future. Our expansion has placed, and our expected future growth will continue to place, a significant strain on our managerial, customer operations, research and development, sales and marketing, administrative, financial and other resources. If we are unable to manage our continued growth successfully, our business and results of operations could suffer.
In addition, as we expand our business, it is important that we continue to maintain a high level of customer service and satisfaction. As our customer base continues to grow, we will need to expand our account management, customer service and other personnel, and our network of channel partners and system integrators, to provide personalized account management and customer service. If we are not able to continue to provide high levels of customer service, our reputation, as well as our business, results of operations and financial condition, could be adversely affected.
We depend on our senior management team and other key employees, and the loss of one or more of these employees or an inability to attract and retain other highly skilled employees could harm our business.
Our success depends largely upon the continued services of our senior management team and other key employees. We rely on our leadership team in the areas of research and development, operations, security, marketing, sales, customer support, general and administrative functions and on individual contributors in our research and development and operations functions. From time to time, there may be changes in our executive management team resulting from the hiring or departure of executives, which could disrupt our business. We do not have employment agreements with our executive officers or other key personnel that require them to continue to work for us for any specified period and, therefore, they could terminate their employment with us at any time. The loss of one or more the members of our senior management team, or other key employees
could harm our business. In particular, the loss of services of our founder and Chief Executive Officer, Andre Durand, could significantly delay or prevent the achievement of our strategic objectives. Changes in our executive management team may also cause disruptions in, and harm to, our business.
Failure to effectively develop and expand our sales and marketing capabilities could harm our ability to increase our customer base and achieve broader market acceptance of our solutions and solution packages.
Our ability to increase our customer base and achieve broader market acceptance of our solutions and solution packages will depend on our ability to expand our sales and marketing operations. Our business will be harmed if our business development efforts do not generate a corresponding increase in revenue. We may not achieve anticipated revenue growth from expanding our direct sales force if we are unable to hire and develop talented direct sales personnel, if our new direct sales personnel are unable to achieve desired productivity levels in a reasonable period of time, or if we are unable to retain our existing direct sales personnel. There is significant competition for sales personnel with the advanced sales skills and technical knowledge we need. Selling our solutions and solution packages to sophisticated enterprise customers requires particularly talented sales personnel with the ability to communicate the transformative potential of our platform.
We must attract and retain highly qualified personnel in order to execute our growth plan.
Competition for highly qualified personnel is intense, especially for engineers experienced in designing and developing software and SaaS offerings and experienced sales professionals. In recent years, recruiting, hiring and retaining employees with expertise in our industry has become increasingly difficult as the demand for cybersecurity and identity professionals has increased as a result of the recent cybersecurity attacks on global corporations and governments. We have, from time to time experienced, and we expect to continue to experience, difficulty in hiring and retaining employees with appropriate qualifications. Many of the companies with which we compete for experienced personnel have greater resources than we have. If we hire employees from competitors or other companies, their former employers may attempt to assert that these employees or we have breached certain legal obligations, resulting in a diversion of our time and resources. If we fail to attract new personnel or fail to retain and motivate our current personnel, our business and future growth prospects could be harmed.
If there are interruptions or performance problems associated with our technology or infrastructure, our existing customers may experience service outages, and our new customers may experience delays in the deployment of our platform.
Our continued growth depends on the ability of our existing and potential customers to access our platform 24 hours a day, seven days a week, without interruption or degradation of performance. We have in the past and may in the future experience disruptions, outages and other performance problems with our infrastructure due to a variety of factors, including infrastructure changes, introductions of new functionality, human or software errors, capacity constraints, DDOS attacks or other security-related incidents. In some instances, we may not be able to identify the cause or causes of these performance problems immediately or in short order. We may not be able to maintain the level of service uptime and performance required by our customers, especially during peak usage times and as our solutions and solution packages become more complex and our user traffic increases. If our platform is unavailable or if our customers are unable to access our solutions or deploy them within a reasonable amount of time, or at all, our business would be harmed. The adverse effects of any service interruptions on our reputation and financial condition may be disproportionately heightened due to the nature of our business and the fact that our customers expect continuous and uninterrupted access to our solutions and have a low tolerance for interruptions of any duration. Since our customers rely on our solutions to provide and secure access to their IT infrastructures and to support customer-facing applications, any outage on our platform would impair the ability of our customers to operate their businesses, which would negatively impact our brand, reputation and customer satisfaction.
Moreover, we depend on services from various third parties to maintain our cloud infrastructure and deploy our solutions, such as Amazon Web Services (“AWS”) cloud infrastructure services, which hosts our platform. If a
service provider fails to provide sufficient capacity to support our platform or otherwise experiences service outages, such failure could interrupt our customers’ access to our services, which could adversely affect their perception of our platform’s reliability and our revenue. Any disruptions in these services, including as a result of actions outside of our control, would significantly impact the continued performance of our solutions. In the future, these services may not be available to us on commercially reasonable terms, or at all. Any loss of the right to use any of these services could result in decreased functionality of our solutions until equivalent technology is either developed by us or, if available from another provider, is identified, obtained and integrated into our infrastructure. If we do not accurately predict our infrastructure capacity requirements, our customers could experience service shortfalls. We may also be unable to effectively address capacity constraints, upgrade our systems as needed and continually develop our technology and network architecture to accommodate actual and anticipated changes in technology.
Our platform is accessed by a large number of customers, often at the same time. As we continue to expand the number of our customers and solutions and solution packages available to our customers, we may not be able to scale our technology to accommodate the increased capacity requirements, which may result in interruptions or delays in service. In addition, the failure of third-party cloud infrastructure providers, third-party internet service providers or other third-party service providers whose services are integrated with our platform to meet our capacity requirements could result in interruptions or delays in access to our platform or impede our ability to scale our operations. In the event that our service agreements are terminated with our cloud infrastructure providers, or there is a lapse of service, interruption of internet service provider connectivity or damage to such providers’ facilities, we could experience interruptions in access to our platform as well as delays and additional expense in arranging new facilities and services.
Any of the above circumstances or events may harm our reputation, cause customers to terminate their agreements with us, impair our ability to obtain subscription renewals from existing customers, impair our ability to grow our customer base, result in the expenditure of significant financial, technical and engineering resources, subject us to financial penalties and liabilities under our service level agreements, and otherwise could adversely affect our business, results of operations and financial condition.
The delivery of our platform depends on AWS cloud infrastructure services.
Our SaaS offerings are hosted solely in AWS and our other offerings utilize the cloud infrastructure offered by AWS. Our operations depend on maintaining the configuration, architecture and interconnection specifications required by AWS. Although we have disaster recovery plans that utilize multiple AWS infrastructure locations, any incident affecting this infrastructure that may be caused by fire, flood, severe storm, earthquake, power loss, telecommunications failures, unauthorized intrusion, computer viruses and disabling devices, natural disasters, war, criminal act, military actions, terrorist attacks and other similar events beyond our control could negatively affect our platform. A prolonged AWS service disruption affecting our platform for any of the foregoing reasons could damage our reputation with current and potential customers, expose us to liability, cause us to lose customers or otherwise harm our business. In addition, since all of our cloud-based offerings utilize AWS cloud infrastructure services, in the event of a prolonged AWS services disruption we may not be able to find an alternative provider on commercially reasonable terms or in a timely manner, if at all. We may also incur significant costs for using alternative equipment or taking other actions in preparation for, or in reaction to, events that damage the AWS services we use.
AWS enables us to order and reserve server capacity in varying amounts and sizes distributed across multiple regions. AWS provides us with computing and storage capacity pursuant to an agreement that continues until terminated by either party. AWS may terminate the agreement by providing 30 days prior written notice and may, in some cases, terminate the agreement immediately for cause upon notice. If AWS terminates its agreement with us, we may be unable to deploy certain of our solutions and our business, results of operations and financial condition may be adversely affected.
In addition, since all of our cloud-based offerings utilize AWS cloud infrastructure resources, our customers’ satisfaction with our cloud-based offerings is dependent in part upon their perceptions and satisfaction with AWS cloud infrastructure services. Dissatisfaction with AWS cloud infrastructure services could damage our
relationships with customers and/or result in the loss of customers across one or more use case, solution or solution package.
Data privacy concerns, evolving regulations of cloud computing, cross-border data transfer restrictions and other domestic and foreign laws and regulations may limit the use and adoption of, or require modification of, our solutions, solution packages and services, which could adversely affect our business.
Laws and regulations related to the provision of services on the Internet are increasing, as federal, state and foreign governments continue to adopt new laws and regulations addressing data privacy and the collection, processing, storage and use of personal information. Internationally, many of the jurisdictions in which we operate have established their own data security and privacy legal frameworks with which we, or our customers, must comply. We have implemented various features and processes intended to enable our customers to better comply with applicable privacy and security requirements, but these features and processes do not guarantee compliance and may not guard against all potential privacy concerns.
For example, the European Union (the “EU”) adopted the GDPR, which became effective and enforceable across all then-current member states of the EU on May 25, 2018. Following the United Kingdom (the “U.K.”) withdrawal from the EU on January 31, 2020, pursuant to the transitional arrangements agreed between the U.K. and EU, the GDPR continued to have effect in U.K. law, until December 31, 2020, in the same fashion as was the case prior to that withdrawal as if the U.K. remained a member state of the EU for such purposes. While the GDPR is no longer the law of the U.K. following December 31, 2020, its content falls into the retained law created by the European Union (Withdrawal) Act 2018 and U.K. data protection law is expected to remain similar to the GDPR. On December 24, 2020, the EU and the U.K. reached a Trade and Cooperation Agreement, provisionally applicable since January 1, 2021, which permits continuity in data flows in the same manner as prior to the withdrawal of the U.K. until such time as official adequacy determinations can be made by the EU and the U.K., and there is no guarantee that an adequacy determination will be reached. The GDPR applies to any company established in the EU as well as to those outside the EU if they process personal data in relation to the offering of goods or services to individuals in the EU and/or the monitoring of their behavior. The GDPR enhances data protection obligations for both processors and controllers of personal data, including by extending the rights available to affected data subjects, materially expanding the definition of what is expressly noted to constitute personal data, requiring additional disclosures about how personal data is to be used, and imposing limitations on retention of personal data, creating mandatory data breach notification requirements in certain circumstances, and establishing onerous new obligations on services providers who process personal data simply on behalf of others. Under the GDPR, fines of up to €20 million or up to 4% of an undertaking’s total worldwide annual turnover of the preceding financial year, whichever is higher, may be imposed. In addition to administrative fines, a wide variety of other potential enforcement powers are available to competent authorities in respect of potential and suspected violations of the GDPR, including extensive audit and inspection rights, and powers to order temporary or permanent bans on all or some processing of personal data carried out by noncompliant actors. Given the breadth and depth of changes in data protection obligations, complying with its requirements has caused us to expend significant resources and such expenditures are likely to continue into the near future as we respond to new interpretations, additional guidance and potential enforcement actions and patterns, and as we continue to negotiate data processing agreements with our customers and business partners. While we have taken steps to comply with the GDPR, and implementing legislation in applicable member states, including by seeking to establish appropriate lawful bases for the various processing activities we carry out as a controller, reviewing our security procedures, and entering into data processing agreements with relevant customers and business partners, we cannot assure you that our efforts to achieve and remain in compliance have been, and/or will continue to be, fully successful. We submitted a report to the Information Commissioner’s Office located in the U.K. within the month preceding the filing of this Form 10-K due to the mishandling of personal data by us of certain of our current and former UK employees. While we do not believe there will be any material impact from this incident, we cannot assure you that similar incidents with potentially greater impact will not occur in the future.
In the United States, California enacted the CCPA on June 28, 2018, which took effect on January 1, 2020. The CCPA gives California residents expanded rights to access and delete their personal information, opt out
of certain personal information sharing and receive detailed information about how their personal information is used. The CCPA provides for civil penalties for violations, as well as a private right of action for data breaches that is expected to increase data breach litigation. The CCPA may increase our compliance costs and potential liability. Some observers have noted that the CCPA could mark the beginning of a trend toward more stringent privacy legislation in the U.S., which could increase our potential liability and adversely affect our business.
Privacy and data protections laws and regulations are subject to new and differing interpretations and there may be significant inconsistency in laws and regulations among the jurisdictions in which we operate or provide our SaaS offerings. Legal and other regulatory requirements could restrict our ability to store and process data as part of our SaaS offerings, or, in some cases, impact our ability to provide our SaaS offerings in certain jurisdictions. Our inability to provide our offerings in certain jurisdictions, particularly China and Russia, as a result of their local data privacy frameworks may result in the loss of business opportunities from customers operating in, or seeking to expand into, those jurisdictions. In addition, we may seek to engage third party support providers in certain jurisdictions in order to comply with our customers’ data privacy concerns and such engagements may be costly.
Privacy and data protection laws and regulations may also impact our customers’ ability to deploy certain of our solutions and solution packages globally, to the extent they utilize our solutions and solution packages for storing personal information that they process. Additionally, if third parties that we work with violate applicable laws or our policies, such violations may also put our customers’ information at risk and could in turn have an adverse effect on our business. The costs of compliance with, and other burdens imposed by, data privacy laws, regulations and standards may require resources to create new solutions or solution packages or modify existing solutions or solution packages, could lead to us being subject to significant fines, penalties or liabilities for noncompliance, could lead to complex and protracted contract negotiations with respect to privacy and data protection terms, and may slow the pace at which we close sales transactions, any of which could harm our business.
The data protection landscape is rapidly evolving, and we expect that there will continue to be new proposed laws, regulations and industry standards concerning privacy, data protection and information security. We cannot yet determine the impact that such future laws, regulations and standards may have on our business. Such laws and regulations are often subject to differing interpretations and may be inconsistent among jurisdictions. Any failure or perceived failure by us to comply with federal, state or foreign laws or regulations, industry standards, contractual obligations or other legal obligations, with respect to any security incident, whether or not resulting in unauthorized access to, or acquisition, release or transfer of personal data or other data, may result in governmental enforcement actions and prosecutions, private litigation, fines and penalties, friction in our customer relationships or adverse publicity, and could cause our customers to lose trust in us, which could have an adverse effect on our reputation and business.
Around the world, there are numerous lawsuits in process against various technology companies that process personal data. If those lawsuits are successful, it could increase the likelihood that we may be exposed to liability for our own policies and practices concerning the processing of personal data and could hurt our business. Furthermore, the costs of compliance with, and other burdens imposed by, laws, regulations and policies concerning privacy and data security that are applicable to the businesses of our customers may limit the use and adoption of our platform and reduce overall demand for it.
In addition, if our platform is perceived to cause, or is otherwise unfavorably associated with, violations of privacy or data security requirements, it may subject us or our customers to public criticism and potential legal liability. Existing and potential laws and regulations concerning privacy and data security and increasing sensitivity of consumers to unauthorized processing of personal data may create negative public reactions to technologies, solutions, solution packages and services such as ours. Public concerns regarding personal data processing, privacy and security may cause some of our customers’ end users to be less likely to visit their websites or otherwise interact with them. If enough end users choose not to visit our customers’ websites or otherwise interact with them, our customers could stop using our platform. This, in turn, may reduce the value of our service and slow or eliminate the growth of our business.
Our continued development of AI and ML is dependent, in part, on our customers’ willingness to allow us to use their data to develop the necessary algorithms. Concerns about data privacy may discourage customers from allowing us to use their data in this manner, which may limit our ability to continue to leverage AI and ML in the Ping Intelligent Identity Platform.
Our quarterly operating results and other metrics are likely to vary significantly and be unpredictable, which could cause the trading price of our stock to decline.
Our operating results and other metrics have historically varied from period to period, and we expect that they will continue to do so as a result of a number of factors, many of which are outside of our control and may be difficult to predict, including:
|●||the level of demand for our solutions and solution packages, including our newly-introduced solutions and offering of solution packages, and the level of perceived urgency regarding security threats and compliance requirements;|
|●||the timing and use of new subscriptions and renewals of existing subscriptions;|
|●||the mix of cloud and on-premise offerings sold and the associated contract term;|
|●||the extent to which customers subscribe for additional solutions or solution packages, or increase the number of identities or use cases;|
|●||significant security breaches of, technical difficulties with, or interruptions to, the delivery and use of our offerings;|
|●||customer budgeting cycles and seasonal buying patterns where our customers often time their purchases and renewals of our solutions or solution packages to coincide with their fiscal year end, which is typically June 30 or December 31;|
|●||any changes in the competitive landscape of our industry, including consolidation among our competitors, customers, partners or resellers;|
|●||timing of costs and expenses during a quarter;|
|●||deferral of orders in anticipation of new solutions, solution packages or enhancements announced by us or our competitors;|
|●||changes in renewal rates and terms in any quarter;|
|●||costs related to the acquisition of businesses, talent, technologies or intellectual property by us, including potentially significant amortization costs and possible write-downs;|
|●||litigation-related costs, settlements or adverse litigation judgments;|
|●||any disruption in our sales channels or termination of our relationship with channel and other strategic partners;|
|●||general economic conditions, both domestically and in our foreign markets, and related changes to currency exchange rates;|
|●||insolvency or credit difficulties confronting our customers, affecting their ability to purchase or pay for our solutions and solution packages; and|
|●||future accounting pronouncements or changes in our accounting policies.|
Any one of the factors above or the cumulative effect of some of the factors referred to above may result in significant fluctuations in our financial and other operating results, including fluctuations in our key metrics. This variability and unpredictability could result in our failing to meet the expectations of securities analysts or investors for any period. If we fail to meet or exceed such expectations for these or any other reasons, the market price of our shares could fall substantially and we could face costly lawsuits, including securities class action suits. In addition, a significant percentage of our operating expenses are fixed in nature and based on forecasted revenue and cash flow trends. Accordingly, in the event of revenue shortfalls, we are generally unable to mitigate the negative impact on margins or other operating results in the short term.
We may fail to meet or exceed the expectations of securities analysts and investors, and the market price for our common stock could decline. If one or more of the securities analysts who cover us change their recommendation regarding our stock adversely, the market price for our common stock could decline. Additionally, our stock price may be based on expectations, estimates or forecasts of our future performance that may be unrealistic or may not be achieved. Further, our stock price may be affected by financial media, including press reports and blogs.
Our revenue recognition policy and other factors may distort our financial results in any given period and make them difficult to predict.
Under accounting standards update No. 2014-09 (Topic 606), Revenue from Contracts with Customers (“ASC 606”), we recognize revenue when our customer obtains control of goods or services in an amount that reflects the consideration that we expect to receive in exchange for those goods or services. Our subscription revenue includes subscription term-based license revenue, which is recognized when we transfer control of the term-based license to the customer, and subscription SaaS and support and maintenance revenue, which is recognized ratably over the contract period. Because subscription term-based license revenue is recognized upfront, a single, large license in a given period may distort our operating results for that period. In contrast, the impact of agreements that are recognized ratably may take years to be fully reflected in our financial statements. Consequently, a significant increase or decline in our subscription SaaS and support and maintenance contracts in any one quarter will not be fully reflected in the results for that quarter, but will affect our revenue in future quarters. This also makes it challenging to forecast our revenue for future periods, as both the mix of solutions, solution packages and services we will sell in a given period, as well as the size of contracts, is difficult to predict.
Furthermore, the presentation of our financial results requires us to make estimates and assumptions that may affect revenue recognition. In some instances, we could reasonably use different estimates and assumptions, and changes in estimates are likely to occur from period to period. See “Item 8. Financial Statements — Note 2. Summary of Significant Accounting Policies.”
Given the foregoing factors, our actual results could differ significantly from our estimates, comparing our revenue and operating results on a period-to-period basis may not be meaningful, and our past results may not be indicative of our future performance.
If we fail to enhance our brand cost-effectively, our ability to expand our customer base will be impaired and our business, results of operations and financial condition may be adversely affected.
We believe that developing and maintaining awareness of our brand in a cost-effective manner is critical to achieving widespread acceptance of our existing and future solutions and solution packages and is an important element in attracting new customers. We believe that the importance of brand recognition will increase as competition in our market increases. Successful promotion of our brand will depend largely on the effectiveness of our marketing efforts and on our ability to develop and deploy high-quality, reliable and differentiated
solutions and solution packages to customers. In the past, our efforts to build our brand have involved significant expense. Brand promotion activities may not yield increased revenue, and even if they do, any increased revenue may not offset the expense we incur in building our brand. If we fail to successfully promote and maintain our brand, or incur substantial expense in an unsuccessful attempt to promote and maintain our brand, we may fail to attract new customers or retain our existing customers to the extent necessary to realize a sufficient return on our brand-building efforts, and our business, results of operations and financial condition could be adversely affected.
We are subject to anti-corruption, anti-bribery and similar laws, and non-compliance with such laws can subject us to criminal penalties or significant fines and harm our business and reputation.
We are subject to anti-corruption and anti-bribery and similar laws, such as the U.S. Foreign Corrupt Practices Act of 1977, as amended (the “FCPA”), the U.S. domestic bribery statute contained in 18 U.S.C. § 201, the U.S. Travel Act, the USA PATRIOT Act, the U.K. Bribery Act 2010 and other anti-corruption, anti-bribery and anti-money laundering laws in countries in which we conduct activities. Anti-corruption and anti-bribery laws have been enforced aggressively in recent years and are interpreted broadly and prohibit companies and their employees and agents from promising, authorizing, making, offering, soliciting, or accepting, directly or indirectly, improper payments or other improper benefits to or from any person whether in the public or private sector. As we increase our international sales and business, our risks under these laws may increase. Noncompliance with these laws could subject us to investigations, sanctions, settlements, prosecution, other enforcement actions, disgorgement of profits, significant fines, damages, other civil and criminal penalties or injunctions, adverse media coverage and other consequences. Any investigations, actions or sanctions could adversely affect our business, results of operations and financial condition.
We are subject to governmental export and import controls and economic sanctions laws that could impair our ability to compete in international markets and subject us to liability if we are not in full compliance with applicable laws.
Our business activities are subject to various restrictions under U.S. export and import controls and trade and economic sanctions laws, including the U.S. Commerce Department’s Export Administration Regulations, U.S. Customs regulations and various economic and trade sanctions regulations maintained by the U.S. Treasury Department’s Office of Foreign Assets Control. U.S. export control laws and U.S. economic sanctions laws include prohibitions on the sale or supply of certain products and services to U.S. embargoed or sanctioned countries, governments, persons and entities. Changes in our solutions, solution packages or services or changes in applicable export or import regulations may create delays in the introduction and sale of our solutions and solution packages in international markets, prevent our customers with international operations from deploying our solutions or solution packages or, in some cases, prevent the export or import of our solutions or solution packages to certain countries, governments, or persons altogether. Any decreased use of our solutions and solution packages or limitation on our ability to export or sell our solutions and solution packages would likely adversely affect our business.
Furthermore, we incorporate encryption technology into certain of our solutions. U.S. export control laws require authorization for the export of encryption items. In addition, various countries regulate the import of certain encryption technology, including through import permitting and licensing requirements, and have enacted laws that could limit our ability to deploy our solutions, solution packages and services or could limit our customers’ ability to implement our offerings and services in those countries. Obtaining the necessary authorizations, including any required license, for a particular transaction may be time-consuming, is not guaranteed, and may result in the delay or loss of sales opportunities.
Although we take precautions to prevent our solutions and solution packages from being provided in violation of U.S. export control and economic sanctions laws, our solutions and solution packages may have been in the past, and could in the future be, provided inadvertently in violation of such laws. If we fail to comply with U.S. export control and economic sanctions laws and regulations, we and certain of our employees could be subject to civil or criminal penalties, including the possible loss of export privileges and monetary penalties. In
addition, violations of such laws could result in negative consequences to us, including government investigations, penalties and harm to our reputation.
We function as a HIPAA “business associate” for certain of our customers and, as such, are subject to strict privacy and data security requirements. If we fail to comply with any of these requirements, we could be subject to significant liability, all of which can adversely affect our business as well as our ability to attract and retain new customers.
The Health Insurance Portability and Accountability Act of 1996, as amended by the Health Information Technology for Economic and Clinical Health Act (“HITECH”) and their respective implementing regulations, (“HIPAA”), imposes specified requirements relating to the privacy, security and transmission of individually identifiable health information. Among other things, HITECH makes HIPAA’s security standards directly applicable to “business associates.” We function as a business associate for certain of our customers that are HIPAA covered entities and service providers, and in that context we are regulated as a business associate for the purposes of HIPAA. If we are unable to comply with our obligations as a HIPAA business associate, we could face substantial civil and even criminal liability. HITECH imposes four tiers of civil monetary penalties and gives state attorneys general authority to file civil actions for damages or injunctions in federal courts to enforce the federal HIPAA laws and seek attorneys’ fees and costs associated with pursuing federal civil actions. In addition, many state laws govern the privacy and security of health information in certain circumstances, many of which differ from HIPAA and each other in significant ways and may not have the same effect.
As a business associate, we are required by HIPAA to maintain HIPAA-compliant business associate agreements with our customers that are HIPAA covered entities and service providers, as well as our subcontractors that access, maintain, create or transmit individually identifiable health information on our behalf for the rendering of services to our HIPAA covered entity and service provider customers. These agreements impose stringent data security and other obligations on us. If we or our subcontractors are unable to meet the requirements of any of these business associate agreements, we could face contractual liability under the applicable business associate agreement as well as possible civil and criminal liability under HIPAA, all of which can have an adverse impact on our business and generate negative publicity, which, in turn, can have an adverse impact on our ability to attract and retain customers.
We may be the subject of various legal proceedings which could have a material adverse effect on our business, financial condition or results of operations.
In the ordinary course of business, we may be involved in various litigation matters, including but not limited to commercial disputes, employee claims and class actions, and from time to time may be involved in governmental or regulatory investigations or similar matters arising out of our current or future business. Any claims asserted against us, regardless of merit or eventual outcome, could harm our reputation and have an adverse impact on our relationship with our customers and other third parties and could lead to additional related claims. Certain claims may seek injunctive relief, which could disrupt the ordinary conduct of our business and operations or increase our cost of doing business. Our insurance or indemnities may not cover all claims that may be asserted against us, and any claims asserted against us, regardless of merit or eventual outcome, may harm our reputation and cause us to expend resources in our defense. Furthermore, there is no guarantee that we will be successful in defending ourselves in future litigation or similar matters under various laws. Should the ultimate judgments or settlements in any future litigation or investigation significantly exceed our insurance coverage, they could adversely affect our business, results of operations and financial condition.
Our sales cycle is frequently long and unpredictable, and our sales efforts require considerable time and expense.
Since we primarily focus on selling our solutions and solution packages to enterprises, the timing of our sales can be difficult to predict. We and our channel partners are often required to spend significant time and resources to better educate and familiarize potential customers with the value proposition of our platform, solutions and solution packages. Customers often view the purchase of our solutions and solution packages as a strategic decision and significant investment and, as a result, frequently require considerable time to
evaluate, test and qualify our platform, solutions and solution packages prior to purchasing our solutions and/or solution packages. In particular, for customers in highly-regulated industries, the selection of a security solution provider is a critical business decision due to the sensitive nature of these customers’ data, which results in particularly extensive evaluation prior to the selection of information security vendors. During the sales cycle, we expend significant time and money on sales and marketing and contract negotiation activities, which may not result in a sale. Additional factors that may influence the length and variability of our sales cycle include:
|●||the discretionary nature of purchasing and budget cycles and decisions;|
|●||lengthy purchasing approval processes;|
|●||the industries in which our customers operate;|
|●||the evaluation of competing solutions and solution packages during the purchasing process;|
|●||time, complexity and expense involved in replacing existing solutions;|
|●||announcements or planned introductions of new solutions and solution packages, features or functionality by our competitors or of new solutions, solution packages or offerings by us; and|
|●||evolving functionality demands.|
If our efforts in pursuing sales and customers are unsuccessful, or if our sales cycles lengthen, our revenue could be lower than expected, which would adversely affect our business, results of operations or financial condition.
Our growth strategy includes the acquisition of other businesses or technologies, and we may not be able to identify suitable acquisition targets or otherwise successfully implement our growth strategy.
In order to expand our business, we have made several acquisitions of businesses, products and technologies and expect to continue making similar acquisitions and possibly larger acquisitions as part of our growth strategy. The success of our future growth strategy will depend in part on our ability to identify, negotiate, complete and integrate the acquisition of businesses or technologies and, if necessary, to obtain satisfactory debt or equity financing to fund those acquisitions. We expect to continue evaluating potential strategic acquisitions of businesses, assets and technologies. However, we may not be able to identify suitable candidates, negotiate appropriate or favorable acquisition terms, obtain financing that may be needed to consummate such transactions or complete proposed acquisitions. Further, there is significant competition for acquisition and expansion opportunities in the IAM industry.
Acquisitions are inherently risky, and any acquisitions we complete may not be successful. Our past acquisitions and any acquisitions that we may undertake in the future involve numerous risks, including, but not limited to, the following:
|●||difficulties in integrating and managing the operations, personnel, procedures, IT systems, technologies and the systems and solutions of the companies we acquire;|
|●||diversion of our management’s attention from normal daily operations of our business;|
|●||potential loss of key employees, management and engineers of the companies we acquire;|
|●||our inability to maintain the key business relationships and the reputations of the businesses we acquire;|
|●||the price we pay for any business, asset or technology acquired may overstate the value of that business, asset or technology or otherwise be too high;|
|●||uncertainty of entry into markets in which we have limited or no prior experience and in which competitors have stronger market positions;|
|●||our dependence on unfamiliar affiliates, resellers and partners of the companies we acquire;|
|●||our inability to increase sales from an acquisition for a number of reasons, including our failure to drive demand in our existing customer base for acquired businesses, assets or technologies;|
|●||increased costs related to acquired operations and continuing support and development of acquired systems;|
|●||our responsibility for the liabilities of the businesses we acquire and the potential failure to properly identify an acquisition target’s liabilities, potential liabilities or risks;|
|●||potential goodwill and intangible asset impairment charges and amortization associated with acquired businesses;|
|●||failure to achieve acquisition synergies or to properly evaluate a target company’s capabilities;|
|●||adverse tax consequences associated with acquisitions;|
|●||changes in how we are required to account for our acquisitions under GAAP, including arrangements that we assume from an acquisition;|
|●||potential negative perceptions of our acquisitions by customers, financial markets or investors;|
|●||failure to obtain any applicable required approvals from governmental authorities under competition and antitrust laws on a timely basis, if at all, which could, among other things, delay or prevent us from completing a transaction, or otherwise restrict our ability to realize the expected financial or strategic goals of an acquisition;|
|●||potential increases in our interest expense, leverage and debt service requirements if we incur additional debt to pay for an acquisition, or dilution to our shareholders if we issue shares as consideration for an acquisition; and|
|●||our inability to apply and maintain our internal standards, controls, procedures and policies to acquired businesses.|
We regularly evaluate potential acquisition candidates and engage in discussions and negotiations regarding potential acquisitions; however, even if we execute a definitive agreement for an acquisition, there can be no assurance that we will consummate the transaction within the anticipated closing timeframe, or at all. Further, acquisitions typically involve the payment of a premium over book- and market-values and, therefore, some dilution of our tangible book value and earnings per common share may occur in connection with any future transaction.
Inherent in any future acquisition is the risk of transitioning company cultures and facilities. The failure to efficiently and effectively achieve such transitions could increase our costs and decrease our profitability. Although we expect that the realization of efficiencies related to the integration of any acquired businesses will offset incremental transaction and acquisition-related costs over time, anticipated financial benefits may not be achieved in the near term, or at all.
Additionally, acquisitions or asset purchases made entirely or partially for cash may reduce our cash reserves or require us to incur additional debt under our credit agreements or otherwise. We may seek to obtain additional cash to fund an acquisition by selling equity or debt securities. We may be unable to secure the equity or debt funding necessary to finance future acquisitions on terms that are acceptable to us. If we finance acquisitions by issuing equity or convertible debt securities, our existing shareholders will experience ownership dilution.
The occurrence of any of these risks could have a material adverse effect on our business, results of operations or financial condition.
We may need to change our pricing models to compete successfully.
The intense competition we face in the sales of our solutions, solution packages and services and general economic and business conditions can put pressure on us to change our prices. If our competitors offer deep discounts on certain solutions, solution packages or services or develop solutions and/or solution packages that the marketplace considers more valuable than ours, we may need to lower prices or offer other favorable terms in order to compete successfully. Any such changes may reduce margins and could adversely affect operating results. Additionally, the increasing prevalence of cloud and SaaS delivery models offered by us and our competitors may unfavorably impact pricing for both our on-premise and cloud-based offerings, as well as overall demand for our on-premise software and service offerings, which could reduce our revenues and profitability. Our competitors may offer lower pricing on their support offerings, which could put pressure on us to further discount our offering or support pricing. We also must determine the appropriate price of our offerings and services to enable us to compete effectively internationally.
Any broad-based change to our prices and pricing policies could cause our revenue to decline or be delayed as our sales force implements and our customers adjust to new pricing policies. For example, we began providing solution packages that include combinations of our most commonly deployed solutions in March 2020. We or our competitors may bundle solutions in other ways for promotional purposes or as a long-term go-to-market or pricing strategy or provide guarantees of prices and solution and solution package implementations. These practices could, over time, significantly constrain the prices that we can charge for certain of our solutions and solution packages. If we do not adapt our pricing models to reflect changes in customer use of our solutions and solution packages or changes in customer demand, our revenue could decrease.
Our failure to meet certain of our service level commitments could harm our business, results of operations and financial condition.
Our customer agreements contain service level commitments, under which we guarantee specified availability and error resolution times with respect to our solutions. Any failure of or disruption to our infrastructure could make our solutions unavailable to our customers. If we are unable to meet the stated service level commitments to our customers or suffer extended periods of unavailability of our SaaS offerings, we may be contractually obligated to provide affected customers with service credits, or customers could elect to terminate and receive refunds for prepaid amounts related to unused subscriptions. Our revenue, other results of operations and financial condition could be harmed if we suffer unscheduled downtime that exceeds the service level commitments under our agreements with our customers, and any extended service outages could adversely affect our business and reputation as customers may elect not to renew.
If we fail to offer high-quality customer support, our business and reputation will suffer.
Once our solutions and solution packages are deployed, our customers rely on our support services to resolve any issues that may arise. High-quality customer education and customer support is important for the successful marketing and sale of our solutions and solution packages and for the renewal of existing customers. We must successfully assist our customers in deploying our solutions and solution packages, resolving performance issues and addressing interoperability challenges with a customer’s existing network and security infrastructure. Many enterprises, particularly large enterprises, have complex networks and require high levels
of focused support, including premium support offerings, to fully realize the benefits of our solutions. Any failure by us to maintain the expected level of support could reduce customer satisfaction and hurt our customer retention, particularly with respect to our large enterprise customers. To the extent that we are unsuccessful in hiring, training and retaining adequate support resources, our ability to provide adequate and timely support to our customers will be negatively impacted, and our customers’ satisfaction with our solutions could be adversely affected. Given our growth, we may in the future engage third parties to provide support services to our customers. Any failure to properly train or oversee such contractors could result in a poor customer experience, which could have an adverse impact on our reputation and ability to renew subscriptions or engage new customers. In addition, most of our contracts with our larger customers require consent in the event we subcontract the services we provide thereunder. The process of obtaining consent to subcontract support services with these customers could be lengthy and there can be no assurance such consent would be provided.
Furthermore, as we sell our solutions and solution packages internationally, our support organization faces additional challenges, including those associated with delivering support, training and documentation in languages other than English. Any failure to maintain high-quality customer support, or a market perception that we do not maintain high-quality support, could materially harm our reputation, business, financial condition and results of operations, and adversely affect our ability to sell our solutions and solution packages to existing and prospective customers. The importance of high-quality customer support will increase as we expand our business and pursue new customers.
Our growth is substantially dependent on the success of our strategic relationships with channel partners, technology partners and other third parties.
As part of our business development efforts, we anticipate that we will continue to depend on relationships with third parties, such as our channel partners and technology partners, to sell, market, build, operate and deploy our solutions and solution packages. Identifying these partners and maintaining these relationships requires significant time and resources. Our competitors may be effective in providing incentives to channel partners and other third parties to favor their solutions or services over subscriptions to our platform and a substantial number of our agreements with channel partners are non-exclusive such that those channel partners may offer customers the solutions of several different companies, including solutions that compete with ours. Our channel partners may cease marketing or reselling our platform with limited or no notice and without penalty. Our channel partners may also choose to promote our competitors’ solutions versus our own solutions and solution packages. If our technology partners fail to build, deploy or operate our solutions and/or solution packages in a manner that satisfies our customers, or if we fail to adequately negotiate and document the underlying agreement with such technology partners, our customers may seek direct recourse against us. In the event that a relationship with a technology partner deploying and operating our solution is terminated, we may be unable to allocate the proper engineering resources to support the solution internally, or the solution may become too costly to run ourselves. In addition, given the competitive landscape, acquisitions of our channel or technology partners by a competitor could adversely affect our customers, as these partners may no longer be in a position to sell, market, build, operate and/or deploy our solutions and solution packages. Furthermore, some of these partners may themselves build competitive solutions that are or may become competitive with certain of our solutions and/or solution packages and then elect to no longer support or integrate with our platform. Lastly, we cannot accurately predict the impact of the COVID-19 pandemic on the business operations of these critical third parties, and thus may not be able to recoup any financial or strategic losses as a result of an unexpected termination of the underlying relationship. If we are unsuccessful in establishing or maintaining our relationships with critical third parties, our ability to compete in the marketplace or to grow our revenue could be impaired, and our results of operations may suffer. Even if we are successful, we cannot assure you that these relationships will result in increased customer usage of our solutions or increased revenue.
Adverse general and industry-specific economic and market conditions and reductions in IT and identity spending may reduce demand for our solutions and solution packages, which could harm our results of operations.
Our revenue, results of operations and cash flows depend on the overall demand for our solutions and solution packages. Concerns about the systemic impact of a potential widespread recession (in the United States or internationally), geopolitical issues or the availability and cost of credit could lead to increased market volatility, decreased consumer confidence and diminished growth expectations in the U.S. economy and abroad, which in turn could result in reductions in IT, IAM and identity security spending by our existing and prospective customers. For the year ended December 31, 2020, 33% of our revenue was derived from the financial services industry, including banking. Negative economic conditions, including in the financial services industry, may cause customers to reduce their IT spending. Prolonged economic slowdowns may result in customers delaying or canceling IT projects, choosing to focus on in-house development efforts or seeking to lower their costs by requesting us to renegotiate existing contracts on less advantageous terms or defaulting on payments due on existing contracts or not renewing at the end of the contract term.
Our customers may merge with other entities who use alternative IAM solutions and, during weak economic times, there is an increased risk that one or more of our customers will file for bankruptcy protection, either of which may harm our revenue, profitability and results of operations. We also face risk from international customers that file for bankruptcy protection in foreign jurisdictions, particularly given that the application of foreign bankruptcy laws may be more difficult to predict. In addition, we may determine that the cost of pursuing any claim may outweigh the recovery potential of such claim. As a result, broadening or protracted extension of an economic downturn could harm our business, revenue, results of operations and cash flows.
If our platform, solutions and solution packages do not effectively interoperate with our customers’ existing or future IT infrastructures, our business would be harmed.
Our success depends on the interoperability of our platform, solutions and solution packages with our customers’ IT infrastructures, including third-party operating systems, applications, data and devices that we have not developed and do not control. Any changes in such infrastructure, operating systems, applications, data or devices that degrade the functionality of our platform, solutions or solution packages or give preferential treatment to competitive solutions could adversely affect the adoption and usage of our platform. We may not be successful in quickly or cost effectively adapting our platform, solutions or solution packages to operate effectively with these operating systems, applications, data or devices. If it is difficult for our customers to access and use our platform, solutions or solution packages, or if our platform, solutions or solution packages cannot connect a broadening range of applications, data and devices, then our customer growth and retention may be harmed, and our business, results of operations and financial condition could be adversely affected. We rely on open standards for many integrations between our solutions and solution packages and third-party applications that our customers utilize, and in other instances on such third parties making available the necessary tools for us to create interoperability with their applications. If application providers were to move away from open standards, or if a critical, widely-utilized application provider were to adopt proprietary integration standards and not make them available for the purposes of facilitating interoperability with our platform, the utility of our solutions and solution packages for our customers would be decreased.
Our ability to introduce new solutions and features is dependent on adequate research and development resources and our ability to successfully complete acquisitions. If we do not adequately fund our research and development efforts or complete acquisitions successfully, we may not be able to compete effectively and our business and results of operations may be harmed.
To remain competitive, we must continue to offer new solutions and enhancements to our platform. This is particularly true as we further expand and diversify our capabilities. Maintaining adequate research and development resources, such as the appropriate personnel and development technology, to meet the demands of the market is essential. If we elect not to or are unable to develop solutions internally due to certain constraints, such as high employee turnover, lack of management ability or a lack of other research and development resources, we may choose to expand into a certain market or strategy via an acquisition for which we could potentially pay too much or fail to successfully integrate into our operations. Further, many of our competitors expend a considerably greater amount of funds on their respective research and development programs, and those that do not may be acquired by larger companies that would allocate greater resources to our competitors’ research and development programs. Our failure to maintain adequate research and development resources or to compete effectively with the research and development programs of our competitors would give an advantage to such competitors and our business, results of operations and financial condition could be adversely affected. Moreover, there is no assurance that our research and development or acquisition efforts will successfully anticipate market needs and result in significant new marketable solutions or enhancements to our solutions, design improvements, cost savings, revenues or other expected benefits. If we are unable to generate an adequate return on such investments, we may not be able to compete effectively and our business and results of operations may be materially and adversely affected.
Our success depends, in part, on the integrity and scalability of our systems and infrastructures. System interruption and the lack of integration, redundancy and scalability in these systems and infrastructures may result in our business, results of operations and financial condition being adversely affected.
Our success depends, in part, on our ability to maintain the integrity of our systems and infrastructure, including websites, information and related systems. System interruption and a lack of integration and redundancy in our information systems and infrastructure may adversely affect our ability to operate websites, process and fulfill transactions, respond to customer inquiries and generally maintain cost-efficient operations. We may experience occasional system interruptions that make some or all systems or data unavailable or prevent us from efficiently providing access to our platform. Fire, flood, power loss, telecommunications failure, hurricanes, tornadoes, earthquakes, other natural disasters, acts of war or terrorism and similar events or disruptions may
damage or interrupt computer, broadband or other communications systems and infrastructure at any time. Any of these events could cause system interruption, delays and loss of critical data, and could prevent us from providing access to our platform.
While we have backup systems for certain aspects of our operations, disaster recovery planning by its nature cannot be sufficient for all eventualities. In addition, we may not have adequate insurance coverage to compensate for losses from a major interruption. If any of these events were to occur, our business, results of operations and financial condition could be adversely affected.
We rely on software and services from other parties. Defects in or the loss of access to software or services from third parties could increase our costs and adversely affect the quality of our solutions.
We rely on third-party computer systems, broadband and other communications systems and service providers in providing access to our platform. Any interruptions, outages or delays in our systems and infrastructure, our business and/or third parties, or deterioration in the performance of these systems and infrastructure, could impair our ability to provide access to our platform. Our business would be disrupted if any of the third-party software or services we utilize, particularly with respect to third-party software or services embedded in our solutions, or functional equivalents thereof, were unavailable due to extended outages or interruptions or because they are no longer available on commercially reasonable terms or prices or at all.
In each case, we would be required to either seek licenses to software or services from other parties and redesign our solutions to function with such software or services or develop these components ourselves, which would result in increased costs and could result in delays in our solution and solution package launches and the release of new solution and solution package offerings until equivalent technology can be identified, licensed or developed, and integrated into our solutions. Furthermore, we might be forced to limit the features available in our current or future solutions. If these delays and feature limitations occur, our business, results of operations and financial condition could be adversely affected.
Real or perceived errors, failures, vulnerabilities or bugs in our solutions, including deployment complexity, could harm our business and results of operations.
Errors, failures, vulnerabilities or bugs may occur in our solutions, especially when updates are deployed or new solutions are rolled out. Our platform is often used in connection with large-scale computing environments with different operating systems, system management software, equipment and networking configurations, which may cause errors or failures of solutions. In addition, deployment of our solutions into complicated, large-scale computing environments may expose errors, failures, vulnerabilities or bugs in our solutions. Any such errors, failures, vulnerabilities or bugs may not be found until after they are deployed to our customers. Real or perceived errors, failures, vulnerabilities or bugs in our solutions could result in negative publicity, loss of customer data, loss of or delay in market acceptance of our solutions, loss of competitive position, or claims by customers for losses sustained by them, all of which could adversely affect our business, results of operations and financial condition.
If we fail to adequately protect our proprietary rights, our competitive position could be impaired and we may lose valuable assets, generate less revenue and incur costly litigation to protect our rights.
Our success is dependent, in part, upon protecting our proprietary information and technology. We rely on a combination of patents, copyrights, trademarks, service marks, trade secret laws and contractual restrictions to establish and protect our proprietary rights. However, the steps we take to protect our intellectual property may be inadequate. We will not be able to protect our intellectual property if we are unable to enforce our rights or if we do not detect unauthorized use of our intellectual property. Despite our precautions, it may be possible for unauthorized third parties to copy our solutions and use information that we regard as proprietary to create solutions that compete with ours. Some license provisions protecting against unauthorized use, copying, transfer and disclosure of our solutions may be unenforceable under the laws of certain jurisdictions and foreign countries. Further, the laws of some countries do not protect proprietary rights to the same extent as the laws of the United States, and mechanisms for enforcement of intellectual property rights in some foreign countries
may be inadequate. In addition, certain countries into which we may expand our business may require us to do business through an entity that is partially owned by a local investor, to make available our technologies to state regulators or to grant license rights to local partners in a manner not required by the jurisdictions in which we currently operate. To the extent we expand our international activities, our exposure to unauthorized reverse engineering of our technologies or copying and use of our solutions and proprietary information may increase. Accordingly, despite our efforts, we may be unable to prevent third parties from infringing upon or misappropriating our technology and intellectual property.
We rely in part on trade secrets, proprietary know-how and other confidential information to maintain our competitive position. Although we enter into confidentiality and invention assignment agreements with our employees and consultants and enter into confidentiality agreements with the parties with whom we have strategic relationships and business alliances, no assurance can be given that these agreements will be effective in controlling access to and distribution of our solutions and proprietary information. Further, these agreements do not prevent our competitors from independently developing technologies that are substantially equivalent or superior to our solutions and solution packages.
To protect our intellectual property rights, we may be required to spend significant resources to monitor and protect these rights. Litigation may be necessary in the future to enforce our intellectual property rights and to protect our trade secrets. Such litigation could be costly, time consuming and distracting to management and could result in the impairment or loss of portions of our intellectual property. Furthermore, our efforts to enforce our intellectual property rights may be met with defenses, counterclaims and countersuits attacking the validity and enforceability of our intellectual property rights. Our inability to protect our proprietary technology against unauthorized copying or use, as well as any costly litigation or diversion of our management’s attention and resources, could delay further sales or the implementation of our solutions and solution packages, impair the functionality of our solutions, delay introductions of new solutions and solution packages, result in our substituting inferior or more costly technologies into our solutions, or injure our reputation. In addition, we may be required to license additional technology from third parties to develop and market new solutions and solution packages, and we cannot assure you that we could license that technology on commercially reasonable terms or at all, and our inability to license this technology could harm our ability to compete.
Our results of operations may be harmed if we are subject to an infringement claim or a claim that results in a significant damage award.
Other companies have claimed in the past, and may claim in the future, that we infringe upon their intellectual property rights. A claim may also be made relating to technology that we acquire or license from third parties. Because of constant technological change in the segments in which we compete, the extensive patent coverage of existing technologies, and the rapid rate of issuance of new patents, it is possible that the number of these claims may grow. If we were subject to a claim of infringement, regardless of the merit of the claim or our defenses, the claim could:
|●||require costly litigation to resolve and/or the payment of substantial damages or other amounts to settle such disputes;|
|●||require significant management time;|
|●||cause us to enter into unfavorable royalty or license agreements, if such arrangements are available at all;|
|●||require us to discontinue the sale of some or all of our offerings, or to remove or reduce features or functionality of our solutions and solution packages;|
|●||require us to indemnify our customers or third-party service providers; and/or|
|●||require us to expend additional development resources to redesign our solutions and/or solution packages.|
Any one or more of the above could adversely affect our business, results of operations and financial condition.
Our use of open source software in our offerings could negatively affect our ability to sell our solutions and solution packages and subject us to possible litigation.
We use software modules licensed to us by third-party authors under “open source” licenses in our offerings. Some open source licenses require that users of the applicable software make available source code for modifications or derivative works created using that open source software. If we were to combine our proprietary software with open source software in a certain manner, we could, under certain open source licenses, be required to release or otherwise make available the source code of our proprietary software to the public. This would allow our competitors to create similar products with lower development effort and time and ultimately could result in a loss of sales for us.
Although we monitor our compliance with open source licenses and attempt to protect our proprietary source code from the effects stated above, we may inadvertently use open source software in a manner we do not intend and that could expose us to claims for breach of contract and intellectual property infringement. In addition, the terms of many open source licenses have not been interpreted by United States courts, and there is a risk that these licenses could be construed in a way that could impose unanticipated conditions or restrictions on our ability to commercialize our solutions and solution packages. If we are held to have breached the terms of an open source software license, we could be required to seek licenses from third parties to continue providing our offerings on terms that are not economically feasible, to re-engineer our offerings, to discontinue the sale of our offerings if re-engineering cannot be accomplished on a timely basis, or to make generally available, in source code form, a portion of our proprietary code, any of which could adversely affect our business, results of operations and financial condition. In addition to the risks described above, usage of open source software typically exposes us to greater risks than use of third-party commercial software, as open source licensors generally do not provide warranties or assurance of title or controls on the functionality or origin of the software. Many of the risks associated with usage of open source software, such as the lack of warranties or assurances of title, cannot be eliminated, and could, if not properly addressed, negatively affect our business. We have established processes to help alleviate these risks, including a review process for screening requests from our development organizations for the use of open source software, but we cannot be sure that our processes for controlling our use of open source software in our offerings will be effective. Use of open source software may also present additional security risks because the public availability of such software may make it easier for hackers and other third parties to determine how to compromise our offerings.
We rely on SaaS vendors to operate certain functions of our business and any failure of such vendors to provide services to us could adversely impact our business and operations.
We rely on third-party SaaS vendors to operate certain critical functions of our business, including financial management, human resource management and customer relationship management. If these services become unavailable due to extended outages or interruptions or because they are no longer available on commercially reasonable terms or prices, our expenses could increase, our ability to manage our finances could be interrupted and our processes for managing sales of our solutions and solution packages and supporting our customers could be impaired until equivalent services, if available, are identified, obtained and integrated, all of which could harm our business. In addition, we rely on the security of our third-party SaaS vendors as part of the overall security of our solutions. While we review the security documentation and reports made available by these third parties, if one of these vendors were to experience a security incident or be susceptible to a vulnerability, it could have a negative impact on the security of our own solutions and in such an instance it may be more difficult for us to detect unauthorized activity and prevent or minimize security breaches. If any such events were to occur, it could negatively affect our business, expose us to financial liability to our customers and damage our reputation.
Indemnity provisions in various agreements potentially expose us to substantial liability for intellectual property infringement and other losses.
Our agreements with customers and other third parties may include indemnification or other provisions under which we agree to indemnify them for losses suffered or incurred as a result of claims of intellectual property infringement, damage caused by us to property or persons, or other liabilities relating to or arising from the use of our platform or other acts or omissions. The term of these contractual provisions often survives termination or expiration of the applicable agreement. As we continue to grow, the possibility of infringement claims and other intellectual property rights claims against us may increase. For any intellectual property rights indemnification claim against us or our customers, we may incur significant legal expenses and may have to pay damages, settlement fees, license fees and/or stop using technology found to be in violation of the third-party’s rights. Large indemnity payments could harm our business, results of operations and financial condition. We may also have to seek a license for the infringing or allegedly infringing technology. Such license may not be available on reasonable terms, if at all, and may significantly increase our operating expenses or may require us to restrict our business activities and limit our ability to deploy certain offerings. As a result, we may also be required to develop alternative non-infringing technology, which could require significant effort and expense and/or cause us to alter our platform, solutions or solution packages, which could negatively affect our business. In addition, we may be subject to increased risk of infringement claims as a result of our use of open source software given that our agreements with our customers generally do not exclude open source software from the intellectual property indemnity we contractually agree to provide for our offerings.
From time to time, customers require us to indemnify them for breach of confidentiality, violation of applicable law or failure to implement adequate security measures with respect to their data stored, transmitted, or accessed using our platform. Although we normally contractually limit our liability with respect to such obligations, the existence of such a dispute may have adverse effects on our customer relationship and reputation and we may still incur substantial liability related to them.
Any assertions by a third party, whether or not successful, with respect to such indemnification obligations could subject us to costly and time-consuming litigation, expensive remediation and licenses, divert management attention and financial resources, harm our relationship with that customer and other current and prospective customers, reduce demand for our platform and result in our brand, business, results of operations and financial condition being adversely affected.
We may be subject to liability claims if we breach our contracts and our insurance may be inadequate to cover our losses.
We are subject to numerous obligations in our contracts with our customers and strategic partners. Despite the procedures, systems and internal controls we have implemented to comply with our contracts, we may breach these commitments, whether through a weakness in these procedures, systems and internal controls, negligence or the willful act of an employee or contractor.
Our insurance policies, including our errors and omissions insurance, may be inadequate to compensate us for the potentially significant losses that may result from claims arising from breaches of our contracts, disruptions in our services, including those caused by cybersecurity incidents, failures or disruptions to our infrastructure, catastrophic events and disasters or otherwise. In addition, such insurance may not be available to us in the future on economically reasonable terms, or at all. Further, our insurance may not cover all claims made against us and defending a suit, regardless of its merit, could be costly and divert management’s attention.
Our customers may fail to pay us in accordance with the terms of their agreements, necessitating action by us to compel payment.
If customers fail to pay us under the terms of our agreements, we may be adversely affected both from the inability to collect amounts due and the cost of enforcing the terms of our contracts, including related litigation. Furthermore, some of our customers may seek bankruptcy protection or other similar relief and fail to pay
amounts due to us, or pay those amounts more slowly, either of which could adversely affect our business, results of operations and financial condition.
Because our long-term success depends, in part, on our ability to expand the sales of our solutions and solution packages to customers located outside of the United States, our business will be susceptible to risks associated with international operations.
We currently have international operations in the United Kingdom, Canada, Australia, France, Germany, India, Israel, the Netherlands and Switzerland. For the year ended December 31, 2020, our international revenue was 26% of our total revenue. Any efforts that we may undertake to increase our international revenue may not be successful. In addition, continuing to expand our international footprint with our solutions and solution packages subjects us to new risks, some of which we have not generally faced in the United States. These risks include, among other things:
|●||unexpected costs and errors in the localization of our solutions and solution packages, including translation into foreign languages and adaptation for local practices and regulatory requirements;|
|●||difficulties in developing and executing an effective go-to-market strategy in various locations;|
|●||lack of familiarity and burdens of complying with foreign laws, legal standards, privacy standards, regulatory requirements, tariffs and other barriers;|
|●||laws and business practices favoring local competitors or commercial parties;|
|●||costs and liabilities related to compliance with foreign privacy, data protection and information security laws and regulations, including the GDPR, and the risks and costs of noncompliance;|
|●||greater risk of a failure of foreign employees, partners, distributors and resellers to comply with both U.S. and foreign laws, including antitrust regulations, anti-bribery laws, export and import control laws, and any applicable trade regulations ensuring fair trade practices;|
|●||practical difficulties of enforcing intellectual property rights in countries with fluctuating laws and standards and reduced or varied protection for intellectual property rights in some countries, and specific legal requirements in certain countries that might place us at a greater risk of our technologies being subject to reverse engineering or copying;|
|●||unexpected changes in global, economic and political landscapes;|
|●||unexpected changes in regulatory requirements, taxes, trade laws, tariffs, export quotas, custom duties or other trade restrictions;|
|●||difficulties in managing system integrators and technology partners;|
|●||differing technology standards;|
|●||longer accounts receivable payment cycles and difficulties in collecting accounts receivable;|
|●||difficulties in managing and staffing international operations and differing employer/employee relationships and local employment laws;|
|●||political unrest, war, or terrorism, or regional natural disasters, particularly in areas in which we have facilities;|
|●||fluctuations in exchange rates that may increase the volatility of our foreign-based revenue; and|
|●||potentially adverse tax consequences, including the complexities of foreign value added tax (or other tax) systems and restrictions on the repatriation of earnings.|
Additionally, operating in international markets also requires significant management attention and financial resources. We cannot be certain that the investment and additional resources required in establishing operations in other countries will produce desired levels of revenue or profitability.
In addition, some of our business functions, such as research and development, may be siloed geographically, which may adversely affect the integration of our operations on a global scale.
We have limited experience in marketing, selling and supporting our platform abroad. Our limited experience in operating our business internationally increases the risk that any potential future expansion efforts that we may undertake will not be successful. If we invest substantial time and resources to increase our international revenue and are unable to do so successfully and in a timely manner, our business and results of operations will suffer.
We may face exposure to foreign currency exchange rate fluctuations.
Today, our international contracts are usually denominated in local currencies and the majority of our international costs are denominated in local currencies. Over time, an increasing portion of our international contracts may be denominated in local currencies. Therefore, fluctuations in the value of the U.S. dollar and foreign currencies may affect our results of operations when translated into U.S. dollars. We do not currently engage in currency hedging activities to limit the risk of exchange rate fluctuations. However, in the future, we may use derivative instruments, such as foreign currency forward and option contracts, to hedge certain exposures to fluctuations in foreign currency exchange rates. The use of such hedging activities may not offset any or more than a portion of the adverse financial effects of unfavorable movements in foreign exchange rates over the limited time the hedges are in place. Moreover, the use of hedging instruments may introduce additional risks if we are unable to structure effective hedges with such instruments.
Economic conditions and regulatory changes following the U.K.’s exit from the EU could have a material adverse effect on our business and results of operations.
The U.K. formally left the EU on January 31, 2020, typically referred to as “Brexit.” Pursuant to the formal withdrawal arrangements agreed between the U.K. and EU, the U.K. was subject to a transition period until December 31, 2020 during which EU rules continued to apply. On December 24, 2020, the EU and the U.K. reached a Trade and Cooperation Agreement, provisionally applicable since January 1, 2021, which sets out preferential arrangements in areas such as trade in goods and in services, digital trade, intellectual property, public procurement, aviation and road transport, energy, fisheries, social security coordination, law enforcement and judicial cooperation in criminal matters, thematic cooperation and participation in EU programs. The uncertainty concerning the U.K.’s legal, political and economic relationship with the EU after the transition period may be a source of instability in international markets, create significant currency fluctuations and otherwise adversely affect trading agreements or similar cross-border cooperation arrangements, whether economic, tax, fiscal, legal, regulatory or otherwise. While the full effects of Brexit will not be known for some time, Brexit could cause disruptions to, and create uncertainty surrounding, our business and results of operations. For example, following the transition period, the U.K. could lose the benefits of global trade agreements negotiated by the EU on behalf of its members, which may result in increased trade barriers that could make our doing business in the EU and the European Economic Area more difficult. Ongoing global market volatility and a deterioration in economic conditions due to uncertainty surrounding the future relationship between the U.K. and EU could significantly disrupt the markets in which we operate and lead our customers to closely monitor their costs and delay capital spending decisions.
Additionally, Brexit has resulted in the strengthening of the U.S. dollar against foreign currencies in which we conduct business. Although this strengthening has been somewhat ameliorated by the implementation of the transition period, because we translate revenue denominated in foreign currency into U.S. dollars for our financial statements, during periods of a strengthening U.S. dollar, our reported revenue from foreign operations
is reduced. As a result of Brexit and the continued negotiations between the U.K. and EU, there may be further periods of volatility in the currencies in which we conduct business.
The effects of Brexit will depend on any agreements the U.K. makes to retain access to EU markets following the transition period. The measures could potentially disrupt the markets we serve and may cause us to lose customers and employees. In addition, Brexit could lead to legal uncertainty and potentially divergent national laws and regulations as the U.K. determines which EU laws to replace or replicate, which could present new regulatory costs and challenges.
Any of these effects of Brexit could materially adversely affect our business, results of operations and financial condition.
Our international operations may give rise to potentially adverse tax consequences.
Our corporate structure and associated transfer pricing policies anticipate future growth into the international markets. The amount of taxes we pay in different jurisdictions may depend on the application of the tax laws of the various jurisdictions, including the United States, to our international business activities, changes in tax rates, new or revised tax laws or interpretations of existing tax laws and policies and our ability to operate our business in a manner consistent with our corporate structure and intercompany arrangements. The taxing authorities of the jurisdictions in which we operate may challenge our methodologies for pricing intercompany transactions, which are generally required to be computed on an arm’s-length basis pursuant to intercompany arrangements or disagree with our determinations as to the income and expenses attributable to specific jurisdictions. If such a challenge or disagreement were to occur, and our position was not sustained, we could be required to pay additional taxes, interest and penalties, which could result in one-time tax charges, higher effective tax rates, reduced cash flows and lower overall profitability of our operations. Our financial statements could fail to reflect adequate reserves to cover such a contingency.
Changes in tax laws or regulations in the various tax jurisdictions we are subject to that are applied adversely to us or our customers could increase the costs of our solutions and solution packages and harm our business.
New income, sales, use or other tax laws, statutes, rules, regulations or ordinances could be enacted at any time. Those enactments could harm our domestic and international business operations, and our business and financial performance. Further, existing tax laws, statutes, rules, regulations or ordinances could be interpreted, changed, modified or applied adversely to us. These events could require us or our customers to pay additional tax amounts on a prospective or retroactive basis, as well as require us or our customers to pay fines and/or penalties and interest for past amounts deemed to be due. If we raise our prices to offset the costs of these changes, existing and potential future customers may elect not to purchase our solutions and/or solution packages in the future. Additionally, new, changed, modified or newly interpreted or applied tax laws could increase our customers’ and our compliance, operating and other costs, as well as the costs of our solutions and solution packages. Further, these events could decrease the capital we have available to operate our business. Any or all of these events could harm our business and financial performance.
A change in tax laws in key jurisdictions could materially increase our tax expense.
We are subject to income taxes in the United States and many foreign jurisdictions. Changes to income tax laws and regulations, or the interpretation of such laws, in any of the jurisdictions in which we operate could significantly increase our effective tax rate and ultimately reduce our cash flows from operating activities and otherwise have a material adverse effect on our financial condition. Additionally, various levels of government are increasingly focused on tax reform and other legislative actions to increase tax revenue, and President Biden’s campaign proposals included increasing the U.S. corporate income tax rate from 21% to 28%. Further changes in the tax laws of foreign jurisdictions could arise as a result of the base erosion and profit shifting project undertaken by the Organisation for Economic Co-operation and Development, which represents a coalition of member countries and recommended changes to numerous long-standing tax principles. If implemented by taxing authorities, such changes, as well as changes in U.S. federal and state tax laws or in
taxing jurisdictions’ administrative interpretations, decisions, policies, and positions, could have a material adverse effect on our business, results of operations, or financial condition.
Comprehensive tax reform legislation could adversely affect our business and financial condition.
On December 22, 2017, tax reform legislation known as the Tax Cuts and Jobs Act (the “Tax Act”) was enacted in the United States. The Tax Act, as amended by the CARES Act (defined below) among other things, included changes to U.S. federal tax rates, imposed significant additional limitations on the deductibility of interest and net operating loss carryforwards and allowed for the expensing of capital expenditures. Accounting for the income tax effects of the Tax Act and subsequent guidance issued required complex new calculations to be performed and significant judgments in interpreting the legislation. Additional guidance may be issued on how the provisions of the Tax Act will be applied or otherwise administered that is different from our interpretation, which could result in adjustments to the income tax effects of the Tax Act that we have recorded at December 31, 2020. These adjustments could have a negative impact on our business and financial condition.
We may not be eligible to participate in the relief programs provided under the recently adopted Coronavirus Aid Relief, and Economic Security (CARES) Act and even if we are eligible we may not realize any material benefits from participating in such programs.
On March 27, 2020, legislation known as the Coronavirus Aid, Relief, and Economic Security Act (the “CARES Act”) was enacted in the United States. The CARES Act, among other things, includes provisions relating to refundable payroll tax credits, deferment of employer side social security payments, net operating loss carryback periods, alternative minimum tax credit refunds, modifications to the net interest deduction limitations and technical corrections to tax depreciation methods for qualified improvement property. We are evaluating the applicability of the CARES Act to the Company, and the potential impacts on our business. Accounting for the income tax effects of the CARES Act and subsequent guidance issued will require complex new calculations to be performed and significant judgments in interpreting the legislation. Additional guidance may be issued on how the provisions of the CARES Act will be applied or otherwise administered that is different from our interpretation. While we may determine to apply for such credits or other tax benefits provided under the CARES Act, there is no guarantee that we will meet any eligibility requirements to benefit from any of the tax relief provisions under the CARES Act or, even if we are able to participate, that such provisions will provide meaningful benefit to our business.
If we cannot maintain our corporate culture as we grow, our business may be harmed.
We believe that our corporate culture has been a critical component to our success and that our culture creates an environment that drives and perpetuates our overall business strategy. We have invested substantial time and resources in building our team and we expect to continue to hire aggressively as we expand, including with respect to our international operations. As we grow and mature as a public company and grow internationally, we may find it difficult to maintain our corporate culture. Any failure to preserve our culture could negatively affect our future success, including our ability to recruit and retain personnel and effectively focus on and pursue our business strategy.
We are subject to SEC rules and regulations regarding our internal control over financial reporting. If we fail to maintain effective internal control over financial reporting and disclosure controls and procedures or identify material weaknesses in our internal control over financial reporting, we may not be able to accurately report our financial results, or report them in a timely manner.
As a public reporting company, we are subject to the rules and regulations established from time to time by the SEC and the NYSE. These rules and regulations require that, among other things, we establish and periodically evaluate procedures with respect to our internal control over financial reporting. Reporting obligations as a public company place a considerable strain on our financial and management systems, processes and controls, as well as on our personnel. Our management team, including our chief executive officer and chief financial officer, has limited experience managing a publicly-traded company, and limited experience complying with the increasingly complex and changing laws pertaining to public companies.
In addition, as a public company we are required to document and test our internal control over financial reporting pursuant to Section 404 of the Sarbanes–Oxley Act so that our independent registered public accounting firm can attest in this Annual Report on Form 10-K as to the effectiveness of our internal control over financial reporting, and in future annual reports. Under this law, we have been required and will continue to be required to document and make significant changes to our internal control over financial reporting.
If our senior management is unable to conclude that we have effective internal control over financial reporting or to certify the effectiveness of such controls; if our independent registered public accounting firm cannot render an unqualified opinion on management's assessment and the effectiveness of our internal control over financial reporting; or if material weaknesses in our internal control over financial reporting is identified, we could be subject to regulatory scrutiny, a loss of public and investor confidence, and to litigation from investors and stockholders, which could have a material adverse effect on our business and our stock price. In addition, if we do not maintain adequate financial and management personnel, processes and controls, we may not be able to manage our business effectively or accurately report our financial performance on a timely basis, which could cause a decline in our common stock price and adversely affect our results of operations and financial condition.
Our management team has limited experience managing a public company.
Most members of our management team have limited experience managing a publicly traded company, interacting with public company investors, and complying with the increasingly complex laws pertaining to public companies. Our management team may not successfully or efficiently manage us as a public company that is subject to significant regulatory oversight and reporting obligations under the federal securities laws and the continuous scrutiny of securities analysts and investors. These new obligations and constituents require significant attention from our senior management and could divert their attention away from the day to day management of our business, which could adversely affect our business, results of operations and financial condition.
We face risks associated with having operations and employees located in Israel.
We have an office and employees located in Israel. As a result, political, economic, and military conditions in Israel directly affect our operations. The future of peace efforts between Israel and its Arab neighbors remains uncertain. There has been a significant increase in hostilities and political unrest between Hamas and Israel in the past few years. The effects of these hostilities and violence on the Israeli economy and our operations in Israel are unclear, and we cannot predict the effect on us of further increases in these hostilities or future armed conflict, political instability or violence in the region. Current or future tensions and conflicts in the Middle East could adversely affect our business, operating results, financial condition and cash flows.
In addition, many of our employees in Israel are obligated to perform annual reserve duty in the Israeli military and are subject to being called for active duty under emergency circumstances. We cannot predict the full impact of these conditions on us in the future, particularly if emergency circumstances or an escalation in the political situation occurs. If many of our employees in Israel are called for active duty for a significant period of time, our operations and our business could be disrupted and may not be able to function at full capacity. Any disruption in our operations in Israel could adversely affect our business.
A portion of our revenue is generated by sales to government entities, which are subject to a number of challenges and risks, such as increased competitive pressures, administrative delays and additional approval requirements.
A portion of our revenue is generated by sales to U.S. and foreign federal, state and local governmental agency customers, and we may in the future increase sales to government entities. Selling to government entities can be highly competitive, expensive and time consuming, often requiring significant upfront time and expense without any assurance that we will complete a sale or imposing terms of sale which are less favorable than the prevailing market terms. Government demand and payment for our solutions, solution packages and services may be impacted by public sector budgetary cycles and funding authorizations, with funding reductions or
delays adversely affecting public sector demand for our solutions and solution packages. Governments routinely investigate and audit government contractors’ administrative processes and any unfavorable audit could result in fines, civil or criminal liability, further investigations, damage to our reputation and debarment from further government business.
Catastrophic events may disrupt our business.
Natural disasters, pandemics or other catastrophic events may cause damage or disruption to our operations, international commerce and the global economy, and thus could harm our business. In the event of a major earthquake, hurricane or catastrophic event such as fire, power loss, telecommunications failure, cyberattack, pandemic, war or terrorist attack, we may be unable to continue our operations and may endure system interruptions, reputational harm, delays in our application development, lengthy interruptions in our solutions, breaches of data security and loss of critical data, all of which could adversely affect our business, results of operations and financial condition. In addition, the insurance we maintain may not be adequate to cover our losses resulting from disasters or other business interruptions.
Risks Relating to Our Indebtedness
Our existing indebtedness could adversely affect our business and growth prospects.
As of December 31, 2020, we had total long-term indebtedness outstanding of $150.8 million, including $150.0 million outstanding under our revolving credit facility (the “2019 Revolving Credit Facility”) and $0.8 million of outstanding letters of credit. On December 12, 2019, we repaid all outstanding borrowings under our then existing term loan facility (our “2018 Term Loan Facility”) and our then existing revolving credit facility (our “2018 Revolving Credit Facility,” and together with the 2018 Term Loan Facility, our “2018 Credit Facilities”) and in connection therewith we entered into a new credit agreement (the “2019 Credit Agreement”) providing for the 2019 Revolving Credit Facility with an initial $150.0 million in commitments for revolving loans. In addition, the 2019 Credit Agreement provides us with the ability to request incremental term loan facilities (our “2019 Term Loan Facility” and, together with the 2019 Revolving Credit Facility, our “2019 Credit Facilities”) in a minimum amount of $10 million for each facility, subject to certain conditions. All obligations under the 2019 Credit Agreement are secured by first priority perfected security interests in substantially all of our assets and the assets of our subsidiaries, subject to permitted liens and other exceptions. On March 30, 2020, we drew down on the remaining $97.8 million available for borrowing under our 2019 Revolving Credit Facility. Given the uncertainty in the global economy as result of the COVID-19 pandemic and out of an abundance of caution, we elected to draw down the remaining available balance to further strengthen our cash position and maintain flexibility. If needed, the proceeds will be available for working capital and general corporate purposes, subject to compliance with the 2019 Credit Agreement. Our indebtedness, or any additional indebtedness we may incur, could require us to divert funds identified for other purposes for debt service and impair our liquidity position. If we cannot generate sufficient cash flow from operations to service our debt, we may need to refinance our debt, dispose of assets or issue equity to obtain necessary funds. We do not know whether we will be able to take any of these actions on a timely basis, on terms satisfactory to us or at all.
Our indebtedness, the cash flow needed to satisfy our debt and the covenants contained in our 2019 Credit Agreement have important consequences, including:
|●||limiting funds otherwise available for financing our capital expenditures by requiring us to dedicate a portion of our cash flows from operations to the repayment of debt and the interest on this debt;|
|●||limiting our ability to incur additional indebtedness;|
|●||limiting our ability to capitalize on significant business opportunities;|
|●||making us more vulnerable to rising interest rates; and|
|●||making us more vulnerable in the event of a downturn in our business.|
Our level of indebtedness may place us at a competitive disadvantage to our competitors that are not as highly leveraged. Fluctuations in interest rates can increase borrowing costs. Increases in interest rates may directly impact the amount of interest we are required to pay and reduce earnings accordingly. In addition, developments in tax policy, such as the disallowance of tax deductions for interest paid on outstanding indebtedness, could have an adverse effect on our liquidity and our business, financial conditions and results of operations. Further, our 2019 Credit Agreement contains customary affirmative and negative covenants and certain restrictions on operations that could impose operating and financial limitations and restrictions on us, including restrictions on our ability to enter into particular transactions and to engage in other actions that we may believe are advisable or necessary for our business.
We expect to use cash flow from operations to meet current and future financial obligations, including funding our operations, debt service requirements and capital expenditures. The ability to make these payments depends on our financial and operating performance, which is subject to prevailing economic, industry and competitive conditions and to certain financial, business, economic and other factors beyond our control.
Despite current indebtedness levels and restrictive covenants, we may still be able to incur substantially more indebtedness or make certain restricted payments, which could further exacerbate the risks associated with our substantial indebtedness.
We may be able to incur significant additional indebtedness in the future. Although the financing documents governing our 2019 Credit Facilities contain restrictions on the incurrence of additional indebtedness and liens, these restrictions are subject to a number of important qualifications and exceptions, and the additional indebtedness and liens incurred in compliance with these restrictions could be substantial.
The financing documents governing our 2019 Credit Facilities permit us to incur certain additional indebtedness, including liabilities that do not constitute indebtedness as defined in the financing documents. We may also consider investments in joint ventures or acquisitions, which may increase our indebtedness. In addition, financing documents governing our 2019 Credit Facilities do not restrict Vista from creating new holding companies that may be able to incur indebtedness without regard to the restrictions set forth in the financing documents governing our 2019 Credit Facilities. If new debt is added to our currently anticipated indebtedness levels, the related risks that we face could intensify.
We may not be able to generate sufficient cash flow to service all of our indebtedness, and may be forced to take other actions to satisfy our obligations under such indebtedness, which may not be successful.
Our ability to make scheduled payments or to refinance outstanding debt obligations depends on our financial and operating performance, which will be affected by prevailing economic, industry and competitive conditions and by financial, business and other factors beyond our control. We may not be able to maintain a sufficient level of cash flow from operating activities to permit us to pay the principal, fees, premium, if any, and interest on our indebtedness. Any failure to make payments of interest and principal on our outstanding indebtedness on a timely basis would likely result in a reduction of our credit rating, which would also harm our ability to incur additional indebtedness.
If our cash flows and capital resources are insufficient to fund our debt service obligations, we may be forced to reduce or delay capital expenditures, sell assets, seek additional capital or seek to restructure or refinance our indebtedness. Any refinancing of our indebtedness could be at higher interest rates and may require us to comply with more onerous covenants. These alternative measures may not be successful and may not permit us to meet our scheduled debt service obligations. In the absence of such cash flows and resources, we could face substantial liquidity problems and might be required to sell material assets or operations to attempt to meet our debt service obligations. The financing documents governing our 2019 Credit Facilities restrict our ability to conduct asset sales and/or use the proceeds from asset sales. We may not be able to consummate these asset sales to raise capital or sell assets at prices and on terms that we believe are fair and any proceeds that we do receive may not be adequate to meet any debt service obligations then due. If we cannot meet our debt service obligations, the holders of our indebtedness may accelerate such indebtedness and, to the extent such
indebtedness is secured, foreclose on our assets. In such an event, we may not have sufficient assets to repay all of our indebtedness.
The terms of the financing documents governing our 2019 Credit Facilities restrict our current and future operations, particularly our ability to respond to changes or to take certain actions.
The financing documents governing our 2019 Credit Facilities contain a number of restrictive covenants that impose significant operating and financial restrictions on us and may limit our ability to engage in acts that may be in our long-term best interests, including restrictions on our ability to:
|●||incur additional indebtedness;|
|●||pay dividends on or make distributions in respect of capital stock or repurchase or redeem capital stock;|
|●||prepay, redeem or repurchase certain indebtedness;|
|●||make loans and investments;|
|●||sell or otherwise dispose of assets, including capital stock of restricted subsidiaries;|
|●||enter into transactions with affiliates; and|
|●||consolidate, merge or sell all or substantially all of our assets.|
The restrictive covenants in the financing documents governing our 2019 Credit Facilities require us to maintain specified financial ratios and satisfy other financial condition tests to the extent applicable. Our ability to meet those financial ratios and tests can be affected by events beyond our control.
A breach of the covenants or restrictions under the financing documents governing our 2019 Credit Facilities could result in an event of default under such documents. Such a default may allow the creditors to accelerate the related debt, which may result in the acceleration of any other debt to which a cross-acceleration or cross-default provision applies. In the event the holders of our indebtedness accelerate the repayment, we may not have sufficient assets to repay that indebtedness or be able to borrow sufficient funds to refinance it. Even if we are able to obtain new financing, it may not be on commercially reasonable terms or on terms acceptable to us. As a result of these restrictions, we may be:
|●||limited in how we conduct our business;|
|●||unable to raise additional debt or equity financing to operate during general economic or business downturns; or|
|●||unable to compete effectively or to take advantage of new business opportunities.|
These restrictions, along with restrictions that may be contained in agreements evidencing or governing other future indebtedness, may affect our ability to grow in accordance with our growth strategy.
We may be unable to refinance our indebtedness.
We may need to refinance all or a portion of our indebtedness before maturity. We cannot assure you that we will be able to refinance any of our indebtedness on commercially reasonable terms or at all. There can be no
assurance that we will be able to obtain sufficient funds to enable us to repay or refinance our debt obligations on commercially reasonable terms, or at all.
A lowering or withdrawal of the ratings assigned to our debt securities by rating agencies may increase our future borrowing costs and reduce our access to capital.
Our debt currently has a non-investment grade rating, and any rating assigned could be lowered or withdrawn entirely by a rating agency if, in that rating agency’s judgment, future circumstances relating to the basis of the rating, such as adverse changes, so warrant. Any future lowering of our ratings likely would make it more difficult or more expensive for us to obtain additional debt financing.
Our failure to raise additional capital or generate cash flows necessary to expand our operations and invest in new technologies in the future could reduce our ability to compete successfully and harm our results of operations.
We may need to raise additional funds, and we may not be able to obtain additional debt or equity financing on favorable terms or at all. If we raise additional equity financing, our security holders may experience significant dilution of their ownership interests. If we engage in additional debt financing, we may be required to accept terms that restrict our ability to incur additional indebtedness, force us to maintain specified liquidity or other ratios or restrict our ability to pay dividends or make acquisitions. If we need additional capital and cannot raise it on acceptable terms, or at all, we may not be able to, among other things:
|●||develop and enhance our solutions and solution packages;|
|●||continue to expand our solution and solution package development, sales and marketing organizations;|
|●||hire, train and retain employees;|
|●||respond to competitive pressures or unanticipated working capital requirements; or|
|●||pursue acquisition opportunities.|
In addition, our 2019 Credit Facilities also limit our ability to incur additional debt and therefore we likely would have to amend our 2019 Credit Facilities or issue additional equity to raise capital. If we issue additional equity, your interest in us will be diluted.
Risks Relating to Our Common Stock
Vista owns a large portion of our common stock and thus can influence certain of our corporate actions, and Vista’s interests may conflict with ours or yours in the future.
At December 31, 2020, Vista beneficially owned approximately 47% of our common stock. Our bylaws provide that Vista has the right to designate the Chairman of our board of directors (our “Board”) for so long as Vista beneficially owns at least 30% or more of the voting power of the then outstanding shares of our capital stock then entitled to vote generally in the election of directors. Even though Vista does not own shares of our stock representing a majority of the total voting power, for so long as Vista continues to own a significant percentage of our stock, Vista will still be able to significantly influence the composition of our Board, including the right to designate the Chairman of our Board, and the approval of actions requiring shareholder approval. Accordingly, for such period of time, Vista will have significant influence with respect to our management, business plans and policies, including the appointment and removal of our officers, decisions on whether to raise future capital and amending our charter and bylaws, which govern the rights attached to our common stock. In particular, for so long as Vista continues to own a significant percentage of our stock, Vista will be able to cause or prevent a change of control of us or a change in the composition of our Board, including the selection of the Chairman of our Board, and could preclude any unsolicited acquisition of us. The concentration of ownership could deprive
you of an opportunity to receive a premium for your shares of common stock as part of a sale of us and ultimately might affect the market price of our common stock.
In addition, we entered into a Director Nomination Agreement with Vista that provides Vista the right to designate: (i) all of the nominees for election to our Board for so long as Vista beneficially owns 40% or more of the total number of shares of our common stock it owned on the date of our IPO; (ii) a number of directors (rounded up to the nearest whole number) equal to 40% of the total directors for so long as Vista beneficially owns at least 30% and less than 40% of the total number of shares of our common stock it owned on the date of our IPO; (iii) a number of directors (rounded up to the nearest whole number) equal to 30% of the total directors for so long as Vista beneficially owns at least 20% and less than 30% of the total number of shares of our common stock it owned on the date of our IPO; (iv) a number of directors (rounded up to the nearest whole number) equal to 20% of the total directors for so long as Vista beneficially owns at least 10% and less than 20% of the total number of shares of our common stock it owned on the date of our IPO; and (v) one director for so long as Vista beneficially owns at least 5% and less than 10% of the total number of shares of our common stock it owned on the date of our IPO. The Director Nomination Agreement also provides that Vista may assign such right to a Vista affiliate. The Director Nomination Agreement prohibits us from increasing or decreasing the size of our Board without the prior written consent of Vista.
Vista and its affiliates engage in a broad spectrum of activities, including investments in the information and business services industry generally. In the ordinary course of their business activities, Vista and its affiliates may engage in activities where their interests conflict with our interests or those of our other shareholders, such as investing in or advising businesses that directly or indirectly compete with certain portions of our business or are suppliers or customers of ours. Our certificate of incorporation provides that none of Vista, any of its affiliates or any director who is not employed by us (including any non-employee director who serves as one of our officers in both his director and officer capacities) or its affiliates has any duty to refrain from engaging, directly or indirectly, in the same business activities or similar business activities or lines of business in which we operate. Vista also may pursue acquisition opportunities that may be complementary to our business, and, as a result, those acquisition opportunities may not be available to us. In addition, Vista may have an interest in pursuing acquisitions, divestitures and other transactions that, in its judgment, could enhance its investment, even though such transactions might involve risks to you.
The requirements of being a public company may strain our resources and distract our management, which could make it difficult to manage our business.
As a public company, we incur legal, accounting and other expenses that we did not previously incur. We are subject to the reporting requirements of the Securities Exchange Act of 1934, as amended (the “Exchange Act”) and the Sarbanes-Oxley Act, the listing requirements of the NYSE and other applicable securities rules and regulations. Compliance with these rules and regulations will continue to increase our legal and financial compliance costs, make some activities more difficult, time-consuming or costly and increase demand on our systems and resources. The Exchange Act requires that we file annual, quarterly and current reports with respect to our business, financial condition and results of operations. The Sarbanes-Oxley Act requires, among other things, that we establish and maintain effective internal controls and procedures for financial reporting. Furthermore, the need to establish the corporate infrastructure demanded of a public company may divert our management’s attention from implementing our growth strategy, which could prevent us from improving our business, financial condition and results of operations. We have made, and will continue to make, changes to our internal controls and procedures for financial reporting and accounting systems to meet our reporting obligations as a public company. However, the measures we take may not be sufficient to satisfy our obligations as a public company. In addition, these rules and regulations will increase our legal and financial compliance costs and will make some activities more time-consuming and costly. For example, we expect these rules and regulations to make it more difficult and more expensive for us to obtain director and officer liability insurance, and we may be required to incur substantial costs to maintain the same or similar coverage. These additional obligations could have a material adverse effect on our business, financial condition and results of operations.
In addition, changing laws, regulations and standards relating to corporate governance and public disclosure are creating uncertainty for public companies, increasing legal and financial compliance costs and making some
activities more time consuming. These laws, regulations and standards are subject to varying interpretations, in many cases due to their lack of specificity, and, as a result, their application in practice may evolve over time as new guidance is provided by regulatory and governing bodies. This could result in continuing uncertainty regarding compliance matters and higher costs necessitated by ongoing revisions to disclosure and governance practices. We intend to invest resources to comply with evolving laws, regulations and standards, and this investment may result in increased general and administrative expenses and a diversion of our management’s time and attention from sales-generating activities to compliance activities. If our efforts to comply with new laws, regulations and standards differ from the activities intended by regulatory or governing bodies due to ambiguities related to their application and practice, regulatory authorities may initiate legal proceedings against us and could have a material adversely effect on our business, financial condition and results of operations.
Provisions of our corporate governance documents could make an acquisition of us more difficult and may prevent attempts by our shareholders to replace or remove our current management, even if beneficial to our shareholders.
In addition to Vista’s beneficial ownership of 47% of our common stock as of December 31, 2020, our certificate of incorporation and bylaws and the Delaware General Corporation Law (the “DGCL”) contain provisions that could make it more difficult for a third party to acquire us, even if doing so might be beneficial to our shareholders. Among other things:
|●||these provisions allow us to authorize the issuance of undesignated preferred stock, the terms of which may be established and the shares of which may be issued without shareholder approval, and which may include supermajority voting, special approval, dividend, or other rights or preferences superior to the rights of shareholders;|
|●||these provisions provide for a classified board of directors with staggered three-year terms;|
|●||these provisions provide that, at any time when Vista beneficially owns, in the aggregate, less than 40% in voting power of our stock entitled to vote generally in the election of directors, directors may only be removed for cause, and only by the affirmative vote of holders of at least 662/3% in voting power of all the then-outstanding shares of our stock entitled to vote thereon, voting together as a single class;|
|●||these provisions prohibit shareholder action by written consent from and after the date on which Vista beneficially owns, in the aggregate, less than 35% in voting power of our stock entitled to vote generally in the election of directors;|
|●||these provisions provide that for as long as Vista beneficially owns, in the aggregate, at least 50% in voting power of our stock entitled to vote generally in the election of directors, any amendment, alteration, rescission or repeal of our bylaws by our shareholders will require the affirmative vote of a majority in voting power of the outstanding shares of our stock and at any time when Vista beneficially owns, in the aggregate, less than 50% in voting power of all outstanding shares of our stock entitled to vote generally in the election of directors, any amendment, alteration, rescission or repeal of our bylaws by our shareholders will require the affirmative vote of the holders of at least 662/3% in voting power of all the then-outstanding shares of our stock entitled to vote thereon, voting together as a single class; and|
|●||these provisions establish advance notice requirements for nominations for elections to our Board or for proposing matters that can be acted upon by shareholders at shareholder meetings; provided, however, at any time when Vista beneficially owns, in the aggregate, at least 10% in voting power of our stock entitled to vote generally in the election of directors, such advance notice procedure will not apply to it.|
Our certificate of incorporation contains a provision that provides us with protections similar to Section 203 of the DGCL, and prevents us from engaging in a business combination with a person (excluding Vista and any of its direct or indirect transferees and any group as to which such persons are a party) who acquires at least
15% of our common stock for a period of three years from the date such person acquired such common stock, unless Board or shareholder approval is obtained prior to the acquisition. These provisions could discourage, delay or prevent a transaction involving a change in control of our company. These provisions could also discourage proxy contests and make it more difficult for you and other shareholders to elect directors of your choosing and cause us to take other corporate actions you desire, including actions that you may deem advantageous, or negatively affect the trading price of our common stock. In addition, because our Board is responsible for appointing the members of our management team, these provisions could in turn affect any attempt by our shareholders to replace current members of our management team.
These and other provisions in our certificate of incorporation, bylaws and Delaware law could make it more difficult for shareholders or potential acquirers to obtain control of our Board or initiate actions that are opposed by our then-current Board, including delay or impede a merger, tender offer or proxy contest involving our company. The existence of these provisions could negatively affect the price of our common stock and limit opportunities for you to realize value in a corporate transaction.
Our certificate of incorporation designates the Court of Chancery of the State of Delaware as the exclusive forum for certain litigation that may be initiated by our shareholders, which could limit our shareholders’ ability to obtain a favorable judicial forum for disputes with us.
Pursuant to our certificate of incorporation, unless we consent in writing to the selection of an alternative forum, the Court of Chancery of the State of Delaware is the sole and exclusive forum for (1) any derivative action or proceeding brought on our behalf, (2) any action asserting a claim of breach of a fiduciary duty owed by any of our directors, officers or other employees to us or our shareholders, (3) any action asserting a claim against us arising pursuant to any provision of the DGCL, our certificate of incorporation or our bylaws or (4) any other action asserting a claim against us that is governed by the internal affairs doctrine; provided that for the avoidance of doubt, the forum selection provision that identifies the Court of Chancery of the State of Delaware as the exclusive forum for certain litigation, including any “derivative action,” will not apply to suits to enforce a duty or liability created by Securities Act, the Exchange Act or any other claim for which the federal courts have exclusive jurisdiction. Our certificate of incorporation further provides that any person or entity purchasing or otherwise acquiring any interest in shares of our capital stock is deemed to have notice of and consented to the provisions of our certificate of incorporation described above. The forum selection clause in our certificate of incorporation may have the effect of discouraging lawsuits against us or our directors and officers and may limit our shareholders’ ability to obtain a favorable judicial forum for disputes with us.
An active, liquid trading market for our common stock may not be sustained, which may limit your ability to sell your shares.
Although we have listed our common stock on the NYSE under the symbol “PING,” an active trading market for our common stock may not be sustained. A public trading market having the desirable characteristics of depth, liquidity and orderliness depends upon the existence of willing buyers and sellers at any given time, such existence being dependent upon the individual decisions of buyers and sellers over which neither we nor any market maker has control. The failure of an active and liquid trading market to develop and continue would likely have a material adverse effect on the value of our common stock. The market price of our common stock may decline below the public offering price, and you may not be able to sell your shares of our common stock at or above the price you paid in this offering, or at all. An inactive market may also impair our ability to raise capital to continue to fund operations by issuing shares and may impair our ability to acquire other companies or technologies by using our shares as consideration.
Our operating results and stock price may be volatile, and the market price of our common stock may drop below the price you paid.
Our quarterly operating results are likely to fluctuate in the future. In addition, securities markets worldwide have experienced, and are likely to continue to experience, significant price and volume fluctuations. This market volatility, as well as general economic, market or political conditions, could subject the market price of
our shares to wide price fluctuations regardless of our operating performance. Our operating results and the trading price of our shares may fluctuate in response to various factors, including:
|●||market conditions in our industry or the broader stock market;|
|●||actual or anticipated fluctuations in our quarterly financial and operating results;|
|●||introduction of new solutions, solution packages or services by us or our competitors;|
|●||issuance of new or changed securities analysts’ reports or recommendations;|
|●||sales, or anticipated sales, of large blocks of our stock;|
|●||additions or departures of key personnel;|
|●||regulatory or political developments;|
|●||litigation and governmental investigations;|
|●||changing economic conditions;|
|●||investors’ perception of us;|
|●||events beyond our control such as weather and war; and|
|●||any default on our indebtedness.|
These and other factors, many of which are beyond our control, may cause our operating results and the market price and demand for our shares to fluctuate substantially. Fluctuations in our quarterly operating results could limit or prevent investors from readily selling their shares and may otherwise negatively affect the market price and liquidity of our shares. In addition, in the past, when the market price of a stock has been volatile, holders of that stock have sometimes instituted securities class action litigation against the company that issued the stock. If any of our shareholders brought a lawsuit against us, we could incur substantial costs defending the lawsuit. Such a lawsuit could also divert the time and attention of our management from our business, which could significantly harm our profitability and reputation.
A significant portion of our total outstanding shares may be sold into the market in the near future. This could cause the market price of our common stock to drop significantly, even if our business is doing well.
Sales of a substantial number of shares of our common stock in the public market could occur at any time. These sales, or the perception in the market that the holders of a large number of shares intend to sell shares, could reduce the market price of our common stock. We have registered shares of common stock that we may issue under our equity compensation plans. Such shares can be freely sold in the public market upon issuance, subject to any applicable lock-up agreements. The market price of our stock could decline if the holders of a large portion of our shares of common stock sell them or are perceived by the market as intending to sell them.
Because we have no current plans to pay regular cash dividends on our common stock for the foreseeable future, you may not receive any return on investment unless you sell your common stock for a price greater than that which you paid for it.
We do not anticipate paying any regular cash dividends on our common stock for the foreseeable future. Any decision to declare and pay dividends in the future will be made at the discretion of our Board and will depend on, among other things, our results of operations, financial condition, cash requirements, contractual restrictions and other factors that our Board may deem relevant. In addition, our ability to pay dividends is, and may be,
limited by covenants of existing and any future outstanding indebtedness we or our subsidiaries incur, including under our 2019 Credit Facilities. Therefore, any return on investment in our common stock is solely dependent upon the appreciation of the price of our common stock on the open market, which may not occur.
If securities or industry analysts do not publish research or reports about our business, if they adversely change their recommendations regarding our shares or if our results of operations do not meet their expectations, our stock price and trading volume could decline.
The trading market for our shares is influenced by the research and reports that industry or securities analysts publish about us or our business. We do not have any control over these analysts. If one or more of these analysts cease coverage of us or fail to publish reports on us regularly, we could lose visibility in the financial markets, which in turn could cause our stock price or trading volume to decline. Moreover, if one or more of the analysts who cover us downgrade our stock, or if our results of operations do not meet their expectations, our stock price could decline.
We may issue shares of preferred stock in the future, which could make it difficult for another company to acquire us or could otherwise adversely affect holders of our common stock, which could depress the price of our common stock.
Our certificate of incorporation authorizes us to issue one or more series of preferred stock. Our Board has the authority to determine the preferences, limitations and relative rights of the shares of preferred stock and to fix the number of shares constituting any series and the designation of such series, without any further vote or action by our shareholders. Our preferred stock could be issued with voting, liquidation, dividend and other rights superior to the rights of our common stock. The potential issuance of preferred stock may delay or prevent a change in control of us, discouraging bids for our common stock at a premium to the market price, and materially adversely affect the market price and the voting and other rights of the holders of our common stock.
Item 1B. Unresolved Staff Comments
Item 2. Properties
Our corporate headquarters are in Denver, Colorado, where we lease 89,856 square feet of office space as of December 31, 2020. We also have domestic offices in Boston, Massachusetts, Austin, Texas and San Francisco, California and international offices in the United Kingdom, Canada, India, Israel and France.
We lease all of our facilities. We believe that our facilities are adequate for our current needs and anticipate that suitable additional space will be readily available to accommodate any foreseeable expansion of our operations.
Item 3. Legal Proceedings
From time to time, we are involved in various claims and legal actions that arise in the ordinary course of business. Although the results of litigation and claims cannot be predicted with certainty, we do not believe that the ultimate resolution of these actions will have a material adverse effect on our financial position, results of operations, liquidity and capital resources.
Future litigation may be necessary to defend ourselves and our partners by determining the scope, enforceability and validity of third-party proprietary rights or to establish our proprietary rights. The results of any current or future litigation cannot be predicted with certainty, and regardless of the outcome, litigation can have an adverse impact on us because of defense and settlement costs, diversion of management resources and other factors.
Item 5. Market for Registrant’s Common Equity, Related Stockholder Matters and Issuer Purchases of Equity Securities
Market Information for Our Common Stock
Our common stock, $0.001 par value per share, began trading on the NYSE under the symbol “PING” on September 18, 2019. Prior to that time, there was no public market for our common stock. Shares sold in our IPO were priced at $15.00 per share.
Holders of Record
As of February 17, 2021, there were 41,634 holders of record of our common stock. This figure does not include a greater number of beneficial holders of our common stock whose shares are held by banks, brokers and other financial institutions.
We have never declared or paid any cash dividends on our capital stock, and we do not currently intend to pay any cash dividends in the foreseeable future. We expect to retain future earnings, if any, to fund the development and growth of our business. Any decision to declare and pay dividends in the future will be made at the discretion of our Board and will depend on, among other things, our results of operations, financial condition, cash requirements, contractual restrictions and other factors that our Board may deem relevant. In addition, our ability to pay dividends is, and may be, limited by covenants of existing and any future outstanding indebtedness we or our subsidiaries incur, including under our 2019 Credit Facilities.
Securities Authorized for Issuance under Equity Compensation Plans
See Item 12, “Security Ownership of Certain Beneficial Owners and Management and Related Stockholder Matters.”
Stock Performance Graph
The following performance graph and related information shall not be deemed to be “filed” for purposes of Section 18 of the Securities Exchange Act of 1934, as amended, or otherwise subject to the liabilities of that section or Sections 11 and 12(a)(2) of the Securities Act of 1933, as amended, and shall not be incorporated by reference into any registration statement or other document filed by us with the SEC, whether made before or after the date of this Annual Report on Form 10-K, regardless of any general incorporation language in such filing, except as shall be expressly set forth by specific reference in such filing.
The following graph and related information shows a comparison of the cumulative total return for our common stock, Standard & Poor’s 500 Index (“S&P 500 Index”), Standard & Poor’s 500 Information Technology Index (“S&P 500 IT Index”) and the Russell 2000 Index between September 19, 2019 (the date our common stock commenced trading on the NYSE) through December 31, 2020. All values assume an initial investment of $100 and reinvestment of any dividends. The comparisons are based on historical data and are not indicative of, nor intended to forecast, the future performance of our common stock.
September 19, 2019
September 30, 2019
December 31, 2019
March 31, 2020
June 30, 2020
September 30, 2020
December 31, 2020
S&P 500 Index
S&P 500 Information Technology Index
Russell 2000 Index
Recent Sales of Unregistered Securities and Use of Proceeds
Unregistered Sales of Equity Securities
There were no unregistered sales of equity securities during the year ended December 31, 2020.
Issuer Purchases of Equity Securities
Item 6. Reserved
The Company has applied the amendment to Regulation S-K Item 301 which became effective on February 10, 2021.
Item 7. Management’s Discussion and Analysis of Financial Condition and Results of Operations
The following discussion and analysis summarizes the significant factors affecting the consolidated operating results, financial condition, liquidity and cash flows of our company as of and for the periods presented below. The following discussion and analysis should be read in conjunction with our consolidated financial statements and the related notes thereto included elsewhere in this Annual Report on Form 10-K. The discussion contains forward-looking statements that are based on the beliefs of management, as well as assumptions made by, and information currently available to, our management. Actual results could differ materially from those discussed in or implied by forward-looking statements as a result of various factors, including those discussed below and elsewhere in this Annual Report on Form 10-K, particularly in the sections entitled “Risk Factors” and “Forward-Looking Statements.” We have omitted the financial results for the fiscal year ended December 31, 2018 where it would be redundant to the discussion previously included in Part II, Item 7 of our 2019 Annual Report on Form 10-K filed with the SEC on March 4, 2020.
Ping Identity is the Intelligent Identity solution for the enterprise. We enable companies to achieve Zero Trust identity-defined security and more personalized, streamlined user experiences. The Ping Intelligent Identity Platform provides customers, workforce and partners with secure, convenient access to their applications whether they are SaaS, mobile, in the cloud or on-premise. We leverage AI and ML to analyze device, network, application and user behavior data to make real-time authentication and security control decisions, enhancing the user experience. Our platform is designed to detect anomalies and automatically insert additional security measures, such as multi-factor authentication, only when necessary. We built our platform to meet the requirements of the most demanding enterprises, including over 60% of the Fortune 100. Our cloud-based platform has differentiated deployment flexibility to support multi-cloud and on-premise infrastructures to meet the diverse and demanding requirements of large enterprise customers. Our platform offers a comprehensive suite of turnkey integrations, and is able to scale to millions of identities and thousands of cloud and on-premise applications in a single deployment.
The Ping Intelligent Identity Platform can secure all primary identity use cases, including customer, workforce, partner and IoT. For example, enterprises can use our platform to enhance their customers’ user experience by creating a single ID and login across web and mobile properties. For the year ended December 31, 2020, 45% of our subscription revenue was derived from the customer use case. Enterprises can also use our platform to provide their workforce and commercial partners with secure, seamless access from any device to the applications, data and APIs they need to be productive.
The Ping Intelligent Identity Platform is comprised of multiple solutions that can be purchased individually or integrated as a more complete set of solutions for the customer, workforce, partner or IoT use case: SSO, MFA, Access Security, Directory, Dynamic Authorization, Risk Management, Identity Verification and API Intelligence.
Our offerings are predominately priced based on the solution, use case and number of identities. We sell our platform through subscription-based contracts, and substantially all of our customers pay annually in advance. We sell our solutions primarily through direct sales, which are enhanced by collaboration with our channel partners, resellers, system integrators and technology partners. This includes sourcing new leads, aiding in pre-sale processes (such as proof of concepts, demos or requests for proposals) and reselling our solutions to customers. We also leverage a number of our channel partners and system integrators to provide the implementation services for some of our larger and more complex deployments, significantly increasing the time-to-value for our customers and maximizing the efficiency of our go-to-market efforts.
Impact of COVID-19
Though the impact of rapidly changing market and economic conditions due to COVID-19 is uncertain, it continues to disrupt the business of our customers and partners and will continue to impact our business and consolidated results of operations and financial condition in the future. The worldwide spread of the COVID-19 outbreak is resulting in a global slowdown of economic activity with a corresponding decrease in demand for
certain goods and services, including possibly from our own customers, while also disrupting sales channels, marketing activities and supply chains for an unknown period of time. To add to the uncertainty, it is unclear when an economic recovery could start and what a recovery will look like after this unprecedented economic shutdown. We have endeavored to follow recommended actions of government and health authorities to protect our employees worldwide. For example, as of January 31, 2021, the majority of our employees are working remotely. While we have not incurred significant disruptions thus far from the COVID-19 pandemic, we are unable to accurately predict the extent of the impact on our business due to numerous uncertainties, including but not limited to, the severity of the disease, the duration of the outbreak, actions taken by governmental authorities, the impact to our customers and partners and other factors as described in Part I, Item 1A of this Annual Report on Form 10-K. Specifically, during the year ended December 31, 2020, we experienced overall strong engagement with enterprise customers as work-from-home and increased virtual customer engagement highlighted the need for modernization of their identity security infrastructure. However, given the economic uncertainty driven by the COVID-19 pandemic, certain of these enterprise customers elected to phase-in their purchases of our solutions, resulting in smaller deal sizes and a reduction in our dollar-based net retention rate for the year ended December 31, 2020 as compared to the year ended December 31, 2019.
While we continued to see the effects of the COVID-19 pandemic on our results of operations and overall financial performance for the year ended December 31, 2020, the total effect of the COVID-19 pandemic will not be fully reflected in our results of operations and overall financial performance until future periods and such effect is uncertain. In addition, our consolidated financial statements reflect estimates and assumptions made by management that affect the reported amounts of assets and liabilities, disclosures of contingent assets and liabilities at the date of the consolidated financial statements and the reported amounts of revenues and expenses during the reporting period. Significant estimates and assumptions reflected in our consolidated financial statements include, but are not limited to, establishing valuation allowances based on expected credit losses and the collectability of financial assets, determining useful lives for finite-lived assets, assessing the recoverability of long-lived assets, determining the fair values of assets acquired and liabilities assumed in business combinations, determining the value of right-of-use assets and lease liabilities, accounting for income taxes and related valuation allowances against deferred tax assets, valuing stock option awards and assessing the probability of the awards meeting vesting conditions, recognizing revenue, determining the amortization period for deferred commissions and assessing the accounting treatment for commitments and contingencies. Management evaluates these estimates and assumptions on an ongoing basis and makes estimates based on historical experience and various other assumptions that are believed to be reasonable. Actual results may differ from these estimates, including as a result of the COVID-19 outbreak. We will continue to evaluate the nature and extent of the impact to our business and our consolidated results of operations and financial condition.
Key Factors Affecting Our Performance
We believe that our future performance will depend on many factors, including the following:
Generate Additional Sales to Existing Customers
As part of our land and expand strategy, a customer journey often begins with the purchase of one of our solutions for one use case. Once customers realize the value of that solution, their spend with us expands by (i) adopting another identity use case, (ii) deploying additional solutions and solution packages and/or (iii) adding more identities over time.
Our future revenue growth is dependent upon our ability to continue to expand our customers’ use of our platform. Our ability to increase sales to existing customers will depend on a number of factors, including satisfaction or dissatisfaction with our solutions, competition, pricing, economic conditions and spending by customers on our solutions. We have adopted a customer success strategy and implemented processes across our customer base to drive revenue retention and expansion.
Increase the Size of our Customer Base
We believe there is significant opportunity to increase market adoption of our platform by new customers. Our SSO, Access Security and Directory solutions often replace legacy and homegrown systems. We also have significant greenfield opportunities with our MFA, Dynamic Authorization, API Intelligence solutions and the IoT use case. To increase our customer base, we plan to expand our sales force and channel partner network, both domestically and internationally, enhance our marketing efforts and target new buyers. For example, we have extended our cloud-based offering to target developers, who represent a new potential buyer for us. Over time, we believe sales to developers could increase the size of our customer base.
Maintain our Technology Differentiation and Product Leadership
The Ping Intelligent Identity Platform is designed for large enterprises with complex, hybrid IT requirements. We have spent over a decade building a standards-based platform with turnkey integrations designed to ensure that large enterprises can easily and rapidly deploy our platform within their complex infrastructures. We intend to continue making investments in research and development to extend our platform and technology capabilities while also expanding our solutions to address new use cases.
Invest for Growth
We believe IAM represents a large market opportunity, and we plan to invest in order to support further growth. During 2018, we accelerated investments in our business to expand our footprint within this large and growing market. Specifically, we invested in new cloud-based offerings to broaden the Ping Intelligent Identity Platform and the scope of our solutions to cover new identity security threats, such as APIs. We also invested in deploying our platform as a single tenant cloud-based offering, managed by us, to help extend the reach of our solutions within our customers’ infrastructures, while providing them with the level of control and configuration they require. We have seen progress with these investments and expect to continue to invest in these areas. Additionally, we plan to invest in increased marketing efforts, expanding our sales force, and growing our network of channel partners, resellers, system integrators and technology partners. However, we are not expecting these investments to provide our business with meaningful increases to ARR growth in the immediate term as we expect natural purchasing cycles will affect the speed of market adoption.
Additionally, we have a large and growing international presence and intend to grow our customer base in various international regions by making investments in our sales team globally. For the year ended December 31, 2020, our international revenue was 26% of our total revenue. We expect international sales to be a meaningful revenue contributor in future periods.
Given the purchasing patterns of our enterprise customers, we typically experience seasonality in terms of when we receive orders from our customers. Our customers often time their purchases and renewals of our solutions to coincide with their fiscal year end, which is typically June 30 or December 31. Because of these purchasing patterns, a greater percentage of our annual subscription revenue from term-based licenses, the revenue from which is recognized up front at the later of delivery or commencement of the license term, has come from our second and fourth quarters than from other quarters. For the year ended December 31, 2019, 26% and 28% of our annual revenue was in our second and fourth quarter, respectively. However, due to the economic environment resulting from COVID-19, we did not see our historical trends in seasonality continue for the year ended December 31, 2020, where 24% and 26% of our annual revenue was in our second and fourth quarter, respectively.
Key Business Metrics
In addition to our GAAP financial information, we review a number of operating and financial metrics, including the following key metrics, to evaluate our business, measure our performance, identify trends affecting our business, formulate business plans and make strategic decisions.
Annual Recurring Revenue
ARR represents the annualized value of all subscription contracts as of the end of the period. ARR mitigates fluctuations due to seasonality, contract term and the sales mix of subscriptions for term-based licenses and SaaS. ARR only includes the annualized value of subscription contracts. ARR does not have any standardized meaning and is therefore unlikely to be comparable to similarly titled measures presented by other companies. ARR should be viewed independently of revenue and deferred revenue and is not intended to be combined with or to replace either of those items. ARR is not a forecast and the active contracts at the end of a reporting period used in calculating ARR may or may not be extended or renewed by our customers.
The table below sets forth our ARR as of the end of December 31, 2020 and 2019.
(dollars in thousands)
Dollar-Based Net Retention Rate
To further illustrate the land and expand economics of our customer relationships, we examine the rate at which our customers increase their subscriptions for our solutions. Our dollar-based net retention rate measures our ability to increase revenue across our existing customer base through expanded use of our platform, offset by customers whose subscription contracts with us are not renewed or renew at a lower amount.
We calculate our dollar-based net retention rate as of the end of a reporting period as follows:
|●||Denominator. We measure ARR as of the last day of the prior reporting period.|
|●||Numerator. We measure ARR as of the last day of the current reporting period from customers with associated ARR as of the last day of the prior reporting period.|
The quotient obtained from this calculation is our dollar-based net retention rate. Our dollar-based net retention rates were 108% and 115% at December 31, 2020 and 2019, respectively. We believe our ability to cross-sell our new solutions to our installed base, particularly MFA and API Intelligence, will continue to support our high dollar-based net retention rate.
We believe that our ability to increase the number of customers on our platform, particularly the number of customers with greater than ARR of $1,000,000 and ARR of $250,000, demonstrates our focus on the large enterprise market and our penetration within those enterprises. Increasing awareness of our platform, further developing our sales and marketing expertise and channel partner ecosystem, and continuing to build solutions that address the unique identity needs of large enterprises have increased our number of large customers across industries. We believe there are significant upsell and cross-sell opportunities within our customer base by expanding the number of use cases, adding additional identities and selling new solutions.
At December 31, 2020, we had 51 customers with greater than $1,000,000 in ARR, an increase of 34% from 38 customers at December 31, 2019. Additionally, our customers with ARR over $250,000 increased from 232 at December 31, 2019 to 260 at December 31, 2020, representing a growth rate of 12%.
Non-GAAP Financial Measures
In addition to our results determined in accordance with GAAP, we believe the following non-GAAP measures are useful in evaluating our operating performance. We believe that non-GAAP financial information, when taken collectively, may be helpful to investors because it provides consistency and comparability with past financial performance and assists in comparisons with other companies, some of which use similar non-GAAP
financial information to supplement their GAAP results. The non-GAAP financial information is presented for supplemental informational purposes only, and should not be considered a substitute for financial information presented in accordance with GAAP, and may be different from similarly-titled non-GAAP measures used by other companies. A reconciliation is provided below for each non-GAAP financial measure to the most directly comparable financial measure stated in accordance with GAAP. Investors are encouraged to review the related GAAP financial measures and the reconciliation of these non-GAAP financial measures to their most directly comparable GAAP financial measures.
Free Cash Flow
Free Cash Flow is a supplemental measure of liquidity that is not made under GAAP and that does not represent, and should not be considered as, an alternative to cash flow from operations, as determined by GAAP. We define Free Cash Flow as net cash provided by (used in) operating activities less cash used for purchases of property and equipment and capitalized software development costs.
We use Free Cash Flow as one measure of the liquidity of our business. We believe that Free Cash Flow is a useful indicator of liquidity that provides information to management and investors about the amount of cash generated from our core operations that, after the purchases of property and equipment and capitalized software development costs, can be used for strategic initiatives, including investing in our business and selectively pursuing acquisitions and strategic investments. We further believe that historical and future trends in Free Cash Flow, even if negative, provide useful information about the amount of cash generated (or consumed) by our operating activities that is available (or is not available) to be used for strategic initiatives. For example, if Free Cash Flow is negative, we may need to access cash reserves or other sources of capital to invest in strategic initiatives. We also believe that the use of Free Cash Flow enables us to more effectively evaluate our liquidity period-over-period and relative to our competitors.
A reconciliation of Free Cash Flow to net cash provided by operating activities, the most directly comparable GAAP measure, is as follows:
Year Ended December 31,
Net cash provided by operating activities
Purchases of property and equipment
Capitalized software development costs
Free Cash Flow
Net cash used in investing activities
Net cash provided by (used in) financing activities
Cash paid for interest
Free Cash Flow has limitations as an analytical tool, and you should not consider it in isolation, or as a substitute for analysis of our results as reported under GAAP. For example, Free Cash Flow does not represent the total increase or decrease in our cash balance for a given period. Because of these limitations, Free Cash Flow should not be considered as a replacement for cash flow from operations, as determined by GAAP, or as a measure of our profitability. We compensate for these limitations by relying primarily on our GAAP results and using non-GAAP measures only for supplemental purposes.
Non-GAAP Gross Profit
Non-GAAP Gross Profit is a supplemental measure of operating performance that is not made under GAAP and that does not represent, and should not be considered as, an alternative to gross profit, as determined by GAAP. We define Non-GAAP Gross Profit as gross profit, adjusted for stock-based compensation expense and certain amortization expense of acquired intangible assets and software developed for internal use.
We use Non-GAAP Gross Profit to understand and evaluate our core operating performance and trends, to prepare and approve our annual budget, and to develop short-term and long-term operating plans. We believe that Non-GAAP Gross Profit is a useful measure to us and to our investors because it provides consistency and comparability with our past financial performance and between fiscal periods, as the metric generally eliminates the effects of the variability of amortization of acquired intangibles and internal-use software and stock-based compensation expense from period to period, which may fluctuate for reasons unrelated to overall operating performance. We believe that the use of this measure enables us to more effectively evaluate our performance period-over-period and relative to our competitors.
A reconciliation of Non-GAAP Gross Profit to gross profit, the most directly comparable GAAP measure, is as follows:
Year Ended December 31,
Stock-based compensation expense
Non-GAAP Gross Profit
Non-GAAP Gross Profit has limitations as an analytical tool, and you should not consider it in isolation, or as a substitute for analysis of our results as reported under GAAP. Because of these limitations, Non-GAAP Gross Profit should not be considered as a replacement for gross profit, as determined by GAAP, or as a measure of our profitability. We compensate for these limitations by relying primarily on our GAAP results and using non-GAAP measures only for supplemental purposes.
Components of Results of Operations
We recognize revenue under ASC 606 when our customer obtains control of goods or services in an amount that reflects the consideration that we expect to receive in exchange for those goods or services.
We derive revenue primarily from sales of subscriptions for our solutions to new and existing customers and, to a lesser extent, sales of professional services.
Subscription. Subscription revenue includes subscription term-based license revenue for solutions deployed on-premise within the customer’s IT infrastructure or in a third-party cloud of their choice, subscription support and maintenance revenue from such deployments, and SaaS subscriptions, which give customers the right to access our SaaS-based solutions. We typically invoice subscription fees annually in advance. Subscription term-based license revenue is recognized upon transfer of control of the software, which occurs at delivery or when the license term commences, if later. All of our support and maintenance revenue and revenue from SaaS subscriptions is recognized ratably over the term of the applicable agreement.
For the years ended December 31, 2020 and 2019, 59% and 66%, respectively, of our revenue was from subscription term-based licenses. We expect that a majority of our revenue will be from subscription term-based licenses for the foreseeable future. Changes in period-over-period subscription revenue growth are primarily impacted by the following factors:
|●||the type of new and renewed subscriptions (i.e., term-based or SaaS); and|
|●||the duration of new and renewed term-based subscriptions.|
While the number of new and increased subscriptions during a period impacts our subscription revenue growth, the type and duration of those subscriptions has a significantly greater impact on the amount and timing of
revenue recognized in a period. Subscription revenue from term-based licenses is recognized at the beginning of the subscription term, while subscription revenue from SaaS and support and maintenance is recognized ratably over the subscription term. As a result, our revenue may fluctuate due to the timing of term-based licensing transactions. In addition, keeping other factors constant, when the percentage of subscription term-based licenses to total subscriptions sold or renewed in a period increases relative to the prior period, revenue growth will increase. Conversely, when the percentage of subscription SaaS and support and maintenance to total subscriptions sold or renewed in a period increases, revenue growth will generally decrease. Additionally, a multi-year subscription term-based license will generally result in greater revenue recognition up front relative to a one-year subscription term-based license. Therefore, keeping other factors constant, revenue growth will also trend higher in a period where the percentage of multi-year subscription term-based licenses to total subscription term-based licenses increases.
Professional Services and Other. Professional services and other revenue consists primarily of fees from professional services provided to our customers and partners to configure and optimize the use of our solutions, as well as training services related to the configuration and operation of our solutions. Our professional services are generally priced on a time and materials basis, which is generally invoiced monthly and for which revenue is recognized as the services are performed. Revenue from our training services and sponsorship fees is recognized on the date the services are complete. Over time, we expect our professional services revenue to remain relatively stable as a percentage of total revenue.
Cost of Revenue
Subscription. Subscription cost of revenue consists primarily of employee compensation costs for employees associated with supporting our subscription arrangements and certain third-party expenses. Employee compensation and related costs include cash compensation and benefits to employees, stock-based compensation, costs of third-party contractors and associated overhead costs. Third-party expenses consist of cloud infrastructure costs and other expenses directly associated with our customer support. We expect our subscription cost of revenue to increase in absolute dollars to the extent our subscription revenue increases.
Professional Services and Other. Professional services and other cost of revenue consists primarily of employee compensation costs directly associated with delivery of professional services and training, including stock-based compensation, costs of third-party contractors, and facility rental charges and other associated overhead costs. We expect our professional services and other cost of revenue to increase in absolute dollars relative to the growth of our business.
Amortization Expense. Amortization expense consists of amortization of developed technology and internal-use software.
Long-Term Incentive Plan. If the long-term incentive plan (“LTIP”) awards are considered probable of meeting vesting requirements in the three months ending March 31, 2021, it may result in incremental compensation expense between $1.3 million to $1.8 million being recognized in the three months ending March 31, 2021, and between $0.4 million to $0.8 million being recognized ratably over the remaining estimated vesting period.
Our operating expenses consist of sales and marketing, research and development and general and administrative expenses as well as depreciation and amortization. Personnel costs are the most significant component of operating expenses and consist of salaries, benefits, bonuses, payroll taxes and stock-based compensation expense.
Sales and Marketing. Sales and marketing expenses consist primarily of employee compensation costs, sales commissions, costs of general marketing and promotional activities, travel-related expenses and allocated overhead. Certain sales commissions earned by our sales force on subscription contracts are deferred and amortized over the period of benefit, which is generally four years. We expect to continue to invest in our sales force domestically and internationally, as well as in our channel relationships. We expect our sales and
marketing expenses to increase on an absolute dollar basis and continue to be our largest operating expense category for the foreseeable future.
Research and Development. Research and development expenses consist primarily of employee compensation costs, allocated overhead and software and maintenance expenses. We will continue to invest in innovation and offer our customers new solutions to enhance our existing platform and expect such investment to increase on an absolute dollar basis as our business grows.
General and Administrative. General and administrative expenses consist primarily of employee compensation costs for corporate personnel, such as those in our executive, human resource, legal, facilities, accounting and finance, information security and information technology departments. In addition, general and administrative expenses include third-party professional fees, as well as all other supporting corporate expenses not allocated to other departments. General and administrative expense also includes acquisition-related expenses, which primarily consist of third-party expenses related to business acquisitions, such as professional services and legal fees.
We expect our general and administrative expenses to increase on an absolute dollar basis as our business grows. Also, we expect to incur additional general and administrative expenses as a result of continuing to operate as a public company, including costs related to maintaining the effectiveness of our internal control over financial reporting, including accounting-related costs and significant management oversight, costs to comply with the rules and regulations applicable to companies listed on a national securities exchange, costs related to compliance and reporting obligations pursuant to the rules and regulations of the SEC, and increased expenses for insurance, investor relations and professional services.
Depreciation and Amortization. Depreciation and amortization expense consists primarily of depreciation of our fixed assets and amortization of finite-lived acquired intangible assets such as customer relationships, trade names and non-compete agreements.
Long-Term Incentive Plan and Stock Option Awards. If the stock option awards subject to performance and market conditions are considered probable of meeting vesting requirements in the three months ending March 31, 2021, it may result in incremental stock-based compensation expense of approximately $6.3 million being recognized in the three months ending March 31, 2021, and approximately $1.3 million being recognized ratably over the remaining estimated vesting period. Additionally, if the LTIP awards are considered probable of meeting vesting requirements in the three months ending March 31, 2021, it may result in incremental compensation expense between $16.3 million to $17.3 million being recognized in the three months ending March 31, 2021, and between $5.3 million to $6.3 million being recognized ratably over the remaining estimated vesting period.
Other Income (Expense)
Interest Expense. Interest expense consists primarily of interest payments on our outstanding borrowings under our credit facilities as well as the amortization of associated deferred financing costs. See “— Liquidity and Capital Resources — Senior Secured Credit Facilities.”
Other Income (Expense), Net. Other income (expense), net primarily consists of gains and losses from transactions denominated in a currency other than the functional currency, interest income and other income (expense). As we have expanded our international operations, our exposure to fluctuations in foreign currencies has increased, and we expect this to continue.
Benefit (Provision) for Income Taxes
Benefit (provision) for income taxes consists primarily of income taxes related to U.S. federal and state income taxes and income taxes in foreign jurisdictions in which we conduct business.
Results of Operations
The following table sets forth our consolidated statements of operations data for the periods indicated:
Year Ended December 31,
Professional services and other
Cost of revenue:
Subscription (exclusive of amortization shown below)(1)
Professional services and other (exclusive of amortization shown below)(1)
Total cost of revenue
Sales and marketing(1)
Research and development(1)
General and administrative(1)
Depreciation and amortization
Total operating expenses
Income (loss) from operations
Other income (expense):
Loss on extinguishment of debt
Other income (expense), net
Total other income (expense)
Loss before income taxes
Benefit (provision) for income taxes
Includes stock-based compensation as follows:
Year Ended December 31,
Subscription cost of revenue
Professional services and other cost of revenue
Sales and marketing
Research and development
General and administrative
The following table sets forth our consolidated statements of operations data expressed as a percentage of total revenue for the periods indicated:
Year Ended December 31,
Professional services and other
Cost of revenue:
Subscription (exclusive of amortization shown below)
Professional services and other (exclusive of amortization shown below)