As filed with the Securities and Exchange Commission on February 27, 2015
Registration No. 333-
UNITED STATES
SECURITIES AND EXCHANGE COMMISSION
Washington, D.C. 20549
Form F-1
REGISTRATION STATEMENT
UNDER
THE SECURITIES ACT OF 1933
CyberArk Software Ltd.
(Exact Name of Registrant as Specified in its Charter)
State of Israel | 7372 | Not Applicable | ||
(State or Other Jurisdiction of Incorporation or Organization) |
(Primary Standard Industrial Classification Code Number) |
(I.R.S. Employer Identification No.) |
CyberArk Software Ltd.
94 Em-Hamoshavot Road
Park Ofer, P.O. Box 3143
Petach Tikva 4970602, Israel
+972 (3) 918-0000
(Address, including zip code, and telephone number, including area code, of Registrants principal executive offices)
Cyber-Ark Software, Inc.
60 Wells Avenue
Suite 103
Newton, MA 02459
(617) 965-1544
(Name, address, including zip code, and telephone number, including area code, of agent for service)
Copies to:
Colin J. Diamond, Esq. Joshua G. Kiernan, Esq. White & Case LLP 1155 Avenue of the Americas New York, NY 10036 Tel: (212) 819-8200 Fax: (212) 354-8113 |
Dan Shamgar, Adv. David S. Glatt, Adv. Meitar Liquornik Geva Leshem Tal 16 Abba Hillel Silver Rd. Ramat Gan 5250608, Israel Tel: +972 (3) 610-3100 Fax: +972 (3) 610-3111 |
Mark T. Bettencourt, Esq. Michael J. Minahan, Esq. Gregg L. Katz, Esq. Goodwin Procter LLP 53 State Street Boston, MA 02109 Tel: (617) 570-1000 Fax: (617) 523-1231 |
Tuvia J. Geffen, Adv. Naschitz, Brandes, Amir & Co. 5 Tuval Street Tel Aviv 6789717, Israel Tel: +972 (3) 623-5000 Fax: +972 (3) 623-5005 |
Approximate date of commencement of proposed sale to the public: As soon as practicable after effectiveness of this registration statement.
If any of the securities being registered on this Form are to be offered on a delayed or continuous basis pursuant to Rule 415 under the Securities Act of 1933, check the following box. ¨
If this Form is filed to register additional securities for an offering pursuant to Rule 462(b) under the Securities Act, check the following box and list the Securities Act registration statement number of the earlier effective registration statement for the same offering. ¨
If this Form is a post-effective amendment filed pursuant to Rule 462(c) under the Securities Act, check the following box and list the Securities Act registration statement number of the earlier effective registration statement for the same offering. ¨
If this Form is a post-effective amendment filed pursuant to Rule 462(d) under the Securities Act, check the following box and list the Securities Act registration statement number of the earlier effective registration statement for the same offering. ¨
CALCULATION OF REGISTRATION FEE
| ||||
Title of Each Class of Securities to be Registered |
Proposed Maximum Offering Price(1) |
Amount of Registration Fee(2) | ||
Ordinary shares, par value NIS 0.01 |
$200,000,000 | $23,240 | ||
| ||||
|
(1) | Estimated solely for the purpose of computing the amount of the registration fee pursuant to Rule 457(o) of the Securities Act of 1933 as amended. |
(2) | Calculated pursuant to Rule 457(o) under the Securities Act of 1933, as amended, based on the proposed maximum aggregate offering price. |
The Registrant hereby amends this Registration Statement on such date or dates as may be necessary to delay its effective date until the Registrant shall file a further amendment which specifically states that this Registration Statement shall thereafter become effective in accordance with Section 8(a) of the Securities Act or until the Registration Statement shall become effective on such date as the Securities and Exchange Commission, acting pursuant to said Section 8(a), may determine.
The information in this prospectus is not complete and may be changed. The selling shareholders may not sell these securities until the registration statement filed with the Securities and Exchange Commission is effective. This prospectus is not an offer to sell these securities, and the selling shareholders are not soliciting an offer to buy these securities in any jurisdiction where the offer or sale is not permitted.
Subject to completion, dated February 27, 2015
Preliminary Prospectus
Shares
Ordinary Shares
The selling shareholders named in this prospectus are selling of our ordinary shares. We will not receive any proceeds from the sale of ordinary shares by the selling shareholders.
Our ordinary shares are listed on the NASDAQ Global Select Market under the symbol CYBR. On February 26, 2015, the last reported sales price of our ordinary shares was $62.46 per share.
Per Share | Total | |||||||
Public offering price |
$ | $ | ||||||
Underwriting discounts and commissions(1) |
$ | $ | ||||||
Proceeds to the selling shareholders (before expenses) |
$ | $ |
(1) | See Underwriting (Conflicts of Interest) for a description of compensation payable to the underwriters. |
The selling shareholders have granted the underwriters an option to purchase up to additional ordinary shares from the selling shareholders, at the public offering price, less the underwriting discount, for 30 days after the date of this prospectus.
We are an emerging growth company as defined under the federal securities laws and, as such, may elect to comply with certain reduced public company reporting requirements for future filings.
Investing in our ordinary shares involves a high degree of risk. See Risk Factors beginning on page 11.
Neither the Securities and Exchange Commission nor any state securities commission has approved or disapproved of these securities or determined if this prospectus is truthful or complete. Any representation to the contrary is a criminal offense.
The underwriters expect to deliver the ordinary shares to purchasers on or about , 2015.
Goldman, Sachs & Co. | Deutsche Bank Securities | Barclays | BofA Merrill Lynch | |||
William Blair | Nomura | Oppenheimer & Co. |
, 2015
Page | ||||
1 | ||||
11 | ||||
32 | ||||
33 | ||||
34 | ||||
35 | ||||
36 | ||||
37 | ||||
38 | ||||
Managements Discussion and Analysis of Financial Condition and Results of Operations |
41 | |||
62 | ||||
81 | ||||
107 | ||||
110 | ||||
112 | ||||
117 | ||||
Taxation and Israeli Government Programs Applicable to Our Company |
119 | |||
123 | ||||
131 | ||||
138 | ||||
139 | ||||
140 | ||||
141 | ||||
F-1 |
Neither we, the selling shareholders nor the underwriters have authorized anyone to provide information different from that contained in this prospectus, any amendment or supplement to this prospectus or in any free writing prospectus prepared by us or on our behalf. Neither we, the selling shareholders nor the underwriters take any responsibility for, and can provide no assurance as to the reliability of, any information other than the information in this prospectus and any free writing prospectus prepared by us or on our behalf. Neither the delivery of this prospectus nor the sale of our ordinary shares means that information contained in this prospectus is correct after the date of this prospectus. This prospectus is not an offer to sell or the solicitation of an offer to buy these ordinary shares in any circumstances under which such offer or solicitation is unlawful.
(i)
This summary highlights selected information contained elsewhere in this prospectus. This summary does not contain all the information that you should consider before deciding to invest in our ordinary shares. You should read the entire prospectus carefully, including Risk Factors and our consolidated financial statements and notes to those consolidated financial statements, before making an investment decision. In this prospectus, the terms CyberArk, we, us, our and the company refer to CyberArk Software Ltd. and its subsidiaries.
Overview
We are a global leader and pioneer of a new layer of IT security solutions that protects organizations from cyber attacks that have made their way inside the network perimeter to strike at the heart of the enterprise. Our software solution is focused on protecting privileged accounts, which have become a critical target in the lifecycle of todays cyber attacks. Privileged accounts are pervasive and act as the keys to the IT kingdom, providing complete access to, and control of, all parts of IT infrastructure, industrial control systems and critical business data. In the hands of an external attacker or malicious insider, privileged accounts allow attackers to take control of and disrupt an organizations IT and industrial control infrastructures, steal confidential information and commit financial fraud. Our comprehensive solution proactively protects privileged accounts, monitors privileged activity and detects malicious privileged behavior. Our customers use our innovative solution to introduce this new security layer to protect against, detect and respond to cyber attacks before they strike vital systems and compromise sensitive data.
Organizations worldwide are experiencing an unprecedented increase in the sophistication, scale and frequency of cyber attacks. The challenge this presents is intensified by the growing adoption of new technologies, such as cloud computing, virtualization, software-defined networking, enterprise mobility and social networking, which has resulted in increasingly complex and distributed IT environments with significantly larger attack surfaces. Organizations have historically relied upon perimeter-based threat protection solutions such as network, web and endpoint security tools as the predominant defense against cyber attacks, yet these traditional solutions have a limited ability to stop todays advanced threats. As a result, an estimated 90% of organizations have suffered a cybersecurity breach according to a 2011 survey of approximately 580 U.S. IT practitioners by the Ponemon Institute, a research center focused on privacy, data protection and information security policy. Organizations are just beginning to adapt their security strategies to address this new threat environment and are evolving their approaches based on the assumption that their network perimeter has been or will be breached. They are therefore increasingly implementing new layers of security inside the network to disrupt attacks before they result in the theft of confidential information or other serious damage. Regulators are also continuing to mandate rigorous new compliance standards and audit requirements in response to this evolving threat landscape.
We believe that the implementation of a privileged account security solution is one of the most critical layers of an effective security strategy. Privileged accounts represent one of the most vulnerable aspects of an organizations IT infrastructure. Privileged accounts are used by system administrators, third-party and cloud service providers, applications and business users, and they exist in nearly every connected device, server, hypervisor, operating system, database, application and industrial control system. Due to the broad access and control they provide, exploiting privileged accounts has become a critical stage of the cyber attack lifecycle. The typical cyber attack involves attackers effecting an initial breach, escalating privileges to access target systems, moving laterally through the IT infrastructure to identify valuable targets, and exfiltrating, or stealing, the desired information. According to Mandiant, credentials of authorized users were hijacked in 100% of the breaches that Mandiant investigated, and privileged accounts were targeted whenever possible.
1
We have architected our solution from the ground up to address the challenges of protecting privileged accounts and an organizations sensitive information. Our solution provides proactive protection against cyber attacks from both external and internal sources and allows for real-time detection and neutralization of such threats. It can be deployed in traditional on-premise data centers, cloud environments and industrial control systems. Our innovative software solution is the result of over 15 years of research and expertise, combined with valuable knowledge we have gained from working with our diverse population of customers.
Our Privileged Account Security Solution is built on our shared technology platform and consists of several products:
| Enterprise Password Vault: proactively protects and manages all privileged accounts across an entire organization |
| SSH Key Manager: securely stores, rotates and controls access to SSH keys to prevent unauthorized access to privileged accounts |
| Privileged Session Manager: enables live monitoring and command-line keystroke level recording of privileged sessions, isolates the target asset from malware and establishes a single point of control for all privileged activity |
| Application Identity Manager: secures application to application interfaces by enabling proactive controls on privileged credentials embedded in applications, service accounts and scripts |
| On-Demand Privileges Manager: limits the breadth of access of administrative accounts by restricting the use of specified commands and functions |
| Privileged Threat Analytics: profiles and analyzes individual privileged user behavior and creates prioritized alerts when abnormal activity is detected |
As of December 31, 2014, we had approximately 1,800 customers, including approximately 40% of the Fortune 100 and approximately 18% of the Global 2000. We define a customer to include a distinct entity, division or business unit of a company. Our customers include leading enterprises in a diverse set of industries, including energy and utilities, financial services, healthcare, manufacturing, retail, technology and telecommunications, as well as government agencies. We sell our solution through a high touch, channel fulfilled hybrid sales model that combines the leverage of channel sales with the account control of direct sales, and therefore provides us with significant opportunities to grow our current customer base. This approach allows us to maintain close relationships with our customers and benefit from the global reach of our channel partners. Additionally, we are enhancing our product offerings and go-to-market strategy by establishing technology alliances within the IT infrastructure and security vendor ecosystem.
Our business has rapidly grown in recent years. During 2012, 2013 and 2014, our revenues were $47.2 million, $66.2 million and $103.0 million, respectively, representing year-over-year growth of 40.1% and 55.7% in 2013 and 2014, respectively. Our net income for 2012, 2013 and 2014 was $7.9 million, $6.6 million and $10.0 million, respectively.
Industry Overview
The recent increase in sophisticated, targeted security threats by both external attackers and malicious insiders, along with an increase in the attack surface due to the growing complexity and distributed nature of IT environments, have made it extremely challenging for enterprises and governments around the world to protect their sensitive information. These challenges are driving the need for a new layer of security that complements traditional threat protection technologies by securing access to privileged accounts and preventing the exploitation of organizations critical systems and data.
2
Privileged accounts represent one of the most vulnerable aspects of an organizations IT infrastructure. Privileged escalation is a critical stage of the cyber attack because, if privileged credentials are compromised, the attacker is able to move closer to sensitive data while remaining undetected. Todays advanced cyber attacks are typically designed to evade traditional threat prevention technologies that are focused on protecting the perimeter from outside breach. Furthermore, compliance requirements continue to become more stringent in response to the complex and evolving threat landscape.
Challenges in Protecting Privileged Accounts
The increasing sophistication, scale and frequency of advanced cyber attacks challenge traditional cybersecurity methods and create a need for a comprehensive approach to securing privileged accounts from use by external or internal attackers to gain access to and exploit an organizations confidential data and IT systems. Such an approach must address a range of challenges presented by privileged accounts, including:
| traditional security solutions limited ability to protect privileged credentials and critical assets from cyber attacks; |
| insufficient visibility and lack of automation in the management of privileged accounts; |
| inability to monitor and audit all privileged activity; |
| inadequate or delayed response time in detecting malicious and high risk behaviors; and |
| limited scalability of existing point solutions. |
Our Solution
Our Privileged Account Security Solution provides organizations with the following benefits:
| Comprehensive platform for proactive protection of privileged credentials and target assets from cyber attacks. Our comprehensive solution for privileged account security enables our customers to proactively protect against and automatically detect and respond to in-progress cyber attacks before they strike vital systems and compromise sensitive data. Our unified solution to these previously disparate security needs enables our customers to preemptively remediate vulnerabilities and improve their security effectiveness from a central command and control point. |
| Automatic identification and understanding of the scope of privileged account risk. Our solution automatically detects privileged accounts across the enterprise and helps customers visualize the resulting compliance gaps and security vulnerabilities. This automated process reduces the time-consuming and error-prone task of manually tracking and updating privileged credentials, thereby decreasing IT operational costs. This enhanced visibility significantly improves the security posture of our customers and facilitates adherence to rigorous audit and compliance standards. |
| Continuous monitoring, recording and secure storage of privileged account activity. Our solution monitors, collects and records individual privileged session activity down to every mouse click and keystroke. It also provides highly secure storage of privileged session recordings, robust search capabilities and full forensics records to facilitate a more rapid and precise response to malicious activity. |
| Real-time detection, alerting and response to malicious privileged activity. Our Privileged Threat Analytics product uses proprietary algorithms to profile and analyze individual privileged user behavior and creates prioritized alerts in real-time when abnormal activity is detected. This allows our customers incident response teams to investigate and prioritize threatening activity and respond by terminating the active session. |
3
| Purpose-built solution, architected for privileged account security. Our Digital Vault offers multiple layers of security including robust segregation of duties, a secure proprietary communications protocol and military-grade encryption. Our Privileged Session Manager product establishes a single point of control for all privileged activity, effectively decreasing the attack surface by providing only proxy-based access to IT assets through our platform. |
| Scalable and flexible platform that enables modular deployment. Our solution is scalable and flexible to enable deployment in large-scale distributed environments for on-premise, cloud environments and industrial control systems. Our solution enables enterprises to leverage their existing investments with out of the box support for many devices, networks, applications and servers, including web sites and social media. |
Our Market Opportunity
We believe that the security market is in the midst of a significant transition as enterprises are investing in a new generation of security solutions to help protect them against todays sophisticated and targeted cyber threats from both external attackers and malicious insiders. Gartner estimates that by 2020, 60% of enterprise information security budgets will be allocated to rapid detection and response approaches, up from less than 10% in 2014. Recognizing that traditional perimeter-based threat protection solutions are not sufficient to protect against todays advanced cyber threats, enterprises are investing in security solutions within the datacenter to protect the inside of their networks. According to a 2012 report by International Data Corporation (IDC), worldwide spending on datacenter security solutions was $10.7 billion in 2011 and is expected to grow to $16.5 billion by 2016, representing a compound annual growth rate of 9.3%. According to the same report, worldwide spending for IT security solutions was $28.4 billion in 2011 and is expected to grow to $40.8 billion in 2016, representing a compound annual growth rate of 7.6%.
We believe that privileged account security is a new, critical layer of security that is benefitting from this transition. Privileged accounts represent one of the most vulnerable aspects of an organizations IT infrastructure and exist in nearly every connected device, server, hypervisor, operating system, database, application and industrial control system throughout on-premise and cloud-based datacenters. As a result, we believe that an increasing portion of the IT security budget, and specifically datacenter security spend, will be allocated for privileged account security solutions.
Our Competitive Strengths
Our mission is to protect the heart of the enterprise from advanced cyber attacks. We have established a leadership position in protecting high-value data and critical IT assets by securing privileged accounts, and have several key competitive strengths including:
| Trusted expert in privileged account security. We are a recognized brand name and a leader in privileged account security, protecting organizations worldwide against external threats that have already penetrated the perimeter, as well as threats that originate from within the perimeter by malicious or careless insiders. |
| Technology leader driven by vision and focus on innovation. Our history of innovation is the cornerstone of our technology leadership. We pioneered Digital Vault technology and introduced patented technology for application identity management, secure connectivity for remote vendors, integrated privileged activity monitoring, private and public cloud privileged account management and privileged threat analytics. |
| Global reach driven by direct and indirect sales organization. We have a broadly dispersed global hybrid sales channel as evidenced by our existing customer implementations in 65 countries, a broad network of over 200 channel and technology alliance partners worldwide, and local presence in more than 20 countries. |
4
| Strong management team with significant IT security expertise. We have a highly talented management team and a strong research and development organization with significant IT security expertise from past experience in leading IT security companies and Israels military technology units. |
| Corporate culture committed to our customers success. Our commitment to our customers success is ingrained in our business strategy and is brought to life through constant customer interactions, employee functions and our engaging annual customer conferences attended by hundreds of customers and channel partners. |
Our Growth Strategy
Our goal is to be the global leader in IT security solutions that protect organizations from cyber attacks that have made their way inside the network perimeter to strike at the heart of the enterprise. The key elements of our strategy to extend our global leadership include:
| continue innovating and enhancing our solution; |
| growing our customer base; |
| further penetrating our existing customer base; |
| continuing to expand our global presence by leveraging systems integrators and distribution partnerships; and |
| selectively pursuing strategic transactions. |
Risks Associated With Our Business
Investing in our ordinary shares involves risks. You should carefully consider the risks described in Risk Factors beginning on page 11 before making a decision to invest in our ordinary shares. If any of these risks actually occur, our business, financial condition or results of operations would likely be materially adversely affected. In such case, the trading price of our ordinary shares would likely decline, and you may lose all or part of your investment. The following is a summary of some of the principal risks we face:
| The IT security market is rapidly evolving within the increasingly challenging cyber threat landscape. If the industry does not continue to develop as we anticipate, our sales will not grow as quickly as expected and our share price could decline. |
| If we fail to effectively manage our growth, our business and operations will be negatively affected, and as we invest in the growth of our business, we expect our operating and net profit margins to decline in the near-term. |
| Our quarterly results of operations may fluctuate for a variety of reasons, including our failure to close significant sales before the end of a particular quarter. |
| Our reputation and business could be harmed based on real or perceived shortcomings, defects or vulnerabilities in our solution or the failure of our solution to meet customers expectations. |
| If we are unable to acquire new customers, our future revenues and operating results will be harmed. |
| If we are unable to sell additional products and services to our existing customers, our future revenues and operating results will be harmed. |
| We face intense competition from IT security vendors, some of which are larger and better known than we are, and we may lack sufficient financial or other resources to maintain or improve our competitive position. |
5
| If our internal network system is compromised by cyber attackers or other data thieves, public perception of our products and services will be harmed. |
Corporate Information
We are incorporated under the laws of the State of Israel. Our principal executive offices are located at 94 Em-Hamoshavot Road, Park Ofer, P.O. Box 3143, Petach Tikva 4970602, Israel, and our telephone number is +972 (3) 918-0000. Our website address is www.cyberark.com. Information contained on, or that can be accessed through, our website does not constitute a part of this prospectus and is not incorporated by reference herein. We have included our website address in this prospectus solely for informational purposes. Our agent for service of process in the United States is Cyber-Ark Software, Inc., located at 60 Wells Avenue, Suite 103, Newton, MA 02459, and our telephone number is (617) 965-1544.
Throughout this prospectus, we refer to various trademarks, service marks and trade names that we use in our business. The CyberArk design logo is the property of CyberArk Software Ltd. CyberArk® is our registered trademark in the United States. We have several other trademarks, service marks and pending applications relating to our products. In particular, although we have omitted the ® and trademark designations in this prospectus from each reference to Cyber-Ark DNA, Inter-Business Vault, Network Vault, Password Vault, Privileged Session Manager and Vaulting Technology, all rights to such trademarks are nevertheless reserved. Other trademarks and service marks appearing in this prospectus are the property of their respective holders.
6
The Offering
Ordinary shares offered by the selling shareholders |
ordinary shares |
Ordinary shares to be outstanding after this offering |
ordinary shares |
Underwriters option |
The selling shareholders have granted the underwriters an option for a period of 30 days after the date of this prospectus to purchase up to additional ordinary shares. |
Use of proceeds |
The selling shareholders will receive all net proceeds from the sale of ordinary shares in this offering. We will not receive any of the proceeds from the sale of ordinary shares by the selling shareholders. See Use of Proceeds, Principal and Selling Shareholders and Underwriting (Conflicts of Interest). |
Risk factors |
See Risk Factors and other information included in this prospectus for a discussion of factors you should carefully consider before deciding to invest in our ordinary shares. |
NASDAQ Global Select Market symbol |
CYBR |
Conflicts of interest |
Goldman, Sachs & Co. and/or its affiliates own in the aggregate in excess of 10% of our issued and outstanding ordinary shares. In addition, it is expected that by selling shares in this offering Goldman, Sachs & Co. and/or its affiliates will receive more than 5% of the net proceeds of the offering not including underwriting compensation. As a result, Goldman, Sachs & Co. is deemed to have a conflict of interest with us within the meaning of Rule 5121 of the Financial Industry Regulatory Authority (Rule 5121). Accordingly, this offering will be made in compliance with the applicable provisions of Rule 5121. In accordance with that rule, the appointment of a qualified independent underwriter is not required in connection with this offering because a bona fide public market exists for our ordinary shares. Any underwriter that has a conflict of interest pursuant to Rule 5121 will not confirm sales to accounts in which it exercises discretionary authority without the prior written consent of the customer. See Underwriting (Conflicts of Interest). |
The number of ordinary shares to be outstanding after this offering and, unless otherwise indicated, the information in this prospectus (1) are based on 30,501,352 ordinary shares outstanding as of December 31, 2014 and excludes (a) 4,776,985 ordinary shares reserved for issuance under our share option plans as of December 31, 2014, of which there were outstanding options to purchase 4,564,764 shares at a weighted average exercise price of $2.57 per share and 27,960 unvested restricted stock units, or RSUs, and (b) 15,000 ordinary shares underlying warrants issued to an Israeli non-profit organization with an exercise price of $2.21 per share, and (2) give effect to the issuance of ordinary shares pursuant to the exercise of options by certain of the selling shareholders in this offering.
Unless otherwise indicated, this prospectus assumes (1) no exercise of the underwriters option to purchase up to additional ordinary shares from the selling shareholders and (2) no exercise of outstanding options or outstanding warrants after December 31, 2014, other than options to purchase shares exercised by
7
selling shareholders at a weighted average exercise price of $ per share in connection with this offering, which shares are reflected in the number of ordinary shares to be outstanding after this offering.
Summary Consolidated Financial Data
The following tables set forth our summary consolidated financial data. You should read the following summary consolidated financial and other data in conjunction with Selected Consolidated Financial Data, Managements Discussion and Analysis of Financial Condition and Results of Operations and our consolidated financial statements and related notes included elsewhere in this prospectus. Historical results are not necessarily indicative of the results that may be expected in the future. Our financial statements have been prepared in accordance with U.S. Generally Accepted Accounting Principles, or U.S. GAAP.
The summary consolidated statements of operations data for each of the years in the three-year period ended December 31, 2014 and the consolidated balance sheet data as of December 31, 2013 and 2014 are derived from our audited consolidated financial statements appearing elsewhere in this prospectus.
Year ended December 31, | ||||||||||||
2012 | 2013 | 2014 | ||||||||||
(in thousands, except share and per share amounts) |
||||||||||||
Consolidated Statements of Operations: |
||||||||||||
Revenues: |
||||||||||||
License |
$ | 27,029 | $ | 38,907 | $ | 61,320 | ||||||
Maintenance and professional services |
20,179 | 27,250 | 41,679 | |||||||||
|
|
|
|
|
|
|||||||
Total revenues |
47,208 | 66,157 | 102,999 | |||||||||
|
|
|
|
|
|
|||||||
Cost of revenues: |
||||||||||||
License |
1,002 | 1,216 | 2,654 | |||||||||
Maintenance and professional services |
5,922 | 7,860 | 12,053 | |||||||||
|
|
|
|
|
|
|||||||
Total cost of revenues(1) |
6,924 | 9,076 | 14,707 | |||||||||
|
|
|
|
|
|
|||||||
Gross profit |
40,284 | 57,081 | 88,292 | |||||||||
|
|
|
|
|
|
|||||||
Operating expenses: |
||||||||||||
Research and development(1) |
7,273 | 10,404 | 14,400 | |||||||||
Sales and marketing(1) |
22,081 | 32,840 | 44,943 | |||||||||
General and administrative(1) |
3,297 | 4,758 | 8,495 | |||||||||
|
|
|
|
|
|
|||||||
Total operating expenses |
32,651 | 48,002 | 67,838 | |||||||||
|
|
|
|
|
|
|||||||
Operating income |
7,633 | 9,079 | 20,454 | |||||||||
Financial income (expenses), net |
4 | (1,124 | ) | (5,988 | ) | |||||||
|
|
|
|
|
|
|||||||
Income before taxes on income |
7,637 | 7,955 | 14,466 | |||||||||
Taxes on income (benefit) |
(225 | ) | 1,320 | 4,512 | ||||||||
|
|
|
|
|
|
|||||||
Net income |
$ | 7,862 | $ | 6,635 | $ | 9,954 | ||||||
|
|
|
|
|
|
|||||||
Basic net income per ordinary share(2) |
$ | 0.51 | $ | 0.25 | $ | 0.46 | ||||||
|
|
|
|
|
|
|||||||
Diluted net income per ordinary share(2) |
$ | 0.31 | $ | 0.14 | $ | 0.34 | ||||||
|
|
|
|
|
|
|||||||
Weighted average number of ordinary shares used in computing basic net income per ordinary share(2) |
6,592,997 | 6,900,433 | 13,335,059 | |||||||||
|
|
|
|
|
|
|||||||
Weighted average number of ordinary shares used in computing diluted net income per ordinary share(2) |
25,245,790 | 10,765,914 | 29,704,730 | |||||||||
|
|
|
|
|
|
8
As of December 31, | ||||||||||||
2012 | 2013 | 2014 | ||||||||||
(in thousands) | ||||||||||||
Consolidated Balance Sheet Data: |
||||||||||||
Cash, cash equivalents and short-term bank deposits |
$ | 45,995 | $ | 65,368 | $ | 177,181 | ||||||
Deferred revenue, current and long-term |
15,068 | 24,478 | 32,160 | |||||||||
Working capital(3) |
41,448 | 51,547 | 160,617 | |||||||||
Total assets |
64,379 | 89,632 | 210,552 | |||||||||
Preferred share warrant liability |
688 | 2,134 | | |||||||||
Total shareholders equity |
38,494 | 45,846 | 155,008 |
Year ended December 31, | ||||||||||||
2012 | 2013 | 2014 | ||||||||||
(in thousands) | ||||||||||||
Supplemental Financial Data: |
||||||||||||
Non-GAAP operating income(4) |
$ | 7,917 | $ | 9,482 | $ | 22,027 | ||||||
Non-GAAP net income(4) |
8,322 | 8,484 | 15,836 | |||||||||
Net cash provided by operating activities |
13,657 | 20,159 | 23,840 |
(1) | Includes share-based compensation expense as follows: |
Year ended December 31, | ||||||||||||
2012 | 2013 | 2014 | ||||||||||
(in thousands) | ||||||||||||
Cost of revenues |
$ | 32 | $ | 39 | $ | 137 | ||||||
Research and development |
58 | 73 | 172 | |||||||||
Sales and marketing |
81 | 126 | 347 | |||||||||
General and administrative |
113 | 165 | 917 | |||||||||
|
|
|
|
|
|
|||||||
Total share-based compensation expenses |
$ | 284 | $ | 403 | $ | 1,573 | ||||||
|
|
|
|
|
|
(2) | Basic and diluted net income per ordinary share is computed based on the weighted average number of ordinary shares outstanding during each period. For additional information, see note 10 to our consolidated financial statements included elsewhere in this prospectus. |
(3) | We define working capital as total current assets minus total current liabilities. |
9
(4) | Non-GAAP operating income and non-GAAP net income are non-GAAP financial measures. We define non-GAAP operating income as operating income excluding share-based compensation expense. We define non-GAAP net income as net income excluding (i) share-based compensation expense, and (ii) financial expenses resulting from the revaluation of warrants to purchase preferred shares. Because of varying available valuation methodologies, subjective assumptions and the variety of equity instruments that can impact a companys non-cash expense, we believe that providing non-GAAP financial measures that exclude non-cash share-based compensation expense allows for more meaningful comparisons between our operating results from period to period. In addition, we believe that excluding financial expenses with respect to revaluation of warrants to purchase preferred shares allows for more meaningful comparison between our net income from period to period. As these warrants were exercised in connection with our initial public offering, they will no longer be revalued at each balance sheet date. Each of our non-GAAP financial measures is an important tool for financial and operational decision making and for evaluating our operating results over different periods of time. The following tables reconcile operating income and net income, the most directly comparable U.S. GAAP measure, to non-GAAP operating income and non-GAAP net income for the periods presented: |
Year ended December 31, | ||||||||||||
2012 | 2013 | 2014 | ||||||||||
(in thousands) | ||||||||||||
Reconciliation of Operating Income to Non-GAAP Operating Income: |
||||||||||||
Operating income |
$ | 7,633 | $ | 9,079 | $ | 20,454 | ||||||
Share-based compensation |
284 | 403 | 1,573 | |||||||||
|
|
|
|
|
|
|||||||
Non-GAAP operating income |
$ | 7,917 | $ | 9,482 | $ | 22,027 | ||||||
|
|
|
|
|
|
Year ended December 31, | ||||||||||||
2012 | 2013 | 2014 | ||||||||||
(in thousands) | ||||||||||||
Reconciliation of Net Income to Non-GAAP Net Income: |
||||||||||||
Net income |
$ | 7,862 | $ | 6,635 | $ | 9,954 | ||||||
Share-based compensation |
284 | 403 | 1,573 | |||||||||
Warrant adjustment |
176 | 1,446 | 4,309 | |||||||||
|
|
|
|
|
|
|||||||
Non-GAAP net income |
$ | 8,322 | $ | 8,484 | $ | 15,836 | ||||||
|
|
|
|
|
|
For a description of how we use non-GAAP operating income and non-GAAP net income to evaluate our business, see Managements Discussion and Analysis of Financial Condition and Results of OperationsKey Financial Metrics. We believe that these non-GAAP financial measures are useful in evaluating our business because of varying available valuation methodologies, subjective assumptions and the variety of equity instruments that can impact a companys non-cash expenses, and we believe that providing non-GAAP operating income and non-GAAP net income that exclude share-based compensation expenses and warrant awards allows for more meaningful comparisons between our operating results from period to period.
Other companies, including companies in our industry, may calculate non-GAAP operating and non-GAAP net income differently or not at all, which reduces their usefulness as a comparative measure. You should consider non-GAAP operating income and non-GAAP net income along with other financial performance measures, including operating income and net income, and our financial results presented in accordance with U.S. GAAP.
10
This offering and an investment in our ordinary shares involve a high degree of risk. You should consider carefully the risks described below and all other information contained in this prospectus before you decide to buy our ordinary shares. If any of the following risks actually occur, our business, financial condition and results of operations could be materially and adversely affected. In that event, the trading price of our ordinary shares would likely decline and you might lose all or part of your investment.
Risks Related to Our Business and Our Industry
The IT security market is rapidly evolving within the increasingly challenging cyber threat landscape. If the industry does not continue to develop as we anticipate, our sales will not grow as quickly as expected and our share price could decline.
We operate in a rapidly evolving industry focused on securing organizations IT systems and sensitive business data. Our solution focuses on safeguarding privileged accounts, which are those accounts within an organization that give the user high levels of access, or privileged access, to IT systems, infrastructure, industrial control systems, applications and data. While breaches of such privileged accounts have gained media attention in recent years, IT security spending within enterprises is often concentrated on endpoint and web security products designed to stop threats from penetrating corporate networks. Organizations that use these security products may allocate all or most of their IT security budgets to these products and may not adopt our solution in addition to such products. Further, a security solution such as ours, which is focused on disrupting cyber attacks by insiders and external perpetrators that have penetrated the organizations perimeter, is a relatively new technology that has been developed to respond to advanced threats and more rigorous compliance standards and audit requirements. However, advanced cyber attackers are skilled at adapting to new technologies and developing new methods of gaining access to organizations sensitive business data. Changes in the nature of advanced cyber threats could result in a shift in IT budgets away from solutions such as ours. In addition, any changes in compliance standards or audit requirements that deemphasize the types of controls, storage, monitoring and analysis that our solution provides would adversely impact demand for our offerings. It is therefore difficult to predict how large the market will be for our solution. If solutions such as ours are not viewed by organizations as necessary, or if customers do not recognize the benefit of our solution as a critical layer of an effective security strategy, then our revenues may not grow as quickly as expected, or may decline, and our share price could suffer.
If we fail to effectively manage our growth, our business and operations will be negatively affected, and as we invest in the growth of our business, we expect our operating and net profit margins to decline in the near-term.
We have experienced significant growth in a relatively short period of time and intend to continue to aggressively grow our business. Our revenues grew from $47.2 million in 2012 to $103.0 million in 2014. Our headcount has increased from 239 as of December 31, 2012 to 430 as of December 31, 2014, and we plan to hire additional employees in 2015 across all areas of the organization. Our rapid growth has placed significant demands on our management, sales and operational and financial infrastructure, and our growth will continue to place significant demands on these resources. Further, in order to manage our current and future growth effectively, we must continue to improve and expand our IT and financial infrastructure, operating and administrative systems and controls and efficiently manage headcount, capital and processes. We may not be able to successfully implement these improvements in a timely or efficient manner, and our failure to do so may materially impact our projected growth rate.
As we invest in the growth of our business, our operating and net profit margins and our operating and net income have declined in recent periods compared to prior periods and we expect this trend to continue in the near-term, primarily as a result of the costs associated with expanding our direct and indirect sales forces, our
11
increased rate of investment in research and development and our increased administrative costs in connection with becoming a public company. We expect that these invested costs will adversely impact our operating and net profit margins since it will take time and resources to train and integrate new sales force members and to comply with public company reporting and regulatory requirements. In addition, costs associated with adding new personnel to our sales force are expensed before their positive impact on our sales is recognized, and even then a significant portion of any revenues that they generate from maintenance and professional services are deferred over the delivery period of those services. A failure to meet market expectations regarding our revenues and profitability could have an adverse effect on our share price.
Our quarterly results of operations may fluctuate for a variety of reasons, including our failure to close significant sales before the end of a particular quarter.
A meaningful portion of our revenues is generated by significant sales to new customers and sales of additional products to existing customers. Purchases of our products and services often occur at the end of each quarter, particularly in the last quarter of the year. In addition, our sales cycle can last several months from proof of concept to delivery of our solution to our customers, and this sales cycle can be even longer, less predictable and more resource-intensive for larger sales. Customers may also require additional internal approvals or seek to test our products for a longer trial period before deciding to purchase our solution. As a result, the timing of individual sales can be difficult to predict. In some cases, sales have occurred in a quarter subsequent to those we anticipated, or have not occurred at all, which can significantly impact our quarterly results and make it more difficult to meet market expectations. Furthermore, even if we close a sale during a given quarter we may be unable to recognize the revenues derived from such sale during the same period due to our revenue recognition policy. See Managements Discussion and Analysis of Financial Condition and Results of OperationsApplication of Critical Accounting Policies and EstimatesRevenue Recognition.
In addition to the sales cycle-related fluctuations noted above, our results of operations will continue to vary as a result of a number of factors, many of which are outside of our control and may be difficult to predict, including:
| our ability to attract and retain new customers; |
| our ability to sell additional products to current customers; |
| changes in customer or channel partner requirements or market needs; |
| changes in the growth rate of the information security market; |
| the timing and success of new product and service introductions by us or our competitors or any other change in the competitive landscape of the information security market, including consolidation among our customers or competitors; |
| a disruption in, or termination of, our relationship with channel partners; |
| our ability to successfully expand our business globally; |
| reductions in maintenance renewal rates; |
| changes in our pricing policies or those of our competitors; |
| general economic conditions in our markets; |
| future accounting pronouncements or changes in our accounting policies or practices; |
| the amount and timing of our operating costs; |
| a change in our mix of products and services; and |
| increases or decreases in our expenses caused by fluctuations in foreign currency exchange rates. |
12
Any of the above factors, individually or in the aggregate, may result in significant fluctuations in our financial and other operating results from period to period. These fluctuations could result in our failure to meet our operating plan or the expectations of investors or analysts for any period. If we fail to meet such expectations for these or other reasons, the market price of our ordinary shares could fall substantially, and we could face costly lawsuits, including securities class action suits.
Our reputation and business could be harmed based on real or perceived shortcomings, defects or vulnerabilities in our solution or the failure of our solution to meet customers expectations.
Organizations are facing increasingly sophisticated and targeted cyber threats, including the growing threat of cyber terrorism throughout the world. If we fail to identify and respond to new and increasingly complex methods of attack and update our products to detect or prevent such threats, our business and reputation will suffer. In particular, we may suffer significant adverse publicity and reputational harm if a significant breach occurs generally or if any breach occurs at a high profile customer. Moreover, as our solution is adopted by an increasing number of enterprises and governmental entities, it is possible that attackers will begin to focus on finding ways to defeat our solution. An actual or perceived security breach or theft of our customers sensitive business data, regardless of whether the breach or theft is attributable to the failure of our products, could adversely affect the markets perception of the efficacy of our solution and current or potential customers may look to our competitors for alternatives to our solution. The failure of our products may also subject us to lawsuits and financial losses stemming from indemnification of our partners and other third parties, as well as the expenditure of significant financial resources to analyze, correct or eliminate any vulnerabilities. It could also cause us to suffer reputational harm, lose existing customers or deter them from purchasing additional products and services and prevent new customers from purchasing our solution.
False detection of threats, while typical in our industry, may reduce perception of the reliability of our products and may therefore adversely impact market acceptance of our products. If our solution restricts legitimate privileged access by authorized personnel to IT systems and applications by falsely identifying those users as an attack or otherwise unauthorized, our customers business could be harmed. There can be no assurance that, despite testing by us, errors will not be found in existing and new versions of our products, resulting in loss of or delay in market acceptance. In such an event, we may be required, or may choose, for customer relations or other reasons, to expend additional resources in order to help correct the problem.
If we are unable to acquire new customers, our future revenues and operating results will be harmed.
Our success depends on our ability to acquire new customers. The number of customers that we add in a given period impacts both our short-term and long-term revenues. If we are unable to attract a sufficient number of new customers, we may be unable to generate revenue growth at desired rates. The IT security market is competitive and many of our competitors have substantial financial, personnel, and other resources that they utilize to develop products and attract customers. As a result, it may be difficult for us to add new customers to our customer base. Competition in the marketplace may also lead us to win fewer new customers or result in us providing discounts and other commercial incentives. Additional factors that impact our ability to acquire new customers include the perceived need for IT security, the size of our prospective customers IT budgets, the utility and efficacy of our existing and new offerings, whether proven or perceived, and general economic conditions. These factors may have a meaningful negative impact on future revenues and operating results.
If we are unable to sell additional products and services to our existing customers, our future revenues and operating results will be harmed.
A significant portion of our revenues are generated from sales to existing customers. Our future success depends, in part, on our ability to continue to sell new licenses and incremental licenses to our existing customers. We devote significant efforts to developing, marketing and selling additional licenses and associated maintenance and support to existing customers and rely on these efforts for a portion of our revenues. These
13
efforts require a significant investment in building and maintaining customer relationships, as well as significant research and development efforts in order to provide product upgrades and launch new products. The rate at which our existing customers purchase additional products and services depends on a number of factors, including the perceived need for additional IT security, the efficacy of our solutions and the utility of our new offerings, whether proven or perceived, our customers IT budgets, general economic conditions, our customers overall satisfaction with the maintenance and professional services we provide and the continued growth and economic health of our customer base to require incremental users and servers to be covered. If our efforts to sell additional products and services to our customers are not successful, our future revenues and operating results will be harmed.
We face intense competition from IT security vendors, some of which are larger and better known than we are, and we may lack sufficient financial or other resources to maintain or improve our competitive position.
The IT security market in which we operate is characterized by intense competition, constant innovation and evolving security threats. We compete with companies that offer a broad array of IT security products. Our current and potential future competitors include CA, Inc., Dell Inc., International Business Machines Corporation and Oracle Corporation in the access and identity management market, and may also include providers of advanced threat protection solutions such as Hewlett-Packard Company, EMC Corporation, International Business Machines Corporation, FireEye, Inc., Splunk Inc. and Palo Alto Networks, Inc. and other smaller companies that offer point solutions with a more limited range of functionality than our own offerings. Some of our competitors are large companies that have the technical and financial resources and broad customer bases needed to bring competitive solutions to the market and already have existing relationships as a trusted vendor for other products. Such companies may use these advantages to offer products and services that are perceived to be as effective as ours at a lower price or for free as part of a larger product package or solely in consideration for maintenance and services fees. They may also develop different products to compete with our current solution and respond more quickly and effectively than we do to new or changing opportunities, technologies, standards or client requirements. Additionally, from time to time we may compete with smaller regional vendors that offer products with a more limited range of capabilities that purport to perform functions similar to our solution. Such companies may enjoy stronger sales and service capabilities in their particular regions.
Our competitors may enjoy potential competitive advantages over us, such as:
| greater name recognition, a longer operating history and a larger customer base, notwithstanding the increased visibility of our brand following our initial public offering; |
| larger sales and marketing budgets and resources; |
| broader distribution and established relationships with channel and distribution partners and customers; |
| greater customer support resources; |
| greater resources to make acquisitions; |
| larger intellectual property portfolios; and |
| greater financial, technical and other resources. |
Our current and potential competitors may also establish cooperative relationships among themselves or with third parties that may further enhance their resources. Current or potential competitors may be acquired by third parties with greater available resources. As a result of such acquisitions, our current or potential competitors might be able to adapt more quickly to new technologies and customer needs, devote greater resources to the promotion or sale of their products and services, initiate or withstand substantial price competition, take advantage of other opportunities more readily or develop and expand their product and service offerings more quickly than we do. Larger competitors with more diverse product offerings may reduce the price of products that compete with ours in order to promote the sale of other products or may bundle them with other products, which would lead to increased pricing pressure on our products and could cause the average sales prices for our products to decline.
14
In addition, other IT security technologies exist or could be developed in the future by current or future competitors, and our business could be materially and adversely affected if such technologies are widely adopted.
We may not be able to successfully anticipate or adapt to changing technology or customer requirements on a timely basis, or at all. If we fail to keep up with technological changes or to convince our customers and potential customers of the value of our solution even in light of new technologies, our business, results of operations and financial condition could be materially and adversely affected.
If our internal network system is compromised by cyber attackers or other data thieves, public perception of our products and services will be harmed.
We will not succeed unless the marketplace is confident that we provide effective IT security protection. We provide privileged account security products, and as such we may be an attractive target for attacks by cyber attackers or other data thieves since a breach of our system could provide data information regarding not only us, but potentially regarding the customers that our solution protects. As a result of our recent initial public offering, we have enjoyed increased visibility as a company, which could have the effect of attracting the attention of more hackers than would otherwise target us for data theft. Further, we may be targeted by cyber terrorists because we are an Israeli company. If we experience an actual or perceived breach of our network or privileged account security in our internal systems, it could adversely affect the market perception of our products and services. In addition, we may need to devote more resources to address security vulnerabilities in our solution, and the cost of addressing these vulnerabilities could reduce our operating margins. If we do not address security vulnerabilities or otherwise provide adequate security features in our products, certain customers, particularly government customers, may delay or stop purchasing our products. Further, a security breach could impair our ability to operate our business, including our ability to provide maintenance and support services to our customers. If this happens, our revenues could decline and our business could suffer.
If we do not effectively expand, train and retain our sales force, we may be unable to acquire new customers or sell additional products and services to existing customers, and our business will suffer.
We depend significantly on our sales force to attract new customers and expand sales to existing customers. We generate approximately 50% of our revenues from direct sales. As a result, our ability to grow our revenues depends in part on our success in recruiting, training and retaining sufficient numbers of sales personnel to support our growth, particularly in the United States. The number of our sales and marketing personnel increased from 135 as of December 31, 2013 to 202 as of December 31, 2014. We expect to continue to expand our sales and marketing personnel significantly and face a number of challenges in achieving our hiring and integration goals. There is intense competition for individuals with sales training and experience. In addition, the training and integration of a large number of sales and marketing personnel in a short time requires the allocation of significant internal resources. We invest significant time and resources in training new sales force personnel to understand our solutions and growth strategy. Based on our past experience, it takes an average of approximately six to nine months before a new sales force member operates at target performance levels. However, we may be unable to achieve or maintain our target performance levels with large numbers of new sales personnel as quickly as we have done in the past. Our failure to hire a sufficient number of qualified sales force members and train them to operate at target performance levels may materially and adversely impact our projected growth rate.
We rely on channel partners, including systems integrators, distributors and value-added resellers, to generate a significant portion of our revenue. If we fail to maintain successful relationships with our channel partners, or if our channel partners fail to perform, our ability to market, sell and distribute our solution will be limited, and our business, financial position and results of operations will be harmed.
In addition to our direct sales force, we rely on our channel partners to sell and support our solution, particularly in Europe and the Asia Pacific region. We expect that sales through our channel partners will continue to account for a significant percentage of our revenue. We generate approximately 50% of our revenues from sales to channel partners and we expect that channel partners will represent a substantial portion of our
15
revenues for the foreseeable future. Our agreements with channel partners are non-exclusive, meaning our partners may offer customers IT security products from other companies, including products that compete with our solution. If our channel partners do not effectively market and sell our solution, or choose to use greater efforts to market and sell their own products and services or the products and services of our competitors, our ability to grow our business will be adversely affected. Our channel partners may cease or deemphasize the marketing of our solution with limited or no notice and with little or no penalty. Further, new channel partners require training and may take several months or more to achieve productivity. The loss of a substantial number of our channel partners, the inability to replace them or the failure to recruit additional channel partners could materially and adversely affect our results of operations. Our reliance on channel partners could also subject us to lawsuits or reputational harm if, for example, a channel partner misrepresents the functionality of our solution to customers or violates laws or our corporate policies. Our ability to grow revenues in the future will depend in part on our success in maintaining successful relationships with our channel partners and training our channel partners to independently sell and install our solution. If we are unable to maintain our relationship with channel partners or otherwise develop and expand our indirect sales channel, or if our channel partners fail to perform, our business, financial position and results of operations could be adversely affected.
If our products fail to help our customers achieve and maintain compliance with certain government regulations and industry standards, our business and results of operations could be materially and adversely affected.
We generate a substantial portion of our revenues from our products and services because they enable our customers to achieve and maintain compliance with certain government regulations and industry standards, and we expect that will continue for the foreseeable future. Examples of industry standards and government regulations include the Payment Card Industry Data Security Standard (PCI-DSS); the Federal Information Security Management Act (FISMA) and associated National Institute for Standards and Testing (NIST) Network Security Standards; the Sarbanes-Oxley Act of 2002; Title 21 of the U.S. Code of Federal Regulations, which governs food and drugs industries; the North American Electric Reliability Corporation Critical Infrastructure Protection Plan (NERC-CIP); the German Federal Financial Supervisory Authority (BaFin) Minimum Requirements for Risk Management; and the Monetary Authority of Singapores Technology Risk Management Notices. These industry standards may change with little or no notice, including changes that could make them more or less onerous for businesses. In addition, governments may also adopt new laws or regulations, or make changes to existing laws or regulations, that could impact whether our solution enables our customers to maintain compliance with such laws or regulations. If we are unable to adapt our solution to changing government regulations and industry standards in a timely manner, or if our solution fails to expedite our customers compliance initiatives, our customers may lose confidence in our products and could switch to products offered by our competitors. In addition, if government regulations and industry standards related to IT security are changed in a manner that makes them less onerous, our customers may view compliance as less critical to their businesses, and our customers may be less willing to purchase our products and services. In either case, our sales and financial results would suffer.
Our model for long-term growth depends upon the introduction of new products. If we are unable to develop new products or if these new products are not adopted by customers, our growth will be adversely affected.
Our business depends on the successful development and marketing of new products, including adding complementary offerings to our current products. For example, we introduced our first behavioral analytics product, Privileged Threat Analytics, in December 2013 and continued the expansion of our proactive controls monitoring and management product line with the introduction of SSH Key Manager in November 2014. Development and marketing of new products requires significant up-front research, development and other costs, and the failure of new products we develop to gain market acceptance may result in a failure to achieve future sales and adversely affect our competitive position. There can be no assurance that any of our new or future products will achieve market acceptance or generate revenues at forecasted rates or that the margins generated from their sales will allow us to recoup the costs of our development efforts.
16
Failure by us or our channel partners to maintain sufficient levels of customer support could have a material adverse effect on our business, financial condition and results of operations.
Our customers depend in large part on customer support delivered through our channel partners or by us to resolve issues relating to the use of our solution. However, even with our support and that of our channel partners, our customers are ultimately responsible for effectively using our solution and ensuring that their IT staff is properly trained in the use of our products and complementary security products. The failure of our customers to correctly use our solution, or our failure to effectively assist customers in installing our solution and providing effective ongoing support, may result in an increase in the vulnerability of our customers IT systems and sensitive business data. Additionally, if our channel partners do not effectively provide support to the satisfaction of our customers, we may be required to provide support to such customers, which would require us to invest in additional personnel, which requires significant time and resources. We may not be able to keep up with demand, particularly if the sales of our solution exceed our internal forecasts. To the extent that we or our channel partners are unsuccessful in hiring, training and retaining adequate support resources, our ability and the ability of our channel partners to provide adequate and timely support to our customers will be negatively impacted, and our customers satisfaction with our products will be adversely affected. Accordingly, our failure to provide satisfactory maintenance and technical support services could have a material and adverse effect on our business and results of operations.
If we do not successfully anticipate market needs and enhance our existing products or develop new products that meet those needs on a timely basis, we may not be able to compete effectively and our ability to generate revenues will suffer.
Our customers operate in markets characterized by rapidly changing technologies and business plans, which require them to adapt to increasingly complex IT infrastructures that incorporate a variety of hardware, software applications, operating systems and networking protocols. As our customers technologies and business plans grow more complex, we expect them to face new and increasingly sophisticated methods of attack. We face significant challenges in ensuring that our solution effectively identifies and responds to these advanced and evolving attacks without disrupting the performance of our customers IT systems. As a result, we must continually modify and improve our products in response to changes in our customers IT and industrial control infrastructures.
We cannot guarantee that we will be able to anticipate future market needs and opportunities or be able to develop product enhancements or new products to meet such needs or opportunities in a timely manner, if at all. Even if we are able to anticipate, develop and commercially introduce enhancements and new products, there can be no assurance that enhancements or new products will achieve widespread market acceptance.
Our product enhancements or new products could fail to attain sufficient market acceptance for many reasons, including:
| delays in releasing product enhancements or new products; |
| failure to accurately predict market demand and to supply products that meet this demand in a timely fashion; |
| inability to interoperate effectively with the existing or newly introduced technologies, systems or applications of our existing and prospective customers; |
| inability to protect against new types of attacks or techniques used by cyber attackers or other data thieves; |
| defects in our products, errors or failures of our solutions to secure privileged accounts; |
| negative publicity about the performance or effectiveness of our products; |
| introduction or anticipated introduction of competing products by our competitors; |
17
| installation, configuration or usage errors by our customers; |
| easing or changing of regulatory requirements related to security; and |
| reluctance of customers to purchase products incorporating open source software. |
If we fail to anticipate market requirements or fail to develop and introduce product enhancements or new products to meet those needs in a timely manner, it could cause us to lose existing customers and prevent us from gaining new customers, which would significantly harm our business, financial condition and results of operations.
If our products do not effectively interoperate with our customers existing or future IT infrastructures, installations could be delayed or cancelled, which would harm our business.
Our products must effectively interoperate with our customers existing or future IT infrastructures, which often have different specifications, utilize multiple protocol standards, deploy products from multiple vendors and contain multiple generations of products that have been added over time. If we find errors in the existing software or defects in the hardware used in our customers infrastructure or problematic network configurations or settings, we may have to modify our software so that our products will interoperate with our customers infrastructure and business processes. In addition, to stay competitive within certain markets, we may be required to make software modifications in future releases to comply with new statutory or regulatory requirements. These issues could result in longer sales cycles for our products and order cancellations, either of which would adversely affect our business, results of operations and financial condition.
Our research and development efforts may not produce successful products or enhancements to our solution that result in significant revenue or other benefits in the near future, if at all.
We expect to continue to dedicate significant financial and other resources to our research and development efforts in order to maintain our competitive position. For example, in 2014, we increased our dedicated research and development personnel by 25% compared to 2013. However, investing in research and development personnel, developing new products and enhancing existing products is expensive and time consuming, and there is no assurance that such activities will result in significant new marketable products or enhancements to our products, design improvements, cost savings, revenues or other expected benefits. If we spend significant time and effort on research and development and are unable to generate an adequate return on our investment, our business and results of operations may be materially and adversely affected.
We are subject to a number of risks associated with global sales and operations.
Business practices in the global markets that we serve may differ from those in the United States and may require us to include non-standard terms in customer contracts, such as extended payment or warranty terms. To the extent that we enter into customer contracts that include non-standard terms related to payment, warranties, or performance obligations, our results of operations may be adversely impacted.
Additionally, our global sales and operations are subject to a number of risks, including the following:
| greater difficulty in enforcing contracts and managing collections, as well as longer collection periods; |
| higher costs of doing business globally, including costs incurred in maintaining office space, securing adequate staffing and localizing our contracts; |
| fluctuations in exchange rates between the U.S. dollar and foreign currencies in markets where we do business (See We are exposed to fluctuations in currency exchange rates, which could negatively affect our financial condition and results of operations); |
| management communication and integration problems resulting from cultural and geographic dispersion; |
18
| risks associated with trade restrictions and foreign legal requirements, including any importation, certification, and localization of our platform that may be required in foreign countries; |
| greater risk of unexpected changes in regulatory practices, tariffs, and tax laws and treaties; |
| compliance with anti-bribery laws, including, without limitation, compliance with the U.S. Foreign Corrupt Practices Act and the UK Anti-Bribery Act; |
| heightened risk of unfair or corrupt business practices in certain geographies and of improper or fraudulent sales arrangements that may impact financial results and result in restatements of, or irregularities in, financial statements; |
| reduced or uncertain protection of intellectual property rights in some countries; |
| social, economic and political instability, terrorist attacks and security concerns in general; and |
| potentially adverse tax consequences. |
These and other factors could harm our ability to generate future global revenues and, consequently, materially impact our business, results of operations and financial condition.
If we are unable to adequately protect our proprietary technology and intellectual property rights, our business could suffer substantial harm.
The success of our business depends on our ability to protect our proprietary technology, brands and other intellectual property and to enforce our rights in that intellectual property. We attempt to protect our intellectual property under patent, trademark, copyright and trade secret laws, and through a combination of confidentiality procedures, contractual provisions and other methods, all of which offer only limited protection.
As of December 31, 2014, we had two issued patents in the United States and 14 pending U.S. patent applications. We also had one patent issued and 16 applications pending for examination in non-U.S. jurisdictions, and two pending Patent Cooperation Treaty patent examinations, all of which are counterparts of our U.S. patent applications. We may file additional patent applications in the future. The process of obtaining patent protection is expensive and time-consuming, and we may not be able to prosecute all necessary or desirable patent applications at a reasonable cost or in a timely manner all the way through to the successful issuance of a patent. We may choose not to seek patent protection for certain innovations and may choose not to pursue patent protection in certain jurisdictions. Furthermore, it is possible that our patent applications may not issue as granted patents, that the scope of our issued patents will be insufficient or not have the coverage originally sought, that our issued patents will not provide us with any competitive advantages, and that our patents and other intellectual property rights may be challenged by others or invalidated through administrative processes or litigation. In addition, issuance of a patent does not guarantee that we have an absolute right to practice the patented invention. Our policy is to require our employees (and our consultants and service providers that develop intellectual property included in our products) to execute written agreements in which they assign to us their rights in potential inventions and other intellectual property created within the scope of their employment (or, with respect to consultants and service providers, their engagement to develop such intellectual property), but we cannot assure you that we have adequately protected our rights in every such agreement or that we have executed an agreement with every such party. Finally, in order to benefit from the protection of patents and other intellectual property rights, we must monitor and detect infringement and pursue infringement claims in certain circumstances in relevant jurisdictions, all of which are costly and time-consuming. As a result, we may not be able to obtain adequate protection or to effectively enforce our issued patents or other intellectual property rights.
In addition to patents, we rely on trade secret rights, copyrights and other rights to protect our unpatented proprietary intellectual property and technology. Despite our efforts to protect our proprietary technologies and our intellectual property rights, unauthorized parties, including our employees, consultants, service providers or customers, may attempt to copy aspects of our products or obtain and use our trade secrets or other confidential
19
information. We generally enter into confidentiality agreements with our employees, consultants, service providers, vendors, channel partners and customers, and generally limit access to and distribution of our proprietary information and proprietary technology through certain procedural safeguards. These agreements may not effectively prevent unauthorized use or disclosure of our intellectual property or technology and may not provide an adequate remedy in the event of unauthorized use or disclosure of our intellectual property or technology. We cannot assure you that the steps taken by us will prevent misappropriation of our intellectual property or technology or infringement of our intellectual property rights. In addition, the laws of some foreign countries where we sell our products do not protect intellectual property rights and technology to the same extent as the laws of the United States, and these countries may not enforce these laws as diligently as government agencies and private parties in the United States. Based on the 2013 report on intellectual property rights protection and enforcement published by the Office of the United States Trade Representative, such countries included Ukraine (designated a priority foreign country) and Chile, China, India, Indonesia, Russia and Thailand (designated as priority watch list countries). If we are unable to protect our intellectual property, we may find ourselves at a competitive disadvantage to others who need not incur the additional expense, time and effort required to create the innovative products that have enabled us to be successful to date.
Intellectual property claims may increase our costs or require us to cease selling certain products, which could adversely affect our financial condition and results of operations.
The IT security industry is characterized by the existence of a large number of relevant patents and frequent claims and related litigation regarding patent and other intellectual property rights. In particular, leading companies in the IT security industry have extensive patent portfolios. From time to time, third-parties have asserted and may assert their patent, copyright, trademark and other intellectual property rights against us, our channel partners or our customers. Furthermore, we may be subject to indemnification obligations with respect to third-party intellectual property rights pursuant to our agreements with our channel partners or customers. Such indemnification provisions are customary for our industry. Successful claims of infringement or misappropriation by a third-party against us or a third-party that we indemnify could prevent us from distributing certain products or performing certain services or could require us to pay substantial damages (including, for example, treble damages if we are found to have willfully infringed patents and increased statutory damages if we are found to have willfully infringed copyrights), royalties or other fees. Such claims also could require us to cease making, licensing or using solutions that are alleged to infringe or misappropriate the intellectual property of others, to expend additional development resources to attempt to redesign our products or services or otherwise to develop non-infringing technology, to enter into potentially unfavorable royalty or license agreements in order to obtain the right to use necessary technologies or intellectual property rights, and to indemnify our partners and other third parties, including our customers and channel partners whom we typically indemnify against such claims. Even if third parties may offer a license to their technology, the terms of any offered license may not be acceptable, and the failure to obtain a license or the costs associated with any license could cause our business, results of operations or financial condition to be materially and adversely affected. Defending against claims of infringement or being deemed to be infringing the intellectual property rights of others could impair our ability to innovate, develop, distribute and sell our current and planned products and services. If we are unable to ensure that we are not violating the intellectual property rights of others, our financial position may be adversely affected.
Prolonged economic uncertainties or downturns could materially adversely affect our business.
Our business depends on our current and prospective customers ability and willingness to invest money in IT security, which in turn is dependent upon their overall economic health. Negative economic conditions in the global economy, including conditions resulting from financial and credit market fluctuations, could cause a decrease in corporate spending on information security software. We generated 32.2% of our revenues from Europe, the Middle East and Africa in 2014. Continuing economic challenges throughout Europe and other parts of the world may cause our customers in those locations to reevaluate decisions to purchase our solution or to delay their purchasing decisions, which could adversely impact our results of operations due to the importance of that region to us.
20
In addition, a significant portion of our revenues is generated from customers in the financial services industry, including banking and insurance. Negative economic conditions may cause customers generally and in that industry in particular to reduce their IT spending. Customers may delay or cancel IT projects, choose to focus on in-house development efforts or seek to lower their costs by renegotiating maintenance and support agreements. To the extent purchases of licenses for our software are perceived by customers and potential customers to be discretionary, our revenues may be disproportionately affected by delays or reductions in general IT spending. If the economic conditions of the general economy or industries in which we operate worsen from present levels, our results of operation could be adversely affected.
If we are unable to hire, retain and motivate qualified personnel, our business will suffer.
Our future success depends, in part, on our ability to continue to attract and retain highly skilled personnel. Our inability to attract or retain qualified personnel or delays in hiring required personnel, particularly in sales and engineering, may seriously harm our business, financial condition and results of operations. Any of our employees may terminate their employment at any time. Additionally, two of our U.S. executive officers have not signed non-compete agreements with us. Competition for highly skilled personnel is frequently intense, especially in Israel, where we are headquartered. Further, a number of our employees are substantially vested in significant share option plans, and their ability to exercise those options and sell their shares in a public market may result in a larger than normal turn-over rate. Additionally, we may struggle to retain employees because our profile, which has been raised by our recent initial public offering, may attract competitors who may then actively seek to hire skilled personnel away from us. In addition, to the extent we hire personnel from competitors, we may be subject to allegations that they have been improperly solicited or divulged proprietary or other confidential information.
We rely significantly on revenues from maintenance and support contracts, which we recognize ratably over the term of the associated contract and, to a lesser extent, from professional services contracts, which we recognize as services are delivered, and downturns in sales of these contracts are not immediately reflected in full in our quarterly operating results.
Maintenance and support and professional services revenues accounted for 40.5% of our total revenues in 2014. Sales of maintenance and support and professional services may decline or fluctuate as a result of a number of factors, including the number of product licenses we sell, our customers level of satisfaction with our products and services, the prices of our products and services, the prices of products and services offered by our competitors or reductions in our customers spending levels. If our sales of maintenance and support and professional services contracts decline, our revenues or revenue growth may decline and our business will suffer. We recognize revenues from maintenance and support contracts ratably on a straight-line basis over the term of the related contract which is typically one year and, to a lesser extent, three years, and from professional services as services are performed. As a result, a meaningful portion of the revenues we report each quarter results from the recognition of deferred revenues from maintenance and support and professional services contracts entered into during previous quarters. Consequently, a decline in the number or size of such contracts in any one quarter will not be fully reflected in revenues in that quarter, but will negatively affect our revenues in future quarters. Accordingly, the effect of significant downturns in maintenance and support and professional services contracts would not be reflected in full in our results of operations until future periods.
We are exposed to fluctuations in currency exchange rates, which could negatively affect our financial condition and results of operations.
Our functional and reporting currency is the U.S. dollar and we generate a majority of our revenues in U.S. dollars. In 2014, the majority of our revenues were denominated in U.S. dollars and the remainder primarily in euros and British pounds sterling. In 2014, the substantial majority of our cost of revenues and operating expenses were denominated in U.S. dollars and New Israeli Shekels (NIS), and the remainder primarily in euros and British pounds sterling. Our foreign currency-denominated expenses consist primarily of personnel, rent and
21
other overhead costs. Since a significant portion of our expenses is incurred in NIS and is substantially greater than our revenues in NIS, any appreciation of the NIS relative to the U.S. dollar would adversely impact our net loss or net income, as relevant. In addition, since the portion of our revenues generated in euros is significantly greater than our expenses incurred in euros, any depreciation of the euro relative to the U.S. dollar would adversely impact our net loss or net income, as applicable. We currently have less exposure to fluctuations in the exchange rate of the British pound sterling because our revenues and expenses in that currency have an offsetting effect. We estimate that a 10% increase or decrease in the value of the NIS against the U.S. dollar would have decreased or increased our net income by approximately $2.0 million in 2014. We estimate that a 10% increase or decrease in the value of the euro against the U.S. dollar would have decreased or increased our net income by approximately $0.7 million in 2014. These estimates of the impact of fluctuations in currency exchange rates on our historic results of operations may be different from the impact of fluctuations in exchange rates on our future results of operations since the mix of currencies comprising our revenues and expenses may change. We evaluate periodically the various currencies to which we are exposed and take hedging measures to reduce the potential adverse impact from the appreciation or the depreciation of our non U.S. dollar-denominated operations, as appropriate. We expect that the majority of our revenues will continue to be generated in U.S. dollars with the balance in euros and British pounds sterling for the foreseeable future and that a significant portion of our expenses will continue to be denominated in NIS, British pounds sterling and in euros. We cannot provide any assurances that our hedging activities will be successful in protecting us from adverse impacts from currency exchange rate fluctuations. See Managements Discussion and Analysis of Financial Condition and Results of OperationsQuantitative and Qualitative Disclosure About Market RiskForeign Currency Risk.
A portion of our revenues is generated by sales to government entities, which are subject to a number of challenges and risks.
A portion of our revenues is generated by sales to U.S. and foreign federal, state and local governmental agency customers, and we may in the future increase sales to government entities. Sales to government entities are subject to a number of risks. Selling to government entities can be highly competitive, expensive and time consuming, often requiring significant upfront time and expense without any assurance that we will complete a sale. Government demand and payment for our products and services may be impacted by public sector budgetary cycles and funding authorizations, with funding reductions or delays adversely affecting public sector demand for our products. Finally, for purchases by the U.S. government, the government may require certain products to be manufactured in the United States and other high cost manufacturing locations, and we may not manufacture all products in locations that meet the requirements of the U.S. government.
We may acquire other businesses, which could require significant management attention, disrupt our business, dilute shareholder value, and adversely affect our results of operations.
As part of our business strategy and in order to remain competitive, we are evaluating acquiring or making investments in complementary companies, products or technologies. However, we have not made any acquisitions to date, and as a result, our ability as an organization to acquire and integrate other companies, products or technologies in a successful manner is unproven. We may not be able to find suitable acquisition candidates, and we may not be able to complete such acquisitions on favorable terms, if at all. If we do complete acquisitions, we may not ultimately strengthen our competitive position or achieve our goals, and any acquisitions we complete could be viewed negatively by our customers, analysts and investors. In addition, if we are unsuccessful at integrating such acquisitions or the technologies associated with such acquisitions, our revenues and results of operations could be adversely affected. Any integration process may require significant time and resources, and we may not be able to manage the process successfully. We may not successfully evaluate or utilize the acquired technology or personnel, or accurately forecast the financial impact of an acquisition transaction, including accounting charges. We may have to pay cash, incur debt or issue equity securities to pay for any such acquisition, each of which could adversely affect our financial condition or the value of our ordinary shares. The sale of equity or issuance of debt to finance any such acquisitions could result in dilution to our shareholders. The incurrence of indebtedness would result in increased fixed obligations and could also include covenants or other restrictions that would impede our ability to manage our operations.
22
We are subject to governmental export and import controls that could subject us to liability in the event of non-compliance or impair our ability to compete in international markets.
We incorporate encryption capabilities into certain products and these products are subject to U.S. export control requirements. We are also subject to Israeli export controls on encryption technology since our product development initiatives are primarily conducted in Israel. If the applicable U.S. or Israeli requirements regarding the export of encryption technology were to change or if we change the encryption means in our products, we may need to satisfy additional requirements in the United States or Israel. There can be no assurance that we will be able to satisfy any additional requirements under these circumstances in either the United States or Israel. Furthermore, various other countries regulate the import of certain encryption products and technology, including import permitting and licensing requirements, and have enacted laws that could limit our ability to distribute our products or could limit our customers ability to implement our products in those countries.
We are also subject to U.S. and Israeli export control and economic sanctions laws, which prohibit the shipment of certain products to embargoed or sanctioned countries, governments and persons. Our products could be exported to these sanctioned targets by our channel partners despite the contractual undertakings they have given us and any such export could have negative consequences, including government investigations, penalties and reputational harm. Any change in export or import regulations, economic sanctions or related legislation, shift in the enforcement or scope of existing regulations, or change in the countries, governments, persons or technologies targeted by such regulations, could result in decreased use of our products by, or in our decreased ability to export or sell our products to, existing or potential customers with international operations. Any decreased use of our products or limitation on our ability to export or sell our products would likely adversely affect our business, financial condition and results of operations.
In addition, in the future we may be subject to defense-related export controls. For example, currently our solution is not subject to supervision under the Israeli Defense Export Control Law, 5767-2007, but if it was used for purposes that are classified as defense-related or if it falls under dual-use goods and technology as referred to below, we could become subject to such regulation. In particular, under the Israeli Defense Export Control Law, 5767-2007, an Israeli company may not conduct defense marketing activity without a defense marketing license from the Israeli Ministry of Defense (MOD) and may be subject to a requirement to obtain a specific license from the MOD for any export of defense related products and/or knowhow. The definition of defense marketing activity is broad and includes any marketing of defense equipment, defense knowhow or defense services outside of Israel, which includes dual-use goods and technology, (material and equipment intended in principle for civilian use and that can also be used for defensive purposes, such as our cybersecurity solutions) that is specified in the list of Goods and Dual-Use Technology annexed to the Wassenaar Arrangement on Export Controls for Conventional Arms and Dual-Use Goods and Technologies, if intended for defense use only, or is specified under Israeli legislation. Dual-use goods and technology will be subject to control by the Ministry of Economy if intended for civilian use only. In December 2013, regulations under the Wassenaar Arrangement included for the first time a chapter on cyber-related matters. We believe that our products do not fall under this chapter; however, in the future we may become subject to this regulation or similar regulations, which would limit our sales and marketing activities and could therefore have an adverse effect on our results of operations. Similar issues could arise under the U.S. defense/military export controls under the Arms Export Control Act and the International Traffic in Arms Regulations.
Our use of third-party software and other intellectual property may expose us to risks.
Some of our products and services include software or other intellectual property licensed from third parties, and we otherwise use software and other intellectual property licensed from third parties in our business. This exposes us to risks over which we may have little or no control. For example, a licensor may have difficulties keeping up with technological changes or may stop supporting the software or other intellectual property that it licenses to us. There can be no assurance that the licenses we use will be available on acceptable terms, if at all. In addition, a third party may assert that we or our customers are in breach of the terms of a license, which could, among other things, give such third party the right to terminate a license or seek damages from us, or both. Our
23
inability to obtain or maintain certain licenses or other rights or to obtain or maintain such licenses or rights on favorable terms, or the need to engage in litigation regarding these matters, could result in delays in releases of new products, and could otherwise disrupt our business, until equivalent technology can be identified, licensed or developed.
Our use of open source software could negatively affect our ability to sell our software and subject us to possible litigation.
We use open source software and expect to continue to use open source software in the future. Some open source software licenses require users who distribute or make available as a service open source software as part of their own software product to publicly disclose all or part of the source code of the users software product or to make available any derivative works of the open source code on unfavorable terms or at no cost. We may face ownership claims of third parties over, or seeking to enforce the license terms applicable to, such open source software, including by demanding the release of the open source software, derivative works or our proprietary source code that was developed using such software. These claims could also result in litigation, require us to purchase a costly license or require us to devote additional research and development resources to change our software, any of which would have a negative effect on our business and results of operations. In addition, if the license terms for the open source code change, we may be forced to re-engineer our software or incur additional costs.
Risks Related to Our Ordinary Shares and the Offering
Our share price may be volatile, and you may lose all or part of your investment.
Our ordinary shares were first offered publicly in our initial public offering in September 2014, at a price of $16.00 per share, and our ordinary shares have subsequently traded as high as $70.48 per share and as low as $22.12 per share through February 26, 2015. In addition, the market price of our ordinary shares could be highly volatile and may fluctuate substantially as a result of many factors, some of which are beyond our control, including, but not limited to:
| actual or anticipated fluctuations in our results of operations; |
| variance in our financial performance from the expectations of market analysts; |
| announcements by us or our competitors of significant business developments, changes in service provider relationships, acquisitions or expansion plans; |
| changes in the prices of our products and services; |
| our involvement in litigation; |
| our sale of ordinary shares or other securities in the future; |
| market conditions in our industry; |
| changes in key personnel; |
| the trading volume of our ordinary shares; |
| changes in the estimation of the future size and growth rate of our markets; |
| any merger and acquisition activities; and |
| general economic and market conditions. |
In addition, the stock markets have experienced extreme price and volume fluctuations. Broad market and industry factors may materially harm the market price of our ordinary shares, regardless of our operating performance. In the past, following periods of volatility in the market price of a companys securities, securities class action litigation has often been instituted against that company. If we were involved in any similar litigation we could incur substantial costs and our managements attention and resources could be diverted.
24
If securities or industry analysts cease to publish research or publish inaccurate or unfavorable research reports about our business, our share price and trading volume could decline.
The trading price for our ordinary shares is affected by any research or reports that securities or industry analysts publish about us or our business. If one or more of the analysts who cover us or our business publish inaccurate or unfavorable research about us or our business, and in particular, if they downgrade their evaluations of our ordinary shares, the price of our ordinary shares would likely decline. If one or more of these analysts cease coverage of our company, we could lose visibility in the market for our ordinary shares, which in turn could cause our share price to decline.
A small number of significant beneficial owners of our shares will have a controlling influence over matters requiring shareholder approval, which could delay or prevent a change of control.
The largest beneficial owners of our shares, entities and individuals affiliated with Jerusalem Venture Partners and The Goldman Sachs Group, Inc., as of February 17, 2015, beneficially owned in the aggregate 55.4% of our ordinary shares and, after this offering, will beneficially own an aggregate of % of our ordinary shares. As a result, these shareholders individually could exert significant influence, and if they were to act together could exert a controlling influence, over our operations and business strategy and would have sufficient voting power to control the outcome of matters requiring shareholder approval. These matters may include:
| the composition of our board of directors which has the authority to direct our business and to appoint and remove our officers; |
| approving or rejecting a merger, consolidation or other business combination; |
| raising future capital; and |
| amending our articles of association which govern the rights attached to our ordinary shares. |
This concentration of ownership of our ordinary shares could delay or prevent proxy contests, mergers, tender offers, open-market purchase programs or other purchases of our ordinary shares that might otherwise give you the opportunity to realize a premium over the then-prevailing market price of our ordinary shares. This concentration of ownership may also adversely affect our share price.
As a foreign private issuer whose shares are listed on the NASDAQ Stock Market, or NASDAQ, we may follow certain home country corporate governance practices instead of otherwise applicable SEC and NASDAQ requirements, which may result in less protection than is accorded to investors under rules applicable to domestic U.S. issuers.
As a foreign private issuer whose shares are listed on the NASDAQ Global Select Market, we are permitted to follow certain home country corporate governance practices instead of certain rules of NASDAQ. We currently follow Israeli home country practices solely with regard to the quorum requirement for shareholder meetings. As permitted under the Israeli Companies Law, or Companies Law, our articles of association provide that the quorum for any meeting of shareholders shall be the presence of at least two shareholders present in person, by proxy or by a voting instrument, who hold at least 25% of the voting power of our shares instead of 33 1/3% of our issued share capital. We may in the future elect to follow Israeli home country practices with regard to other matters such as the formation and composition of the nominating and corporate governance committee, separate executive sessions of independent directors and the requirement to obtain shareholder approval for certain dilutive events (such as for the establishment or amendment of certain equity-based compensation plans, issuances that will result in a change of control of the company, certain transactions other than a public offering involving issuances of a 20% or more interest in the company and certain acquisitions of the stock or assets of another company). Accordingly, our shareholders may not be afforded the same protection as provided under NASDAQ corporate governance rules. Following our home country governance practices as opposed to the requirements that would otherwise apply to a United States company listed on NASDAQ may provide less protection than is accorded to investors of domestic issuers. See ManagementCorporate Governance Practices.
25
As a foreign private issuer we are not subject to the provisions of Regulation FD or U.S. proxy rules and are exempt from filing certain Exchange Act reports.
As a foreign private issuer, we are exempt from a number of requirements under U.S. securities laws that apply to public companies that are not foreign private issuers. In particular, we are exempt from the rules and regulations under the United States Securities Exchange Act of 1934, as amended, or the Exchange Act, related to the furnishing and content of proxy statements, and our officers, directors and principal shareholders are exempt from the reporting and short-swing profit recovery provisions contained in Section 16 of the Exchange Act. In addition, we are not required under the Exchange Act to file annual and current reports and financial statements with the Securities and Exchange Commission, or SEC, as frequently or as promptly as U.S. domestic companies whose securities are registered under the Exchange Act and we are generally exempt from filing quarterly reports with the SEC under the Exchange Act. We are also exempt from the provisions of Regulation FD, which prohibits issuers from making selective disclosure of material nonpublic information to, among others, broker-dealers and holders of a companys securities under circumstances in which it is reasonably foreseeable that the holder will trade in the companys securities on the basis of the information. Even though we intend to comply voluntarily with Regulation FD, these exemptions and leniencies will reduce the frequency and scope of information and protections to which you are entitled as an investor. For so long as we qualify as a foreign private issuer, we are not required to comply with the proxy rules applicable to U.S. domestic companies, although pursuant to the Companies Law, we disclose the annual compensation of our five most highly compensated office holders (as defined under the Companies Law) on an individual basis, including in this prospectus.
We would lose our foreign private issuer status if a majority of our directors or executive officers are U.S. citizens or residents and we fail to meet additional requirements necessary to avoid loss of foreign private issuer status. Although we have elected to comply with certain U.S. regulatory provisions, our loss of foreign private issuer status would make such provisions mandatory. The regulatory and compliance costs to us under U.S. securities laws as a U.S. domestic issuer may be significantly higher. If we are not a foreign private issuer, we will be required to file periodic reports and registration statements on U.S. domestic issuer forms with the SEC, which are more detailed and extensive than the forms available to a foreign private issuer. We would also be required to follow U.S. proxy disclosure requirements, including the requirement to disclose more detailed information about the compensation of our senior executive officers on an individual basis. We may also be required to modify certain of our policies to comply with good governance practices associated with U.S. domestic issuers. Such conversion and modifications will involve additional costs. In addition, we would lose our ability to rely upon exemptions from certain corporate governance requirements on U.S. stock exchanges that are available to foreign private issuers.
We are an emerging growth company and we cannot be certain whether the reduced requirements applicable to emerging growth companies will make our ordinary shares less attractive to investors.
We are an emerging growth company, as defined in the Jumpstart Our Business Startups Act of 2012 effective on April 5, 2012, or the JOBS Act, and we may take advantage of certain exemptions from various requirements that are applicable to other public companies that are not emerging growth companies. Most of such requirements relate to disclosures that we would only be required to make if we cease to be a foreign private issuer in the future. Nevertheless, as a foreign private issuer that is an emerging growth company, we will not be required to comply with the auditor attestation requirements of Section 404 of the Sarbanes-Oxley Act, for up to five fiscal years after September 23, 2014, the date of our initial public offering. We will remain an emerging growth company until the earliest of: (a) the last day of our fiscal year during which we have total annual gross revenues of at least $1.0 billion; (b) the last day of our fiscal year following the fifth anniversary of the completion of our initial public offering; (c) the date on which we have, during the previous three-year period, issued more than $1.0 billion in non-convertible debt; or (d) the date on which we are deemed to be a large accelerated filer under the Exchange Act. When we are no longer deemed to be an emerging growth company, we will not be entitled to the exemptions provided in the JOBS Act discussed above. We cannot predict if
26
investors will find our ordinary shares less attractive as a result of our reliance on exemptions under the JOBS Act. If some investors find our ordinary shares less attractive as a result, there may be a less active trading market for our ordinary shares and our share price may be more volatile.
The market price of our ordinary shares could be negatively affected by future sales of our ordinary shares.
If our existing shareholders, particularly our largest shareholders, our directors, their affiliates, or our executive officers, sell a substantial number of our ordinary shares in the public market, the market price of our ordinary shares could decrease significantly. The perception in the public market that these shareholders might sell our ordinary shares could also depress the market price of our ordinary shares and could impair our future ability to obtain capital, especially through an offering of equity securities.
In connection with our initial public offering, our executive officers and directors and the holders of substantially all of our ordinary shares entered into lock-up agreements with the underwriters, which, subject to limited exceptions, restrict their ability to transfer their shares until March 22, 2015. We, our directors and officers and the selling shareholders in this offering have entered into a similar agreement with the underwriters of this offering that expires 90 days after the date of this prospectus, with limited exceptions. As a result, on March 22, 2015, approximately shares will become available for sale, approximately of which are expected to be subject to volume, manner of sale and other limitations; and on , 2015, 90 days after the date of the final prospectus related to this offering, an additional approximately shares will become available for sale, approximately of which are expected to be subject to volume, manner or sale and other limitations.
Following this offering, the holders of approximately 23.0 million of our ordinary shares will be entitled to require that we register their shares under the Securities Act for resale into the public markets subject to any lock-up agreement that such holders have signed in connection with this offering. All shares sold pursuant to an offering covered by such registration statement will be freely transferable. See Certain Relationships and Related Party TransactionsRegistration Rights. Sales by us or our shareholders of a substantial number of ordinary shares in the public market, or the perception that these sales might occur, could cause the market price of our ordinary shares to decline or could impair our ability to raise capital through a future sale of, or pay for acquisitions using, our equity securities.
Further, 4,776,985 ordinary shares are reserved for issuance under our share option plans as of December 31, 2014. Shares issuable under our share option plans have been registered on a Form S-8 registration statement and may be freely sold in the public market upon issuance, except for shares held by affiliates who have certain restrictions on their ability to sell.
We believe that we were classified as a passive foreign investment company for the taxable year ending December 31, 2014, and our U.S. shareholders may suffer adverse tax consequences as a result.
Generally, if for any taxable year 75% or more of our gross income is passive income, or at least 50% of the average quarterly value of our assets (which, assuming we were a non-publicly traded controlled foreign corporation, or CFC, for the year being tested, may be measured by the adjusted tax basis of our assets or, if we were a publicly traded CFC or not a CFC, the total value of our assets may be measured in part by the market value of our ordinary shares, which is subject to change) are held for the production of, or produce, passive income, we would be characterized as a passive foreign investment company, or PFIC, for U.S. federal income tax purposes. Based on our belief that we were a CFC prior to our initial public offering in our 2014 taxable year and on our gross income and gross assets, as well as our use of proceeds from our initial public offering, and the nature of our business, we believe that we were classified as a PFIC for the taxable year ending December 31, 2014. Because the total value of our assets will be measured in part by the market value of our ordinary shares in our 2015 taxable year, we do not expect to be classified as a PFIC for our taxable year ending December 31, 2015. However, because PFIC status is based on our income, assets and activities for the entire taxable year, it is not possible to determine whether we will be characterized as a PFIC for our 2015 taxable year until after the
27
close of the year. There can be no assurance that we will not be considered a PFIC for any taxable year. Our characterization as a PFIC could result in material adverse tax consequences for you if you are a U.S. investor, including having gains realized on the sale of our ordinary shares treated as ordinary income, rather than a capital gain, the loss of the preferential rate applicable to dividends received on our ordinary shares by individuals who are U.S. holders, and having interest charges apply to distributions by us and the proceeds of share sales. If we are characterized as a PFIC, certain elections may be available that would alleviate some of the adverse consequences of PFIC status and result in an alternative treatment of our ordinary shares. However, such elections could result in you recognizing taxable income in a taxable year with respect to our shares in excess of any distributions that we make to you in that year, thus giving rise to so-called phantom income and to a potential out-of-pocket tax liability. For each year in which we are a PFIC and our ordinary shares are regularly traded on a qualified exchange, a U.S. investor may be able to avoid certain adverse tax consequences by making an election to mark-to-market our ordinary shares each taxable year and recognize ordinary income pursuant to such election based upon increases in the value of the ordinary shares. However, a mark-to-market election with respect to us does not apply to any equity interests in our subsidiaries that are classified as a PFIC and a U.S. Holder (as defined in U.S. and Israeli Tax Consequences for our ShareholdersCertain United States Federal Income Tax ConsequencesPassive Foreign Investment Company Considerations) generally will continue to be subject to the PFIC rules with respect to its indirect interest in any investments held by us that are treated as equity interests in a PFIC for U.S. federal income tax purposes. We will use commercially reasonable efforts to make available to U.S. Holders the information necessary for U.S. holders to make qualified electing fund elections if we are classified as a PFIC. See U.S. and Israeli Tax Consequences for our ShareholdersCertain United States Federal Income Tax ConsequencesPassive Foreign Investment Company Considerations.
Prospective U.S. investors should consult their own tax advisers regarding the potential application of the PFIC rules to them. Prospective U.S. investors should refer to U.S. and Israeli Tax Consequences for our ShareholdersCertain United States Federal Income Tax Consequences for discussion of additional U.S. income tax considerations applicable to them based on our treatment as a PFIC.
We have broad discretion over the use of proceeds we received in our initial public offering and may not apply the proceeds in ways that increase the value of your investment.
Our management has broad discretion in the application of the net proceeds from our initial public offering, the majority of which has not yet been spent, and, as a result, you must rely upon the judgment of our management with respect to the use of these proceeds. Our management may spend a portion or all of the net proceeds in ways that not all shareholders approve of or that may not yield a favorable return. The failure by our management to apply these funds effectively could harm our business.
Under Section 404 of the Sarbanes-Oxley Act and, as an emerging growth company, we are currently not required to obtain an auditor attestation regarding our internal control over financial reporting and we have therefore not yet determined whether our existing internal controls over financial reporting are effective.
We will not be required to comply with the internal control, evaluation and certification requirements of Section 404 of the Sarbanes-Oxley Act until we file our Annual Report on Form 20-F for the year ending December 31, 2015, at the earliest. Furthermore, unless we lose our status as an emerging growth company under the JOBS Act, we will not be required to obtain an auditor attestation under Section 404 of the Sarbanes-Oxley Act until 2018. Accordingly, we have only recently commenced the process of determining whether our existing internal controls over financial reporting systems are compliant with Section 404. We may lose our status as an emerging growth company and be required to obtain an auditor attestation for our Annual Report on Form 20-F for the year ending December 31, 2015 if we have an unaffiliated market capitalization of over $700 million as of June 30, 2015.
The process of evaluating our internal control over financial reporting will require an investment of substantial time and resources, including by our Chief Financial Officer and other members of our senior
28
management. As a result, this process may divert internal resources and take a significant amount of time and effort to complete. In addition, we cannot predict the outcome of this determination and whether we will need to implement remedial actions in order to implement effective control over financial reporting. The determination and any remedial actions required could result in us incurring additional costs that we did not anticipate. Irrespective of compliance with Section 404, any failure of our internal controls could have a material adverse effect on our stated results of operations and harm our reputation. As a result, we may experience higher than anticipated operating expenses, as well as higher independent auditor fees during and after the implementation of these changes. If we are unable to implement any of the required changes to our internal control over financial reporting effectively or efficiently or are required to do so earlier than anticipated, it could adversely affect our operations, financial reporting and/or results of operations and could result in an adverse opinion on internal controls from our independent auditors.
Risks Relating to Our Incorporation and Location in Israel
Our headquarters, research and development activities and other significant operations are located in Israel and, therefore, our results may be adversely affected by political, economic and military instability in Israel.
Our headquarters and principal research and development facilities are located in Israel. In addition, the majority of our key employees, officers and directors are residents of Israel. Accordingly, political, economic and military conditions in Israel may directly affect our business. Since the establishment of the State of Israel in 1948, a number of armed conflicts have taken place between Israel and its neighboring countries. In recent years, these have included hostilities between Israel and Hezbollah in Lebanon and Hamas in the Gaza strip, both of which resulted in rockets being fired into Israel causing casualties and disruption of economic activities. In addition, Israel faces threats from more distant neighbors, in particular, Iran. Our commercial insurance does not cover losses that may occur as a result of an event associated with the security situation in the Middle East. Although the Israeli government is currently committed to covering the reinstatement value of direct damages that are caused by terrorist attacks or acts of war, we cannot assure you that this government coverage will be maintained, or if maintained, will be sufficient to compensate us fully for damages incurred. Any losses or damages incurred by us could have a material adverse effect on our business. Any armed conflict involving Israel could adversely affect our operations and results of operations.
Further, our operations could be disrupted by the obligations of personnel to perform military service. As of December 31, 2014, we had 180 employees based in Israel, certain of which may be called upon to perform up to 54 days in each three year period (and in the case of non-officer commanders or officers, up to 70 or 84 days, respectively, in each three year period) of military reserve duty until they reach the age of 40 (and in some cases, depending on their specific military profession up to 45 or even 49 years of age) and, in certain emergency circumstances, may be called to immediate and unlimited active duty. Our operations could be disrupted by the absence of a significant number of employees related to military service, which could materially adversely affect our business and results of operations.
Several countries, principally in the Middle East, restrict doing business with Israel and Israeli companies, and additional countries may impose restrictions on doing business with Israel and Israeli companies whether as a result of hostilities in the region or otherwise. In addition, there have been increased efforts by activists to cause companies and consumers to boycott Israeli goods based on Israeli government policies. Such actions, particularly if they become more widespread, may adversely impact our ability to sell our products.
The tax benefits that are available to us require us to continue to meet various conditions and may be terminated or reduced in the future, which could increase our costs and taxes.
We were granted Approved Enterprise status under the Israeli Law for the Encouragement of Capital Investments, 1959, referred to as the Investment Law. We had elected the alternative benefits program, pursuant to which income derived from the Approved Enterprise program is tax-exempt for two years and enjoys a reduced tax rate of 10% to 25% for up to a total of eight years, subject to an adjustment based upon the foreign
29
investors ownership. We were also eligible for certain tax benefits provided to Benefited Enterprises under the Investment Law. In March 2013, we notified the Israel Tax Authority that we apply the new tax regime under the Investment Law instead of our Approved Enterprise and Benefited Enterprise. As of 2013 we are eligible for certain tax benefits provided to Preferred Enterprises under Investment Law. If we do not meet the conditions stipulated in the Investment Law, any tax benefits may be canceled and we may be required to refund the amount of the benefits, in whole or in part, including interest and CPI linkage. Further, in the future these tax benefits may be reduced or discontinued. If these tax benefits are reduced, cancelled or discontinued, our Israeli taxable income would be subject to regular Israeli corporate tax rates. The standard corporate tax rate for Israeli companies in 2013 was 25.0% and was increased to 26.5% for 2014 and thereafter. Additionally, if we increase our activities outside of Israel through acquisitions, for example, our expanded activities might not be eligible for inclusion in future Israeli tax benefit programs. See Taxation and Israeli Government Programs Applicable to our CompanyLaw for the Encouragement of Capital Investments, 5719-1959.
We may be required to pay monetary remuneration to employees who invented inventions during and as a consequence of their employment, even if the proprietary rights to such inventions have been assigned to us.
We enter into assignment-of-invention agreements with our employees pursuant to which such individuals agree to assign to us all rights to any inventions created in the scope of their employment or engagement with us. A significant portion of our intellectual property has been developed by our employees during the course of their employment by us. Under the Israeli Patent Law, 5727-1967, or the Patent Law, inventions conceived by an employee during the scope of his or her employment with a company are regarded as service inventions, which belong to the employer, absent a specific agreement between the employee and employer giving the employee service invention rights. The Patent Law also provides that if there is no such agreement between an employer and an employee, the Israeli Compensation and Royalties Committee, or the Committee, a body constituted under the Patent Law, shall determine whether the employee is entitled to remuneration for his or her inventions. Recent decisions by the Committee have created uncertainty in this area, as it held that employees may be entitled to remuneration for their service inventions despite having specifically waived any such rights. Further, the Committee has not yet determined the method for calculating this Committee-enforced remuneration or the criteria or circumstances under which an employees assignment of all rights and/or waiver of his or her right to remuneration will be disregarded. Although our employees have agreed to assign to us service invention rights, we may face claims demanding remuneration in consideration for assigned inventions. As a consequence of such claims, we could be required to pay additional remuneration or royalties to our current and/or former employees, or be forced to litigate such claims, which could negatively affect our business.
Provisions of Israeli law and our articles of association may delay, prevent or otherwise impede a merger with or an acquisition of us, even when the terms of such a transaction are favorable to us and our shareholders.
Israeli corporate law regulates mergers, requires tender offers for acquisitions of shares above specified thresholds, requires special approvals for transactions involving directors, officers or significant shareholders and regulates other matters that may be relevant to such types of transactions. For example, a tender offer for all of a companys issued and outstanding shares can only be completed if the acquirer receives positive responses from the holders of at least 95% of the issued share capital. Completion of the tender offer also requires approval of a majority of the offerees that do not have a personal interest in the tender offer, unless at least 98% of the companys outstanding shares are tendered. Furthermore, the shareholders, including those who indicated their acceptance of the tender offer (unless the acquirer stipulated in its tender offer that a shareholder that accepts the offer may not seek appraisal rights), may, at any time within six months following the completion of the tender offer, petition an Israeli court to alter the consideration for the acquisition. See Description of Share CapitalAcquisitions under Israeli Law for additional information.
Our articles of association provide that our directors (other than external directors) are elected on a staggered basis, such that a potential acquirer cannot readily replace our entire board of directors at a single annual general shareholder meeting.
30
Furthermore, Israeli tax considerations may make potential transactions unappealing to us or to our shareholders whose country of residence does not have a tax treaty with Israel exempting such shareholders from Israeli tax. For example, Israeli tax law does not recognize tax-free share exchanges to the same extent as U.S. tax law. With respect to mergers involving an exchange of shares, Israeli tax law allows for tax deferral in certain circumstances but makes the deferral contingent on the fulfillment of a number of conditions, including, in some cases, a holding period of two years from the date of the transaction during which sales and dispositions of shares of the participating companies are subject to certain restrictions. Moreover, with respect to certain share swap transactions, the tax deferral is limited in time, and when such time expires, the tax becomes payable even if no disposition of the shares has occurred.
It may be difficult to enforce a judgment of a U.S. court against us, our officers and directors or the Israeli auditors named in this prospectus in Israel or the United States, to assert U.S. securities laws claims in Israel or to serve process on our officers and directors and these auditors.
We are incorporated in Israel. The majority of our directors and executive officers, and the Israeli auditors listed in this prospectus reside outside of the United States, and most of our assets and most of the assets of these persons are located outside of the United States. Therefore, a judgment obtained against us, or any of these persons, including a judgment based on the civil liability provisions of the U.S. federal securities laws, may not be collectible in the United States and may not be enforced by an Israeli court. It also may be difficult for you to effect service of process on these persons in the United States or to assert U.S. securities law claims in original actions instituted in Israel. Israeli courts may refuse to hear a claim based on an alleged violation of U.S. securities laws reasoning that Israel is not the most appropriate forum in which to bring such a claim. In addition, even if an Israeli court agrees to hear a claim, it may determine that Israeli law and not U.S. law is applicable to the claim. If U.S. law is found to be applicable, the content of applicable U.S. law must be proven as a fact by expert witnesses, which can be a time consuming and costly process. Certain matters of procedure will also be governed by Israeli law. There is little binding case law in Israel that addresses the matters described above. As a result of the difficulty associated with enforcing a judgment against us in Israel, you may not be able to collect any damages awarded by either a U.S. or foreign court. See Enforceability of Civil Liabilities for additional information on your ability to enforce a civil claim against us and our executive officers or directors named in this prospectus.
Your rights and responsibilities as a shareholder are, and will continue to be, governed by Israeli law which differs in some material respects from the rights and responsibilities of shareholders of U.S. companies.
The rights and responsibilities of the holders of our ordinary shares are governed by our articles of association and by Israeli law. These rights and responsibilities differ in some material respects from the rights and responsibilities of shareholders in U.S.-based corporations. In particular, a shareholder of an Israeli company has a duty to act in good faith and in a customary manner in exercising its rights and performing its obligations towards the company and other shareholders, and to refrain from abusing its power in the company, including, among other things, in voting at a general meeting of shareholders on matters such as amendments to a companys articles of association, increases in a companys authorized share capital, mergers and acquisitions and related party transactions requiring shareholder approval. In addition, a shareholder who is aware that it possesses the power to determine the outcome of a shareholder vote or to appoint or prevent the appointment of a director or executive officer in the company has a duty of fairness toward the company. There is limited case law available to assist us in understanding the nature of this duty or the implications of these provisions. These provisions may be interpreted to impose additional obligations and liabilities on holders of our ordinary shares that are not typically imposed on shareholders of U.S. corporations.
31
SPECIAL NOTE REGARDING FORWARD-LOOKING STATEMENTS
We make forward-looking statements in this prospectus that are subject to risks and uncertainties. These forward-looking statements include information about possible or assumed future results of our business, financial condition, results of operations, liquidity, plans and objectives. In some cases, you can identify forward-looking statements by terminology such as believe, may, estimate, continue, anticipate, intend, should, plan, expect, predict, potential, or the negative of these terms or other similar expressions. The statements we make regarding the following matters are forward-looking by their nature:
| our expectations regarding revenues generated by our hybrid sales model; |
| our expectations regarding our operating and net profit margins; |
| our expectations regarding significant drivers of our future growth; |
| our plans to continue to invest in research and development to develop technology for both existing and new products; |
| our plans to invest in sales and marketing efforts and expand our channel partnerships; |
| our plans to hire additional new employees; |
| our plans to leverage our global footprint in existing industry verticals to further expand our market share; |
| our plans to pursue incremental sales by further expanding our customer success team; |
| our expectations regarding our tax classifications; |
| our expectations regarding the controlling shareholder status of Jerusalem Venture Partners; and |
| our plans to pursue strategic acquisitions. |
The preceding list is not intended to be an exhaustive list of all of our forward-looking statements. The forward-looking statements are based on our beliefs, assumptions and expectations of future performance, taking into account the information currently available to us. These statements are only predictions based upon our current expectations and projections about future events. There are important factors that could cause our actual results, levels of activity, performance or achievements to differ materially from the results, levels of activity, performance or achievements expressed or implied by the forward-looking statements. In particular, you should consider the risks provided under Risk Factors in this prospectus.
You should not rely upon forward-looking statements as predictions of future events. Although we believe that the expectations reflected in the forward-looking statements are reasonable, we cannot guarantee that future results, levels of activity, performance and events and circumstances reflected in the forward-looking statements will be achieved or will occur. Except as required by law, we undertake no obligation to update publicly any forward-looking statements for any reason after the date of this prospectus, to conform these statements to actual results or to changes in our expectations.
32
Unless otherwise indicated, information contained in this prospectus concerning our industry and the markets in which we operate, including our general expectations, market position, market opportunity and market size, is based on information from various sources, including Gartner, Inc. (Gartner), IDC, Mandiant (recently acquired by FireEye, Inc.) and Verizon Communications Inc. (Verizon), on assumptions that we have made that are based on those data and other similar sources and on our knowledge of the markets for our products and services. This information involves a number of assumptions and limitations, and you are cautioned not to give undue weight to such estimates. While we believe the market position, market opportunity and market size information included in this prospectus is generally reliable, such information is inherently imprecise. In addition, projections, assumptions and estimates of our future performance and the future performance of the industry in which we operate is necessarily subject to a high degree of uncertainty and risk due to a variety of factors, including those described in Risk Factors and elsewhere in this prospectus. These and other factors could cause results to differ materially from those expressed in the estimates made by the independent parties and by us.
The Gartner Report described herein, (the Gartner Report) represents data, research opinion or viewpoints published, as part of a syndicated subscription service, by Gartner, and are not representations of fact. The Gartner Report speaks as of its original publication date (and not as of the date of this prospectus) and the opinions expressed in the Gartner Report are subject to change without notice. The Gartner Report referenced is Market Guide for Endpoint Detection and Response Solutions, dated May 13, 2014.
33
The selling shareholders will receive all net proceeds from the sale of the ordinary shares to be sold in this offering. We will not receive any of the proceeds from the sale of our ordinary shares by the selling shareholders.
34
PRICE RANGE OF OUR ORDINARY SHARES
Our ordinary shares have been listed on NASDAQ under the symbol CYBR since September 24, 2014. The following table sets forth, for the periods indicated, the high and low sales prices of our ordinary shares as reported by the NASDAQ Global Select Market.
Low | High | |||||||
Year ending December 31, 2015: |
||||||||
First Quarter (through February 26, 2015) |
$ | 33.00 | $ | 70.48 | ||||
Year ended December 31, 2014: |
||||||||
Fourth Quarter |
26.66 | 47.01 | ||||||
Third Quarter (beginning September 24, 2014) |
22.12 | 35.88 |
The closing sale price of our ordinary shares, as reported by the NASDAQ Global Select Market, on February 26, 2015, was $62.46 per ordinary share.
35
We have never declared or paid any cash dividends on our ordinary shares. We do not anticipate paying any cash dividends in the foreseeable future. We currently intend to retain future earnings, if any, to finance operations and expand our business. Our board of directors has sole discretion whether to pay dividends. If our board of directors decides to pay dividends, the form, frequency and amount will depend upon our future operations and earnings, capital requirements and surplus, general financial condition, contractual restrictions and other factors that our directors may deem relevant. The distribution of dividends may also be limited by Israeli law, which permits the distribution of dividends only out of retained earnings or otherwise upon the permission of an Israeli court.
36
The following table sets forth our cash, cash equivalents and short-term bank deposits, and total capitalization as of December 31, 2014. You should read this information in conjunction with our consolidated financial statements and the related notes appearing at the end of this prospectus and the Managements Discussion and Analysis of Financial Condition and Results of Operations section and other financial information contained in this prospectus.
As of December 31, 2014 | ||||
(in thousands, except share and per share amounts) |
||||
Cash, cash equivalents and short-term bank deposits |
$ | 177,181 | ||
|
|
|||
Ordinary shares, par value NIS 0.01 per share; 250,000,000 shares authorized and 30,501,352 shares issued and outstanding |
79 | |||
Additional paid-in capital |
134,486 | |||
Accumulated other comprehensive loss |
(333 | ) | ||
Retained earnings |
20,776 | |||
|
|
|||
Total shareholders equity |
155,008 | |||
Total capitalization |
$ | 332,189 | ||
|
|
The preceding table excludes, as of December, 31, 2014, (1) 4,776,985 ordinary shares reserved for issuance under our equity incentive plans, in respect of which we had outstanding options to purchase 4,564,764 ordinary shares at a weighted average exercise price of $2.57 per share and 27,960 unvested RSUs and (2) 15,000 ordinary shares underlying warrants issued to an Israeli non-profit organization with an exercise price of $2.21 per share.
37
SELECTED CONSOLIDATED FINANCIAL DATA
The following tables set forth our selected consolidated financial data. You should read the following selected consolidated financial data in conjunction with Managements Discussion and Analysis of Financial Condition and Results of Operations and our consolidated financial statements and related notes included elsewhere in this prospectus. Historical results are not necessarily indicative of the results that may be expected in the future. Our financial statements have been prepared in accordance with U.S. GAAP.
The selected consolidated statements of operations data for each of the years in the three-year period ended December 31, 2014 and the consolidated balance sheet data as of December 31, 2013 and 2014 are derived from our audited consolidated financial statements appearing elsewhere in this prospectus. The consolidated statements of operations data for the year ended December 31, 2011 and the consolidated balance sheet data as of December 31, 2011 and 2012 are derived from our audited consolidated financial statements that are not included in this prospectus.
Year ended December 31, | ||||||||||||||||
2011 | 2012 | 2013 | 2014 | |||||||||||||
(in thousands except share and per share data) | ||||||||||||||||
Consolidated Statements of Operations: |
||||||||||||||||
Revenues: |
||||||||||||||||
License |
$ | 21,125 | $ | 27,029 | $ | 38,907 | $ | 61,320 | ||||||||
Maintenance and professional services |
15,240 | 20,179 | 27,250 | 41,679 | ||||||||||||
|
|
|
|
|
|
|
|
|||||||||
Total revenues |
36,365 | 47,208 | 66,157 | 102,999 | ||||||||||||
|
|
|
|
|
|
|
|
|||||||||
Cost of revenues: |
||||||||||||||||
License |
899 | 1,002 | 1,216 | 2,654 | ||||||||||||
Maintenance and professional services |
4,517 | 5,922 | 7,860 | 12,053 | ||||||||||||
|
|
|
|
|
|
|
|
|||||||||
Total cost of revenues(1) |
5,416 | 6,924 | 9,076 | 14,707 | ||||||||||||
|
|
|
|
|
|
|
|
|||||||||
Gross profit |
30,949 | 40,284 | 57,081 | 88,292 | ||||||||||||
|
|
|
|
|
|
|
|
|||||||||
Operating expenses: |
||||||||||||||||
Research and development(1) |
6,272 | 7,273 | 10,404 | 14,400 | ||||||||||||
Sales and marketing(1) |
15,929 | 22,081 | 32,840 | 44,943 | ||||||||||||
General and administrative(1) |
3,077 | 3,297 | 4,758 | 8,495 | ||||||||||||
|
|
|
|
|
|
|
|
|||||||||
Total operating expenses |
25,278 | 32,651 | 48,002 | 67,838 | ||||||||||||
|
|
|
|
|
|
|
|
|||||||||
Operating income |
5,671 | 7,633 | 9,079 | 20,454 | ||||||||||||
Financial income (expenses), net |
(190 | ) | 4 | (1,124 | ) | (5,988 | ) | |||||||||
|
|
|
|
|
|
|
|
|||||||||
Income before taxes on income |
5,481 | 7,637 | 7,955 | 14,466 | ||||||||||||
Taxes on income (benefit) |
(392 | ) | (225 | ) | 1,320 | 4,512 | ||||||||||
|
|
|
|
|
|
|
|
|||||||||
Net income |
$ | 5,873 | $ | 7,862 | $ | 6,635 | $ | 9,954 | ||||||||
|
|
|
|
|
|
|
|
|||||||||
Basic net income per ordinary share(2) |
$ | 0.43 | $ | 0.51 | $ | 0.25 | $ | 0.46 | ||||||||
|
|
|
|
|
|
|
|
|||||||||
Diluted net income per ordinary share(2) |
$ | 0.26 | $ | 0.31 | $ | 0.14 | $ | 0.34 | ||||||||
|
|
|
|
|
|
|
|
|||||||||
Weighted average number of ordinary shares used in computing basic net income per ordinary share(2) |
4,969,489 | 6,592,997 | 6,900,433 | 13,335,059 | ||||||||||||
|
|
|
|
|
|
|
|
|||||||||
Weighted average number of ordinary shares used in computing diluted net income per ordinary share(2) |
22,791,354 | 25,245,790 | 10,765,914 | 29,704,730 | ||||||||||||
|
|
|
|
|
|
|
|
38
As of December 31, | ||||||||||||||||
2011 | 2012 | 2013 | 2014 | |||||||||||||
(in thousands) | ||||||||||||||||
Consolidated Balance Sheet Data: |
||||||||||||||||
Cash, cash equivalents and short-term bank deposits |
$ | 33,353 | $ | 45,995 | $ | 65,368 | $ | 177,181 | ||||||||
Deferred revenue, current and long term |
9,302 | 15,068 | 24,478 | 32,160 | ||||||||||||
Working capital(3) |
29,026 | 41,448 | 51,547 | 160,617 | ||||||||||||
Total assets |
47,654 | 64,379 | 89,632 | 210,552 | ||||||||||||
Preferred share warrant liability |
512 | 688 | 2,134 | | ||||||||||||
Total shareholders equity |
30,290 | 38,494 | 45,846 | 155,008 |
Year ended December 31, | ||||||||||||||||
2011 | 2012 | 2013 | 2014 | |||||||||||||
(in thousands) | ||||||||||||||||
Supplemental Financial Data: |
||||||||||||||||
Non-GAAP operating income(4) |
$ | 7,347 | $ | 7,917 | $ | 9,482 | $ | 22,027 | ||||||||
Non-GAAP net income(4) |
7,728 | 8,322 | 8,484 | 15,836 | ||||||||||||
Net cash provided by operating activities |
9,376 | 13,657 | 20,159 | 23,840 |
(1) | Includes share-based compensation expense as follows: |
Year ended December 31, | ||||||||||||||||
2011 | 2012 | 2013 | 2014 | |||||||||||||
(in thousands) | ||||||||||||||||
Cost of revenues |
$ | 70 | $ | 32 | $ | 39 | $ | 137 | ||||||||
Research and development |
481 | 58 | 73 | 172 | ||||||||||||
Sales and marketing |
432 | 81 | 126 | 347 | ||||||||||||
General and administrative |
693 | 113 | 165 | 917 | ||||||||||||
|
|
|
|
|
|
|
|
|||||||||
Total share-based compensation expenses |
$ | 1,676 | $ | 284 | $ | 403 | $ | 1,573 | ||||||||
|
|
|
|
|
|
|
|
(2) | Basic and diluted net income per ordinary share is computed based on the weighted average number of ordinary shares outstanding during each period. For additional information, see note 10 to our consolidated financial statements included elsewhere in this prospectus. |
(3) | We define working capital as total current assets minus total current liabilities. |
(4) | Non-GAAP operating income and non-GAAP net income are non-GAAP financial measures. We define non-GAAP operating income as operating income excluding share-based compensation expense. We define non-GAAP net income as net income excluding (i) share-based compensation expense, and (ii) financial expenses resulting from the revaluation of warrants to purchase preferred shares. The following tables reconcile operating income and net income, the most directly comparable U.S. GAAP measure, to non-GAAP operating income and non-GAAP net income for the periods presented: |
Year ended December 31, | ||||||||||||||||
2011 | 2012 | 2013 | 2014 | |||||||||||||
(in thousands) | ||||||||||||||||
Reconciliation of Operating Income to Non-GAAP Operating Income: |
||||||||||||||||
Operating income |
$ | 5,671 | $ | 7,633 | $ | 9,079 | $ | 20,454 | ||||||||
Share-based compensation |
1,676 | 284 | 403 | 1,573 | ||||||||||||
|
|
|
|
|
|
|
|
|||||||||
Non-GAAP operating income |
$ | 7,347 | $ | 7,917 | $ | 9,482 | $ | 22,027 | ||||||||
|
|
|
|
|
|
|
|
39
Year ended December 31, | ||||||||||||||||
2011 | 2012 | 2013 | 2014 | |||||||||||||
(in thousands) | ||||||||||||||||
Reconciliation of Net Income to Non-GAAP Net Income: |
||||||||||||||||
Net income |
$ | 5,873 | $ | 7,862 | $ | 6,635 | $ | 9,954 | ||||||||
Share-based compensation |
1,676 | 284 | 403 | 1,573 | ||||||||||||
Warrant adjustment |
179 | 176 | 1,446 | 4,309 | ||||||||||||
|
|
|
|
|
|
|
|
|||||||||
Non-GAAP net income |
$ | 7,728 | $ | 8,322 | $ | 8,484 | $ | 15,836 | ||||||||
|
|
|
|
|
|
|
|
For a description of how we use non-GAAP operating income and non-GAAP net income to evaluate our business, see Managements Discussion and Analysis of Financial Condition and Results of OperationsKey Financial Metrics. We believe that these non-GAAP financial measures are useful in evaluating our business because of varying available valuation methodologies, subjective assumptions and the variety of equity instruments that can impact a companys non-cash expenses and we believe that providing non-GAAP operating income and non-GAAP net income that excludes share-based compensation expenses and warrant awards allows for more meaningful comparisons between our operating results from period to period.
Other companies, including companies in our industry, may calculate non-GAAP operating and non-GAAP net income differently or not at all, which reduces their usefulness as a comparative measure. You should consider non-GAAP operating income and non-GAAP net income along with other financial performance measures, including operating income and net income, and our financial results presented in accordance with U.S. GAAP.
40
MANAGEMENTS DISCUSSION AND ANALYSIS OF FINANCIAL CONDITION AND RESULTS OF OPERATIONS
The following discussion should be read in conjunction with our consolidated financial statements and the related notes included elsewhere in this prospectus. This discussion contains forward-looking statements that are subject to known and unknown risks and uncertainties. Actual results and the timing of events may differ significantly from those expressed or implied in such forward-looking statements due to a number of factors, including those set forth in the section entitled Risk Factors and elsewhere in this prospectus. You should read the following discussion in conjunction with Special Note Regarding Forward-Looking Statements and Risk Factors.
Overview
We are a global leader and pioneer of a new layer of IT security solutions that protects organizations from cyber attacks that have made their way inside the network perimeter to strike at the heart of the enterprise. Our software solution is focused on protecting privileged accounts, which have become a critical target in the lifecycle of todays cyber attacks. Privileged accounts act as the keys to the IT kingdom, providing complete access to, and control of, all parts of IT infrastructure, industrial control systems and critical business data. In the hands of an external attacker or malicious insider, privileged accounts allow attackers to take control of and disrupt an organizations IT and industrial control infrastructures, steal confidential information and commit financial fraud. Our comprehensive solution proactively protects privileged accounts, monitors privileged activity and detects malicious privileged behavior. Our customers use our innovative solution to introduce this new security layer to protect against, detect and respond to cyber attacks before they strike vital systems and compromise sensitive data.
We have a history of innovation. We started operations in 1999 with the vision of protecting high-value business data and pioneered our Digital Vault technology, which is the foundation of our platform. That same year, we began offering our first product, the Sensitive Information Management Solution (previously called the Sensitive Document Vault), which provides a secure platform through which our customers employees can share sensitive files. We believe our early innovation in vaulting technology enabled us to evolve into a company that provides a comprehensive security solution built for privileged accounts. In 2005, we introduced our Privileged Account Security Solution, which has become our leading offering and reflects our emphasis on protecting privileged accounts across an organization. Our Privileged Account Security Solution is built on our shared technology platform and consists of several products: Enterprise Password Vault, SSH Key Manager, Privileged Session Manager, Privileged Threat Analytics, Application Identity Manager and On-Demand Privileges Manager.
We derive our revenues from licensing our cybersecurity software, selling maintenance and support contracts, and providing professional services to the extent requested by customers. Our license revenues consist primarily of revenues from sales of our Privileged Account Security Solution. Our customers typically purchase one year and, to a lesser extent, three years, of maintenance and support in conjunction with their initial purchase of our products. Thereafter, they can renew such maintenance and support for additional one or three-year periods.
We seek to foster long-term relationships with our customers. We have a significant opportunity to generate additional revenue from our existing customers by helping them identify and address gaps in their current privileged account security strategy. Our platform provides our customers flexibility to initially deploy one or more of our products for a single use case and then expand usage over time to address more use cases, to add incremental licenses for more users or systems or to license additional products from our comprehensive platform. We measure the perpetual license maintenance renewal rate for our customers over a 12-month period, based on a dollar renewal rate of contracts expiring during that time period. Our perpetual license maintenance renewal rate is measured three months after the 12-month period ends to account for late renewals. Our renewal rate for each of the years ended December 31, 2012, 2013 and 2014 was over 90%. Our key strategies to maintain our renewal rate include focusing on the quality and reliability of our product updates and our technical support services.
41
We sell our products directly and through a global network of channel partners, including distributors and resellers, who then sell to their end customers. In 2014, we generated approximately half of our revenues through sales made by our global network of channel partners, with the balance being generated through our direct sales force. We refer to end customers as our customers throughout this prospectus. We believe that our hybrid sales model, which combines the leverage of channel sales with the account control of direct sales, will continue to play an important role in the growth of our customer base. Our hybrid sales model has aided our global growth by allowing us to partner with local distributors while being able to use our direct sales team in locations where that approach is advantageous to our business.
We market and sell our solution to organizations in a variety of industries and geographies. As of December 31, 2014, we had approximately 1,800 customers, including approximately 40% of the Fortune 100 and approximately 18% of the Global 2000. We define a customer to include a distinct entity, division or business unit of a company. The growth of our business and our future success depend on our ability to expand our customer base and increase our sales to existing customers, which depend on many factors, including our ability to expand our sales force, introduce new products and grow our relationships with channel partners. While each of these areas presents significant opportunities for us, they also pose important challenges and risks that we must successfully address in order to sustain the growth of our business and improve our results of operations. Additionally, the IT security market in which we operate is characterized by intense competition, constant innovation and evolving security needs, each of which may impact our ability to grow our business.
We have experienced strong growth over the last several years, as evidenced by a compound annual growth rate in revenues of 47.7% from 2012 to 2014. We have also increased our number of employees and subcontractors from 239 as of December 31, 2012 to 430 as of December 31, 2014. We intend to continue to aggressively grow our business to meet the needs of our customers and to pursue opportunities in new and existing verticals, geographies and products. We intend to continue to invest in the development of our sales and marketing teams, with a particular focus on expanding our channel partnerships and solidifying relationships with existing customers. We also plan to continue to invest in research and development in order to continue to develop technology for both existing and new products.
During the years ended December 31, 2012, 2013 and 2014, our revenues were $47.2 million, $66.2 million and $103.0 million, respectively, representing year-over-year growth of 40.1% and 55.7% in 2013 and 2014, respectively, and with maintenance and professional services comprising over 40% of our revenues each year. Our net income for the years ended December 31, 2012, 2013 and 2014 was $7.9 million, $6.6 million and $10.0 million, respectively.
Key Financial Metrics
We monitor several key financial metrics to help us evaluate growth trends, establish budgets, measure the effectiveness of our sales and marketing efforts and assess operational efficiencies. The key financial metrics that we monitor are as follows:
Year ended December 31, | ||||||||||||
2012 | 2013 | 2014 | ||||||||||
(in thousands) | ||||||||||||
Revenues |
$ | 47,208 | $ | 66,157 | $ | 102,999 | ||||||
Non-GAAP operating income(1) |
7,917 | 9,482 | 22,027 | |||||||||
Non-GAAP net income(1) |
8,322 | 8,484 | 15,836 | |||||||||
Net cash provided by operating activities |
13,657 | 20,159 | 23,840 | |||||||||
Total deferred revenues (as of period-end) |
15,068 | 24,478 | 32,160 |
(1) | For a reconciliation of non-GAAP operating income to operating income and of non-GAAP net income to net income, the nearest comparable GAAP measures, see SummarySummary Consolidated Financial Data. |
42
Revenues. We derive our revenues from licensing our cybersecurity software, selling maintenance and support contracts, and providing professional services to the extent requested by customers. We review our revenues generally to assess the overall health of our business and our license revenues in particular to assess the adoption of our software and our growth in the markets we serve.
We consider our license revenues to be particularly important in assessing our results of operations because license fees, particularly from new customers, impact both our short-term and long-term revenues. New customers impact our revenues favorably in the short-term because we recognize substantially all license fees immediately upon delivery. New customers contribute significantly to our revenues in the long-term because the size of our maintenance and support contracts is directly related to our licenses revenues, but revenues from maintenance and support contracts are recognized on a straight-line basis over the term of the related contract. This fact, coupled with the high renewal rate for our maintenance and support contracts, means that a meaningful portion of the revenues we report each period are recognized from deferred revenues generated by maintenance and support contracts entered into during previous quarters.
The amount that a customer pays for a license can vary from a few thousand dollars to many millions of dollars depending on its scope. We generally license our products on a price per user or price per server basis; however, our license agreements with a small number of our largest customers do not contain any limit on the number of users or servers in recognition of the size of the overall agreement. We also license certain of our products based on the number of concurrent sessions monitored or endpoints secured. As a result, we do not track, and are unable to track, the amount of license revenues we generate on a per user or per server basis. We do, however, maintain internal price guidelines for different size transactions and, since our cost of license revenues is negligible, we generate incremental profit from every license. Although we are focused on growing our customer base, we also do not focus on the exact number of customers that we add in a given period because our revenues are also a function of the size of initial sales to new customers and the size of upsells to existing customers. We seek to grow the number of large transactions that we enter into because they better leverage our operating expense base, and particularly our sales and marketing expenses, and also generate larger maintenance and support contracts to drive future revenues and margins.
Because the size of our maintenance and support contracts is directly related to our licenses revenues and because the rates that we charge for professional services fluctuate very little, the drivers of changes in these sources of revenues have to date been volume-based. Historically, there has been little fluctuation in price when we renew a contract for maintenance and support or for professional services. While the demand for professional services is expected to increase as our customer and license base grows, we expect that our channel partners will increase the amount of such services that they provide. Therefore, while we expect an increase in the dollar amount of our professional services revenue, we do not expect our professional services revenues to increase materially as a percentage of total revenues.
See Components of Statements of OperationsRevenue for more information.
Non-GAAP Operating Income and Non-GAAP Net Income. Non-GAAP operating income and non-GAAP net income are non-GAAP financial measures. We define non-GAAP operating income as operating income excluding share-based compensation expense. We define non-GAAP net income as net income excluding (i) share-based compensation expense, and (ii) financial expenses resulting from the revaluation of warrants to purchase preferred shares. Because of varying available valuation methodologies, subjective assumptions and the variety of equity instruments that can impact a companys non-cash expense, we believe that providing non-GAAP financial measures that exclude non-cash share-based compensation expense allow for more meaningful comparisons between our operating results from period to period. In addition, excluding financial expenses with respect to revaluation of warrants to purchase preferred shares allows for more meaningful comparison between our net income from period to period. As these warrants were exercised in connection with our initial public offering, they will no longer be revalued at each balance sheet date. Each of our non-GAAP financial measures is an important tool for financial and operational decision making and for evaluating our own operating results over
43
different periods of time. In particular, these financial measures reflect our operating expenses, the largest of which is currently sales and marketing. Accordingly, we assess the effectiveness of our sales and marketing efforts in part by considering whether increases in such expenditures are reflected in increased revenues and increased non-GAAP operating income and non-GAAP net income. The material factors driving changes in these financial measures are discussed under the subheading Revenues within Comparison of Period to Period Results of Operations.
Net Cash Provided by Operating Activities. We monitor net cash provided by operating activities as a measure of our overall business performance. Our net cash provided by operating activities is driven in large part by net income and from up-front payments for maintenance and support contracts and professional services. Monitoring net cash provided by operating activities enables us to analyze our financial performance as it includes our deferred revenues and removes the non-cash effects of certain items such as depreciation and share-based compensation expense, thereby allowing us to better understand and manage the cash needs of our business. Substantially all of the increase in our net cash provided by operating activities has been from growth in our net income (as adjusted for non-cash items) and in our deferred revenues. The material factors driving changes in our net income and our deferred revenues (which are driven by growth of our license revenues) are discussed under Comparison of Period to Period Results of Operations.
Total Deferred Revenues. Our total deferred revenues consist of amounts that have been paid but that have not yet been recognized as revenues because they do not meet the applicable criteria. The substantial majority of our deferred revenues consist of the unrecognized portion of upfront payments associated with maintenance and support contracts and, to a lesser extent, professional services. The remaining balance of our deferred revenues consists of payments for licenses that could not yet be recognized. We monitor our total deferred revenues because it represents a significant portion of revenues to be recognized in future periods. Substantially all of the increase in our total deferred revenues has been from growth in our maintenance and support contracts which, in turn, is driven by growth of our license revenues. The material factors driving changes in our license revenues are discussed under Comparison of Period to Period Results of Operations.
Components of Statements of Operations
Revenues
Our revenues are comprised of the following:
| License Revenues. License revenues are generated from sales of perpetual licenses for our cybersecurity software: Privileged Account Security Solution and Sensitive Information Management Solution. |
| Privileged Account Security SolutionThe substantial majority of our license revenues have been from sales of our Privileged Account Security Solution. Customers can purchase Enterprise Password Vault, SSH Key Manager, Privileged Session Manager, Privileged Threat Analytics, Application Identity Manager and On-Demand Privileges Manager. We license our Enterprise Password Vault to our customers based on the number of privileged account users. We offer customers the choice of licensing our Privileged Session Manager based on the number of devices secured or the number of concurrent sessions it monitors. We license our SSH Key Manager (introduced in late 2014), Application Identity Manager and On-Demand Privileges Manager to our customers based on the number of servers that each such product protects. We introduced our Privileged Threat Analytics product in late December 2013. We license our Privileged Threat Analytics to customers based on the number of protected endpoints, such as servers, desktops, databases or mobile devices. |
| Sensitive Information Management SolutionWe generate additional license revenues through sales of our Sensitive Information Management Solution, our first product to market. Customers license the Sensitive Information Management Solution based on the permitted number of users of the software. |
44
| Maintenance and Professional Services Revenues. Maintenance revenues are generated from maintenance and service contracts purchased by our customers in order to gain access to the latest software enhancements and updates on an if and when available basis and to telephone and email technical support. We also offer professional services focused on both deployment and training our customers to fully leverage the use of our products. |
Geographic Breakdown of Revenues
The United States is our biggest market, with the balance of our revenues generated from the EMEA region and the rest of the world, including North and South America (excluding the United States) as well as countries in the Asia Pacific region. The following table sets forth the geographic breakdown of our revenues by region for the periods indicated:
Year ended December 31, | ||||||||||||||||||||||||
2012 | 2013 | 2014 | ||||||||||||||||||||||
United States |
$ | 26,178 | 55.4 | % | $ | 32,041 | 48.4 | % | $ | 60,761 | 59.0 | % | ||||||||||||
EMEA |
14,148 | 30.0 | 25,796 | 39.0 | 33,198 | 32.2 | ||||||||||||||||||
Rest of World |
6,882 | 14.6 | 8,320 | 12.6 | 9,040 | 8.8 | ||||||||||||||||||
|
|
|
|
|
|
|
|
|
|
|
|
|||||||||||||
Total revenues |
$ | 47,208 | 100.0 | % | $ | 66,157 | 100.0 | % | $ | 102,999 | 100.0 | % | ||||||||||||
|
|
|
|
|
|
|
|
|
|
|
|
Cost of Revenues
Our total cost of revenues is comprised of the following:
| Cost of License Revenues. Cost of license revenues consists of shipping costs associated with delivery of our software and license payments to third-party software vendors. We expect the absolute cost of license revenues to increase as our license revenues increase. |
| Cost of Maintenance and Professional Services Revenues. Cost of maintenance and professional services revenues is primarily comprised of personnel costs for our global customer support organization. Personnel costs associated with customer support consist of salaries, benefits, bonuses and share-based compensation. We expect the absolute cost of maintenance and professional services revenues to increase as our customer base grows and as we hire additional professional services and technical support personnel. |
Gross Profit and Gross Margin
Gross profit is total revenues less total cost of revenues. Gross margin is gross profit expressed as a percentage of total revenues. Our gross margin has historically fluctuated slightly from period to period as a result of changes in the mix of license revenues and maintenance and professional services revenues and we expect this pattern to continue.
Operating Expenses
Our operating expenses are classified into three categories: research and development, sales and marketing and general and administrative. For each category, the largest component is personnel costs, which consists of salaries, employee benefits (including commissions and bonuses) and share-based compensation expense. Operating expenses also include allocated overhead costs for facilities and foreign currency hedging contracts gains and losses. Allocated costs for facilities primarily consist of rent, depreciation and office maintenance and utilities. Operating expenses are generally recognized as incurred. We expect personnel and all allocated costs to continue to increase in absolute dollars as we hire new employees and add facilities to continue to grow our business. We expect operating margins and operating income to decline in the near term compared to prior periods as we further increase our headcount to support the future growth of our business and incur public company expenses.
45
Research and Development. Research and development expenses consist primarily of personnel costs attributable to our research and development personnel and consultants as well as allocated overhead costs. We expense research and development expenses as incurred. We expect that our research and development expenses will continue to increase in absolute dollars and, in the near term, as a percentage of revenues as we increase our research and development headcount to further strengthen our technology platform and invest in the development of both existing and new products.
Sales and Marketing. Sales and marketing expenses are the largest component of our operating expenses and consist primarily of personnel costs, including variable compensation, as well as marketing and business development costs, product certifications, travel expenses and allocated overhead costs. We expect that sales and marketing expenses will continue to increase in absolute dollars and, in the near term, as a percentage of our revenues as we plan to expand our sales and marketing efforts globally. We expect sales and marketing expenses to be our largest category of operating expenses.
General and Administrative. General and administrative expenses consist primarily of personnel costs for our executive, finance, human resources, legal and administrative personnel. General and administrative expenses also include external legal, accounting and other professional service fees. We expect that general and administrative expense will increase in absolute dollars and, in the near term, as a percentage of revenues as we grow and expand our operations and operate as a public company, including higher legal, corporate insurance, investor relations and accounting expenses, and the additional costs of achieving and maintaining compliance with the Sarbanes-Oxley Act and related regulations.
Financial Income (Expenses), Net
Financial income (expenses), net consists of interest income, foreign currency exchange gains or losses and warrant liability expenses. Interest income consists of interest earned on our cash, cash equivalents and short-term bank deposits. We expect interest income to vary depending on our average investment balances and market interest rates during each reporting period. Foreign currency exchange changes reflect gains or losses related to transactions denominated in currencies other than the U.S. dollar. Warrant liability changes relate to our preferred share warrants. Our preferred share warrants are classified as a liability on our consolidated balance sheets and, as such, are remeasured to fair value each period with a corresponding expense from the adjustment recorded as financial income (expenses), net. Immediately prior to the completion of our initial public offering, all of our preferred share warrants were exercised and, accordingly, we no longer record any financial expenses in respect of them on our statement of operations. As of the most recent reporting period, we did not have any indebtedness for borrowed amounts.
Taxes on Income
The standard corporate tax rate in Israel for 2014 and thereafter is 26.5% and was 25.0% for 2012 and 2013.
As discussed in greater detail below under Taxation and Israeli Government Programs Applicable to our Company, we have received various tax benefits under the Investment Law. Under the Investment Law, our effective tax rate to be paid with respect to our Israeli taxable income under these benefits programs is 16.0%.
Under the Investment Law and other Israeli legislation, we are entitled to certain additional tax benefits, including accelerated depreciation and amortization rates for tax purposes on certain assets, deduction of public offering expenses in three equal annual installments.
Our non-Israeli subsidiaries are taxed according to the tax laws in their respective jurisdictions of organization. Due to our multi-jurisdictional operations, we apply significant judgment to determine our consolidated income tax position.
46
Comparison of Period to Period Results of Operations
The following tables set forth our results of operations in dollars and as a percentage of revenues for the periods indicated:
Year ended December 31, | ||||||||||||||||||||||||
2012 | 2013 | 2014 | ||||||||||||||||||||||
Amount | % of Revenues |
Amount | % of Revenues |
Amount | % of Revenues |
|||||||||||||||||||
(in thousands, except for %) | ||||||||||||||||||||||||
Revenues: |
||||||||||||||||||||||||
License |
$ | 27,029 | 57.3 | % | $ | 38,907 | 58.8 | % | $ | 61,320 | 59.5 | % | ||||||||||||
Maintenance and professional services |
20,179 | 42.7 | 27,250 | 41.2 | 41,679 | 40.5 | ||||||||||||||||||
|
|
|
|
|
|
|
|
|
|
|
|
|||||||||||||
Total revenues |
47,208 | 100.0 | 66,157 | 100.0 | 102,999 | 100.0 | ||||||||||||||||||
|
|
|
|
|
|
|
|
|
|
|
|
|||||||||||||
Cost of revenues: |
||||||||||||||||||||||||
License |
1,002 | 2.1 | 1,216 | 1.8 | 2,654 | 2.6 | ||||||||||||||||||
Maintenance and professional services |
5,922 | 12.6 | 7,860 | 11.9 | 12,053 | 11.7 | ||||||||||||||||||
|
|
|
|
|
|
|
|
|
|
|
|
|||||||||||||
Total cost of revenues |
6,924 | 14.7 | 9,076 | 13.7 | 14,707 | 14.3 | ||||||||||||||||||
|
|
|
|
|
|
|
|
|
|
|
|
|||||||||||||
Gross profit |
40,284 | 85.3 | 57,081 | 86.3 | 88,292 | 85.7 | ||||||||||||||||||
|
|
|
|
|
|
|
|
|
|
|
|
|||||||||||||
Operating expenses: |
||||||||||||||||||||||||
Research and development |
7,273 | 15.4 | 10,404 | 15.7 | 14,400 | 14.0 | ||||||||||||||||||
Sales and marketing |
22,081 | 46.7 | 32,840 | 49.7 | 44,943 | 43.6 | ||||||||||||||||||
General and administrative |
3,297 | 7.0 | 4,758 | 7.2 | 8,495 | 8.2 | ||||||||||||||||||
|
|
|
|
|
|
|
|
|
|
|
|
|||||||||||||
Total operating expenses |
32,651 | 69.1 | 48,002 | 72.6 | 67,838 | 65.8 | ||||||||||||||||||
|
|
|
|
|
|
|
|
|
|
|
|
|||||||||||||
Operating income |
7,633 | 16.2 | 9,079 | 13.7 | 20,454 | 19.9 | ||||||||||||||||||
Financial income (expenses), net |
4 | 0.0 | (1,124 | ) | (1.7 | ) | (5,988 | ) | (5.8 | ) | ||||||||||||||
|
|
|
|
|
|
|
|
|
|
|
|
|||||||||||||
Income before taxes on income |
7,637 | 16.2 | 7,955 | 12.0 | 14,466 | 14.1 | ||||||||||||||||||
Taxes on income (benefit) |
(225 | ) | (0.5 | ) | 1,320 | 2.0 | 4,512 | 4.4 | ||||||||||||||||
|
|
|
|
|
|
|
|
|
|
|
|
|||||||||||||
Net income |
$ | 7,862 | 16.7 | % | $ | 6,635 | 10.0 | % | $ | 9,954 | 9.7 | % | ||||||||||||
|
|
|
|
|
|
|
|
|
|
|
|
Year Ended December 31, 2013 Compared to Year Ended December 31, 2014
Revenues
Year ended December 31, | ||||||||||||||||||||||||
2013 | 2014 | Change | ||||||||||||||||||||||
Amount | % of Revenues |
Amount | % of Revenues |
Amount | % | |||||||||||||||||||
($ in thousands) | ||||||||||||||||||||||||
Revenues: |
||||||||||||||||||||||||
License |
$ | 38,907 | 58.8 | % | $ | 61,320 | 59.5 | % | $ | 22,413 | 57.6 | % | ||||||||||||
Maintenance and professional services |
27,250 | 41.2 | 41,679 | 40.5 | 14,429 | 53.0 | ||||||||||||||||||
|
|
|
|
|
|
|
|
|
|
|
|
|||||||||||||
Total revenues |
$ | 66,157 | 100.0 | % | $ | 102,999 | 100.0 | % | $ | 36,842 | 55.7 | % | ||||||||||||
|
|
|
|
|
|
|
|
|
|
|
|
Revenues increased by $36.8 million, or 55.7%, from $66.2 million in 2013 to $103.0 million in 2014. This increase was due to increased sales volume of our solution. This increase was also driven by growth in both our license revenues and our maintenance and professional services revenue. This growth was most pronounced in the United States where revenues increased by $28.7 million compared to increases of $ 7.4 million in the EMEA and $0.7 million in the rest of the world. The significant increase in revenues from the United States primarily resulted from eight large transactions of greater than $1.0 million each that together accounted for $14.9 million.
47
Multiple large transactions or even a single large transaction in a specific period could continue to materially impact relative growth rates among our different regions for a particular period. We increased our number of customers from approximately 1,500 as of December 31, 2013 to approximately 1,800 as of December 31, 2014.
License revenues increased by $22.4 million, or 57.6%, from $38.9 million in 2013 to $61.3 million in 2014. In 2014, approximately 40% of license revenues were generated from sales to customers from whom we had generated revenues before this period. Substantially all of the license revenue growth resulted from increased sales of our Privileged Account Security Solution, driven by increased demand for our Enterprise Password Vault, Privileged Session Manager and our Application Identity Manager.
Maintenance and professional services revenues increased by $14.4 million, or 53.0%, from $27.3 million in 2013 to $41.7 million in 2014. Maintenance revenues increased by $10.8 million from $22.3 million in 2013 to $33.1 million in 2014, with renewals accounting for approximately $5.9 million and initial maintenance contracts for approximately $4.9 million, respectively, of this increase. Professional services revenues increased by $3.6 million from $5.0 million in 2013 to $8.6 million in 2014 due to the provision of more services to customers.
Cost of Revenues and Gross Profit
Year ended December 31, | Change | |||||||||||||||||||||||
2013 | 2014 | |||||||||||||||||||||||
Amount | % of Revenues |
Amount | % of Revenues |
Amount | % | |||||||||||||||||||
($ in thousands) | ||||||||||||||||||||||||
Cost of revenues: |
||||||||||||||||||||||||
License |
$ | 1,216 | 1.8 | % | $ | 2,654 | 2.6 | % | $ | 1,438 | 118.3 | % | ||||||||||||
Maintenance and professional services |
7,860 | 11.9 | 12,053 | 11.7 | 4,193 | 53.3 | ||||||||||||||||||
|
|
|
|
|
|
|
|
|
|
|
|
|||||||||||||
Total cost of revenues |
$ | 9,076 | 13.7 | % | $ | 14,707 | 14.3 | % | $ | 5,631 | 62.0 | % | ||||||||||||
|
|
|
|
|
|
|
|
|
|
|
|
|||||||||||||
Gross profit |
$ | 57,081 | 86.3 | % | $ | 88,292 | 85.7 | % | $ | 31,211 | 54.7 | % | ||||||||||||
|
|
|
|
|
|
|
|
|
|
|
|
Cost of license revenues increased by $1.4 million, or 118.3%, from $1.2 million in 2013 to $2.6 million in 2014. The increase in cost of license revenues was driven primarily by an increase in license revenues.
Cost of maintenance and professional services revenues increased by $4.2 million, or 53.3%, from $7.9 million in 2013 to $12.1 million in 2014. The increase in cost of maintenance and professional services revenues was driven primarily by a $3.5 million increase in personnel costs and related expenses as our technical support and professional services headcount grew from 60 at the end of 2013 to 76 at the end of 2014.
Gross profit increased by $31.2 million, or 54.7%, from $57.1 million in 2013 to $88.3 million in 2014. Gross margins decreased from 86.3% in 2013 to 85.7% in 2014. This decrease was driven by increase in costs associated with sales of licenses.
Operating Expenses
Year ended December 31, | Change | |||||||||||||||||||||||
2013 | 2014 | |||||||||||||||||||||||
Amount | % of Revenues |
Amount | % of Revenues |
Amount | % | |||||||||||||||||||
($ in thousands) | ||||||||||||||||||||||||
Operating expenses: |
||||||||||||||||||||||||
Research and development |
$ | 10,404 | 15.7 | % | $ | 14,400 | 14.0 | % | $ | 3,996 | 38.4 | % | ||||||||||||
Sales and marketing |
32,840 | 49.7 | 44,943 | 43.6 | 12,103 | 36.9 | ||||||||||||||||||
General and administrative |
4,758 | 7.2 | 8,495 | 8.2 | 3,737 | 78.5 | ||||||||||||||||||
|
|
|
|
|
|
|
|
|
|
|
|
|||||||||||||
Total operating expenses |
$ | 48,002 | 72.6 | % | $ | 67,838 | 65.8 | % | $ | 19,836 | 41.3 | % | ||||||||||||
|
|
|
|
|
|
|
|
|
|
|
|
48
Research and Development. Research and development expenses increased by $4.0 million, or 38.4%, from $10.4 million in 2013 to $14.4 million in 2014. This increase was primarily attributable to a $3.6 million increase in personnel costs and related expenses as we increased our research and development team headcount from 95 at the end of 2013 to 119 at the end of 2014 to support continued investment in our future product and service offerings. The increase was also attributable to a $0.4 million increase related to allocated overhead costs.
Sales and Marketing. Sales and marketing expenses increased by $12.1 million, or 36.9%, from $32.8 million in 2013 to $44.9 million in 2014. This increase was primarily attributable to a $9.8 million increase in expenses for salaries and related expenses due to increased headcount in all regions to expand our sales and marketing organization coupled with a $0.8 million increase in expenses related to our marketing programs and a $0.8 million increase in travel and related expenses. Our sales and marketing headcount grew from 135 at the end of 2013 to 202 at the end of 2014. The remainder of the increase is attributable to increased costs related to facilities and overhead allocation.
General and Administrative. General and administrative expenses increased by $3.7 million, or 78.5%, from $4.8 million in 2013 to $8.5 million in 2014. This increase was primarily attributable to an increase of $1.8 million in payroll expenses, including variable compensation to executive management, and due to increased headcount coupled with a $1.9 million increase in other expenses such as legal, accounting, facilities, directors fees, travel expenses and share incentive compensation expenses, and other administrative expenses.
Financial Expenses, Net. Financial expenses increased by $4.9 million from $1.1 million in 2013 to $6.0 million in 2014. This increase resulted primarily from expenses associated with the revaluation of fair value of warrants to purchase series B3 preferred shares of $2.9 million coupled with losses of $2.0 million due to exchange rate fluctuations.
Taxes on Income. Taxes on income increased from $1.3 million in 2013 to $4.5 million in 2014. This increase was attributable to an increase of $1.4 million in tax expenses in Israel and an increase of $1.8 million in tax expenses in foreign locations, mainly the United States.
Year Ended December 31, 2012 Compared to Year Ended December 31, 2013
Revenues
Year ended December 31, | Change | |||||||||||||||||||||||
2012 | 2013 | |||||||||||||||||||||||
Amount | % of Revenues |
Amount | % of Revenues |
Amount | % | |||||||||||||||||||
($ in thousands) | ||||||||||||||||||||||||
Revenues: |
||||||||||||||||||||||||
License |
$ | 27,029 | 57.3 | % | $ | 38,907 | 58.8 | % | $ | 11,878 | 43.9 | % | ||||||||||||
Maintenance and professional services |
20,179 | 42.7 | 27,250 | 41.2 | 7,071 | 35.0 | ||||||||||||||||||
|
|
|
|
|
|
|
|
|
|
|
|
|||||||||||||
Total revenues |
$ | 47,208 | 100.0 | % | $ | 66,157 | 100.0 | % | $ | 18,949 | 40.1 | % | ||||||||||||
|
|
|
|
|
|
|
|
|
|
|
|
Revenues increased by $19.0 million, or 40.1%, from $47.2 million in 2012 to $66.2 million in 2013. This increase was due to increased sales volume of our solution. This increase was also driven by growth in both our license revenues and our maintenance and professional services revenue. This growth was most pronounced in the EMEA region where revenues increased by $11.7 million compared to increases of $5.9 million in the United States and $1.4 million in the rest of the world. The significant increases in the EMEA region primarily resulted from three large transactions of greater than $1.0 million each with new customers that together accounted for $5.1 million of the increased revenue. Multiple large transactions or even a single large transaction in a specific period could continue to materially impact relative growth rates among our different regions for a particular period. We increased our number of customers from approximately 1,200 as of December 31, 2012 to approximately 1,500 as of December 31, 2013.
49
License revenues increased by $11.9 million, or 43.9%, from $27.0 million in 2012 to $38.9 million in 2013. In 2013, approximately 32% of license revenues were generated from sales to customers from whom we had generated revenues before this period. Substantially all of the license revenue growth resulted from increased sales of our Privileged Account Security Solution, driven by demand for our Privileged Session Manager and our Application Identity Manager.
Maintenance and professional services revenues increased by $7.1 million, or 35.0%, from $20.2 million in 2012 to $27.3 million in 2013. Maintenance revenues increased by $6.0 million from $16.3 million in 2012 to $22.3 million in 2013, with renewals accounting for approximately $4.2 million and initial maintenance contracts for approximately $1.8 million, respectively, of this increase. Professional services revenues increased by $1.1 million from $3.9 million in 2012 to $5.0 million in 2013 due to the provision of more services to customers.
Cost of Revenues and Gross Profit
Year ended December 31, | ||||||||||||||||||||||||
2012 | 2013 | Change | ||||||||||||||||||||||
Amount | % of Revenues |
Amount | % of Revenues |
Amount | % | |||||||||||||||||||
($ in thousands) | ||||||||||||||||||||||||
Cost of Revenues: |
||||||||||||||||||||||||
License |
$ | 1,002 | 2.1 | % | $ | 1,216 | 1.8 | % | $ | 214 | 21.4 | % | ||||||||||||
Maintenance and professional services |
5,922 | 12.6 | 7,860 | 11.9 | 1,938 | 32.7 | ||||||||||||||||||
|
|
|
|
|
|
|
|
|
|
|
|
|||||||||||||
Total cost of revenues |
$ | 6,924 | 14.7 | % | $ | 9,076 | 13.7 | % | $ | 2,152 | 31.1 | % | ||||||||||||
|
|
|
|
|
|
|
|
|
|
|
|
|||||||||||||
Gross profit |
$ | 40,284 | 85.3 | % | $ | 57,081 | 86.3 | % | $ | 16,797 | 41.7 | % | ||||||||||||
|
|
|
|
|
|
|
|
|
|
|
|
Cost of license revenues increased by $0.2 million, or 21.4%, from $1.0 million in 2012 to $1.2 million in 2013. The increase in cost of license revenues was driven primarily by an increase in license revenues.
Cost of maintenance and professional services revenues increased by $2.0 million, or 32.7%, from $5.9 million in 2012 to $7.9 million in 2013. The increase in cost of maintenance and professional services revenue was driven primarily by a $1.7 million increase in personnel costs and related expenses as our technical support and professional services headcount grew from 47 at the end of 2012 to 60 at the end of 2013.
Gross profit increased by $16.8 million, or 41.7%, from $40.3 million in 2012 to $57.1 million in 2013. Gross margins increased from 85.3% in 2012 to 86.3% in 2013. This increase was driven by our revenue growth outpacing the growth of our cost of revenues.
Operating Expenses
Year ended December 31, | Change | |||||||||||||||||||||||
2012 | 2013 | |||||||||||||||||||||||
Amount | % of Revenues |
Amount | % of Revenues |
Amount | % | |||||||||||||||||||
($ in thousands) | ||||||||||||||||||||||||
Operating expenses: |
||||||||||||||||||||||||
Research and development |
$ | 7,273 | 15.4 | % | $ | 10,404 | 15.7 | % | $ | 3,131 | 43.0 | % | ||||||||||||
Sales and marketing |
22,081 | 46.7 | 32,840 | 49.7 | 10,759 | 48.7 | ||||||||||||||||||
General and administrative |
3,297 | 7.0 | 4,758 | 7.2 | 1,461 | 44.3 | ||||||||||||||||||
|
|
|
|
|
|
|
|
|
|
|
|
|||||||||||||
Total operating expenses |
$ | 32,651 | 69.1 | % | $ | 48,002 | 72.6 | % | $ | 15,351 | 47.0 | % | ||||||||||||
|
|
|
|
|
|
|
|
|
|
|
|
50
Research and Development. Research and development expenses increased by $3.1 million, or 43.0%, from $7.3 million in 2012 to $10.4 million in 2013. This increase was primarily attributable to a $2.6 million increase in personnel costs and related expenses as we increased our research and development team headcount from 70 at the end of 2012 to 95 at the end of 2013 to support continued investment in our future product and service offerings. The increase was also attributable to a $0.4 million increase related to allocated overhead costs.
Sales and Marketing. Sales and marketing expenses increased by $10.7 million, or 48.7%, from $22.1 million in 2012 to $32.8 million in 2013. This increase was attributable to an $8.0 million increase in expenses for salaries and related expenses due to increased headcount in all regions to expand our sales and marketing organization coupled with a $1.4 million increase in expenses related to our marketing programs and a $0.8 million increase in travel and related expenses. Our sales and marketing headcount grew from 100 at the end of 2012 to 135 at the end of 2013. The remainder of the increase is attributable to increased investment in marketing programs.
General and Administrative. General and administrative expenses increased by $1.5 million, or 44.3%, from $3.3 million in 2012 to $4.8 million in 2013. This increase was primarily attributable to an increase of $1.2 million in payroll expenses, including variable compensation to executive management, and due to increased headcount coupled with a $0.2 million increase in other expenses such as legal, facilities and other administrative expenses.
Financial Income (Expenses), Net. In 2012, financial income (expenses), net, was zero. In 2013, we had financial expenses, net, of $1.1 million. This change resulted primarily from an increase of $1.4 million in expenses associated with the measurement of fair value of warrants to purchase series B3 preferred shares, partially offset by a gain of $0.3 million due to exchange rate fluctuations.
Taxes on Income. Taxes on income increased from a tax benefit of $0.2 million in 2012 to tax expenses of $1.3 million in 2013. This increase was attributable to an increase of $1.8 million in tax expenses in Israel offset by a decrease of $0.3 million in the United States.
Quarterly Results of Operations and Seasonality
The following tables present our unaudited condensed consolidated quarterly results of operations in dollars and as a percentage of revenues for the periods indicated. This information should be read in conjunction with our audited consolidated financial statements and related notes included elsewhere in this prospectus. The historical quarterly results presented are not necessarily indicative of the results that may be expected for any future quarters or periods.
51
The quarterly supplemental financial measures below include quarterly non-GAAP operating income, non-GAAP net income and net cash provided by operating activities, which are non-GAAP financial measures. See SummarySummary Consolidated Financial Data for a description of how we calculate non-GAAP operating income and non-GAAP net income, a reconciliation of these non-GAAP financial measures to the most directly comparable GAAP measures and a discussion about the limitations of these non-GAAP financial measures.
Three months ended | ||||||||||||||||||||||||||||||||
Mar. 31, 2013 |
Jun. 30, 2013 |
Sept. 30, 2013 |
Dec. 31, 2013 |
Mar. 31, 2014 |
Jun. 30, 2014 |
Sept. 30, 2014 |
Dec. 31, 2014 |
|||||||||||||||||||||||||
(in thousands) | ||||||||||||||||||||||||||||||||
Consolidated Statements of Operations Data: |
||||||||||||||||||||||||||||||||
Revenues: |
||||||||||||||||||||||||||||||||
License |
$ | 6,702 | $ | 9,717 | $ | 9,970 | $ | 12,518 | $ | 9,120 | $ | 11,129 | $ | 16,620 | $ | 24,451 | ||||||||||||||||
Maintenance and professional services |
6,029 | 6,767 | 6,920 | 7,534 | 8,275 | 10,209 | 11,341 | 11,854 | ||||||||||||||||||||||||
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|||||||||||||||||
Total revenues |
12,731 | 16,484 | 16,890 | 20,052 | 17,395 | 21,338 | 27,961 | 36,305 | ||||||||||||||||||||||||
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|||||||||||||||||
Cost of revenues: |
||||||||||||||||||||||||||||||||
License |
269 | 243 | 223 | 481 | 628 | 733 | 462 | 831 | ||||||||||||||||||||||||
Maintenance and professional services |
1,865 | 2,001 | 1,920 | 2,074 | 2,425 | 2,875 | 3,072 | 3,681 | ||||||||||||||||||||||||
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|||||||||||||||||
Total cost of revenues |
2,134 | 2,244 | 2,143 | 2,555 | 3,053 | 3,608 | 3,534 | 4,512 | ||||||||||||||||||||||||
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|||||||||||||||||
Gross profit |
10,597 | 14,240 | 14,747 | 17,497 | 14,342 | 17,730 | 24,427 | 31,793 | ||||||||||||||||||||||||
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|||||||||||||||||
Operating expenses: |
||||||||||||||||||||||||||||||||
Research and development |
2,269 | 2,568 | 2,717 | 2,850 | 3,237 | 3,342 | 3,658 | 4,163 | ||||||||||||||||||||||||
Sales and marketing |
6,817 | 7,740 | 7,876 | 10,407 | 9,433 | 9,682 | 11,040 | 14,788 | ||||||||||||||||||||||||
General and administrative |
965 | 1,055 | 1,156 | 1,582 | 1,481 | 1,637 | 2,041 | 3,336 | ||||||||||||||||||||||||
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|||||||||||||||||
Total operating expenses |
10,051 | 11,363 | 11,749 | 14,839 | 14,151 | 14,661 | 16,739 | 22,287 | ||||||||||||||||||||||||
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|||||||||||||||||
Operating income |
546 | 2,877 | 2,998 | 2,658 | 191 | 3,069 | 7,688 | 9,506 | ||||||||||||||||||||||||
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|||||||||||||||||
Net income (loss) |
$ | 128 | $ | 2,598 | $ | 2,513 | $ | 1,396 | $ | (1,248 | ) | $ | 1,230 | $ | 3,312 | $ | 6,660 | |||||||||||||||
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
52
Three months ended | ||||||||||||||||||||||||||||||||
Mar. 31, 2013 |
Jun. 30, 2013 |
Sept. 30, 2013 |
Dec. 31, 2013 |
Mar. 31, 2014 |
Jun. 30, 2014 |
Sept. 30, 2014 |
Dec. 31, 2014 |
|||||||||||||||||||||||||
(as a % of total revenues) | ||||||||||||||||||||||||||||||||
Consolidated Statements of Operations Data: |
||||||||||||||||||||||||||||||||
Revenues: |
||||||||||||||||||||||||||||||||
License |
52.6 | % | 58.9 | % | 59.0 | % | 62.4 | % | 52.4 | % | 52.2 | % | 59.4 | % | 67.3 | % | ||||||||||||||||
Maintenance and professional services |
47.4 | 41.1 | 41.0 | 37.6 | 47.6 | 47.8 | 40.6 | 32.7 | ||||||||||||||||||||||||
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|||||||||||||||||
Total revenues |
100.0 | 100.0 | 100.0 | 100.0 | 100.0 | 100.0 | 100.0 | 100.0 | ||||||||||||||||||||||||
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|||||||||||||||||
Cost of revenues: |
||||||||||||||||||||||||||||||||
License |
2.1 | 1.5 | 1.3 | 2.4 | 3.6 | 3.4 | 1.6 | 2.3 | ||||||||||||||||||||||||
Maintenance and professional services |
14.7 | 12.1 | 11.4 | 10.3 | 14.0 | 13.5 | 11.0 | 10.1 | ||||||||||||||||||||||||
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|||||||||||||||||
Total cost of revenues |
16.8 | 13.6 | 12.7 | 12.7 | 17.6 | 16.9 | 12.6 | 12.4 | ||||||||||||||||||||||||
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|||||||||||||||||
Gross profit |
83.2 | 86.4 | 87.3 | 87.3 | 82.4 | 83.1 | 87.4 | 87.6 | ||||||||||||||||||||||||
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|||||||||||||||||
Operating expenses: |
||||||||||||||||||||||||||||||||
Research and development |
17.8 | 15.6 | 16.1 | 14.2 | 18.6 | 15.6 | 13.1 | 11.5 | ||||||||||||||||||||||||
Sales and marketing |
53.5 | 46.9 | 46.6 | 51.9 | 54.2 | 45.4 | 39.5 | 40.7 | ||||||||||||||||||||||||
General and administrative |
7.6 | 6.4 | 6.8 | 7.9 | 8.5 | 7.7 | 7.3 | 9.2 | ||||||||||||||||||||||||
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|||||||||||||||||
Total operating expenses |
78.9 | 68.9 | 69.5 | 74.0 | 81.3 | 68.7 | 59.9 | 61.4 | ||||||||||||||||||||||||
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|||||||||||||||||
Operating income |
4.3 | 17.5 | 17.8 | 13.3 | 1.1 | 14.4 | 27.5 | 26.2 | ||||||||||||||||||||||||
Net income (loss) |
1.0 | % | 15.8 | % | 14.9 | % | 7.0 | % | (7.2 | )% | 5.8 | % | 11.8 | % | 18.3 | % | ||||||||||||||||
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Three months ended | ||||||||||||||||||||||||||||||||
Mar. 31, 2013 |
Jun. 30, 2013 |
Sept. 30, 2013 |
Dec. 31, 2013 |
Mar. 31, 2014 |
Jun. 30, 2014 |
Sept. 30, 2014 |
Dec. 31, 2014 |
|||||||||||||||||||||||||
(in thousands) | ||||||||||||||||||||||||||||||||
Supplemental Financial Metrics: |
||||||||||||||||||||||||||||||||
Non-GAAP operating income |
$ | 627 | $ | 2,972 | $ | 3,108 | $ | 2,775 | $ | 347 | $ | 3,253 | $ | 8,374 | $ | 10,053 | ||||||||||||||||
Non-GAAP net income |
209 | 2,845 | 3,270 | 2,160 | 304 | 2,448 | 5,877 | 7,207 | ||||||||||||||||||||||||
Net cash provided by operating activities |
3,699 | 3,024 | 6,485 | 6,951 | 8,898 | 3,781 | 835 | 10,326 | ||||||||||||||||||||||||
Total deferred revenues (as of three-months end) |
17,310 | 19,649 | 22,723 | 24,478 | 32,395 | 31,937 | 27,742 | 32,160 | ||||||||||||||||||||||||
Reconciliation of Operating Income to Non-GAAP Operating Income: |
||||||||||||||||||||||||||||||||
Operating income |
$ | 546 | $ | 2,877 | $ | 2,998 | $ | 2,658 | $ | 191 | $ | 3,069 | $ | 7,688 | $ | 9,506 | ||||||||||||||||
Share-based compensation |
81 | 95 | 110 | 117 | 156 | 184 | 686 | 547 | ||||||||||||||||||||||||
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|||||||||||||||||
Non-GAAP operating income |
$ | 627 | $ | 2,972 | $ | 3,108 | $ | 2,775 | $ | 347 | $ | 3,253 | $ | 8,374 | $ | 10,053 | ||||||||||||||||
Reconciliation of Net Income (Loss) to Non-GAAP Net Income: |
||||||||||||||||||||||||||||||||
Net income (loss) |
$ | 128 | $ | 2,598 | $ | 2,513 | $ | 1,396 | $ | (1,248 | ) | $ | 1,230 | $ | 3,312 | $ | 6,660 | |||||||||||||||
Share-based compensation |
81 | 95 | 110 | 117 | 156 | 184 | 686 | 547 | ||||||||||||||||||||||||
Warrant adjustment |
| 152 | 647 | 647 | 1,396 | 1,034 | 1,879 | | ||||||||||||||||||||||||
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|||||||||||||||||
Non-GAAP net income |
$ | 209 | $ | 2,845 | $ | 3,270 | $ | 2,160 | $ | 304 | $ | 2,448 | $ | 5,877 | $ | 7,207 |
53
Quarterly Revenue Trends. Our quarterly revenues increased year-over-year for all periods presented due to increased sales of licenses to new customers, as well as upsells to existing customers of new licenses as well as professional and support service contracts. Comparisons of our year-over-year total quarterly revenues are more meaningful than comparisons of our sequential results due to seasonality in the sale of our products and services. Our fourth quarter has historically been our strongest quarter for sales because our target customers are enterprises that generally make such license purchases in this quarter. While we believe that these seasonal trends have affected and will continue to affect our quarterly results, our rapid growth has largely masked seasonal trends to date. We believe that our business may become more seasonal in the future. Historical patterns in our business may not be a reliable indicator of our future sales activity or performance.
Quarterly Gross Profit and Margin Trends. Our quarterly gross profit increased year-over-year for all periods presented. Our fourth quarter gross profit has historically been our strongest, which is consistent with our quarterly revenue trends. Our quarterly gross margin has remained relatively consistent over all periods presented, and any fluctuation is primarily due to shifts in the mix of sales between licenses and maintenance and professional services, as well as the types and volumes of products sold.
Quarterly Operating Expense Trends. Our quarterly operating expenses increased year-over-year for all periods presented primarily due to the addition of personnel in connection with the expansion of our business. Our operating expenses generally increase in the fourth quarter of each year as expenses increase to accommodate the increased revenues encountered in this quarter. Research and development expenses increased sequentially over the periods as we increased our headcount to support continued investment in our future products and services offerings. Sales and marketing expenses increased significantly over the periods as we incurred costs associated with commission expenses to sales people, personnel costs associated with increases in headcount and an increase in overhead allocations. General and administrative expenses increased over the periods primarily due to an increase in personnel costs, legal expenses and professional services fees related to preparing to be a public company.
Liquidity and Capital Resources
We fund our operations with cash generated from operating activities. In the past, we have also raised capital through the sale of equity securities to investors in private placements and, to a lesser extent, through exercised options. Our primary current uses of our cash are ongoing operating expenses and capital expenditures.
As of December 31, 2014, we had $177.2 million of cash, cash equivalents and short-term bank deposits. This compared with cash, cash equivalents and short-term bank deposits of $65.4 million and $46.0 million as of December 31, 2013 and 2012, respectively. We believe that our existing cash, cash equivalents and short-term bank deposits will be sufficient to fund our operations and capital expenditures for at least the next 12 months. Our future capital requirements will depend on many factors, including our rate of revenue growth, the expansion of our sales and marketing activities, the timing and extent of spending to support product development efforts and expansion into new geographic locations, the timing of introductions of new software products and enhancements to existing software products and the continuing market acceptance of our software offerings.
The following table presents the major components of net cash flows for the periods presented:
Year Ended December 31, | ||||||||||||
2012 | 2013 | 2014 | ||||||||||
(in thousands) | ||||||||||||
Net cash provided by operating activities |
$ | 13,657 | $ | 20,159 | $ | 23,840 | ||||||
Net cash used in investing activities |
(3,233 | ) | (826 | ) | (51,445 | ) | ||||||
Net cash provided by (used in) financing activities |
(329 | ) | 159 | 89,410 |
54
A substantial source of our net cash provided by operating activities is our deferred revenues, which is included on our consolidated balance sheet as a liability. The majority of our deferred revenues consist of the unrecognized portion of upfront payments associated with maintenance and professional services, with the remainder consisting of payments for licenses that could not yet be recognized. We assess our liquidity, in part, through an analysis of our short and long-term deferred revenues that have not yet been recognized as revenues together with our other sources of liquidity. Deferred revenues for licenses are recognized when all applicable revenue criteria are met. Revenues from maintenance and support contracts are recognized ratably on a straight-line basis over the term of the related contract which is typically one year and, to a lesser extent, three years, and from professional services as services are performed. Thus, since we frequently recognize revenues in subsequent periods to when certain payments may be received, an increase in deferred revenues adds to the liquidity of our operations.
Net Cash Provided by Operating Activities
Our cash flows historically have reflected our net income coupled with changes in our non-cash working capital. During the year ended December 31, 2014, operating activities provided $23.8 million in cash as a result of $10.0 million net income combined with a decrease of $3.1 million in our non-cash working capital, adjusted by $7.2 million of non-cash charges related to a $4.3 million change in the fair value of warrants to purchase preferred shares, share-based compensation expenses of $1.6 million, depreciation of $0.7 million and tax benefit of $0.6 million coupled with a $3.3 million increase in long-term deferred revenues from three-year maintenance contracts for which we collected payment up front and a $0.2 million increase in long-term liabilities. The decrease of $3.1 million in our non-cash working capital was due to a $4.4 million increase in short-term deferred revenues and a $5.5 million increase in employees and payroll accruals and other current liabilities, which were partially offset by a $6.5 million increase in trade receivable and an increase of $0.3 million in trade payables and prepaid expenses and other current assets. Our days sales outstanding (DSO) was 68 days for the year ended December 31, 2014.
During the year ended December 31, 2013, operating activities provided $20.2 million in cash as a result of a decrease of $9.5 million in our non-cash working capital combined with net income of $6.6 million, adjusted by $2.3 million of non-cash charges related to a $1.4 million change in the fair value of warrants to purchase preferred shares, depreciation of $0.5 million and share-based compensation expenses of $0.4 million coupled with a $1.8 million increase in long-term deferred revenues from three-year maintenance contracts for which we collected payment up front. The decrease in our non-cash working capital was due to a $7.6 million increase in short-term deferred revenues and a $6.6 million increase in trade payables and employee-related accruals which were partially offset by increases of $3.3 million in trade receivables, $0.9 million in other current assets and $0.5 million in short-term deferred tax assets. Our DSO was 70 days for the year ended December 31, 2013.
During the year ended December 31, 2012, operating activities provided $13.7 million in cash as a result of a decrease in our non-cash working capital of $0.7 million combined with net income of $7.9 million, adjusted by $0.8 million of non-cash charges related to share-based compensation expenses of $0.3 million, depreciation of $0.3 million and a $0.2 million change in the fair value of warrants to purchase preferred shares coupled with a $2.9 million increase in long-term deferred revenues from three-year maintenance contracts for which we collected payment up front and a decrease in long-term assets, net, of $1.4 million. The decrease in our non-cash working capital was due to a $2.9 million increase in short-term deferred revenues and a $2.7 million increase in account and trade payables and employee-related accruals which were partially offset by increases of $3.1 million in trade receivables and $1.8 million in short-term deferred tax assets. Our DSO was 73 days for the year ended December 31, 2012.
Net Cash Used in Investing Activities
Net cash used in investing activities was $51.4 million for the year ended December 31, 2014. Net cash used in investing activities was $3.2 million and $0.8 million in 2012 and 2013, respectively. Investing activities have consisted primarily of investment in and proceeds from short-term deposits, and purchase of property and equipment.
55
Net Cash Provided by (Used in) Financing Activities
Our financing activities have primarily consisted of proceeds from the issuance and sale of our securities and proceeds from the exercise of share options. Net cash provided by financing activities was $89.4 million and $0.2 million for the years ended December 31, 2014 and 2013, respectively. Net cash used in financing activities was $0.3 million in 2012.
Contractual Obligations
The following summarizes our contractual obligations as of December 31, 2014:
Payments Due by Period(1) | ||||||||||||||||||||||||
Total | 2015 | 2016 | 2017 | 2018 | 2019 and thereafter |
|||||||||||||||||||
(in thousands) | ||||||||||||||||||||||||
Operating lease obligations(1) |
$ | 7,562 | $ | 2,301 | $ | 1,922 | $ | 636 | $ | 614 | $ | 2,089 | ||||||||||||
Uncertain tax obligations(2) |
322 | | | | | | ||||||||||||||||||
Severance pay(3) |
4,101 | | | | | | ||||||||||||||||||
|
|
|
|
|
|
|
|
|
|
|
|
|||||||||||||
Total |
$ | 11,985 | $ | 2,301 | $ | 1,922 | $ | 636 | $ | 614 | $ | 2,089 |
(1) | Operating lease obligations consist of our contractual rental expenses under operating leases of facilities and certain motor vehicles. We signed a new lease for our facilities located in Israel on February 26, 2015, and such obligation is excluded from the above table. |
(2) | Consists of accruals for certain income tax positions under ASC 740 that are paid upon settlement, and for which we are unable to reasonably estimate the ultimate amount and timing of settlement. See Note 8(j) to our consolidated financial statements included elsewhere in this prospectus for further information regarding our liability under ASC 740. Payment of these obligations would result from settlements with tax authorities. Due to the difficulty in determining the timing of resolution of audits, these obligations are only presented in their total amount. |
(3) | Severance pay relates to accrued severance obligations to our Israeli employees as required under Israeli labor laws. These obligations are payable only upon the termination, retirement or death of the respective employee and may be reduced if the employees termination is voluntary. These obligations are partially funded through accounts maintained with financial institutions and recognized as an asset on our balance sheet. Of this amount, $1.0 million is unfunded. See Note 2(i) to our consolidated financial statement included elsewhere in this report for further information. |
Application of Critical Accounting Policies and Estimates
Our accounting policies and their effect on our financial condition and results of operations are more fully described in our consolidated financial statements included elsewhere in this prospectus. We have prepared our financial statements in conformity with U.S. GAAP, which requires management to make estimates and assumptions that in certain circumstances affect the reported amounts of assets and liabilities, revenues and expenses and disclosure of contingent assets and liabilities. These estimates are prepared using our best judgment, after considering past and current events and economic conditions. While management believes the factors evaluated provide a meaningful basis for establishing and applying sound accounting policies, management cannot guarantee that the estimates will always be consistent with actual results. In addition, certain information relied upon by us in preparing such estimates includes internally generated financial and operating information, external market information, when available, and when necessary, information obtained from consultations with third-parties. Actual results could differ from these estimates and could have a material adverse effect on our reported results. See Risk Factors for a discussion of the possible risks which may affect these estimates.
We believe that the accounting policies discussed below are critical to our financial results and to the understanding of our past and future performance, as these policies relate to the more significant areas involving managements estimates and assumptions. We consider an accounting estimate to be critical if: (1) it requires us to make assumptions because information was not available at the time or it included matters that were highly uncertain at the time we were making our estimate; and (2) changes in the estimate could have a material impact on our financial condition or results of operations.
56
Revenue Recognition
We account for our software licensing sales in accordance with the Financial Accounting Standards Board, or FASB, Accounting Standards Codification, or ASC, 985-605, Software Revenue Recognition. ASC 985-605 generally requires revenues earned on software arrangements involving multiple elements to be allocated to each element based on the relative fair value of the elements when Vendor Specific Objective Evidence, or VSOE, of fair value exists for all elements and to be allocated to the different elements in the arrangement under the residual method when VSOE of fair value exists for all undelivered elements and no VSOE exists for the delivered elements.
Maintenance and professional services are sold separately and therefore the selling price (VSOE) is based on stand-alone transactions.
Under the residual method, at the outset of the arrangement with the customer, we defer revenues for the fair value of our undelivered elements and recognize revenues for the remainder of the arrangement fee attributable to the elements initially delivered in the arrangement (software product) when all other criteria in ASC 985-605 have been met. Any discount in the arrangement is allocated to the delivered element.
We recognize software license revenues when persuasive evidence of an arrangement exists, the software license has been delivered, there are no uncertainties surrounding product acceptance, there are no significant future performance obligations, the license fees are fixed or determinable and collection of the license fee is considered probable. Fees for arrangements with payment terms extending beyond customary payment terms are considered not to be fixed or determinable, in which case revenues are deferred and recognized when payments become due from the customer provided that all other revenue recognition criteria have been met.
Revenues from maintenance and support contracts are recognized ratably on a straight-line basis over the term of the related contract which is typically one year and, to a lesser extent, three years, and from professional services as services are performed.
Our agreements with distributors and resellers are non-exchangeable, non-refundable, non-returnable and carry no rights of price protection. Accordingly, we consider distributors as end-users.
We do not generally grant a right of return to our customers. In transactions where a customers contractual terms include a provision for customer acceptance, revenues are recognized when such acceptance has been obtained or as the acceptance provision has lapsed.
Deferred revenues include unearned amounts received under maintenance and support contracts, professional services and amounts received from customers for licenses but not recognized as revenues due to the fact that these transactions did not meet the revenue recognition criteria as of the balance sheet date.
Derivative instruments
ASC No. 815, Derivative and Hedging, requires companies to recognize all of their derivative instruments as either assets or liabilities in the statement of financial position at fair value. For those derivative instruments that are designated and qualify as hedging instruments, a company must designate the hedging instrument, based upon the exposure being hedged, as a fair value hedge, cash flow hedge or a hedge of a net investment in a foreign operation.
For derivative instruments that are designated and qualify as a cash flow hedge (i.e., hedging the exposure to variability in expected future cash flows that is attributable to a particular risk), the effective portion of the gain or loss on the derivative instrument is reported as a component of other comprehensive income and reclassified into earnings in the same period or periods during which the hedged transaction affects earnings. The remaining gain or loss on the derivative instrument in excess of the cumulative change in the present value of future cash flows of the hedged item, if any, is recognized in current earnings during the period of change.
57
To hedge against the risk of overall changes in cash flows resulting from foreign currency salary payments during the year, we have instituted a foreign currency cash flow hedging program. We hedge a portion of our forecasted expenses denominated in NIS. These forward and option contracts are designated as cash flow hedges, as defined by ASC 815, and are all effective, as their critical terms match underlying transactions being hedged.
Share-Based Compensation
Option Valuations
Under U.S. GAAP, we account for share-based compensation for employees in accordance with the provisions of the FASBs ASC Topic 718 CompensationStock Based Compensation, or ASC 718, which requires us to measure the cost of options based on the fair value of the award on the grant date.
We selected the Black-Scholes-Merton option pricing model as the most appropriate method for determining the estimated fair value of options for the years ended December 31, 2012 and 2013 and for the period from January 1, 2014 and up to September 24, 2014. The resulting cost of an equity incentive award is recognized as an expense over the requisite service period of the award, which is usually the vesting period. We recognize compensation expense over the vesting period using the straight-line method and classify these amounts in the consolidated financial statements based on the department to which the related employee reports.
The determination of the grant date fair value of options using the Black-Scholes-Merton option pricing model is affected by estimates and assumptions regarding a number of complex and subjective variables. These variables include the expected volatility of our share price over the expected term of the options, share option exercise and cancellation behaviors, risk-free interest rates and expected dividends, which are estimated as follows:
| Fair Value of our Ordinary Shares. Because our shares are not publicly traded, we must estimate the fair value of ordinary shares, as discussed in Ordinary Share Valuations below. |
| Expected Term. The expected term of options granted represents the period of time that options granted are expected to be outstanding, and is determined based on the simplified method in accordance with ASC No. 718-10-S99-1, (SAB No. 110), as adequate historical experience is not available to provide a reasonable estimate. |
| Volatility. The expected share price volatility was based on the historical equity volatility of the ordinary shares of comparable companies that are publicly traded. |
| Risk-free Rate. The risk-free interest rate is based on the yield from U.S. Treasury zero-coupon bonds with a term equivalent to the contractual life of the options. |
| Dividend Yield. We have never declared or paid any cash dividends and do not presently plan to pay cash dividends in the foreseeable future. Consequently, we used an expected dividend yield of zero. |
From September 24, 2014, our ordinary shares are publicly traded, and therefore we currently base the value of options based on the market price of our ordinary shares.
Warrants to Purchase Preferred Shares
Prior to our initial public offering, we accounted for freestanding warrants to purchase our preferred shares as a liability on our balance sheet at fair value. We recorded warrants to purchase preferred shares as a liability because the underlying preferred shares were contingently redeemable (upon a deemed liquidation event) and, therefore, could have required us to transfer assets. The warrants were subject to re-measurement to fair value at each balance sheet date and any change in fair value was recognized as a component of financial income (expense), net, on the consolidated statements of comprehensive income.
58
We recorded the warrants at their estimated fair value utilizing the OPM with changes in the fair value of the warrant liability reflected in financial income (expense), net. Upon the completion of our initial public offering, the warrants were exercised to Series B3 preferred shares and later converted to ordinary shares. We re-measured the warrants as of the conversion date using the intrinsic value based on the initial public offering price.
The following assumptions were used to estimate the value of the Series B3 preferred share warrants as of December 31, 2012 and 2013:
Year ended December 31, |
||||||||
2012 | 2013 | |||||||
Expected volatility |
45 | % | 45 | % | ||||
Expected dividends |
0 | 0 | ||||||
Expected term (in years) |
2.5 | 2 | ||||||
Risk free rate |
0.32 | % | 0.31 | % |
During the years ended December 31, 2012, 2013 and 2014, we recognized financial expenses in the amount of $0.2 million, $1.4 million and $4.3 million, respectively, from the re-measurement of the fair value of the warrants.
Income Taxes
As part of the process of preparing our consolidated financial statements we are required to estimate our taxes in each of the jurisdictions in which we operate. We account for income taxes in accordance with ASC Topic 740, Income Taxes, or ASC Topic 740. ASC Topic 740 prescribes the use of an asset and liability method whereby deferred tax asset and liability account balances are determined based on the difference between book value and tax bases of assets and liabilities and carryforward tax losses. Deferred taxes are measured using the enacted tax rates and laws that will be in effect when the differences are expected to reverse. We exercise judgment and provide a valuation allowance, if necessary, to reduce deferred tax assets to their estimated realizable value if it is more likely than not that some portion or all of the deferred tax asset will not be realized.
Deferred tax assets are classified as short or long-term based on the classification of the related asset or liability for financial reporting, or according to the expected reversal dates of the specific temporary differences, if not related to an asset or liability for financial reporting. We account for uncertain tax positions in accordance with ASC 740 and recognize the tax benefit from an uncertain tax position only if it is more likely than not that the tax position will be sustained on examination by the taxing authorities, based on the technical merits of the position. The tax benefits recognized in the financial statements from such a position should be measured based on the largest benefit that has a greater than 50% likelihood of being realized upon ultimate settlement. Accordingly, we report a liability for unrecognized tax benefits resulting from uncertain tax positions taken or expected to be taken in a tax return. We recognize interest and penalties, if any, related to unrecognized tax benefits in tax expense.
Off-Balance Sheet Arrangements
We do not currently engage in off-balance sheet financing arrangements. In addition, we do not have any interest in entities referred to as variable interest entities, which includes special purposes entities and other structured finance entities.
59
Quantitative and Qualitative Disclosure About Market Risk
Foreign Currency Risk
Our results of operations and cash flows are affected by fluctuations due to changes in foreign currency exchange rates. In 2014, the majority of our revenues were denominated in U.S. dollars and the remainder in other currencies, primarily euros and British pounds sterling. In 2014, the majority of our cost of revenues and operating expenses were denominated in U.S. dollars and NIS and the remainder in other currencies, primarily euros and British pounds sterling. Our foreign currency-denominated expenses consist primarily of personnel, rent and other overhead costs. Since a significant portion of our expenses is incurred in NIS and is substantially greater than our revenues in NIS, any appreciation of the NIS relative to the U.S. dollar would adversely impact our net loss or net income, as relevant. In addition, since the portion of our revenues generated in euros is significantly greater than our expenses incurred in euros, any depreciation of the euro relative to the U.S. dollar would adversely impact our net loss or net income, as relevant. We currently have less exposure to fluctuations in the exchange rate of the British pound because our revenues and expenses in that currency have an offsetting effect.
The following table presents information about the changes in the exchange rates of the NIS against the U.S. dollar:
Period |
Change in Average Exchange Rate of the NIS Against the U.S. dollar (%) | |
2014 |
(12.0) | |
2013 |
(6.4) | |
2012 |
7.8 |
The figures above represent the change in the average exchange rate in the given period compared to the average exchange rate in the immediately preceding period. Negative figures represent depreciation of the U.S. dollar compared to the NIS. A 10% increase or decrease in the value of the NIS against the U.S. dollar would have decreased or increased our net loss by approximately $2.0 million in 2014. We estimate that a 10% increase or decrease in the value of the euro against the U.S. dollar would have decreased or increased our net income by approximately $0.7 million in 2014. These estimates of the impact of fluctuations in currency exchange rates on our historic results of operations may be different from the impact of fluctuations in exchange rates on our future results of operations since the mix of currencies comprising our revenues and expenses may change.
For purposes of our consolidated financial statements, local currency assets and liabilities are translated at the rate of exchange to the U.S. dollar on the balance sheet date and local currency revenues and expenses are translated at the exchange rate at the date of the transaction or the average exchange rate dollar during the reporting period to the United States.
To protect against the increase in value of forecasted foreign currency cash flow resulting from expenses paid in NIS during the year, we have instituted a foreign currency cash flow hedging program. We hedge portions of the anticipated payroll of our Israeli employees in NIS for a period of one to twelve months with forward contracts and other derivative instruments. We do not use derivative financial instruments for speculative or trading purposes.
Other Market Risks
We do not believe that we have material exposure to interest rate risk due to the fact that we have no long-term borrowings.
We do not believe that we have any material exposure to inflationary risks.
60
New and Revised Financial Accounting Standards
The JOBS Act permits emerging growth companies such as us to delay adopting new or revised accounting standards until such time as those standards apply to private companies. We have irrevocably elected not to avail ourselves of this and, therefore, we will be subject to the same new or revised accounting standards as other public companies that are not emerging growth companies.
Recently Issued and Adopted Accounting Pronouncements
In May 2014, the FASB issued an accounting standard update on revenue from contracts with customers, which requires an entity to recognize the amount of revenue to which it expects to be entitled for the transfer of promised goods or services to customers. The new guidance will replace most existing revenue recognition guidance in U.S. GAAP when it becomes effective. The new standard is effective for us on January 1, 2017. Early application is not permitted. The standard permits the use of either the retrospective or cumulative effect transition method. We are currently evaluating the effect that the new guidance will have on our consolidated financial statements and related disclosures. We have not yet selected a transition method nor have we determined the effect of the standard on our ongoing financial reporting.
61
Overview
We are a global leader and pioneer of a new layer of IT security solutions that protects organizations from cyber attacks that have made their way inside the network perimeter to strike at the heart of the enterprise. Our software solution is focused on protecting privileged accounts, which have become a critical target in the lifecycle of todays cyber attacks. Privileged accounts are pervasive and act as the keys to the IT kingdom, providing complete access to, and control of, all parts of IT infrastructure, industrial control systems and critical business data. In the hands of an external attacker or malicious insider, privileged accounts allow attackers to take control of and disrupt an organizations IT and industrial control infrastructures, steal confidential information and commit financial fraud. Our comprehensive solution proactively protects privileged accounts, monitors privileged activity and detects malicious privileged behavior. Our customers use our innovative solution to introduce this new security layer to protect against, detect and respond to cyber attacks before they strike vital systems and compromise sensitive data.
Organizations worldwide are experiencing an unprecedented increase in the sophistication, scale and frequency of cyber attacks. The challenge this presents is intensified by the growing adoption of new technologies, such as cloud computing, virtualization, software-defined networking, enterprise mobility and social networking, which has resulted in increasingly complex and distributed IT environments with significantly larger attack surfaces. Organizations have historically relied upon perimeter-based threat protection solutions such as network, web and endpoint security tools as the predominant defense against cyber attacks, yet these traditional solutions have a limited ability to stop todays advanced threats. As a result, an estimated 90% of organizations have suffered a cybersecurity breach according to a 2011 survey of approximately 580 U.S. IT practitioners by the Ponemon Institute, a research center focused on privacy, data protection and information security policy. Organizations are just beginning to adapt their security strategies to address this new threat environment and are evolving their approaches based on the assumption that their network perimeter has been or will be breached. They are therefore increasingly implementing new layers of security inside the network to disrupt attacks before they result in the theft of confidential information or other serious damage. Regulators are also continuing to mandate rigorous new compliance standards and audit requirements in response to this evolving threat landscape.
We believe that the implementation of a privileged account security solution is one of the most critical layers of an effective security strategy. Privileged accounts represent one of the most vulnerable aspects of an organizations IT infrastructure. Privileged accounts are used by system administrators, third-party and cloud service providers, applications and business users, and they exist in nearly every connected device, server, hypervisor, operating system, database, application and industrial control system. Due to the broad access and control they provide, exploiting privileged accounts has become a critical stage of the cyber attack lifecycle. The typical cyber attack involves an attacker effecting an initial breach, escalating privileges to access target systems, moving laterally through the IT infrastructure to identify valuable targets, and exfiltrating, or stealing, the desired information. According to Mandiant, credentials of authorized users were hijacked in 100% of the breaches that Mandiant investigated, and privileged accounts were targeted whenever possible.
We have architected our solution from the ground up to address the challenges of protecting privileged accounts and an organizations sensitive information. Our solution provides proactive protection against cyber attacks from both external and internal sources and allows for real-time detection and neutralization of such threats. It can be deployed in traditional on-premise data centers, cloud environments and industrial control systems. Our innovative software solution is the result of over 15 years of research and expertise, combined with valuable knowledge we have gained from working with our diverse population of customers.
Our comprehensive, purpose-built Privileged Account Security Solution enables our customers to secure, manage and monitor privileged account access and activities. Our Privileged Account Security Solution consists of our Enterprise Password Vault, SSH Key Manager, Privileged Session Manager, Privileged Threat Analytics,
62
Application Identity Manager and On-Demand Privileges Manager. These products share a common technology platform that includes our Digital Vault, Master Policy Engine and Discovery Engine, and integrates out of the box with over 100 types of IT assets in the datacenter or the cloud. Our solution complements network, endpoint, web and other security tools and enhances the effectiveness of other security defenses by preventing the misuse of privileged accounts that are built into these products.
As of December 31, 2014, we had approximately 1,800 customers, including approximately 40% of the Fortune 100 and approximately 18% of the Global 2000. We define a customer to include a distinct entity, division or business unit of a company. Our customers include leading enterprises in a diverse set of industries, including energy and utilities, financial services, healthcare, manufacturing, retail, technology and telecommunications, as well as government agencies. We sell our solution through a high touch, channel fulfilled hybrid sales model that combines the leverage of channel sales with the account control of direct sales, and therefore provides us with significant opportunities to grow our current customer base. This approach allows us to maintain close relationships with our customers and benefit from the global reach of our channel partners. Additionally, we are enhancing our product offerings and go-to-market strategy by establishing technology alliances within the IT infrastructure and security vendor ecosystem.
Our business has rapidly grown in recent years. During 2012, 2013 and 2014, our revenues were $47.2 million, $66.2 million and $103.0 million, respectively, representing year-over-year growth of 40.1% and 55.7% in 2013 and 2014, respectively. Our net income for 2012, 2013 and 2014 was $7.9 million, $6.6 million and $10.0 million, respectively.
Industry Overview
The recent increase in sophisticated, targeted security threats by both external attackers and malicious insiders, along with an increase in the attack surface due to the growing complexity and distributed nature of IT environments, have made it extremely challenging for enterprises and governments around the world to protect their sensitive information. These challenges are driving the need for a new layer of security that complements traditional threat protection technologies by securing access to privileged accounts and preventing the exploitation of organizations critical systems and data.
Security threats are increasingly sophisticated and targeted
Organizations are experiencing an elevated level of increasingly sophisticated and targeted security threats. These advanced threats are frequently driven by organized groups such as: professional criminals attempting to gain access to valuable or sensitive information, state-sponsored groups that aim to further national agendas through industrial espionage or cyber warfare, and hacktivists pursuing a variety of socially-driven causes. These groups are highly motivated, technically advanced and are often well funded. They have become fundamental drivers of the heightened risk of cyber attacks.
Increasing complexity and openness of IT environments increases risk
To support business priorities and the evolving needs of their customers, enterprises are investing in new technologies and architectures that are rapidly increasing the complexity and openness of the IT infrastructure, including virtualization, cloud computing, mobility, software-defined networking, big data and social networking. A large enterprises IT infrastructure typically consists of tens of thousands of servers, databases, network devices and applications, and is often distributed across multiple geographic regions. Enterprises are increasingly adopting mobility and bring-your-own-device (BYOD) policies, allowing employees to access confidential company information and applications on mobile devices. Furthermore, many enterprises are outsourcing aspects of their infrastructure to cloud service providers and remote vendors, increasing their reliance on third parties to manage and protect their sensitive information. While these modern IT technologies offer organizations many benefits, they also increase the security risk by expanding the attack surface of the organization and increasing the complexity of security management.
63
Privileged accounts are widespread and vulnerable to attack
Privileged accounts represent one of the most vulnerable aspects of an organizations IT infrastructure. Privileged accounts are those accounts within an organization that give the user high levels of access, or privileged access, to IT systems, applications and data. Privileged accounts are used by systems administrators to deploy and maintain IT systems and they exist in nearly every connected device, server, database, application and industrial control system. Additionally, privileged accounts extend beyond an organizations traditional IT infrastructure to include employee-managed corporate social media accounts, which can be misused to cause significant reputational damage and other harm to an enterprise. With the increasing complexity of IT infrastructures, the number of privileged accounts has grown exponentially. We believe that organizations typically have two to four times more privileged accounts than employees. As a result, hijacking privileged accounts gives attackers the ability to access and download an organizations most sensitive data, disrupt business operations, create additional user and privileged accounts, distribute malware, bypass existing security controls, perform other sensitive operations, and erase audit trails to hide their activity. Hackers, malicious insiders or even careless users pose a significant threat to organizations when they gain access to privileged accounts. Some well-publicized examples of cyber attacks that have compromised privileged accounts, according to sources in the public domain, include:
| Target. At the end of 2013, attackers were able to copy privileged domain administrator credentials via a pass the hash attack, then subsequently created new credentials that provided access to their target systems. This attack compromised the credit card information of millions of customers and caused significant brand and financial damage to the company. |
| Sony Pictures Entertainment. In 2014, attackers were able to gain access to a large number of privileged account credentials that were left unprotected. These credentials enabled the attackers to access a wide range of systems, allowing them to steal copies of pre-release films, confidential internal emails and other sensitive data. The attack caused significant brand and financial damage to the company. |
| U.S. Intelligence Agency. In 2013, a third-party systems administrator abused his insider status and authorized privileged credentials to download and make public hundreds of thousands of classified documents. |
| South Korea. In 2013, South Korean TV stations and banks were attacked with data wiping malware. According to reports, the devastating attacks carried out on South Korea were precipitated by hackers obtaining a privileged administrator login to a security vendors patch management server via a targeted attack. The attackers then created malware that resembled a normal software update, tricking unsuspecting organizations into infecting their own systems with this malicious update. |
| RSA. In 2011, after initially penetrating the network through a spear phishing email, an attack harvested legitimate user credentials, including privileged credentials needed to infiltrate the core RSA SecurID token master key database, thereby compromising the security of thousands of other companies, including several major U.S. defense contractors. |
| Night Dragon. Starting in 2009 and reported in 2011, an attack was carried out against a number of energy firms that targeted proprietary operations and project-financing information. Once the initial system was compromised, the attack targeted local privileged administrative accounts, providing the attacker with broad access to the energy firms systems and confidential intellectual property. |
Exploiting privileged accounts is a critical stage of an attack lifecycle
Todays advanced cyber attacks are typically designed to evade traditional threat prevention technologies that are focused on protecting the perimeter from outside breach. Once inside a network, many of these modern attacks follow a common lifecycle. Attackers typically attempt to advance from the initial breach, escalating their privileges and moving laterally through the system to identify and access valuable targets and confidential information so they can access their target systems and information. Once an attacker has hijacked the privileged credentials of an
64
authorized user, its activities blend in with legitimate traffic and is therefore much more difficult to detect. Attackers can therefore operate undetected inside an organization for long periods of time. In fact, according to the 2013 Data Breach Investigations Report from Verizon, 66% of breaches take months or years to discover and approximately 70% of breaches were discovered by external parties who then notified the targeted company. According to Mandiant, the median length of time that attackers are on an organizations network before being detected is approximately 240 days. The diagram below shows the typical lifecycle of a cyber attack.
| Perimeter compromise. Attackers can gain entry into a corporate network through multiple attack vectors including email, web and endpoints. The most common technique used to penetrate an enterprise network and break through the network perimeter is a phishing attack through which an email is used to deliver malware to an employee of the target. Attackers have become highly sophisticated and are increasingly finding ways to evade traditional network perimeter threat detection technologies. In most cases, immediately after the initial compromise, attackers download malware tools and establish a connection to a command-and-control server to enable ongoing control. |
| Escalate privileges. External attackers, after the initial compromise, target privileged accounts to facilitate the future stages of the attack. Through a variety of tactics, including keystroke logging malware, pass the hash attacks, dictionary attacks and other techniques, attackers attempt to gain possession of the credentials used to access privileged accounts. Malicious insiders typically already have some degree of privileged access but may need to escalate privileges to extend their access. Privilege escalation is a critical stage of the attack, because if privileged credentials are compromised, the attacker is able to move closer to sensitive data while remaining undetected. |
| Reconnaissance and lateral movement. Once armed with privileged credentials, attackers may conduct stealth reconnaissance across the network to locate other vulnerable systems, and then spread laterally across the network in search of target data and systems. As the attacker identifies an additional interesting target, it may again need to escalate its privileges to gain access to the newly identified system and then continue its reconnaissance. |
65
| Data exfiltration. The final stage of an attack lifecycle is typically to exfiltrate the desired information from the targets corporate network to a location that the attacker controls. Once the target information has been gathered in a staging area and is ready for exfiltration, the attacker can use its privileged access to bypass controls and monitoring technologies designed to prevent or detect exfiltration. |
Malicious insiders continue to be a significant risk
Malicious insiders have historically been responsible for some of the most significant security breaches and continue to pose a significant risk to organizations. Insiders are generally trusted users such as employees, contractors and business partners. Insiders typically have trusted credentials and knowledge of the organization, and can therefore be extremely dangerous if they decide to exploit their position to steal confidential information, commit financial fraud, disrupt operations or cause other harm. Malicious insiders are often disgruntled employees or contractors driven by financial or personal motives and often seek valuable or sensitive information that can be used to harm the organization. These individuals and groups use their access to attempt to exploit privileged credentials in order to laterally move throughout the organization and gain access to valuable or sensitive information. In addition, accidental changes to system configuration settings or other system operating characteristics by well-intentioned insiders are also a significant risk, as they can cause expensive service disruptions and unknown security vulnerabilities.
Security-related regulatory and compliance requirements are challenging to manage
Governments and industry groups continue to enact new legislation and compliance standards regarding data protection and privacy and internal control. Furthermore, compliance requirements continue to become more stringent in response to the complex and evolving threat landscape. Regulations and compliance standards can overlap with one another, change very frequently, require costly and time consuming compliance measures and carry significant financial and reputational consequences for audit failure and non-compliance. Examples of such regulations include the Payment Card Industry Data Security Standard (PCI-DSS); the Federal Information Security Management Act (FISMA) and associated National Institute for Standards and Testing (NIST) Network Security Standards; the Sarbanes-Oxley Act; Title 21 of the U.S. Code of Federal Regulations, which governs food and drug industries; the North American Electric Reliability Corporation Critical Infrastructure Protection Plan (NERC-CIP); the German Federal Financial Supervisory Authority (BaFin) Minimum Requirements for Risk Management; and the requirements of Monetary Authority of Singapores Technology Risk Management Notices. The common theme of these regulations is generally a requirement that organizations implement control over privileged accounts, establish accountability to specific users and maintain a complete recording of privileged sessions.
Enterprises have historically relied on traditional security threat protection technologies
Organizations have invested heavily in security products to protect their IT infrastructure and valuable information. According to IDC, worldwide spending on IT security products is expected to grow from $32.0 billion in 2013 to $42.0 billion by 2017. Historically, the majority of this spending has been focused on perimeter threat protection products such as network, web and endpoint security. While prevention of the initial breach is an important layer of an enterprise security strategy, we do not believe that perimeter-based threat protection alone is sufficient to protect against todays increasingly sophisticated and targeted external security threats or malicious insiders. Despite significant investments in perimeter-based threat protection solutions, most enterprises are still being breached. Therefore, we believe in the future a greater portion of the overall spend will be dedicated to solutions focused on the inside of the enterprise.
66
Challenges in Protecting Privileged Accounts
The increasing sophistication, scale and frequency of advanced cyber attacks challenge traditional cybersecurity methods and create a need for a comprehensive approach to securing privileged accounts from use by external or internal attackers to gain access to and exploit an organizations confidential data and IT systems. Such an approach must address a range of challenges presented by privileged accounts.
| Traditional security solutions limited ability to protect privileged credentials and critical assets from cyber attacks. Organizations worldwide continue to struggle to protect privileged credentials and critical assets despite significant investment in traditional perimeter, endpoint or identity-focused security solutions. Organizations attempts to solve this problem using a combination of disparate traditional security solutions do not address the unique requirements of securing privileged accounts. Without proactive, automated controls on privileged accounts, including privileged credential protection and real-time alerting on potential threats and malware isolation, attackers can bypass traditional security controls and exploit privileged accounts as a gateway to critical infrastructure, confidential data and other security solutions. |
| Insufficient visibility and lack of automation in the management of privileged accounts. Traditional approaches to identifying and managing privileged accounts typically involve manual, time-consuming tasks performed on an infrequent or ad-hoc basis. These approaches do not ensure that organizations identify their complete inventory of privileged accounts or manage their privileged credentials securely. Manual approaches can result in common passwords used across multiple systems, unauthorized sharing of credentials, default passwords remaining in place and other behaviors that compromise security and leave IT systems susceptible to attack. These approaches do not provide a current, accurate and global picture of an organizations security and compliance posture, decreasing security effectiveness and increasing IT operational costs. |
| Inability to monitor and audit all privileged activity. Traditional information systems do not provide sufficient detail of privileged activities, or worse yet, allow privileged accounts to change security settings or delete system audit logs to hide wrongdoing. Without end-to-end monitoring and recording of all command-level privileged activities, organizations are unable to audit privileged activity. This leaves them at risk of failing compliance audits, being unable to hold privileged users accountable for their actions and lacking critical forensics information to help deconstruct and remediate an attack. |
| Inadequate or delayed response time in detecting malicious and high risk behaviors. Many organizations often log high level privileged account activity as part of a broad, system-wide logging solution; however, this information is collected and stored amongst other vast data aggregations, and in many cases does not provide the right level of detail or context to understand what differentiates normal from anomalous behavior. Without regular and methodical review of these logs, identification of threats is often missed or delayed. Additionally, tampering with log files is one of the routine aspects of an advanced malware attack or internal hack, rendering such information or analysis inaccurate or incomplete. Organizations need a single platform that can collect and record complete, detailed records of privileged account activity, develop profiles of expected user behaviors and then alert in real-time on any deviations from expected behavior. |
| Limited scalability of existing point solutions. Traditional solutions that attempt to address privileged account security are often delivered as tactical point tools rather than comprehensive solutions and lack enterprise-level scalability or support for globally distributed datacenters. In addition, an attempt to patch together such disparate point tools having different interfaces and architectures and typically provided by different vendors, leads to interoperability issues. Without a single, scalable solution, organizations must devote considerable time and resources to develop integration strategies for existing solutions with the rest of their IT security investments. |
67
Our Solution
Our solution provides proactive protection against cyber attacks from both external and internal sources and allows for real-time detection and neutralization of such threats. Our Privileged Account Security Solution provides organizations with the following benefits:
| Comprehensive platform for proactive protection of privileged credentials and target assets from cyber attacks. Our comprehensive solution for privileged account security enables our customers to proactively protect against and automatically detect and respond to in-progress cyber attacks before they strike vital systems and compromise sensitive data. Our unified solution to these previously disparate security needs enables our customers to preemptively remediate vulnerabilities and improve their security effectiveness from a central command and control point. We enhance the effectiveness of traditional security defenses by introducing a new security layer that prevents the misuse of privileged accounts which exist in virtually every piece of technology in the organization including security products. |
| Automatic identification and understanding of the scope of privileged account risk. Our solution automatically detects privileged accounts across the enterprise and helps customers visualize the resulting compliance gaps and security vulnerabilities. This automated process reduces the time-consuming and error-prone task of manually tracking and updating privileged credentials, thereby decreasing IT operational costs. This enhanced visibility significantly improves the security posture of our customers and facilitates adherence to rigorous audit and compliance standards. |
| Continuous monitoring, recording and secure storage of privileged account activity. Our solution monitors, collects and records individual privileged session activity down to every mouse click and keystroke. It also provides highly secure storage of privileged session recordings and robust search capabilities allowing organizations to meet their audit and compliance requirements. Session recordings also provide a full forensics record of privileged activity to facilitate a more rapid and precise response to malicious activity. |
| Real-time detection, alerting and response to malicious privileged activity. Our Privileged Threat Analytics product builds on historical data collected by our comprehensive Privileged Account Security Solution and other network data sources to create and maintain a current profile of each privileged users behavior. It uses proprietary algorithms to profile and analyze individual privileged user behavior without impacting the privileged account session and creates prioritized alerts in real-time when abnormal activity is detected. These alerts allow our customers incident response teams to investigate and prioritize threatening activity and respond by terminating the active session. |
| Purpose-built solution, architected for privileged account security. Our solution is architected across products to optimize security. Our Digital Vault, a secure repository for privileged credentials, offers multiple layers of security including robust segregation of duties, a secure proprietary communications protocol and military-grade encryption. Our Privileged Session Manager product establishes a single point of control for all privileged activity, effectively decreasing the attack surface by providing only proxy-based access to IT assets through our platform. This prevents infected administrator workstations from spreading malware or tampering with applications, databases and server configuration settings. |
| Scalable and flexible platform that enables modular deployment. Our solution is scalable and flexible to enable deployments in large-scale distributed environments, and supports major operating systems, databases, applications, hypervisors, network devices and security appliances, for on-premise, cloud environments and industrial control systems. Every product in our Privileged Account Security Solution can be deployed and managed independently while still sharing resources and data from our shared technology platform. This design provides our customers the flexibility to deploy one or more of our products initially for a single use case and then expand over time to address more use cases or add additional solutions from our comprehensive platform. |
68
Our Market Opportunity
We believe that the security market is in the midst of a significant transition as enterprises are investing in a new generation of security solutions to help protect them against todays sophisticated and targeted cyber threats from both external attackers and malicious insiders. Gartner estimates that by 2020, 60% of enterprise information security budgets will be allocated to rapid detection and response approaches, up from less than 10% in 2014. Recognizing that traditional perimeter-based threat protection solutions are not sufficient to protect against todays advanced cyber threats, enterprises are investing in security solutions within the datacenter to protect the inside of their networks. According to a 2012 report by IDC, worldwide spending on datacenter security solutions was $10.7 billion in 2011 and is expected to grow to $16.5 billion by 2016, representing a compound annual growth rate of 9.3%. According to the same report, worldwide spending for IT security solutions was $28.4 billion in 2011 and is expected to grow to $40.8 billion in 2016, representing a compound annual growth rate of 7.6%.
We believe that privileged account security is a new, critical layer of security that is benefitting from this transition. Privileged accounts represent one of the most vulnerable aspects of an organizations IT infrastructure and exist in nearly every connected device, server, hypervisor, operating system, database, application and industrial control system throughout on-premise and cloud-based datacenters. As a result, we believe that an increasing portion of the IT security budget, and specifically the datacenter security spend, will be allocated for privileged account security solutions.
Our Competitive Strengths
Our mission is to protect the heart of the enterprise from advanced cyber attacks. We have established a leadership position in protecting high-value data and critical IT assets by securing privileged accounts, and have several key competitive strengths including:
| Trusted expert in privileged account security. We are a recognized brand name and a leader in privileged account security, protecting organizations worldwide against external threats that have already penetrated the perimeter, as well as threats that originate from within the perimeter by malicious or careless insiders. We have more than a decade of experience working with approximately 1,800 enterprises and government organizations, which we believe provides us with a competitive advantage in research, detection and remediation of privileged account security issues. This helps to ensure our products will continue to meet the continuously evolving business, security and operational requirements of the market. |
| Technology leader driven by vision and focus on innovation. Our history of innovation is the cornerstone of our technology leadership. We pioneered Digital Vault technology, which is the foundation of our platform. In the following years, we introduced patented technology for application identity management, secure connectivity for remote vendors, integrated privileged activity monitoring, private and public cloud privileged account management and privileged threat analytics. We believe our commitment to continuous innovation through our culture and processes will continue to drive our market leadership over time. |
| Global reach driven by direct and indirect sales organization. We have a broadly dispersed global hybrid sales channel as evidenced by our existing customer implementations in 65 countries. Our local presence in more than 20 countries and our broad network of over 200 channel and technology alliance partners worldwide underpins our product and brand success, and provides us with significant opportunities to grow our customer base while helping our current customers solve a greater portion of their security challenges. |
| Strong management team with significant IT security expertise. We have a highly talented management team, combining both public and private company experience and a demonstrated ability to effectively scale businesses. Our strong research and development organization has significant IT security expertise from past experience in leading IT security companies and Israels military |
69
technology units. We believe that our management team and engineering talent position us to continue to provide thought leadership and drive product innovation. We conduct our research and development activities in Israel, which we believe will continue to provide us with access to high quality engineering talent. |
| Corporate culture committed to our customers success. Our culture reflects our employees passion for our mission and focus on protecting our customers and which we believe is a key ingredient of our success. Our commitment to our customers success is ingrained in our business strategy and is brought to life through constant customer interactions, employee functions and our engaging annual customer conferences attended by hundreds of customers and channel partners. |
Our Growth Strategy
Our goal is to be the global leader in IT security solutions that protect organizations from cyber attacks that have made their way inside the network perimeter to strike at the heart of the enterprise. The key elements of our strategy to extend our global leadership include:
| Continue to innovate and enhance our solution. We intend to continue to innovate and develop new products and enhancements to existing products to strengthen our leadership position. For example, we introduced our first behavioral analytic product called Privileged Threat Analytics in December 2013 to enable our customers to profile and analyze individual privileged user behavior and create prioritized alerts when abnormal activity is detected. In addition, in November 2014 we continued the expansion of our proactive controls monitoring and management offering with the launch of SSH Key Manager, which is used by customers to authenticate privileged account users and verify trust during automated application-to-application communications. We also plan to continue our investment in advanced threat research to prevent attacks through emerging threat vectors, such as in privileged accounts for cloud environments and industrial control systems. We will also continue to engage with our customers to identify needs and opportunities that will enhance our future product development. |
| Grow our customer base. We operate in a large, growing market and there are substantial opportunities to grow our customer base. We plan to leverage our strong global footprint across industry verticals, such as in financial services, pharmaceuticals, energy and utilities, telecommunications, retail, manufacturing and government, among others, to further expand our market reach. To drive the acquisition of new customers, we plan to grow our direct sales team, expand our channel partnerships and enhance our marketing efforts. In the future, we also plan to increasingly market our solution to middle-market organizations. |
| Further penetrate our existing customer base. Our existing base of approximately 1,800 global customers provides a significant opportunity to drive incremental sales. Our platform provides our customers flexibility to deploy one or more of our products initially for a single use case and then expand over time to address more use cases as customer requirements expand. We therefore have a significant opportunity to expand by helping existing customers identify and address gaps in their privileged account security strategy. This opportunity results in the potential for upsells of additional products to address more use cases or incremental licenses of existing products to deploy throughout a customers infrastructure. We plan to pursue this strategy by further expanding our customer success team that is dedicated to ensuring the satisfaction and increased deployment of our products. |
| Continue to expand our global presence by leveraging systems integrators and distribution partnerships. We believe there is a substantial opportunity to continue expanding our business globally as awareness of the need for privileged account security increases. Our channel partners, including systems integrators, distributors and value-added resellers, are a critical part of this expansion opportunity, especially in key emerging markets, such as those throughout Latin America, Eastern Europe and the Asia Pacific region. In 2014, approximately 50% of our revenues were generated from sales through our channel partners. In addition to adding new channel partners, we intend to strengthen existing channel partner relationships to drive greater sales of our products. |
70
| Selectively pursue strategic transactions. We may explore and pursue selective acquisitions to complement our product offerings, expand the functionality of our solution, acquire technology or talent, or bolster our leadership position by gaining access to new customers or markets. |
Our Products
Our products secure organizations high-value data and critical IT assets by providing proactive protection against external and internal cyber threats and enabling real-time detection and neutralization of attacks.
Privileged Account Security Solution
Our comprehensive, purpose-built Privileged Account Security Solution provides our customers a set of products that enable them to secure, manage and monitor privileged account access and activities. Our Privileged Account Security Solution consists of our Enterprise Password Vault, SSH Key Manager, Privileged Session Manager, Privileged Threat Analytics, Application Identity Manager and On-Demand Privileges Manager. These products share a common technology platform that includes our Digital Vault, Master Policy Engine and Discovery Engine, and integrates out of the box with over 100 types of IT assets in the datacenter or the cloud.
Enterprise Password Vault. Our Enterprise Password Vault provides customers with a powerful tool to manage and protect all privileged accounts across an entire organization, including physical, virtual or cloud-based assets. Customers can control how often to require scheduled password changes for different privileged accounts or grant passwords solely for one-time use based on operational needs and regulatory requirements. This automated process reduces the time-consuming and error-prone task of manually tracking and updating privileged credentials thereby enhancing system security and facilitating observance of audit and compliance standards.
SSH Key Manager. Our SSH Key Manager product, which we launched in November 2014, securely stores, rotates and controls access to SSH keys to prevent unauthorized access to privileged accounts. This includes the protection of keys at rest and in transit, granular access controls and integration with strong authentication solutions. Detailed audit logs and reporting capabilities provide visibility into key usage to meet audit and compliance requirements. SSH keys are used as an alternative to password credentials, commonly used for
71
administrative access for users, devices and applications to UNIX and Linux systems. SSH Key Manager is a logical extension to our Privileged Account Security Solution, leveraging our shared technology platform infrastructure, enabling organizations to protect all privileged credentials with a single integrated platform that can be built out over time in accordance with business needs.
Privileged Session Manager. Our Privileged Session Manager protects IT assets including servers, applications, databases and hypervisors from malware and provides command-level monitoring and recording of all privileged activity. Privileged Session Manager prevents malware on an infected workstation from capturing a privileged credential and spreading to additional assets. It also provides a single point of control, forcing all privileged access to pass through our server, ensuring that all privileged activity is monitored and recorded. The single point of control also allows for real-time viewing of privileged activities, enabling customers to terminate privileged sessions in real-time as a threat is detected. In addition, Privileged Session Manager records complete privileged sessions and stores the recordings in the Digital Vault to prevent tampering. Auditors, forensics team and others are able to view and quickly search through an entire session recording for specific activities. Privileged Session Manager does not impact the privileged account session and can operate entirely in the background, although customers can opt to deter privileged account users from prohibited conduct by alerting users that their sessions are being recorded. We offer customers the choice of licensing Privileged Session Manager based on the number of devices secured or the number of concurrent sessions it monitors. Our Privileged Session Manager and Enterprise Password Vault serve complementary functions and are part of a shared platform. As such, we frequently sell them together.
Privileged Threat Analytics. Our Privilege Threat Analytics product uses proprietary algorithms to profile and analyze individual privileged user behavior and creates prioritized alerts when abnormal activity is detected. For example, our product can be used to detect privileged account access at unusual times or access to an abnormal quantity of privileged assets and terminate the session in real time. Privileged Threat Analytics uses historical data collected by our Privileged Account Security Solution and other network data sources to create and maintain a current profile of each privileged users behavior. It allows incident response teams to investigate the details that triggered the alert in order to prioritize and respond to the threat. We specialize in analyzing behavior related to privileged user behavior, thus providing vital intelligence on the most critical attack vector. This intelligence can be integrated into an organizations existing systems and incident response processes enabling a faster response time.
Application Identity Manager. Our Application Identity Manager addresses the challenges of hard-coded, embedded credentials and cryptographic keys being hijacked and exploited by malicious insiders or external cyber attackers. This is enabled by our proprietary Digital Vault application provider technology, which eliminates the need to store such credentials in applications, scripts or configuration files. Instead, Application Identity Manager allows for secure, programmatic retrieval of needed credentials only at run-time and based on master policy control and monitoring.
On-Demand Privileges Manager. Our On-Demand Privileges Manager allows customers to limit the breadth of access of Unix/Linux administrative accounts and granularly restrict them from performing certain commands and functions. We also offer this product to customers using Windows through software licensed from an outside vendor.
Shared Technology Platform. Our shared technology platform is the foundation of our Privileged Account Security Solution and includes our Digital Vault, Master Policy Engine and Discovery Engine. Our Digital Vault is an encrypted server that only responds to preset vault protocols to ensure security throughout an organizations network. Our Privileged Account Security Solutions products use our Digital Vault to safely store, audit and manage passwords, privileged credentials, policy information and privileged account session data. Our Master Policy Engine provides a single, user-friendly interface for customers to set, manage and monitor privileged account security policies across an entire organization in a matter of minutes while allowing for granular level exceptions to meet the organizations unique operational needs. Our Discovery Engine enables organizations to
72
understand the scope of privileged account risk and helps to ensure that all privileged account activity is accounted for by automatically discovering new privileged accounts or changes to existing accounts. Our platform integrates out of the box with over 100 types of IT assets in the datacenter or the cloud, including leading operating systems, databases, network devices, security appliances, hypervisors, applications, industrial control systems and application servers. Our platform further leverages our proprietary vault protocol technology to enable distributed deployments across global networks for central management and auditing while providing enterprise-wide global coverage.
Sensitive Information Management Solution
Our Sensitive Information Management Solution provides a secure platform through which our customers employees can share sensitive files while enabling the customer to monitor who is sharing these files. This allows organizations to isolate, store, share and track sensitive files and documents, such as customer credit card information, human resource records, intellectual property documents and legal information in a secure, internal environment. It also allows organizations to exchange sensitive information securely and efficiently with their business partners, customers, suppliers and subcontractors. Our Sensitive Information Management Solution integrates with an organizations existing applications and can be deployed on-premise or as a cloud service for faster audit readiness without the need for significant upfront cost.
Our Services
Maintenance and Support
Our customers typically purchase one year or, to a lesser extent, three years, of software maintenance and support in conjunction with their initial purchase of our products. Thereafter, they can renew such maintenance and support for additional one or three-year periods. These two alternative maintenance and support periods are common in the software industry. Customers pay for each alternative in full at the beginning of their terms. The substantial majority of our contracts sold are for a one-year term. For example, for the years 2012 through 2014 more than 90% of the renewal contracts were for one year terms.
Our global customer support organization has expertise in our software and how it interacts with complex IT environments. When sales are made to customers directly, we typically also provide any necessary maintenance and support pursuant to a maintenance and support contract directly with the customer. When sales are made through indirect channels, the channel partner typically provides the first and second level support and we provide only the third level support if the issue cannot be resolved by the channel partner.
Our maintenance and support program provides customers the right to software bug repairs, the latest system enhancements and updates on an if and when available basis during the maintenance period, and access to our technical support services. Our technical support services are provided via our online support center, which enables customers to submit new support queries and monitor the status of open and past queries. Our online support system also provides customers with access to our CyberArk Knowledge Base, an online user-driven information repository that provides customers the ability to address their own queries. Additionally, we offer email and telephone support during business hours to customers that purchase a standard support package and 24/7 availability to customers that purchase a premium support package.
Professional Services
Our products are designed for customers to be able to download, install and deploy our software on their own. They are highly configurable and many customers will select either one of our many trained channel partners or our professional services team to provide services. Our professional services team can be contracted to help customers fully plan, install and configure their solution to the needs of each organizations security and IT environment. Our professional services team provides ongoing consulting services regarding best practices
73
and the proper implementation of our solution to meet the requirements of each customer. Additionally, they teach best practices associated with use of our software through CyberArk University, which offers in-person and WebEx courses globally.
Our Technology
Our comprehensive Privileged Account Security Solution relies on a set of proprietary technologies that provide a high level of security, scalability and reliability. The core technologies included in our solution are as follows:
Secure Digital Vault Technology. Our proprietary Digital Vault technology provides a highly secure, isolated environment, independent of other software, and is engineered with multiple layers of security. Our Digital Vault provides a data encryption mechanism that eliminates the need for encryption key management by the end user, while each object in our Digital Vault is encrypted with its own unique encryption key. To ensure security throughout the network, our Digital Vault communicates within an organizations network and over the internet through a proprietary and highly protected Vault Protocol, enabling an organization to implement the centrally managed Privileged Account Security Solution with products located in multiple datacenters and geographic locations. Our Digital Vault provides an additional level of protection by preventing the vault administrator from accessing or discovering protected data stored within it. In addition, our Digital Vault database is embedded, isolated and self-managed as part of our Digital Vault software, thereby blocking database administrator access to our Digital Vault database to further eliminate threats. Our Privileged Account Security Solutions additional products use the highly secured Digital Vault to safely store, audit and manage passwords, privileged credentials, policy information and privileged account session data.
Sophisticated Threat Analytics Algorithms. Our team of cyber experts and development engineers has developed proprietary algorithms that are at the core of our Privileged Threat Analytics product. These algorithms were developed using our deep understanding of cybersecurity and cyber attack techniques, together with over a decade of rich experience in analyzing privileged account activities. Our Privileged Threat Analytics product uses these proprietary algorithms to construct a behavioral profile for privileged users within an organization and continuously updates the profile based on normal changes in behavior. Once a behavioral profile is established, the threat analytics algorithms provide the ability to look for deviations from that profile in order to identify anomalies in user behavior. It then scores each individual anomaly and determines the level of threat based on the correlation of such anomalous events. Alerts with full details of the incident, including the probability of malicious intent, can be raised immediately, allowing an organizations incident response team to review the potential threat and take action when necessary.
Strong Application Authentication and Credential Management. Our Application Identity Manager products architecture allows an organization to eliminate hard-coded application credentials, such as passwords and encryption keys, from applications and scripts. Our secure, proprietary product permits authentication of an application during run-time, based on any combination of the applications signature, executable path, or IP address, and operating system user. Following application authentication, the authenticated application uses a secure application programming interface, or API, to request privileged account credentials during run-time and, based on the application permissions in our Privileged Account Security Solution, up-to-date credentials are provided to the application. To ensure business continuity, and high availability and performance even within complex and distributed network environments, our advanced product architecture provides a secure local credentials cache on the application server, eliminating the dependency on network availability and traffic during a run-time application credential request. Our proprietary architecture provides even higher value in application server environments, allowing an organization to eliminate application credentials without the need to perform any code changes and without impacting application availability.
Privileged Session Recording and Controls. Our innovative privileged session recording and control mechanisms provide the ability to isolate an organizations IT systems from end-user desktops, while monitoring and recording the privileged session activities. Our proprietary architecture provides a highly secure, proxy-based
74
solution that does not require agent installation on the target systems and provides a single-access control point to the target systems. The architecture blocks direct communication between an end-users desktop and a target system, thus preventing potential malware on the desktop from infiltrating the target system. This architecture further ensures that privileged credentials will remain protected and will not be exposed to the end-user or reach the desktop. Comprehensive recording capabilities provide the ability to record every keystroke and mouse click on the privileged session, and also provide DVR-like recordings with search, locate and alert capabilities.
Our Customers
Our customer base has grown from approximately 990 customers as of December 31, 2011 to approximately 1,800 customers as of December 31, 2014, including approximately 40% of the Fortune 100 and approximately 18% of the Global 2000. Our customers include leading organizations in a diverse set of industries, including energy and utilities, financial services, healthcare, manufacturing, retail, technology and telecommunications, as well as government agencies.
Our business is not dependent on any particular customer. No customer or channel partner accounted for more than 10% of our revenues in any of the last three years. Our diverse global footprint is evidenced by the fact that in 2014, we generated 59.0% of our revenues from customers in the United States, 32.2% from the EMEA region and 8.8% from the rest of the world. Set forth below is a representative list of our customers. We selected these customers because they operate across a range of verticals, each of them spent a meaningful amount on products during the last two years and each is currently party to a maintenance and support contract with us.
Name |
Industry | |
ANZ Banking Group Limited (Australia) | Financial services | |
American Electric Power | Energy and utilities | |
BT Group plc | Telecommunications | |
ConAgra Foods, Inc. | Retail | |
DBS Bank Ltd | Financial services | |
Exelon Corporation | Energy and utilities | |
ING North America Insurance Corporation | Insurance | |
Humana Inc. | Healthcare and pharmaceuticals | |
Manulife Financial Corporation | Financial services | |
Salesforce.com Inc. | Technology | |
Southwest Airlines Co. | Travel | |
Union Bank, N.A. | Financial services | |
Vodafone Group plc | Telecommunications |
Case Studies
The following case studies are representative examples of how some of our customers in key verticals have selected, deployed and benefited from our solution.
Software Company
Challenge. A global software company needed to address a number of audit findings related to security controls of privileged accounts and strengthen its security after a serious security incident.
Solution and benefits. In 2010, this company selected us to address an initial audit finding in one of its departments. To do so, they licensed our Enterprise Password Vault to implement and manage proactive controls on privileged accounts. That deployment was expanded to other departments within the company to address similar audit issues over the next few years. In 2013, following a serious security incident in an area of its business previously unprotected by our solution, the company selected our solution. We understand from
75
discussions with this customer that it made this decision based on our strong, existing relationship with this customer, our comprehensive Privileged Account Security Solution and their confidence in our experience with complex deployments. The company licensed Application Identity Manager, Privileged Session Manager and Privileged Threat Analytics. Total orders as of December 31, 2014 from this customer are over 140 times greater than the customers original order in 2010, which was approximately $45,000.
Healthcare Company
Challenge. A North-America-based managed healthcare company needed to address HIPAA-related audit findings regarding privileged account controls and monitoring. As their concerns for the security of their patients information grew as a result of high profile, high impact breaches, their senior executive team decided to implement a more aggressive, proactive security program.
Solution and benefits. To address the department-level audit findings, the company licensed Enterprise Password Vault in 2009. As part of their more aggressive, proactive security program, the company significantly expanded their deployment of Enterprise Password Vault across the enterprise in mid-2014, and added Privileged Session Manager later in the year. Our solution enables the company to proactively protect access to privileged accounts, monitor and record all privileged activity. Total orders as of December 31, 2014 from this customer are over seven times greater than the initial product order in 2009, which was approximately $440,000.
Insurance Company
Challenge. A North America-based global insurance company needed to resolve a high-severity internal audit finding regarding poor control and management around aspects of its privileged account security. At the same time, the company was beginning to tackle PCI compliance across the organization, discovering the need for a comprehensive means to manage and secure privileged accounts to scale the entire organization.
Solution and benefits. Addressing the immediate need created by the audit, this company licensed Enterprise Password Vault in 2007 to secure the exposed critical privileged accounts. Over the next four years as the insurance company tackled its PCI compliance mandate, the company expanded its use of Enterprise Password Vault, added Application Identity Manager and replaced home-grown technology with Privileged Session Manager to help ensure successful future audits. Total orders as of December 31, 2014 from this customer are over 25 times greater than the customers original order in 2007, which was approximately $110,000.
Energy Provider
Challenge. A North America-based provider of natural gas and crude oil needed to protect its industrial control systems from cyber threats. This company was particularly concerned about the added risk of using remote third parties to manage and maintain its natural gas and petroleum distribution systems worldwide.
Solution and benefits. In 2013, this company licensed our Enterprise Password Vault and Privileged Session Manager to provide a single, integrated solution that protects privileged user access to the management consoles of the customers industrial control systems and monitor and record the details of each privileged session. Our solution enables the company to closely control, monitor and audit the activity of third-party vendors and contractors. Total orders as of December 31, 2014 from this customer are approximately 1.3 times greater than the customers original order in 2013, which was approximately $175,000.
Financial Services Company
Challenge. A North America-based financial services company initiated a comprehensive, high-value asset protection project in response to increasing threats to its IT infrastructure and customer data. In addition to other data protection and monitoring technologies, this company recognized that it was critical to secure privileged account access to its critical systems and data.
76
Solution and benefits. As part of a defense in depth strategy, this company licensed Enterprise Password Vault and Privileged Session Manager in 2012 to protect access to privileged accounts, isolate target assets from malware and monitor privileged activity. We believe this customers confidence in our ability to comprehensively address its privileged account security challenges, our architectural approach to session monitoring and isolation and our expertise with privileged account security deployments were key drivers of their decision. Total orders as of December 31, 2014 from this customer are over three times greater than the customers original order in 2012, which was approximately $650,000.
Diversified Infrastructure and Financial Services Firm
Challenge. A diversified infrastructure and financial services firm required proactive controls on privileged user and application credentials to be compliant with Sarbanes-Oxley after an external auditor identified its lack of privileged account security controls as a corporate-wide IT security risk.
Solution and benefits. In 2011, this company licensed our Enterprise Password Vault and On-Demand Privileges Manager to implement controls and manage policies on privileged user credentials and limit the scope of access for privileged users. We believe this company selected our solution to address its compliance and risk concerns because of our unified offering, scalability and performance, global presence and ability to work across traditional and cloud-based assets. Since its initial deployment, this company has expanded its use of our solution and has licensed our Application Identity Manager to dynamically manage privileged application credentials. Total orders as of December 31, 2014 from this customer are over two times greater than the customers original order in 2011, which was approximately $1.3 million.
Sales and Marketing
Sales
We believe that our hybrid sales model, which combines the leverage of high touch, channel sales with the account control of direct sales, has played an important role in the growth of our customer base to date. We maintain a highly trained sales force that is responsible for developing and closing new business the management of relationships with our channel partners and the support and expansion of relationships with existing customers. Our sales organization is organized by geographic regions, consisting of the Americas, EMEA and Asia Pacific region. As of December 31, 2014, our global network of channel partners consisted of over 200 resellers and distributors. Our channel partners generally complement our sales efforts by helping to identify potential sales targets, maintaining relationships with certain customers and introducing new products to existing customers and offering post-sale professional services and technical support. In 2014, we generated approximately 50% of our revenues from direct sales from our field offices located throughout the world. The majority of our sales in the United States are direct while the substantial majority of our sales in the EMEA region and the rest of the world are through channel partners. We work with many global systems integration partners, such as Hewlett-Packard Company and Wipro Limited, and several leading regional security value added resellers, such as Accuvant, Inc. and FishNet Security, Inc. (which recently merged their activities) and Conexsys Communications, Ltd. These companies were each among our top 15 channel partners in 2014 by revenues and we have derived a meaningful amount from sales to each of them during the last two years.
Our sales cycle varies by size of the customer, the number of products purchased and the complexity of the customers IT infrastructure, ranging from several weeks for incremental sales to existing customers to many months for sales to new customers or large deployments. To support our broadly dispersed global channel and customer base, as of December 31, 2014, we had sales personnel in 20 countries. We plan to continue investing in our sales organization to support both the growth of our channel partners and our direct sales organization.
77
Marketing
Our marketing strategy is focused on building our brand strength, communicating the benefits of our solution, developing leads and increasing sales to existing customers. We market our software as a solution to stop cyber threats before they have the chance to stop business. We execute our strategy by leveraging a combination of internal marketing professionals and a network of channel partners to communicate the value proposition and differentiation for our product, generating qualified leads for our sales force and channel partners. Our marketing efforts also include public relations in multiple regions and extensive content development available through our recently redesigned website. We are focused on an ongoing thought-leadership campaign to establish ourselves as a leader in the cybersecurity market. Our marketing team is expanding its efforts by investing in analytics-driven lead development, stronger global coordination, quick response to current events and proactive and consistent communication with market analysts.
Research and Development
Continued investment in research and development is critical to our business. Our research and development efforts are focused primarily on improving and enhancing our existing products and services, as well as developing new products, features and functionality. We believe the timely development of new products is essential to maintaining our competitive position. We regularly release new versions of our software which incorporate new features and enhancements to existing ones. We also maintain a dedicated team that researches reported advanced cyber attacks, the attackers techniques and methods that lead to new security development initiatives for our products and provide thought-leadership on targeted attack mitigation.
As of December 31, 2014, we had 119 employees focused on research and development. We conduct our research and development activities in Israel and we believe this provides us with access to world class engineering talent. Our research and development expenses were $7.3 million, $10.4 million and $14.4 million in 2012, 2013 and 2014, respectively.
Intellectual Property
We rely on a combination of patent, trademark, copyright and trade secret laws, confidentiality procedures and contractual provisions to protect our technology and the related intellectual property. As of December 31, 2014, we had two issued patents and 14 pending patent applications in the United States. We also had one patent issued and 16 applications pending for examination in non-U.S. jurisdictions, and two pending Patent Cooperation Treaty patent examinations, all of which are counterparts of our U.S. patent applications. The claims for which we have sought patent protection relate to several elements in our technology, including the Discovery Engine within our Privileged Account Security Solution, Digital Vault, SSH Key Manager, Privileged Threat Analytics, Privileged Session Manager and Application Identity Manager.
We generally enter into confidentiality agreements with our employees, consultants, service providers, resellers and customers and generally limit internal and external access to, and distribution of, our proprietary information and proprietary technology through certain procedural safeguards. These agreements may not effectively prevent unauthorized use or disclosure of our intellectual property or technology and may not provide an adequate remedy in the event of unauthorized use or disclosure of our intellectual property or technology.
Our industry is characterized by the existence of a large number of relevant patents and frequent claims and related litigation regarding patent and other intellectual property rights. In particular, leading companies in the security industry have extensive patent portfolios. If we become more successful, we believe that competitors will be more likely to try to develop products that are similar to ours and that may infringe our proprietary rights. It may also be more likely that competitors or third parties will claim that our products infringe their proprietary rights. From time to time, third parties have asserted and may assert their patent, copyright, trademark and other intellectual property rights against us, our channel partners, users or customers, whom our standard license and other agreements obligate us to indemnify against such claims. Successful claims of infringement or
78
misappropriation by a third party could prevent us from distributing certain products or performing certain services or could require us to pay substantial damages (including, for example, treble damages if we are found to have willfully infringed patents and increased statutory damages if we are found to have willfully infringed copyrights), royalties or other fees. Such claims also could require us to cease making, licensing or using solutions that are alleged to infringe or misappropriate the intellectual property of others, or to expend additional development resources to attempt to redesign our products or services or otherwise to develop non-infringing technology; enter into potentially unfavorable royalty or license agreements in order to obtain the right to use necessary technologies or intellectual property rights; and to indemnify our partners or other third parties. Even if third parties may offer a license to their technology, the terms of any offered license may not be acceptable, and the failure to obtain a license or the costs associated with any license could cause our business, results of operations or financial condition to be materially and adversely affected.
Competition
The IT security market in which we operate is characterized by intense competition, constant change and innovation. We believe that none of our competitors offer a fully comprehensive and integrated privileged account security solution; however, we do compete with companies that offer a broad array of IT security products. Our current and potential future competitors include CA, Inc., Dell Inc., International Business Machines Corporation and Oracle Corporation, in the access and identity management market, as well as providers of advanced threat protection solutions such as Hewlett-Packard Company, EMC Corporation, International Business Machines Corporation, FireEye, Inc., Splunk Inc. and Palo Alto Networks, Inc. and other smaller companies that offer products with a more limited range of functionality than our own offerings.
The principal competitive factors in our market include:
| the breadth and completeness of a security solution; |
| reliability and effectiveness in protecting, detecting and responding to cyber attacks; |
| analytics and accountability at an individual user level; |
| ability of customers to achieve and maintain compliance with compliance standards and audit requirements; |
| strength of sale and marketing efforts, including distribution and channel relationships; |
| global reach and customer base; |
| scalability and ease of integration with an organizations existing IT infrastructure and security investments; |
| brand awareness and reputation; |
| innovation and thought leadership; |
| quality of customer support; |
| speed at which a solution can be deployed; and |
| price of a solution and cost of maintenance and professional services. |
We believe we compete favorably with our competitors on the basis of these factors. However, some of our current and potential future competitors may enjoy potential competitive advantages, such as greater name recognition, longer operating history, larger market share, larger existing user base and greater financial, technical and other resources.
79
Properties
Our corporate headquarters are located in Petach Tikva, Israel in an office consisting of approximately 38,320 square feet. The lease for this office expires in December 2016. We recently signed a new lease with our current landlord which will commence in 2017. Our U.S. headquarters are located in Newton, Massachusetts in an office consisting of approximately 21,000 square feet. The lease for this office expires in April 2022 with the option to extend for two successive five-year periods. We maintain additional sales offices in England, France, Germany and Singapore. We believe that our facilities are sufficient to meet our ongoing needs and that if we require additional space to accommodate our growth we will be able to obtain additional facilities on commercially reasonable terms.
Employees
As of December 31, 2014, we had 430 employees and subcontractors with 180 located in Israel, 147 in the United States, 33 in the United Kingdom and approximately 70 across 20 other countries. The following table shows the breakdown of our global workforce of employees and subcontractors by category of activity as of the dates indicated:
Department |
As of December 31, | |||||||||||
2012 | 2013 | 2014 | ||||||||||
Sales and marketing |
100 | 135 | 202 | |||||||||
Research and development |
70 | 95 | 119 | |||||||||
Services and support |
47 | 60 | 76 | |||||||||
General and administrative |
22 | 27 | 33 | |||||||||
|
|
|
|
|
|
|||||||
Total |
239 | 317 | 430 |
With respect to our Israeli employees, Israeli labor laws govern the length of the workday, minimum wages for employees, procedures for hiring and dismissing employees, determination of severance pay, annual leave, sick days, advance notice of termination of employment, equal opportunity and anti-discrimination laws and other conditions of employment. Subject to certain exceptions, Israeli law generally requires severance pay upon the retirement, death or dismissal of an employee, and requires us and our employees to make payments to the National Insurance Institute, which is similar to the U.S. Social Security Administration. Our employees have pension plans that comply with the applicable Israeli legal requirements and we make monthly contributions to severance pay funds for all employees, which cover potential severance pay obligations.
None of our employees work under any collective bargaining agreements. Extension orders issued by the Israeli Ministry of Economy (formerly the Israeli Ministry of Industry, Trade and Labor) apply to us and affect matters such as cost of living adjustments to salaries, length of working hours and week, recuperation pay, travel expenses, and pension rights. We have never experienced labor-related work stoppages or strikes and believe that our relations with our employees are satisfactory.
Legal Proceedings
From time to time, we may be subject to legal proceedings and claims in the ordinary course of business. We are not currently a party to any material litigation. Regardless of the outcome, litigation can have an adverse impact on us because of defense and settlement costs, diversion of management resources and other factors.
80
Executive Officers and Directors
The following table sets forth the name, age and position of each of our executive officers and directors as of the date of this prospectus:
Name |
Age |
Position | ||
Executive Officers |
||||
Ehud (Udi) Mokady |
46 | Chief Executive Officer, President, Founder and Director | ||
Chen Bitan |
45 | General Manager, EMEA & Asia Pacific | ||
Joshua Siegel |
51 | Chief Financial Officer | ||
Ronen (Ron) Zoran |
40 | Vice President, Americas Sales | ||
Nick Baglin |
40 | Vice President, EMEA Sales | ||
Dan Dinnar |
44 | Vice President, Asia Pacific Sales | ||
Roy Adar |
43 | Vice President, Product Management | ||
John Worrall |
55 | Chief Marketing Officer | ||
Directors |
||||
Gadi Tirosh(3)(4) |
48 | Chairman of the Board | ||
David Campbell(1)(3)(4) |
52 | Director | ||
Ron Gutler(1)(2)(3)(4)(5) |
57 | Director | ||
Raphael (Raffi) Kesten(4) |
61 | Director | ||
Kim Perdikou(1)(2)(4)(5) |
57 | Director | ||
David Schaeffer(4) |
58 | Director | ||
Amnon Shoshani(2)(4) |
51 | Director |
(1) | Member of our compensation committee. |
(2) | Member of our audit committee. |
(3) | Member of our nominating and governance committee. |
(4) | Independent director under the rules of the NASDAQ Stock Market. |
(5) | External director under the Companies Law. |
Executive Officers
Ehud (Udi) Mokady is one of our founders, has served as our President and Chief Executive Officer since 2005 and previously served as our Chief Operating Officer from 1999 to 2005. From 1997 to 1999, Mr. Mokady served as general counsel at Tadiran Spectralink Ltd., a producer of secure wireless communication systems. From 1986 to 1989, Mr. Mokady served in a military intelligence unit in the Israel Defense Forces. Mr. Mokady was honored by a panel of independent judges with the New England EY Entrepreneur Of The Year 2014 Award in the Technology Security category. Mr. Mokady holds a Bachelor of Laws (LL.B.) from Hebrew University in Jerusalem, Israel and a Master of Science Management (MSM) from Boston University in Massachusetts.
Chen Bitan has served as our General Manager of EMEA & Asia Pacific since 2005 and as Head of Research & Development since 1999. From March 1998 to April 1999, Mr. Bitan worked as Project Manager for Amdocs Software Ltd., leading the development of billing and customer care systems for telecommunications providers. From 1995 to 1998, he worked for Magic Software Ltd. as Research and Development Group Manager leading the development of their 4GL products for the Asia Pacific market. From 1988 to 1995, Mr. Bitan led the programming education department as Department Manager at the Israel Defense Forces (IDF) Computer Studies Academy (Mamram). Mr. Bitan holds a Bachelor of Science in computer science and political science from Bar-Ilan University in Ramat-Gan, Israel.
Joshua Siegel has served as our Chief Financial Officer since May 2011. Prior to joining CyberArk, Mr. Siegel served as Chief Financial Officer for Voltaire Ltd., a provider of InfiniBand and Ethernet connectivity solutions,
81
from December 2005 to February 2011, and as Director of Finance and then Vice President of Finance from April 2002 to December 2005. Voltaire completed an initial public offering and listing on NASDAQ in 2007 and was acquired by Mellanox Technologies, Ltd. in 2011. From 2000 to 2002, he was Vice President of Finance at KereniX Networks Ltd., a terabit routing and transport system company. From 1995 to 2000, Mr. Siegel served in various positions at Lucent Technologies Networks Ltd. (formerly Lannet Ltd.). From 1990 to 1995, he served in various positions at SLM Corporation (Sallie MaeStudent Loan Marketing Association). Mr. Siegel holds a Bachelor of Arts in economics and a Master of Business Administration (MBA) with a concentration in finance from the University of Michigan in Ann Arbor.
Ronen (Ron) Zoran has served as our Vice President of Americas Sales since January 2015 and has worked at CyberArk since our founding in 1999. Mr. Zoran has held several sales leadership positions at the Company, including Vice President of North America Sales from July 2013 to December 2014, Regional Director and Senior Director of Channels from January 2005 to June 2013, as well as research and development positions, such as R&D Group Manager and Director of Technical Services. From 1993 to 1999, Mr. Zoran served as an Officer and R&D Group Manager at the Technological Computer Center of the Israeli Defense Forces. He holds an MBA from Northeastern University and a Bachelor of Arts in Computer Science from Bar-Ilan University.
Nick Baglin has served as our Vice President of EMEA Sales since May 2012. Prior to joining CyberArk, Mr. Baglin worked for HP Enterprise Security Services, as EMEA General Manager and Global Sales Director from May 2011 to May 2012 and as Global Sales Director from December 2010 to May 2011. From January 2001 to December 2010, he worked for Vistorm Ltd., a provider of information assurance and managed security services, in various positions, including Director of Sales. Mr. Baglin holds a Bachelor of Science from the Manchester Metropolitan University in the United Kingdom.
Dan Dinnar has served as our Vice President of Asia Pacific Sales since August 2005 and was our Director of Sales in the Americas from 2002 to 2005. From 1999 to 2002, Mr. Dinnar served as Director of Sales at ProActivity, Inc., a business process re-engineering company. He holds a Bachelor of Arts in economics and business from the TechnionIsrael Institute of Technology in Haifa, Israel.
Roy Adar has served as our Vice President of Product Management since January 2006. Prior to joining CyberArk, Mr. Adar held the position of Product Manager at NICE Systems Ltd., an Israeli software company, from 2002 through 2005. From 1997 to 2001, he worked at Integrity Systems, Inc., a technology support company, in several roles, including product development group manager and senior IT consultant. Mr. Adar holds an MBA from the Kellogg School of Management at Northwestern University in Illinois and a Bachelor of Arts in computer science from Open University in Tel Aviv, Israel.
John Worrall has served as our Chief Marketing Officer since December 2012. From May 2011 to December 2012, Mr. Worrall served as the Executive Vice President for CounterTack, Inc., a threat detection solutions company. From May 2010 to June 2011, Mr. Worrall was the Chief Marketing Officer for ActivIdentity, a cybersecurity group of HID Global Corporation, an enterprise security company. From January 2010 to April 2010, he carried out independent consulting projects. From November 1997 to August 2008, Mr. Worrall worked in various positions at RSA Security, Inc., including serving as Vice President and General Manager from January 2007 to August 2008, as Senior Vice President in Marketing from October 2005 to December 2006 and as Vice President of Global Marketing from January 2002 to September 2005. Mr. Worrall holds a Bachelor of Arts in economics from St. Lawrence University in New York.
Directors
Gadi Tirosh has served as a member of our board of directors since June 2011 and as chairman of the board since July 2013. Since 2005, Mr. Tirosh has served as Managing Partner at Jerusalem Venture Partners, an Israeli venture capital firm that focuses, among other things, on cyber-security companies and operates the JVP Cyber Labs incubator. From 1999 to 2005, he served as Corporate Vice President of Product Marketing and as a
82
member of the executive committee for NDS Group Ltd. (later acquired by Cisco Systems, Inc.) a provider of end-to-end software solutions to the pay-television industry, including content protection and video security. Mr. Tirosh holds a Bachelor of Science in computer science and mathematics and an Executive MBA from the Hebrew University in Jerusalem, Israel.
David Campbell has served as a member of our board of directors since 2011. Mr. Campbell joined the Goldman Sachs Merchant Banking Division in 2004, where he currently serves as a Managing Director. Prior to this he held senior roles within Goldman Sachs Technology Group, including being elected to Technology Fellow in 2002. Additionally, Mr. Campbell serves on a number of technology company boards, including Applied Predictive Technologies Inc., Applause Inc., AppSense Inc., AvePoint, Inc., BackOffice Associates, LLC, MetricStream Inc., ScienceLogic, Inc. and Spiceworks Inc. Mr. Campbell received a Bachelor of Engineering (Electrical) and a Bachelor of Arts from the University of Queensland in Australia.
Ron Gutler has served as a member of our board of directors since July 2014 and serves as an external director under the Companies Law. From May 2002 through February 2013, Mr. Gutler served as the Chairman of NICE Systems Ltd., a public company specializing in voice recording, data security, and surveillance. Between 2000 and 2011, Mr. Gutler served as the Chairman of G.J.E. 121 Promoting Investment Ltd., a real estate company. Between 2000 and 2002, Mr. Gutler managed the Blue Border Horizon Fund, a global macro fund. Mr. Gutler is a former Managing Director and a Partner of Bankers Trust Company, which is currently part of Deutsche Bank. He also established and headed the Israeli office of Bankers Trust. Mr. Gutler is currently a director of Wix.com Ltd. (NASDAQ: WIX). Mr. Gutler holds a Bachelor of Arts in economics and international relations and an MBA, both from the Hebrew University in Jerusalem.
Raphael (Raffi) Kesten has served as a member of our board of directors since April 2014. Since February 2015, Mr. Kesten has served as Managing Partner at Jerusalem Venture Partners as well as executive adviser to the Chairman and CEO of Cisco Systems, Inc. and to the Service Provider Video Security, Software & Solutions Group at Cisco Systems, Inc. He served as the Vice President of Service Provider Video Security, Software & Solutions Group at Cisco Systems, Inc. from 2012 to 2014. From 2000 to February 2015, Mr. Kesten has served as a Venture Partner for Jerusalem Venture Partners. He served as Senior Vice President and Chief Operating Officer at NDS Group Holdings Ltd. (later acquired by Cisco Systems, Inc.) from 2006 to 2012. From 1996 to 2006, Mr. Kesten worked as Vice President and General Manager of NDS Technologies Israel Limited. From 1991 to 1995, he served as Vice President of Operations and Production of Imaging Products at Indigo N.V. (later acquired by Hewlett-Packard Company). Between the years 1982 to 1991, Mr. Kesten held several engineering and managerial positions with Intel, Inc. Mr. Kesten holds a Bachelor of Science in chemical engineering from Ben-Gurion University of the Negev in Beer-Sheva, Israel and he completed the certificate program in Senior Business Management at the Hebrew University in Jerusalem, Israel.
Kim Perdikou has served as a member of our board of directors since July 2014 and serves as an external director under the Companies Law. Ms. Perdikou served as the Juniper Networks, Inc. board observer on two of Junipers portfolio companies from January 2013 to July 2014. From 2010 to August 2013, Ms. Perdikou served as the Executive Vice President for the Office of the Chief Executive Officer at Juniper Networks, Inc. Before that she served as the Executive Vice President and General Manager of Infrastructure Products Group and as Chief Information Officer at Juniper Networks, Inc. from 2006 to 2010 and from August 2000 to January 2006, respectively. Ms. Perdikou served on the board of directors and audit committee of Lam Research Corporation, a major provider of wafer fabrication equipment and services, from May 2011 to November 2012. Ms. Perdikou served as Chief Information Officer at Women.com from June 1999 to August 2000, and held the position of Vice President, Global Networks, at Readers Digest from March 1992 to April 1998, as well as leadership positions at Knight Ridder from June 1999 to August 2000, and Dun & Bradstreet from August 1989 to March 1992. Ms. Perdikou holds a Bachelor of Science in Computing Science with Operational Research from Paisley University in Paisley, Scotland, a Post-Graduate degree in Education from Jordanhill College in Glasgow, Scotland and a Masters in Information Systems from Pace University in New York.
83
David Schaeffer has served as a member of our board of directors since May 2014. Mr. Schaeffer has served as the Chairman, Chief Executive Officer and President of Cogent Communications, Inc. (NASDAQ: CCOI), an internet service provider based in the United States that is listed on NASDAQ, since he founded the company in August 1999. Mr. Schaeffer was the founder of Pathnet, Inc., a broadband telecommunications provider, where he served as Chief Executive Officer from 1995 until 1997 and as Chairman from 1997 until 1999. Mr. Schaeffer holds a Bachelor of Science in Physics from the University of Maryland.
Amnon Shoshani has served as a member of our board of directors since November 2009. Since February 1995, Mr. Shoshani has served as the Founder and Managing Partner of Cabaret Holdings Ltd. and, since March 1999, he has also served as Managing Partner of Cabaret Security Ltd. and Cabaret Holdings Ltd. and ArbaOne Inc. ventures activities where he had a lead role in managing the groups portfolio companies. From 1994 to April 2005, Mr. Shoshani owned a Tel-Aviv boutique law firm engaged in entrepreneurship, traditional industries and high tech, which he founded. Mr. Shoshani holds an LL.B. from Tel Aviv University in Israel.
Corporate Governance Practices
Under the Companies Law, companies incorporated under the laws of the State of Israel whose shares are publicly traded, including companies with shares listed on the NASDAQ Global Select Market, are considered public companies under Israeli law and are required to comply with various corporate governance requirements under Israeli law relating to matters such as external directors, the audit committee, the compensation committee and an internal auditor. This is the case even if our shares are not listed on a stock exchange in Israel. These requirements are in addition to the corporate governance requirements imposed by the Listing Rules of the NASDAQ Stock Market and other applicable provisions of U.S. securities laws to which we are subject (as a foreign private issuer). Under the Listing Rules of the NASDAQ Stock Market, a foreign private issuer, such as us, may generally follow its home country rules of corporate governance in lieu of the comparable requirements of the Listing Rules of the NASDAQ Stock Market, except for certain matters including (among others) the composition and responsibilities of the audit committee and the independence of its members within the meaning of the rules and regulations of the SEC.
As a foreign private issuer, we are permitted to comply with Israeli corporate governance practices instead of the NASDAQ Listing Rules, provided that we disclose those NASDAQ Listing Rules with which we do not comply and the equivalent Israeli requirements that we follow instead. We currently rely on this foreign private issuer exemption with respect to the quorum requirement for meetings of our shareholders. As permitted under the Companies Law, pursuant to our articles of association, the quorum required for an ordinary meeting of shareholders consists of at least two shareholders present in person or by proxy who hold or represent between them at least 25% of the voting power of our shares (and, with respect to an adjourned meeting, generally one or more shareholders who hold or represent any number of shares), instead of 33 1/3% of the issued share capital provided under the NASDAQ Listing Rules.
Board of Directors
Under the Companies Law, the management of our business is vested in our board of directors. Our board of directors may exercise all powers and may take all actions that are not specifically granted to our shareholders or to management. Our executive officers are responsible for our day-to-day management and have individual responsibilities established by our board of directors. Our Chief Executive Officer is appointed by, and serves at the discretion of our board of directors, subject to the employment agreement that we have entered into with him. All other executive officers are also appointed by our board of directors, and are subject to the terms of any applicable employment agreements that we may enter into with them.
We comply with the rule of the NASDAQ Stock Market that a majority of our directors be independent. Our board of directors has determined that all of our directors, other than our Chief Executive Officer, are independent under such rules. The definition of independent director under NASDAQ rules and external director
84
under the Companies Law overlap to a significant degree such that we would generally expect the two directors serving as external directors to satisfy the requirements to be independent under NASDAQ rules. The definition of external director includes a set of statutory criteria that must be satisfied, including criteria whose aim is to ensure that there be no factor which would impair the ability of the external director to exercise independent judgment. The definition of independent director specifies similar, although less stringent, requirements in addition to the requirement that the board consider any factor which would impair the ability of the independent director to exercise independent judgment. In addition, both external directors and independent directors serve for a period of three years; external directors pursuant to the requirements of the Companies Law and independent directors pursuant to the staggered board provisions of our articles of association. However, external directors must be elected by a special majority of shareholders while independent directors may be elected by an ordinary majority. See External Directors for a description of the requirements under the Companies Law for a director to serve as an external director.
Under our articles of association, our board of directors must consist of at least four and not more than 11 directors, including at least two external directors required to be appointed under the Companies Law. At any time, the minimum number of directors may not fall below four. Our board of directors consists of eight directors, including our two external directors. Other than external directors, for whom special election requirements apply under the Companies Law, as detailed below, our directors are divided into three classes with staggered three-year terms. Each class of directors consists, as nearly as possible, of one-third of the total number of directors constituting the entire board of directors (other than the external directors). At each annual general meeting of our shareholders, the election or re-election of directors following the expiration of the term of office of the directors of that class of directors, is for a term of office that expires on the third annual general meeting following such election or re-election, such that from 2015 and after, on each annual general meeting the term of office of only one class of directors will expire. Each director will hold office until the annual general meeting of our shareholders in which his or her term expires, unless they are removed by a vote of 65% of the total voting power of our shareholders at a general meeting of our shareholders or upon the occurrence of certain events, in accordance with the Companies Law and our articles of association.
Our directors are divided among the three classes as follows:
(i) the Class I directors are Ehud (Udi) Mokady and David Schaeffer, and their terms expire at the annual general meeting of shareholders to be held in 2015 and when their successors are elected and qualified;
(ii) the Class II directors, are Raphael (Raffi) Kesten and Amnon Shoshani, and their terms expire at the first annual general meeting following the annual general meeting referred to in clause (i) above and when their successors are elected and qualified; and
(iii) the Class III directors are Gadi Tirosh and David Campbell, and their terms expire at the first annual general meeting following the annual general meeting referred to in clause (ii) above and when their successors are elected and qualified.
In addition, our articles of association allow our board of directors to appoint directors, create new directorships or fill vacancies on our board of directors up to the maximum number of directors permitted under our articles of association. In case of an appointment by our board of directors to fill a vacancy on our board of directors due to a director no longer serving, the term of office shall be equal to the remaining period of the term of office of the director(s) whose office(s) have been vacated, and in case of a new appointment where the number of directors serving is less than the maximum number stated in our article of association, our board of directors shall determine at the time of appointment the class to which the new director shall be assigned. External directors are elected for an initial term of three years and may be elected for up to two additional three-year terms under the circumstances described below. External directors may be removed from office only under the limited circumstances set forth in the Companies Law. See External Directors below.
Under the Companies Law and our articles of association, nominations for directors may be made by any shareholder(s) holding together at least one percent of our outstanding voting power. However, any such
85
shareholder may make such a nomination only if a written notice of such shareholders intent to make such nomination has been timely and duly given to our Secretary (or, if we have no Secretary, our Chief Executive Officer), as set forth in our articles of association. Any such notice must include certain information regarding the proposing shareholder and the proposed director nominee, the consent of the proposed director nominee(s) to serve as our director(s) if elected and a declaration signed by the proposed director nominee(s) as required by under the Companies Law and that all of the information that is required to be provided to us in connection with such election under the Companies Law and under our articles of association has been provided.
Under the Companies Law, our board of directors must determine the minimum number of directors who are required to have accounting and financial expertise. See External Directors. In determining the number of directors required to have such expertise, a board of directors must consider, among other things, the type and size of the company and the scope and complexity of its operations. Our board of directors has determined that the minimum number of directors of our company who are required to have accounting and financial expertise is one.
External Directors
Under the Companies Law, our board is required to include at least two members who qualify as external directors. Ron Gutler and Kim Perdikou serve as our external directors.
The provisions of the Companies Law set forth special approval requirements for the election of external directors. External directors must be elected by a majority vote of the shares present and voting at a shareholders meeting, provided that either:
| such majority includes at least a majority of the shares held by all shareholders who are non-controlling shareholders and who lack a personal interest in the election of the external director (other than a personal interest not deriving from a relationship with a controlling shareholder) that are voted at the meeting, excluding abstentions, to which we refer as a disinterested majority; or |
| the total number of shares voted by non-controlling, disinterested shareholders (as described in the previous bullet point) against the election of the external director does not exceed 2% of the aggregate voting rights in the company. |
The term controlling shareholder, as used in the Companies Law for purposes of all matters related to external directors and for certain other purposes (such as the requirements related to appointment to the audit committee or compensation committee, as described below), means a shareholder with the ability to direct the activities of the company, other than by virtue of being an office holder. A shareholder is presumed to be a controlling shareholder if the shareholder holds 50% or more of the voting rights in a company or has the right to appoint the majority of the directors of the company or its general manager (chief executive officer).
The initial term of an external director is three years. Thereafter, an external director may be reelected by shareholders to serve in that capacity for up to two additional three-year terms, provided that either:
| his or her service for each such additional term is recommended by one or more shareholders holding at least 1% of the companys voting rights and is approved at a shareholders meeting by a disinterested majority, where the total number of shares held by non-controlling, disinterested shareholders voting for such reelection exceeds 2% of the aggregate voting rights in the company, provided that the external director recommended for reelection is not (i) the recommending shareholder himself or herself or (ii) a significant (5%) shareholder (a) that is himself, herself or itself, (b) that is its controlling shareholder or (c) that is under common control with an entity, that either carries out business with the company or is in competition with the company; or |
| his or her service for each such additional term is recommended by the board of directors and is approved at a shareholders meeting by the same majority required for the initial election of an external director (as described above). |
86
The term of office for external directors for Israeli companies traded on certain foreign stock exchanges, including the NASDAQ Global Select Market, may be extended indefinitely in increments of additional three-year terms, in each case provided that the audit committee and the board of directors of the company confirm that, in light of the external directors expertise and special contribution to the work of the board of directors and its committees, the reelection for such additional period(s) is beneficial to the company, and provided that the external director is reelected subject to the same shareholder vote requirements as if elected for the first time (as described above). Prior to the approval of the reelection of the external director at a general shareholders meeting, the companys shareholders must be informed of the term previously served by him or her and of the reasons why the board of directors and audit committee recommended the extension of his or her term.
External directors may be removed from office by a special general meeting of shareholders called by the board of directors, which approves such dismissal by the same shareholder vote percentage required for their election or by a court, in each case, only under limited circumstances, including ceasing to meet the statutory qualifications for appointment, or violating their duty of loyalty to the company. If an external directorship becomes vacant and there are fewer than two external directors on the board of directors at the time, then the board of directors is required under the Companies Law to call a shareholders meeting as soon as practicable to appoint a replacement external director.
Each committee of the board of directors that exercises the powers of the board of directors must include at least one external director, except that the audit committee and the compensation committee must include all external directors then serving on the board of directors and an external director must serve as the chair thereof. Under the Companies Law, external directors of a company are prohibited from receiving, directly or indirectly, any compensation from the company other than for their services as external directors pursuant to the Companies Law and the regulations promulgated thereunder. Compensation of an external director is determined prior to his or her appointment and may not be changed during his or her term subject to certain exceptions.
The Companies Law provides that a person is not qualified to serve as an external director if (i) the person is a relative of a controlling shareholder of the company, or (ii) if that person or his or her relative, partner, employer, another person to whom he or she was directly or indirectly subordinate, or any entity under the persons control, has or had, during the two years preceding the date of appointment as an external director: (a) any affiliation or other disqualifying relationship with the company, with any person or entity controlling the company or a relative of such person, or with any entity controlled by or under common control with the company; or (b) in the case of a company with no shareholder holding 25% or more of its voting rights, had at the date of appointment as an external director, any affiliation or other disqualifying relationship with a person then serving as chairman of the board or chief executive officer, a holder of 5% or more of the issued share capital or voting power in the company or the most senior financial officer.
The term relative is defined as a spouse, sibling, parent, grandparent or descendant; spouses sibling, parent or descendant; and the spouse of each of the foregoing persons.
The term affiliation and the similar types of disqualifying relationships include (subject to certain exceptions):
| an employment relationship; |
| a business or professional relationship even if not maintained on a regular basis (excluding insignificant relationships); |
| control; and |
| service as an office holder, excluding service as a director in a private company prior to the initial public offering of its shares if such director was appointed as a director of the private company in order to serve as an external director following the initial public offering. |
87
The term office holder is defined under the Companies Law as a general manager, chief business manager, deputy general manager, vice general manager, any other person assuming the responsibilities of any of these positions regardless of that persons title, a director and any other manager directly subordinate to the general manager.
In addition, no person may serve as an external director if that persons position or professional or other activities create, or may create, a conflict of interest with that persons responsibilities as a director or otherwise interfere with that persons ability to serve as an external director or if the person is an employee of the Israel Securities Authority or of an Israeli stock exchange. A person may furthermore not continue to serve as an external director if he or she received direct or indirect compensation from the company including amounts paid pursuant to indemnification and/or exculpation contracts or commitments and insurance coverage for his or her service as an external director, other than as permitted by the Companies Law and the regulations promulgated thereunder.
Following the termination of an external directors service on a board of directors, such former external director and his or her spouse and children may not be provided a direct or indirect benefit by the company, its controlling shareholder or any entity under its controlling shareholders control. This includes engagement as an office holder or director of the company or a company controlled by its controlling shareholder or employment by, or provision of services to, any such company for consideration, either directly or indirectly, including through a corporation controlled by the former external director. This restriction extends for a period of two years with regard to the former external director and his or her spouse or child and for one year with respect to other relatives of the former external director.
If at the time at which an external director is appointed all members of the board of directors who are not controlling shareholders or relatives of controlling shareholders of the company are of the same gender, the external director to be appointed must be of the other gender. A director of one company may not be appointed as an external director of another company if a director of the other company is acting as an external director of the first company at such time.
According to regulations promulgated under the Companies Law, a person may be appointed as an external director only if he or she has professional qualifications or if he or she has accounting and financial expertise (each, as defined below). In addition, at least one of the external directors must be determined by our board of directors to have accounting and financial expertise. However, if at least one of our other directors (i) meets the independence requirements under the Exchange Act, (ii) meets the standards of the Listing Rules of the NASDAQ Stock Market for membership on the audit committee and (iii) has accounting and financial expertise as defined under Companies law, then neither of our external directors is required to possess accounting and financial expertise as long as each possesses the requisite professional qualifications.
A director with accounting and financial expertise is a director who, due to his or her education, experience and skills, possesses an expertise in, and an understanding of, financial and accounting matters and financial statements, such that he or she is able to understand the financial statements of the company and initiate a discussion about the presentation of financial data. A director is deemed to have professional qualifications if he or she has any of (i) an academic degree in economics, business management, accounting, law or public administration, (ii) an academic degree or has completed another form of higher education in the primary field of business of the company or in a field which is relevant to his/her position in the company, or (iii) at least five years of experience serving in one of the following capacities, or at least five years of cumulative experience serving in two or more of the following capacities: (a) a senior business management position in a company with a significant volume of business; (b) a senior position in the companys primary field of business; or (c) a senior position in public administration or service. The board of directors is charged with determining whether a director possesses financial and accounting expertise or professional qualifications.
Our board of directors has determined that each of Ron Gutler and Kim Perdikou possesses accounting expertise, financial expertise and professional qualifications, as defined under the Companies Law.
88
Audit Committee
Our audit committee consists of our two external directors, Ron Gutler (Chairperson) and Kim Perdikou, and Amnon Shoshani.
Israeli Companies Law Requirements
Under the Companies Law, we are required to appoint an audit committee. The audit committee must be comprised of at least three directors, including all of the external directors and one of whom must serve as chairman of the committee. The audit committee may not include the chairman of the board, a controlling shareholder of the company or a relative of a controlling shareholder, a director employed by or providing services on a regular basis to the company, to a controlling shareholder or to an entity controlled by a controlling shareholder or a director who derives most of his or her income from a controlling shareholder.
In addition, under the Companies Law, the audit committee of a publicly traded company must consist of a majority of unaffiliated directors. In general, an unaffiliated director under the Companies Law is defined as either an external director or as a director who meets the following criteria:
| he or she meets the qualifications for being appointed as an external director, except for (i) the requirement that the director be an Israeli resident (which does not apply to companies such as ours whose securities have been offered outside of Israel or are listed outside of Israel) and (ii) the requirement for accounting and financial expertise or professional qualifications; and |
| he or she has not served as a director of the company for a period exceeding nine consecutive years. For this purpose, a break of less than two years in the service shall not be deemed to interrupt the continuation of the service. |
Listing Requirements
Under NASDAQ corporate governance rules, we are required to maintain an audit committee consisting of at least three independent directors, each of whom is financially literate and one of whom has accounting or related financial management expertise.
All members of our audit committee meet the requirements for financial literacy under the applicable rules and regulations of the Securities and Exchange Commission and NASDAQ corporate governance rules. Our board of directors has determined that Ron Gutler and Kim Perdikou are audit committee financial experts as defined by the Securities and Exchange Commission rules and have the requisite financial experience as defined by NASDAQ corporate governance rules.
Each of the members of the audit committee is independent as such term is defined in Rule 10A-3(b)(1) under the Exchange Act of 1934, which is different from the general test for independence of board and committee members.
Audit Committee Role
Our board of directors has an audit committee charter that sets forth the responsibilities of the audit committee consistent with the rules of the SEC and the listing requirements of the NASDAQ Stock Market, as well as the requirements for such committee under the Companies Law, including the following:
| oversight of our independent registered public accounting firm and recommending the engagement, compensation or termination of engagement of our independent registered public accounting firm to the board of directors in accordance with Israeli law; |
| recommending the engagement or termination of the person filling the office of our internal auditor; and |
89
| recommending the terms of audit and non-audit services provided by the independent registered public accounting firm for pre-approval by our board of directors. |
Our audit committee provides assistance to our board of directors in fulfilling its legal and fiduciary obligations in matters involving our accounting, auditing, financial reporting, internal control and legal compliance functions by pre-approving the services performed by our independent accountants and reviewing their reports regarding our accounting practices and systems of internal control over financial reporting. Our audit committee also oversees the audit efforts of our independent accountants and takes those actions that it deems necessary to satisfy itself that the accountants are independent of management.
Under the Companies Law, our audit committee is responsible for:
| determining whether there are deficiencies in the business management practices of our company, including in consultation with our internal auditor or the independent auditor, and making recommendations to the board of directors to improve such practices; |
| determining whether to approve certain related party transactions (including transactions in which an office holder has a personal interest and whether such transaction is material or extraordinary under the Companies Law) (see Approval of Related Party Transactions under Israeli Law); |
| determining standards and policies for determining whether a transaction with a controlling shareholder or a transaction in which a controlling shareholder has a personal interest is deemed extraordinary and the approval requirements for transactions that are not extraordinary but also not insignificant (including, potentially, the approval of the audit committee); |
| where the board of directors approves the working plan of the internal auditor, to examine such working plan before its submission to the board of directors and proposing amendments thereto; |
| examining our internal controls and internal auditors performance, including whether the internal auditor has sufficient resources and tools to dispose of its responsibilities; |
| examining the scope of our auditors work and compensation and submitting a recommendation with respect thereto to our board of directors or shareholders, depending on which of them is considering the appointment of our auditor; and |
| establishing procedures for the handling of employees complaints as to the deficiencies in the management of our business and the protection to be provided to such employees. |
Our audit committee may not approve any actions requiring its approval (see Approval of Related Party Transactions under Israeli Law), unless at the time of the approval a majority of the committees members are present, which majority consists of unaffiliated directors including at least one external director.
Compensation Committee
Our compensation committee consists of Kim Perdikou (Chairperson), David Campbell and Ron Gutler.
Israeli Companies Law Requirements
Under the Companies Law, the board of directors of a public company must appoint a compensation committee. The compensation committee must be comprised of at least three directors, including all of the external directors, who must constitute a majority of the members of, and include the chairman of, the compensation committee. However, subject to certain exceptions, Israeli companies whose securities are traded on stock exchanges such as NASDAQ, and who do not have a controlling shareholder, do not have to meet this majority requirement; provided, however, that the compensation committee meets other Companies Law composition requirements, as well as the requirements of the jurisdiction where the companys securities are
90
traded. Each compensation committee member who is not an external director must be a director whose compensation does not exceed an amount that may be paid to an external director. The compensation committee is subject to the same Companies Law restrictions as the audit committee as to who may not be a member of the committee.
The duties of the compensation committee include the recommendation to the companys board of directors of a policy regarding the terms of engagement of office holders, to which we refer as a compensation policy. That policy must be adopted by the companys board of directors, after considering the recommendations of the compensation committee, and must be brought for approval by the companys shareholders within nine months following a company becoming a public company, which approval requires a Special Approval for Compensation (as defined below under Approval of Related Party Transactions under Israeli LawFiduciary Duties of Directors and Executive Officers).
The compensation policy must serve as the basis for decisions concerning the financial terms of employment or engagement of office holders, including exculpation, insurance, indemnification or any monetary payment, obligation of payment or other benefit in respect of employment or engagement. The compensation policy must relate to certain factors, including advancement of the companys objectives, the companys business plan and its long-term strategy, and creation of appropriate incentives for office holders. It must also consider, among other things, the companys risk management, size and the nature of its operations. The compensation policy must include certain principles, such as: a link between variable compensation and long-term performance and measurable criteria; the relationship between variable and fixed compensation; and the minimum holding or vesting period for variable, equity-based compensation.
The compensation committee is responsible for (a) recommending the compensation policy to a companys board of directors for its approval (and subsequent approval by our shareholders) and (b) duties related to the compensation policy and to the compensation of a companys office holders as well as functions previously fulfilled by a companys audit committee with respect to matters related to approval of the terms of engagement of office holders, including:
| recommending whether a compensation policy should continue in effect, if the then-current policy has a term of greater than three years (approval of either a new compensation policy or the continuation of an existing compensation policy must in any case occur every three years); |
| recommending to the board of directors periodic updates to the compensation policy; |
| assessing implementation of the compensation policy; |
| determining whether the compensation terms of the chief executive officer of the company need not be brought to the shareholders for approval; |
| approving compensation terms of executive officers, directors and employees affiliated with controlling shareholders (as such term is specifically defined in the relevant section of the Companies Law, as described in below under Approval of Related Party Transactions under Israeli Law); and |
| exempting certain compensation arrangements from the requirement to obtain shareholder approval under the Companies Law. |
In keeping with the foregoing requirements, following the recommendation of our compensation committee, on November 12, 2014 and December 18, 2014, our board of directors and shareholders, respectively, approved our compensation policy.
Listing Requirements
Under NASDAQ corporate governance rules, we are required to maintain a compensation committee consisting of at least two independent directors. Each of the members of the compensation committee is required
91
to be independent under NASDAQ rules relating to compensation committee members, which are different from the general test for independence of board and committee members. Each of the members of our compensation committee satisfies those requirements.
Compensation Committee Role
Our board of directors has a compensation committee charter that sets forth the responsibilities of the committee, which include:
| the responsibilities set forth in the compensation policy; |
| reviewing and approving the granting of options and other incentive awards to the extent such authority is delegated by our board of directors; and |
| reviewing, evaluating and making recommendations regarding the compensation and benefits for our non-employee directors. |
Nominating and Governance Committee
Our nominating and governance committee consists of Gadi Tirosh (Chairperson), David Campbell and Ron Gutler. Our board of directors has a nominating and governance committee charter that sets forth the responsibilities of the nominating and governance committee, which include:
| overseeing and assisting our board in reviewing and recommending nominees for election as directors; |
| assessing the performance of the members of our board; and |
| establishing and maintaining effective corporate governance policies and practices, including, but not limited to, developing and recommending to our board a set of corporate governance guidelines applicable to our company. |
Disclosure of Compensation of Executive Officers
For so long as we qualify as a foreign private issuer, we are not required to comply with the proxy rules applicable to U.S. domestic companies, including the requirement applicable to emerging growth companies to disclose the compensation of our Chief Executive Officer and other two most highly compensated executive officers on an individual, rather than an aggregate, basis. Nevertheless, a recent amendment to the Companies Law requires that we disclose the annual compensation of our five most highly compensated office holders (as defined under the Companies Law) on an individual basis, rather than on an aggregate basis, as was previously permitted for Israeli public companies listed overseas. Under the Companies Law regulations, this disclosure is required to be included in the annual proxy statement for our annual meeting of shareholders each year, which we will furnish to the SEC under cover of a Report of Foreign Private Issuer on Form 6-K. Because of that disclosure requirement under Israeli law, we are also including such information in this prospectus below under Compensation of Officers and Directors, pursuant to the disclosure requirements of Form F-1.
Compensation of Directors
Under the Companies Law, compensation of directors requires the approval of a companys compensation committee, the subsequent approval of the board of directors and, unless exempted under the regulations promulgated under the Companies Law, the approval of the shareholders at a general meeting. Where the director is also a controlling shareholder, the requirements for approval of transactions with controlling shareholders apply, as described below under Disclosure of Personal Interests of a Controlling Shareholder and Approval of Certain Transactions.
The directors are also entitled to be paid reasonable travel, hotel and other expenses expended by them in attending board meetings and performing their functions as directors of the company, all of which is to be determined by the board of directors.
92
External directors are entitled to remuneration subject to the provisions and limitations set forth in the regulations promulgated under the Companies Law.
For additional information, see Compensation of Officers and Directors.
Internal Auditor
Under the Companies Law, the board of directors of an Israeli public company must appoint an internal auditor recommended by the audit committee. An internal auditor may not be:
| a person (or a relative of a person) who holds more than 5% of the companys outstanding shares or voting rights; |
| a person (or a relative of a person) who has the power to appoint a director or the general manager of the company; |
| an office holder (including a director) of the company (or a relative thereof); or |
| a member of the companys independent accounting firm, or anyone on his or her behalf. |
The role of the internal auditor is to examine, among other things, our compliance with applicable law and orderly business procedures. The audit committee is required to oversee the activities and to assess the performance of the internal auditor as well as to review the internal auditors work plan. Chaikin, Cohen, Rubin & Co. serve as our internal auditor.
Approval of Related Party Transactions Under Israeli Law
Fiduciary Duties of Directors and Executive Officers
The Companies Law codifies the fiduciary duties that office holders owe to a company. Each person listed in the table under ManagementExecutive Officers and Directors is an office holder under the Companies Law.
An office holders fiduciary duties consist of a duty of care and a duty of loyalty. The duty of care requires an office holder to act with the level of care with which a reasonable office holder in the same position would have acted under the same circumstances. The duty of loyalty requires that an office holder act in good faith and in the best interests of the company.
The duty of care includes a duty to use reasonable means to obtain:
| information on the advisability of a given action brought for his or her approval or performed by virtue of his or her position; and |
| all other important information pertaining to any such action. |
The duty of loyalty includes a duty to:
| refrain from any conflict of interest between the performance of his or her duties to the company and his or her duties or personal affairs; |
| refrain from exploiting any business opportunity of the company in order to receive a personal gain for himself or herself or others; and |
| disclose to the company any information or documents relating to the companys affairs which the office holder received as a result of his or her position as an office holder. |
93
Disclosure of Personal Interests of an Office Holder and Approval of Certain Transactions
The Companies Law requires that an office holder promptly disclose to the board of directors any personal interest that he or she may be aware of and all related material information or documents concerning any existing or proposed transaction with the company. An interested office holders disclosure must be made promptly and in any event no later than the first meeting of the board of directors at which the transaction is considered. A personal interest includes an interest of any person in an act or transaction of a company, including a personal interest of such persons relative or of a corporate body in which such person or a relative of such person is a 5% or greater shareholder, director or general manager or in which he or she has the right to appoint at least one director or the general manager, but excluding a personal interest stemming from ones ownership of shares in the company. A personal interest furthermore includes the personal interest of a person for whom the office holder holds a voting proxy or the personal interest of the office holder with respect to his or her vote on behalf of a person for whom he or she holds a proxy even if such shareholder has no personal interest in the matter. An office holder is not, however, obliged to disclose a personal interest if it derives solely from the personal interest of his or her relative in a transaction that is not considered an extraordinary transaction. Under the Companies Law, an extraordinary transaction is defined as any of the following:
| a transaction other than in the ordinary course of business; |
| a transaction that is not on market terms; or |
| a transaction that may have a material impact on a companys profitability, assets or liabilities. |
If it is determined that an office holder has a personal interest in a transaction, approval by the board of directors is required for the transaction, unless the companys articles of association provide for a different method of approval. Further, so long as an office holder has disclosed his or her personal interest in a transaction, the board of directors may approve an action by the office holder that would otherwise be deemed a breach of duty of loyalty. However, a company may not approve a transaction or action that is not in the best interests of the company or that is not performed by the office holder in good faith. An extraordinary transaction in which an office holder has a personal interest requires approval first by the companys audit committee and subsequently by the board of directors. The compensation of, or an undertaking to indemnify or insure, an office holder who is not a director requires approval first by the companys compensation committee, then by the companys board of directors, and, if such compensation arrangement or an undertaking to indemnify or insure is inconsistent with the companys stated compensation policy or if the office holder is the Chief Executive Officer (apart from a number of specific exceptions), then such arrangement is subject to the approval of a majority vote of the shares present and voting at a shareholders meeting, provided that either: (a) such majority includes at least a majority of the shares held by all shareholders who are not controlling shareholders (as defined in Disclosure of Personal Interests of Controlling Shareholders and Approval of Certain Transactions below) and do not have a personal interest in such compensation arrangement; or (b) the total number of shares of non-controlling shareholders who do not have a personal interest in the compensation arrangement and who vote against the arrangement does not exceed 2% of the companys aggregate voting rights. We refer to this as the Special Approval for Compensation. Arrangements regarding the compensation, indemnification or insurance of a director require the approval of the compensation committee, board of directors and shareholders by ordinary majority, in that order, and under certain circumstances, a Special Approval for Compensation.
Generally, a person who has a personal interest in a matter which is considered at a meeting of the board of directors or the audit committee may not be present at such a meeting or vote on that matter unless the chairman of the relevant committee or board of directors (as applicable) determines that he or she should be present in order to present the transaction that is subject to approval. If a majority of the members of the audit committee or the board of directors (as applicable) has a personal interest in the approval of a transaction, then all directors may participate in discussions of the audit committee or the board of directors (as applicable) on such transaction and the voting on approval thereof, but shareholder approval is also required for such transaction.
94
Disclosure of Personal Interests of Controlling Shareholders and Approval of Certain Transactions
Pursuant to the Companies Law, the disclosure requirements regarding personal interests that apply to directors and executive officers also apply to a controlling shareholder of a public company. The Companies Law provides a broader definition of a controlling shareholder solely with respect to the provisions pertaining to related party transactions. For such purposes, a controlling shareholder is a shareholder that has the ability to direct the activities of a company, including by holding 50% or more of the voting rights in a company or by having the right to appoint the majority of the directors of the company or its general manager (chief executive officer), and furthermore, by holding 25% or more of the voting rights if no other shareholder holds more than 50% of the voting rights. For this purpose, the holdings of all shareholders who have a personal interest in the same transaction will be aggregated.
An extraordinary transaction between a public company and a controlling shareholder, or in which a controlling shareholder has a personal interest, and the terms of any compensation arrangement of a controlling shareholder who is an office holder or his relative, require the approval of a companys audit committee (or compensation committee with respect to compensation arrangements), board of directors and shareholders, in that order. In addition, the shareholder approval must fulfill one of the following requirements:
| at least a majority of the shares held by all shareholders who do not have a personal interest in the transaction and who are present and voting at the meeting approves the transaction, excluding abstentions; or |
| the shares voted against the transaction by shareholders who have no personal interest in the transaction and who are present and voting at the meeting do not exceed 2% of the voting rights in the company. |
To the extent that any such transaction with a controlling shareholder is for a period extending beyond three years, approval is required once every three years, unless, with respect to certain transactions, the audit committee determines that the duration of the transaction is reasonable given the circumstances related thereto.
Arrangements regarding the compensation, indemnification or insurance of a controlling shareholder in his or her capacity as an office holder require the approval of the compensation committee, board of directors and shareholders, in that order, by a Special Majority and the terms thereof may not be inconsistent with the companys stated compensation policy.
Pursuant to regulations promulgated under the Companies Law, certain transactions with a controlling shareholder or his or her relative, or with directors, that would otherwise require approval of a companys shareholders may be exempt from shareholder approval upon certain determinations of the audit committee and board of directors. Under these regulations, a shareholder holding at least 1% of the issued share capital of the company may require, within 14 days of the publication of such determinations, that despite such determinations by the audit committee and the board of directors, such transaction will require shareholder approval under the same majority requirements that would otherwise apply to such transactions.
Shareholder Duties
Pursuant to the Companies Law, a shareholder has a duty to act in good faith and in a customary manner toward the company and other shareholders and to refrain from abusing his or her power in the company, including, among other things, in voting at a general meeting and at shareholder class meetings with respect to the following matters:
| an amendment to the companys articles of association; |
| an increase of the companys authorized share capital; |
| a merger; or |
| the approval of related party transactions and acts of office holders that require shareholder approval. |
95
In addition, a shareholder also has a general duty to refrain from discriminating against other shareholders.
In addition, certain shareholders have a duty of fairness toward the company. These shareholders include any controlling shareholder, any shareholder who knows that he or she has the power to determine the outcome of a shareholder vote and any shareholder who has the power to appoint or to prevent the appointment of an office holder of the company or other power towards the company. The Companies Law does not define the substance of the duty of fairness, except to state that the remedies generally available upon a breach of contract will also apply in the event of a breach of the duty to act with fairness.
Exculpation, Insurance and Indemnification of Directors and Officers
Under the Companies Law, a company may not exculpate an office holder from liability for a breach of the duty of loyalty. An Israeli company may exculpate an office holder in advance from liability to the company, in whole or in part, for damages caused to the company as a result of a breach of duty of care but only if a provision authorizing such exculpation is included in its articles of association. Our articles of association include such a provision. The company may not exculpate in advance a director from liability arising out of a prohibited dividend or distribution to shareholders.
Under the Companies Law, a company may indemnify an office holder in respect of the following liabilities and expenses incurred for acts performed by him or her as an office holder, either pursuant to an undertaking made in advance of an event or following an event, provided its articles of association include a provision authorizing such indemnification:
| financial liability imposed on him or her in favor of another person pursuant to a judgment, including a settlement or arbitrators award approved by a court. However, if an undertaking to indemnify an office holder with respect to such liability is provided in advance, then such an undertaking must be limited to events which, in the opinion of the board of directors, can be foreseen based on the companys activities when the undertaking to indemnify is given, and to an amount or according to criteria determined by the board of directors as reasonable under the circumstances, and such undertaking shall detail the abovementioned foreseen events and amount or criteria; |
| reasonable litigation expenses, including attorneys fees, incurred by the office holder (1) as a result of an investigation or proceeding instituted against him or her by an authority authorized to conduct such investigation or proceeding, provided that (i) no indictment was filed against such office holder as a result of such investigation or proceeding; and (ii) no financial liability was imposed upon him or her as a substitute for the criminal proceeding as a result of such investigation or proceeding or, if such financial liability was imposed, it was imposed with respect to an offense that does not require proof of criminal intent; and (2) in connection with a monetary sanction; and |
| reasonable litigation expenses, including attorneys fees, incurred by the office holder or imposed by a court in proceedings instituted against him or her by the company, on its behalf, or by a third party, or in connection with criminal proceedings in which the office holder was acquitted, or as a result of a conviction for an offense that does not require proof of criminal intent. |
Under the Companies Law, a company may insure an office holder against the following liabilities incurred for acts performed by him or her as an office holder if and to the extent provided in the companys articles of association:
| a breach of the duty of loyalty to the company, provided that the office holder acted in good faith and had a reasonable basis to believe that the act would not harm the company; |
| a breach of duty of care to the company or to a third party, to the extent such a breach arises out of the negligent conduct of the office holder; and |
| a financial liability imposed on the office holder in favor of a third party. |
96
Under the Companies Law, a company may not indemnify, exculpate or insure an office holder against any of the following:
| a breach of the duty of loyalty, except for indemnification and insurance for a breach of the duty of loyalty to the company to the extent that the office holder acted in good faith and had a reasonable basis to believe that the act would not prejudice the company; |
| a breach of duty of care committed intentionally or recklessly, excluding a breach arising out of the negligent conduct of the office holder; |
| an act or omission committed with intent to derive illegal personal benefit; or |
| a civil or criminal fine or forfeit levied against the office holder. |
Under the Companies Law, exculpation, indemnification and insurance of office holders in a public company must be approved by the compensation committee and the board of directors and, with respect to certain office holders or under certain circumstances, also by the shareholders. See Approval of Related Party Transactions under Israeli law.
We have entered into indemnification agreements with our office holders to exculpate, indemnify and insure our office holders to the fullest extent permitted or to be permitted by our articles of association and applicable law (including without limitation), the Companies Law, the Israeli Securities Law, 5728-1968 and the Israeli Restrictive Trade Practices Law, 5758-1988.
We have obtained directors and officers liability insurance for the benefit of our office holders and intend to continue to maintain such coverage and pay all premiums thereunder to the fullest extent permitted by the Companies Law.
Code of Business Conduct and Ethics
We have adopted a code of ethics and business conduct applicable to our executive officers, directors and all other employees. A copy of the code is delivered to every employee of CyberArk Software Ltd. and all of its subsidiaries, and is available to investors and others on our website at http://investors.cyberark.com or by contacting our investor relations department. Any waivers of this code for executive officers or directors will be disclosed through the filing of a Form 6-K or on our website. We have also implemented a training program for employees concerning the code of ethics and business conduct.
Compensation of Officers and Directors
The aggregate compensation expensed, including share-based compensation and other compensation expensed by us and our subsidiaries, to our directors and executive officers with respect to the year ended December 31, 2014 was $5.1 million. This amount includes approximately $0.7 million set aside or accrued to provide pension, severance, retirement, or similar benefits.
The table below sets forth the compensation paid to our five most highly compensated senior office holders (as defined in the Companies Law and described under Board PracticesExternal Directors below) during or with respect to the year ended December 31, 2014, in the disclosure format of Regulation 21 of the Israeli Securities Regulations (Periodic and Immediate Reports), 1970. We refer to the five individuals for whom disclosure is provided herein as our Covered Executives.
For purposes of the table and the summary below, and in accordance with the above mentioned securities regulations, compensation includes base salary, bonuses, equity-based compensation, retirement or termination payments, benefits and perquisites such as car, phone and social benefits and any undertaking to provide such compensation.
97
Summary Compensation Table
Information Regarding the Covered Executive(1) |
||||||||||||||||||||
Name and Principal Position(2) | Base Salary |
Benefits and Perquisites(3) |
Variable Compensation(4) |
Equity-Based Compensation(5) |
Total | |||||||||||||||
Ehud (Udi) Mokady, President & CEO |
$ | 300,000 | $ | 200,789 | $ | 600,000 | $ | 212,691 | $ | 1,313,480 | ||||||||||
Nick Baglin, Vice President Sales, EMEA |
214,240 | 75,604 | 267,499 | 20,490 | 577,833 | |||||||||||||||
Joshua Siegel, Chief Financial Officer |
203,616 | 111,878 | 184,307 | 73,874 | 573,675 | |||||||||||||||
John Worrall, Chief Marketing Officer |
220,000 | 53,054 | 189,194 | 14,771 | 477,019 | |||||||||||||||
Ronen (Ron) Zoran, Vice President Sales, Americas(6) |
167,000 | 52,544 | 217,580 | 9,604 | 446,728 |
(1) | All amounts reported in the table are in terms of cost to our company, as recorded in our financial statements. |
(2) | All current executive officers listed in the table are full-time employees. Cash compensation amounts denominated in currencies other than the U.S. dollar were converted into U.S. dollars at the average conversion rate for the year ended December 31, 2014. |
(3) | Amounts reported in this column include benefits and perquisites, including those mandated by applicable law. Such benefits and perquisites may include, to the extent applicable to each executive, payments, contributions and/or allocations for savings funds, pension, severance, vacation, car or car allowance, medical insurances and benefits, risk insurances (e.g., life, disability, accident), convalescence pay, payments for social security, tax gross-up payments and other benefits and perquisites consistent with our guidelines. |
(4) | Amounts reported in this column refer to Variable Compensation such as commission, incentive and bonus payments as recorded in our financial statements for the year ended December 31, 2014. |
(5) | Amounts reported in this column represent the expense recorded in our financial statements for the year ended December 31, 2014 with respect to equity-based compensation. Assumptions and key variables used in the calculation of such amounts are described in paragraph d of Note 7 to our audited consolidated financial statements, which are included in this prospectus. |
(6) | Throughout the year ended December 31, 2014, Mr. Zoran held the position of Vice President Sales, North America but is currently serving as our Vice President Sales, Americas. |
Employment Agreements with Executive Officers
We have entered into written employment agreements with all of our executive officers. Most of these agreements contain provisions regarding non-competition and all of these agreements contain provisions regarding confidentiality of information and ownership of inventions. The non-competition provision applies for a period that is generally 12 months following termination of employment. The enforceability of covenants not to compete in Israel and the United States is subject to limitations. In addition, we are required to provide one to six months notice prior to terminating the employment of our executive officers, other than in the case of a termination for cause.
Directors Service Contracts
Other than with respect to our directors that are also executive officers, there are no arrangements or understandings between us, on the one hand, and any of our directors, on the other hand, providing for benefits upon termination of their service as directors of our company, except that directors are permitted to exercise vested options for one year following the termination of their service.
98
Equity Incentive Plans
2014 Share Incentive Plan
Effective Date and Shares Reserved. On June 10, 2014, our board of directors adopted the 2014 Share Incentive Plan, or the 2014 SIP, and the 2014 SIP became effective. Our shareholders approved the 2014 SIP on July 10, 2014. The 2014 SIP generally allows for the grant of options, restricted shares, restricted share units and other share-based awards to our employees, directors, officers, consultants, advisors and any other person providing services to us or our affiliates. The 2014 SIP is intended to enable us to issue awards under varying tax regimes, including Section 102 and Section 3(9) awards pursuant to the Israeli Income Tax Ordinance and incentive stock options within the meaning of Section 422 of the U.S. Internal Revenue Code. The maximum aggregate number of shares that may be issued pursuant to awards under this 2014 SIP is the sum of (a) 422,000 shares plus (b) on January 1 of each calendar year during the term of the 2014 SIP subsequent to its adoption a number of shares equal to the lesser of: (i) an amount determined by our board of directors, if so determined prior to the January 1 of the calendar year in which the increase will occur, (ii) 2% of the total number of shares outstanding on December 31 of the immediately preceding calendar year, and (iii) 2,000,000 shares. Additionally, any share underlying an award that is cancelled or terminated or forfeited for any reason without having been exercised will automatically be available for grant under the 2014 SIP. As of December 31, 2014, 286,360 options to purchase ordinary shares were outstanding under the 2014 SIP and 184,261 shares were reserved for future grant under the 2014 SIP.
Plan Administration. Either our board or a committee established by our board administers the 2014 SIP, and such administrator will have full authority in its discretion to determine (i) eligible grantees, (ii) grants of awards and setting the terms and provisions of award agreements (which need not be identical) and any other agreements or instruments under which awards are made, including, but not limited to, the number of shares underlying each award and the class of shares underlying each award (if more than one class was designated by our board of directors), (iii) the time or times at which awards shall be granted, (iv) the terms, conditions and restrictions applicable to each award (which need not be identical) and any shares acquired upon the exercise or (if applicable) vesting thereof, (v) to accelerate, continue, extend or defer the exercisability of any award or the vesting thereof, including with respect to the period following a grantees termination of employment or other service, (vi) the interpretation of the 2014 SIP and any award agreement and the meaning, interpretation and applicability of terms referred to in applicable laws, (vii) policies, guidelines, rules and regulations relating to and for carrying out the 2014 SIP, and any amendment, supplement or rescission thereof, as it may deem appropriate, (viii) to adopt supplements to, or alternative versions of, the 2014 SIP, including, without limitation, as it deems necessary or desirable to comply with the laws of, or to accommodate the tax regime or custom of, foreign jurisdictions whose citizens or residents may be granted awards, (ix) the fair market value of the shares or other property, (x) the tax track (capital gains, ordinary income track or any other track available under the Section 102 of the Ordinance) for the purpose of Section 102 to the Israeli Income Tax Ordinance, (xi) the authorization and approval of conversion, substitution, cancellation or suspension under and in accordance with the 2014 SIP of any or all awards or shares, (xii) the amendment, modification, waiver or supplement of the terms of each outstanding award (with the consent of the applicable grantee, if such amendments refers to the increase of the exercise price of awards or reduction of the number of shared underlying an award (but, in each case, other than as a result of an adjustment or exercise of rights in accordance with the provisions of the 2014 SIP described under Adjustment Provisions below)) unless otherwise provided under the terms of the 2014 SIP, (xiii) without limiting the generality of the foregoing, and subject to the provisions of applicable law, to grant to a grantee who is the holder of an outstanding award, in exchange for the cancellation of such award, a new award having an exercise price lower than that provided in the award so canceled and containing such other terms and conditions as the committee may prescribe in accordance with the provisions of the 2014 SIP or to set a new exercise price for the same award lower than that previously provided in the award, (xiv) to correct any defect, supply any omission or reconcile any inconsistency in the 2014 SIP or any award agreement and all other determinations and take such other actions with respect to the 2014 SIP or any award as it may deem advisable to the extent not inconsistent with the provisions of the 2014 SIP or applicable law, (xv) to designate any of our officers or other persons to manage the day to day administration of the awards granted under the 2014 SIP or
99
authorize any of them to act on behalf of the committee with respect to any matter, right, obligation, determination or election which is the responsibility of or which is allocated to the committee herein, (xvi) to determine that awards, shares issuable upon the exercise or (if applicable) vesting of awards and/or any securities issued or distributed with respect thereto, shall be allocated or issued to, or held by, the representative in trust for the benefit of the grantees; and (xvii) any other matter which is necessary or desirable for, or incidental to, the administration of the 2014 SIP and any award thereunder. The board and the committee need not take the same action or determination with respect to all awards, with respect to certain types of awards, with respect to all service providers or any certain type of service providers and actions and determinations may differ as among the grantees, and as between the grantees and any other holders of our securities. The board may, at any time, suspend, terminate, modify, or amend the 2014 SIP, whether retroactively or prospectively.
Types and Terms and Conditions of Awards. The committee may grant awards intended to qualify as an incentive stock option, non-qualified stock option, Section 102 award, Section 3(9) award, or other designations under other regimes. The 2014 SIP generally requires that incentive stock options have an exercise price that is not less than 100% of the fair market value of a share underlying such options or 110% in case of an employee who at the time of the grant owns shares possessing more than 10% of the total combined voting power of all classes of our shares or of any parent or subsidiary of the company on the date of grant of such options or such other price as may be determined pursuant to the Code. The exercise price of any other awards granted will be determined by the committee. Unless otherwise stated in the applicable award agreement, awards under the 2014 SIP will vest and become exercisable as follows: 25% of the shares covered by the awards will vest on the first anniversary of the vesting commencement date, and 6.25% of the shares covered by the award will vest at the end of each subsequent three-month period over the course of the following three years; provided that the grantee remains continuously as our or our affiliates service provider throughout such vesting dates. The exercise period of an award will be ten years from the date of grant of the award unless otherwise determined by the committee, but subject to the vesting and the early termination provisions, provided that the period of an incentive stock option granted to an employee who at the time of the grant owns shares possessing more than 10% of the total combined voting power of all classes of our shares or of any parent or subsidiary of the company, shall not exceed five years from the date of grant. Except as described below, an award generally may not be exercised unless the grantee is then in our employ or service and unless the grantee has remained continuously so employed since the date of grant of the award and throughout the vesting dates. In the event that the employment or service of a grantee terminates (other than by reason of death, disability or retirement), all awards of such grantee that are unvested at the time of such termination shall terminate on the date of such termination, and all awards of such grantee that are vested and exercisable at the time of such termination may, unless earlier terminated in accordance with their terms, be exercised within up to three months after the date of such termination (or such different period as the committee will prescribe), but in any event no later than the date of expiration of the awards term as set forth in the award agreement or pursuant to this 2014 SIP. In the event of a grantees death during employment or service or within three months following such grantees termination, or in the event of a grantees termination due to disability, all of the grantees vested awards may be exercised at any time within one year after such death or disability. In the event of a grantees retirement, all of the grantees vested awards, unless earlier terminated in accordance with their terms, may be exercised at any time within the three month period following such retirement.
If we (or our affiliate, when applicable) terminate the grantees employment or service for cause (as defined in the 2014 SIP), or if at any time during the exercise period (whether prior to and after termination of employment or service, and whether or not the grantees employment or service is terminated by either party as a result thereof), facts or circumstances arise or are discovered with respect to the grantee that would have constituted cause, all awards theretofore granted to such grantee (whether vested or not) shall, to the extent not theretofore exercised, terminate on the date of such termination (or on such subsequent date on which such facts or circumstances arise or are discovered, as the case may be) unless otherwise determined by the committee.
Section 102 of the Israeli Income Tax Ordinance allows employees, directors and officers of an Israeli company, who are not controlling shareholders, to receive favorable tax treatment for compensation in the form
100
of shares or other awards. Section 102 of the Israeli Income Tax Ordinance includes two alternatives for tax treatment involving the issuance of awards to a trustee for the benefit of the grantees and also includes an additional alternative for the issuance of awards directly to the grantee. Section 102(b)(2) of the Israeli Income Tax Ordinance, the most favorable tax treatment for grantees, permits the issuance to a trustee under the capital gain track. In order to comply with the terms of the capital gain track, all awards granted under a specific plan and subject to the provisions of Section 102 of the Israeli Income Tax Ordinance, as well as the shares issued upon exercise of such awards and any rights granted thereunder, including bonus shares, must be registered in the name of a trustee selected by the board and held in trust for the benefit of the relevant grantee for the requisite period prescribed by the Ordinance or such longer period as set by the committee. The trustee may release these awards or shares to the holders thereof after the expiration of the required statutory holding period, provided that the trustee has received an acknowledgment from the Israeli Income Tax Authority that the grantee paid all applicable taxes, or the trustee and/or us and/or our affiliate withholds all applicable taxes and compulsory payments due. Our non-employee service providers and controlling shareholders may only be granted options under Section 3(9) of the Israeli Income Tax Ordinance, which does not provide for similar tax benefits.
The committee may grant restricted shares under the 2014 SIP. The award agreement for any restricted shares granted will provide the vesting schedule and purchase price, if any, for the restricted shares. If a grantees employment or services to the company or any affiliate thereof shall terminates for any reason prior to the vesting of such grantees restricted shares, any shares that remain subject to vesting will be forfeited by such grantee.
The committee may grant restricted share units, or RSUs, under the 2014 SIP, which is an award covering a number of shares that is settled, if vested, by issuance of those shares. No payment of exercise price (subject to applicable law and the terms of the award agreement) will be required as consideration for RSUs.
The committee may grant other awards under the 2014 SIP, including shares (which may, but need not, be restricted shares), cash, a combination of cash and shares, awards denominated in share units, share appreciation rights, and/or the opportunity to purchase our shares in connection with any public offerings of our securities.
Adjustment Provisions. In the event of a division or subdivision of our outstanding share capital, any distribution of bonus shares (stock split), consolidation or combination of our share capital (reverse stock split), reclassification with respect to our shares or any similar recapitalization events, a merger (including, a reverse merger and a reverse triangular merger), consolidation, amalgamation or like transaction of us with or into another corporation, reorganization (which may include a combination or exchange of shares, spin-off or other corporate divestiture or division, or other similar occurrences, the committee shall have the authority to make, without the need for a consent of any holder of an award, such adjustments as determined by the committee to be appropriate, in its discretion, in order to adjust (i) the number and class of shares reserved and available for grants of awards, (ii) the number and class of shares covered by outstanding awards, (iii) the exercise price per share covered by any award, (iv) the terms and conditions concerning vesting and exercisability and the term and duration of the outstanding awards, and (v) any other terms of the award that in the opinion of the committee should be adjusted.
In the event of (i) a sale of all or substantially all of our assets, or a sale (including an exchange) of all or substantially all of our shares, to any person, or a purchase by any of our shareholders or by an affiliate of such shareholder, of all or substantially all of our shares held by all or substantially all other shareholders or by other shareholders who are not affiliated with such acquiring party; (ii) a merger (including, a reverse merger and a reverse triangular merger), consolidation, amalgamation or like transaction of us with or into another corporation; (iii) a scheme of arrangement for the purpose of effecting such sale, merger, consolidation, amalgamation or other transaction; (iv) Change in Board Event, which means any time at which individuals who, as of the effective date of the 2014 SIP, constitute the board (the Incumbent Board) cease for any reason to constitute at least a majority of the board; provided, however, that any individual becoming a director subsequent to the effective date of the 2014 SIP whose election, or nomination for election by our shareholders, was approved by a
101
vote of at least a majority of the directors then comprising the Incumbent Board shall be considered as though such individual were a member of the Incumbent Board, but excluding, for this purpose, any such individual whose initial assumption of office occurs as a result of an actual or threatened election contest with respect to the election or removal of directors or other actual or threatened solicitation of proxies or consents by or on behalf of a person other than the board; (v) approval by our shareholders of a complete liquidation or dissolution of the company, or (vi) such other transaction or set of circumstances that is determined by the board (being the Incumbent Board in case of a Change in Board Event), in its discretion, to be a transaction subject to these provisions of the 2014 SIP; excluding any of the above transactions in clauses (i) through (v) if the board (being the Incumbent Board in case of a Change in Board Event) determines that such transaction should be excluded from the definition hereof and the applicability of this provision of the 2014 SIP (any of such transactions, a Change in Control), any award then outstanding will be assumed or will be substituted by us or by the successor corporation in such Change in Control or by any affiliate thereof, as determined by the committee in its discretion, under terms as determined by the committee or the terms of the 2014 SIP applied by the successor corporation to such assumed or substituted award, unless otherwise determined by the sole and absolute discretion of the Committee. Regardless of whether or not awards are assumed or substituted the committee may (but will not be obligated to), in its sole discretion: (1) provide for grantees to have the right to exercise their awards or otherwise for the acceleration of vesting of award in respect of all or part of the shares covered by the awards which would not otherwise be exercisable or vested, under such terms and conditions as the committee will determine, including the cancellation of all unexercised awards (whether vested or unvested) upon or immediately prior to the closing of the Change in Control; and/or (2) provide for the cancellation of each outstanding and unexercised award at or immediately prior to the closing of the Change in Control, and payment to the grantees of an amount in cash, our shares, the acquirer or of a corporation or other business entity which is a party to the Change in Control or other property, as determined by the committee to be fair in the circumstances, and subject to such terms and conditions as determined by the committee. Notwithstanding the foregoing, in the event of Change in Control, the committee may determine, in its sole discretion, that upon completion of such Change in Control, the terms of any award be otherwise amended, modified or terminated, as the committee deems in good faith to be appropriate.
Miscellaneous Provisions. Awards under the 2014 SIP are not transferable other than by will or by the laws of descent and distribution or to a grantees designated beneficiary, unless, in the case of awards other than incentive stock options, otherwise determined by our committee or under the 2014 SIP, and generally expire ten years following the grant date. Awards may be granted pursuant to the 2014 SIP from time to time within a period of ten years from the effective date of the 2014 SIP, which period may be extended from time to time by our board.
2011 Share Incentive Plan
Effective Date and Shares Reserved. On July 14, 2011, our board of directors adopted, and on December 20, 2011 our shareholders approved, the 2011 Share Incentive Plan, or the 2011 SIP. The 2011 SIP generally allows for the grant of options, restricted shares and other share-based awards to our employees, directors, officers, consultants, advisors and any other person whose services are considered valuable to us or our affiliates. The 2011 SIP is intended to enable us to issue awards under varying tax regimes, including Section 102 and Section 3(i) awards pursuant to the Israeli Income Tax Ordinance and incentive stock options within the meaning of Section 422 of the U.S. Internal Revenue Code. The 2011 SIP provides that the number of shares reserved for the grant of awards under the 2011 SIP will be such number as may be reserved for such purposes by the board from time to time. Any share underlying an award that is cancelled or terminated or forfeited for any reason without having been exercised will automatically be available for grant under the 2011 SIP. As of December 31, 2014, a total of 2,420,104 options to purchase ordinary shares remained outstanding under the 2011 SIP.
Plan Administration. Either our board or a committee established by our board administers the 2011 SIP, and such administrator will determine (i) eligible grantees, (ii) the grant of awards and the terms and provisions of any award agreements, including the number of shares underlying each award, (iii) the time or times at which
102
awards will be granted, (iv) the schedule and conditions on which awards may be exercised, (v) the exercise price of options granted under the 2011 SIP, (vi) the interpretation of the 2011 SIP, (vii) how or whether to prescribe, amend and rescind rules and regulations relating to and for carrying out the 2011 SIP, (viii) the fair market value of our shares, (ix) the tax track (capital gains, ordinary income track or any other track available for the purpose of Section 102 awards), and (x) any other matter which is necessary or desirable for, or incidental to, the administration of the 2011 SIP or any award thereunder. The board may, at any time, suspend, terminate, modify, or amend the 2011 SIP, whether retroactively or prospectively, however an amendment which requires shareholder approval in order for the 2011 SIP to continue to comply with any applicable law will not be effective unless approved by the requisite vote of shareholders, and no suspension, termination, modification or amendment of the 2011 SIP may adversely affect any award previously granted, without the written consent of the grantees holding a majority of the awards so affected.
Types and Terms and Conditions of Awards. The committee may grant options to purchase our ordinary shares under the 2011 SIP. Each option will be designated in the applicable award agreement as an incentive stock option, non-qualified stock option, Section 102 award (with such designation to include the relevant tax track), Section 3(i) award, or other designations under other regimes. The 2011 SIP generally requires that incentive stock options have an exercise price that is not less than 100% of the fair market value of the shares underlying such options on the grant date. The exercise price of any other options granted will be determined by the committee, though in no event will the exercise price be less than the par value of the shares underlying an option. Unless otherwise stated in the applicable award agreement, options under the 2011 SIP will vest and become exercisable as follows: 25% of the shares covered by an option will vest on the first anniversary of the date on which such option was granted, provided that the grantee remains continuously employed by or in the service of us or any subsidiary or affiliate of ours for that one year, and 6.25% of the shares covered by the option will vest at the end of each subsequent quarter over the course of the following three years, subject to continued employment by or service to us or any subsidiary or affiliate of ours. The exercise period of an option will be 10 years from the date of grant of the option unless otherwise determined by the committee, provided that the period of an Incentive Stock Option granted to a party who at the time of the grant owns shares possessing more than 10% of the total combined voting power of all classes of our shares or of any parent or subsidiary of the company, shall not exceed 5 years from the date of grant. An option generally may not be exercised unless the grantee is then in our employ or service. In the event that the employment or service of a grantee terminates (other than by reason of death, disability or retirement), all options of such grantee that are vested and exercisable at the time of such termination may, unless earlier terminated in accordance with their terms, be exercised within up to 90 days after the date of such termination (or such different period as the committee will prescribe); however if we terminate the grantees employment or service for cause (as defined in the 2011 SIP), all options granted to such grantee (whether vested or not) will terminate on the date of such termination unless otherwise determined by the committee. In the event of a grantees death during employment or service or within three months following such grantees termination, or in the event of a grantees termination due to disability, all of the grantees vested options may be exercised at any time within one year after such death or disability. In the event of a grantees retirement, all of the grantees vested options may be exercised at any time within the three month period following such retirement.
Section 102 of the Israeli Income Tax Ordinance allows employees, directors and officers of an Israeli company, who are not controlling shareholders, to receive favorable tax treatment for compensation in the form of shares or options. Section 102 of the Israeli Income Tax Ordinance includes two alternatives for tax treatment involving the issuance of options or shares to a trustee for the benefit of the grantees and also includes an additional alternative for the issuance of options or shares directly to the grantee. Section 102(b)(2) of the Israeli Income Tax Ordinance, the most favorable tax treatment for grantees, permits the issuance to a trustee under the capital gain track. In order to comply with the terms of the capital gain track, all options granted under a specific plan and subject to the provisions of Section 102 of the Israeli Income Tax Ordinance, as well as the shares issued upon exercise of such options and other shares received subsequently following any realization of rights with respect to such options, such as share dividends and share splits, must be registered in the name of a trustee selected by the board of directors and held in trust for the benefit of the relevant grantee. The trustee may
103
not release these options or shares to the holders thereof before the second anniversary of the issuance and deposit of the options with the trustee. However, under such track, we are not allowed to deduct an expense with respect to the issuance of the options or shares.
The 2011 SIP provides that options granted to employees, directors and officers of our Israeli companies who are not controlling shareholders are intended to qualify for special tax treatment under the capital gain track provisions of Section 102(b)(2) of the Israeli Income Tax Ordinance. Our non-employee service providers and controlling shareholders may only be granted options under Section 3(i) of the Israeli Income Tax Ordinance, which does not provide for similar tax benefits.
The committee may grant restricted shares under the 2011 SIP. The award agreement for any restricted shares granted will provide the vesting schedule and purchase price, if any, for the restricted shares. If a grantees employment terminates for any reason prior to the vesting of such grantees restricted shares, any shares that remain subject to vesting will be forfeited by such grantee.
The committee may grant restricted share units, or RSUs, under the 2011 SIP, which are an award covering a number of shares that is settled by issuance of those shares. No payment of cash (other than par value of the shares) will be required as consideration for RSUs, and the RSUS may or may not be subject to vesting.
The committee may grant other awards under the 2011 SIP including shares (which may, but need not, be restricted shares), cash, a combination of cash and shares, awards denominated in share units, share appreciation rights, and/or the opportunity to purchase our shares in connection with any public offerings of our securities.
Adjustment Provisions. In the event of a subdivision of our outstanding share capital, any payment of a share dividend (distribution of bonus shares), a recapitalization, a reorganization (which may include a combination or exchange of shares), a consolidation, a share split, a reverse share split, a spin-off or other corporate divestiture or division, a reclassification or other similar occurrence, the committee will make such adjustments as it deems appropriate in order to adjust (i) the number of shares available for grants of awards, (ii) the number of shares covered by outstanding awards, and (iii) the exercise price per share covered by any award.
In the event of (i) a sale of all or substantially all of our assets; or (ii) a sale (including an exchange) of all or substantially all of our shares, or an acquisition by our shareholder (or our shareholders affiliate) of all of our shares held by other shareholders or by other shareholders who are not affiliated with such acquiring party; (iii) a merger, consolidation, amalgamation or like transaction of us with or into another corporation; (iv) a scheme of arrangement for the purpose of effecting such sale, merger or amalgamation; or (v) such other transaction or set of circumstances that is determined by the committee, in its discretion, to be a transaction having a similar effect then, unless otherwise determined by the committee in its sole discretion, any award then outstanding will be assumed or an equivalent award will be substituted by such successor corporation under substantially the same terms as such award. In the event that the awards are not assumed or substituted by an equivalent award, then the committee may (but will not be obligated to), (x) provide for grantees to have the right to exercise their awards or otherwise for the acceleration of vesting of such awards, as to all or part of the shares, including shares covered by the awards which would not otherwise be exercisable or vested, under such terms and conditions as the committee will determine, including the cancellation of all unexercised awards upon closing of the transaction; and/or (y) provide for the cancellation of each outstanding award at the closing of such transaction, and payment to the grantees of an amount in cash as determined by the committee to be fair in the circumstances, and subject to such terms and conditions as determined by the committee. Notwithstanding the foregoing, in the event of such transaction, the committee may determine, in its sole discretion, that upon completion of such transaction, the terms of any award be otherwise amended, modified or terminated, as the committee deems in good faith to be appropriate, and if an option, that the option will confer the right to purchase or receive any other security or asset, or any combination thereof, or that its terms be otherwise amended, modified or terminated.
Miscellaneous Provisions. Awards under the 2011 SIP are not transferable other than by will or by the laws of descent and distribution, unless otherwise determined by the board or under the 2011 SIP, and generally expire
104
ten years following the grant date. The 2011 SIP will terminate on the tenth anniversary of the effective date, other than with respect to those awards outstanding under the 2011 SIP at the time of such termination.
2001 Stock Option Plan and 2001 Section 102 Stock Option Plan
Effective Date and Shares Reserved. On March 27, 2001, our board of directors adopted, and on March 22, 2002 our shareholders approved, the 2001 Stock Option Plan, or the 2001 SOP, and the 2001 Section 102 Stock Option Plan, as amended March 5, 2003, or the 2001 Section 102 SOP. The 2001 SOP and the 2001 Section 102 SOP generally allow for the grant of options to our employees, officers, directors, consultants and advisors of us or our affiliates. If an option granted under the 2001 SOP expires or terminates for any reason without having been exercised in full, the unpurchased shares subject to such option will be available for subsequent grants under the 2011 SIP. In the event an employees rights under the 2001 Section 102 SOP do not vest in any options, such options may be reissued under the 2011 SIP. As of December 31, 2014, a total of 1,886,260 shares remained outstanding under the 2001 SOP and the 2001 Section 102 SOP.
Plan Administration. The 2001 SOP and the 2001 Section 102 SOP are administered by a committee appointed by the board. The committee has full and maximum authority in its discretion to grant, or recommend to the board, as applicable, the employees to whom options will be granted, to determine or recommend the number of shares to be covered by each option, the time at which each option shall be granted, the terms and conditions of option agreements, the purchase price of each share subject to an option, the term during which each option may be exercised, and to authorize the share allotment pursuant to the exercise of each option. The board may at any time amend, alter, suspend or terminate the 2001 SOP in any respect, except that if at any time the approval of our shareholders of the company is required under the federal tax code, the board may not effect such modification or amendment without such approval. The termination or any modification or amendment of the 2001 SOP will not, without the consent of a grantee, affect his or her rights under an option previously granted to him or her. With the consent of the affected grantee, the board or the committee may amend outstanding option agreements in a manner not inconsistent with the 2001 SOP. The board may, at any time, amend, alter, suspend or terminate the 2001 Section 102 SOP, provided, however, that any such action will not adversely affect any options granted under the 2001 Section 102 SOP.
Types and Terms and Conditions of Awards.
The 2001 SOP provides for the grant of incentive stock options and non-qualified stock options. The terms of such options (including vesting provisions and the treatment of such options upon a grantees termination of employment or service or death or disability) are generally set forth in the applicable award agreement, however an incentive stock option may be exercised for at least three months following the cessation of a grantees employment (or for one year following a cessation due to the grantees death or disability). The 2001 SOP generally requires that incentive stock options have an exercise price that is not less than 100% of the fair market value of the shares underling such option on the grant date. The exercise period of an option is set forth in the applicable option agreement, but will not be more than ten years from the date of grant of the option, in the case of an incentive stock option.
Under the 2001 Section 102 SOP, the committee may grant options only to employees, officers and directors. Each option agreement states the tax track (capitals gains, income tax track with a trustee or income tax track without a trustee) as elected by us. The exercise price of any option and the times at which options may be exercised in whole or in part is determined by the board or committee and is set forth in the applicable option agreement. No exercise of options by a single grantee, however, will be made for an aggregate exercise price of less than $1,000, unless the exercise is of all of such grantees options that are vested as of the date of exercise. Generally, the term of any option may not be for more than ten years from the date of grant of the option. Pursuant to a May 30, 2013 board resolution, however, it was resolved to extend the respective term of the options that were granted by us to certain employees of us and our U.K. subsidiary from ten years to 15 years, subject to obtaining a ruling or tax determination from the Israeli Tax Authorities with respect to such options
105
granted under Section 102 of the Income Tax Ordinance. As a result, the term of the applicable non-Section 102 options were extended, while the terms of the applicable Section 102 options were extended subject to the ruling, which has since been obtained. Each option agreement specifies the extent to which an option may be exercised if we terminate the grantees employment or other relationship with us or our parent or any subsidiary, or in the event of the death or disability of the grantee. If a grantee dies while employed by us, his or her estate, personal representative or beneficiary has the right to exercise the total number of shares in the option to which the grantee would have been entitled to exercise at the date of his death as set forth in the applicable option agreement.
Adjustment Provisions. If, through or as a result of any merger, consolidation, sale of all or substantially all of our assets, reorganization, recapitalization, reclassification, share dividend, share split, reverse share split or other similar transaction, (i) the number of outstanding shares are increased, decreased or exchanged for a different number or kind of our shares or other securities, or (ii) additional shares or new or different shares or other securities of ours or other non-cash assets are distributed with respect to such shares or other securities, an appropriate and proportionate adjustment will be made in (x) the maximum number and kind of shares reserved for issuance under the 2001 SOP and/or under the 2001 Section 102 SOP, (y) the number and kind of shares or other securities subject to any then outstanding options under the 2001 SOP and/or under the 2001 Section 102 SOP, and (z) the exercise price for each share subject to any then outstanding options under the 2001 SOP and/or under the 2001 Section 102 SOP, without changing the aggregate purchase price as to which such options remain exercisable.
Upon the occurrence of an acquisition event (i.e., (a) any merger or consolidation which results in our voting securities immediately prior thereto representing immediately thereafter less than 50% of the combined voting power of our voting securities or such surviving or acquiring entity outstanding immediately after such merger or consolidation, (b) any sale of all or substantially all of our assets, or (c) our complete liquidation), the board will take any one or more of the following actions with respect of the then outstanding options: (i) provide that such options shall be assumed, or equivalent options will be substituted, by the acquiring or succeeding corporation (or an affiliate thereof), (ii) upon written notice to the grantees, provide that all the then unexercised options will become exercisable in full as of a specified time prior to the acquisition event and will terminate immediately prior to the consummation of such acquisition event, (iii) in the event of a merger under the terms of which holders of our outstanding ordinary shares will receive upon consummation thereof a cash payment for each share surrendered in the merger, make or provide for a cash payment to the grantees equal to the difference between (A) the merger price times the number of ordinary shares subject to such outstanding options and (B) the aggregate exercise price of all such outstanding options in exchange for the termination of such options, or (iv) upon written notice to the grantees, provide that all the then vested and unvested outstanding options will terminate immediately prior to the consummation of such acquisition event, and to the extent the vested options will have not been exercised prior to the acquisition event, all such options will become null and void at the consummation of such acquisition event.
Miscellaneous Provisions. Awards under the 2001 SOP and 2001 Section 102 SOP are generally not transferable other than by will or by the laws of descent and distribution, unless otherwise determined by the board. Only the grantee may exercise options granted under the 2001 Section 102 SOP during his or her lifetime. The 2001 SO