Item 1A. Risk Factors.
The material and other risks and uncertainties summarized above beginning on page i of this Quarterly Report on Form 10-Q and described below are not exhaustive or exclusive. Other sections of this Quarterly Report on Form 10-Q may include additional factors which could adversely affect our business, results of operations and financial performance. We operate in a very competitive and rapidly changing environment. New risk factors not presently known to us or that we currently deem immaterial may emerge from time to time, and it is not possible for management to predict all such risk factors, nor can it assess the impact of all such risk factors on our business or the extent to which any factor, or combination of factors, may cause actual results to differ materially from those contained in any forward-looking statements. Given these risks and uncertainties, investors should not place undue reliance on forward-looking statements as a prediction of actual results.
Business and Operational Risks
The Transaction, the pendency of the Transaction or our failure to complete the Transaction could have a material adverse effect
on our business, results of operations, financial condition and share price.
On December 7, 2021, we entered into the Transaction Agreement, providing for the Transaction and our acquisition by an entity affiliated with Permira, in an all-cash transaction valued at approximately $5.8 billion. The completion of Transaction is subject to certain closing conditions, including approval by our shareholders, receipt of regulatory approvals and such other conditions to completion as set forth in the Transaction Agreement. There is no assurance that all of the various conditions will be satisfied, or that the Transaction will be completed on the proposed terms, within the expected timeframe, or at all. Furthermore, there are additional inherent risks in the Transaction, including the risks detailed below.
During the period prior to the closing of the Transaction, our business is exposed to certain inherent risks due to the effect of the announcement or pendency of the Transaction on our business relationships, financial condition, operating results and
business, including:
•
potential adverse reactions or changes to business relationships resulting from the announcement or the pendency of the Transaction.
•
potential business uncertainty, including changes to existing business relationships, during the pendency of the Transaction that could affect our financial performance.
•
the possibility of disruption to our business and operations, including diversion of management attention and resources.
•
the inability to attract and retain key personnel, and the possibility that our current employees could be distracted, and their productivity decline as a result, due to uncertainty regarding the Transaction.
•
restrictions during the pendency of the Transaction that may impact our ability to pursue certain business opportunities or strategic transactions.
•
our inability to solicit other acquisition proposals during the pendency of the Transaction following the expiration of the “go-shop” period.
•
the amount of the costs, fees, expenses and charges related to the Transaction.
•
other developments beyond our control, including, but not limited to, changes in domestic or global economic conditions that may affect the timing or success of the Transaction.
40
The Transaction may be delayed, and may ultimately not be completed, due to a number of factors, including:
•
the failure to obtain regulatory approvals from various governmental entities (or the imposition of any conditions, limitations or restrictions on such approvals).
•
potential additional future shareholder litigation and other legal and regulatory proceedings, which could delay or prevent the Transaction.
•
the failure to satisfy the other conditions to the completion of the Transaction, including the possibility that a Company Material Adverse Effect (as defined in the Transaction Agreement) would permit Buyer not to close the Transaction.
If the Transaction does not close, our business and shareholders would be exposed to additional risks, including:
•
to the extent that the current market price of our ordinary shares reflects an assumption that the Transaction will be completed, the price of our ordinary shares could decrease if the Transaction is not completed.
•
investor confidence could decline, additional shareholder litigation could be brought against us, relationships with existing and prospective customers, service providers, investors, lenders and other business partners may be adversely impacted, we may be unable to retain key personnel, and profitability may be adversely impacted due to costs incurred in connection with the pending Transaction.
•
under certain specified circumstances, the requirement that we pay a termination fee of [either $86,730,000 or] $216,825,000 if the Transaction Agreement is terminated, including by us if we enter into a superior proposal or by Buyer because our board of directors withdraws its recommendation in favor of the Transaction.
Even if successfully completed, there are certain risks to our shareholders from the Transaction, including:
•
the amount of cash to be paid per share under the Transaction Agreement is fixed and will not be adjusted for changes in our business, assets, liabilities, prospects, outlook, financial condition or operating results or in the event of any change in the market price of, analyst estimates of, or projections relating to, our ordinary shares.
•
the fact that receipt of the all-cash per share consideration under the Transaction Agreement is taxable to shareholders that are treated as U.S. holders for U.S. federal income tax purposes.
•
the fact that, if the Transaction is completed, our shareholders will not participate in any future growth potential or benefit from any future increase in the value of the Company.
For additional information regarding the Transaction, see Note 1 to our condensed consolidated financial statements included elsewhere in this Quarterly Report on Form 10-Q.
Data security and integrity are critically important to our business, and breaches of our information and technology networks and unauthorized access to a customer’s data, including our recent security incident, could harm our business and operating results.
We have experienced, and will continue to experience, cyberattacks and other malicious internet-based activity, which continue to increase in sophistication, frequency and magnitude. Because our services involve the storage of large amounts of our customers’ sensitive and proprietary information, solutions to protect that information from cyberattacks and other threats, data security and integrity are critically important to our business. Also, as more of our customers have moved to working remotely, and continue to work remotely, during the global COVID-19 pandemic, we expect there will be an increased amount of sensitive and proprietary information that is stored in our solutions, which increases the exposure and risk of cyberattacks and other malicious internet-based activity. Despite all of our efforts to protect this information, we cannot provide assurance that our services and databases will not be compromised or disrupted, whether as a result of criminal conduct, DDoS attacks, or other advanced persistent attacks by malicious actors, including hackers, state-backed hackers with significant resources and cybercriminals, breaches due to employee negligence, error and/or malfeasance, or other disruptions during the process of upgrading or replacing computer software or hardware, power outages, computer viruses, hardware and software errors, including so-called supply chain attacks involving the vendors we rely upon, telecommunication or utility failures or natural disasters or other catastrophic events. Moreover, the techniques used to obtain unauthorized access, disable or degrade service, or sabotage systems change frequently or may be designed to remain dormant until a predetermined event and often are not recognized until launched against a target. As a result, there can be no guarantees that we will be able to anticipate these techniques or implement adequate preventative measures.
41
In January 2021, we became aware of a security incident later determined to be conducted by the same sophisticated threat actor responsible for the SolarWinds supply chain attack. We immediately launched an internal forensic investigation. Our investigation was supported by leading third-party forensics and cyber incident response experts at Mandiant, a division of FireEye, Inc., and was conducted in coordination with law enforcement to aid their investigation into this threat actor. During our investigation, we learned that the threat actor used the SolarWinds supply chain compromise to gain access to part of our production grid environment. Using this entry point, the threat actor accessed certain Mimecast-issued certificates and related customer server connection information. The threat actor also accessed a subset of email addresses and other contact information, as well as encrypted and/or hashed and salted credentials. In addition, the threat actor accessed and downloaded a limited number of our source code repositories, but we found no evidence of any modifications to our source code nor do we believe there was any impact on our products. As the investigation progressed, we issued a series of advisories to affected customers, including recommended precautionary steps to mitigate risk and, in some cases, to address regulatory requirements. Our forensic investigation was completed in March 2021 and we have eliminated the threat actor’s access to our environment. We have taken a number of actions designed to prevent future access to our environment and we will continue to monitor for threats and take precautionary steps as needed. We are subject to additional risks and uncertainties as a result of these events, including those described in the bullets in the next paragraph below. While our forensic investigation is complete, there can be no assurance that we will be able to detect the existence or extent of the attacks on us or our customers or that our isolation and remediation efforts will be effective. As a result, we are unable to predict the overall impact of these events. Any perception by prospective or existing customers that the confidential information we maintain on their behalf is not secure could result in a material loss of business and revenue and damage our reputation and competitiveness. Furthermore, as described in the bullets below, these types of events often have cascading impacts that unfold over a lengthy period of time and may result in a loss of revenue, a diminution of our business prospects and incremental costs, including costs associated with litigation or investigations by regulatory authorities, any of which may adversely impact our financial results. It is also expected that we will continue to incur costs related to our response, remediation, and investigatory efforts relating to this security incident. While we have cyber insurance coverage, the amount of such insurance may be insufficient to compensate us for any expenses or losses that may result from the security incident and renewing cyber insurance coverage may be difficult and more costly.
Due to frequently changing attack techniques, along with an increased volume and sophistication of the attacks, we must continually monitor and develop our information technology networks and infrastructure to prevent, detect, address and mitigate the risk of unauthorized access and we expend significant resources to respond to threats to security. To defend against threats to our systems and our customers’ confidential information, we must continuously invest in the development of more secure solutions and improve the security features of our solutions and the deployment of updates to address any security vulnerabilities. However, despite our efforts, we may fail to identify these new and complex methods of attack or fail to invest sufficient resources in security measures. In addition, as we increase our customer base and our brand becomes more widely known and recognized, we may become a more attractive target for malicious third parties. Furthermore, our solutions connect to, operate in conjunction with and are dependent on products and components across a broad ecosystem of third parties. If there is a security vulnerability in one of these third-party components, and a threat actor is successful in breaching that vulnerability, we could face increased costs, liability claims, reduced revenue, or harm to our reputation or competitive position for reasons beyond our control. Any breach of our security measures or disruption in our service as a result of third-party action, including criminal conduct by state actors and others, employee negligence, error, and/or malfeasance, defects or otherwise that compromises the confidentiality, integrity or availability of our data or our customers’ data, including as a result of our recent security incident, could result in:
•
material loss of business and revenue;
•
severe harm to our reputation, our brand or our competitiveness;
•
a material degradation in the overall market perception of the security and reliability of our services;
•
individual customer and/or class action lawsuits, which would cause us to incur significant legal fees and costs and could result in financial judgments against us;
•
legal or regulatory enforcement action by state and federal authorities or non-U.S. authorities, which would cause us to incur legal fees and costs and could result in fines and/or penalties;
•
mandatory regulatory disclosures regarding a security breach, unauthorized access to or disclosure of confidential information, which could lead to widespread negative publicity, which may cause our customers or prospects to lose confidence in the effectiveness of our data security measures;
•
increased cybersecurity protection costs and insurance premiums; and/or
•
additional costs associated with responding to the service interruption or security breach, such as investigative and remediation costs, the costs of providing individuals and/or data owners with notice of the breach, legal fees, the costs of any additional fraud detection activities, or the costs of prolonged system disruptions or shutdowns.
42
Any of these events could materially adversely impact our business and results of operations.
We seek to cap the liability to which we are exposed in the event of losses or harm to our customers, including those resulting from security incidents, but we cannot be certain that we will obtain these caps or that these caps, if obtained, will be enforced in all instances. Furthermore, the cybersecurity insurance we maintain may be inadequate or may not be available in the future on acceptable terms, or at all. In addition, our policy may not cover our remediation expenses or any claim against us for loss of data or other indirect or consequential damages. Defending any suit based on or related to any data loss or system disruption, regardless of its merit and available insurance coverage, could be costly and divert management’s attention.
The global COVID-19 pandemic, including the related containment efforts, has had, and will likely continue to have, certain negative impacts on our business and operations, and we are unable to predict with certainty the extent to which it may continue to adversely affect our business, results of operations and financial condition.
In December 2019, a novel strain of coronavirus, or COVID-19, was reported to have surfaced in Wuhan, China, and since then has spread to Europe, the United States and most other countries. In March 2020, the COVID-19 outbreak was declared a pandemic by the World Health Organization. The COVID-19 pandemic continues to evolve, and to date has led to the implementation of various responses, including global government-imposed quarantines, stay-at-home orders, travel restrictions, mandated non-essential business closures, work stoppages, slowdowns and delays, work-from-home policies, supply chain disruption, and other public health safety measures, as well as volatility in stock prices, among other effects. The widespread distribution of effective vaccines and continued containment efforts helped initially to stabilize infection rates, but, more recently, the rise in variants of the original virus has led to localized outbreaks in many locations, including in many of the countries in which we operate.
The containment efforts imposed by many governments caused significant societal and economic disruption worldwide, including in all of the regions in which we operate our business and sell our products and services. Additionally, the COVID-19 pandemic and the governmental response and the resulting economic effect, impacted some industries, such as travel, hospitality and retail, more significantly than others. In response to the COVID-19 pandemic, we took a number of actions. These actions included, among others: (i) a decision to close all of our global offices, including our global headquarters in London, United Kingdom, and the resulting shift to a virtual work environment where all of our employees, including our global sales and customer support staff, are working remotely; (ii) a decision to limit and then ultimately ban all non-essential travel, including international travel; (iii) a decision to cancel or shift to virtual-only certain customer, industry and employee events; and (iv) the establishment of an employee support fund, funded in part by executive and employee donations, to offset the impact of the pandemic on our more vulnerable employees. The expected duration of these actions is uncertain. More recently, we have opened some of our global offices on a limited basis in accordance with government requirements, including our headquarters in London, United Kingdom and our office in Lexington, Massachusetts. We expect, however, that the transition back to normal operations will take significant time, perhaps several months. We believe that the COVID-19 pandemic has negatively impacted and will continue to negatively impact our business and results of operations in a number of ways, including (i) an impact on the demand for our products and services caused by a decline in the rate of IT and security spending, a delay in purchasing decisions as IT and security staff focus on addressing the disruption to their businesses, and hiring freezes and reductions in workforce impacting our customers, which will impact sales to prospects and existing customers and increase customer attrition, especially since we offer our solutions on a per seat basis, (ii) restrictions on our global sales and marketing operations, including eliminating in-person sales activities, (iii) an impact on our employees’ ability to perform necessary business functions, including as a result of illness, family illness and general economic hardship, or as a result of restrictions on movement, including the necessity of working from home for an extended period, (iv) customers seeking extended payment terms or declaring bankruptcy or seeking to liquidate making collectability of accounts receivables difficult or impossible, (v) a disruption to our supply chain, particularly as it relates to hardware needed to expand existing data centers and planned data centers, (vi) continued currency volatility, and (vii) an increased risk of information or cybersecurity incidents and a failure to maintain the uninterrupted operation of our information systems due to, among other things, an increase in remote work. In addition, governmental authorities both in the United States and in Europe have adopted measures to provide economic assistance to businesses, to stabilize the markets and to support economic stability, and many governments are considering adopting additional measures to support their economies. The future success of these measures is unknown, and they may not be sufficient to mitigate the negative impact of the global COVID-19 pandemic. We have been closely monitoring the impact of the COVID-19 pandemic on all aspects of our business, including how it will impact our operations and the operations of our customers, suppliers, vendors and business partners and the impact it has on the safety and well-being of our employees, and may take further precautionary and preemptive actions as may be prudent or as required by government authorities.
43
Any of the negative impacts of the continuing global COVID-19 pandemic, including those described above, alone or in combination with others, may have a material adverse effect on our results of operations and financial condition. The extent to which the global COVID-19 pandemic will continue to adversely affect our business and results of operations will depend on numerous evolving factors and future developments that we are not able to predict, including the duration, spread and severity of the outbreak, including the potential that there could be recurring outbreaks in the future, the spread of new variants of the original virus, the nature and effectiveness of containment measures, the availability of treatments, the effectiveness and safety of available vaccines and the speed at which such vaccines are distributed and accepted by the public, the effect on the economy, unemployment, and IT and security spending in particular, and how quickly and to what extent normal economic and business operations can resume. Because our services are offered on a subscription basis, the effect of the pandemic may not be fully reflected in our operating results until future periods. If the global COVID-19 pandemic is prolonged, it could amplify the negative impacts on our business and results of operations, and may also heighten many of the other risks, including risk factors, described in this section and elsewhere in this Quarterly Report on Form 10-Q. It is also possible that any adverse impacts of the pandemic and containment measures may continue once the pandemic is controlled and the containment measures are lifted.
If we are unable to attract new customers and retain existing customers, our business and results of operations will be affected adversely.
To succeed, we must continue to attract new customers and retain existing customers who desire to use our existing security, continuity and archiving offerings and new products we introduce from time to time. Acquiring new customers is a key element of our continued success, growth opportunity and future revenue. We will continue to invest in a direct sales force combined with a focused channel strategy designed to serve the various requirements of our target customer base and to bring new customers onto our cloud architecture. Any failures by us to execute in these areas will negatively impact our business. The rate at which new and existing customers purchase our products depends on a number of factors, including potential concerns related to our recent security incident and other factors outside of our control. For example, a deterioration in macroeconomic conditions in the markets we operate in as a result of the continuation of the global COVID-19 pandemic, a slower than expected recovery from the pandemic, or for other reasons could have a negative impact on our customers, which could adversely impact our ability to attract new customers and retain existing customers. In the past, negative macroeconomic conditions resulted in reductions in demand for IT-related capital spending generally and security solutions specifically, particularly in the financial services, legal and other industries that we target. Our future success also depends on retaining our current customers at acceptable retention levels. Our retention rates may decline or fluctuate as a result of a number of factors, including potential concerns related to our recently disclosed security incident. Our retention rates may also fluctuate as a result of factors outside our control, including competition, customers’ budgeting and spending priorities, and overall general economic conditions in the geographic regions in which we operate. For example, the impact of the COVID-19 pandemic on the current economic environment has caused, and may in the future cause, customers to request concessions including extended payment terms or better pricing. Customers may delay or cancel IT projects or seek to lower their costs by renegotiating existing vendor contracts. If our customers do not renew their subscriptions for our products and services, our revenue would decline and our business would suffer. In future periods, our total customers and revenue could decline or grow more slowly than we expect.
If we are unable to sell additional services, features and products to our existing customers, our future revenue and operating results will be harmed.
A significant portion of our revenue growth is generated from sales of additional services, features and products to existing customers. Our future success depends, in part, on our ability to continue to sell such additional services, features and products to our existing customers. We devote significant efforts to developing, marketing and selling additional services, features and products and associated support services to existing customers and rely on these efforts for a portion of our revenue. These efforts require a significant investment in building and maintaining customer relationships, as well as significant research and development efforts in order to provide upgrades and launch new services, features and products. The rate at which our existing customers purchase additional services, features and products depends on a number of factors, including the perceived need for additional security, continuity and archiving services, the efficacy of our current services, the perceived utility and efficacy of our new offerings, potential concerns related to our recent security incident, our customers’ IT budgets and general economic conditions in the geographic regions in which we operate, which may be impacted by the economic uncertainty resulting from the global COVID-19 pandemic. If our efforts to sell additional services, features and products to our customers are not successful, our future revenue and operating results will be harmed.
44
Our business depends substantially on customers renewing their subscriptions with us and a decline in our customer renewals would harm our future operating results.
In order for us to maintain or improve our operating results, it is important that our customers renew their subscriptions with us when the existing subscription term expires. Although the majority of our customer contracts include auto-renew provisions, our customers have no obligation to renew their subscriptions upon expiration, and we cannot provide assurance that customers will renew subscriptions at the same or higher level of service, if at all, particularly given the economic uncertainty resulting from the global COVID-19 pandemic. For each of the fiscal years ended March 31, 2021 and 2020, our customer retention rate has been consistently greater than 90%. We calculate customer retention rate as the percentage of paying customers on the last day of the relevant period in the prior year who remain paying customers on the last day of the relevant period in the current year. The rate of customer renewals may decline or fluctuate as a result of a number of factors, including our customers’ satisfaction or dissatisfaction with our solutions, potential concerns related to our recent security incident, outages impacting our service, the effectiveness of our customer support services, our pricing, the prices of competing products or services, mergers and acquisitions affecting our customer base, or reductions in our customers’ spending levels or general economic conditions in the geographic regions in which we operate, which may be impacted by the economic uncertainty resulting from the global COVID-19 pandemic. If our customers do not renew their subscriptions, or renew on less favorable terms, our revenue may decline, and we may not realize improved operating results from our customer base.
The markets in which we participate are highly competitive, with several large established competitors, and our failure to compete successfully would make it difficult for us to add and retain customers and would reduce or impede the growth of our business.
Our market is large, highly competitive, fragmented and subject to rapidly evolving technology, shifting customer needs and frequent introductions of new products and services. We currently compete with companies that offer products that target email, web and data security, awareness training, continuity, archiving, DMARC reporting, and digital brand protection, as well as large providers such as Google Inc. and Microsoft Corporation, which offer functions and tools as part of their core mailbox services that may be, or be perceived to be, similar to ours.
Our current and potential future competitors include:
•
Email Security: Barracuda Networks, Inc., Google, Microsoft Exchange Online Protection, Proofpoint, Inc., Symantec Corporation, Agari Data, Inc., Cisco Systems Inc., Avanan, a division of Check Point Software Technologies Ltd., GreatHorn, Inc., IronScales, Ltd., INKY Technology Company, Abnormal Security Corporation, Egress Software Technologies Ltd., and Tessian Limited
•
Archiving: Dell EMC, Microsoft Office® 365®, Proofpoint, Inc., Veritas Technologies LLC, Smarsh Inc., Barracuda Networks, Inc., and Global Relay Communication, Inc.;
•
Awareness training: KnowBe4, Inc., Cofense Inc., and Wombat Security, a division of Proofpoint, Inc.;
•
Web security: Cisco Systems, Inc., Webroot Inc., TitanHQ’s Webtitan, SafeDNS, Inc., Akamai Technologies, Inc, Infoblox Inc., Forcepoint LLC, Trustwave Holdings, Inc., and Zscaler, Inc.;
•
DMARC reporting: Agari Data, Inc., Valimail Inc., dmarcian, Inc., Ondemarc by Redsift Limited, and ReturnPath’s email fraud protection, a division of Proofpoint, Inc.; and
•
Digital brand protection: RSA Security LLC, RiskIQ, Inc., and MarkMonitor Inc.
In addition, as we launch new products and services, we will face competition from new and existing competitors. We expect competition to increase in the future from both existing competitors and new companies that may enter our markets. Additionally, some potential customers, particularly large enterprises, may elect to develop their own internal products. If two or more of our competitors were to merge or partner with one another, the change in the competitive landscape could reduce our ability to compete effectively. Our continued success and growth depends on our ability to out-perform our competitors at the individual service level as well as increasing demand for a unified service infrastructure. We cannot guarantee that we will out-perform our competitors at the product level or that the demand for a unified service technology will increase.
Some of our current competitors have, and our future competitors may have, certain competitive advantages such as greater brand and name recognition, longer operating history, larger market share, larger existing user base and greater financial, technical and other resources. Some competitors may be able to devote greater resources to the development, promotion and sale of their products and services than we can to ours, which could allow them to respond more quickly than we can to new technologies and changes in customer needs. We cannot assure you that our competitors will not offer or develop products or services that are superior to ours or achieve greater market acceptance.
45
If we are unable to effectively increase sales of our services to large enterprises while mitigating the risks associated with serving such customers, our business, financial position and results of operations may suffer.
As we seek to increase our sales to large enterprise customers, we may face longer sales cycles, more complex customer requirements, unfavorable contractual terms, substantial upfront sales costs and less predictability in completing some of our sales than we do with smaller customers. In addition, our ability to successfully sell our services to large enterprises is dependent on us attracting and retaining sales personnel, including sales engineers, with experience in selling to large organizations. Also, because security breaches and disruptions of larger, more high-profile enterprises are likely to be heavily publicized, there is increased reputational risk associated with serving such customers. If we are unable to increase sales of our services to large enterprise customers while mitigating the risks associated with serving such customers, our business, financial position and results of operations may suffer.
Failure to effectively expand our sales and marketing capabilities could harm our ability to acquire new customers and achieve broader market acceptance of our services.
Acquiring new customers and expanding sales to existing customers will depend to a significant extent on our ability to expand our sales and marketing operations. We generate approximately one-fifth of our revenue from direct sales and we expect to continue to rely on our sales force to obtain new customers and grow revenue from our existing customer base. We expect to expand our global sales force, and we face a number of challenges in achieving our hiring goals. For instance, there is significant competition for sales personnel, including sales engineers, with the sales skills and technical knowledge that we require, including experience selling to large enterprise customers. In addition, training and integrating a large number of sales and marketing personnel in a short period of time requires the allocation of significant internal resources. Our ability to achieve projected growth in revenue in the future will depend, in large part, on our success in recruiting, training and retaining sufficient numbers of sales personnel, all of which may be negatively impacted by the continuing global COVID-19 pandemic. We invest significant time and resources in training new sales personnel to understand our solutions. In general, new hires require significant training and substantial experience before becoming productive. Our recent hires and planned hires may not become as productive as we require, and we may be unable to hire or retain sufficient numbers of qualified individuals in the future in the markets where we currently operate or where we seek to conduct business. Our growth may be materially and adversely impacted if the efforts to expand our sales and marketing capabilities are not successful or if they do not generate a sufficient increase in revenue.
Our business and results of operations may be negatively impacted by the United Kingdom’s withdrawal from the European Union.
The United Kingdom’s withdrawal from the European Union, or Brexit, became effective on January 31, 2020, and the transition period, or the Brexit transition period, during which time the United Kingdom and the European Union negotiated the terms of trade and other matters, ended on December 31, 2020. The United Kingdom and European Union have signed a European Union-United Kingdom Trade and Cooperation Agreement, or the TCA, which became effective in May 2021. Negotiations between the United Kingdom and the European Union are expected to continue in relation to certain elements of the trading relationship between the United Kingdom and the European Union. The ultimate effects of Brexit will depend, in part, on how the terms of the TCA take effect in practice and on any other agreements the United Kingdom may make with the European Union and many of the regulations that now apply in the United Kingdom following the Brexit transition period (including financial laws and regulations, tax, intellectual property rights, data protection laws, immigration laws and employment laws), will likely be amended in future as the United Kingdom determines its new approach, which may result in significant divergence from European Union regulations. This lack of clarity on future United Kingdom laws and regulations and their interaction with the European Union laws and regulations increases our burden of operating in and doing business in the United Kingdom and the European Union and may affect our results of operations in a number of ways, including increasing currency exchange risk and disruptions in trade and the free movement of goods and services to and from the United Kingdom, generating instability in the global financial markets or negatively impacting the economies of the United Kingdom and Europe. In addition, because of our significant presence in the United Kingdom, it is possible that Brexit may impact some or all of our current operations, including transfers of our personal data and our customers’ personal data between our operations in the United Kingdom and our operations in the European Union. As a result, some of our European customers that are not based in the United Kingdom are requiring that we move their data from our United Kingdom data centers to our data centers based in Germany. Brexit may also impact our ability to freely move employees from our London headquarters to our other locations in Europe. The long-term effects of Brexit will depend in part on how the TCA, and any future agreements signed by the United Kingdom and the European Union, take effect in practice. We expect that Brexit could lead to legal uncertainty and potentially divergent national laws and regulations as the United Kingdom determines which European Union laws to replicate or replace. Any of these effects of Brexit, and others we cannot anticipate, could negatively impact our business and results of operations.
46
If we are unable to maintain successful relationships with our channel partners, our ability to acquire new customers could be adversely affected.
In order to grow our business, we anticipate that we will continue to depend on our relationships with our channel partners who we rely on, in addition to our direct sales force, to sell and support our services. In the nine months ended December 31, 2021, while no individual channel partner accounted for 10% or more of our revenue, in the aggregate, our channel partners accounted for 78% of our revenue. We expect that sales to channel partners will continue to account for a substantial portion of our revenue for the foreseeable future. We utilize channel partners to efficiently increase the scale of our marketing and sales efforts, increasing our market penetration to customers which we otherwise might not reach on our own. Our ability to achieve revenue growth in the future will depend, in part, on our success in maintaining successful relationships with our channel partners, which includes ensuring that we make our service as easy to use by these channel partners as possible.
Our agreements with our channel partners are generally non-exclusive, meaning our channel partners may offer customers competitive services from different companies. If our channel partners do not effectively market and sell our services, choose to use greater efforts to market and sell their own products or services or those of others, or fail to meet the needs of our customers, our ability to grow our business, sell our services and maintain our reputation may be adversely affected. Our agreements with our channel partners generally allow them to terminate their agreements for any reason upon 90 days’ notice. The loss of key channel partners, our possible inability to replace them, or the failure to recruit additional channel partners could materially adversely affect our results of operations. If we are unable to maintain our relationships with these channel partners, our business, results of operations, financial condition or cash flows could be adversely affected.
Any serious disruptions in our services caused by defects in our software or otherwise may cause us to lose revenue and market acceptance.
Our customers use our services for the most critical aspects of their business, and any disruptions to our services or other performance problems with our services, however caused, could hurt our brand and reputation and may damage our customers’ businesses. We provide regular updates, which may contain undetected errors when first introduced or released. In the past, we have discovered software errors, failures, vulnerabilities and bugs in our services after they have been released and new errors in our existing services may be detected in the future. Real or perceived errors, failures, system delays, interruptions, disruptions, vulnerabilities, or bugs could result in negative publicity, loss of or delay in market acceptance of our services, loss of competitive position, delay of payment to us, lower renewal rates, or claims by customers for losses sustained by them. In such an event, we may be required, or may choose, for customer relations or other reasons, to expend additional resources in order to mitigate or correct the problem. We seek to cap the liability to which we are exposed in the event of losses or harm to our customers, but we cannot be certain that we will obtain these caps or that these caps, if obtained, will be enforced in all instances. We carry insurance; however, the amount of such insurance may be insufficient to compensate us for any losses that may result from claims arising from defects or disruptions in our services. As a result, we could lose future sales and our reputation and our brand could be harmed.
We provide service level commitments under our subscription agreements and service disruptions, including any related to our recent security incident, could obligate us to provide refunds and we could face subscription terminations, which could adversely affect our revenue.
Our subscription agreements with customers provide certain service level commitments. If we are unable to meet the stated service level commitments or suffer extended periods of downtime that exceed the periods allowed under our customer agreements, including as a result of our recently disclosed security incident or DDoS attacks, we could be required to pay refunds or face subscription terminations, either of which could significantly impact our revenue.
We have suffered significant service disruptions in the past and we cannot guarantee that future attacks or service disruptions will not occur. Any future attacks or significant service disruptions could adversely affect our reputation, our relationships with our existing customers and our ability to attract new customers, all of which would impact our future revenue and operating results.
47
We have acquired, and may acquire in the future, other businesses, products or technologies, which could require significant management attention, disrupt our business, dilute shareholder value and adversely affect our results of operations.
As part of our growth strategy and in order to remain competitive, we may acquire, or make investments in, complementary companies, products or technologies. Since fiscal 2017, we have completed several acquisitions. Notwithstanding these acquisitions, our acquisition experience to date remains relatively limited, and as a result, our ability as an organization to acquire and integrate other companies, products or technologies, particularly when the acquired entities are located in geographies where we have not previously done business, in a successful manner is unproven. We may not be able to find suitable acquisition targets, and we may not be able to complete such acquisitions on favorable terms, if at all. If we do complete acquisitions, we may not ultimately strengthen our competitive position or achieve our goals, and any acquisitions we complete could be viewed negatively by our customers, analysts and investors. In addition, if we are unsuccessful at integrating such acquisitions or the technologies associated with such acquisitions, our revenue and results of operations could be adversely affected. We may only be able to conduct limited due diligence on an acquired company’s technology, products and operations. Following an acquisition, we may be subject to liabilities arising from an acquired company’s past or present technology, product and operations, including liabilities related to data security and privacy of customer data and infringement of the intellectual property rights of others, and these liabilities may be greater than the warranty and indemnity limitations that we negotiate. Any liability that is greater than these warranty and indemnity limitations could have a negative impact on our financial condition. Any integration process may require significant time and resources, and we may not be able to manage the process successfully. We may not successfully evaluate or utilize the acquired technology or personnel, or accurately forecast the financial impact of an acquired business, including accounting charges. We may have to pay cash, incur additional debt, or issue equity securities to pay for any such acquisitions, each of which could adversely affect our financial condition or the value of our ordinary shares. The sale of equity or issuance of debt to finance any such acquisitions could result in dilution to our shareholders. The incurrence of additional indebtedness would result in increased fixed obligations and could also include covenants or other restrictions that would impede our ability to manage our operations. See “The terms of our Credit Agreement require us to comply with certain financial covenants and impose restrictions on our business and operations, which creates default risks and reduces our flexibility” below.
In addition, as of December 31, 2021, we had $221.5 million in goodwill and intangible assets, net of accumulated amortization, recorded on our balance sheet as a result of our recent acquisitions. We will incur expenses related to the amortization of intangible assets and we may in the future need to incur charges with respect to the impairment of goodwill or intangible assets, which could adversely affect our operating results.
If we are not able to provide successful updates, enhancements and features to our technology to, among other things, keep up with emerging cyber threats and customer needs, our business could be adversely affected.
Our industry is marked by rapid technological developments and demand for new and enhanced services and features to meet the evolving IT needs of organizations. In particular, cyber threats are becoming increasingly sophisticated and responsive to the new security measures designed to thwart them. If we fail to identify and respond to new and increasingly complex methods of attack and update our products to detect or prevent such threats, our business and reputation will suffer. The success of any new enhancements, features or services that we introduce depends on several factors, including the timely completion, introduction and market acceptance of such enhancements, features or services. We may not be successful in either developing these modifications and enhancements or in bringing them to market in a timely fashion. Furthermore, modifications to existing technologies will increase our research and development expenses. If we are unable to successfully enhance our existing services to meet customer requirements, increase adoption and usage of our services, or develop new services, enhancements, features and products, our business and operating results will be harmed.
Our quarterly results may fluctuate for a variety of reasons and may not fully reflect the underlying performance of our business.
Our quarterly operating results, including the levels of our revenue, gross margin, profitability, cash flow and deferred revenue, may vary significantly in the future, and period-to-period comparisons of our operating results may not be meaningful. Accordingly, the results of any one quarter should not be relied upon as an indication of future performance. Our quarterly financial results may fluctuate as a result of a variety of factors, many of which are outside of our control and, as a result, may not fully reflect the underlying performance of our business. Fluctuations in quarterly results may negatively impact the value of our ordinary shares. Factors that may cause fluctuations in our quarterly financial results include, but are not limited to:
•
the pendency of the Transaction;
•
foreign currency exchange rates;
•
our ability to attract new customers;
•
our net revenue retention rate;
•
the amount and timing of operating expenses related to the maintenance and expansion of our business, operations and infrastructure;
48
•
network outages or security breaches, including our recent security incident;
•
general economic, industry and market conditions, including the continuing impact of the global COVID-19 pandemic, Brexit and economic conditions and societal unrest in South Africa;
•
expenses related to litigation or regulatory matters;
•
increases or decreases in the number of features in our services or pricing changes upon any renewals of customer agreements;
•
changes in our pricing policies or those of our competitors;
•
new variations in sales of our services, which has historically been highest in the fourth quarter of a given fiscal year;
•
the timing and success of new services and service introductions by us and our competitors or any other change in the competitive dynamics of our industry, including consolidation among competitors, customers or strategic partners;
•
restructuring expenses;
•
the impact of acquisitions; and
•
changes in our income tax rate.
We are subject to a number of risks associated with global sales and operations.
We operate a global business with offices located in the United States, the United Kingdom, South Africa, Australia and Germany, as well as several other locations. In the nine months ended December 31, 2021, we generated 51% of our revenue from the United States, 28% from the United Kingdom, 10% from South Africa and 11% from the rest of the world. As a result, our sales and operations are subject to a number of risks and additional costs, including the following:
•
fluctuations in exchange rates between currencies in the markets where we do business, which impacts our reportable revenue and expenses;
•
the disparate impact that the global COVID-19 pandemic is having on different countries and their economies;
•
risks associated with trade restrictions and additional legal requirements, including those related to the exportation of our technology;
•
the need to adapt our solutions for specific countries;
•
greater risk of unexpected changes in regulatory rules, regulations and practices, tariffs and tax laws and treaties;
•
compliance with multiple anti-bribery laws, including the United States Foreign Corrupt Practices Act and the U.K. Anti-Bribery Act;
•
heightened risk of unfair or corrupt business practices in certain geographies, and of improper or fraudulent sales arrangements that may impact financial results and result in restatements of, or irregularities in, financial statements;
•
limited or uncertain protection of intellectual property rights in some countries and the risks and costs associated with monitoring and enforcing intellectual property rights abroad;
•
greater difficulty in enforcing contracts and managing collections in certain jurisdictions, as well as longer collection periods;
•
potential changes in trade relations arising from policy initiatives or other political factors that could negatively impact our purchases of technology among other things;
•
management communication and integration problems resulting from cultural and geographic dispersion;
•
social, economic and political instability, particularly in South Africa where the current economic environment is very challenging;
•
terrorist attacks and security concerns in general; and
•
complex and potentially adverse tax consequences.
49
All of the factors described above, including the previously described risks related to Brexit, and other factors could harm our ability to generate future global revenue and, consequently, materially impact our business, results of operations and financial condition.
If the prices we charge for our services are unacceptable to our customers, our operating results will be harmed.
As the market for our services matures, or as new or existing competitors introduce new products or services that compete with ours, we may experience pricing pressure and be unable to renew our agreements with existing customers or attract new customers at prices that are consistent with our pricing model and operating budget. If this were to occur, it is possible that we would have to change our pricing model or reduce our prices, which could harm our revenue, gross margin and operating results. Pricing decisions may also impact the mix of adoption among our subscription plans and negatively impact our overall revenue. Moreover, large enterprises, which may account for a larger portion of our business in the future, may demand substantial price concessions. Finally, the economic impact of the global COVID-19 pandemic may cause our prospects and existing customers to request price concessions to enable them to purchase our services or renew existing services. If we are, for any reason, required to reduce our prices, our revenue, gross margin, profitability, financial position and cash flow may be adversely affected.
Our research and development efforts may not produce new services or enhancements to existing services that result in significant revenue or other benefits in the near future, if at all.
We invested 19% of our revenue in research and development in each of our fiscal years ended March 31, 2021 and 2020. We expect to continue to dedicate significant financial and other resources to our research and development efforts in order to maintain our competitive position. However, investing in research and development personnel, developing new services and enhancing existing services is expensive and time-consuming, and there is no assurance that such activities will result in significant new marketable services, enhancements to existing services, design improvements, cost savings, revenue or other expected benefits. If we spend significant time and effort on research and development and are unable to generate an adequate return on our investment, our business and results of operations may be materially and adversely affected.
We employ third-party licensed software for use in or with our services, and the inability to maintain these licenses or errors or vulnerabilities in the software we license could result in increased costs, reduced service levels, or security risk, which would adversely affect our business.
Our services incorporate and rely on certain third-party software obtained under licenses from other companies. We anticipate that we will continue to rely on such third-party software and development tools in the future. Although we believe that there are commercially reasonable alternatives to the third-party software we currently license, this may not always be the case, or it may be difficult or costly to replace. In addition, integration of the software used in our services with new third-party software may require significant work and require substantial investment of our time and resources and delays in the release of our services until equivalent technology is either developed by us, or, if available, is identified, obtained and integrated, which could harm our business. A licensor may have difficulties keeping up with technological changes or may stop supporting the software or other intellectual property that it licensed to us. Also, to the extent that our services depend upon the successful operation of third-party software in conjunction with our software, any undetected errors, defects or security vulnerabilities in this third-party software could prevent the deployment or impair the functionality of our services, delay new services introductions, result in a failure of our services, result in security breaches, and injure our reputation. Third-party software could also be used to launch an attack, also known as a supply chain attack, on our corporate and customer production systems resulting in service disruptions and security breaches. Our use of additional or alternative third-party software would require us to enter into additional license agreements with third parties on terms that may not be favorable to us.
50
Natural disasters, power loss, telecommunications failures and similar events could cause interruptions or performance problems associated with our information and technology infrastructure that could impair the delivery of our services and harm our business.
We currently store our customers’ information within third-party data center hosting facilities. As part of our current disaster recovery plans and arrangements, our production environment and all of our customers’ data is currently replicated in near real-time to a facility located in a different location. We cannot provide assurance that the measures we have taken to eliminate single points of failure will be effective to prevent or minimize interruptions to our operations. Our facilities are vulnerable to interruption or damage from a number of sources, many of which are beyond our control, including floods, fires, power loss, telecommunications failures, global pandemics such as COVID-19, the effects of climate change (such as drought, wildfires, increased storm severity and sea level rise), and similar events. They may also be subject to break-ins, sabotage, intentional acts of vandalism and similar misconduct. Any damage to, or failure of, our systems generally could result in interruptions to our service, which may reduce our revenue, cause customers to terminate their subscriptions and adversely affect our renewal rate and our ability to attract new customers. Our business and reputation will also be harmed if our existing and potential customers believe our service is unreliable. The occurrence of a natural disaster, an act of terrorism, a decision to close the facilities without adequate notice or other unanticipated problems at these facilities could result in lengthy interruptions in our service. Even with the disaster recovery arrangements, our service could be interrupted. As we continue to add data centers and add capacity in our existing data centers, we may move or transfer our data and our customers’ data. Any unsuccessful data transfers may impair the delivery of our service. Further, as we continue to grow and scale our business to meet the needs of our customers, additional burdens may be placed on our hosting facilities.
Actions we have taken to restructure our business to better align our resources with our strategy were costly and may not be as effective as anticipated.
In February 2021, we announced a restructuring plan designed to align our resources with our strategy. The restructuring plan, which included a reduction of our workforce by approximately 4%, was designed to permit us to increase investment in strategic growth areas. In connection with the restructuring, we recognized pre-tax charges to our financial results for the year ended March 31, 2021 of approximately $3.3 million, consisting of $3.7 million of severance and other one-time termination benefits, and other restructuring related costs, partially offset by $0.4 million of other adjustments. These charges were primarily cash-based. Restructuring charges during the nine months ended December 31, 2021 were not material. The actions associated with the restructuring plan are now complete.
This type of restructuring activity may result in business disruptions and may not produce the full efficiency and cost reduction benefits anticipated. Furthermore, the benefits may be realized later than expected and the cost of implementing these measures may be greater than anticipated. If these measures are not successful, we may need to undertake additional cost reduction efforts, which could result in future charges. Moreover, the restructuring plan may cause business disruptions with customers and elsewhere if our cost reduction efforts prove ineffective, and our business may not be more efficient or effective than prior to the implementation of the plan. Our restructuring activities, including the related charges and the impact of the related workforce reduction, which may include potential legal claims by impacted employees, could have a material adverse effect on our business, operating results and financial condition.
Legal and Regulatory Risks
Our failure to comply with evolving data privacy, data protection and cloud computing regulations, cross-border data transfer restrictions and other domestic or foreign laws and regulations may result in substantial liability and may limit the use and adoption of, or require modifications to, our products and services, all of which could reduce our revenue, harm our operating results and adversely affect our business.
Given the nature and global reach of our business, including our operations in the United States, our corporate headquarters and operations in London, United Kingdom, our operations in Germany, South Africa and elsewhere, as well as the types of information our customers store on our systems, evolving data privacy and data protection laws and regulations around the world that impose requirements on us as well as our customers will continue to significantly impact our business.
Federal, state and foreign governments continue to adopt new laws and regulations addressing data privacy and data security regarding the collection, processing, transfer, storage and use of personal information that affect the provision of cloud services. For example, in the United States, these include laws and regulations promulgated under the authority of the Federal Trade Commission, the Electronic Communications Privacy Act, the Computer Fraud and Abuse Act, the Health Insurance Portability and Accountability Act of 1996, or HIPAA, the Graham-Leach-Bliley Act of 1999, as well as numerous state breach notification and data privacy laws, and regulator enforcement positions and expectations reflected in federal and state regulatory actions, settlements, consent decrees and guidance documents. In January 2020, the California Consumer Privacy Act of 2018, or CCPA, became effective. The CCPA governs the collection, sale and use of California consumers’ (i.e., California residents’) personal information (as that term is broadly defined by the CCPA), and it has significant impacts on businesses’ handling of personal information and existing privacy policies and procedures. The CCPA gives California consumers expanded rights to access and delete their personal information, opt out of certain
51
personal information sharing, and receive detailed information about how their personal information is used by requiring covered entities to provide new disclosures to California consumers and provide such consumers new ways to opt-out of certain sales of personal information. The CCPA provides for civil penalties for violations, as well as a private right of action for data breaches that is expected to increase data breach litigation. In November 2020, California residents voted to approve a ballot proposition that creates the California Privacy Rights Act, or CPRA, that amends and expands the CCPA to further enhance privacy protections for California residents. The CCPA may subject us to regulatory fines by the State of California, individual claims, and increased commercial liabilities. In addition, the CCPA, as well as data privacy laws that have been proposed or enacted in other U.S. states, may limit our or our customers’ ability to use, process and store certain data, which may decrease adoption of our services, increase our costs for compliance, and harm our business, financial condition, cash flows and results of operations.
Internationally, almost every jurisdiction in which we operate has established its own data security, data protection and data privacy legal frameworks with which we, or our customers, must comply, including the European Union General Data Protection Regulation, or the GDPR. The GDPR applies to any company established in the European Union as well as to those outside the European Union if they collect and use personal data in connection with the offering of goods or services to individuals in the European Union or the monitoring of their behavior. The GDPR has enhanced data protection obligations for data controllers of personal data, including, for example, expanded disclosures about how personal data is to be used, limitations on retention of personal data, and mandatory personal data breach notification requirements. The GDPR also imposes onerous obligations and liabilities on service providers or data processors. Under the GDPR, regulatory fines of up to 20 million Euros or up to 4% of the total worldwide annual turnover of the preceding financial year, whichever is higher, may be imposed. In addition, data subjects can claim damages resulting from violations of the GDPR. The GDPR further grants non-profit organizations the right to bring claims on behalf of data subjects. Following the end of the Brexit transition period on December 31, 2020, the GDPR was adopted in the United Kingdom and is referred to as the ‘UK GDPR’, but there may be further developments about the regulation that may impact data protection and data privacy considerations in the United Kingdom. In South Africa, the Protection of Personal Information Act (“POPIA”) became enforceable as of July, 2021. Similar to the GDPR, the regulation imposes obligations and restrictions on the collection, processing, storage and use of personal information in South Africa. It also restricts the transfer of personal information outside of South Africa unless certain conditions are satisfied. Failure to comply with POPIA would result in regulatory penalties and fines, as well as claims for damages by data subjects. As a result, our customers subject to POPIA may require additional contractual protections from us.
Given the breadth and depth of changes in data privacy and data protection regulations, complying with the various requirements has caused us to expend significant resources and such expenditures are likely to continue into the future as we respond to new interpretations and enforcement actions and as we continue to negotiate data processing agreements with our customers and business partners. In addition, our recent security incident implicated the regulatory notification requirements applicable to us. As a result, our actions with respect to such notifications could be subject to regulatory fines and reputational damage, either of which could harm our operating results and adversely affect our business.
52
To facilitate and legitimize the transfer of both customer and personal data from the European Union and the United Kingdom to the United States, we have relied on the frameworks promulgated by the European Union, Swiss and U.S. authorities, including the EU-U.S. Safe Harbor Framework, EU-U.S. Privacy Shield Framework, and the Swiss-U.S. Privacy Shield Framework While these frameworks have now been invalidated by European authorities, we remain certified under the EU-U.S. and the Swiss-U.S. Privacy Shield frameworks and our obligations thereunder remain in effect. In its decision in July 2020 invalidating the EU-U.S. Privacy Shield Framework, the Court of Justice of the European Union (“CJEU”) affirmed that personal data transfers from the EEA to the United States pursuant to standard contractual clauses, or SCCs, remain a valid transfer mechanism, subject to a requirement that the supervisory authorities in member states continue to review the adequacy of the protection afforded by the SCCs. In June 2021, the European Commission adopted a new set of SCCs providing additional clarity for cross-border transfers of data. Because of the CJEU affirmation, the new SCCs, and the position of the authorities in the United Kingdom to align with European data privacy regulations, we believe that personal data transfers among our global affiliates in accordance with the SCCs comply with applicable European and United Kingdom personal data transfer requirements. However, there is uncertainty associated with the new SCCs, including obligations related to governmental access requests and concerns around new or renegotiated contractual terms with our customers. Further, if these SCCs are ultimately determined to provide inadequate protection for personal data transfers between the European Union, the United Kingdom and the United States, we will be required to identify and implement alternative solutions to ensure that we comply with European and United Kingdom personal data transfer requirements. If we fail to comply fully with privacy laws in the European Union and the United Kingdom, the data protection authorities might impose upon us a number of different sanctions, including fines and restrictions on international personal data transfers.
Data privacy and data protection laws and regulations are subject to new and differing interpretations and there may also be significant inconsistency in laws and regulations throughout the jurisdictions in which we operate or offer our services. Legal and other regulatory requirements could restrict our ability to store and process personal data as part of our services, or, in some cases, impact our ability to offer our services in certain jurisdictions. Such laws and regulations may also impact our customers' ability to deploy certain of our services globally, to the extent they utilize our services for processing personal data. Our strategy in gaining insights from the data we collect as part of our services, particularly threat data, is becoming important to the value of the services we deliver to our customers and to our operational efficiency. Our use of data in this way may be constrained by contractual restrictions or regulatory developments. In addition, in many cases these data privacy and data protection laws and regulations apply not only to transfers of personal data to third parties, but also within an enterprise, including our company or our customers. Finally, if third parties that we engage for the provision of certain functions of our services violate applicable data privacy and data protection laws or regulations or our policies or requirements, such violations may also put our customers’ information at risk which could in turn have an adverse effect on our business.
The costs of compliance with, and other burdens imposed by, data privacy and data protection laws and regulations may require resources to create new services or modify existing services, the failure of which could lead to us being subject to significant fines, penalties or liabilities for noncompliance, and may slow the pace at which we close sales transactions, any of which could harm our business. Compliance with applicable laws and regulations regarding personal data may also require changes in our services that result in increased costs and reduced efficiency. Failure to comply with existing or new data privacy and data protection laws and regulations may result in significant fines or orders to stop the alleged noncompliant activity, as well as negative publicity. Customer may also attempt to terminate our agreements with them or sue us for breach of the data protection provisions of those agreements. As a result, failure to comply with evolving data privacy, data protection and cloud computing regulations may harm our business and our results of operations.
53
We are subject to governmental export controls and funds dealings restrictions that could impair our ability to compete in certain international markets and subject us to liability if we are not in full compliance with applicable laws.
Our software and services may be subject to export controls and we may also be subject to restrictions or prohibitions on transactions with, or on dealing in funds transfers to/from, certain embargoed jurisdictions and sanctioned persons and entities, pursuant to the U.K. Export Control Organisation’s restrictions, the U.K. Treasury’s restrictions, the European Union Council Regulations, the United States Department of Commerce’s Export Administration Regulations, the economic and trade sanctions regulations administered by the United States Treasury Department’s Office of Foreign Assets Controls and United States Department of State, and similar laws that may apply in other jurisdictions in which we operate or sell or distribute our services. Export control and economic sanctions laws include prohibitions on the sale or supply of certain products and services to certain embargoed or sanctioned countries, regions, governments, persons and entities, as well as restrictions or prohibitions on dealing in funds to/from those countries, regions, governments, persons and entities. In addition, various countries regulate the import of certain encryption items and technology through import permitting and licensing requirements and have enacted laws that could limit our ability to distribute our services or could limit our customers’ ability to implement our services in those countries.
The exportation, re-exportation, and importation of our software and services, including by our channel partners, must comply with applicable laws or else we may be adversely affected, through reputational harm, government investigations, penalties, and/or a denial or curtailment of our ability to export our services. Although we take precautions to prevent our services from being provided in violation of such laws, our services may have been in the past, and could in the future be, provided in violation of such laws.
If we are found to be in violation of United States sanctions or export control laws, it could result in substantial fines and penalties for us and for the individuals working for us, including civil penalties over $300,000, or twice the value of the transaction, whichever is greater, per violation, and in the event of conviction for a criminal violation, fines of up to $1 million and possible incarceration for responsible employees and managers for willful and knowing violations. Under the terms of applicable regulations, each instance in which a company provides goods or services, or otherwise acts in violation of export control and sanctions laws, may be considered a separate violation. If we are found to be in violation of U.K. sanctions or export controls, it could also result in unlimited fines for us and responsible employees and managers, as well as imprisonment of up to two years for responsible employees and managers.
Changes in our software or services, or changes in export, sanctions or import laws, may delay the introduction and sale of our services in certain markets, prevent our customers with global operations from deploying our software or services or, in some cases, prevent the export or import of our software or services to certain countries, regions, governments, persons or entities altogether, which could adversely affect our business, financial condition and operating results.
We may become involved in other litigation that may materially adversely affect us.
From time to time, we may become involved in various legal proceedings relating to matters incidental to the ordinary course of our business, including patent, commercial, product liability, data security, contract disputes, employment, class action, whistleblower and other litigation and claims, and governmental and other regulatory investigations and proceedings. Such matters can be time-consuming, divert management’s attention and resources, cause us to incur significant expenses or liability and/or require us to change our business practices. In addition, the expense of litigation and the timing of this expense from period to period are difficult to estimate, subject to change and could adversely affect our results of operations. Because of the potential risks, expenses and uncertainties of litigation, we may, from time to time, settle disputes, even where we have meritorious claims or defenses, by agreeing to settlement agreements. Because litigation is inherently unpredictable, we cannot assure you that the results of any of these actions will not have a material adverse effect on our business, financial condition, results of operations and prospects. For litigation related to the Transaction, see Note 13 to our condensed consolidated financial statements included elsewhere in this Quarterly Report on Form 10-Q.
Human Capital Risks
We are dependent on the continued services and performance of our key employees, including our co-founder, the loss of whom could adversely affect our business.
Our future performance depends upon contributions from our senior management team and, in particular, our co-founder, Peter Bauer, our Chairman and Chief Executive Officer. If our senior management team, including any new hires that we may make, fails to work together effectively and to execute on our plans and strategies on a timely basis, our business could be harmed. The loss of one or more of our executive officers or key employees could have an adverse effect on our business. The loss of services of Mr. Bauer could significantly delay or prevent the achievement of our strategic objectives.
54
We depend on highly skilled personnel to grow and operate our business, and if we are unable to hire, retain and motivate qualified personnel, our business may be adversely impacted.
Our success depends largely upon our continued ability to identify, hire, develop, motivate and retain highly skilled personnel, including senior management, engineers, software developers, sales representatives and customer support representatives. Our growth strategy also depends, in part, on our ability to continue to attract and retain highly skilled personnel. Identifying, recruiting, training and integrating qualified individuals requires significant time, expense and attention of management. Competition for these personnel is intense, especially for engineers experienced in designing and developing software and software as a service applications, and for experienced enterprise sales professionals. In addition, the global COVID-19 pandemic has made hiring more difficult, particularly when the hiring process, from sourcing to interviewing to onboarding to training, must be done remotely. We have, from time to time experienced, and we expect to continue to experience, difficulty in hiring and retaining employees with appropriate qualifications. Many of the companies with which we compete for experienced personnel have greater resources than we have. If we hire employees from competitors or other companies, their former employers may assert that these employees or we have breached their legal obligations, resulting in a diversion of our time and resources. In addition, prospective and existing employees often consider the value of the equity awards they receive in connection with their employment. If the actual or perceived value of our equity awards declines, or experiences significant volatility, it may adversely affect our ability to recruit and retain key employees. If we are not able to effectively recruit and retain qualified employees, our ability to achieve our strategic objectives will be adversely impacted, and our business will be harmed.
Our recent workforce reduction could negatively impact our future hiring plans and employees who are not impacted, which may adversely affect our business.
The workforce reductions made in connection with the restructuring we announced in February 2021 may adversely affect our ability to attract and retain highly skilled employees. Even if our key employees were not directly affected by these reductions, the termination of others may have a negative impact on morale and our culture and our ability to retain current employees, as well as our ability to attract qualified new employees in the future.
Risks Related to Intellectual Property
We have been sued in the past and may in the future be sued by third parties for alleged infringement of their proprietary rights.
There is considerable patent and other intellectual property development activity in our industry. Our success depends, in part, on our not infringing upon the intellectual property rights of others. Our competitors, as well as a number of other entities, including non-practicing patent entities, or NPEs, which are entities that have no operating business but exist purely as collectors of patents, and individuals, may own or claim to own intellectual property relating to our industry. Patent and other intellectual property disputes are common and third parties are currently claiming, have claimed, and may in the future claim that we are infringing upon their intellectual property rights or send us letters proposing that we license certain of their patents. In particular, there are a number of NPEs in the security industry that are particularly aggressive about pursuing alleged infringement of their patents. Given this and the proliferation of lawsuits in our industry and other similar industries by both NPEs and operating entities, we have been sued for patent infringement and expect that we may be sued by others at some point in the future, regardless of the merits of any such lawsuits. See Part II, Item 1 “Legal Proceedings” in this Quarterly Report on Form 10-Q. We closely monitor all such claims and respond as appropriate. We may also be unaware of the intellectual property rights that others may claim cover some or all of our technology or services. Any claims or litigation could cause us to incur significant expenses and, if successfully asserted against us, could require that we pay substantial damages or ongoing royalty payments, prevent us from offering our services, or require that we comply with other unfavorable terms. Under all of our sales contracts, we are obligated to indemnify our customers and channel partners against third-party infringement claims, and we may also be obligated to pay substantial settlement costs, including royalty payments, in connection with any such claim or litigation and to obtain licenses, modify services or refund fees, any of which could be costly. Even if we were to prevail in any such dispute, litigation regarding intellectual property is very costly and time-consuming and diverts the attention of our management and key personnel from our business operations.
Any failure to protect our intellectual property rights could impair our ability to protect our proprietary technology and our brand.
Our success and ability to compete depend in part on our intellectual property. We primarily rely on copyright, trade secret and trademark laws, trade secret protection and confidentiality or license agreements with our employees, customers, partners and others to protect our intellectual property rights. However, the steps we take to protect our intellectual property rights may be inadequate. As of December 31, 2021, we had 38 patents issued and 17 patent applications pending in the United States. We also had one patent issued in the United Kingdom. We may not be able to obtain any further patents, and our pending applications may not result in the issuance of patents. We have issued patents and pending patent applications outside the United States, and we may have to expend significant resources to obtain additional patents as we expand our international operations due to the cost of monitoring and protecting our rights across multiple jurisdictions.
55
In order to protect our intellectual property rights, we may be required to spend significant resources to monitor and protect these rights. Litigation brought to protect and enforce our intellectual property rights could be costly, time-consuming and distracting to management and could result in the impairment or loss of portions of our intellectual property. Failure to adequately enforce our intellectual property rights could also result in the impairment or loss of those rights. Furthermore, our efforts to enforce our intellectual property rights may be met with defenses, counterclaims and countersuits attacking the validity and enforceability of our intellectual property rights. Patent, copyright, trademark and trade secret laws offer us only limited protection and the laws of many of the countries in which we sell our services do not protect proprietary rights to the same extent as the United States and Europe. Accordingly, defense of our trademarks and proprietary technology may become an increasingly important issue as we continue to expand our operations and solution development into countries that provide a lower level of intellectual property protection than the United States or Europe. Policing unauthorized use of our intellectual property and technology is difficult and the steps we take may not prevent misappropriation of the intellectual property or technology on which we rely. For example, in the event of inadvertent or malicious disclosure of our proprietary technology, trade secret laws may no longer afford protection to our intellectual property rights in the areas not otherwise covered by patents or copyrights. Accordingly, we may not be able to prevent third parties from infringing upon or misappropriating our intellectual property. Our failure to secure, protect and enforce our intellectual property rights could materially adversely affect our brand and our business.
We may elect to initiate litigation in the future to enforce or protect our proprietary rights or to determine the validity and scope of the rights of others. That litigation may not be ultimately successful and could result in substantial costs to us, the reduction or loss in intellectual property protection for our technology, the diversion of our management’s attention and harm to our reputation, any of which could materially and adversely affect our business and results of operations.
Confidentiality arrangements with employees and others may not adequately prevent disclosure of trade secrets and other proprietary information.
We have devoted substantial resources to the development of our technology, business operations and business plans. In order to protect our trade secrets and proprietary information, we rely in significant part on confidentiality arrangements with our employees, licensees, independent contractors, advisers, channel partners, resellers and customers. These arrangements may not be effective to prevent disclosure of confidential information, including trade secrets, and may not provide an adequate remedy in the event of unauthorized disclosure of confidential information. In addition, if others independently discover trade secrets and proprietary information, we would not be able to assert trade secret rights against such parties. Effective trade secret protection may not be available in every country in which our services are available or where we have employees or independent contractors. The loss of trade secret protection could make it easier for third parties to compete with our solutions by copying functionality. In addition, any changes in, or unexpected interpretations of, the trade secret and employment laws in any country in which we operate may compromise our ability to enforce our trade secret and intellectual property rights. Costly and time-consuming litigation could be necessary to enforce and determine the scope of our proprietary rights, and failure to obtain or maintain trade secret protection could adversely affect our competitive business position.
We may be subject to damages resulting from claims that our employees or contractors have wrongfully used or disclosed alleged trade secrets or confidential information of their former employers or other parties.
We could in the future be subject to claims that employees or contractors, or we, have inadvertently or otherwise used or disclosed trade secrets or other proprietary information of our competitors or other parties. Litigation may be necessary to defend against these claims. If we fail in defending against such claims, a court could order us to pay substantial damages and prohibit us from using technologies or features that are essential to our solutions, if such technologies or features are found to incorporate or be derived from the trade secrets or other proprietary information of these parties. In addition, we may lose valuable intellectual property rights or personnel. A loss of key personnel or their work product could hamper or prevent our ability to develop, market and support potential solutions or enhancements, which could severely harm our business. Even if we are successful in defending against these claims, such litigation could result in substantial costs and be a distraction to management.
The use of open source software in our offerings may expose us to additional risks, including security risks, and harm our intellectual property.
Open source software is typically freely accessible, usable and modifiable. Certain open source software licenses require a user who intends to distribute the open source software as a component of the user’s software to disclose publicly part or all of the source code to the user’s software. In addition, certain open source software licenses require the user of such software to make any derivative works of the open source code available to others on unfavorable terms or at no cost. This can subject previously proprietary software to open source license terms.
56
We monitor and control our use of open source software in an effort to avoid unanticipated conditions or restrictions on our ability to successfully commercialize our products and solutions and believe that our compliance with the obligations under the various applicable licenses has mitigated the risks that we have triggered any such conditions or restrictions. However, such use may have inadvertently occurred in the development and offering of our products and solutions, particularly in situations where we acquired technology from third parties through acquisitions. Additionally, if a third-party software provider has incorporated certain types of open source software into software that we have licensed from such third-party, we could be subject to the obligations and requirements of the applicable open source software licenses. This could harm our intellectual property position and have a material adverse effect on our business, results of operations and financial condition.
The terms of many open source software licenses have not been interpreted by United States or foreign courts, and there is a risk that those licenses could be construed in a manner that imposes unanticipated conditions or restrictions on our ability to successfully commercialize our products and solutions. For example, certain open source software licenses may be interpreted to require that we offer our products or solutions that use the open source software for no cost; that we make available the source code for modifications or derivative works we create based upon, incorporating or using the open source software (or that we grant third parties the right to decompile, disassemble, reverse engineer, or otherwise derive such source code); that we license such modifications or derivative works under the terms of the particular open source license; or that otherwise impose limitations, restrictions or conditions on our ability to use, license, host, or distribute our products and solutions in a manner that limits our ability to successfully commercialize our products.
We could, therefore, be subject to claims alleging that we have not complied with the restrictions or limitations of the applicable open source software license terms or that our use of open source software infringes the intellectual property rights of a third party. In that event, we could incur significant legal expenses, be subject to significant damages, be enjoined from further sale and distribution of our products or solutions that use the open source software, be required to pay a license fee, be forced to reengineer our products and solutions, or be required to comply with the foregoing conditions of the open source software licenses (including the release of the source code to our proprietary software), any of which could adversely affect our business. Even if these claims do not result in litigation or are resolved in our favor or without significant cash settlements, the time and resources necessary to resolve them could harm our business, results of operations, financial condition and reputation.
Additionally, the use of open source software can lead to greater risks than the use of third-party commercial software, as open source software does not come with warranties or other contractual protections regarding indemnification, infringement claims or the quality of the code. Open source software may also include malicious code or security vulnerabilities.
Financial Risks
Because we recognize revenue from subscriptions for our services over the term of the agreement, downturns or upturns in new business may not be immediately reflected in our operating results and may be difficult to discern.
We generally recognize subscription revenue from customers ratably on a straight-line basis over the terms of their subscription agreements, which are typically one year in duration. As a result, most of the revenue we report in each quarter is derived from the recognition of deferred revenue relating to subscription agreements entered into during the previous fiscal year or quarter. Consequently, a decline in new or renewed subscriptions with yearly terms in any one quarter may have a small impact on our operating revenue results for that quarter. However, such decline will negatively affect our revenue in future quarters. Accordingly, the effect of significant downturns in sales and market acceptance of our services, resulting from the impact of the global COVID-19 pandemic, our recent security incident, or otherwise, and potential changes in our pricing and packaging policies or retention rate may not be fully reflected in our operating results until future periods. Shifts in the mix of annual versus monthly subscription billings may also make it difficult to assess our business. We may also be unable to reduce our cost structure in line with a significant deterioration in sales. In addition, a significant majority of our costs are expensed as incurred, while revenue is recognized over the life of the agreement with our customer. As a result, increased growth in the number of our customers could continue to result in our recognition of more costs than revenue in the earlier periods of the terms of our agreements. Our subscription model also makes it difficult for us to rapidly increase our revenue through additional sales in any period, as revenue from new customers is recognized over the applicable subscription term.
57
We have incurred net losses in the past, and we may not be able to sustain profitability for the foreseeable future.
Historically, we have incurred periods of net income and net losses. As of December 31, 2021, we had an accumulated deficit of $12.4 million. We have been growing rapidly, and, as we do so, we incur significant sales and marketing, support, research and development and other related expenses. Our ability to sustain profitability will depend in significant part on our obtaining new customers, expanding our existing customer relationships and ensuring that our expenses, including our sales and marketing expenses and the cost of supporting new customers, does not exceed our revenue. We also expect to make significant expenditures and investments in research and development to expand and improve our services and technical infrastructure. In addition, as a public company, we expect to continue to incur significant legal, accounting and other expenses. These increased expenditures may make it harder for us to maintain profitability and we cannot predict when we will achieve sustained profitability, if at all. We also may incur net losses in the future for a number of other unforeseen reasons. Accordingly, we may not be able to maintain profitability, and we may incur losses in the foreseeable future.
Fluctuations in currency exchange rates could adversely affect our business.
The functional currency of our operating subsidiaries is generally the local currency of each entity and our reporting currency is the U.S. dollar. For the nine months ended December 31, 2021, 54% of our revenue was denominated in U.S. dollars, 26% in British pounds, 10% in South African rand and 10% in other currencies. Given that the functional currency of our subsidiaries is generally the local currency of each entity, but our reporting currency is the U.S. dollar, fluctuations in currency exchange rates between the U.S. dollar and each of the British pound, the South African rand and the Australian dollar could materially and adversely affect our business. There may be instances in which costs and revenue will not be matched with respect to currency denomination. We estimate that a 10% increase or decrease in the value of the British pound against the U.S. dollar would have decreased or increased our income from operations by approximately $0.5 million in the nine months ended December 31, 2021 and that a 10% increase or decrease in the value of the South African rand against the U.S. dollar would have increased or decreased our income from operations by approximately $2.7 million in the nine months ended December 31, 2021. To date, we have not entered into any currency hedging contracts. As a result, to the extent we continue our expansion on a global basis, we expect that increasing portions of our revenue, cost of revenue, assets and liabilities will be subject to fluctuations in currency valuations. We may experience economic loss and a negative impact on earnings or net assets solely as a result of currency exchange rate fluctuations.
The global COVID-19 pandemic has had and may continue to have an impact on currency exchange rate volatility, which could impact our results of operations and make our internal financial forecasting difficult. In addition, Brexit may continue to have a significant impact on currency exchange rates and the global and European economy generally. The outcome of the referendum and the resulting uncertainty regarding the status of the United Kingdom’s withdrawal from the European Union caused volatility in global stock markets and foreign currency exchange rate fluctuations, including the strengthening of the U.S. dollar against the British pound and the Euro, which may continue or worsen now that the withdrawal has occurred and the Brexit transition period ended on December 31, 2020. Finally, the South African economy faces a number of challenges, including slow economic growth and high unemployment. These challenges combined with the continuing impact of the global COVID-19 pandemic have made the South African rand highly volatile over the past year. As described above, significant fluctuations in currency exchange rates between the South African rand and the U.S. dollar will impact our results of operations.
The terms of our Credit Agreement require us to comply with certain financial covenants and impose restrictions on our business and operations, which creates default risks and reduces our flexibility.
In July 2018, we entered into the Credit Agreement by and among us, certain of our subsidiaries party thereto, as guarantors, certain financial institutions party thereto from time to time, as lenders, and the Administrative Agent. The Credit Agreement provided us with a $100.0 million senior secured term loan and a $50.0 million senior secured revolving credit facility. We amended the Credit Agreement in June 2020. The Credit Agreement requires compliance with significant financial and non-financial covenants, including affirmative covenants relating to the provision of annual and quarterly financial statements and compliance certificates, maintenance of property, insurance, compliance with laws and environmental matters and negative covenants, including, among others, restrictions on the incurrence of certain indebtedness, granting of liens, making investments and acquisitions, mergers and consolidations, paying dividends, entering into affiliate transactions and asset sales. The Credit Agreement also provides for a number of events of default, including, among others, payment, bankruptcy, covenant, representation and warranty, default under material indebtedness (other than the Credit Agreement), change of control and judgment defaults.
58
As a result of the negative covenants, we may be restricted from engaging in business or operating activities that may otherwise improve our business or from financing future operations or capital needs. Failure to comply with the covenants, including the financial covenants, if not cured or waived, will result in an event of default that could trigger acceleration of our indebtedness, which would require us to repay all amounts owing under our Credit Agreement and could have a material adverse impact on our business. Overdue amounts under the Credit Agreement accrue interest at a default rate. We cannot be certain that our future operating results will be sufficient to ensure compliance with the financial covenants in our Credit Agreement or to remedy any defaults. In addition, in the event of any event of default and related acceleration, we may not have or be able to obtain sufficient funds to make the accelerated payments required under the Credit Agreement. For more information on the Credit Agreement, see Part I, Item 2, “Management’s Discussion and Analysis of Financial Condition and Results of Operations – Liquidity and Capital Resources.”
If we need to raise additional capital to expand our operations and invest in new technologies in the future and cannot raise it on acceptable terms or at all, our ability to compete successfully may be harmed.
We believe that our existing cash and cash equivalents together with available capacity under our Credit Facility will be sufficient to meet our anticipated cash requirements for at least the next twelve months. However, unforeseen circumstances may arise which may mean that we may need to raise additional funds, and we may not be able to obtain additional debt or equity financing on favorable terms, if at all, or because of restrictions in our Credit Agreement. If we raise additional equity financing, our security holders may experience significant dilution of their ownership interests and the value of our ordinary shares could decline. If we engage in additional debt financing, we may be required to obtain the Administrative Agent’s consent and/or accept terms that are more restrictive than the terms currently applicable to us under the Credit Agreement. If we need additional capital and cannot raise it on acceptable terms, if at all, we may not be able to, among other things:
•
develop and enhance our services;
•
continue to expand our research and development, and sales and marketing organizations;
•
hire, train and retain key employees;
•
respond to competitive pressures or unanticipated working capital requirements; or
•
pursue acquisition opportunities.
Our inability to do any of the foregoing could reduce our ability to compete successfully and harm our results of operations.
We must maintain proper and effective internal controls over financial reporting and any failure to maintain the adequacy of these internal controls may adversely affect investor confidence in our company and, as a result, the value of our ordinary shares.
We are required, pursuant to Section 404 of the Sarbanes-Oxley Act of 2002, or Section 404, and the related rules adopted by the SEC, to furnish a report by management on, among other things, the effectiveness of our internal control over financial reporting on an annual basis. This assessment includes disclosure of any material weaknesses identified by our management in our internal control over financial reporting. During the evaluation and testing process, if we identify one or more material weaknesses in our internal control over financial reporting, we will be unable to assert that our internal controls are effective.
In addition, our independent registered public accounting firm must attest to the effectiveness of our internal control over financial reporting under Section 404. Our independent registered public accounting firm may issue a report that is adverse in the event it is not satisfied with the level at which our controls are documented, designed or operating. We may not be able to remediate any future material weaknesses, or to complete our evaluation, testing and any required remediation in a timely fashion. We are also required to disclose significant changes made in our internal control procedures on a quarterly basis. Our compliance with Section 404 requires that we incur substantial accounting expense and expend significant management efforts.
Any failure to maintain internal control over financial reporting could severely inhibit our ability to accurately report our financial condition or results of operations. If we are unable to assert that our internal control over financial reporting is effective or our independent registered public accounting firm is unable to express an opinion on the effectiveness of our internal controls when it is required to issue such opinion, we could lose investor confidence in the accuracy and completeness of our financial reports, the market price of our ordinary shares could decline, and we could be subject to sanctions or investigations by the Nasdaq Global Select Market, the SEC or other regulatory authorities.
59
Tax Risks
We are a multinational organization faced with increasingly complex tax issues in many jurisdictions, and we could be obligated to pay additional taxes in various jurisdictions.
As a multinational organization, we may be subject to taxation in several jurisdictions around the world with increasingly complex tax laws, the application of which can be uncertain. The amount of taxes we pay in these jurisdictions could increase substantially as a result of changes in the applicable tax principles, including increased tax rates, new tax laws or revised interpretations of existing tax laws and precedents, which could have a material adverse effect on our liquidity and results of operations. In addition, the authorities in these jurisdictions could review or audit our tax returns and general tax compliance and impose additional tax, interest and penalties, and the authorities could claim that various withholding requirements apply to us or our subsidiaries or assert that benefits of tax treaties are not available to us or our subsidiaries. Furthermore, one or more jurisdictions in which we do not believe we are currently subject to tax payment, withholding, or filing requirements, could assert that we are subject to such requirements. Any of these claims or assertions could have a material impact on us and the results of our operations, including our cash flow. In addition, as a result of efforts by governments to address the continuing global COVID-19 pandemic, among other considerations, we believe that there will be legislation to increase corporate tax rates in many of the jurisdiction in which we conduct business, including in the United Kingdom and in the United States. Such legislation, if enacted, could negatively impact our financial results.
A change in our tax residence could have a negative effect on our future profitability.
Although we are organized under the laws of the Bailiwick of Jersey, our affairs are, and are intended to continue to be, managed and controlled in the United Kingdom for tax purposes and therefore we are resident in the United Kingdom for U.K. and Jersey tax purposes. It is possible that in the future, whether as a result of a change in law or the practice of any relevant tax authority or as a result of any change in the conduct of our affairs or for any other reason, we could become, or be regarded as having become, a resident in a jurisdiction other than the United Kingdom. If we cease to be a U.K. tax resident, we may be subject to a charge to U.K. corporation tax on chargeable gains on our assets and to unexpected tax charges in other jurisdictions on our income. Similarly, if the tax residency of any of our subsidiaries were to change from their current jurisdiction for any of the reasons listed above, we may be subject to a charge to local capital gains tax on the assets.
Taxing authorities could reallocate our taxable income among our subsidiaries, which could increase our consolidated tax liability.
We conduct operations world-wide through subsidiaries in various tax jurisdictions pursuant to transfer pricing arrangements between us and our subsidiaries. If two or more affiliated companies are located in different countries, the tax laws or regulations of each country generally will require that transfer prices be the same as those between unrelated companies dealing at arm’s length and that appropriate documentation is maintained to support the transfer pricing. While we believe that we operate in compliance with applicable transfer pricing laws and intend to continue to do so, our transfer pricing procedures are not binding on applicable tax authorities. If tax authorities in any of these countries were to successfully challenge our transfer prices as not reflecting arms’ length transactions, they could require us to adjust our transfer prices and thereby reallocate our income to reflect these revised transfer prices, which could result in a higher tax liability to us. In addition, if the country from which the income is reallocated does not agree with the reallocation, both countries could tax the same income, resulting in double taxation. If tax authorities were to allocate income to a higher tax jurisdiction, subject our income to double taxation or assess interest and penalties, it would increase our consolidated tax liability, which could adversely affect our financial condition, results of operations and cash flows. Double taxation should be mitigated in these circumstances where the affiliated parties that are subject to the transfer pricing adjustments are able to benefit from any applicable double taxation agreement.
Our ability to use our net operating loss or tax credit carry forwards may be subject to limitation.
As of December 31, 2021, we had net operating loss carryforwards in the U.K., U.S. federal and state, Australia, Germany, Israel, and Canada. U.S. federal net operating losses generated through the fiscal year ending March 31, 2018 expire at various dates through 2038 while U.S. federal net operating losses generated after March 31, 2018 do not expire. Substantially all U.S. state net operating loss carryforwards expire at various dates through 2041. Net operating losses in Canada expire in 2041. Net operating loss carryforwards in the U.K., Australia, Germany and Israel do not expire. As of December 31, 2021, we had U.K. income tax credit carryforwards that do not expire. As of December 31, 2021, we had Israel income tax credit carryforwards that expire at various dates from 2024 through 2026.
Each jurisdiction in which we operate may have its own limitations on our ability to utilize net operating loss or tax credit carryforwards generated in that jurisdiction that may increase our U.K. and/or foreign income tax liability.
60
Under Section 382 of the U.S. Internal Revenue Code of 1986, if a corporation undergoes an ownership change, the corporation’s ability to use its pre-change net operating loss carryforwards to offset its post-change income and taxes may be limited. In general, an ownership change occurs if there is a 50 percent cumulative change in ownership of the company over a rolling three-year period. Similar rules may apply under U.S. state tax laws. We believe that we have experienced an ownership change in the past and may experience ownership changes in the future resulting from future transactions in our share capital, some of which may be outside our control. Based on the most recent analysis, we do not anticipate a material limitation on the utilization of our tax attributes. However, our ability to utilize net operating loss carryforwards or other tax attributes to offset U.S. federal and state taxable income in the future may be subject to future limitations.
U.S. holders of our ordinary shares could be subject to material adverse tax consequences if we are considered a Passive Foreign Investment Company, or PFIC, for U.S. federal income tax purposes.
We do not believe that we were a PFIC for U.S. federal income tax purposes during the tax year ending March 31, 2021 and do not expect to be a PFIC for U.S. federal income tax purposes in the current tax year. We also do not expect to become a PFIC in the foreseeable future, but the possible status as a PFIC must be determined annually and therefore may be subject to change. If we are at any time treated as a PFIC, such treatment could result in a reduction in the after-tax return to U.S. holders of our ordinary shares and may cause a reduction in the value of such shares. Furthermore, if we are at any time treated as a PFIC, U.S. holders of our ordinary shares could be subject to greater U.S. income tax liability than might otherwise apply, imposition of U.S. income tax in advance of when tax would otherwise apply and detailed tax filing requirements that would not otherwise apply. For U.S. federal income tax purposes, “U.S. holders” include individuals and various entities. A corporation is classified as a PFIC for any taxable year in which (i) at least 75% of its gross income is passive income or (ii) at least 50% of the average quarterly value of all its total gross assets is attributable to assets that produce or are held for the production of passive income. For this purpose, passive income includes certain dividends, interest, royalties and rents that are not derived in the active conduct of a trade or business. The PFIC rules are complex and a U.S. holder of our ordinary shares is urged to consult its own tax advisors regarding the possible application of the PFIC rules to it in its particular circumstances.
Risks Related to Owning Our Ordinary Shares and Our Organization in Jersey, Channel Islands
Our share price has been and may continue to be volatile.
The market price of our ordinary shares may decline. In addition, the market price of our ordinary shares could be highly volatile and may fluctuate substantially as a result of many factors, many of which we cannot control, including:
•
the ongoing global impact of the continuing COVID-19 pandemic and the impact on our business;
•
actual or anticipated fluctuations in our results of operations;
•
variance in our financial performance from the expectations of market analysts;
•
announcements by us or our competitors of significant business developments, changes in service provider relationships, acquisitions or expansion plans;
•
changes in the prices of our services or those of our competitors;
•
our involvement in litigation, including patent litigation;
•
security breaches, including our recent security incident, and litigation and regulatory investigations resulting from such breaches;
•
our sale of ordinary shares or other securities in the future;
•
market conditions in our industry;
•
changes in key personnel;
•
the trading volume of our ordinary shares;
•
changes in the estimation of the future size and growth rate of our markets; and
•
general economic and market conditions, both in the United States and internationally.
In addition, the stock markets have recently experienced extreme price and volume fluctuations, both as a result of the global COVID-19 pandemic and for other reasons. Broad market and industry factors may materially harm the market price of our ordinary shares, regardless of our operating performance. In the past, following periods of volatility in the market price of a company’s securities, securities class action litigation has often been instituted against that company. If we were involved in any similar litigation, we could incur substantial costs and our management’s attention and resources could be diverted.
61
If securities or industry analysts cease to publish research or publish inaccurate or unfavorable research about our business, our share price and trading volume could decline.
The trading market for our ordinary shares depends in part on the research and reports that securities or industry analysts publish about us or our business. If one or more of the analysts who covers us downgrades our shares or publishes inaccurate or unfavorable research about our business, our share price would likely decline. If one or more of these analysts ceases coverage of us or fails to publish reports on us regularly, demand for our shares could decrease, which could cause our share price and trading volume to decline.
We do not expect to pay dividends and investors should not buy our ordinary shares expecting to receive dividends.
We do not anticipate that we will declare or pay any dividends in the foreseeable future, and our ability to do so may be constrained by restrictions in our Credit Agreement or future debt arrangements, if any, by Jersey law, and by the Transaction Agreement. Consequently, investors will only realize an economic gain on their investment in our ordinary shares if the price appreciates. Investors should not purchase our ordinary shares expecting to receive cash dividends. Since we do not pay dividends, and if we are not successful in sustaining an orderly trading market for our shares, then investors may not have any manner to liquidate or receive any payment on their investment. Therefore, our failure to pay dividends may cause investors to not see any return on their investment even if we are successful in our business operations.
U.S. shareholders may not be able to enforce civil liabilities against us.
Certain of our directors and executive officers are not residents of the United States, and all or a substantial portion of the assets of such persons are located outside the United States. As a result, it may not be possible for investors to effect service of process within the United States upon such persons or to enforce against them judgments obtained in U.S. courts predicated upon the civil liability provisions of the federal securities laws of the United States.
There is also a doubt as to the enforceability in England and Wales and Jersey, whether by original actions or by seeking to enforce judgments of U.S. courts, of claims based on the federal securities laws of the United States. In addition, punitive damages in actions brought in the United States or elsewhere may be unenforceable in England and Wales and Jersey.
The rights afforded to shareholders are governed by Jersey law. Not all rights available to shareholders under English law or U.S. law will be available to shareholders.
The rights afforded to shareholders will be governed by Jersey law and by our Articles of Association, and these rights differ in certain respects from the rights of shareholders in typical English companies and U.S. corporations. In particular, Jersey law significantly limits the circumstances under which shareholders of companies may bring derivative actions and, in most cases, only the corporation may be the proper claimant or plaintiff for the purposes of maintaining proceedings in respect of any wrongful act committed against it. Neither an individual nor any group of shareholders has any right of action in such circumstances. In addition, Jersey law does not afford appraisal rights to dissenting shareholders in the form typically available to shareholders of a U.S. corporation.
62