Company Quick10K Filing
Tufin Software
20-F 2019-12-31 Filed 2020-03-18

TUFN 20F Annual Report

Item 1. Identity of Directors, Senior Management and Advisers
Item 2. Offer Statistics and Expected Timetable
Item 3. Key Information
Item 4. Information on The Company
Item 4A. Unresolved Staff Comments
Item 5. Operating and Financial Review and Prospects
Item 7. Major Shareholders and Related Party Transactions
Note 1: General
Note 2: Significant Accounting Policies
Note 3: Fair Value Measurement
Note 4: Cash, Cash Equivalents and Restricted Cash
Note 5: Property and Equipment, Net
Note 6: Leases
Note 7: Deferred Revenues and Deferred Costs
Note 8: Hedging Activities
Note 9: Shareholders' Equity and Redeemable Convertible Preferred Shares
Note 10: Share-Based Compensation
Note 11: Income Taxes
Note 12: Financial Income (Loss), Net
Note 13: Entity Wide Disclosures
Note 14: Subsequent Events
Item 19. Exhibits
EX-2.5 exhibit_2-5.htm
EX-8.1 exhibit_8-1.htm
EX-12.1 exhibit_12-1.htm
EX-12.2 exhibit_12-2.htm
EX-13.1 exhibit_13-1.htm
EX-13.2 exhibit_13-2.htm
EX-15.1 exhibit_15-1.htm

Tufin Software Earnings 2019-12-31

Balance SheetIncome StatementCash Flow

20-F 1 zk2024159.htm 20-F



 

UNITED STATES

SECURITIES AND EXCHANGE COMMISSION

WASHINGTON, D.C. 20549

 

FORM 20-F

 

REGISTRATION STATEMENT PURSUANT TO SECTION 12(b) OR (g) OF THE SECURITIES EXCHANGE ACT OF 1934

 

OR

 

ANNUAL REPORT PURSUANT TO SECTION 13 OR 15(d) OF THE SECURITIES EXCHANGE ACT OF 1934

 

For the fiscal year ended December 31, 2019

 

OR

 

TRANSITION REPORT PURSUANT TO SECTION 13 OR 15(d) OF THE SECURITIES EXCHANGE ACT OF 1934

 

OR

 

SHELL COMPANY REPORT PURSUANT TO SECTION 13 OR 15(d) OF THE SECURITIES EXCHANGE ACT OF 1934

 

Date of event requiring this shell company report __________

For the transition period from __________ to __________.

 

Commission file number 001-38866

 

image


TUFIN SOFTWARE TECHNOLOGIES LTD.

(Exact name of Registrant as specified in its charter)

 

ISRAEL

(Jurisdiction of incorporation or organization)

 

5 HaShalom Road, ToHa Tower

Tel Aviv 6789205, Israel

(Address of principal executive offices)

 

Yuval Fessler
General Counsel

Telephone: +972 (3) 612-8118

Tufin Software Technologies Ltd.

5 HaShalom Road, ToHa Tower

Tel Aviv 6789205, Israel

(Name, telephone, e-mail and/or facsimile number and address of company contact person)

 

Securities registered or to be registered pursuant to Section 12(b) of the Act: 

 

 

 

Title of each class

Trading Symbol(s)

Name of each exchange on which registered

Ordinary shares, par value NIS 0.015 per share

TUFN

New York Stock Exchange

 

Securities registered or to be registered pursuant to Section 12(g) of the Act: None.

 

Securities for which there is a reporting obligation pursuant to Section 15(d) of the Act: None.

 

Indicate the number of outstanding shares of each of the issuer’s classes of capital or common stock as of the close of the period covered by the annual report: As of December 31, 2019, the registrant had outstanding 35,230,253 ordinary shares, par value NIS 0.015 per share.

 

Indicate by check mark if the registrant is a well-known seasoned issuer, as defined in Rule 405 of the Securities Act.     

 

Yes  ☐ No  ☒


If this report is an annual or transition report, indicate by check mark if the registrant is not required to file reports pursuant to Section 13 or 15(d) of the Securities Exchange Act of 1934.    

 

Yes  ☐ No  ☒

 

Indicate by check mark whether the registrant (1) has filed all reports required to be filed by Section 13 or 15(d) of the Securities Exchange Act of 1934 during the preceding 12 months (or for such shorter period that the registrant was required to file such reports), and (2) has been subject to such filing requirements for the past 90 days.    

 

Yes  ☒ No  ☐

 

Indicate by check mark whether the registrant has submitted electronically and posted on its corporate website, if any, every Interactive Data File required to be submitted and posted pursuant to Rule 405 of Regulation S-T (§229.405 of this chapter) during the preceding 12 months (or for such shorter period that the registrant was required to submit and post such files).    

 

Yes  ☒ No  ☐

 

Indicate by check mark whether the registrant is a large accelerated filer, an accelerated file, a non-accelerated filer, or an emerging growth company. See definition of “large accelerated filer,” “ accelerated filer,” and “emerging growth company” in Rule 12b-2 of the Exchange Act:

 

Large accelerated filer ☐        Accelerated filer  ☐    Non-accelerated filer ☒          Emerging growth company

 

If an emerging growth company that prepares its financial statements in accordance with U.S. GAAP, indicate by check mark if the registrant has elected not to use the extended transition period for complying with any new or revised financial accounting standards provided pursuant to Section 13(a) of the Exchange Act. ☒

 

Indicate by check mark which basis for accounting the registrant has used to prepare the financing statements included in this filing:

 

U.S. GAAP  ☒

    

International Financial Reporting Standards as issued by the International Accounting Standards Board  ☐

 

 Other  ☐

 

If “Other” has been checked in response to the previous question, indicate by check mark which financial statement item the registrant has elected to follow.    

 

☐  Item 17     ☐  Item 18

 

If this is an annual report, indicate by check mark whether the registrant is a shell company (as defined in Rule 12b-2 of the Exchange Act).    

 

Yes  ☐     No  ☒

 

 

 

TABLE OF CONTENTS

 

  Page

Introduction

1

Special Note Regarding Forward-Looking Statements

1

PART I
   

Item 1.

Identity of Directors, Senior Management and Advisers

3

Item 2.

Offer Statistics and Expected Timetable

3

Item 3.

Key Information

3

Item 4.

Information on the Company

50

Item 4A.

Unresolved Staff Comments

65

Item 5.

Operating and Financial Review and Prospects

65

Item 6.

Directors, Senior Management and Employees

86

Item 7.

Major Shareholders and Related Party Transactions

126

Item 8.

Financial Information

133

Item 9.

The Offer and Listing

134

Item 10.

Additional Information

134

Item 11.

Quantitative and Qualitative Disclosures About Market Risk

156

Item 12.

Description of Securities Other Than Equity Securities

157

     
PART II
     

Item 13.

Defaults, Dividend Arrearages and Delinquencies

158

Item 14.

Material Modifications to the Rights of Security Holders and Use of Proceeds

158

Item 15.

Controls and Procedures

159

Item 16.

[Reserved]

159

Item 16A.

Audit Committee Financial Expert

160

Item 16B.

Code of Ethics

160

Item 16C.

Principal Accountant Fees and Services

160

Item 16D.

Exemptions from the Listing Standards for Audit Committees

161

Item 16E.

Purchases of Equity Securities by the Issuer and Affiliated Purchasers

161

Item 16F.

Change in Registrant’s Certifying Accountant

161

Item 16G.

Corporate Governance

161

Item 16H.

Mine Safety Disclosure

161

     
PART III
     

Item 17.

Financial Statements

161

Item 18.

Financial Statements

161

Item 19.

Exhibits

162

 

 

 

 

INTRODUCTION

 

In this annual report, the terms “Tufin,” “we,” “us,” “our” and “the company” refer to Tufin Software Technologies Ltd. and its subsidiaries.

 

Throughout this annual report, we refer to various trademarks, service marks and trade names that we use in our business. The “Tufin” design logo is the property of Tufin Software Technologies Ltd. Tufin® is our registered trademark in the United States. We have several other trademarks, service marks and pending applications relating to our products. In particular, although we have omitted the “®” and “™” trademark designations in this annual report from each reference to Unified Security Policy, Tufin Orchestration Suite, SecureChange, SecureTrack, SecureApp and Tufin SecureCloud, all rights to such trademarks are nevertheless reserved. Other trademarks and service marks appearing in this annual report are the property of their respective holders.

 

References in this annual report to the Global 2000 are to the world’s 2,000 largest public companies as published by Forbes Media LLC according to its Forbes Global 2000: The World's Largest Public Companies, June 2018.
 

SPECIAL NOTE REGARDING FORWARD-LOOKING STATEMENTS

 

We make forward-looking statements in this annual report that are subject to risks and uncertainties. The Private Securities Litigation Reform Act of 1995 provides safe harbor protections for forward-looking statements in order to encourage companies to provide prospective information about their business. These forward-looking statements include information about possible or assumed future results of our business, financial condition, results of operations, liquidity, plans and objectives. In some cases, you can identify forward-looking statements by terminology such as “believe,” “may,” “estimate,” “continue,” “anticipate,” “intend,” “should,” “plan,” “expect,” “predict,” “potential,” or the negative of these terms or other similar expressions. The statements we make regarding the following matters are forward-looking by their nature:

 

our expectation that policy-centric, automated solutions will garner a growing share of enterprise security spend;

 

our expectations for growth in certain key verticals and geographic regions and our intention to expand international operations;

 

our plans to invest in and grow our sales force and marketing team and develop our sales platform;

 

our plans to deploy additional cloud-based subscription products over time, to enable more customers to consume our products beyond our existing on-premise solutions;

 

our expectations regarding customer relationships developed by our hybrid sales model;

 

1 

 

our expectations regarding maintaining a high level of customer retention to achieve favorable return on investments;

 

our expectations regarding growth in the market for enterprise security and network management products;

 

our plans to continue investing in and growing our research and development capabilities;

 

our expectations regarding sales of our new product, SecureCloud;

 

our intention to invest further in the Tufin Orchestration Suite to extend its functionality and features;

 

our expectations regarding seasonality;

 

our expectations regarding sales driven by channel partners and our technology alliance partners through joint selling efforts and go-to-market strategies;

 

our expectations regarding general political and economic conditions, including due to the impact of coronavirus;

 

our expectations regarding the outcome of a securities class action lawsuit relating to our initial public offering; and

 

our expectations regarding our tax classifications.

 

The preceding list is not intended to be an exhaustive list of all of our forward-looking statements. The forward-looking statements are based on our beliefs, assumptions and expectations of future performance, taking into account the information currently available to us. These statements are only predictions based upon our current expectations and projections about future events. There are important factors that could cause our actual results, levels of activity, performance or achievements to differ materially from the results, levels of activity, performance or achievements expressed or implied by the forward-looking statements. In particular, you should consider the risks provided under “Risk Factors” in this annual report.

 

You should not rely upon forward-looking statements as predictions of future events. Although we believe that the expectations reflected in the forward-looking statements are reasonable, we cannot guarantee that future results, levels of activity, performance and events and circumstances reflected in the forward-looking statements will be achieved or will occur. Except as required by law, we undertake no obligation to update publicly any forward-looking statements for any reason after the date of this annual report, to conform these statements to actual results or to changes in our expectations.

 

2 

 

PART I

 

ITEM 1.

IDENTITY OF DIRECTORS, SENIOR MANAGEMENT AND ADVISERS

 

Not applicable.

 

ITEM 2.

OFFER STATISTICS AND EXPECTED TIMETABLE

 

Not applicable.

 

ITEM 3.

KEY INFORMATION

 

 

A.

Selected Financial Data

 

The following tables set forth our selected consolidated financial data. You should read the following selected consolidated financial data in conjunction with “Item 5. Operating and Financial Review and Prospects” and our consolidated financial statements and related notes included elsewhere in this annual report. Historical results are not necessarily indicative of the results that may be expected in the future. Our financial statements have been prepared in accordance with U.S. Generally Accepted Accounting Principles, or U.S. GAAP.

 

The selected consolidated statements of operations data for each of the years in the three-year period ended December 31, 2019 and the consolidated balance sheet data as of December 31, 2018 and 2019 are derived from our audited consolidated financial statements appearing elsewhere in this annual report. The below selected consolidated balance sheet data as of December 31, 2017, has been derived from our previously reported audited consolidated financial statements, which are not included in this annual report.

 

3 

 

 

 

Year ended December 31,

 

 

 

2017

   

2018

   

2019

 

 

 

(in thousands except share and per share data)

 

Consolidated Statements of Operations:

                 

Revenues:

                 

Product

 

$

30,855

   

$

42,554

   

$

47,365

 

Maintenance and professional services

   

33,685

     

42,427

     

55,905

 

Total revenues

   

64,540

     

84,981

     

103,270

 

Cost of revenues:

                       

Product

   

1,702

     

2,324

     

2,716

 

Maintenance and professional services

   

7,778

     

11,112

     

17,141

 

Total cost of revenues(1)

   

9,480

     

13,436

     

19,857

 

Gross profit

   

55,060

     

71,545

     

83,413

 

Operating expenses:

                       

Research and development(1)

   

17,672

     

21,363

     

31,571

 

Sales and marketing(1)

   

35,042

     

46,092

     

63,981

 

General and administrative(1)

   

4,608

     

6,022

     

14,884

 

Total operating expenses

   

57,322

     

73,477

     

110,436

 

Operating loss

 

$

(2,262

)

 

$

(1,932

)

 

$

(27,023

)

Financial income (loss), net

   

267

     

(1,047

)

   

(85

)

Loss before taxes on income

 

$

(1,995

)

 

$

(2,979

)

 

$

(27,108

)

Taxes on income

   

(797

)

   

(1,283

)

   

(1,011

)

Net loss

   

(2,792

)

   

(4,262

)

   

(28,119

)

Basic and diluted net loss per ordinary share(2)

 

$

(0.35

)

 

$

(0.53

)

 

$

(1.04

)

Weighted average number of ordinary shares used in computing basic and diluted net loss per ordinary share(2)

   

7,872,545

     

8,045,647

     

27,088,274

 

 

4 

 

 

 

December 31,

 

 

 

2017

   

2018

   

2019

 

 

 

(in thousands)

 

Consolidated Balance Sheet Data(3):

                 

Cash and cash equivalents

 

$

14,700

   

$

15,248

   

$

118,661

 

Working capital, excluding deferred revenue(4)

   

15,247

     

17,781

     

115,963

 

Deferred revenue, current and non-current

   

23,957

     

31,464

     

35,563

 

Total assets

   

35,126

     

47,133

     

176,732

 

Redeemable convertible preferred shares

   

26,699

     

26,699

     

 

Total shareholders’ equity (deficit)

   

(29,028

)

   

(29,946

)

   

94,322

 

 

 

(1) Includes share-based compensation expense as follows:

 

 

 

Year ended December 31,

 

 

 

2017

   

2018

   

2019

 

 

 

(in thousands)

 

Share-based Compensation Expense:

                 

Cost of revenues

 

$

332

   

$

634

   

$

1,514

 

Research and development

   

660

     

731

     

2,370

 

Sales and marketing

   

765

     

1,458

     

4,849

 

General and administrative

   

353

     

358

     

2,194

 

Total share-based compensation expenses

 

$

2,110

   

$

3,181

   

$

10,927

 

 

(2) Basic and diluted net loss per ordinary share is computed based on the weighted average number of ordinary shares outstanding during each period. For additional information, see Note 2 to our consolidated financial statements included elsewhere in this annual report.

(3) We adopted ASC 842 - “Leases” on January 1, 2019, and recorded right-of-use assets and lease liabilities, which are reflected on our balance sheet as of December 31, 2019. As permitted, comparative figures were not adjusted. For additional information, see our consolidated financial statements included elsewhere in this annual report.

(4) We define working capital as total current assets minus total current liabilities.

 

Non-GAAP operating profit (loss) and non-GAAP net loss are non-GAAP financial measures. We define non-GAAP operating profit (loss) as operating loss excluding share-based compensation expense and secondary offering costs. We define non-GAAP net loss as net loss excluding share-based compensation expense, secondary offering costs and the tax effect of these non-GAAP adjustments. Because of varying available valuation methodologies, subjective assumptions and the variety of equity instruments that can impact a company’s non-cash expense, we believe that providing non-GAAP financial measures that exclude non-cash share-based compensation expense allow for more meaningful comparisons between our operating results from period to period. In addition, we believe that providing non-GAAP financial measures that exclude secondary offering costs allow for more meaningful comparisons between our operating results from period to period since these non-recurring costs are not representative or indicative of our ongoing operations. We also believe that the tax effects related to the non-GAAP adjustments set forth above do not reflect the performance of our core business and would impact period-to-period comparability.

 

5 

 

 

These non-GAAP financial measures are an important tool for financial and operational decision-making and for evaluating our operating results over different periods. 

The presentation of these non-GAAP financial measures is not meant to be considered in isolation or as a substitute for comparable GAAP financial measures and should be read only in conjunction with our consolidated financial statements prepared in accordance with GAAP.

 

The following tables reconcile operating loss and net loss, the most directly comparable U.S. GAAP measures, to non-GAAP operating profit (loss) and non-GAAP net loss for the periods presented:

 

 

 

Year ended December 31,

 

 

 

2017

   

2018

   

2019

 

 

 

(in thousands)

 

Reconciliation of Operating Loss to Non-GAAP Operating Profit (Loss):

                 

Operating loss

 

$

(2,262

)

 

$

(1,932

)

 

$

(27,023

)

Add:

                       

Share-based compensation expense

 

$

2,110

   

$

3,181

   

$

10,927

 

Secondary offering costs

                   

862

 

Non-GAAP operating profit (loss)

 

$

(152

)

 

$

1,249

   

$

(15,234

)

 

 

 

Year ended December 31,

 

 

 

2017

   

2018

   

2019

 

 

 

(in thousands)

 

Reconciliation of Net Loss to Non-GAAP Net Loss:

                 

 

                 

Net loss

 

$

(2,792

)

 

$

(4,262

)

 

$

(28,119

)

Add:

                       

Share-based compensation expense

 

$

2,110

   

$

3,181

   

$

10,927

 

Secondary offering costs

   

     

     

862

 

Taxes on income related to non-GAAP adjustments

   

     

     

(724

)

Non-GAAP net loss

 

$

(682

)

 

$

(1,081

)

 

$

(17,054

)

 

6 

 

 

For a description of how we use non-GAAP operating profit (loss) and non-GAAP net loss to evaluate our business, see “Item 5. Operating and Financial Review and Prospects—Key Financial Metrics.”

 

Other companies, including companies in our industry, may calculate non-GAAP operating profit (loss) and non-GAAP loss differently or not at all, which reduces their usefulness as a comparative measure. You should consider non-GAAP operating profit (loss) and non-GAAP net loss along with other financial performance measures, including operating profit, and our financial results presented in accordance with U.S. GAAP.

 

 

B.

Capitalization and Indebtedness

 

Not applicable.

 

 

C.

Reasons for the Offer and Use of Proceeds

 

Not applicable.

 

 

D.

Risk Factors

 

Our business faces significant risks. You should carefully consider all of the information set forth in this annual report and in our other filings with the United States Securities and Exchange Commission, or the SEC, including the following risk factors which we face and which are faced by our industry. If any of the following risks actually occurs, our business, financial condition and results of operations could be materially and adversely affected. In that event, the trading price of our ordinary shares would likely decline, and you might lose all or part of your investment.

 

Risks Related to Our Business and Our Industry

 

The security policy management market is rapidly evolving and difficult to predict. If the market does not continue to develop as we anticipate or if our target customers do not adopt our solutions, our revenues may not grow as expected and our share price may decline.

 

We believe our future success depends in large part on growth in the security policy management market in which we compete. The security policy management market is subject to rapid technological change, evolving industry standards and a shift in the enforcement or scope of regulations to which our customers are subject, as well as changing customer needs, requirements and preferences. As such, it is difficult to predict important market trends, including potential growth. For example, organizations that currently use home-grown tools may believe that they already have sufficient security policy management products. Therefore, such organizations may allocate all or most of their network infrastructure budgets on other products and may not adopt our solutions in addition to or in lieu of other existing solutions. If the security policy management market does not continue to develop in the way we anticipate or if organizations do not recognize the benefits our solutions offer in addition to or in place of other existing solutions, then our revenues may not grow as expected and our share price could decline.

 

7 

 

The outbreak of the novel coronavirus 2019 (COVID-19) and its international spread may have an adverse effect on our business.

The occurrence of unforeseen or catastrophic events such as terrorist attacks, extreme terrestrial or solar weather events or other natural disasters, emergence of a pandemic, or other widespread health emergencies (or concerns over the possibility of such an emergency), could create economic and financial disruptions, and could lead to reduced demand for our products and operational difficulties that could impair our ability to manage our business. The current outbreak of COVID-19 that was first reported from Wuhan, China, on December 31, 2019, presents concerns that may dramatically affect our ability to conduct our business effectively, including, but not limited to, our inability to travel to various destinations due to travel restrictions and quarantine requirements, attend certain industry-related conferences and maintain ongoing sales operations. The spread of COVID-19 from China to other countries has resulted in the Director General of the World Health Organization declaring the outbreak of COVID-19 as a pandemic. While the COVID-19 outbreak is still in its early stages, international stock markets have reflected the uncertainty associated with the slow-down in the economy, the reduced travel experienced since the beginning of January, and the significant declines in the Dow Industrial Average in February and March 2020. A significant reduction in global economic activity may result in reduced IT budgets, including for security software. While the ultimate impact of the COVID-19 outbreak or a similar health pandemic or epidemic is highly uncertain and subject to change, it is becoming increasingly plausible, notwithstanding the travel restrictions and quarantines already imposed by many countries, that our business and business prospects, including the livelihood and IT budgets of our customers and potential customers upon which our business relies, may be directly and adversely impacted.
 

If we are unable to acquire new customers, particularly large organizations, our future revenues and operating results will be harmed.

 

Our growth strategy is dependent, in part, on our ability to acquire new customers, particularly large organizations. For example, in the year ended December 31, 2019, large organizations, which we define as those comprising the Global 2000, accounted for 68% of our revenues, excluding maintenance renewals. The size and number of customers that we add in a given period significantly and directly impacts both our short-term and long-term revenues. If we are unable to attract a sufficient number of new large organization customers or if we attract customers that place orders of an insufficient size, we may be unable to generate revenue growth at desired rates. The security policy management market is competitive and we cannot guarantee that we will out-perform our competitors. In addition, in many cases, our primary competition is in-house, manual, spreadsheet driven processes and homegrown approaches to security management. As a result, we may not be able to add new customers at the levels we expect, or may need to spend more than we budgeted on our efforts to do so. Competition in the marketplace may also result in us winning fewer new customers, lowering prices or offering sales incentives to new customers. These factors may have a material negative impact on our future revenues and operating results.

 

Sales to large organizations involve risks that may not be present (or that are present to a lesser extent) with sales to smaller entities. These risks include:

 

increased purchasing power and leverage held by large organizations in negotiating contractual arrangements with us, including, in certain cases, clauses that provide preferred pricing of configurations with similar specifications;

 

the timing of individual large sales, which in some cases have occurred in a quarter subsequent to those we anticipated, or have not occurred at all;

 

longer sales cycles and the associated risk that substantial time and resources may be spent on a potential customer that ultimately elects not to purchase our products or purchases fewer products than we anticipated;

 

more stringent or costly requirements imposed upon us in our maintenance and professional services contracts with such customers, including stricter response times and penalties for any failure to meet maintenance and professional services requirements;

 

8 

 

more complicated and costly implementation processes and network infrastructure; and

 

closer relationships with, and increased dependence upon, large technology companies who may offer competing products and have stronger brand recognition.

 

If we are unable to increase sales of our solutions and products to large organizations while mitigating the risks associated with serving such customers, our business, results of operations, prospects and financial condition may suffer.

 

Our business depends substantially on our ability to retain customers and expand our offerings to them, and our failure to do so could harm future results of operations.

 

We generate a significant portion of our revenues from sales to existing customers and our business depends substantially on our ability to retain customers and expand our offerings to them. For example, during the year ended December 31, 2019, we generated approximately 66% of our revenues, excluding maintenance renewals, from sales to existing customers. We offer four products that comprise the Tufin Orchestration Suite: SecureTrack, SecureChange, SecureApp and, as of February 2020, SecureCloud. The majority of our customers initially purchase SecureTrack to monitor part of their networks. Initial product deployments frequently expand across departments, divisions and geographies and result in the purchase of additional products, such as SecureChange and SecureApp. We also expect SecureCloud, which allows for visibility and control of the security posture in cloud-native and hybrid cloud environments, to contribute to our revenues over time.
 

The rate at which our existing customers purchase additional products and services depends on a number of factors, including the perceived need for additional IT security, our customers’ IT budgets, the efficacy of our solutions, general economic conditions, our customers’ overall satisfaction with our products and services and the continued growth and economic health of our customer base. If our efforts to sell additional products and services to our customers are not successful, our future revenues and operating results will be harmed.

 

We devote significant efforts to developing and marketing product updates to existing customers and rely on these efforts for a portion of our revenues. This requires a significant investment in building and maintaining customer relationships, as well as significant research and development efforts in order to launch product updates and new products. Our future success depends, in part, on our ability to continue to expand sales of our current product offerings to existing customers, sell additional licenses for our current products to our existing customers and develop and sell new products to existing customers.

 

9 

 

Our sales cycle is long and unpredictable, which may cause significant fluctuations in our quarterly results of operations.

 

The timing of our sales and related revenue recognition is difficult to predict because of the length and unpredictability of the sales cycle for our products. We and our channel partners often spend significant time and resources to better educate and familiarize potential customers with the value proposition of our products and platform. Our sales cycle usually lasts several months from proof of concept to purchase order from our customers, and it is often even longer, less predictable and more resource-intensive for larger transactions. Customers may also require additional internal approvals or seek to test our products for a longer trial period before deciding to purchase our solutions. Furthermore, even if we close a large transaction during a given quarter, we may be unable to recognize the revenues derived from such a transaction due to our revenue recognition policy. See “Item 5.A. Operating and Financial Review and Prospects—Operating Results—Application of Critical Accounting Policies and Estimates—Revenue Recognition.”
 
In addition, in the past, customers have deferred significant purchases to the last quarter of the year when they can determine what amount of their annual budget remains unused. As a result, the timing of individual sales can be difficult to predict. We generally expect an increase in business activity as we approach our fiscal year end in December, driven by our customers’ buying patterns. We believe that these seasonal trends will continue to affect our quarterly results. Large individual sales have, in some cases, occurred in quarters subsequent to those we anticipated or have not occurred at all. The loss or delay of one or more large transactions in a quarter could impact our anticipated results from operations for that quarter and future quarters for which revenues from those transactions are delayed. We may not be able to accurately predict or forecast the timing of sales, which has caused and could again cause our results to vary significantly from our expectations and the expectations of market analysts. In addition, we might devote substantial time and effort to a particular unsuccessful sales effort, and as a result we could lose other sales opportunities or incur expenses that are not offset by an increase in revenue, which could harm our business.
 

We face competition in the security policy management market in which we operate, and we may lack sufficient financial or other resources to maintain or improve our competitive position.

 

We face competition in the security policy management market in which we operate. In many cases, our primary competition is in-house, manual, spreadsheet driven processes and homegrown approaches to security management, and we and our channel partners may not be successful in educating and familiarizing potential customers with the value associated with our products and services. Our direct competitors include vendors such as AlgoSec, Inc., FireMon, LLC and Skybox Security LLC that offer solutions that compete with all or some of our products or product features. We also indirectly compete with large IT companies that offer a broad array of traditional security management solutions, such as Symantec Corporation and Cisco Systems, Inc., for a share of enterprises’ IT security budgets.
 

10 

 

Some of our competitors are large companies that have the technical and financial resources and broad customer bases needed to bring products that are competitive with ours to market and already have existing relationships as a trusted vendor for other products. Such companies may use these advantages to offer products and services that are perceived to be as effective as ours at a lower price or for free as part of a larger product package or solely in consideration for maintenance and professional services fees. As the security policy management market grows, we expect competition to increase in the future from both existing competitors and new companies that may enter our markets. Some of our competitors may develop different products that compete with our current solutions and respond more quickly and effectively than we do to new or changing opportunities, technologies, standards or client requirements, including in cloud-native environments.
 

Organizations that use other products or home-grown tools may believe that these products or tools are sufficient to meet their security policy management needs or that our products only serve the needs of a portion of the enterprise security market. Accordingly, these organizations may continue allocating their information technology budgets for other products, and may not adopt our products. Further, many organizations have invested substantial personnel and financial resources to design and operate their networks and have established deep relationships with other providers of networking and security products. As a result, these organizations may prefer to purchase from their existing suppliers rather than add or switch to a new supplier, such as us, regardless of product performance, features, or greater services offerings or may be more willing to incrementally add solutions to their existing security infrastructure from existing suppliers than to replace it wholesale with our solutions.

 

Our current and potential competitors may also establish cooperative relationships among themselves or with third parties that may further enhance their resources. Current or potential competitors may be acquired by third parties with greater available resources. As a result of such acquisitions, our current or potential competitors might be able to adapt more quickly to new technologies and customer needs, devote greater resources to the promotion or sale of their products and services, initiate or withstand substantial price competition, take advantage of other opportunities more readily or develop and expand their product and service offerings more quickly than we do.

 

11 

 

Our revenue growth rate in recent periods may not be indicative of our future performance.

 

Our revenue growth rate in recent periods may not be indicative of our future performance. For the years ended December 31, 2018 and 2019, our revenues were $85.0 million and $103.3 million, respectively, representing year-over-year growth of 22%. We may not achieve similar revenue growth rates in future periods. Factors that could impact our ability to increase our revenues include our ability to increase the size or efficiency of our sales force, which has expanded rapidly in recent years, our ability to achieve repeat purchases by existing customers, our ability to successfully compete with other companies and the extent to which we are successful in securing large-scale deployments, particularly among our Global 2000 customers. If we are unable to maintain consistent revenues or revenue growth, our share price could experience volatility, and our ability to achieve and maintain profitability could be adversely affected.

 

Our business could be adversely affected if we are unable to manage changes to our business model over time.

 

We sell our software primarily through perpetual license agreements and, to a lesser extent, term-based license agreements rather than utilizing a Software-as-a-Service, or SaaS, model. SaaS is a model of software deployment in which a software provider typically licenses an application to customers for use as a service on demand through web browser technologies. While we have yet to recognize any revenues from SaaS products, we plan to continue to deploy our new product, SecureCloud, by utilizing a SaaS model. A SaaS business model can require a vendor to undertake substantial capital investments and develop related sales and support resources and personnel. In recent years, some companies have begun to expect that enterprise software solutions will be provided through a subscription-based model. If we shift to a subscription-based model or make other significant changes to our business model, we may fail to make such a transition in a timely manner or do so at a sustainable pace, either of which could have an adverse effect on our business, results of operations, financial condition and cash flows.
 

12 

 

Our business and operations have experienced rapid growth, and if we do not appropriately manage our current and future growth, our results of operations will be harmed.

 

We have experienced rapid growth over the last several years, which has placed and will continue to place significant demands on our management, administrative, operational and financial infrastructure. For example, as of December 31, 2019, we had 568 employees and independent contractors compared to 424 as of December 31, 2018, and we expect to continue to expand our headcount. We expect to continue to manage an increasingly complex array of internal systems and processes as we scale aspects of our business in proportion to our growth, including an expanded sales force, additional customer service and research and development personnel, as well as more complex administrative systems related to managing increased headcount.

 

Our success will depend in part upon our ability to manage our growth effectively. To do so, we must continue to increase the productivity of our existing employees, particularly our sales force, and hire, train, and manage new employees and expand our network of channel partners. To manage the domestic and international growth of our operations and personnel, we will need to continue to improve our operational, financial, and management controls, as well as our reporting processes and procedures. In addition, we will hire additional personnel to support our financial reporting function.

These additional investments will increase our operating costs, which will make it more difficult for us to offset any future revenue shortfalls by reducing expenses in the short term. We may not be able to successfully acquire or implement these or other improvements to our systems and processes in an efficient or timely manner, or once implemented, we may discover deficiencies in their capabilities or effectiveness. We may experience difficulties in managing improvements to our systems and processes or in integrating with third-party technology. In addition, our systems and processes may fail to prevent or detect errors, omissions or fraud. Our failure to improve our systems and processes, or their failure to operate effectively and in the intended manner, may result in the disruption of our current operations and customer relationships, our inability to manage the growth of our business and our inability to accurately forecast and report our revenues, expenses and earnings, any of which may materially harm our business, results of operations, prospects and financial condition.

 

13 

 

We have a history of losses, and we may not be able to generate sufficient revenues to achieve and sustain profitability.

 

We have incurred net losses in each period since our inception, including net losses of $4.3 million and $28.1 million for the years ended December 31, 2018 and 2019, respectively. As of December 31, 2019, our accumulated deficit was $68.4 million. We expect our operating expenses to increase significantly as we continue to expand our sales and marketing efforts, in part, by building our sales platforms, continue to invest in research and development and continue to expand our operations in existing and new geographies and vertical markets. We also expect to continue to devote significant research and development resources to our on-premise and cloud solutions. In addition, we continue to incur significant additional legal, accounting and other expenses related to being a public company. While our revenues have grown in recent years, if our revenues decline or fail to grow at a rate faster than these increases in our operating expenses, we will not be able to achieve and maintain profitability in future periods. As a result, we may continue to generate losses. We cannot assure you that we will achieve profitability in the future or that, if we do become profitable, we will be able to sustain profitability.


We have identified a material weakness in our internal control over financial reporting. If we fail to maintain effective internal control over financial reporting, we may be unable to report our financial results accurately or meet our reporting obligations.
 
In connection with the issuance of our consolidated financial statements for each of the years ended December 31, 2017 and 2018, we identified a material weakness in our internal control over financial reporting. A “material weakness” is a deficiency, or combination of deficiencies, in internal control over financial reporting, such that there is a reasonable possibility that a material misstatement of our annual or interim financial statements will not be prevented or detected on a timely basis.
 
Specifically, we determined as of December 31, 2017 and 2018 that we did not have sufficient finance staff to provide for effective control over our period-end financial reporting process. As a result of having insufficient staff, we were unable to adequately segregate duties in a manner consistent with control objectives for our period-end financial reporting process.
 
During 2019 we have made substantial progress in developing and implementing a remediation plan for enhancing and improving our finance team and controls.
 
As part of our remediation plan, in 2019 we recruited 10 additional personnel, including accounting and finance employees with the specific technical accounting and financial reporting experience necessary for a public company, including a VP of Finance, a Corporate Controller, a Senior Manager of Sarbanes-Oxley Compliance, a Manager for the payroll compensation and treasury departments, a Controller of Revenue Recognition, a senior bookkeeping team manager and additional bookkeepers and finance employees.
 
We have recruited these personnel after considering the appropriateness of each individual’s experience and believe that these personnel are qualified to serve in their current respective roles.  As of December 31, 2019, we had 20 accounting and finance employees. We believe the current staffing in our accounting and finance department is sufficient to meet our requirements as a public company. However, we will continue to assess the adequacy of our accounting and finance personnel and resources, and will adjust our resources, as necessary, commensurate with any increase in the size and complexity of our business.
 
In addition, we have initiated the implementation of control procedures for the review, analysis and reporting, including with regards to the depth and level of review procedures, in order to be able to adequately segregate duties and have adequate internal control over financial reporting.
 
However, the material weakness will not be considered remediated until our applicable controls will have been implemented and operating for a sufficient period of time and our management, including the Chief Financial Officer and Chief Executive Officer, have assessed and concluded, through testing, that these controls are operating effectively. As such, we have determined that we did not maintain an effective internal control over financial reporting as of December 31, 2019 and have a material weakness in internal control over financial reporting in our period-end financial reporting process.
 
We will continue to assess our internal control environment and the potential remediation of this material weakness.
 
If we are unable to certify that our internal control over financial reporting is effective pursuant to Section 404 of the Sarbanes-Oxley Act of 2002, we could lose investor confidence in the accuracy and completeness of our financial reports, which could harm our business, the price of our ordinary shares and our ability to access the capital markets.
 

14 

 

If third-party applications and network products change such that we do not or cannot maintain the compatibility of our platforms and solutions with these applications and products, or if we fail to provide integrations that our customers desire, demand for our solutions and platforms could decline.

 

The attractiveness of our platforms depends, in part, on our ability to integrate with third-party applications and network products that our customers use or desire to use. Third-party providers may change the features of their applications and platforms or alter the terms governing use of their applications and platforms in an adverse manner. Further, third-party application providers may refuse to partner with us, or limit or restrict our access to their applications and platforms. Such changes could functionally limit or terminate our ability to use these third-party applications and systems with our platform, which could negatively impact our offerings and harm our business. If we fail to integrate our platforms with new third-party applications that our customers desire, or to adapt to the requirements of such third-party applications and platforms, we may not be able to offer the functionality that our customers expect, which would negatively impact our offerings and, as a result, harm our business.

If our products do not effectively interoperate with our customers’ existing or future IT infrastructures, deployments and integrations could be delayed or canceled, which would harm our business.

 

Our products must effectively interoperate with our customers’ existing or future IT infrastructure, which often has different specifications, utilizes multiple protocol standards, deploys products from multiple vendors and contains multiple generations of products that have been added over time. As a result, when problems occur in a network, it may be difficult to identify the sources of these problems. If we find errors in the existing software or defects in the hardware used in our customers’ infrastructure or problematic network configurations or settings, we may have to modify and improve our software so that our products will integrate with our customers’ infrastructure. In such cases, our products may be unable to support some of the configurations or protocols used in our customers’ infrastructure. These issues could cause longer deployment and integration times for our products and could cause order cancelations, either of which would adversely affect our business, results of operations and financial condition. Additionally, any changes in our customers’ IT infrastructure that degrade the functionality of our products or services, which are better supported by competitive software, could adversely affect the adoption and usage of our products.

 

Estimates of market opportunity and forecasts of market growth included in this annual report and in our public disclosures may prove to be inaccurate.

 

Growth forecasts included in this annual report and in our public disclosures relating to our market opportunity and the expected growth in the security policy management market, which are subject to significant uncertainty, may prove to be inaccurate. We believe our policy management and automation functionalities define a new market, and we are not aware of any third-party research that accurately defines the scope of our directly addressable opportunity. As such, in early 2019 we estimated the market size using third-party data and, when third-party data was not available, internal estimates. We segment enterprises based on our estimates of their network infrastructure size and their need for our solutions across their networks, and apply an average annual billings figure per segment based on an estimated prior five years of inventory, resulting in an estimated directly addressable market of $10.3 billion, which includes on-premise firewalls, private cloud and public cloud orchestration segments.
 

15 

 

 

The addressable market we estimate may not materialize for many years. Even if the markets in which we compete meet the size estimates and growth forecast in this annual report or in our public disclosures, our business could fail to grow at similar rates. Our growth is subject to many factors, including our success in implementing our business strategy, which is subject to many risks and uncertainties. Accordingly, the forecasts of market growth included in this annual report or in our public disclosures are not indicative of our future growth.

 

Because we derive substantially all of our revenues from sales of licenses and maintenance for SecureTrack, SecureChange and SecureApp, which belong to a single platform of products – the Tufin Orchestration Suite – the failure of these products to satisfy customers or to achieve increased market acceptance would adversely affect our business.

 

In the fiscal year ended December 31, 2019, we generated substantially all of our revenues from sales of licenses and maintenance for SecureTrack, SecureChange and SecureApp. We recently introduced SecureCloud to market, and have not yet derived revenues from the sales of this product. We expect to continue to derive a majority of our revenues from license and maintenance sales relating to the Tufin Orchestration Suite in the future. As such, market acceptance of this platform of products is critical to our continued success. Demand for licenses for the Tufin Orchestration Suite is affected by a number of factors, some of which are outside of our control, including continued market acceptance of our software by our customers and potential customers, the viability of existing and new use cases, technological change and growth or contraction in our market. If we are unable to continue to meet customer demands or to achieve more widespread market acceptance of our software, our business, operations, financial results and growth prospects will be materially and adversely affected.

 

If we are unable to increase market awareness of our company and our solutions, or fail to successfully promote or protect our brand, our competitive market position and revenues may not continue to grow or may decline.

 

We believe that improved awareness of our brand and the value proposition of our solutions will be essential to our continued growth and our success. Many factors, some of which are beyond our control, are important to maintaining and enhancing our brand, including our ability to increase awareness among existing and potential channels partners through various means of marketing and promotional activities. If our marketing efforts are unsuccessful in improving market awareness of our brand and our solutions, then our business, results of operations, prospects, and financial condition will be adversely affected, and we will not be able to achieve sustained growth.

 

Moreover, due to the intensely competitive nature of our market, we believe that building and maintaining our brand and reputation is critical to our success and that the importance of positive brand recognition will increase as competition in our market further intensifies. While we believe that we are successfully building a well-established brand and have invested and expect to continue to invest substantial resources to promote and maintain our brand, both domestically and internationally, there can be no assurances that our brand development strategies will enhance our reputation or brand recognition or lead to increased revenue.

 

16 

 

 

Furthermore, an increasing number of independent industry analysts and researchers, such as Gartner, IDC and 451 Research LLC, regularly evaluate, compare and publish reviews regarding the functionality of security products and services, including our solutions. These reviews may significantly influence the market perception of our solutions. We do not have any control over the content of these independent industry analysts and researchers’ reports, and our reputation and brand could be harmed if they publish negative reviews of our solutions or do not view us as a market leader. The strength of our brand may also be negatively impacted by our competitors’ marketing efforts, which may include incomplete, inaccurate and misleading statements about our business, products and services. If we are unable to maintain a strong brand and reputation, sales to new and existing customers could be adversely affected, and our financial performance could be harmed.

 

Our business and reputation could be harmed based on real or perceived shortcomings, defects or vulnerabilities in our solutions or the failure of our solutions to meet customers’ expectations.

 

Our customers face increasingly sophisticated and targeted cyberthreats. If we fail to update our products to detect or prevent such threats, our business and reputation will suffer. Moreover, as our solutions are adopted by an increasing number of enterprises and governmental entities, including the U.S. federal government, cyberattackers may focus on finding ways to defeat our solutions. The data stored in our products’ database is highly sensitive, and includes our customers’ current enterprise-wide network configuration and security policies. If our products’ security configuration is breached, this data could be used by malicious actors, including external hackers and rogue employees within our customers’ organizations, to plan how they could effectively traverse our customers’ networks and gain unauthorized access to critical systems and data. A breach or theft of our customers’ sensitive business data, regardless of whether the breach or theft is attributable to the failure of our products, could adversely affect the market’s perception of the efficacy of our solutions and current or potential customers may look to our competitors for alternatives to our solutions. The failure of our products may also subject us to lawsuits and financial losses stemming from indemnification of our partners and other third parties, as well as the expenditure of significant financial resources to analyze, correct or eliminate any vulnerabilities. Although we seek to limit our financial exposure in such circumstances through caps on our indemnification obligations, customers may litigate the enforceability of such caps and it is possible that such litigation may be successful in certain circumstances. Any such event could also cause us to suffer reputational harm, lose existing customers or deter them from purchasing additional products and services and prevent new customers from purchasing our solutions.

 

17 

 

 

Our business and reputation could be harmed if cybersecurity risks materialize.

 

Cybersecurity threats are a growing and evolving risk, and often are difficult or impossible to detect for long periods of time or to successfully defend against. Successful attacks, whether through external or internal actors, could harm the confidentiality, integrity and availability of personal data and other sensitive information, as well as the integrity and availability of our systems, products and services in a manner that could materially and adversely affect our business. Because techniques used to obtain unauthorized access or sabotage systems change frequently and generally are not identified until they are launched against a target, we may be unable to anticipate these techniques or to implement adequate preventative measures. In addition, such a security breach could impair our ability to operate our business, including our ability to provide maintenance and support services to our customers. If this happens, our revenues could decline and our business could suffer. In addition, if we suffer a highly publicized security breach, even if our platform and solutions perform effectively, such a breach could cause us to suffer reputational harm, lose existing commercial relationships and customers or deter customers from purchasing additional solutions and prevent new customers from purchasing our solutions.

 

We are subject to data privacy laws, the breach of which could subject us to fines and harm our reputation.

 

We are subject to an expanding number of domestic, international and contractual legal requirements regarding privacy, personal data rights and cybersecurity. These laws, rules and regulations continue to evolve and address a range of issues, including restrictions or technological requirements regarding the collection, use, storage, protection, retention or transfer of data. Violation of these requirements could result in substantial fines, penalties and related defense costs. For example, the GDPR provides for penalties that could reach the greater of 20 million Euros or 4% of a company’s worldwide annual turnover. In addition, because we operate in a number of jurisdictions, we may be subject to a variety of local data privacy laws, which can change frequently and potentially conflict with our existing obligations. For example, the State of California recently enacted the California Consumer Privacy Act, or CCPA, which became effective January 1, 2020, and imposes heightened transparency obligations and requirements to disclose practices with regard to the processing of personal information collected about California residents and to provide them with certain rights regarding their personal information in certain instances. While the CCPA currently has limited applicability to us, certain additional provisions may become effective on January 1, 2021, which would require additional steps to ensure compliance. These and other legal requirements may be interpreted and enforced in a manner that is inconsistent with our existing practices or the features of our products and services. We may also be subject to claims of liability or responsibility for the actions of third parties with whom we interact or upon whom we rely in relation to various products and services, including our channel partners. In addition to the possibility of our being subject to enforcement actions, fines, lawsuits and other claims, we could be required to fundamentally change our business activities and practices or modify our products and services, which could have an adverse effect on our business. Any inability to adequately address customer privacy and data protection concerns, even if unfounded, or to comply with applicable privacy and data protection laws, regulations and policies, could result in additional cost and liability to us, damage our reputation, inhibit sales and adversely affect our business.

 

18 

 

If we do not effectively expand, train and retain our sales force, we may be unable to acquire new customers or sell additional products and services to existing customers, and our business will suffer.

 

Our future success depends, in part, on our ability to continue to expand, train and retain our sales force. Our inability to attract or retain qualified personnel or delays in hiring required sales personnel may seriously harm our business, financial condition and results of operations. Any of our employees may terminate their employment at any time, subject to certain notice requirements. Our ability to continue to attract and retain highly skilled personnel is critical to our future success. For example, we increased the number of our sales and marketing personnel from 166 as of December 31, 2018 to 223 as of December 31, 2019. We expect to continue to expand our sales and marketing personnel significantly and face a number of challenges in achieving our hiring and integration goals. There is intense competition for individuals with sales training and experience. In addition, the training and integration of a large number of sales and marketing personnel in a short time requires the allocation of significant internal resources. We invest significant time and resources in training new sales force personnel to understand our solutions and growth strategy. However, there is no guarantee that our recent hires and planned new hires will become as productive as we expect or require, and we may be unable to hire or retain sufficient numbers of qualified individuals in the future in the markets in which we currently operate or where we seek to conduct business. Our failure to hire a sufficient number of qualified sales force members and train them to operate at target performance levels may materially and adversely impact our projected growth rate.

 

Our ability to enhance our products may be harmed if we are unable to attract and retain sufficient research and development personnel, and if we are unable to generate an adequate return on our investment in research and development.

 

Our ability to enhance our products may be harmed if we are unable to attract and retain sufficient engineers and research and development personnel. Our principal research and development activities are conducted from our headquarters in Israel, and we face significant competition for suitably skilled engineers and research and development personnel in this region, where the availability of such personnel is limited. We also engage a number of developers in Bucharest, Romania as independent contractors in order to benefit from the significant pool of talent that is more readily available in this market. Larger companies may expend more resources than we do on employee recruitment and may be able to offer more favorable compensation and incentive packages than us. If we cannot attract or retain a sufficient number of skilled research and development employees, our business, prospects and results of operations could be adversely affected.

 

19 

 

In order to remain competitive, we expect to continue to dedicate significant financial and other resources to develop new solutions, applications and enhancements to our existing products and platforms. For example, we increased the number of our research and development personnel from 152 as of December 31, 2018 to 187 as of December 31, 2019, and we expect to continue to expand our research and development headcount. However, investing in research and development personnel, developing new products and enhancing existing products are expensive and time consuming, and there is no assurance that such activities will result in significant new marketable products or enhancements to our products, design improvements, cost savings, revenues or other expected benefits. If we delay releasing product enhancements and new solutions, or are otherwise unable to generate an adequate return on our investment, our business and results of operations may be materially and adversely affected.

 

If we fail to maintain successful relationships with our channel partners, or if our channel partners fail to perform, our ability to market, sell and distribute our solutions will be limited, and our business, financial position and results of operations will be harmed.

 

We sell our products and services through our sales force, including our field sales team and our inside sales team, which works closely with our global network of over 171 active channel partners as of December 31, 2019. Our channel partners include distributors and resellers, as well as service delivery partners that help customers successfully deploy, configure, customize and maintain our products and services. Our channel partners fulfill orders constituting substantially all of our revenues. Certain of our new customer leads are generated by our channel partners. For the years ended December 31, 2018 and 2019, our two largest channel partners accounted for 13% and 10% of our revenues and 15% and 9% of our revenues, respectively. Our agreements with these channel partners provide that each partner agrees to sell and distribute our products within certain territories for one year. These agreements are nonexclusive and non-transferable, and automatically renew unless terminated by either party after providing prior written notice. As of December 31, 2019, three of our channel partners accounted for 10% or more of our accounts receivable, accounting for an aggregate of 41% of our accounts receivable. Our engagements with these channel partners are generally based on separate contractual relationships with different business units across multiple jurisdictions rather than on a single agreement.

 

20 

 

As a result of this concentration, if a channel partner ceases to perform services for us, we may face disruptions in deploying solutions to our customers. Additionally, we are exposed to the credit risk of our channel partners in the event they become insolvent while owing us payment. If our channel partners do not effectively provide support to the satisfaction of our customers, we may be required to provide support to such customers, which would require us to invest in additional personnel and may require us to devote significant time and resources. If our channel partners do not effectively market and sell our solutions, or choose to use greater efforts to market and sell the products and services of our competitors, our ability to grow our business may be adversely affected.

 

Our relationships with channel partners have been, and could in the future be, terminated with little or no notice if they become subject to bankruptcy or other similar proceedings. The loss of our major channel partners, the inability to replace them or the failure to recruit additional channel partners could materially and adversely affect our results of operations. If we are unable to maintain our relationship with channel partners or otherwise develop and expand our sales channels, or if our channel partners fail to perform, our business, financial position and results of operations could be adversely affected.

 

Our increasing focus on expanding security policy management to cloud-native environments presents execution and competitive risks. 

 

While many organizations see the cloud as a scalable extension of their existing data center, some are adopting the DevOps approach to cloud application development. Pricing and delivery models are evolving. Different usage models and network security architectures in the cloud influence customers’ choice of cloud-based security products. We are devoting significant resources to develop and deploy our cloud-based strategies. Our ecosystem must continue to evolve with this changing environment. Unlike traditional enterprise applications, in which every connectivity change is controlled and managed by IT, in cloud-native environments the developers and DevOps engineers typically have administrative rights over the infrastructure. The connectivity decisions and changes made by developers in cloud-native applications can have an immediate impact on the organization’s security posture, with little or no oversight by the security team. Our success in developing cloud-native solutions is connected with the fragmentation of enterprise networks between on-premise networks and the cloud environment, the growing use of cloud infrastructure and cloud-native development environments and the level of adoption of cloud platforms such as such as Google Cloud, Amazon Web Services, or AWS, Microsoft Azure, Check Point and Palo Alto.

 

We may not establish sufficient market share to achieve the scale necessary to achieve our business objectives. If we are not effective in executing organizational and technical changes to increase efficiency and accelerate innovation, or if we fail to generate sufficient usage of our new products and services, we may not grow revenues in line with the infrastructure and development investments described above.

 

21 

 

 

If our maintenance or professional services are not satisfactory to our customers, they may not renew their maintenance or professional services contracts, which could adversely affect our future results of operations.

 

Our customers depend in large part on customer support delivered through our channel partners or by us to resolve issues relating to the use of our solutions. Our agreements with customers typically provide certain service level commitments, including with respect to initial response time for support. Our business relies on our customers’ satisfaction with the technical maintenance and support and professional services we provide to support our products. While the majority of our software is sold under perpetual license agreements, all of our maintenance and professional services contracts are sold on a term basis. Our customers typically purchase one or three years of software maintenance in addition to their initial purchase of our products, with an option to renew their maintenance contracts. In order for us to maintain and improve our results of operations, it is important that our existing customers renew their maintenance contracts when the term expires. For example, for each of the years ended December 31, 2018 and 2019, our maintenance renewal rate was over 90%. Maintenance and support revenues have increased as a percentage of our revenues in each of these years.

 

The failure of our customers to correctly use our solutions, or our failure to effectively assist customers in deploying and integrating our solutions and providing effective ongoing support, may result in an increase in the vulnerability of our customers’ networks and their sensitive business data. If we fail to provide technical support services that are responsive, satisfy our customers’ expectations and resolve issues that they encounter with our products and services, then they may elect not to renew annual maintenance and support contracts and they may choose not to purchase additional products and services from us. Accordingly, our failure to provide satisfactory technical support or professional services could lead our customers not to renew their agreements with us or renew on terms less favorable to us, and therefore have a material and adverse effect on our business and results of operations.

 

We depend on a single third-party hardware manufacturer for the hardware that we use to fulfill certain orders for our software licenses.

 

We depend on a single third-party manufacturer to supply the computer hardware on which our licensed software is installed for certain customers. Specifically, when placing an order, a customer may elect to download our software onto its own computer hardware that meets our specifications or purchase computer hardware from us with our software pre-installed. In the years ended December 31, 2018 and 2019, transactions in which customers purchased software pre-installed on computer hardware that we supplied accounted for 34% and 28%, respectively, of our sales. Our computer hardware supplier fulfills our requirements on a purchase order basis and we hold only limited inventory. We do not have a long-term contract with the supplier that guarantees capacity or the continuation of particular pricing terms. There are alternative suppliers for the computer hardware, but that hardware would initially not be optimized for our software. Furthermore, in the event of a disruption in supply, we would need to inform customers with pending orders regarding the change in hardware and offer them the choice of supplying their own hardware or using alternate hardware that we would supply, both of which may cause delays in the timely fulfillment of their orders. This could have a material adverse effect on our business and results of operations.

 

22 

 

 

If our products fail to help our customers achieve and maintain compliance with government regulations and industry standards, our business and results of operations could be materially adversely affected.

 

We generate a substantial portion of our revenues from our products and services because they help our customers achieve and maintain compliance with government regulations and industry standards, and we expect that will continue for the foreseeable future. Industry standards may change with little or no notice, including changes that could make them more or less onerous for businesses. Governments may also adopt new laws or regulations, or make changes to existing laws or regulations, that could impact whether our solutions enable our customers to maintain compliance with such laws or regulations. Examples of industry and government regulations include the Payment Card Industry Data Security Standard, or PCI-DSS, the Sarbanes-Oxley Act, the North American Electric Reliability Corporation Critical Infrastructure Protection standards, or NERC-CIP, the General Data Protection Regulation, or GDPR, the NIST Cybersecurity Framework and the Health Insurance Portability and Accountability Act of 1996, or HIPAA. If we are unable to adapt our solutions to changing regulatory standards in a timely manner, or if our solutions fail to expedite our customers’ compliance initiatives, our customers may lose confidence in our products and could switch to products offered by our competitors. In addition, if regulations and standards related to information security change in a manner that makes them less onerous, our customers may view government and industry regulatory compliance as less critical to their businesses, and our customers may be less willing to purchase our products and services. In either case, our sales and financial results would suffer.

 

If we are unable to adequately protect our proprietary technology and intellectual property rights, our business could suffer substantial harm.

 

Our commercial success depends, in part, on our ability to protect our core technologies and other intellectual property assets. We rely on a combination of trade secrets, copyright and trademark laws, confidentiality procedures, technical know-how and continuing innovation to protect our intellectual property and maintain our competitive advantage.

 

23 

 

 

Our software and other proprietary information are protected by copyright on creation. Copyright registrations, which have so far not been necessary, may be sought on an as-needed basis. We also control access to and use of our proprietary software, proprietary technology and other confidential information through the use of internal and external controls, including contractual agreements containing confidentiality obligations with our employees, independent consultants, independent contractors, professional services team, partners and customers. Our confidentiality agreements are designed to protect our proprietary information, and the clauses requiring assignment of inventions are designed to grant us ownership of technologies that are developed through our relationship with the respective counterparty. Despite our efforts to protect our trade secrets and proprietary rights through intellectual property rights, confidentiality agreements and licenses (including non-disclosure and invention assignment agreements), unauthorized parties may still copy or otherwise obtain and use our intellectual property and technology.

 

In addition, we seek to protect our intellectual property by filing Israeli, U.S. and other foreign patent applications related to our proprietary technology. As of December 31, 2019, we had 14 issued patents in the United States and five issued patents in Israel. We may file additional patent applications in the future. In order to benefit from the protection of patents and other intellectual property rights, we must monitor and detect infringement and pursue infringement claims in certain circumstances in relevant jurisdictions, all of which are costly, time-consuming and uncertain. We may choose not to seek patent protection for certain innovations or in certain jurisdictions. Furthermore, the scope of our issued patents may be insufficient, and they may not provide us with any competitive advantages. Our patents and other intellectual property rights may be challenged by others or invalidated through administrative processes or litigation. In addition, the issuance of a patent does not guarantee that we have an absolute right to practice the patented invention. As a result, we may not be able to obtain adequate protection or effectively enforce our issued patents or other intellectual property rights.

 

We cannot assure you that the steps taken by us will deter or prevent infringement or misappropriation of our intellectual property or technology. In addition, the laws of some foreign countries where we operate do not protect our intellectual property and technology to as great an extent as the laws of the United States, and many foreign countries do not enforce these laws as diligently as government agencies and private parties in the United States.

 

We may be subject to intellectual property rights claims by third parties, which may be costly to defend, could require us to pay significant damages and could limit our ability to use certain technologies.

 

Companies in the software and technology industries, including some of our current and potential competitors, own large numbers of copyrights, trademarks, trade secrets and patents, and frequently enter into litigation based on allegations of infringement, misappropriation or other violations of intellectual property rights. From time to time, third parties may assert their patent, copyright, trademark and other intellectual property rights against us, our channel partners or our customers.

 

24 

 

 

Successful claims of infringement or misappropriation by a third-party could prevent us from using or distributing certain products or performing certain services or could require us to pay substantial damages (including, for example, treble damages if we are found to have willfully infringed patents and increased statutory damages if we are found to have willfully infringed copyrights), royalties or other fees. Such claims also could require us to cease making, licensing or using solutions that are alleged to infringe or misappropriate the intellectual property of others, to expend additional development resources to attempt to redesign our products or services or otherwise to develop non-infringing technology, to enter into potentially unfavorable royalty or license agreements in order to obtain the right to use necessary technologies or intellectual property rights, and to indemnify our partners and other third parties, including our customers and channel partners whom we typically indemnify against such claims. Even if third parties may offer a license to their intellectual property, the terms of any offered license may not be acceptable, and the failure to obtain a license or the costs associated with any license could cause our business, results of operations or financial condition to be materially and adversely affected.

 

We indemnify our channel partners and customers against claims that our products infringe the intellectual property rights of third parties. Defending against claims of infringement or being deemed to be infringing the intellectual property rights of others could impair our ability to innovate, develop, distribute and sell our current and planned products and services. If we are unable to protect our intellectual property and technology and ensure that we are not violating the intellectual property rights of others, we may find ourselves at a competitive disadvantage to others who need not incur the additional expense, time and effort required to create the innovative products that have enabled us to be successful to date.

 

Our use of open source software could negatively affect our ability to sell our software and subject us to possible litigation.

 

We use open source software in our products and our development environments and expect to continue to use open source software in the future. Open source software is typically provided without warranties or assurances of any kind. Some open source licenses contain requirements that the users of such software make available source code for modifications or derivative works we create based upon the open source software used, and many open source licenses include provisions that have not been interpreted by the courts. We monitor and control our use of open source software in an effort to avoid unanticipated conditions or restrictions on our ability to successfully commercialize our products and solutions. We believe that our compliance with the obligations under the various applicable licenses has mitigated the risks that we would trigger any such conditions or restrictions. However, such use may have inadvertently occurred in the development and offering of our products and solutions. If we combine our proprietary software with open source software in a certain manner that is not intended under our policies or monitoring practices, we could, under certain open source licenses, be required to release the source code of our proprietary software to the public. This would allow our competitors to create similar products quickly with lower development effort and ultimately could result in a loss of sales for us.

 

25 

 

 

The terms of many open source software licenses have not been interpreted by U.S. or foreign courts, and there is a risk that, once interpreted, those licenses could be construed in a manner that imposes unanticipated conditions or restrictions on our ability to successfully commercialize our products and solutions. For example, certain open source software licenses may be interpreted to require that we offer our products or solutions that use the open source software for no cost; that we make available the source code for modifications or derivative works we create based upon, incorporating or using the open source software (or that we grant third parties the right to decompile, disassemble, reverse engineer or otherwise derive such source code); that we license such modifications or derivative works under the terms of the particular open source license; or that otherwise impose limitations, restrictions or conditions on our ability to use, license, host or distribute our products and solutions in a manner that limits our ability to successfully commercialize our products.

 

This potential litigation could require us to purchase costly licenses or devote additional research and development resources to change our products or services, either of which would have a negative effect on our business and results of operations. In addition, if the license terms for the open source software we utilize change, we may be forced to reengineer our offerings or incur additional costs. Although we monitor the use and incorporation of open source software into our products, we cannot be certain that we have, in all cases, incorporated open source software in our products in a manner that is consistent with the applicable open source license terms.

 

We may become a party to commercial disputes, claims and legal actions, which are costly and may result in adverse outcomes for us.

 

Third parties may bring legal actions against us. Such actions, even if without merit, could harm our business. Although we have contractual protections, such as warranty disclaimers and limitation of liability provisions in our standard terms and conditions of sale (and we seek to include those protections when negotiating third party terms and conditions), they may not fully or effectively protect us from claims by customers, commercial relationships or other third parties.

 

In addition, we may become subject to disputes with customers over the terms of our agreements with them. Our agreements with certain larger customers grant those specific customers the right to use our software for specific purposes or within a specific scope. From time to time, we have disagreed with customers over the interpretation of those agreements. Such disagreements may harm our relationships with customers and could ultimately result in legal proceedings.

 

26 

 

 

The results of complex legal proceedings, whether bought by us or by others against us, are difficult to predict. An unfavorable resolution of any lawsuit could adversely affect our business, results of operations, prospects or financial condition. Any insurance coverage that we have may not adequately cover all claims asserted against us, or may cover only a portion of such claims. In addition, even if claims do not result in litigation or ultimately are resolved in our favor, such claims could result in our expenditure of funds in litigation, and divert management’s time and other resources. Litigation in general, and intellectual property and securities litigation in particular, can be expensive, lengthy and disruptive to normal business operations.  For example, we are subject to a putative class action lawsuit in New York state court alleging federal securities law violations in connection with our IPO. Our business, results of operations, and financial condition could be materially and adversely affected by such costs and any unfavorable outcomes in current or future litigation.
 

We may acquire other businesses, which could require significant management attention, disrupt our business, dilute shareholder value and adversely affect our results of operations and financial condition.

 

As part of our business strategy and in order to remain competitive, we may acquire or make investments in complementary companies, products or technologies. We have not made any acquisitions to date, and as a result, our ability as an organization to acquire and integrate other companies, products or technologies in a successful manner is unproven. We may not be able to find suitable acquisition candidates, and we may not be able to complete such acquisitions on favorable terms, if at all. If we do complete acquisitions, we may not ultimately strengthen our competitive position or achieve our goals, and any acquisitions we complete could be viewed negatively by our customers, analysts and investors. In addition, if we are unsuccessful at integrating such acquisitions or the products or technologies associated with such acquisitions, our revenues and results of operations could be adversely affected. Any integration process may require significant time and resources, and we may not be able to manage the process successfully. We may not successfully evaluate or utilize the acquired technology or personnel, or accurately forecast the financial impact of an acquisition transaction, including accounting charges. We may have to pay cash, incur debt or issue equity securities to pay for any such acquisition, each of which could adversely affect our financial condition or the value of our ordinary shares. The sale of equity or issuance of debt to finance any such acquisitions could result in dilution to our shareholders. The incurrence of indebtedness would result in increased fixed obligations and could also include covenants or other restrictions that would impede our ability to manage our operations.

 

27 

 

 

We are subject to a number of risks associated with international sales and operations.

 

We operate a global business with offices located in Israel, the United States and England. In the year ended December 31, 2019, we generated 55%, 40% and 5% of our revenues from customers in the Americas, EMEA and APAC, respectively. Business practices in the international markets that we serve may differ from those in the United States and may require us to include non-standard terms in customer contracts, such as extended payment or warranty terms. To the extent that we enter into customer contracts that include non-standard terms related to payment, warranties, or performance obligations, our results of operations may be adversely impacted.

 

Additionally, our international sales and operations are subject to a number of risks, including the following:

 

greater difficulty in enforcing contracts and managing collections, as well as longer collection periods;

 

higher costs of doing business internationally, including costs incurred in establishing and maintaining office space and equipment for our international operations;

 

management communication and integration problems resulting from cultural and geographic dispersion;

 

risks associated with trade restrictions and foreign legal requirements, including any importation, certification, and localization of our platforms that may be required in foreign countries;

 

greater risk of unexpected changes in regulatory practices, tariffs and tax laws and treaties;

 

compliance with anti-bribery laws, including, without limitation, compliance with the U.S. Foreign Corrupt Practices Act, the bribery sections of the Israeli Penal Law, 5737-1977 and the U.K. Bribery Act;

 

heightened risk of unfair or corrupt business practices in certain geographies and of improper or fraudulent sales arrangements that may impact financial results and result in restatements of, or irregularities in, financial statements;

 

the uncertainty of protection for intellectual property rights in some countries;

 

general political and economic conditions, including due to the impact of coronavirus, in these foreign markets; and

 

double taxation of our international earnings and potentially adverse tax consequences due to changes in the tax laws of the United States, Israel or the other jurisdictions in which we operate.

 

28


These and other factors could harm our ability to generate future international revenues and, consequently, materially impact our business, results of operations and financial condition.

 

Political and economic uncertainty arising from the outcome of the United Kingdom’s referendum on its membership in the European Union could adversely affect our business and results of operations.  

 

Our European sales team is currently located in Reading, England. On June 23, 2016, the United Kingdom held a referendum in which voters approved a withdrawal from the European Union, commonly referred to as “Brexit.” The United Kingdom officially withdrew from the European Union on January 31, 2020. The terms of the withdrawal are subject to ongoing negotiation that has created significant uncertainty about the future relationship between the United Kingdom and the European Union. It is possible that the level of economic activity in this region will be adversely impacted and that there will be increased regulatory and legal complexities, including those relating to tax, trade, security and employees. In addition, Brexit could lead to economic uncertainty, including significant volatility in global stock markets and currency exchange rates, which may adversely impact our business. Although the specific terms of the separation are unknown, it is possible that these changes could adversely affect our business and results of operations.

  

We are dependent on the continued services and performance of our two founders, the loss of either of whom could adversely affect our business.

 

Our business depends on the continued services and performance of our two founders, Reuven Kitov, our Chief Executive Officer and Chairman of the Board of Directors, and Reuven Harrison, our Chief Technology Officer and a director, to execute on our business plan, and to identify and pursue new opportunities and product innovations. We do not carry key man life insurance on either of Mr. Kitov or Mr. Harrison and, even if we did, such coverage would likely be insufficient to compensate us for the loss of their services. The loss of services of either of Mr. Kitov or Mr. Harrison could significantly delay or prevent the achievement of our development and strategic objectives.

 

29 

 

 

Our corporate culture has contributed to our success, and if we cannot maintain this culture as we grow, we could lose the innovation, creativity and teamwork fostered by our culture, which could adversely affect our business.

 

We believe that our corporate culture has been and will continue to be a key contributor to our success. From December 31, 2016 to December 31, 2019, we increased the size of our workforce by 123 employees in Israel and by 187 employees in other countries, representing a 120% increase, and we expect to continue to hire aggressively as we expand. In addition, we plan to continue to expand our international operations, which may affect our culture as we seek to find, hire and integrate additional international employees while maintaining our corporate culture. If we do not continue to maintain our corporate culture as we grow, we may be unable to continue to foster the innovation, integrity and collaboration we believe we need to support our growth. Our substantial anticipated headcount growth, international expansion and our transition from a private company to a public company may result in a change to our corporate culture, which could adversely affect our business.

 

Prolonged economic uncertainties or downturns could materially adversely affect our business.

 

Our business depends on our current and prospective customers’ ability and willingness to invest money in security policy management, which in turn is dependent upon their overall economic health. Negative economic conditions in the global economy, including conditions resulting from financial and credit market fluctuations, could cause a decrease in corporate spending on security software. The Americas accounted for the majority of our revenues in each of the years ended December 31, 2018 and 2019. EMEA also accounted for a significant portion of our revenues in each of the years ended December 31, 2018 and 2019, with revenues generated in Germany representing 25% and 30%, respectively, of EMEA revenues. Economic downturns and geopolitical challenges in the Americas, EMEA or certain other parts of the world may cause our customers in those locations to reevaluate decisions to purchase our solutions or to delay their purchasing decisions, which could adversely impact our results of operations due to the importance that region to us.

 

In addition, a significant portion of our revenues is generated from customers in the financial services industry, including banking and insurance, and the telecommunications industry. In the years ended December 31, 2018 and 2019, we generated approximately 53% and 47%, respectively, of our revenues from customers in the financial services and telecommunications industries. Negative economic conditions may cause customers in those industries in particular to reduce their IT spending. Customers may delay or cancel IT projects, choose to focus on in-house development efforts or seek to lower their costs by renegotiating maintenance and support agreements. To the extent purchases of licenses for our software are perceived by customers and potential customers to be discretionary, our revenues may be disproportionately affected by delays or reductions in general IT spending. If the economic conditions of the general economy or industries in which we operate worsen from present levels, our results of operation could be adversely affected.

 

30 

 

 

Our business depends, in part, on sales to the public sector, and significant changes in the contracting or fiscal policies of the public sector could have an adverse effect on our business.

 

We derive a portion of our revenues from sales of our solutions to federal, state, local and foreign governments, and we believe that the success and growth of our business will continue to depend in part on our successful procurement of government contracts. Factors that could impede our ability to maintain or increase the amount of revenues derived from government contracts include:

 

changes in fiscal or contracting policies;

 

decreases in available government funding;

 

changes in government programs or applicable requirements;

 

the adoption of new laws or regulations or changes to existing laws or regulations; and

 

potential delays or changes in the government appropriations or other funding authorization processes.

 

The occurrence of any of the foregoing could cause governments and governmental agencies to delay or refrain from purchasing our solutions or otherwise have an adverse effect on our business, operating results and financial condition.

 

Requirements associated with being a public company in the United States require significant resources and management attention.

 

Requirements associated with being a public company in the United States require significant resources and management attention. We are subject to certain reporting requirements of the Securities Exchange Act of 1934, or the Exchange Act, and the other rules and regulations of the Securities and Exchange Commission, or the SEC, and the New York Stock Exchange, or the NYSE. We are also subject to various other regulatory requirements, including under the Sarbanes-Oxley Act. We expect these rules and regulations to continue to increase our legal, accounting and financial compliance costs and to continue to make some activities more time-consuming and costly. We cannot predict or estimate the amount of additional costs we will continue to incur as a public company or the timing of such costs.

 

31 

 

 

In the first quarter of 2019, we implemented a new ERP system to provide for greater depth and breadth of functionality and effectively manage our business data, communications, operations and other business processes. A failure of this system to perform as we anticipate may result in transaction errors, processing inefficiencies and sales losses, may otherwise disrupt our operations and materially and adversely affect our business, results of operations and financial condition and may harm our ability to accurately forecast sales demand, fulfill our contractual obligations and file reports with the SEC on a timely and accurate basis. In addition, due to the systemic internal control features within ERP systems, we may experience difficulties that may affect our internal control over financial reporting, which may create a significant deficiency or material weakness in our overall internal controls. The risks associated with a new ERP system are greater for us as a newly public company.

 

In addition, complying with these rules and regulations and the increasingly complex laws pertaining to public companies requires substantial attention from our senior management, which could divert their attention away from the day-to-day management of our business. These cost increases and the diversion of management’s attention could materially and adversely affect our business, financial condition and results of operations. We will also need to continue to hire additional personnel to support our financial reporting function, and may face challenges in doing so.

 

We may acquire other businesses, which could require significant management attention, disrupt our business, dilute shareholder value and adversely affect our results of operations.

 

As part of our business strategy and in order to remain competitive, we may acquire or make investments in complementary companies, products or technologies. However, we have not made any acquisitions to date, and as a result, our ability as an organization to acquire and integrate other companies, products or technologies in a successful manner is unproven. We may not be able to find suitable acquisition candidates, and we may not be able to complete such acquisitions on favorable terms, if at all. If we do complete acquisitions, we may not ultimately strengthen our competitive position or achieve our goals, and any acquisitions we complete could be viewed negatively by our customers, analysts and investors. In addition, if we are unsuccessful at integrating such acquisitions or the technologies associated with such acquisitions, our revenues and results of operations could be adversely affected. Any integration process may require significant time and resources, and we may not be able to manage the process successfully. We may not successfully evaluate or utilize the acquired technology or personnel or accurately forecast the financial impact of an acquisition transaction, including accounting charges. We may have to pay cash, incur debt or issue equity securities to pay for any such acquisition, each of which could adversely affect our financial condition or the value of our ordinary shares. The sale of equity or issuance of debt to finance any such acquisitions could result in dilution to our shareholders. The incurrence of indebtedness would result in increased fixed obligations and could also include covenants or other restrictions that would impede our ability to manage our operations.

 

32 

 

 

We are subject to governmental export and import controls that could subject us to liability in the event of non-compliance or impair our ability to compete in international markets.

 

We incorporate encryption capabilities into certain of our products and these products thus may be subject to U.S. export control requirements. We are also subject to Israeli regulations controlling the use, import and export of encryption technology since our product development initiatives are primarily conducted in Israel. In December 2013, regulations under the Wassenaar Arrangement for the first time included a chapter on cyber-related matters. We believe that our products do not fall under this chapter; however, in the future we may become subject to this regulation or similar regulations, which would limit our sales and marketing activities and could therefore have an adverse effect on our results of operations. We have satisfied U.S. and Israeli export control requirements to export our products to most customers and jurisdictions outside of the United States and Israel, and we have satisfied other provisions of Israeli law governing the use of encryption technology. If the applicable U.S. and Israeli requirements regarding the export of encryption software or technology change or if we change the encryption means in our products or technology, we may need to satisfy additional requirements in the United States or Israel. Furthermore, various other countries regulate the import of certain encryption products and technology, including import permitting and licensing requirements, and have enacted laws that could limit our ability to distribute our products or could limit our customers’ ability to implement our products in those countries.

 

We are also subject to U.S. and Israeli export control and economic sanctions laws, which prohibit the shipment of certain products to embargoed or sanctioned countries and regions, governments and persons. Our products and technologies could be exported to these sanctioned targets by our channel partners despite the contractual undertakings they have given us and any such export could have negative consequences, including government investigations, penalties and reputational harm. Any change in export or import regulations, economic sanctions or related legislation, shift in the enforcement or scope of existing regulations, or change in the countries, governments, persons or technologies targeted by such regulations, could result in decreased use of our products by, or in our decreased ability to export or sell our products to, existing or potential customers with international operations. Any decreased use of our products or limitation on our ability to export or sell our products would likely adversely affect our business, financial condition and results of operations.

 

33 

 

 

In addition, in the future we may be subject to defense-related export controls. For example, currently our solutions are not subject to supervision under the Israeli Defense Export Control Law, 5767-2007, or the Import and Export Decree (Export Control over Dual Use Goods, Services and Technology), 5766-2006, but if the definitions of regulated cybersecurity are changed and our products are becoming classified as defense-related, we would become subject to such regulation. In particular, under the Defense Export Control Law, an Israeli company may not conduct “defense marketing activity” without a defense marketing license from the Israeli ministry of defense and may be subject to a requirement to obtain a specific license from the Israeli ministry of defense for any export of defense-related products, services and/or know-how. The definition of defense marketing activity is broad and includes any marketing of “defense equipment, services and/or know-how” outside of Israel or to a non-Israeli, which includes dual-use equipment, services and/or know-how (equipment, services and/or know-how that can be used for civilian or defensive purposes such as our cybersecurity solutions) that is specified in the list of Goods and Dual-Use Technology annexed to the Wassenaar Arrangement on Export Controls for Conventional Arms and Dual-Use Goods and Technologies, if intended for defense use or defense user only, or is specified under Israeli legislation. Similar issues could arise under the U.S. defense/military export controls under the Arms Export Control Act and the International Traffic in Arms Regulations.  

 

Risks Related to Our Ordinary Shares

 

Our share price has been and will likely continue to be volatile, and you may lose all or part of your investment.

 

Since our initial public offering on April 11, 2019, our ordinary shares have traded as high as $31.04 per share and as low as $14.85 per share through December 31, 2019. On February 29, 2020, the last reported sale price of our ordinary shares was $11.70 per share.

 

In addition, the market price of our ordinary shares could be highly volatile and may fluctuate substantially as a result of many factors, including:

 

actual or anticipated fluctuations in our results of operations;

 

variance in our financial performance from the expectations of market analysts;

 

announcements by us or our competitors of significant business developments, changes in service provider relationships, acquisitions or expansion plans;

 

changes in the prices of our products and services;

 

our involvement in litigation;

 

our sale of ordinary shares or other securities in the future;

 

market conditions in our industry;

 

34 

 

 

changes in key personnel;

 

the trading volume of our ordinary shares;

 

changes in the estimation of the future size and growth rate of our markets; and

 

general economic and market conditions.

 

In addition, the stock markets have experienced extreme price and volume fluctuations. Broad market and industry factors may materially harm the market price of our ordinary shares, regardless of our operating performance. In the past, following periods of volatility in the market price of a company’s securities, securities class action litigation has often been instituted against that company. For example, we are subject to a putative class action lawsuit in the Supreme Court of the State of New York alleging federal securities law violations in connection with our initial public offering. See “Item 8 A. Financial Information—Consolidated Financial Statements and Other Financial Information—Legal Proceedings.” Low trading volume may also increase the price volatility of our ordinary shares. A thin trading market could cause the price of our ordinary shares to fluctuate significantly more than the stock market as a whole.

 

An active trading market for our ordinary shares may not continue to develop or be sustained.

 

In April 2019, we completed our initial public offering. Prior to our initial public offering, there was no public market for our ordinary shares. Although we have completed our initial public offering and our ordinary shares are listed and trading on the NYSE, an active trading market for our ordinary shares may not continue to develop or be sustained, which may impair your ability to sell your ordinary shares at the time you wish to do so or at a price that you consider reasonable. The lack of an active market may also reduce the fair market value of your ordinary shares. An inactive market may also impair our ability to raise capital by selling our ordinary shares and may impair our ability to acquire other companies by using our ordinary shares as consideration.

 

If securities or industry analysts cease to publish research or publish inaccurate or unfavorable research reports about our business, our share price and trading volume could decline.

 

The trading price for our ordinary shares is affected by any research or reports that securities or industry analysts publish about us or our business. If one or more of the analysts who cover us or our business publish inaccurate or unfavorable research about us or our business, and in particular, if they downgrade their evaluations of our ordinary shares, the price of our ordinary shares would likely decline. If one or more of these analysts cease coverage of our business, we could lose visibility in the market for our ordinary shares, which in turn could cause our share price to decline.

 

35 

 

 

A small number of significant beneficial owners of our shares have a significant influence over matters requiring shareholder approval, which could delay or prevent a change of control.

 

As of February 29, 2020, the largest beneficial owners of our shares, entities and individuals affiliated with Marker LLC and Catalyst Private Equity Partners (Israel) II, Limited Partnership owned 12.5% and 12.7% of our ordinary shares, respectively. As a result, these shareholders individually or collectively could exert significant influence over our operations and business strategy and would have sufficient voting power to influence the outcome of matters requiring shareholder approval. These matters may include:

 

the composition of our board of directors, which has the authority to direct our business and to appoint and remove our officers;

 

approving or rejecting a merger, consolidation or other business combination;

 

raising future capital; and

 

amending our articles of association, which govern the rights attached to our ordinary shares.

 

This concentration of ownership of our ordinary shares could delay or prevent proxy contests, mergers, tender offers, open-market purchase programs or other purchases of our ordinary shares that might otherwise give you the opportunity to realize a premium over the then-prevailing market price of our ordinary shares. This concentration of ownership may also adversely affect our share price. Further, our amended and restated articles of association contain provisions that could make it difficult or expensive for a third party to pursue a tender offer, change in control or takeover attempt that is opposed by our management and board of directors even if such a transaction would be beneficial to our shareholders. We also have a staggered board of directors that could make it more difficult for shareholders to change the composition of our board of directors in any one year. These anti-takeover provisions could substantially impede the ability of public shareholders to change our management or board of directors.

 

As a foreign private issuer whose shares are listed on the NYSE, we may follow certain home country corporate governance practices instead of otherwise applicable NYSE requirements, which may, in the future, result in less protection than is accorded to investors under rules applicable to domestic U.S. issuers.

 

As a foreign private issuer whose shares are listed on the NYSE, we may follow certain home country corporate governance practices instead of otherwise applicable NYSE requirements for U.S. domestic issuers. For example, foreign private issuers are permitted to follow home country practices with regard to director nomination procedures and the approval of compensation of officers. Additionally, foreign private issuers are not required to maintain a board comprised of a majority of independent directors. Foreign private issuers are also exempt from NYSE rules that require shareholder approval prior to (i) the adoption or amendment of an equity compensation plan or (ii) the issuance of ordinary shares, or securities convertible into or exercisable for ordinary shares, in private offerings in excess of 20% of a company’s outstanding ordinary shares or voting power, as well as other private offerings to related parties. However, notwithstanding our ability to follow the corporate governance practices of our home country, Israel, we have elected to comply with NYSE corporate governance requirements that are applicable to U.S. domestic issuers. Nevertheless, we may, in the future, decide to rely on foreign private issuer exemptions and follow Israeli home country governance practices in lieu of complying with some or all NYSE corporate governance requirements, which may provide less protection to you than is accorded to investors of domestic issuers. See “Item 6.C. Board Practices—Corporate Governance Practices.”

 

36 

 

 

As a foreign private issuer, we are not subject to the provisions of Regulation FD or U.S. proxy rules and are exempt from filing certain reports required pursuant to the Exchange Act

 

As a foreign private issuer, we are exempt from a number of requirements under U.S. securities laws that apply to public companies that are not foreign private issuers. In particular, we are exempt from the rules and regulations under the Exchange Act, related to the furnishing and content of proxy statements, and our officers, directors and principal shareholders are exempt from the reporting and short-swing profit recovery provisions contained in Section 16 of the Exchange Act. In addition, we are not required under the Exchange Act to file annual and current reports and financial statements with the SEC as frequently or as promptly as U.S. domestic companies whose securities are registered under the Exchange Act and we are generally exempt from filing quarterly reports on Form 10-Q containing unaudited financial and other specified information with the SEC under the Exchange Act. We are also exempt from the provisions of Regulation FD, which prohibits issuers from making selective disclosure of material nonpublic information to, among others, broker-dealers and holders of a company’s securities under circumstances in which it is reasonably foreseeable that the holder will trade in such company’s securities on the basis of the information. Even though we intend to comply voluntarily with Regulation FD, these exemptions and leniencies will reduce the frequency and scope of information and protections to which you are entitled as an investor.

 

For so long as we qualify as a foreign private issuer, we are not required to comply with the proxy rules applicable to U.S. domestic filers, including the requirement applicable to emerging growth companies to disclose the compensation of our chief executive officer and other two most highly compensated executive officers on an individual, rather than an aggregate, basis. Nevertheless, regulations promulgated under the Israeli Companies Law require us to disclose in the proxy statement for the annual general meeting of our shareholders (or to include a reference therein to other previously furnished public disclosure) the annual compensation of our five most highly compensated executive officers on an individual, rather than an aggregate, basis. This disclosure will not be as extensive as that required of a U.S. domestic issuer. See “Item 6.B. Compensation—Compensation of Directors and Executive Officers.”

 

37 

 

 

In order to maintain our current status as a foreign private issuer, either (i) more than 50% of our outstanding voting securities must be directly or indirectly owned of record by non-residents of the United States or (ii)(a) a majority of our executive officers or directors may not be U.S. citizens or residents, (b) more than 50% of our assets cannot be located in the United States and (c) our business must be administered principally outside the United States. In the event U.S. residents directly or indirectly own more than 50% of our outstanding voting securities, we will cease to qualify as a foreign private issuer if we do not meet the requirements set forth in (ii) above.

 

Although we have elected to comply with certain U.S. regulatory provisions, our loss of foreign private issuer status would make such provisions mandatory. The regulatory and compliance costs to us under U.S. securities laws as a U.S. domestic issuer would be significantly higher. If we are not a foreign private issuer, we will be required to file periodic reports and registration statements on U.S. domestic issuer forms with the SEC, which are more detailed and extensive than the forms available to a foreign private issuer. We would also be required to follow U.S. proxy disclosure requirements, including the requirement to disclose more detailed information about the compensation of our senior executive officers on an individual basis. We may also be required to modify certain of our policies to comply with good governance practices associated with U.S. domestic issuers. Such conversion and modifications will involve additional costs. In addition, we would lose our ability to rely upon exemptions from certain corporate governance requirements on U.S. stock exchanges that are available to foreign private issuers.

 

The market price of our ordinary shares could be negatively affected by future sales of our ordinary shares.

 

If our existing shareholders, particularly our largest shareholders, our directors, their affiliates, or our executive officers, sell a substantial number of our ordinary shares in the public market, the market price of our ordinary shares could decrease significantly. The perception in the public market that these shareholders might sell our ordinary shares could also depress the market price of our ordinary shares and could impair our future ability to obtain capital, especially through an offering of equity securities.

 

As of February 29, 2020, 1,982,168 ordinary shares were reserved for issuance under our equity incentive plans. Shares issuable under our equity incentive plans have been registered on a Form S-8 registration statement and may be freely sold in the public market upon issuance, except for shares held by affiliates who have certain restrictions on their ability to sell.

 

38 

 

 

We may have exposure to greater tax liabilities than anticipated.

 

We have endeavored to structure our activities in a manner so as to minimize our and our subsidiaries’ aggregate tax liabilities. However, we have operations in various taxing jurisdictions, and our tax liabilities in one or more jurisdictions could be more than reported in respect of prior taxable periods and more than anticipated in respect of future taxable periods. In this regard, the amount of income taxes that we pay in future taxable periods could be higher if earnings are lower than anticipated in jurisdictions where lower statutory tax rates apply and higher than anticipated in jurisdictions where higher statutory tax rates apply.

 

In addition, we have entered into transfer pricing arrangements that establish transfer prices for our intercompany operations. However, our transfer pricing procedures are not binding on the applicable taxing authorities. No official authority in any country has made a binding determination as to whether or not we are operating in compliance with its transfer pricing laws. Accordingly, taxing authorities in any of the countries in which we operate could challenge our transfer prices and require us to adjust them to reallocate our income and potentially to pay additional taxes for prior tax periods. For example, the tax authorities in the United States have increased their focus on transfer pricing procedures, which could result in a greater likelihood of a challenge to our transfer pricing arrangements and the risk that we will be required to adjust them and reallocate our income. Such an adjustment could result in a higher effective tax rate than that to which we are currently subject. We expect that the issue of the validity of our transfer pricing procedures will become of greater importance as we continue our expansion in markets in which we currently have a limited presence and attempt to penetrate new markets. Any change to the allocation of our income as a result of reviews by taxing authorities could have a negative effect on our financial condition and results of operations.

 

Moreover, the determination of our worldwide provision for income taxes and other tax liabilities requires significant judgment and the ultimate tax determination is uncertain for many transactions and calculations. Although we believe our estimates are reasonable, our ultimate tax liability may differ from the amounts recorded in our financial statements and may materially adversely affect our financial condition and results of operations in the period or periods for which such determination is made. We have created reserves with respect to tax liabilities where we believe it to be appropriate. However, there can be no assurance that our ultimate tax liability will not exceed the reserves we have created.

 

The Base Erosion and Profit Shifting, or BEPS, project undertaken by the Organization for Economic Cooperation and Development, or the OECD, may also have adverse consequences on our tax liabilities. The BEPS project contemplates changes to numerous international tax principles, as well as national tax incentives, and these changes, which are being adopted in different manners by individual countries, could adversely affect our income tax liability. Even as countries translate the BEPS recommendations into specific national tax laws, it remains difficult to predict with accuracy the magnitude of any impact that such new rules may have on our financial results.

 

39 

 

 

In addition, the 2017 Tax Cuts and Jobs Act, or the TCJA, made significant changes to the U.S. Internal Revenue Code, including a reduction in the U.S. federal corporate income tax rate from the previous top marginal rate of 35% to a flat rate of 21% and limitations on certain corporate deductions and credits. Also, the TCJA requires complex computations to be performed that were not previously required in U.S. tax law, significant judgments to be made in interpretation of the provisions of the TCJA and significant estimates in calculations and the preparation and analysis of information not previously relevant or regularly produced. The U.S. Treasury Department and the U.S. Internal Revenue Service, or IRS, continue to interpret and issue guidance on how provisions of the TCJA will be applied and administered. Finally, foreign governments may enact tax laws in response to the TCJA that could result in further changes to global taxation and materially adversely affect our financial position and results of operations.

 

U.S. holders that own 10% or more of the vote or value of our ordinary shares may suffer adverse tax consequences if we and/or any of our non-U.S. subsidiaries are characterized as a “controlled foreign corporation,” or a CFC, under Section 957(a) of the U.S. Internal Revenue Code of 1986, as amended, or the Code.

 

A non-U.S. corporation is considered a CFC if more than 50% of (i) the total combined voting power of all classes of shares of such corporation entitled to vote or (ii) the total value of the shares of such corporation, is owned, or is considered as owned by applying certain constructive ownership rules, by U.S. shareholders (within the meaning of the Code) on any day during the taxable year of such non-U.S. corporation. Certain U.S. shareholders of a CFC generally are required to include currently in gross income such shareholders’ share of the CFC’s “Subpart F income,” a portion of the CFC’s earnings to the extent the CFC holds certain U.S. property and a portion of the CFC’s “global intangible low-taxed income” (as defined under Section 951A of the Code). Such U.S. shareholders are subject to current U.S. federal income tax with respect to such items, even if the CFC has not made an actual distribution to such shareholders. “Subpart F income” includes, among other things, certain passive income (such as income from dividends, interests, royalties, rents and annuities or gain from the sale of property that produces such types of income) and certain sales and services income arising in connection with transactions between the CFC and a person related to the CFC. “Global intangible low-taxed income” may include most of the remainder of a CFC’s income over a deemed return on its tangible assets.

 

As a result of the ownership of our shares, certain voting arrangements with respect to our shares, and certain changes in the U.S. tax law introduced by the TCJA, we believe that we and our non-U.S. subsidiaries may be classified as CFCs in the taxable year ended December 31, 2019 as well as in prior taxable years. These determinations cannot be made with certainty. In the event that we or any of our subsidiaries are a CFC, U.S. holders who hold 10% or more of the vote or value of our ordinary shares may realize adverse U.S. federal income tax consequences, such as current U.S. taxation of Subpart F income and of any such shareholder’s share of our or our subsidiaries’ accumulated non-U.S. earnings and profits (regardless of whether we make any distributions), taxation of amounts treated as global intangible low-taxed income under Section 951A of the Code with respect to such shareholder and being subject to certain reporting requirements with the IRS. Any such U.S. holder who is an individual generally would not be allowed certain tax deductions or foreign tax credits that would be allowed to a U.S. corporation. If you are a U.S. holder who holds 10% or more of the vote or value of our ordinary shares, you should consult your own tax advisors regarding the U.S. tax consequences of acquiring, owning or disposing our ordinary shares and the impact of the TCJA, especially the changes to the rules relating to CFCs.

 

40 

 

 

U.S. holders of our ordinary shares may suffer adverse tax consequences if we are characterized as a passive foreign investment company, or a PFIC, under Section 1297(a) of the Code.

 

Generally, if, for any taxable year, at least 75% of our gross income is passive income, or at least 50% of the average quarterly value of our total gross assets (which, if we are a CFC for the taxable year ended December 31, 2019 may be measured by the adjusted tax basis of our assets for such taxable year, and for subsequent years, assuming we are publicly traded, the total value of our assets may be measured in part by the market value of our ordinary shares, which is subject to change) is attributable to assets that produce passive income or that are held for the production of passive income, including cash, we would be characterized as a PFIC for U.S. federal income tax purposes. For purposes of these tests, passive income includes dividends, interest, gains from the sale or exchange of investment property and rents and royalties other than rents and royalties which are received from unrelated parties in connection with the active conduct of a trade or business. Additionally, a look-through rule generally applies with respect to 25% or more owned subsidiaries. If we are characterized as a PFIC, U.S. holders of our ordinary shares may suffer adverse tax consequences, including having gains realized on the sale of our ordinary shares treated as ordinary income, rather than capital gain, the loss of the preferential tax rate applicable to dividends received on our ordinary shares by individuals who are U.S. holders and having interest charges apply to distributions by us and to the proceeds of sales of our ordinary shares. In addition, special information reporting may be required. See “Item 10.E. Certain U.S. Federal Income Tax Consequences—Passive Foreign Investment Company Considerations.”

 

The determination of whether we are a PFIC will depend on the nature and composition of our income and the nature, composition and value of our assets from time to time. The 50% passive asset test described above is generally based on the fair market value of each asset, with the value of goodwill and going concern value determined in large part by reference to the market value of our ordinary shares, which may be volatile. If we are a CFC and not publicly traded throughout the relevant taxable year, however, the test may be applied based on the adjusted basis of our assets. Under recently proposed Treasury Regulations, or the Proposed Regulations, however, if we are treated as publicly traded for a majority of days of the relevant taxable year, our assets would generally be required to be measured at their fair market value, even if we are a CFC.

 

41 

 

 

The Proposed Regulations have not yet been adopted as final Treasury Regulations. Until such time as they are adopted as final Treasury Regulations, taxpayers may choose whether or not to apply them, provided (if they choose to apply them) they apply them consistently and in their entirety. We intend to apply the Proposed Regulations and to apply them consistently and in their entirety. The remainder of this discussion assumes the application of the Proposed Regulations to the determination of whether we are a PFIC.
 
If the Proposed Regulations are applied to the determination of whether we are a PFIC, then based on our determination that our shares are properly treated as being publicly traded for a majority of days of the taxable year ended December 31, 2019 and our estimates of the fair market values of our assets, we believe that we should not be classified as a PFIC with respect to the taxable year ended December 31, 2019. However, this determination is subject to uncertainty.

In particular, the determination of whether we are, or will be, a PFIC for a taxable year depends, in part, on the application of complex U.S. federal income tax rules, which are subject to differing interpretations. It is possible that the IRS will disagree with the interpretation on which our belief about our PFIC status is based, and no ruling from the IRS concerning our PFIC status has been obtained or is currently planned to be requested. Moreover, because PFIC status is based on our income, assets and activities for the entire taxable year, it is not possible to determine whether we will be characterized as a PFIC for any subsequent year until after the close of the relevant year. We can therefore make no assurances regarding our PFIC status for any taxable year. Our U.S. counsel expresses no opinion with respect to our PFIC status for the taxable year ended December 31, 2019 or for any other taxable year. We will continue to determine whether we were a PFIC or not for each taxable year and make such determination available to U.S. holders.

The tax consequences that would apply if we were a PFIC in any taxable year would be different from those described above if a U.S. holder were able to make a valid “qualified electing fund,” or QEF, election. We will use commercially reasonable efforts to make available to U.S. holders such information with respect to the company as is necessary for U.S. holders to make QEF elections with respect to the company for any taxable year in which we determine that we are classified as a PFIC. See “Item 10.E. Certain U.S. Federal Income Tax Consequences—Passive Foreign Investment Company Considerations.”


42 

 

 

We are an “emerging growth company,” and the reduced disclosure requirements applicable to emerging growth companies may make our ordinary shares less attractive to investors.

 

We are an “emerging growth company,” as defined in the Jumpstart Our Business Startups Act, or the JOBS Act, and may remain an emerging growth company for up to five fiscal years after April 10, 2019, the date of our initial public offering. For so long as we remain an emerging growth company, we are permitted and intend to rely on exemptions from certain disclosure requirements that are applicable to other public companies that are not emerging growth companies. These exemptions include not being required to comply with the auditor attestation requirements of Section 404 of the Sarbanes-Oxley Act not being required to comply with any requirement that may be adopted by the Public Company Accounting Oversight Board regarding mandatory audit firm rotation or a supplement to the auditor’s report providing additional information about the audit and the financial statements, reduced disclosure obligations regarding executive compensation and exemptions from the requirements of holding a nonbinding advisory vote on executive compensation and shareholder approval of any golden parachute payments not previously approved. We cannot predict whether investors will find our ordinary shares less attractive if we rely on these exemptions. If some investors find our ordinary shares less attractive as a result, there may be a less active trading market for our ordinary shares and our share price may be more volatile.

 

We do not intend to pay dividends for the foreseeable future and, as a result, your ability to achieve a return on your investment will depend on appreciation in the price of our ordinary shares.

 

We have never declared or paid any cash dividends on our ordinary shares and do not intend to pay any cash dividends in the foreseeable future. We anticipate that we will retain all of our future earnings for use in the development of our business and for general corporate purposes. In addition, our ability to pay cash dividends is currently limited by the terms of our credit agreements, and any future credit agreements may contain terms prohibiting or limiting the amount of dividends that may be declared or paid on our ordinary shares. Accordingly, investors must rely on sales of their ordinary shares after price appreciation, which may never occur, as the only way to realize any future gains on their investments.  

 

43 

 

 

Risks Related to Our Incorporation and Location in Israel

 

Our corporate headquarters and principal research and development facilities are located in Israel and, therefore, our business and operations may be adversely affected by political, economic and military conditions in Israel.

 

We are incorporated under Israeli law, and our corporate headquarters and principal research and development facilities are located in Israel. In addition, certain of our directors, executive officers and key employees are residents of Israel. Accordingly, political, economic and military conditions in the Middle East in general, and in Israel in particular, directly affect our business, product development and results of operations. Since the State of Israel was established in 1948, a number of armed conflicts have occurred between Israel and its neighboring countries, and since 2000, there have been increasing occurrences of terrorist violence. In recent years, hostilities between Israel and Hezbollah in Lebanon and Syria and Hamas in the Gaza Strip have involved missile strikes in various parts of Israel causing disruption of economic activities. Our corporate headquarters and principal research and development activities are located in the range of missiles that could be fired from Lebanon, Syria or the Gaza Strip into Israel. In addition, Israel faces threats from more distant neighbors, in particular, Iran (which is believed to be an ally of Hezbollah and Hamas). Furthermore, in early January 2020, certain events contributed to an increase in hostilities between the United States and Iran, and as a result Iran issued multiple public statements threatening to attack Israel and the United States. These events, coupled with the already mounting tensions between Israel and Iran, may threaten to destabilize the Middle East on a political level, the result of which may impact our ability to conduct our business effectively.

 

As of December 31, 2019, we had 285 employees based in Israel. Our operations could be disrupted by the obligations of some of our personnel to perform military service. Certain of our employees in Israel, generally males, including executive officers, may be called upon to perform obligatory military reserve service on an annual basis until they reach the age of 40 (and in some cases, up to age 49) and, in certain emergency circumstances, may be called to immediate and prolonged active duty on very short notice. Our operations could be disrupted by the absence for military service for extended periods of a significant number of our employees. Such disruption could materially and adversely affect our business and results of operations.

 

Our commercial insurance does not cover losses that may occur as a result of an event associated with the security situation in the Middle East, such as damages to our facilities resulting in disruption of our operations. Although the Israeli government is currently committed to covering the reinstatement value of direct damages that are caused by terrorist attacks or acts of war, we cannot assure you that this government coverage will be maintained, or if maintained, will be sufficient to compensate us fully for damages incurred. Any losses or damages incurred by us could have a material adverse effect on our business. Further, any armed conflicts, political instability, terrorism, cyberattacks or any other hostilities involving or threatening Israel would likely negatively affect business conditions and could make it more difficult for us to conduct our operations in Israel, which could increase our costs and adversely affect our financial results.

 

44 

 

 

On Israel’s domestic front there is currently a level of unprecedented political instability. The Israeli government has been in a transitionary phase since December 2018, when the Israeli Parliament, or the Knesset, first resolved to dissolve itself and call for new general elections. In 2019, Israel held general elections twice – in April and September – and a third general election was held in March 2020. The Knesset, for reasons related to this extended political transition, has failed to pass a budget for the year 2020, and certain government ministries, which may be critical to the operation of our business, are without necessary resources and may not receive sufficient funding moving forward. Given the likelihood that the current political stalemate may not be resolved during the next calendar year, our ability to conduct our business effectively may be adversely affected.

 

In addition, several countries, principally in the Middle East, restrict doing business with Israeli companies, and additional countries may impose restrictions on doing business with Israeli companies. In addition, there have been increased efforts by activists to cause companies and consumers to boycott Israeli goods based on Israeli government policies. Similarly, Israeli companies are limited in conducting business with entities from several countries. Such business restrictions and boycotts, particularly if they become more widespread, may adversely impact our ability to sell our products and to expand our business.

 

Exchange rate fluctuations between the U.S. dollar, the New Israeli Shekel, the Euro and other foreign currencies, may negatively affect our future revenues.

 

We generate substantially all of our revenues in U.S. dollars. The majority of our operating expenses are incurred in foreign currencies, and are subject to fluctuations due to changes in foreign currency exchange rates, particularly changes between the U.S. dollar and the New Israeli Shekel, or the NIS, the Euro and, to a lesser extent, the British Pound. As a result, our financial results may be affected by fluctuations in the exchange rates of currencies in the countries in which our products may be sold. For example, during 2019, we witnessed a strengthening of the average exchange rate of the NIS against the dollar, which increased the dollar value of Israeli expenses. If the NIS strengthens against the dollar, as it did in 2019, the dollar value of our Israeli expenses, mainly personnel and facility-related, will increase. We have entered into forward contracts with major banks to provide partial protection against foreign currency exchange risks resulting from expenses paid in NIS during the year. Although exposure to currency fluctuations to date has not had a material adverse effect on our business, there can be no assurance that our limited hedging transactions will provide sufficient protection and that such fluctuations in the future will not have a material adverse effect on our operating results and financial condition.

 

45 

 

 

Our operations may be affected by negative labor conditions in Israel.

 

With respect to our Israeli employees, Israeli labor laws govern the length of the workday, minimum wages for employees, procedures for hiring and dismissing employees, determination of severance pay, annual leave, sick days, advance notice of termination of employment, equal opportunity and anti-discrimination laws and other conditions of employment. Subject to certain exceptions, Israeli law generally requires severance pay upon the retirement, death or dismissal of an employee, and requires us and our employees to make payments to the National Insurance Institute, which is similar to the U.S. Social Security Administration. Our employees have pension plans that comply with the applicable Israeli legal requirements and we make monthly contributions to severance pay funds for all employees, which cover potential severance pay obligations.

 

In Israel, we are subject to certain labor statutes and national labor court precedent rulings, as well as to certain provisions of the collective bargaining agreements between the Histadrut (General Federation of Labor in Israel) and the Coordination Bureau of Economic Organizations including the Industrialists’ Associations. These provisions of collective bargaining agreements are applicable to our Israeli employees by virtue of extension orders issued in accordance with relevant labor laws by the Israeli Ministry of Economy and Industry, and apply our employees even though they are not directly part of a union that has signed a collective bargaining agreement.

 

The laws and labor court rulings that apply to our employees principally concern minimum wage laws, length of the work day and workweek, overtime payment, procedures for dismissing employees, determination of severance pay, leaves of absence (such as annual vacation or maternity leave), sick pay and other conditions for employment. The extension orders which apply to our employees principally concern mandatory contributions to a pension fund or managers’ insurance, annual recreation allowance, travel expenses payment and other conditions of employment. We generally provide our employees with benefits and working conditions beyond the required minimums.

 

The termination or reduction of tax and other incentives that the Israeli government provides to domestic companies may increase the costs involved in operating a company in Israel.

 

The Israeli government currently provides tax and capital investment incentives to domestic companies, as well as grant and loan programs relating to research and development and marketing and export activities. In recent years, the Israeli government has reduced the benefits available under these programs and the Israeli governmental authorities have indicated that the government may in the future further reduce or eliminate the benefits of those programs. We have taken in the past and may take advantage of these benefits and programs again in the future, however, there is no assurance that such benefits and programs will continue to be available to us in the future. If such benefits and programs were terminated or further reduced, it could have an adverse effect on our business, operating results and financial condition.

 

46 

 

 

Enforcing a U.S. judgment against us and our current directors and executive officers, or asserting U.S. securities law claims in Israel, may be difficult.

 

We are incorporated under the laws of the State of Israel. Service of process upon us and upon our directors and executive officers, most of whom reside outside of the United States, and on our auditors, may be difficult to obtain within the United States. Furthermore, because a majority of our assets and most of our directors and executive officers are located outside of the United States, any judgment obtained in the United States against us or any of them may be difficult to collect within the United States.

 

It may be difficult to assert U.S. securities law claims in original actions instituted in Israel. Israeli courts may refuse to hear a claim based on an alleged violation of U.S. securities laws on the basis that Israel is not the most appropriate forum in which to bring such a claim. In addition, even if an Israeli court agrees to hear a claim, it may determine that Israeli law and not U.S. law is applicable to the claim. There is little binding case law in Israel addressing these matters. If U.S. law is found to be applicable, the content of applicable U.S. law must be proven as a fact which can be a time-consuming and costly process. Certain matters of procedure will also be governed by Israeli law.

 

Provisions of our amended and restated articles of association and Israeli law and tax considerations may delay, prevent or make difficult an acquisition of us, which could prevent a change of control and negatively affect the price of our ordinary shares.

 

Israeli corporate law regulates mergers, requires tender offers for acquisitions of shares above specified thresholds, requires special approvals for certain transactions involving directors, officers or significant shareholders and regulates other matters that may be relevant to these types of transactions. These provisions of Israeli law may delay, prevent or make difficult an acquisition of us, which could prevent a change of control and therefore negatively affect the price of our ordinary shares. For example, under the Israeli Companies Law, upon the request of a creditor of either party to a proposed merger, the court may delay or prevent the merger if it concludes that there exists a reasonable concern that as a result of the merger the surviving company will be unable to satisfy the obligations of any of the parties to the merger. In addition, our executive officers and certain other key employees are entitled to certain benefits in connection with a change of control of our company.

 

Our amended and restated articles of association provide that our directors (other than external directors) are elected on a staggered basis, such that a potential acquirer cannot readily replace our entire board of directors at a single annual general shareholder meeting.

 

47 

 

 

Furthermore, Israeli tax considerations may make potential transactions unappealing to us or to our shareholders, especially for those shareholders whose country of residence does not have a tax treaty with Israel, which exempts such shareholders from Israeli tax. For example, Israeli tax law does not recognize tax-free share exchanges to the same extent as U.S. tax law. With respect to mergers, Israeli tax law allows for tax deferral in certain circumstances but makes the deferral contingent on the fulfillment of a number of conditions, including, in some cases, a holding period of two years from the date of the transaction during which sales and dispositions of shares of the participating companies are subject to certain restrictions. Moreover, with respect to certain share swap transactions, the tax deferral is limited in time, and when such time expires, the tax becomes payable even if no disposition of the shares has occurred. In order to benefit from the tax deferral, a pre-ruling from the Israel Tax Authority might be required.

 

We may become subject to claims for remuneration or royalties for assigned service invention rights by our employees, which could result in litigation and adversely affect our business.

 

We have entered into assignment-of-invention agreements with our research and development employees pursuant to which such individuals agreed to assign to us all rights to any inventions created during or as a result of their employment or engagement with us or in our field of business. A significant portion of our intellectual property has been developed by our employees during the course of their employment by us. Under the Israeli Patent Law, 5727-1967, or the Patent Law, inventions conceived by an employee during the scope of his or her employment with a company and as a result thereof are regarded as “service inventions,” which belong to the employer, absent a specific agreement between the employee and employer giving the employee service invention rights. The Patent Law also provides that if there is no agreement between an employer and an employee with respect to the employee’s right to receive compensation for such “service inventions,” the Israeli Compensation and Royalties Committee, or the Committee, a body constituted under the Patent Law, shall determine whether the employee is entitled to remuneration for his or her service inventions and the scope and conditions for such remuneration. A recent decision by the Committee clarifies that the right to receive consideration for “service inventions” can be waived by the employee and that in certain circumstances, such waiver does not necessarily have to be explicit. In order to determine the scope and validity of such wavier, the Committee will examine, on a case-by-case basis, the general contractual framework between the parties, using interpretation rules of the general Israeli contract laws. Further, the Committee has not yet determined one specific formula for calculating this remuneration (but rather uses the criteria specified in the Patent Law). Although our employees have agreed to assign to us service invention rights and have specifically waived their right to receive any special remuneration for such assignment beyond their regular salary and benefits, we may face claims that the assignment is not enforceable or demanding remuneration in consideration for assigned inventions. As a consequence of such claims, we could be required to pay additional remuneration or royalties to our current and former employees, or be forced to litigate such claims, which could negatively affect our business.

 

48 

 

 

The government tax benefits that we currently are entitled to receive require us to meet several conditions and may be terminated or reduced in the future.

 

Some of our operations in Israel may entitle us to certain tax benefits under the Israeli Law for the Encouragement of Capital Investments, 5719-1959, or the Investment Law, once we are profitable. If we do not meet the requirements for maintaining these benefits, they may be reduced or canceled and the relevant operations would be subject to Israeli corporate tax at the standard rate, which is set at 23% in 2018 and thereafter. In addition to being subject to the standard corporate tax rate, we could be required to refund any tax benefits that we have already received, plus interest and penalties thereon. Even if we continue to meet the relevant requirements, the tax benefits that our current “Beneficiary Enterprise” is entitled to may not be continued in the future at their current levels or at all. If these tax benefits were reduced or eliminated, the amount of taxes that we pay would likely increase, as all of our operations would consequently be subject to corporate tax at the standard rate, which could adversely affect our results of operations. Additionally, if we increase our activities outside of Israel, for example, by way of acquisitions, our increased activities may not be eligible for inclusion in Israeli tax benefits programs.

 

Your rights and responsibilities as a shareholder are, and will continue to be, governed by Israeli law, which differs in some material respects from the rights and responsibilities of shareholders of U.S. companies.

 

The rights and responsibilities of the holders of our ordinary shares are governed by our amended and restated articles of association and by Israeli law. These rights and responsibilities differ in some material respects from the rights and responsibilities of shareholders in U.S. corporations. For example, a shareholder of an Israeli company has a duty to act in good faith and in a customary manner in exercising its rights and performing its obligations towards such company and its shareholders, and to refrain from abusing its power in such company, including voting at a general meeting of shareholders on matters such as amendments to a company’s articles of association, increases in a company’s authorized share capital, mergers and acquisitions and related party transactions requiring shareholder approval. In addition, a shareholder who is aware that it possesses the power to determine the outcome of a shareholder vote or to appoint or prevent the appointment of a director or executive officer in the company has a duty of fairness toward the company. There is limited case law available to assist us in understanding the nature of these duties or the implications of these provisions. These provisions may be interpreted to impose additional obligations and liabilities on holders of our ordinary shares that are not typically imposed on shareholders of U.S. corporations.  

 

49 

 

 

ITEM 4. INFORMATION ON THE COMPANY

  

  A. History and Development of the Company

  

Our History  

 

The legal name of our company is Tufin Software Technologies Ltd. and we are organized under the laws of the State of Israel. We were founded in 2005 with the goal of introducing a centralized security management layer that analyzes, defines and implements enterprise-specific security policies. In April 2019, we completed an initial public offering on the NYSE. We believe we were the first company to introduce security policy automation solutions with SecureChange and SecureApp, and we believe our position as a market leader reinforces our brand and supports our position as one of the most prominent players in the increasingly important security policy management market. Our Tufin Orchestration Suite, a comprehensive policy management platform, is currently comprised of four products: SecureTrack, SecureChange, SecureApp and, most recently, SecureCloud.

 

We are a company limited by shares organized under the laws of the State of Israel. We are registered with the Israeli Registrar of Companies. Our registration number is 51-362739-8. Our principal executive offices are located at 5 HaShalom Road, ToHa Tower, Tel Aviv 6789205, Israel, and our telephone number is +972 (3) 612-8118. Our website address is www.tufin.com. Information contained on, or that can be accessed through, our website does not constitute a part of this annual report and is not incorporated by reference herein. We have included our website address in this annual report solely for informational purposes. Our SEC filings are available to you on the SEC’s website at http://www.sec.gov. This site contains reports, proxy and information statements, and other information regarding issuers that file electronically with the SEC. The information on that website is not part of this annual report and is not incorporated by reference herein. Our agent for service of process in the United States is Tufin Software North America, Inc., located at 10 Summer Street, Suite 605, Boston, Massachusetts 02110-1292, and its telephone number is +1 (877) 270-7711.

 

For a discussion of our capital expenditures, see “Item 5. Operating and Financial Review and Prospectus—Liquidity and Capital Resources.”    

 

  B. Business Overview

  

We are pioneering a policy-centric approach to security and IT operations. We transform enterprises’ security operations by helping them visualize, define and enforce a unified security policy across complex, heterogeneous IT and cloud environments. Our products govern how individuals, systems and applications are permitted to communicate and provide policy-based security automation, enabling customers to reduce the time to implement complex network changes from days to minutes. Our solutions increase business agility, eliminate errors from manual processes and ensure continuous compliance through a single console. Since our inception, our solutions have been purchased by over 2,000 customers in over 70 countries, including approximately 16% of the Global 2000.


 

50 

 

 

Cybersecurity is critical for enterprises of all sizes. As enterprises embrace digital transformation and adopt new technologies such as cloud-based services, software-defined networks, microservices and containers, the IT and cloud environments become increasingly complex and vulnerable to attack. In response to the heightened threat environment, lack of a defined network perimeter and a constantly changing attack surface, enterprises continue to implement additional firewalls, endpoint security, identity and access management and other security solutions. However, we believe most enterprises lack effective and comprehensive security policy management, which results in a trade-off between the necessary security posture and business requirements for speed, agility and innovation.

 

We believe a new approach to enterprise security is necessary — a data-driven framework centered on policy management and operationalized through policy-based automation, enhancing compliance and security while improving operational efficiency. To address this need, we have developed highly differentiated technology with four main pillars, as described below.

 

Policy-centric approach. We enable enterprises to visualize, define and enforce a unified security policy that acts as the foundation of governance and control, replacing ad-hoc configurations across fragmented networks.

 

Automated network changes. We automate the network change process across complex, heterogeneous environments, increasing business agility, enabling faster application deployment and reducing human error.

 

Data-driven insights. Our approach draws data from across a customer’s IT and cloud environments, providing insights on connectivity and end-to-end visibility across the network.

 

Open and extensible framework. Our open solutions serve as a centralized control layer for our customers’ networks and can connect to a wide range of third-party technologies through application program interfaces, or APIs.

 

We offer four products that comprise the Tufin Orchestration Suite: SecureTrack, SecureChange, SecureApp and SecureCloud. SecureTrack, SecureChange and SecureApp enable enterprises to visualize, define and enforce their security policy across heterogeneous networks, both on premise and in the cloud. SecureTrack serves as the foundation of SecureChange and SecureApp. SecureTrack provides visibility across the network and helps organizations define a unified security policy and maintain compliance. SecureChange provides customers with the ability to automate changes across the network while maintaining compliance with policy and security standards. SecureApp provides application connectivity management and streamlines communication between application developers and network engineers. SecureCloud unifies cloud security policy management for container, microservices and hybrid cloud environments.
 

51 

 

 

We sell our products and services through our sales force, including our field sales team and our inside sales team, which works closely with our global network of over 171 active channel partners as of December 31, 2019. Our channel partners include distributors and resellers, as well as service delivery partners that help customers successfully deploy, configure, customize and maintain our products and services.

 

We have experienced strong growth in recent periods. For the years ended December 31, 2018 and 2019, our revenues were $85.0 million and $103.3 million, respectively, representing year-over-year growth of 22%. For the years ended December 31, 2018 and 2019, our net loss was $4.3 million and $28.1 million, respectively.

 

Industry Background

 

Enterprises that lack a comprehensive security policy are facing challenges in balancing the necessary security and risk posture with their business requirements, leaving security, network and compliance professionals overwhelmed. Several industry trends contribute to operational challenges in managing risk, as set forth below:

 

Increasing frequency and sophistication of cyberattacks. Enterprises worldwide are under constant security threat from both external cyberattackers and malicious insiders in search of sensitive information and vital systems. Cyberattackers are increasingly able to breach networks and locate and steal sensitive enterprise data. As a result, numerous enterprise boards are prioritizing and reshaping their cybersecurity approaches.

 

Growing complexity of software-defined networks. Enterprises have been undergoing a digital transformation. They are rapidly shifting on-premise workloads to cloud environments to meet the changing demands of their markets and customers. To keep pace with this transformation, enterprises design scalable and flexible workloads and connections, which increase network complexity and the velocity of changes. The rise of technologies such as microservices and containers introduces additional complexity. The growing use of these dynamic technologies has raised business expectations on agility and increased the need for a unified security approach across networks and applications.

 

52 

 

 

Accelerating pace of application development and deployment. The accelerating pace of business and technological developments requires numerous and continuous application and infrastructure changes. The rise of the DevOps model, which is a set of software development practices that allows applications and features to be rapidly developed and deployed, has led to increased release velocity. Enterprises that use manual change processes struggle to keep pace and lack policy consistency, resulting in an ever-growing backlog of changes, delayed software releases and heightened security exposure.

 

Evolving regulatory and compliance requirements. Global enterprises need to maintain compliance with a new wave of government regulations, corporate security policies and industry standards related to privacy and cybersecurity. Manual changes to network policy are difficult to track and are more likely to be non-compliant. As a result, enterprises seek cost-efficient security solutions to meet compliance requirements.

 

Legacy security approaches can no longer address cybersecurity threats in the ever-changing IT and cloud environments. Traditional security policy management approaches address governance and control, but lack critical characteristics such as a unified security policy, automation, scalability, end-to-end visibility and extensibility. We believe a new approach to enterprise security is necessary: a data-driven framework centered on policy management and operationalized through automation.

 

Our Products

 

Security and IT operations management has become an increasingly resource-intensive and high-risk task for enterprises. The accelerating pace of business and technological developments require numerous application and infrastructure changes, and enterprise networks are becoming increasingly complex. Enterprises often rely on their in-house network and security teams to manually process change requests, which increases the risk of human error and cybersecurity vulnerabilities and delays the pace of application releases.

 

53 

 

 

Enterprises use our security policy management products to create a unified security policy and give them the ability to implement accurate network changes in minutes instead of days while improving their security posture and business agility. We offer four products that comprise the Tufin Orchestration Suite: SecureTrack, SecureChange, SecureApp and SecureCloud. SecureTrack, SecureChange and SecureApp enable enterprises to unify, visualize and control their security policy across heterogeneous networks, both on premise and in the cloud. SecureCloud provides visibility and control into the security posture of cloud-native and hybrid cloud environments. 



Security Policy Automation for the Extended Enterprise

 

The Tufin Orchestration Suite provides a policy-centric solution for automatically designing, provisioning, analyzing and auditing enterprise security changes. From applications to firewalls, our products provide advanced automation capabilities to increase business agility, eliminate errors stemming from manual processes and ensure continuous compliance through a single interface. Our unified security policy empowers network and IT security teams to effectively safeguard complex, heterogeneous environments through a central security policy, which can be applied over all of their IT and cloud environments and across different platforms.

 

The majority of our customers initially purchase SecureTrack to monitor a portion of their networks. Initial product deployments frequently expand across networks, departments, divisions and geographies in response to a need for an enterprise-wide approach for security policy management, as well as the need to automate the network change process. Our “land and expand” sales strategy capitalizes on this potential. As we expanded our portfolio of solutions within the Tufin Orchestration Suite, customers have increasingly purchased SecureChange and SecureApp on top of their initial transactions.

 

54 

 

 

SecureTrack. Enterprises use SecureTrack to understand their enterprise security infrastructure and manage a wide range of devices from a central console. SecureTrack enables security administrators to define and manage a centralized security policy, minimize the attack surface and ensure continuous compliance across the network. SecureTrack also provides a foundation of our customers to use SecureChange and SecureApp, and delivers the following key benefits:

 

Policy definition. SecureTrack includes our unified security policy, which visualizes, defines and enforces a zone-to-zone segmentation policy that dictates how users, systems and applications can communicate across the entire enterprise. Our unified security policy serves as the security policy framework for the entire Tufin Orchestration Suite.

 

Security and compliance. SecureTrack provides monitoring, assessment and alerts on security and compliance risk, ensuring real-time accountability, transparency and consistency with the unified security policy. It also generates a variety of configurable audit reports that support regulatory compliance standards.

 

Visibility. SecureTrack builds a dynamic topology map of network connectivity across the enterprise and the cloud. It also provides real-time visibility into all security policy configurations and changes. This visibility enables security teams to efficiently manage configuration changes, troubleshoot problems and prepare for audits.

 

SecureChange. SecureChange is the change management and automation component of the Tufin Orchestration Suite. Enterprises use SecureChange to quickly and accurately assess, provision and verify security configuration changes across physical networks and cloud platforms, while maintaining security and compliance. SecureChange delivers the following key benefits:

 

Business agility. SecureChange increases business agility through security change automation. It automates manual change processes, giving them the ability to implement changes in minutes instead of days.

 

Security and compliance. SecureChange proactively checks every change request for risk and compliance against the unified security policy before and after changes are implemented. It also maintains comprehensive ticket and process documentation, which reduces the need for painstaking information gathering and analysis before internal and external audits.

 

Control and accuracy. SecureChange reduces inaccuracies due to human error through automated change design and provisioning for multi-vendor environments.

 

55 

 

 

SecureApp. SecureApp is the application management and secure connectivity automation component of the Tufin Orchestration Suite. Enterprises use SecureApp to define, manage and monitor network connectivity for their applications. SecureApp delivers the following key benefits:

 

Visibility and control. SecureApp provides an intuitive interface to define application-critical connectivity needs. It serves as a central repository of application connectivity requirements and indicates current connectivity status.

 

Business continuity and agility. SecureApp monitors network device configurations and alerts security administrators to changes that could affect application availability. SecureApp also provides graphical diagnostic tools that help our customers identify, troubleshoot and automatically repair connectivity issues. By providing detailed insight into an application’s connectivity needs and status, SecureApp accelerates service deployment, provides business continuity and simplifies network operations.

 

Security and compliance. SecureApp proactively creates clean, reliable network configurations. It automatically recommends policy rule changes and decommissions unnecessary network access paths that can lead to a security breach.

 

Cloud-Native Security Policy Management

 

While many enterprises see the cloud as a scalable extension of their existing data center, some are adopting the DevOps approach to cloud application development. Unlike traditional enterprise applications, in which every connectivity change is fully controlled and managed by IT, in cloud-native environments the developers and DevOps engineers typically have full administrative rights over the infrastructure. The connectivity decisions and changes made by developers in cloud-native applications, with little or no oversight by the security team, can have an immediate impact on the enterprises’ security posture.

 

We recently expanded our product suite to address cloud-native environments and applications. We announced our latest product offering, SecureCloud, in February 2020. SecureCloud combines and extends the functionality previously available in our Orca and Iris products, providing visibility and control into the security posture of cloud-native and hybrid cloud environments.

 

SecureCloud is a security policy automation service that provides the real-time visibility and control needed to ensure the security and compliance of hybrid cloud environments. Offered as a Software-as-a-Service product, SecureCloud maximizes agility and security with automated security policy orchestration to manage network complexity and automate security policy changes. SecureCloud ensures continuous compliance and enables zero trust and the acceleration of cloud adoption and digital transformation – without compromising speed or agility.

 

56 

 

 

SecureCloud delivers the following key benefits:

 

Visibility. SecureCloud scans cloud-native environments and provides clear visibility into application connectivity, taking all of the different cloud access controls into account. SecureCloud automatically discovers and visualizes all workloads, network objects, and east-west, north-south traffic flows.

 

Security and compliance. Users of SecureCloud gain confidence in knowing cloud resources and applications are properly configured and comply with security mandates to minimize risk by leveraging continuous monitoring, detection, and alerting of policy violations for fast and effective mitigation.

 

Automation. SecureCloud is used to allow DevOps teams in CI/CD environments to discover connectivity among microservices and automatically identify risks and generate security policies.

 

Zero Trust. SecureCloud provides visibility and segmentation as the basis for achieving zero trust. SecureCloud continuously monitors activities in the environment and automatically enforces microsegmentation that reduces the attack surface and enables zero trust across large, complex cloud environments.

 

Customization. SecureCloud integrates with third-party notification and security services using our publicly available open API, to fit each enterprise’s specific platforms and needs.

 

Our Technology

 

Our comprehensive security policy management solutions rely on a set of proprietary technologies that provide a high level of security, scalability and performance. Our core technologies, which serve as the foundation of both our network and cloud-based products, include analysis engines, a provisioning engine, API integrations and infrastructure technology. 

 

57 

 

Analysis Engines

 

Topology intelligence. Our topology intelligence engine uses network routing algorithms to calculate the paths between different points on the network and provides our customers with a graphic display of devices and data flows. Network administrators use our topology intelligence to quickly determine which devices and cloud platforms a network connection can traverse, which enables them to automate network path analysis and troubleshoot issues.

 

Network usage analysis engine. Our network usage analysis engine detects unused elements of a security policy by analyzing network flows and traffic hits over a specified time period. Our technology leverages an automated workflow process to decommission unnecessary access and reduce the attack surface.

 

Policy analysis engine. Our policy analysis engine calculates the expected connectivity and access behavior of network devices and cloud platforms. Security administrators can use different parameters and logic to determine in real time if supported network devices and cloud security groups will allow or block specific connections.

 

Risk and compliance analysis engines. Our risk engine proactively analyzes risk by identifying potential security violations, checking the existing configuration or the proposed access changes against the unified security policy. Our compliance analysis engine creates an audit trail in real time by automatically documenting any remedial changes.

 

58 

 

 

Our technology also provides cloud-based security automation for applications developed in CI/CD mode. Our CI/CD vulnerability scanning and compliance validation embeds security at the development and testing stage, and enables our customers’ DevOps teams to quickly identify security issues, reducing the probability of vulnerabilities in production environments.

 

Change designer engine. Our change designer engine automates enterprise security access requests. It first identifies the connection-relevant network devices and cloud platforms based on topology intelligence, and then recommends the optimal policy change based on information from the policy analysis engine. Our technology provides vendor-specific suggestions that maximize security and performance, while offering accurate configuration changes designed to be intuitive and user friendly.

 

Provisioning Engine

 

Change provisioning engine. Our technology automatically implements policy changes approved by security administrators. Our automated change provisioning engine supports all major network, security and cloud vendors. In zero-touch automation mode, our technology automatically applies recommended policy changes without the need for human intervention.

 

API Integrations

 

Extensible APIs. Our technology features a RESTful API framework to enable extensibility and interoperability with third-party systems, including ticketing and service management systems such as ServiceNow and BMC Remedy. Our professional services team, as well as our customers and partners, use the API framework to supplement the Tufin Orchestration Suite with additional functionality by integrating with the third-party security ecosystem. We integrate with leading network and cloud platforms, such as Check Point, Cisco, Fortinet, Palo Alto Networks, F5 Networks, Forcepoint, Juniper Networks, VMware, AWS, Google Cloud, Microsoft Azure and Kubernetes, to provide vendor agnostic solutions, which is key to our value proposition. In addition, we believe our technology alliance partner program, which is an ecosystem of technology partners who build certified integrations to our platform, helps to expand our common use cases.

Infrastructure Technology

 

Distributed architecture. Customers can deploy our products across multiple distributed servers. Rather than monitoring all devices and platforms from a single server, remote collectors monitor local network devices (e.g., firewalls and routers), process the raw data and upload compressed data to a central server over a secure connection. Using a fully distributed architecture, our products can easily scale to meet the demands of large organizations.

 


SaaS architecture. Our newest product, SecureCloud, is offered as Software-as-a-Service, and is able to scale up and scale out to meet the demands of various customer deployment scenarios and architectures, with built in multi-tenancy and high availability.

59 

 

 

Our Services

 

Professional Services

 

Our professional services team helps customers with product deployment, integration, customization, optimization, operation and training. We support initial product setup, implementation and configuration, and help customers integrate our products with existing third-party applications and internally developed tools. Our professional services team also helps customers define their unified security policy, model their network topology, configure workflows, discover application connectivity and deliver customized reporting according to their requirements. In addition, we provide technical training so that our customers can use our products with confidence. We also enable our authorized service delivery partners to provide similar professional services.

 

Maintenance and Support

 

We offer several levels of technical support for our products by providing customers with access to our user and partner portal, our knowledge center and our regional support centers. We provide customers with software bug repairs, system enhancements and updates, as well as access to our technical support experts. Our support engineers liaise with our product experts to diagnose and solve our customers’ technical challenges. In addition to post-sales support activities, we emphasize service readiness by coordinating with our product management team to define prerequisite product and service quality levels prior to their release. Additionally, our designated support engineers serve as ongoing, accessible customer resources.

 

Sales and Marketing

 

Sales

 

We sell our products and services through our sales force, including our field sales team and our inside sales team, which works closely with our global network of over 171 active channel partners as of December 31, 2019.

 

Our highly trained sales force is responsible for overall market development. Our sales force consists of our field sales team, which accounts for most of our sales, and our inside sales team. Our field sales team targets large organizations, which we define as those comprising the Global 2000, while our inside sales team targets mid-market companies that do not belong to the Global 2000. Within our field sales team, our regional field sales representatives develop new business relationships with our key customers, and our channel account managers support and expand existing relationships with our channel partners. Our sales engineers provide technical expertise and support, and architect our solutions to address the business needs of our customers. Our sales cycle usually lasts several months from proof of concept to purchase order, and is often longer for larger transactions. As of December 31, 2019, we had sales personnel in 22 countries. We have expanded our sales force in each of the last two fiscal years and in each of the last three fiscal quarters, and we plan to continue to do so.
  

60 

 

 

Our channel partners include distributors and resellers, as well as service delivery partners that help customers successfully deploy, configure, customize and maintain our products and services. In addition, on October 2, 2018, we launched our “Tufin as a Service” program – a consumption-based, pay-per-use services model that enables Managed Security Service Providers, or MSSPs, to offer our security policy management solutions to their customers.

 

Marketing

 

Our marketing strategy is focused on promoting brand awareness through differentiated positioning, messaging and thought leadership. We achieve this by educating the market on effective security policy change management, communicating our product advantages and business benefits, generating leads for our sales force and channel partners, and promoting our brand. We market our products and services as enterprise security policy management solutions for complex networks and cloud-based environments.

 

We execute our marketing strategy by leveraging a combination of internal marketing professionals, external marketing partners and a network of platform and technology partners. Our internal marketing enterprise is responsible for branding, digital content generation and targeted advertising through active digital channels. We actively drive thought leadership by providing community education through our online technical webinars in multiple regions. We host and sponsor demand-generation events, including our channel and technical partners’ events and our annual worldwide customer conferences, Tufinnovate, as well as local events for specific customers and prospect accounts in multiple regions. Our conferences and events demonstrate our strong commitment to enabling our partners and customers to succeed, and provide an opportunity to create a pipeline for new sales to prospective customers and additional sales to existing customers.

 

Research and Development

 

Continued investment in research and development is critical to our business. Our research and development efforts focus primarily on improving our existing products and services with additional innovative features and functionality, as well as developing new products and services. For example, we regularly release enhanced capabilities of the Tufin Orchestration Suite. We believe the timely development of new products, including both on-premise and cloud solutions, is essential to maintaining our competitive position.

 

In the years ended December 31, 2018 and 2019, our research and development expenses were $21.4 million and $31.6 million, respectively. We plan to continue investing significantly in research and development initiatives across our global innovation centers in Tel Aviv, Israel, Karmiel, Israel and Bucharest, Romania. By spreading our research and development team across multiple locations, we increase our access to highly skilled engineering talent, which provides us opportunities for evolution and growth.

 

61 

 

 

Intellectual Property

 

Our commercial success depends, in part, on our ability to protect our core technologies and other intellectual property assets. We rely on a combination of trade secrets, copyright and trademark laws, confidentiality procedures, technical know-how and continuing innovation to protect our intellectual property and maintain our competitive advantage. Our technical personnel use their skills, knowledge and experience to develop, strengthen and maintain our proprietary position in the security policy automation market. In addition, we seek to protect our intellectual property by filing Israeli, U.S. and other foreign patent applications related to our proprietary technology.

 

Our software and other proprietary information are protected by copyright on creation. Copyright registrations, which have so far not been necessary, may be sought on an as-needed basis. We also control access to and use of our proprietary software, proprietary technology and other confidential information through the use of internal and external controls, including contractual agreements containing confidentiality obligations with our employees, independent consultants, independent contractors, professional services team, partners and customers. Our confidentiality agreements are designed to protect our proprietary information, and the clauses requiring assignment of inventions are designed to grant us ownership of technologies that are developed through our relationship with the respective counterparty. We also license software from third parties for use in developing our products and for integration into our products, including open source software. Despite our efforts to protect our trade secrets and proprietary rights through intellectual property rights, confidentiality agreements and licenses (including non-disclosure and invention assignment agreements), unauthorized parties may still copy or otherwise obtain and use our intellectual property and technology.

 

As of December 31, 2019, we had registered two trademarks in the United States, three trademarks in Israel and two trademarks in the European Union, and had one pending trademark application in the United States and two pending trademark applications in Israel, as well as, one published trademark in Israel. As of December 31, 2019, we had 14 issued patents in the United States and five issued patents in Israel.
  

Competition

 

The security policy management market in which we operate is relatively new and evolving. We are a market-leading provider of enterprise security automation and management products. In many cases, our primary competition is in-house, manual, spreadsheet driven processes and homegrown approaches to security management. Our direct competitors include vendors such as AlgoSec, Inc., FireMon, LLC and Skybox Security LLC that offer solutions that compete with all or some of our products or product features. We also indirectly compete with large IT companies that offer a broad array of traditional security management solutions, such as Symantec Corporation and Cisco Systems, Inc., for a share of enterprises’ IT security budgets.
  

62 

 

 

As our market further develops, we anticipate that competition will increase based on customer demand for security automation and management solutions. Furthermore, we believe enterprises will allocate an increasing portion of their IT security budgets, and specifically security management spending, to operational security and automation solutions.

 

The principal competitive factors in our market include:

 

security change automation;

 

multi-vendor integration and heterogeneous network topology;

 

application connectivity in modern IT and cloud environments;

 

efficacy in provisioned and cloud-native environments;

 

suitability for DevOps processes and microservice architectures;

 

scalability and overall performance; and

 

strong relationships with existing IT vendors.

 

Our Customers

 

Since our inception, our solutions have been purchased by over 2,000 customers in over 70 countries, including approximately 16% of the Global 2000. We sell substantially all of our products and services through our global network of channel partners, including distributors and resellers, who then sell to end-user customers. For the years ended December 31, 2018 and 2019, our two largest channel partners accounted for 13% and 10% of our revenues and 15% and 9% of our revenues, respectively. Our agreements with these channel partners provide that each partner agrees to sell and distribute our products within certain territories for one year. These agreements are nonexclusive and non-transferable, and automatically renew unless terminated by either party after providing prior written notice.

 

When analyzing our business, we refer to end-user customers as our customers throughout this annual report, even if our direct commercial relationship is with a channel partner. Our customers include leading enterprises across a broad range of geographies in a diverse set of industries, including financial services, telecommunications, automotive, manufacturing, energy, healthcare and pharmaceuticals, technology, government, retail and business services.

 

63 

 

 

Our diverse global footprint is evidenced by the fact that, for the year ended December 31, 2019, we generated 55%, 40% and 5% our revenues from customers in the Americas, EMEA and APAC, respectively.

 

Properties

 

Our corporate headquarters are located in Tel Aviv, Israel in an office consisting of approximately 62,859 square feet, where we employ our primary research and development team and a portion of our support and general administrative teams. The lease for this office expires January 31, 2029 (with an option to extend until January 31, 2034). Our U.S. headquarters are located in Boston, Massachusetts in an office consisting of approximately 3,214 rentable square feet, where we employ a portion of our marketing and general administrative teams. The lease for this office expires in December 31, 2023. On August 28, 2019, we signed a lease for an office in Boston, Massachusetts consisting of approximately 8,982 rentable square feet. We relocated to our new office in Boston during the first quarter of 2020. We also lease an office in Karmiel, Israel (which serves as a research and development site), Akron, Ohio (which hosts the Americas technology support, professional services and inside sales teams) and Reading, England (which hosts the European inside sales team). We believe our facilities are sufficient to meet our current needs and anticipate that suitable additional space will be readily available to accommodate any foreseeable expansion of our operations.

 

Seasonality

 

We generally expect an increase in business activity as we approach our fiscal year end in December, driven by our customers’ buying patterns. We believe that these seasonal trends will continue to affect our quarterly results. Large individual sales have, in some cases, occurred in quarters subsequent to those we anticipated or have not occurred at all. The loss or delay of one or more large transactions in a quarter could impact our anticipated results of operations for that quarter and future quarters for which revenues from that transaction is delayed.

 

Legal Proceedings

 

See “Item 8.A. Financial Information—Consolidated Financial Statements and Other Financial Information—Legal Proceedings.”  

 

  C. Organizational Structure

  

The legal name of our company is Tufin Software Technologies Ltd. and we are organized under the laws of the State of Israel. We have six wholly-owned subsidiaries:

 

Name of Subsidiary   Place of Incorporation
Tufin Software North America Inc.   Delaware, United States
Tufin Software Europe Limited   United Kingdom
Tufin Software France SARL   France
Tufin Software Germany GmbH   Germany
Tufin Software Australia Pty Ltd   Australia
Tufin Software SRL   Romania

  

64 

 

 

  D. Property, Plants and Equipment

  

See “Item 4.B. Business Overview—Properties” for a discussion of property, plants and equipment.  

 

ITEM 4A. UNRESOLVED STAFF COMMENTS

  

Not applicable.  

 

ITEM 5. OPERATING AND FINANCIAL REVIEW AND PROSPECTS

  

Company Overview 

 

We are pioneering a policy-centric approach to security and IT operations. We transform enterprises’ security operations by helping them visualize, define and enforce a unified security policy across complex, heterogeneous IT and cloud environments. Our products govern how individuals, systems and applications are permitted to communicate and provide policy-based security automation, enabling customers to reduce the time to implement complex network changes from days to minutes. Our solutions increase business agility, eliminate errors from manual processes and ensure continuous compliance through a single console. Since our inception, our solutions have been purchased by over 2,000 customers in over 70 countries, including approximately 16% of the Global 2000.

 

We generate revenues from sales of our products and associated maintenance and professional services. We primarily sell our software through perpetual license agreements and, to a lesser extent, term-based license agreements. Our products offer the same functionality whether our customers receive them through a perpetual or term-based license. Our agreements with customers for software licenses include maintenance contracts and may also include professional services contracts. Maintenance revenues consist of fees for providing software updates and technical support for our products for a specified term, which is typically one or three years. We offer a portfolio of professional services and extended support contract options to assist our customers with integration, customization, optimization, training and ongoing advanced technical support.

 

65 

 

 

Our goal is to provide significant benefits to customers seeking to enforce enterprise-wide security policies and automate network change process, which we believe will enable us to maximize the lifetime value of our customers. We believe our existing customers serve as a strong source of incremental revenues given our multiple product offerings and the growing complexity of IT and cloud environments and networks. Our products provide customers the flexibility to initially deploy one or more of our products in all or parts of their IT and cloud environments, and further expand deployment as they purchase additional products or cover additional parts of their IT and cloud environments. We believe our “land and expand” sales strategy capitalizes on this potential. We make significant investments in acquiring new customers and expect to achieve a favorable return on investments by maintaining a high level of customer retention, which we define as our maintenance renewal rate. We calculate our maintenance renewal rate by taking the total prior period maintenance revenues from customers that have renewed in the trailing 12-month period and dividing that figure by our total prior period maintenance revenues for all customers with contracts that were up for renewal in the trailing 12-month period. For each of the years ended December 31, 2018 and 2019, our maintenance renewal rate was over 90%. Our new business from existing customers, including new licenses for our products and attached maintenance and professional services contracts, constitutes a significant part of our revenues, accounting for 60% and 66% of our total revenues from new business in the years ended December 31, 2018 and 2019, respectively.

 

We believe our diverse global footprint provides a significant growth opportunity. We aim to continue to expand our business globally, particularly in the Americas and EMEA. In the year ended December 31, 2019, we generated 55% of our revenues from customers in the Americas and 40% of our revenues from customers in EMEA.

 

We expect sales in the Americas to continue to account for a majority of our revenues. Our customers include leading enterprises across a broad range of geographies in a diverse set of industries, including financial services, telecommunications, automotive, manufacturing, energy, healthcare and pharmaceuticals, technology, government, retail and business services. We believe our expansion within the Global 2000 is a key indicator of our market penetration and the value that our products provide to large customers.
  
We sell our products and services through our sales force, including our field sales team and our inside sales team, which works closely with our global network of over 171 active channel partners as of December 31, 2019. Our highly trained sales force is responsible for overall market development. Our sales force consists of our field sales team, which accounts for most of our sales, and our inside sales team. Our field sales team targets large organizations, which we define as those comprising the Global 2000, while our inside sales team targets mid-market companies that do not belong to the Global 2000. Within our field sales team, our regional field sales representatives develop new business relationships with our key customers, and our channel account managers support and expand existing relationships with our channel partners. Our sales engineers provide technical expertise and support, and architect our solutions to address the business needs of our customers. Our sales cycle usually lasts several months from proof of concept to purchase order, and is often longer for larger transactions. As of December 31, 2019, we had sales personnel in 22 countries. We have expanded our sales force in each of the last two fiscal years and in each of the last three fiscal quarters, and we plan to continue to do so.
 

 

66 

 

 

Our channel partners include distributors and resellers, as well as service delivery partners that help customers successfully deploy, configure and maintain our products and services. We sell substantially all of our products and services through our global network of channel partners, who then sell to end-user customers. When analyzing our business, we refer to end-user customers as our customers throughout this annual report even if our direct commercial relationship is with a channel partner. We consider our channel partners active if they have sold our products or services in the trailing 12-month period.

 

We integrate with leading network and cloud platforms, such as Check Point, Cisco, Fortinet, Palo Alto Networks, F5 Networks, Forcepoint, Juniper Networks, VMware, AWS, Google Cloud, Microsoft Azure and Kubernetes, to provide vendor agnostic solutions, which is key to our value proposition. In addition, we believe our technology alliance partner program, which is an ecosystem of technology partners who build certified integrations to our platform, helps to expand our common use cases.
 

We have been growing our business consistently over the last several years. Our revenue growth is attributable to sales to new enterprise customers and incremental sales to existing customers. For the years ended December 31, 2018 and 2019, our revenues were $85.0 million and $103.3 million, respectively, representing year-over-year growth of 22%.  

 

  A. Operating Results

      

Key Factors Affecting Our Performance

 

We believe the growth of our business and our future success depends on a number of factors, including the following:  

 

Number of Customers. We believe the size of our customer base is an indicator of our market penetration and our net customer additions are an indicator of the growth of our business and future revenue opportunity. We believe we have a significant opportunity to expand our footprint through new installations and displacement of our competitors’ solutions. To do so, we plan to continue to grow our sales team, leverage our channel partner relationships and enhance our marketing efforts.

 

We believe organizations choose us for our customer-first approach, continuing innovation and seamless integration with third-party technologies.

 

We define a customer as a distinct entity, division or business unit of a company that has purchased our products or services and is eligible to receive maintenance and support. Since our inception, our solutions have been purchased by over 2,000 customers in over 70 countries, including approximately 16% of the Global 2000. As of December 31, 2018 and 2019, we had 1,566 and 1,679 active customers, respectively.  

 

67 

 

 

Sales to Existing Customers. We believe our existing customers provide a significant source of revenue growth. We derive an increasing portion of our revenues from existing customers. For example, during the years ended December 31, 2018 and 2019, we generated approximately 60% and 66% of our revenues, respectively, excluding maintenance renewals, from sales to existing customers.

 

Maintenance Renewal Rates. We believe our maintenance renewal rates are an important metric to measure our ability to provide significant value to our existing customers. We generate incremental maintenance revenues when our customers renew their maintenance contracts. We measure the maintenance renewal rate of our customers over a trailing 12-month period, based on a dollar renewal rate of contracts expiring during that time period. For each of the years ended December 31, 2018 and 2019, our maintenance renewal rate was over 90%. Our key strategies to maintain our renewal rate include continuing to provide more valuable features and network device coverage in our product updates, focusing on the quality and reliability of our customer service and support and ensuring our customers receive value from our products.

  

68 

 

 

Sales to Large Organizations. In the year ended December 31, 2019, large organizations, which we define as those comprising the Global 2000, accounted for 68% of our revenues, compared to 66% of our revenues in the year ended December 31, 2018, in each case excluding maintenance renewals. Sales to large organizations involve a distinct set of opportunities and challenges. Large organizations sales are characterized by longer sales cycles and additional time and resources spent on a potential customer.

 

For the years ended December 31, 2018 and 2019, the average spend for all customers, excluding maintenance renewals, was $119,000 and $122,000, respectively. During those years, the average spend for Global 2000 customers, excluding maintenance renewals, was $201,000 and $187,000, respectively; and the average spend for non-Global 2000 customers, excluding maintenance renewals, was $66,000 and $70,000, respectively. We define average spend as total sales, excluding maintenance renewals, for the relevant customer group (i.e., all customers, Global 2000 customers or non-Global 2000 customers) divided by the number of customers belonging to such customer group.

       

69 

 

 

Seasonality. We generally expect an increase in business activity in the fourth quarter, driven by our customers’ buying patterns. We believe that these seasonal trends will continue to affect our quarterly results. The loss or delay of one or more large transactions in a quarter could impact our anticipated results of operations for that quarter and future quarters for which revenues from that transaction is delayed.

  

Components of Statements of Operations

 

Revenues

 

We derive our revenues from the following:

 

Product Revenues. We generate product revenues from sales of our software licenses and third-party hardware to new customers and sales of additional licenses and third-party hardware to existing customers. We generate the vast majority of our revenues through sales of software with less than 5% of our revenues generated through sales of third-party hardware. We primarily sell our software through perpetual license agreements and, to a lesser extent, term-based license agreements. Beginning on January 1, 2017, we adopted ASC 606. As a result, we recognize revenues from software sold through term-based license agreements upfront, upon delivery. As a percentage of total revenues, we expect our product revenues to vary from quarter to quarter based on seasonal and cyclical factors. We are focused on acquiring new customers as well as increasing product revenues from our existing customers.

 

Maintenance and Professional Services Revenues. We generate maintenance and professional services revenues by selling maintenance contracts and, to a lesser extent, by providing professional services to our customers. Maintenance includes software updates and technical support. Our contracts with customers for software licenses include maintenance for a specified term. We recognize revenues associated with maintenance on a straight-line basis over the specified maintenance period. Professional services consist of deployment services for our products, and implementation of our solutions and their integration in the customer’s environment.

 

We recognize revenues associated with professional services as we perform the services. As a percentage of total revenues, we expect our maintenance and professional services revenues to vary from quarter to quarter based on fluctuations in license sales, maintenance renewal rates, professional services attach rates and cyclical factors. The increase in maintenance is attributable to the growth in our software license sales to new and existing customers.

 

See Note 2 to our consolidated financial statements “Significant Accounting Policies—Revenue recognition” for more information. 

 

70 

 

 

Geographic Breakdown of Revenues

 

The following table sets forth the geographic breakdown of our revenues by region for the periods indicated:

  

   
Year ended December 31,
 
   
2017
   
2018
   
2019
 
   
Amount
   
%
   
Amount
   
%
   
Amount
   
%
 
   
(in thousands)
 
Americas          
 
$
35,020
     
54.3
%
 
$
48,267
     
56.8
%
 
$
56,848
     
55.1
%
EMEA          
   
26,099
     
40.4
     
32,595
     
38.4
     
40,903
     
39.6
 
APAC          
   
3,421
     
5.3
     
4,119
     
4.8
     
5,519
     
5.3
 
Total          
 
$
64,540
     
100.0
%
 
$
84,981
     
100.0
%
 
$
103,270
     
100
%


The Americas accounted for the majority of our revenues in each of the years ended December 31, 2018 and 2019. EMEA also accounted for a significant portion of our revenues in each of the years ended December 31, 2018 and 2019, with revenues generated in Germany representing 25% and 30%, respectively, of EMEA revenues.

 

Cost of Revenues and Gross Profit

 

Our total cost of revenues is comprised of the following:

 

Cost of Product Revenues. Cost of product revenues consist primarily of personnel costs (including share-based compensation) associated with the processing and delivery of our software licenses to customers and, to a lesser extent, the purchase and delivery of third-party hardware, as well as other overhead costs. There is no direct cost of revenues associated with our software products because we deliver our software products electronically. Electronic delivery occurs when we provide the customer with access to the software and license key via a secure portal. Our cost of product revenues is primarily impacted by the number of personnel involved in the delivery of our products, as well as our third-party hardware revenues. We expect our cost of product revenues to be impacted by the infrastructure and operational costs associated with delivering our SecureCloud product.
  

Cost of Maintenance and Professional Services Revenues. Cost of maintenance and professional services revenues consist primarily of personnel costs for those responsible for providing maintenance and support and professional services to our global customer base. Such personnel costs consist of salaries, benefits, bonuses and share-based compensation. We expect our cost of maintenance and professional services revenues to continue to increase in absolute dollars as we hire additional professional services and technical support personnel to support our business.

 

Gross profit is total revenues less total cost of revenues. Gross margin is gross profit expressed as a percentage of total revenues. Our gross margin fluctuates from quarter-to-quarter based on the mix of product revenues and maintenance and professional services revenues. We expect our gross margins to continue to fluctuate.

 

71 

 

Operating Expenses

 

Our operating expenses consist of research and development expenses, sales and marketing expenses and general and administrative expenses. For each category, personnel costs are the most significant component of our operating expenses. Personnel costs consist of salaries and employee benefits (including vacation expenses, bonuses and share-based compensation). Sales commissions account for a significant portion of our sales and marketing compensation costs. We expect personnel and all allocated overhead costs to continue to increase in absolute dollars as we hire new employees and add facilities to accommodate our growing personnel and business.

 

Research and Development. Research and development expenses consist primarily of personnel costs attributable to our research and development personnel, subcontractors and consultants, as well as allocated overhead costs. We expense research and development expenses as incurred. We expect that our research and development expenses will continue to increase in absolute dollars as we increase our research and development headcount to further strengthen our technology platform and invest in the development of existing and new products.

 

Sales and Marketing. Sales and marketing expenses are the largest component of our operating expenses and consist primarily of personnel costs, including variable compensation, as well as travel expenses, marketing and business development costs (including marketing campaigns, tradeshows and recruitment) and allocated overhead costs. We expect sales and marketing expenses will continue to increase in absolute dollars and account for the majority of our operating costs as we expand our international sales and marketing efforts.

 

General and Administrative. General and administrative expenses consist primarily of personnel costs for our executive, finance, IT, human resources, legal and administrative personnel. General and administrative expenses also include external legal, accounting and other professional service fees. We expect that general and administrative expenses will increase in absolute dollars and as a percentage of revenues in the near term as we grow and expand our operations and operate as a public company, including higher legal, corporate insurance, investor relations and accounting expenses, and the additional costs of achieving and maintaining compliance with the Sarbanes-Oxley Act and related regulations.

 

Financial Income (Loss), Net

 

Financial income (loss), net, consists primarily of bank charges, interest paid on our long-term loan, interest earned on our cash, cash equivalents and restricted bank deposits, and foreign currency exchange fluctuations. Foreign currency exchange fluctuations reflect gains or losses related to transactions denominated in currencies other than the U.S. dollar, particularly the NIS, the Euro and the GBP. As a result of our global presence, we expect to continue to incur expenses in currencies other than the U.S. dollar. As such, we expect our exposure to fluctuations in foreign currencies to continue.

 

72 

 

Taxes on Income

 

The standard corporate tax rate in Israel for 2018 and thereafter was 23%. We have net operating loss carry forwards. As of December 31, 2019, our net operating loss carry forwards for Israeli tax purposes amounted to approximately $41 million. Under Israeli law, net operating losses can be carried forward indefinitely and offset against certain future taxable income. We expect that if or when we become profitable, we will generate the substantial majority of our taxable income in Israel. However, no tax benefit was recorded for the years ended 2017, 2018 and 2019 for the deferred tax assets of the Israeli entity, since we have recorded a full valuation allowance against these deferred tax assets which are less likely than not to be realized.

 

In addition, we are entitled to tax benefits under the Investment Law in Israel in respect of our status as a Benefited Enterprise. Under the Investment Law, our effective tax rate to be paid with respect to our Israeli taxable income as a Benefited Enterprise may be lower than the standard corporate tax rate. The tax benefit period for the Benefited Enterprise program under the Investment Law is expected to end in 2022. The availability of these tax benefits is subject to certain requirements, including making specified investments in property and equipment, and financing a percentage of investments with share capital. If we do not meet these requirements in the future, the tax benefits may be canceled and we could be required to refund any tax benefits that we have already received.

 

Our U.S. and European subsidiaries currently generate taxable income in the United States and Europe. To the extent that we generate taxable income in Israel, our effective tax rate will be a weighted average rate based on the applicable U.S., European and Israeli tax rates.

 

Comparison of Period to Period Results of Operations

 

Results of Operations

 

The following tables summarize our results of operations in dollars and as a percentage of our total revenues for the periods indicated. The period-to-period comparison of results is not necessarily indicative of results for future periods.

 

73 

 

 

 

Year ended December 31,

 

 

 

2018

 

 

2019

 

 

 

Amount

 

 

%

 

 

Amount

 

 

%

 

 

 

(Dollars in thousands)

 

Revenues:

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Product

 

$

42,554

 

 

 

50.1

%

 

$

47,365

 

 

 

45.9

%

Maintenance and professional services

 

 

42,427

 

 

 

49.9

 

 

 

55,905

 

 

 

54.1

 

Total revenues

 

 

84,981

 

 

 

100.0

 

 

 

103,270

 

 

 

100.0

 

Cost of revenues:

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Product

 

 

2,324

 

 

 

2.7

 

 

 

2,716

 

 

 

2.6

 

Maintenance and professional services

 

 

11,112

 

 

 

13.1

 

 

 

17,141

 

 

 

16.6

 

Total cost of revenues(1)

 

 

13,436

 

 

 

15.8

 

 

 

19,857

 

 

 

19.2

 

Gross profit

 

 

71,545

 

 

 

84.2

 

 

 

83,413

 

 

 

80.8

 

Operating expenses:

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Research and development(1)

 

 

21,363

 

 

 

25.1

 

 

 

31,571

 

 

 

30.6

 

Sales and marketing(1)

 

 

46,092

 

 

 

54.2

 

 

 

63,981

 

 

 

62.0

 

General and administrative(1)

 

 

6,022

 

 

 

7.1

 

 

 

14,884

 

 

 

14.4

 

Total operating expenses

 

 

73,477

 

 

 

86.5

 

 

 

110,436

 

 

 

106.9

 

Operating loss

 

$

(1,932

)

 

 

(2.3

)

 

$

(27,023

)

 

 

(26.1

)

Financial income (loss), net

 

 

(1,047

)

 

 

(1.2

)

 

 

(85

)

 

 

(0.1

)

Loss before taxes on income

 

$

(2,979

)

 

 

(3.5

)

 

$

(27,108

)

 

 

(26.2

)

Taxes on income

 

 

(1,283

)

 

 

(1.5

)

 

 

(1,011

)

 

 

(1.0

)

Net loss

 

$

(4,262

)

 

 

(5.0

)%

 

$

(28,119

)

 

 

(27.2

)%

 

(1)

Includes share-based compensation expense as follows:

 

 

 

Year ended December 31,

 

 

 

2018

 

 

2019

 

 

 

(in thousands)

 

Share-based Compensation Expense:

 

 

 

 

 

 

Cost of revenues

 

$

634

 

 

$

1,514

 

Research and development

 

 

731

 

 

 

2,370

 

Sales and marketing

 

 

1,458

 

 

 

4,849

 

General and administrative

 

 

358

 

 

 

2,194

 

Total share-based compensation expenses

 

$

3,181

 

 

$

10,927

 

 

74 

 

Comparison of the Years Ended December 31, 2018 and 2019

 

Revenues 

 

 

 

Year ended December 31,

 

 

 

 

 

 

 

 

 

2018

 

 

2019

 

 

Change

 

 

 

Amount

 

 

Amount

 

 

Amount

 

 

%

 

 

 

(Dollars in thousands)

 

 

 

 

Revenues:

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Product

 

$

42,554

 

 

$

47,365

 

 

$

4,811

 

 

 

11.3

%

Maintenance and support

 

 

37,155

 

 

 

46,019

 

 

 

8,864

 

 

 

23.9

 

Professional services

 

 

5,272

 

 

 

9,886

 

 

 

4,614

 

 

 

87.5

 

Total revenues

 

$

84,981

 

 

$

103,270

 

 

$

18,289

 

 

 

21.5

%

 

Revenues increased by $18.3 million, or 21.5%, from $85.0 million in 2018 to $103.3 million in 2019. This growth was achieved primarily due to increased sales of our products and services from existing customers, which accounted for $18.2 million of this increase, across all regions and was most pronounced in EMEA.

 

Product revenues increased by $4.8 million, or 11.3%, from $42.6 million in 2018 to $47.4 million in 2019. This increase was driven by increased sales volumes to existing customers, which increased by $7.8 million. The substantial majority of our product revenues was attributable to sales of perpetual licenses.

 

Maintenance and support revenues grew by $8.9 million, or 23.9%, from $37.2 million in 2018 to $46.0 million in 2019.  This increase was driven by increased sales of maintenance and support services to new businesses, which accounted for $4.6 million of this increase, and renewals, which accounted for $4.3 million of this increase.

  

Professional services revenues increased by $4.6 million, or 87.5%, from $5.3 million in 2018 to $9.9 million in 2019. This increase was attributable to the expansion of our professional services teams in order to achieve faster delivery times and improved services.

 

Cost of Revenues 

 

 

 

Year ended December 31,

 

 

 

 

 

 

 

 

 

2018

 

 

2019

 

 

Change

 

 

 

Amount

 

 

Amount

 

 

Amount

 

 

%

 

 

 

(Dollars in thousands)

 

 

 

 

Cost of revenues:

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Product

 

$

2,324

 

 

2,716

 

 

$

392

 

 

16.9

%

Maintenance and professional services

 

 

11,112

 

 

17,141

 

 

 

6,029

 

 

54.3

 

Total cost of revenues

 

$

13,436

 

 

19,857

 

 

$

6,421

 

 

47.8

%

 

 

75 

 

 

Cost of revenues increased by $6.4 million, or 47.8%, from $13.4 million in 2018 to $19.9 million in 2019. This increase was primarily driven by the increase in compensation costs and related overhead associated with the increase in services, support and fulfillment employees. As of December 31, 2018 and 2019, the number of our services, support and fulfillment employees was 75 and 98, respectively. 

Cost of product revenues increased by $0.4 million, or 16.9%, from $2.3 million in 2018 to $2.7 million in 2019.

 

Cost of maintenance and professional services revenues increased by $6.0 million, or 54.3%, from $11.1 million in 2018 to $17.1 million in 2019. The increase in cost of maintenance and professional services revenues was driven primarily by an increase in personnel costs and related overhead expenses as we grew our technical support and professional services headcount to support our increased sales.

 

Gross Profit 

 

 

 

Year ended December 31,

 

 

 

 

 

 

2018

 

 

2019

 

 

Gross Profit Change

 

 

 

Gross Profit

 

 

Gross Margin

 

 

Gross Profit

 

 

Gross Margin

 

 

Amount

 

 

%

 

Gross profit

 

$

71,545

 

 

 

84.2

%

 

$

83,413

 

 

 

80.8

%

 

$

11,868

 

 

 

16.6

%

 

Gross profit increased by $11.9 million, or 16.6%, from $71.5 million in 2018 to $83.4 million in 2019. Gross margins decreased from 84.2% to 80.8% during the same period. This decrease was driven by our costs of revenues increasing by a larger percentage than our revenues, primarily due to increased headcount to support faster deployment of our solutions.

 

Operating Expenses 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Year ended December 31,

 

 

 

 

 

 

2018

 

 

2019

 

 

Change

 

 

 

Amount

 

 

Amount

 

 

Amount

 

 

%

 

 

 

(Dollars in thousands)

 

 

 

 

Operating expenses:

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Research and development

 

$

21,363

 

 

$

31,571

 

 

$

10,208

 

 

47.8

%

Sales and marketing

 

 

46,092

 

 

 

63,981

 

 

 

17,889

 

 

38.8

 

General and administrative

 

 

6,022

 

 

 

14,884

 

 

 

8,862

 

 

147.2

 

Total operating expenses

 

$

73,477

 

 

$

110,436

 

 

$

36,959

 

 

50.3

%

 

Operating expenses increased by $37.0 million, or 50.3%, from $73.5 million in 2018 to $110.4 million in 2019.

 

Research and Development. Research and development expenses increased by $10.2 million, or 47.8%, from $21.4 million in 2018 to $31.6 million in 2019. This increase was primarily attributable to an increase of $7.7 million in compensation expenses, which includes a $1.6 million increase in share-based compensation expense, as we grew our research and development team from 152 at the end of 2018 to 187 at the end of 2019 in order to enhance and further develop our existing and new products. The increase was also partially attributable to an increase of $2.2 million in allocated overhead costs.

 

76 

  

Sales and Marketing. Sales and marketing expenses increased by $17.9 million, or 38.8%, from $46.1 million in 2018 to $64.0 million in 2019. This increase was attributable to a $13.5 million increase in compensation expenses, which includes a $3.4 million increase in share-based compensation expense, as we grew our sales and marketing organization from 166 at the end of 2018 to 223 at the end of 2019, and a $1.6 million increased investment in marketing programs compared to 2018. The remainder of the increase is primarily attributable to travel expense and costs related to marketing activities.

  

General and Administrative. General and administrative expenses increased by $8.9 million, or 147.2%, from $6.0 million in 2018 to $14.9 million in 2019. This increase was primarily attributable to an increase of $4.8 million in compensation costs, which includes a $1.9 million increase in share-based compensation expense due to increased headcount associated with becoming a public company, coupled with a $1.9 million increase in accounting and legal expenses, including those associated with our initial public offering and secondary offering.

 

Financial Loss, Net 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Year ended December 31,

 

 

 

 

 

 

2018

 

 

2019

 

 

Change

 

 

 

Amount

 

 

Amount

 

 

Amount

 

 

%

 

 

 

(Dollars in thousands)

 

 

 

 

Financial loss, net

 

$

(1,047

)

 

$

(85

)

 

$

962

 

 

 

(91.9

%)

 

Financial loss, net decreased from financial loss, net of $1.0 million in 2018 to a financial loss, net of $0.1 million in 2019. Our financial loss was impacted by exchange rate fluctuations in the foreign currencies against the U.S. dollar and our derivatives and hedging activities, which resulted in a loss of $0.8 million in 2018 and 2019. The decrease of the financial loss was primarily due to $0.9 million interest income earned on our cash balances in 2019 compared to $0.2 million interest expense incurred in 2018 due to a bank loan that we repaid in 2019.

 

Taxes on Income 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Year ended December 31,

 

 

 

 

 

 

2018

 

 

2019

 

 

Change

 

 

 

Amount

 

 

Amount

 

 

Amount

 

 

%

 

 

 

(Dollars in thousands)

 

 

 

 

Taxes on income

 

$

(1,283

)

 

$

(1,011

)

 

$

272

 

 

 

21.2

%

 

77 

 

Taxes on income decreased from a tax expense of $1.3 million in 2018 to a tax expense of $1.0 million in 2019. Our effective tax rate was primarily impacted by our diverse geographic mix of earnings and losses, as well as our full valuation allowance against potential future benefits for deferred tax assets of our Israeli entity, including loss carryforwards generated in Israel. In addition, our effective tax rate is based on recurring factors, including the geographic mix of foreign taxable income and loss, as well as nonrecurring items that may not be predictable. See Note 11 to our consolidated financial statements included elsewhere in this annual report for a full reconciliation of our effective tax rate to the Israeli statutory rate of 23% and for further explanation of our provision for income taxes.

 

Application of Critical Accounting Policies and Estimates

 

Our consolidated financial statements have been prepared in accordance with GAAP. The preparation of these consolidated financial statements requires us to make estimates and assumptions that affect the reported amounts of assets, liabilities, revenue, expenses, and related disclosures. We base our estimates on historical experience and on various other assumptions that we believe are reasonable under the circumstances. We evaluate our estimates and assumptions on an ongoing basis. Actual results may differ from these estimates. To the extent that there are material differences between these estimates and our actual results, our future financial statements will be affected.

 

The critical accounting policies requiring estimates, assumptions, and judgments that we believe have the most significant impact on our consolidated financial statements are described below.

 

Revenue Recognition

 

Effective January 1, 2017, we elected to early adopt Accounting Standards Codification 606, Revenue from Contracts with Customers, or ASC 606, on a modified retrospective basis. The revenue recognition accounting policies and estimates described below reflect the adoption of ASC 606. For additional information on our adoption of ASC 606, see Note 2 to our consolidated financial statements included elsewhere in this annual report. We determine the appropriate revenue recognition for our contracts with customers by analyzing the type, terms and conditions of each contract. We classify the revenue components as products according to the attributes of the underlying components.

 

We sell our on-premises software licenses through both perpetual and, to a lesser extent, term-based license agreements. Our products offer the same functionality whether our customers receive them through a perpetual or term-based license. We deliver our software licenses electronically. Electronic delivery occurs when we provide the channel partner or customer with access to our software and license key via a secure portal. We generally recognize revenues from on-premises software licenses upfront when we make the software available to the channel partner or, if we are selling directly, customer. We recognize hardware sales upon delivery.

 

78 

 

We generally recognize revenues from software sold through term-based license agreements upfront, upon delivery to the channel partner or, if we are selling directly, customer. We defer the associated maintenance revenues and recognize them over the contract period. Assuming we expect to recover the costs, we capitalize all incremental costs we incur to obtain a contract with a customer that we would not have incurred if we had not obtained the contract. We include amortization expense in sales and marketing expenses in our consolidated statements of operations. We amortize costs incurred in obtaining a contract as a sales and marketing expense on a straight-line basis over the expected period of benefit. We periodically review these costs for impairment.

 

Our contract payment terms typically range between 30 and 120 days. We assess collectability based on several factors, including collection history.

 

Our contracts with customers for software licenses include maintenance and may also include training and/or professional services. Maintenance consists of fees for providing software updates and technical support for our products for a specified term. We recognize maintenance revenues ratably over the contractual service period. We bill for professional services on a fixed fee basis and recognize revenues as we perform the services. We defer payments received in advance of services performed and recognize such payments when we perform the related services.

 

In contracts with multiple performance obligations, we account for individual performance obligations separately if they are distinct. We allocate the transaction price to each performance obligation based on its relative standalone selling price out of the total consideration of the contract. For maintenance and support contracts, we determine the standalone selling price based on the price at which we separately sell a renewal contract. We determine the standalone selling price for sales of licenses using the residual approach. For professional services, we determine the standalone selling prices based on the price at which we separately sell those services.

 

Share-Based Compensation

 

We measure and recognize share-based compensation expense in our consolidated financial statements based on the grant date fair value of the award. We recognize the grant date fair value of the award as an expense based on the straight-line method over the requisite service periods in our consolidated statements of operations.

 

We estimated the grant date fair value of share options for the years ended December 31, 2018 and 2019 using the Black-Scholes option-pricing model. Our use of the Black-Scholes option-pricing model requires the input of highly subjective assumptions, including estimated fair value of our ordinary share price, expected share price volatility and expected term.

 

79 

 

Because our shares were not publicly traded prior to our initial public offering, we estimated the fair value of options granted to employees and non-employees at the date of grant using a number of objective and subjective factors consistent with the methodologies outlined in the American Institute of Certified Public Accountants Practice Aid, Valuation of Privately-Held-Companies Equity Securities Issued as Compensation, and based on independent third-party valuations that we obtained on a periodic basis. Following our initial public offering on April 11, 2019, our ordinary shares are publicly traded, and therefore we currently base the value of our ordinary shares on their market price.

 

Risk-Free Interest Rate. We base the risk-free interest rate on the implied yield on currently available U.S. treasury zero-coupon securities with a remaining term equal to the expected life of our options.

 

Dividend Yield. We base dividend yield on our historical experience and expectation of no future dividend payouts. We have historically not paid cash dividends and have no foreseeable plans to pay cash dividends in the future.

 

Expected Volatility. We base expected share price volatility on the historical volatility of the ordinary shares of comparable companies that are publicly traded.

 

Expected Term. The expected term of options granted represents the period of time that options granted are expected to be outstanding. We estimate the fair value of our ordinary shares underlying our share-based awards using the income approach.

 

Any changes in these highly subjective assumptions would significantly impact our share-based compensation expense.

 

Research and Development Costs

 

ASC 985 requires capitalization of certain software development costs subsequent to the establishment of technological feasibility.

 

Based on our product development process, technological feasibility is established upon completion of a working model. We do not incur material costs between the completion of the working model and the point at which the products are ready for general release. Therefore, research and development costs are charged to the statement of operations as incurred.

 

Income Taxes

 

We account for income taxes using the asset and liability approach, which requires the recognition of taxes payable or refundable for the current year and the deferred tax liabilities and assets for the future tax consequences of events that we have recognized in our financial statements or tax returns.

 

80 

 

We measure current and deferred tax liabilities and assets based on provisions of the relevant tax law. We reduce the measurement of deferred tax assets, if necessary, by the amount of any tax benefits that we do not expect to realize. We classify interest and penalties relating to uncertain tax positions within taxes on income.

 

Accounts Receivable

 

We present accounts receivable in our consolidated balance sheets net of allowance for doubtful accounts. We estimate the collectability of accounts receivable balances and adjust its allowance for doubtful accounts based on past write-offs and collections, current credit conditions and the age of the balances. We evaluate a number of factors to assess collectability, including an evaluation of the creditworthiness of the specific customer, past due amounts, payment history, and current economic conditions. When revenue recognition criteria are not met for a sale transaction that has been billed, we do not recognize deferred revenues on our balance sheet or the related account receivable.

 

Derivative Instruments

 

We carry out transactions involving foreign currency exchange derivative financial instruments. These transactions are designed to hedge our exposure in currencies other than the U.S. dollar, and are not designated as an accounting hedge. We are primarily exposed to foreign exchange risk with respect to recognized assets and liabilities and anticipated transactions denominated in the NIS, Euro and British Pound, including payroll expenses. Going forward we may consider to designate transactions involving foreign currency exchange derivative financial instruments as an accounting hedge.

 

Comparison of the Years Ended December 31, 2017 and 2018


For a comparison of our results of operations for the years ended December 31, 2018 and 2017, see “Management’s Discussion and Analysis of Financial Condition and Results of Operations” from the final prospectus in connection with our secondary public offering (Registration No. 333-235325), filed with the SEC on December 5, 2019, which comparative information is herein incorporated by reference.

 

B.

Liquidity and Capital Resources

 

Since 2015, we have primarily funded our operations through sales of our products and services. As of December 31, 2019, we had $118.6 million of cash and cash equivalents. This increase was primarily attributable to cash proceeds of $115.3 million received from the issuance and sale of 8,855,000 ordinary shares, partially offset by $2.6 million in payments made in connection with our initial public offering. We believe that our existing cash and cash equivalents will be sufficient to fund our operations and capital expenditures for at least the next 12 months. Our future capital requirements will depend on many factors, including our rate of revenue growth, the expansion of our sales and marketing activities, the timing and extent of spending to support product development efforts and expansion into new geographic locations, the timing of introductions of new products and enhancements to existing products and the continuing market acceptance of our products and solutions.

 


81 

 

Term Loan and Revolving Credit Line

 

On August 4, 2015, we entered into a Loan and Security Agreement, consisting of a $2.0 million term loan facility and a $6.0 million revolving credit line facility, by and among Tufin Software Technologies Ltd., as Israeli borrower, Tufin Software North America, Inc., as U.S. borrower and Silicon Valley Bank, as lender. We terminated the Loan and Security Agreement on July 9, 2019, at which time the term loan facility had been repaid and we had no outstanding borrowings on the revolving credit line facility.

 

Net Cash Provided by (Used in) Operating Activities

 

Cash used by operating activities was $9.6 million for the year ended December 31, 2019. This was primarily due to an increased net loss of $28.1 million adjusted by non-cash charges of $11.5 million, primarily relating to depreciation of property and equipment and compensation related to options granted to our employees, and a favorable impact of $7.0 million resulting from the net changes in our operating assets and liabilities. Changes in operating assets and liabilities included (i) a $4.1 million increase in deferred revenues representing unearned amounts resulting primarily from increased maintenance and support sales and (ii) a $7.1 million increase in employee and payroll accrued expenses and operating lease, partially offset by (a) a $2.0 million increase in deferred taxes and other non-current assets, (b) a $1.5 million increase in accounts receivables and (c) a $0.9 million decrease in trade payables and other accounts payables.

 

Cash provided by operating activities was $4.6 million for the year ended December 31, 2018. This was primarily due to an increased net loss of $4.3 million adjusted by non-cash charges of $4.5 million, primarily relating to depreciation of property and equipment and compensation related to options granted to our employees, and an increase of $4.4 million in our net operating assets and liabilities. The increase in net operating assets and liabilities was primarily due to (i) a $7.5 million increase in deferred revenues representing unearned amounts resulting primarily from increased maintenance and support sales and (ii) a $5.5 million increase in trade payables, other payables and accrued payroll due to timing of payments, partially offset by (a) a $3.9 million increase in prepaid expenses and other current assets, (b) a $3.3 million increase in accounts receivables and (c) a $1.4 million increase in deferred costs due to deferral of sales commissions as a result of increased sales.

 

82 

 

Net Cash Used in Investing Activities

 

In the years ended December 31, 2018 and 2019, net cash used in investing activities was $1.6 million and $2.7 million, respectively. Investing activities consist primarily of purchases of property and equipment for our offices.

 

Net Cash Provided by (Used in) Financing Activities

 

Net cash provided by financing activities was $115.8 million in the year ended December 31, 2019, consisting of $115.3 million in proceeds from our initial public offering, which were partially offset by $2.6 million in offering-related expenses. In addition, cash provided by financing activities consisted of $3.3 million in proceeds from the exercise of employee share options and the related withholding tax. Net cash used in financing activities was $0.6 million in the year ended December 31, 2018, consisting of $0.7 million for the repayment of a long-term loan and $0.1 million relating to deferred offering costs, which were partially offset by $0.2 million in proceeds from the exercise of employee share options.

 

 

C.

Research and Development, Patents and Licenses, etc.

 

We increased the number of our research and development personnel from 152 as of December 31, 2018 to 187 as of December 31, 2019, and we expect to continue to expand our research and development headcount.

 

For a description of our research and development policies, see “Item 4.B. Business Overview—Research and development.”

 

 

D.

Trend Information

 

Other than as disclosed elsewhere in this annual report, we are not aware of any trends, uncertainties, demands, commitments or events for the period from January 1, 2019 to December 31, 2019 that are reasonably likely to have a material adverse effect on our net revenue, income, profitability, liquidity or capital resources, or that caused the disclosed financial information to be not necessarily indicative of future operating results or financial condition.

 

 

E.

Off-Balance Sheet Arrangements

 

We do not currently engage in off-balance sheet financing arrangements. In addition, we do not have any interest in entities referred to as variable interest entities, which includes special purposes entities and other structured finance entities.

 

83 

 

 

 

 

F.

Contractual Obligations

 

Contractual Obligations

 

The following table summarizes our contractual obligations as of December 31, 2019:

 

 

 

Total

 

 

Less Than 1 Year

 

 

1 – 3 Years

 

 

4 – 5 Years

 

 

More Than 5 Years

 

 

 

(in thousands)

 

Operating lease obligations

 

$

32,479

 

 

$

4,127

 

 

$

8,292

 

 

$

7,492

 

 

$

12,568

 

Total

 

$

32,479

 

 

$

4,127

 

 

$

8,292

 

 

$

7,492

 

 

$

12,568

 

 

Quantitative and Qualitative Disclosures about Market Risk

 

We are exposed to market risk in the ordinary course of our business. Market risk represents the risk of loss that may impact our financial position due to adverse changes in financial market prices and rates. Our market risk is primarily a result of fluctuations in foreign currency exchange rates.

 

Recent Accounting Pronouncements

 

In February 2016, the Financial Accounting Standards Board (“FASB”) issued ASU 2016-02 - “Leases” and subsequent related amendments (“ASC 842”). ASC 842 supersedes the lease requirements in Accounting Standards Codification Topic 840. Under ASC 842, lessees are required to recognize a right-of-use asset and a lease liability for their leases, including leases classified as operating leases. Leases are classified as finance or operating, with classification affecting the pattern and classification of expense recognition in the income statement. The lease liability and the right-of-use asset are measured based on the present value of the lease payments over the lease term. ASC 842 also contains amended guidance regarding the identification of embedded leases in service contracts and the identification of lease and non-lease components of an arrangement. In addition, disclosures of qualitative and quantitative information about leasing arrangements are required.

 

84 

 

ASC 842 became effective for the Company on January 1, 2019. The Company adopted ASC 842 on January 1, 2019, using a modified retrospective transition approach. The Company has also elected to utilize the available package of practical expedients permitted under the transition guidance within ASC 842 which does not require it to reassess the prior conclusions about lease identification, lease classification and initial direct costs. Consequently, financial information was not adjusted, and the disclosures required under the new standard are not provided for dates and periods before January 1, 2019.

 

Upon adoption of ASC 842, the Company recognized operating right-of-use assets of $13.2 million with corresponding operating lease liabilities on its consolidated balance sheet. Furthermore, the right-of-use assets were adjusted and reduced in an amount of approximately $700 thousand for accrued rent liabilities. The Company does not have finance leases. See Note 6 for further details.

 

85 

 

ITEM 6.

DIRECTORS, SENIOR MANAGEMENT AND EMPLOYEES

 

 

A.

Directors and Senior Management

 

Executive Officers and Directors

 

The following table sets forth the name, age and position of each of our executive officers and directors as of the date of this annual report.

 

Name

 

Age

 

Position

Executive Officers

 

 

 

 

Reuven Kitov

 

46

 

Chief Executive Officer, Co-Founder and Chairman of the Board

Reuven Harrison

 

50

 

Chief Technology Officer, Co-Founder and Director

Jack Wakileh

 

48

 

Chief Financial Officer

Kevin Maloney

 

65

 

Senior Vice President of Global Sales

Yoram Gronich

 

51

 

Vice President of Research & Development

Ofer Or

 

43

 

Vice President of Products

Directors

 

 

 

 

Ohad Finkelstein(4)

 

59

 

Director

Yuval Shachar(3)(4)

 

57

 

Director

Yair Shamir(3)(4)

 

74

 

Director

Edouard Cukierman(4)

 

55

 

Director

Peter Campbell(1)(2)(4)(5)

 

55

 

Director

Dafna Gruber(1)(2)(3)(4)(5)

 

55

 

Director

Tom Schodorf(1)(4)

 

61

 

Director

Brian Gumbel(2)(4)

 

45

 

Director

(1)

Member of our audit committee.

(2)

Member of our compensation committee.

(3)

Member of our nominating and corporate governance committee.

(4)

Independent director under NYSE rules.

(5)

External director under the Israeli Companies Law.

 

Reuven Kitov is our Chief Executive Officer, Co-Founder and Chairman of the board of directors, which positions he has held since co-founding Tufin in January 2005. Prior to co-founding Tufin, Mr. Kitov held key project management and development roles at Check Point Software Technologies, Inc. from 1998 to 2003. Mr. Kitov holds a Bachelor of Science degree in Computer Science from the University of Maryland in College Park, Maryland.

 

Reuven Harrison is our Chief Technology Officer, Co-Founder and a director, which positions he has held since co-founding Tufin in January 2005. Prior to co-founding Tufin, Mr. Harrison held key software developer positions at Check Point Software Technologies, Inc. from 1999 to 2003, as well as other key positions at Capsule Tech, Inc. from 1997 to 1999 and ECS Inc. from 1991 to 1996. Mr. Harrison holds a Bachelor of Arts degree in Mathematics and Philosophy from Tel Aviv University in Israel.

 

86 

 

Jack Wakileh is our Chief Financial Officer, which position he has held since July 2013. Prior to joining Tufin, Mr. Wakileh worked as a financial and business consultant for various technology companies from 2010 to 2013. He was a Co-Founder of iSpade Technologies Ltd. and was Chief Financial Officer from 2008 to 2010, Co-Chief Executive Officer of LEADIP Systems Ltd. from 2006 to 2007 and Chief Financial Officer of VCON Telecommunications Ltd. from 1999 to 2005 prior to which he held the Corporate Controller position. Mr. Wakileh holds a Bachelor of Arts degree in Accounting and Economics from Tel Aviv University in Israel and is a Certified Public Accountant.

 

Kevin Maloney is our Senior Vice President of Global Sales, which position he has held since July 2015. Prior to joining Tufin, Mr. Maloney held senior management positions at Easylink Services International Corporation from December 2007 to July 2012, Network General Corporation from June 2006 to November 2007 and Check Point Software Technologies, Inc. from June 2005 to June 2006. Mr. Maloney holds a Master of Business Administration degree from the Stetson School of Business and Economics at Mercer University in Macon, Georgia and a degree from Wheeling Jesuit University in Wheeling, West Virginia.

 

Yoram Gronich is our Vice President of Research & Development, which position he has held since September 2008. Prior to joining Tufin, Mr. Gronich held software management and engineering positions at Symantec Corporation from 2005 to 2008. He previously held project management and team leader roles at Check Point Software Technologies, Inc. from 2002 to 2005. Mr. Gronich holds a Master of Science degree in Electrical Engineering and a Bachelor of Science degree in Physics and Computer Science each from Tel Aviv University in Israel.

 

Ofer Or has served as our Vice President of Products since July 2014. Prior to assuming this role, Mr. Or served as our Director of Research & Strategy. Prior to joining Tufin, he held senior product management positions at Check Point Software Technologies, Inc. from 2009 to 2013. Mr. Or also held product marketing and business development positions at Microsoft from 2007 to 2009 and Amdocs Ltd. from 2006 to 2007. Before that, he held several R&D Leadership positions at Check Point Software Technologies, Inc. from 2000 to 2005, and in an elite computer unit of the Israel Defense Forces from 1994 to 2000. Mr. Or holds a Master of Business Administration degree from INSEAD University in Fontainebleau, France, and holds a Master of Arts degree in Law and a Bachelor of Arts degree in Political Science and Sociology, each from Bar Ilan University in Ramat-Gan, Israel.

 

87 

 

Ohad Finkelstein has served as a director since January 2011. Mr. Finkelstein serves as Managing Partner of Danli Capital, an investment advisory firm that he founded in 2017. Mr. Finkelstein is the Co-Founding Partner of Marker LLC, which he founded in 2011. Prior to that, from 2005 to 2011, he led international investment for Venrock, an Israeli venture capital firm. He served as the Chairman, Chief Executive Officer and President at Interoute Communications Limited from 1999 to 2003. Mr. Finkelstein holds a Bachelor of Arts degree in Political Science and International Marketing from the University of California, Los Angeles.

 

Yuval Shachar has served as a director since October 2009. Mr. Shachar is the Executive Chairman and Co-Founder of Team8, a venture capital firm specializing in incubation of security companies. Mr. Shachar serves as Founding Venture Partner of Innovation Endeavors, which he joined at its inception, previously serving as an investment partner of its predecessor fund from 2013. Mr. Shachar served as Co-Founding Partner of Marker LLC and its predecessors from 2011. From 2004 to 2009, he served as General Manager of a Cisco business unit in its Service Provider group. Prior to that, Mr. Shachar served as Co-Founder, President and CEO of P-Cube (which was acquired by Cisco), and co-founded each of Pentacom and Infogear (which were each acquired by Cisco). From 1995 to 1998, Mr. Shachar served as Vice President of Research and Development at VocalTec Ltd. (which completed an IPO on The Nasdaq Stock Market, or Nasdaq, in 1996), and previously held key engineering and management positions at National Semiconductors. Mr. Shachar holds a Bachelor of Science degree in Mathematics and Computer Science from Tel Aviv University in Israel.

 

Yair Shamir has served as a director from 2007 to 2013 and again from October 2018 to present. Mr. Shamir has been a Founding and Managing Partner of Catalyst Investments since its establishment from 1999 to 2013 and again from 2015 to present. Mr. Shamir was elected as a member of the Israeli Parliament (Knesset) and served as Minister of Agriculture of the State of Israel from 2013 to 2015. Mr. Shamir served until August 2018 as the Chairman of Board of N.T.A. – Metropolitan Mass Transit System. He served as the Chairman of Israel’s National Roads Company from 2011 to 2012. Mr. Shamir served as the Chairman of Israel Aerospace Industries Ltd. from 2005 until 2011. From 2004 to 2007, Mr. Shamir was the Chairman of Shamir Optical Industry Ltd. From 2004 to 2005, Mr. Shamir served as the Chairman of EL AL. From 1997 to 2004, Mr. Shamir served as the Chief Executive Officer and Chairman of VCON Telecommunications Ltd. Mr. Shamir was a board member of DSP Group Corporation from 2005 to 2013. Mr. Shamir holds a Bachelor of Science degree in Electronics Engineering from the Technion, Israel Institute of Technology in Haifa, Israel.

 

Edouard Cukierman has served as a director since 2014. Mr. Cukierman has been a Founding and Managing Partner of Catalyst Investments since its establishment in 1999, and has served as the Chairman of Cukierman & Co. Investment House since its establishment. Prior to establishing and managing Catalyst Investments, Mr. Cukierman was the President and Chief Executive Officer of Astra Technological Investments, a Venture Capital Fund established in 1993. Mr. Cukierman serves as a board member of Dori Media Group. He is also is the Founder of the GoforIsrael annual conference. Mr. Cukierman served as a Reserve Officer of the Crisis & Hostage Negotiation Team and IDF Spokesman Unit. Mr. Cukierman holds a Master of Business Administration degree from INSEAD University in Fontainebleau, France and a Bachelor of Science degree from the Technion, Israel Institute of Technology in Haifa, Israel.

 

88 

 

Peter Campbell has served as a member of our board of directors since 2019 and serves as an external director under the Israeli Companies Law. Mr. Campbell served as Chief Financial Officer of Mimecast Ltd. (traded on Nasdaq) fr